Âü°í¸µÅ© :
http://www.nzeo.com/bbs/zboard.php?id=main_notice&no=176
Á¦·Îº¸µåÀÇ ¼Ò½º Èì°áÀ» ¾Ç¿ë, ¿ÜºÎ¿¡¼ Á¦·Îº¸µå°¡ ¼³Ä¡µÈ ¼¹ö¸¦ Àå¾ÇÇÒ ¼ö ÀÖ´Â º¸¾È ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù. ÆÐÄ¡ÀÇ ³»¿ëÀ» ¿ä¾àÇÏ¸é ´ÙÀ½°ú °°½À´Ï´Ù. (ºÓÀº»öÀÌ Ãß°¡µÈ ºÎºÐ)
1. write.php À§¿¡¼ 13ÇàÂë
if(!eregi($HTTP_HOST,$HTTP_REFERER)) Error("Á¤»óÀûÀ¸·Î ±ÛÀ» ÀÛ¼ºÇÏ¿© Áֽñ⠹ٶø´Ï´Ù.");
if(eregi(":\/\/",$dir)) $dir="."; // 2004.12.27 patch
2. outlogin.php ¸ÇÀ§
global º¯¼ö°¡ ÁÖ¿í ¿°ÅµÈ ¹Ù·Î ¾Æ·§ÁÙ¿¡
if(eregi(":\/\/",$_zb_path)) $_zb_path="./"; // 2004.12.27 patch
¸¦ Ãß°¡
3. check_user_id.php ¸ÇÀ§
<?
include "lib.php";
$user_id = htmlspecialchars(trim($user_id)); // 2004.12.27 patch
$connect=dbconn();
4. include/write.php ¸Ç ¾Æ·¡
// °øÁö±â´É »ç¿ëÇÏ´ÂÁö ¾ÊÇÏ´ÂÁö Ç¥½Ã;;
if(!$is_admin||$mode=="reply") { $hide_notice_start="<!--";$hide_notice_end="-->"; }
if(eregi(":\/\/",$dir)) $dir="."; // 2004.12.27 patch
include $dir."/write.php";
?>