firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 및 SQL Injection 오류 수정

Browse Source
This commit is contained in:
chicpro
2014-10-17 11:15:36 +09:00
parent be8c7e3ee5
commit 12f9a05106
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/profile.php
View File

@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
$row = sql_fetch($sql); $row = sql_fetch($sql);
$mb_reg_after = $row['days']; $mb_reg_after = $row['days'];
$mb_homepage = set_http($mb['mb_homepage']); $mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
$mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.'; $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
include_once($member_skin_path.'/profile.skin.php'); include_once($member_skin_path.'/profile.skin.php');

3
bbs/register_form_update.php
View File

@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true); if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true);
} }
$mb_name = clean_xss_tags($mb_name);
$mb_email = get_email_address($mb_email);
$mb_homepage = clean_xss_tags($mb_homepage);
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1); $mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2); $mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
$mb_addr1 = clean_xss_tags($mb_addr1); $mb_addr1 = clean_xss_tags($mb_addr1);

9
bbs/write_update.php
View File

@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
if ($member['mb_id']) { if ($member['mb_id']) {
$mb_id = $member['mb_id']; $mb_id = $member['mb_id'];
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password']; $wr_password = $member['mb_password'];
$wr_email = $member['mb_email']; $wr_email = addslashes($member['mb_email']);
$wr_homepage = $member['mb_homepage']; $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else { } else {
$mb_id = ''; $mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음 // 비회원의 경우 이름이 누락되는 경우가 있음
$wr_name = trim($_POST['wr_name']); $wr_name = clean_xss_tags(trim($_POST['wr_name']));
if (!$wr_name) if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.'); alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password); $wr_password = sql_password($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email'])); $wr_email = get_email_address(trim($_POST['wr_email']));
$wr_homepage = clean_xss_tags($wr_homepage);
} }
if ($w == 'r') { if ($w == 'r') {