코드이그나이터 기반 PHP 오픈소스 게시판 : 씨아이보드

씨아이보드 Lite 3.0.3

  • 관리자
  • 1
  • 3,105
  • 글주소
  • 10-21

[수정 내역]


XSS 취약점 (KVE-2019-1139) (KISA 에서 알려주셨습니다.)

각 model 에 선언되어있는 get_admin_list 함수를 core 의 CB_MODEL 로 통합

각 model 에 선언되어있는 get_list 함수를 core 의 CB_MODEL 로 통합

uniqid 를얻는 로직 변경



[수정된 파일] 


application/config/cb_version.php

application/controllers/Board_write.php

application/core/CB_Model.php

application/helpers/basic_helper.php

application/models/Banner_group_model.php

application/models/Banner_model.php

application/models/Board_category_model.php

application/models/Board_group_model.php

application/models/Board_model.php

application/models/Faq_model.php

application/models/Follow_model.php

application/models/Member_dormant_model.php

application/models/Member_dormant_notify_model.php

application/models/Member_group_model.php

application/models/Member_login_log_model.php

application/models/Menu_model.php

application/models/Point_model.php

application/models/Popup_model.php

application/models/Post_model.php

application/models/Stat_count_model.php

application/models/Unique_id_model.php

views/_layout/basic/css/style.css

views/_layout/basic/layout.php

views/_layout/basic/layout_popup.php

views/_layout/bootstrap/css/style.css

views/_layout/bootstrap/layout.php

views/_layout/bootstrap/layout_popup.php

views/_layout/mobile/css/style.css

views/_layout/mobile/layout.php

views/_layout/mobile/layout_popup.php

views/admin/basic/board/boardgroup/write.php

views/admin/basic/board/boardgroup/write_admin.php

views/admin/basic/board/boards/write.php

views/admin/basic/board/boards/write_access.php

views/admin/basic/board/boards/write_admin.php

views/admin/basic/board/boards/write_alarm.php

views/admin/basic/board/boards/write_category.php

views/admin/basic/board/boards/write_comment.php

views/admin/basic/board/boards/write_extravars.php

views/admin/basic/board/boards/write_general.php

views/admin/basic/board/boards/write_list.php

views/admin/basic/board/boards/write_point.php

views/admin/basic/board/boards/write_post.php

views/admin/basic/board/boards/write_rss.php

views/admin/basic/board/boards/write_write.php

views/admin/basic/config/cbconfigs/access.php

views/admin/basic/config/cbconfigs/company.php

views/admin/basic/config/cbconfigs/general.php

views/admin/basic/config/cbconfigs/index.php

views/admin/basic/config/cbconfigs/note.php

views/admin/basic/config/cbconfigs/notification.php

views/admin/basic/config/cbconfigs/point.php

views/admin/basic/config/emailform/blame.php

views/admin/basic/config/emailform/comment.php

views/admin/basic/config/emailform/comment_blame.php

views/admin/basic/config/emailform/post.php

views/admin/basic/config/layoutskin/favicon.php

views/admin/basic/config/layoutskin/index.php

views/admin/basic/config/layoutskin/metatag.php

views/admin/basic/config/memberconfig/alarm.php

views/admin/basic/config/memberconfig/index.php

views/admin/basic/config/memberconfig/login.php

views/admin/basic/config/memberconfig/membermodify.php

views/admin/basic/config/memberconfig/registerform.php

views/admin/basic/config/memberconfig/sociallogin.php

views/admin/basic/config/rssconfig/index.php

views/admin/basic/config/rssconfig/naverblog.php

views/admin/basic/config/rssconfig/sitemap.php

views/admin/basic/config/scheduler/index.php

views/admin/basic/config/scheduler/interval.php

views/admin/basic/css/style.css

views/admin/basic/layout.php

views/admin/basic/layout_popup.php

views/admin/basic/member/dormant/index.php

views/admin/basic/member/members/write.php

views/admin/basic/member/points/write.php

views/admin/basic/page/banner/group.php

views/admin/basic/page/banner/write.php

views/admin/basic/page/document/write.php

views/admin/basic/page/faq/write.php

views/admin/basic/page/faqgroup/write.php

views/admin/basic/page/popup/write.php

views/install/css/common.css

views/install/header.php

views/install/header_upgrade.php