KVE-2019-0556, 0566 취약점 수정

gnuboard · Mar 19, 2019 · 2edb3a8 · 2edb3a8
1 parent e9bb97b
commit 2edb3a8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 16 deletions.
diff --git a/adm/board_form.php b/adm/board_form.php
@@ -918,7 +918,7 @@
          <tr>
             <th scope="row"><label for="bo_insert_content">글쓰기 기본 내용</label></th>
             <td>
-                <textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo $board['bo_insert_content'] ?></textarea>
+                <textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo html_purifier($board['bo_insert_content']); ?></textarea>
             </td>
             <td class="td_grpset">
                 <input type="checkbox" name="chk_grp_insert_content" value="1" id="chk_grp_insert_content">

diff --git a/bbs/write.php b/bbs/write.php
@@ -362,7 +362,7 @@
 
 $content = '';
 if ($w == '') {
-    $content = $board['bo_insert_content'];
+    $content = html_purifier($board['bo_insert_content']);
 } else if ($w == 'r') {
     if (!strstr($write['wr_option'], 'html')) {
         $content = "\n\n\n &gt; "

diff --git a/common.php b/common.php
@@ -29,20 +29,22 @@
 
 function g5_path()
 {
-    $chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
-    $result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
-    $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
-    $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
-    $pattern = '/' . preg_quote($document_root, '/') . '/i';
-    $root = preg_replace($pattern, '', $result['path']);
-    $port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
-    $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
-    $user = str_replace(preg_replace($pattern, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
-    $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
-    if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
-        $host = preg_replace('/:[0-9]+$/', '', $host);
-    $host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
-    $result['url'] = $http.$host.$port.$user.$root;
+    $chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__))); 
+    $result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__)); 
+    $server_script_name = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_NAME'])); 
+    $server_script_filename = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME'])); 
+    $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $server_script_name); 
+    $document_root = str_replace($tilde_remove, '', $server_script_filename); 
+    $pattern = '/' . preg_quote($document_root, '/') . '/i'; 
+    $root = preg_replace($pattern, '', $result['path']); 
+    $port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT']; 
+    $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://'; 
+    $user = str_replace(preg_replace($pattern, '', $server_script_filename), '', $server_script_name); 
+    $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; 
+    if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host)) 
+        $host = preg_replace('/:[0-9]+$/', '', $host); 
+    $host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host); 
+    $result['url'] = $http.$host.$port.$user.$root; 
     return $result;
 }