firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 및 SQL Injection 오류 수정

Browse Source
This commit is contained in:
chicpro
2014-10-17 11:15:36 +09:00
parent be8c7e3ee5
commit 12f9a05106
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bbs/write_update.php
View File

@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
if ($member['mb_id']) {
$mb_id = $member['mb_id'];
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password'];
$wr_email = $member['mb_email'];
$wr_homepage = $member['mb_homepage'];
$wr_email = addslashes($member['mb_email']);
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else {
$mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음
$wr_name = trim($_POST['wr_name']);
$wr_name = clean_xss_tags(trim($_POST['wr_name']));
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email']));
$wr_homepage = clean_xss_tags($wr_homepage);
}
if ($w == 'r') {