From 086a1738d99e84010af26f5e62c437fc5ed584bb Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 15 Mar 2021 16:24:32 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-1616]=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C=20=EB=A9=94=EC=9D=B8=ED=99=94=EB=A9=B4=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/menu_list_update.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 9a3ecd499..f62ab4714 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -21,7 +21,11 @@ for ($i=0; $i<$count; $i++)
 {
     $_POST = array_map_deep('trim', $_POST);
     
-    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
+    if(preg_match('/^javascript/i', preg_replace('/[ ]{1,}|[\t]/', '', $_POST['me_link'][$i]))){
+        $_POST['me_link'][$i] = G5_URL;
+    }
+
+    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : '';
 
     $code    = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
     $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';