firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1808 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-12-12 17:28:55 +09:00
parent 82078fc781
commit 038affe798
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/alert.php
View File

@ -67,13 +67,17 @@ history.back();
<form method="post" action="<?php echo $url ?>">
<?php
foreach($_POST as $key => $value) {
$key = clean_xss_tags($url);
$value = clean_xss_tags($value);
if(strlen($value) < 1)
continue;
if(preg_match("/pass|pwd|capt|url/", $key))
continue;
?>
<input type="hidden" name="<?php echo $key ?>" value="<?php echo $value ?>">
<input type="hidden" name="<?php echo htmlspecialchars($key); ?>" value="<?php echo htmlspecialchars($value); ?>">
<?php
}
?>