Ãë¾àÁ¡ ¾È³»
ÀÏÀÚ : 2009. 09. 22
³»¿ë : _zb_path, dir º¯¼ö¿¡ ´ëÇØ À¥½© ¾øÀÌ Á÷Á¢ ¼¹ö³» ÆÄÀÏÀ» ½ÇÇà ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ ¹ß»ýº¸°í : Çѱ¹ ÀÎÅÍ³Ý ÁøÈï¿ø (
http://www.kisa.or.kr)
´ë»ó : Á¦·Îº¸µå4 ¸ðµç ¹öÀü
ºñ°í : php5.2 À̻󿡼¸¸ ¹ß»ýÇÏ´Â Ãë¾àÁ¡°ú php ¹öÀü »ó°ü¾øÀÌ ¹ß»ýÇÏ´Â Ãë¾àÁ¡
Ãë¾àÁ¡ º¸¿Ï
ÆÐÄ¡ ÆÄÀÏ Àû¿ë : ÷ºÎµÈ patch.2009.02.22.zip ÆÄÀÏÀÇ ¾ÐÃàÀ» Ç®°í µ¤¾î¾²±â
ÆÐÄ¡ Àû¿ë : ÷ºÎµÈ zb4.20090922.patch ÆÄÀÏÀÇ patch ¸í·É¾î¸¦ ÀÌ¿ëÇÑ Àû¿ë
Á÷Á¢ ¼öÁ¤
´ë»ó ÆÄÀÏ
_head.php
skin/zero_vote/ask_password.php
skin/zero_vote/error.php
skin/zero_vote/login.php
skin/zero_vote/setup.php
¼öÁ¤ ³»¿ë
_head.php
[¼öÁ¤Àü]
if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)) $_zb_path ="./";
[¼öÁ¤ÈÄ]
if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";
skin/zero_vote/ ÆÄÀϵé
[¼öÁ¤Àü]
if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)) $dir ="./";
[¼öÁ¤ÈÄ]
if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)) $dir ="./";
ÀÌ Ãë¾àÁ¡Àº ¸Å¿ì À§ÇèÇÑ Ãë¾àÁ¡À¸·Î ²À ÆÐÄ¡¸¦ ÇØÁÖ¼¼¿ä.
±×¸®°í °¡´ÉÇÏ´Ù¸é Á¦·Îº¸µå4¸¦ XpressEngine ¶Ç´Â ´Ù¸¥ ÇÁ·Î±×·¥À¸·Î ÀüȯÇÏ´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.
´Ã Ãë¾àÁ¡°ú ÇØ°á ¹æ¹ýÀ» ¾Ë·ÁÁֽô Çѱ¹ ÀÎÅÍ³Ý ÁøÈï¿ø(
http://www.kisa.or.kr) ¿¡ °¨»çµå¸³´Ï´Ù.
¼öÁ¤ÈÄ ¸ÞÀÎÆäÀÌÁö°¡ ¹éÁö·Î ¶ã°æ¿ì
$_zb_path ="./"; ¸¦ ÀÚ±âÀÇ Àý´ë °æ·Î·Î ¹Ù²ã ÁÖ¸é µÊ