XSS 취약점 수정

2015-07-14 12:10:44 +09:00
parent 9356fdfaa8
commit 164944dd0c
8 changed files with 19 additions and 5 deletions
--- a/bbs/new.php
+++ b/bbs/new.php
@ -17,6 +17,8 @@ if ($view == "w")
    $sql_common .= " and a.wr_id = a.wr_parent ";
 else if ($view == "c")
    $sql_common .= " and a.wr_id <> a.wr_parent ";
+else
+    $view = '';

 $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
 $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);