]/"; // 특수문자 $patn2 = "/[`~!@#$%^*\\\'\";:\/^+_()<>]/"; // 특수문자 $patn3 = "/[`~!@#$^*\\\'\";:^+()<>]/"; // 특수문자 if(strlen($basename2) != 0){ if($tools->paramChk($patn3, $basename2) == 1){ $tools->errMsg('잘못된 접근입니다.'); } } /* if(strlen($basename1) != 0){ if($tools->paramChk($patn2, $basename1) == 1){ $tools->errMsg('잘못된 접근입니다..'); } } */ //파일 다운로드 취약점 방지 2020.10.6 //취약점 방지 2022.11.07 $basename3 = substr($_SERVER['REQUEST_URI'],10); // kwbc/ 글자만 자름 $patn4 = "/[`~!@#$^*\\\'\";:^+()<>]/"; // 특수문자 if(strlen($basename3) != 0){ if($tools->paramChk($patn4, $basename3) == 1){ $tools->errMsg('잘못된 접근입니다.'); } } //취약점 방지 2022.11.07 $mv_data = $_GET[bbs_data]; $bbs_data = $tools->decode( $_GET[bbs_data] ); $idx = $bbs_data[idx]; $code = $bbs_data[code]; if( $_GET[download] ) { $bbs_stat = $db->object( "cs_bbs_data", "where idx=$idx", "bbs_file,bbs_file2,bbs_file3,bbs_file4,bbs_file5" ); if($_GET[download] == 1) { $bbs_file = explode( "&&", $bbs_stat->bbs_file ); } else if($_GET[download] == 2) { $bbs_file = explode( "&&", $bbs_stat->bbs_file2 ); } else if($_GET[download] == 3) { $bbs_file = explode( "&&", $bbs_stat->bbs_file3 ); } else if($_GET[download] == 4) { $bbs_file = explode( "&&", $bbs_stat->bbs_file4 ); } else if($_GET[download] == 5) { $bbs_file = explode( "&&", $bbs_stat->bbs_file5 ); } $file_dir = "../data/bbsData"; /*** euc_kr 로 바꾸면서 또한 버전이 옛버전이여서 아래 처럼 수정함 20190322 ***/ // $ftype = "file/unknown"; $ftype = "application/octet-stream"; if(eregi("(MSIE 5.0|MSIE 5.1|MSIE 5.5|MSIE 6.0)", $HTTP_USER_AGENT)){ Header("Content-type: $ftype"); if($_GET[download] == 1) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file")); } else if($_GET[download] == 2) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file2")); } else if($_GET[download] == 3) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file3")); } else if($_GET[download] == 4) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file4")); } else if($_GET[download] == 5) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file5")); } Header("Content-Disposition: attachment; filename=$bbs_file[1]"); Header("Content-Transfer-Encoding: binary"); Header("Pragma: no-cache"); Header("Expires: 0"); } else { Header("Content-type: file/unknown"); if($_GET[download] == 1) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file")); } else if($_GET[download] == 2) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file2")); } else if($_GET[download] == 3) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file3")); } else if($_GET[download] == 4) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file4")); } else if($_GET[download] == 5) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file5")); } Header("Content-Disposition: attachment; filename=$bbs_file[1]"); Header("Content-Description: PHP3 Generated Data"); Header("Pragma: no-cache"); Header("Expires: 0"); } if($_GET[download] == 1) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 2) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file2", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 3) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file3", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 4) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file4", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 5) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file5", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } /*** euc_kr 로 바꾸면서 또한 버전이 옛버전이여서 위 처럼 수정함 20190322 ***/ /* // $ftype = "file/unknown"; // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 //function mb_basename($path) { return end(explode('/',$path)); } //function utf2euc($str) { return iconv("UTF-8","cp949//IGNORE", $str); } function is_ie() { if(!isset($_SERVER['HTTP_USER_AGENT']))return false; if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) return true; // IE8 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 6.1') !== false) return true; // IE11 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 10.0') !== false) return true; // IE11 return false; } // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 $ftype = "application/octet-stream"; if(is_ie()){ $filenamek = iconv("utf-8", "euc-kr" , $bbs_file[1]); //$filenamek = $bbs_file[1]; Header("Content-type: $ftype"); if($_GET[download] == 1) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file")); } else if($_GET[download] == 2) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file2")); } else if($_GET[download] == 3) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file3")); } else if($_GET[download] == 4) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file4")); } else if($_GET[download] == 5) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file5")); } Header("Content-Disposition: attachment; filename=$filenamek"); Header("Content-Transfer-Encoding: binary"); Header("Pragma: no-cache"); Header("Expires: 0"); } else { Header("Content-type: file/unknown"); if($_GET[download] == 1) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file")); } else if($_GET[download] == 2) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file2")); } else