2009. 09. 22 º¸¾È Ãë¾àÁ¡ ÆÐÄ¡
| Zeroboard 4
Posted at 2009/09/22 17:22

2009. 09. 22.


³»¿ë : _zb_path, dir º¯¼ö¿¡ ´ëÇØ À¥½© ¾øÀÌ Á÷Á¢ ¼­¹ö³» ÆÄÀÏÀ» ½ÇÇà ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ ¹ß»ý


º¸°í : Çѱ¹ ÀÎÅÍ³Ý ÁøÈï¿ø (http://www.kisa.or.kr)


´ë»ó : Á¦·Îº¸µå4 ¸ðµç ¹öÀü


ºñ°í : php5.2 À̻󿡼­¸¸ ¹ß»ýÇÏ´Â Ãë¾àÁ¡°ú php ¹öÀü »ó°ü¾øÀÌ ¹ß»ýÇÏ´Â Ãë¾àÁ¡


Ãë¾àÁ¡ º¸¿Ï


  1. ÆÐÄ¡ ÆÄÀÏ Àû¿ë : ÷ºÎµÈ patch.2009.09.22.zip ÆÄÀÏÀÇ ¾ÐÃàÀ» Ç®°í µ¤¾î¾²±â
  2. ÆÐÄ¡ Àû¿ë : ÷ºÎµÈ zb4.20090922.patch ÆÄÀÏÀÇ patch ¸í·É¾î¸¦ ÀÌ¿ëÇÑ Àû¿ë
  3. Á÷Á¢ ¼öÁ¤
    1. ´ë»ó ÆÄÀÏ
      1. _head.php
      2. outlogin.php
      3. skin/zero_vote/ask_password.php
      4. skin/zero_vote/error.php
      5. skin/zero_vote/login.php
    2. ¼öÁ¤ ³»¿ë
      1. _head.php, outlogin.php
        [¼öÁ¤Àü]
        if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)) $_zb_path ="./"; 
        [¼öÁ¤ÈÄ]
        if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";
      2. skin/zero_vote/ ÆÄÀϵé
        [¼öÁ¤Àü]
        if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)) $dir ="./";
        [¼öÁ¤ÈÄ]
        if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)) $dir ="./";

ÀÌ Ãë¾àÁ¡Àº ¸Å¿ì À§ÇèÇÑ Ãë¾àÁ¡À¸·Î ²À ÆÐÄ¡¸¦ ÇØÁÖ¼¼¿ä.
±×¸®°í °¡´ÉÇÏ´Ù¸é Á¦·Îº¸µå4¸¦ XpressEngine ¶Ç´Â ´Ù¸¥ ÇÁ·Î±×·¥À¸·Î ÀüȯÇÏ´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.

´Ã Ãë¾àÁ¡°ú ÇØ°á ¹æ¹ýÀ» ¾Ë·ÁÁֽô Çѱ¹ ÀÎÅÍ³Ý ÁøÈï¿ø(http://www.kisa.or.kr) ¿¡ °¨»çµå¸³´Ï´Ù.
 ´ñ±Û ³²±â±â