[KVE-2019-0688,0689,0691,0694,0708,0709,0750,0762,0791,0802,0846] 그누보드,영카트 다중 취약점 수정

adm/board_list_update.php

@@ -30,18 +30,18 @@ if ($_POST['act_button'] == "선택수정") {
         }
 
         $sql = " update {$g5['board_table']}
-                    set gr_id               = '".sql_real_escape_string($_POST['gr_id'][$k])."',
-                        bo_subject          = '".sql_real_escape_string($_POST['bo_subject'][$k])."',
-                        bo_device           = '".sql_real_escape_string($_POST['bo_device'][$k])."',
-                        bo_skin             = '".sql_real_escape_string($_POST['bo_skin'][$k])."',
-                        bo_mobile_skin      = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."',
-                        bo_read_point       = '".sql_real_escape_string($_POST['bo_read_point'][$k])."',
-                        bo_write_point      = '".sql_real_escape_string($_POST['bo_write_point'][$k])."',
-                        bo_comment_point    = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."',
-                        bo_download_point   = '".sql_real_escape_string($_POST['bo_download_point'][$k])."',
-                        bo_use_search       = '".sql_real_escape_string($_POST['bo_use_search'][$k])."',
-                        bo_use_sns          = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."',
-                        bo_order            = '".sql_real_escape_string($_POST['bo_order'][$k])."'
+                    set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
+                        bo_subject          = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
+                        bo_device           = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
+                        bo_skin             = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
+                        bo_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
+                        bo_read_point       = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
+                        bo_write_point      = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
+                        bo_comment_point    = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
+                        bo_download_point   = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
+                        bo_use_search       = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
+                        bo_use_sns          = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
+                        bo_order            = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
                   where bo_table            = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
 
         sql_query($sql);

adm/contentform.php

@@ -86,11 +86,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
     </tr>
     <tr>
         <th scope="row">내용</th>
-        <td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
+        <td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row">모바일 내용</th>
-        <td><?php echo editor_html('co_mobile_content', get_text($co['co_mobile_content'], 0)); ?></td>
+        <td><?php echo editor_html('co_mobile_content', get_text(html_purifier($co['co_mobile_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>