XSS 취약점 수정

2015-07-14 12:10:44 +09:00
parent 9356fdfaa8
commit 164944dd0c
8 changed files with 19 additions and 5 deletions
--- a/bbs/move.php
+++ b/bbs/move.php
@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
    <input type="hidden" name="sod" value="<?php echo $sod ?>">
    <input type="hidden" name="page" value="<?php echo $page ?>">
    <input type="hidden" name="act" value="<?php echo $act ?>">
-    <input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>">
+    <input type="hidden" name="url" value="<?php echo clean_xss_tags($_SERVER['HTTP_REFERER']); ?>">

    <div class="tbl_head01 tbl_wrap">
        <table>