모든 proc ACT를 제한한 대신, 첨부파일 다운로드를 예외 ACT로 지정

단, 예외로 로그아웃 disp ACT 도 차단.

common/legacy.php

@@ -1123,6 +1123,34 @@ function removeSrcHack($match)
 		}
 	}
 
+	//Remove ACT URL (CSRF)
+	$except_act = array('procFileDownload');
+	$block_act = array('dispMemberLogout');
+
+	$filter_arrts = array('style', 'src', 'href');
+	if($tag === 'object') array_push($filter_arrts, 'data');
+	if($tag === 'param') array_push($filter_arrts, 'value');
+
+	foreach($filter_arrts as $attr)
+	{
+		if(!isset($attrs[$attr])) continue;
+
+		$attr_value = rawurldecode($attrs[$attr]);
+		$attr_value = htmlspecialchars_decode($attr_value, ENT_COMPAT);
+		$attr_value = preg_replace('/\s+|[\t\n\r]+/', '', $attr_value);
+
+		preg_match('@(\?|&|;)act=(disp|proc)([^&]*)@i', $attr_value, $actmatch);
+		$url_action = $actmatch[2].$actmatch[3];
+
+		if(!empty($url_action) && !in_array($url_action, $except_act))
+		{
+			if($actmatch[2] == 'proc' || in_array($url_action, $block_act))
+			{
+				unset($attrs[$attr]);
+			}
+		}
+	}
+
 	if(isset($attrs['style']) && preg_match('@(?:/\*|\*/|\n|:\s*expression\s*\()@i', $attrs['style']))
 	{
 		unset($attrs['style']);