if($_GET[download] == 3) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file3")); } else if($_GET[download] == 4) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file4")); } else if($_GET[download] == 5) { Header("Content-Length: ".filesize("$file_dir/$bbs_stat->bbs_file5")); } Header("Content-Disposition: attachment; filename=\"$bbs_file[1]\""); Header("Content-Description: PHP3 Generated Data"); Header("Pragma: no-cache"); Header("Expires: 0"); } if($_GET[download] == 1) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 2) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file2", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 3) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file3", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 4) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file4", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[download] == 5) { if ($fp = fopen("$file_dir/$bbs_stat->bbs_file5", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } */ } else if($_GET[dwn]) { $file_dir = "../data/upload"; $filedwn_name = $_GET[filedwn_name]; // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 //function mb_basename($path) { return end(explode('/',$path)); } //function utf2euc($str) { return iconv("UTF-8","cp949//IGNORE", $str); } function is_ie() { if(!isset($_SERVER['HTTP_USER_AGENT']))return false; if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) return true; // IE8 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 6.1') !== false) return true; // IE11 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 10.0') !== false) return true; // IE11 return false; } // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 $ftype = "application/octet-stream"; if(is_ie()){ $filenamek = iconv("utf-8", "euc-kr" , $filedwn_name); //$filenamek = $bbs_file[1]; Header("Content-type: $ftype"); Header("Content-Length: ".filesize("$file_dir/$filedwn_name")); Header("Content-Disposition: attachment; filename=$filenamek"); Header("Content-Transfer-Encoding: binary"); Header("Pragma: no-cache"); Header("Expires: 0"); } else { Header("Content-type: file/unknown"); Header("Content-Length: ".filesize("$file_dir/$filedwn_name")); Header("Content-Disposition: attachment; filename=\"$filedwn_name\""); Header("Content-Description: PHP3 Generated Data"); Header("Pragma: no-cache"); Header("Expires: 0"); } if ($fp = fopen("$file_dir/$filedwn_name", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } } else if($_GET[dwnnew]) { $bbs_stat = $db->object( "user_uploads", "where idx=$_GET[dwnnew]", "image_name" ); $image_name = explode( "_webfile", $bbs_stat->image_name ); $file_dir = "../data/upload"; /*** euc_kr 로 바꾸면서 또한 버전이 옛버전이여서 아래 처럼 수정함 20190322 ***/ // $ftype = "file/unknown"; $ftype = "application/octet-stream"; if(eregi("(MSIE 5.0|MSIE 5.1|MSIE 5.5|MSIE 6.0)", $HTTP_USER_AGENT)){ Header("Content-type: $ftype"); Header("Content-Length: ".filesize("$file_dir/$bbs_stat->image_name")); Header("Content-Disposition: attachment; filename=$image_name[1]"); Header("Content-Transfer-Encoding: binary"); Header("Pragma: no-cache"); Header("Expires: 0"); } else { Header("Content-type: file/unknown"); Header("Content-Length: ".filesize("$file_dir/$bbs_stat->image_name")); Header("Content-Disposition: attachment; filename=$image_name[1]"); Header("Content-Description: PHP3 Generated Data"); Header("Pragma: no-cache"); Header("Expires: 0"); } if ($fp = fopen("$file_dir/$bbs_stat->image_name", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } /*** euc_kr 로 바꾸면서 또한 버전이 옛버전이여서 위에 처럼 수정함 20190322 ***/ // $ftype = "file/unknown"; /* // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 //function mb_basename($path) { return end(explode('/',$path)); } //function utf2euc($str) { return iconv("UTF-8","cp949//IGNORE", $str); } function is_ie() { if(!isset($_SERVER['HTTP_USER_AGENT']))return false; if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) return true; // IE8 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 6.1') !== false) return true; // IE11 if(strpos($_SERVER['HTTP_USER_AGENT'], 'Windows NT 10.0') !== false) return true; // IE11 return false; } // ie 에서 한글파일 정상다운로드 되게 하기 위해 수정함 $ftype = "application/octet-stream"; if(is_ie()){ $filenamek = iconv("euc-kr", "utf-8" , $image_name[1]); //$filenamek = $image_name[1]; Header("Content-type: $ftype"); Header("Content-Length: ".filesize("$file_dir/$bbs_stat->image_name")); Header("Content-Disposition: attachment; filename=$filenamek"); Header("Content-Transfer-Encoding: binary"); Header("Pragma: no-cache"); Header("Expires: 0"); } else { Header("Content-type: file/unknown"); Header("Content-Length: ".filesize("$file_dir/$bbs_stat->image_name")); Header("Content-Disposition: attachment; filename=\"$image_name[1]\""); Header("Content-Description: PHP3 Generated Data"); Header("Pragma: no-cache"); Header("Expires: 0"); } if ($fp = fopen("$file_dir/$bbs_stat->image_name", "rb")) { if (!fpassthru($fp)) fclose($fp); exit(); } */ } else { $tools->errMsg('경 고 !!!\n\n비정상적으로 접근했습니다.'); } ?>