firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

xss 관련 태그 제거 함수 추가

Browse Source
This commit is contained in:
chicpro
2014-08-08 13:38:42 +09:00
parent a1e11d9521
commit 1cc13235cf
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common.php
View File

@ -252,7 +252,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id())
$qstr = ''; $qstr = '';
if (isset($_REQUEST['sca'])) { if (isset($_REQUEST['sca'])) {
$sca = trim($_REQUEST['sca']); $sca = clean_xss_tags(trim($_REQUEST['sca']));
if ($sca) if ($sca)
$qstr .= '&sca=' . urlencode($sca); $qstr .= '&sca=' . urlencode($sca);
} else { } else {

8
lib/common.lib.php
View File

@ -2653,6 +2653,14 @@ function get_search_string($stx)
return $stx; return $stx;
} }
// XSS 관련 태그 제거
function clean_xss_tags($str)
{
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
return $str;
}
// unescape nl 얻기 // unescape nl 얻기
function conv_unescape_nl($str) function conv_unescape_nl($str)
{ {