버전 5.3.2.3 수정

2018-12-28 11:03:31 +09:00
parent 7884f1630b 1d0f0bf50b
commit 2bab824e82
9 changed files with 77 additions and 72 deletions
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@ -435,7 +435,7 @@ function admin_check_xss_params($params){
        if ( empty($value) ) continue;

        if( is_array($value) ){
-            admin_check_xss_params($params);
+            admin_check_xss_params($value);
        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
            die();