[웹드로우] 영카트5 보안업데이트 5.1.3

페이지 정보

조회 3,803회 작성일 2015-10-26 11:26 URL https://webdraw.kr/notice/393

본문

** 수정내역 ** 

 

게시글 본문 내 object 태그를 이용한 XSS 취약점을 수정했습니다. (한국인터넷진흥원 박종원님이 알려주셨습니다.) 

 

 

https://github.com/gnuboard/youngcart5/commit/a8ca1edcd191e87ab0e501435b523973dc977044 

https://github.com/gnuboard/youngcart5/commit/deb468975de35dbf3d43d11ecde7a4e7db696a9f 

https://github.com/gnuboard/youngcart5/commit/1bf8190518481535321dcc1b2060fc8918879b4b 

https://github.com/gnuboard/youngcart5/commit/523ecbfacd0dbbb3837db1d85c6ce935e796366f 

https://github.com/gnuboard/youngcart5/commit/4ea7031a42b28abe28f2f058ee3931973ed9b097 

https://github.com/gnuboard/youngcart5/commit/3bb33a09c8414428ec3c6aaf300bb473e9b7ac17 

 

 

f298383 5.1.3 버전변경 

db1d1d2 5.1.4 버전변경 

M      config.php 

70441a8 로그인 화면의 누락된 부분 추가 

M      theme/basic/mobile/skin/member/basic/login.skin.php 

fdb4219 Merge branch 'g5' 

6a2cbbe 누락된 닫음태그 추가 

M      plugin/sns/view.sns.skin.php 

b3800de Merge branch 'g5' 

7d132fd post 값 필터링 코드 위치 변경 

M      bbs/register_form_update.php 

4f18060 Merge branch 'g5' 

0b66b11 htmlpurifier 4.7 버전 적용 

M      plugin/htmlpurifier/HTMLPurifier.standalone.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt. 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.tx 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.D 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.t 

A      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predi 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Remov 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Remov 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithou 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions. 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt 

A      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragme 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSync 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.t 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacter 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstruc 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.tx 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Es 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Sc 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Ti 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.tx 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.t 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.tx 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.t 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt 

M      plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-test.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php 

M      plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php 

8566183 XSS취약점관련 object 태그 허용설정 변경 

M      lib/common.lib.php 


MENU