XSS 및 SQL Injection 오류 수정

bbs/profile.php

@@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
 $row = sql_fetch($sql);
 $mb_reg_after = $row['days'];
 
-$mb_homepage = set_http($mb['mb_homepage']);
+$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
 $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
 
 include_once($member_skin_path.'/profile.skin.php');

bbs/register_form_update.php

@@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
     if ($msg = exist_mb_email($mb_email, $mb_id))   alert($msg, "", true, true);
 }
 
+$mb_name        = clean_xss_tags($mb_name);
+$mb_email       = get_email_address($mb_email);
+$mb_homepage    = clean_xss_tags($mb_homepage);
 $mb_zip1        = preg_replace('/[^0-9]/', '', $mb_zip1);
 $mb_zip2        = preg_replace('/[^0-9]/', '', $mb_zip2);
 $mb_addr1       = clean_xss_tags($mb_addr1);

bbs/write_update.php

@@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
 
     if ($member['mb_id']) {
         $mb_id = $member['mb_id'];
-        $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
+        $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
         $wr_password = $member['mb_password'];
-        $wr_email = $member['mb_email'];
-        $wr_homepage = $member['mb_homepage'];
+        $wr_email = addslashes($member['mb_email']);
+        $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
     } else {
         $mb_id = '';
         // 비회원의 경우 이름이 누락되는 경우가 있음
-        $wr_name = trim($_POST['wr_name']);
+        $wr_name = clean_xss_tags(trim($_POST['wr_name']));
         if (!$wr_name)
             alert('이름은 필히 입력하셔야 합니다.');
         $wr_password = sql_password($wr_password);
         $wr_email = get_email_address(trim($_POST['wr_email']));
+        $wr_homepage = clean_xss_tags($wr_homepage);
     }
 
     if ($w == 'r') {