[보안패치] 영카트5.2.9.7
5.3 버전에 대한 보안패치는 여러 작업이 맞물려 있어서 늦어질수 있습니다.
** 수정내역 **
그누보드 XSS 취약점 (17-876, 17-879) 수정 ( KISA 에서 알려주셨습니다. )
그누보드4 import 코드 수정
php 7.2 버전에서 오류 나는 코드 수정
htmlpurifier 4.9.3 버전의 변경
가비아 호스팅에서 설치시 에러 문제 수정
php 잘못된 숏태그 수정
그누보드4 가져오기 코드에 게시판 모바일 설정 추가 적용
최신글 캐시 파일 삭제 취약점 수정
php 7.2 에서 오류나는 부분 수정
영카트CSS 취약점(17-880) 수정 ( KISA 에서 알려주셨습니다. )
스팸글댓글 유입을 줄이려고 링크에 nofollow 추가함 ( 구글 검색팀 에서 알려주셨습니다. )
5.2.9.7 버전변경
https://github.com/gnuboard/youngcart5/commit/a12c97cf5ff6fc39f1ab3ec25872a05a02d767d3
https://github.com/gnuboard/youngcart5/commit/c748da6e7e55cdb80c86b92b1fef12e8b5ce916b
https://github.com/gnuboard/youngcart5/commit/a9c4fcc6156b392efc3834d9391d6eb3e7927959
https://github.com/gnuboard/youngcart5/commit/d1d037f12a455523b9f15153025f4a3355903c2b
https://github.com/gnuboard/youngcart5/commit/c2f89022d982a27bb7869f3524d9a3525084a59e
https://github.com/gnuboard/youngcart5/commit/65eefaf28dfbf56b34b7ed39c97da92728f5f7db
https://github.com/gnuboard/youngcart5/commit/3f37a089d7c92d916a686271d92b9282f01dd1bd
https://github.com/gnuboard/youngcart5/commit/6c91802d9369068cfd5ffeca1465ce1031db672c
https://github.com/gnuboard/youngcart5/commit/5d723627c4869c25e835f76d2b70ae81b8885309
https://github.com/gnuboard/youngcart5/commit/1afe8fef794bf211686196c9ec0dff8641d296fc
https://github.com/gnuboard/youngcart5/commit/d31e53aa9407c69b7a1876d033702ae4f705596d
https://github.com/gnuboard/youngcart5/commit/4bfe28e8bb661e068bb5c354a502941c9b8ce748
4bfe28e 5.2.9.7 버전변경
M config.php
d31e53a 스팸글댓글 유입을 줄이려고 링크에 nofollow 추가함
M lib/common.lib.php
A plugin/htmlpurifier/extend.video.php
1afe8fe 영카트CSS 취약점(17-880) 수정
M adm/shop_admin/coupontarget.php
5d72362 php 7.2 에서 오류나는 부분 수정
M adm/shop_admin/itemformupdate.php
6c91802 최신글 캐시 파일 삭제 취약점 수정
M lib/common.lib.php
3f37a08 그누보드4 가져오기 코드에 게시판 모바일 설정 추가 적용
M g4_import_run.php
65eefaf php 잘못된 숏태그 수정
M adm/mail_select_list.php
M adm/visit_search.php
c2f8902 가비아 호스팅에서 설치시 에러 문제 수정
M common.php
d1d037f htmlpurifier 4.9.3 버전의 변경
M plugin/htmlpurifier/HTMLPurifier.standalone.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
M plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-test.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
a9c4fcc php 7.2 버전에서 오류 나는 코드 수정
M adm/admin.lib.php
M bbs/group.php
M common.php
M mobile/skin/popular/basic/popular.skin.php
M skin/popular/basic/popular.skin.php
M theme/basic/group.php
M theme/basic/mobile/skin/popular/basic/popular.skin.php
M theme/basic/skin/popular/basic/popular.skin.php
c748da6 그누보드4 import 코드 수정
M g4_import_run.php
a12c97c 그누보드 XSS 취약점 (17-876, 17-879) 수정
M adm/sendmail_test.php
M plugin/editor/smarteditor2/photo_uploader/popup/index.html
D plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-1.8.3.min.js
D plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-ui.min.js
** 수정내역 **
그누보드 XSS 취약점 (17-876, 17-879) 수정 ( KISA 에서 알려주셨습니다. )
그누보드4 import 코드 수정
php 7.2 버전에서 오류 나는 코드 수정
htmlpurifier 4.9.3 버전의 변경
가비아 호스팅에서 설치시 에러 문제 수정
php 잘못된 숏태그 수정
그누보드4 가져오기 코드에 게시판 모바일 설정 추가 적용
최신글 캐시 파일 삭제 취약점 수정
php 7.2 에서 오류나는 부분 수정
영카트CSS 취약점(17-880) 수정 ( KISA 에서 알려주셨습니다. )
스팸글댓글 유입을 줄이려고 링크에 nofollow 추가함 ( 구글 검색팀 에서 알려주셨습니다. )
5.2.9.7 버전변경
https://github.com/gnuboard/youngcart5/commit/a12c97cf5ff6fc39f1ab3ec25872a05a02d767d3
