커맨드 인젝션 취약점(16-418 419) 수정

gnuboard · Jun 24, 2016 · 0cbbd99 · 0cbbd99
1 parent 354c993
commit 0cbbd99
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/plugin/okname/hpcert.config.php b/plugin/okname/hpcert.config.php
@@ -33,6 +33,8 @@
     $clientDomain = $_SERVER['SERVER_NAME'];
 unset($p);
 
+$clientDomain = escapeshellarg($clientDomain);
+
 
 $rsv1 = '0';                                        // 예약 항목
 $rsv2 = '0';                                        // 예약 항목
@@ -78,5 +80,5 @@
 // ########################################################################
 // # 리턴 URL 설정
 // ########################################################################
-$returnUrl = G5_OKNAME_URL.'/hpcert2.php';          // 본인인증 완료후 리턴될 URL (도메인 포함 full path)
+$returnUrl = escapeshellarg(G5_OKNAME_URL.'/hpcert2.php');          // 본인인증 완료후 리턴될 URL (도메인 포함 full path)
 ?>