Reflected XSS 취약점 수정

2015-06-10 13:54:53 +09:00
parent ab30d5981d
commit 1a2f4251ed
9 changed files with 93 additions and 9 deletions
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -145,7 +145,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </div>
    <div class="btn_confirm01 btn_confirm">
        <input type="submit" value="확인" class="btn_submit" accesskey="s">
-        <a href="./form_list.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
+        <a href="./form_list.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
    </div>
 </form>

--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@ -142,7 +142,7 @@ function no_hp_click(val)
 <input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="hidden" name="sw" value="">
 <input type="hidden" name="atype" value="del">
-<input type="hidden" name="str_query" value="<?php echo $_SERVER['QUERY_STRING']?>" >
+<input type="hidden" name="str_query" value="<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>" >

 <div class="tbl_head01 tbl_wrap">
    <table>
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@ -130,7 +130,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");

 <div class="btn_confirm01 btn_confirm">
    <input type="submit" value="확인" class="btn_submit" accesskey="s" onclick="return book_submit();">
-    <a href="./num_book.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
+    <a href="./num_book.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
 </div>

 </form>