https://github.com/gnuboard/youngcart5/commit/c748da6e7e55cdb80c86b92b1fef12e8b5ce916b
https://github.com/gnuboard/youngcart5/commit/a9c4fcc6156b392efc3834d9391d6eb3e7927959
https://github.com/gnuboard/youngcart5/commit/d1d037f12a455523b9f15153025f4a3355903c2b
https://github.com/gnuboard/youngcart5/commit/c2f89022d982a27bb7869f3524d9a3525084a59e
https://github.com/gnuboard/youngcart5/commit/65eefaf28dfbf56b34b7ed39c97da92728f5f7db
https://github.com/gnuboard/youngcart5/commit/3f37a089d7c92d916a686271d92b9282f01dd1bd
https://github.com/gnuboard/youngcart5/commit/6c91802d9369068cfd5ffeca1465ce1031db672c
https://github.com/gnuboard/youngcart5/commit/5d723627c4869c25e835f76d2b70ae81b8885309
https://github.com/gnuboard/youngcart5/commit/1afe8fef794bf211686196c9ec0dff8641d296fc
https://github.com/gnuboard/youngcart5/commit/d31e53aa9407c69b7a1876d033702ae4f705596d
https://github.com/gnuboard/youngcart5/commit/4bfe28e8bb661e068bb5c354a502941c9b8ce748
4bfe28e 5.2.9.7 버전변경
M config.php
d31e53a 스팸글댓글 유입을 줄이려고 링크에 nofollow 추가함
M lib/common.lib.php
A plugin/htmlpurifier/extend.video.php
1afe8fe 영카트CSS 취약점(17-880) 수정
M adm/shop_admin/coupontarget.php
5d72362 php 7.2 에서 오류나는 부분 수정
M adm/shop_admin/itemformupdate.php
6c91802 최신글 캐시 파일 삭제 취약점 수정
M lib/common.lib.php
3f37a08 그누보드4 가져오기 코드에 게시판 모바일 설정 추가 적용
M g4_import_run.php
65eefaf php 잘못된 숏태그 수정
M adm/mail_select_list.php
M adm/visit_search.php
c2f8902 가비아 호스팅에서 설치시 에러 문제 수정
M common.php
d1d037f htmlpurifier 4.9.3 버전의 변경
M plugin/htmlpurifier/HTMLPurifier.standalone.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
A plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
M plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
M plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-test.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php
M plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
a9c4fcc php 7.2 버전에서 오류 나는 코드 수정
M adm/admin.lib.php
M bbs/group.php
M common.php
M mobile/skin/popular/basic/popular.skin.php
M skin/popular/basic/popular.skin.php
M theme/basic/group.php
M theme/basic/mobile/skin/popular/basic/popular.skin.php
M theme/basic/skin/popular/basic/popular.skin.php
c748da6 그누보드4 import 코드 수정
M g4_import_run.php
a12c97c 그누보드 XSS 취약점 (17-876, 17-879) 수정
M adm/sendmail_test.php
M plugin/editor/smarteditor2/photo_uploader/popup/index.html
D plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-1.8.3.min.js
D plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-ui.min.js
첨부파일
|
댓글 작성
댓글을 작성하시려면 로그인이 필요합니다.
로그인하기
댓글 13개
해당 압축화일풀고 해당 폴더에 그냥 덥어쓰기를 하면 되나요 ?
소스를 수정해서 사용하고 있다면, 그대로 덮어쓰기 하면 안됩니다.
수정한것이 없고 원본파일 그대로 사용하는 경우에는 덮어쓰기 해도 됩니다.
보안 패치 하기 전에는 반드시 백업을 해 놓고 패치 하세요.
빌더를 이용하여 영카트를 인스톨하였습니다. (빌더라는 개념이 웹상에서 설치버튼을 누르고 안내설명에 따라 그누보드와 영카트 설치하는 방법이 빌더 맞나요 ? 맞다면 빌더를 이용하여 설치하였습니다.)
이럴 경우 패치화일을 어떻게 이용하여 패치해야하는지요 ?
빌더의 개념은 원본배포본에서 디자인 및 기능들이 대폭 추가되거나 수정된 패키지를 뜻합니다.원본배포사에서 만든게 아니고, 다른곳에서 만든 패키지입니다.( 대표적으로 아미나 빌더, 배추 빌더, 이윰 빌더 등이 있습니다. )
앞서 말했듯이 빌더를 쓰지 않았고, 소스를 수정한 부분이 없으면 그냥 덮어쓰기 해도 됩니다.
빌더를 사용한다면 해당 빌더에서 패치를 받아 적용하면 되구요.
소스를 수정한 경우이면, 수정한 소스와 패치 소스를 비교해 보면서 코드 적용해야 합니다.
영카트 오픈소스를 수정하였기 때문에 패치는 불가하고 Diff로 비교하여 수정된 부분을 카피하여 넣어야 한다는 이야기군요... ㅠㅠㅠㅠ 패치하고 많이 불편하겠네요. ㅠㅠㅠ
일부러 그런 분도 계시네요? 2번.
모르고 그랬습니다. 3번.
저는 이렇게 생각합니다.
누가 코어를 건드립니까?
과거에 제가 그랬습니다. ^^
용서하세요. ㅜㅜ