Reflected XSS 취약점 수정

2015-06-10 13:54:53 +09:00
parent ab30d5981d
commit 1a2f4251ed
9 changed files with 93 additions and 9 deletions
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@ -142,7 +142,7 @@ function no_hp_click(val)
 <input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="hidden" name="sw" value="">
 <input type="hidden" name="atype" value="del">
-<input type="hidden" name="str_query" value="<?php echo $_SERVER['QUERY_STRING']?>" >
+<input type="hidden" name="str_query" value="<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>" >

 <div class="tbl_head01 tbl_wrap">
    <table>