From a79def43c55d3ea72fbe61bcc293ca4bafb27d87 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Fri, 15 Jul 2016 09:25:39 +0900
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=2016-480?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common.php b/common.php
index 6435a5ae6..6eb591997 100644
--- a/common.php
+++ b/common.php
@@ -39,6 +39,7 @@ function g5_path()
     $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
     if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
         $host = preg_replace('/:[0-9]+$/', '', $host);
+    $host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
     $result['url'] = $http.$host.$port.$user.$root;
     return $result;
 }