firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Reflected XSS 취약점 해결, Fixed Reflected XSS vulnerability (220408,hunter.dev/9o3)

Browse Source
This commit is contained in:
kagla
2022-04-08 11:05:23 +09:00
parent 6660a4adc1
commit 258f94e597
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/common.lib.php
View File

@ -3076,6 +3076,9 @@ function get_search_string($stx)
// XSS 관련 태그 제거 // XSS 관련 태그 제거
function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0) function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0)
{ {
// space, tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다.
$str = preg_replace('#[[:space:]]#', '', $str);
if( $is_remove_tags ){ if( $is_remove_tags ){
$str = strip_tags($str); $str = strip_tags($str);
} }