firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

댓글 wr_name 이용한 XSS 보안 취약점 수정

Browse Source
This commit is contained in:
chicpro
2014-07-30 18:05:52 +09:00
parent d5e6a07dda
commit 0742c5f81b
6 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/board_form.php
View File

@ -708,7 +708,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_comment_min">최소 댓글수 제한</label></th>
<td>
<?php echo help('댓글 입력시 최소 글자수, 최대 글자수를 설정. 0을 입력하면 검사하지 않음') ?>
<?php echo help('댓글 입력시 최소 글자수를 설정. 0을 입력하면 검사하지 않음') ?>
<input type="text" name="bo_comment_min" value="<?php echo $board['bo_comment_min'] ?>" id="bo_comment_min" class="numeric frm_input" size="4">
</td>
<td class="td_grpset">
@ -721,7 +721,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_comment_max">최대 댓글수 제한</label></th>
<td>
<?php echo help('댓글 입력시 최소 글자수, 최대 글자수를 설정. 0을 입력하면 검사하지 않음') ?>
<?php echo help('댓글 입력시 최대 글자수를 설정. 0을 입력하면 검사하지 않음') ?>
<input type="text" name="bo_comment_max" value="<?php echo $board['bo_comment_max'] ?>" id="bo_comment_max" class="numeric frm_input" size="4">
</td>
<td class="td_grpset">

5
common.php
View File

@ -35,7 +35,10 @@ function g5_path()
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$result['url'] = $http.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']).$port.$user.$root;
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$result['url'] = $http.$host.$port.$user.$root;
return $result;
}

2
mobile/skin/board/basic/view_comment.skin.php
View File

@ -23,7 +23,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
?>
<article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
<header>
<h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
<h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
<?php echo $list[$i]['name'] ?>
<?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" alt="댓글의 댓글" class="icon_reply"><?php } ?>
<?php if ($is_ip_view) { ?>

2
mobile/skin/board/gallery/view_comment.skin.php
View File

@ -23,7 +23,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
?>
<article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
<header>
<h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
<h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
<?php echo $list[$i]['name'] ?>
<?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" alt="댓글의 댓글" class="icon_reply"><?php } ?>
<?php if ($is_ip_view) { ?>

2
skin/board/basic/view_comment.skin.php
View File

@ -29,7 +29,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
<header style="z-index:<?php echo $cmt_sv; ?>">
<h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
<h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
<?php echo $list[$i]['name'] ?>
<?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" class="icon_reply" alt="댓글의 댓글"><?php } ?>
<?php if ($is_ip_view) { ?>

2
skin/board/gallery/view_comment.skin.php
View File

@ -29,7 +29,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
<header style="z-index:<?php echo $cmt_sv; ?>">
<h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
<h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
<?php echo $list[$i]['name'] ?>
<?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" class="icon_reply" alt="댓글의 댓글"><?php } ?>
<?php if ($is_ip_view) { ?>