KVE-2019-0082 원격취약점 다시 수정

gnuboard · Mar 19, 2019 · bf778a3 · bf778a3
1 parent 4f6bbdf
commit bf778a3
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/adm/shop_admin/itemeventformupdate.php b/adm/shop_admin/itemeventformupdate.php
@@ -19,8 +19,8 @@
 if ($ev_himg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
 if ($ev_timg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
 
-$ev_skin = preg_replace('#\.+/#', '', $ev_skin);
-$ev_mobile_skin = preg_replace('#\.+/#', '', $ev_mobile_skin);
+$ev_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_skin);
+$ev_mobile_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_mobile_skin);
 
 $skin_regex_patten = "^list.[0-9]+\.skin\.php";
 

diff --git a/mobile/shop/event.php b/mobile/shop/event.php
@@ -31,7 +31,7 @@
     $order_by = 'b.it_order, b.it_id desc';
 
 if ($skin) {
-    $skin = preg_replace('#\.+/#', '', $skin);
+    $skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
     $ev['ev_skin'] = $skin;
 }
 

diff --git a/shop/event.php b/shop/event.php
@@ -43,7 +43,7 @@
     $order_by = 'b.it_order, b.it_id desc';
 
 if ($skin) {
-    $skin = preg_replace('#\.+/#', '', $skin);
+    $skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
     $ev['ev_skin'] = $skin;
 }