From 258f94e597aba89b0a5923295c1e46d4c0f83abb Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Fri, 8 Apr 2022 11:05:23 +0900
Subject: [PATCH] =?UTF-8?q?Reflected=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=ED=95=B4=EA=B2=B0,=20Fixed=20Reflected=20XSS=20vulnerabilit?=
 =?UTF-8?q?y=20(220408,hunter.dev/9o3)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 6a6a6980f..ad6ceda74 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3076,6 +3076,9 @@ function get_search_string($stx)
 // XSS 관련 태그 제거
 function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0)
 {
+    // space, tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다.
+    $str = preg_replace('#[[:space:]]#', '', $str);
+
     if( $is_remove_tags ){
         $str = strip_tags($str);
     }