파일 업로드 취약점 수정

gnuboard · Dec 18, 2017 · 1e41f6a · 1e41f6a
1 parent 875a326
commit 1e41f6a
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/lib/common.lib.php b/lib/common.lib.php
@@ -2952,9 +2952,13 @@ function replace_filename($name)
     @session_start();
     $ss_id = session_id();
     $usec = get_microtime();
-    $ext = array_pop(explode('.', $name));
+    $file_path = pathinfo($name);
+    $ext = $file_path['extension'];
+    $return_filename = sha1($ss_id.$_SERVER['REMOTE_ADDR'].$usec); 
+    if( $ext )
+        $return_filename .= '.'.$ext;
 
-    return sha1($ss_id.$_SERVER['REMOTE_ADDR'].$usec).'.'.$ext;
+    return $return_filename;
 }
 
 // 아이코드 사용자정보