From 2d13c3b4b488a3c9d2a84bb184c4becf2b073260 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 12 Mar 2014 10:42:03 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B2=80=EC=83=89=EC=97=90=20=EC=82=AC?=
 =?UTF-8?q?=EC=9A=A9=EB=90=98=EB=8A=94=20=EB=B3=80=EC=88=98=EC=97=90?=
 =?UTF-8?q?=EC=84=9C=20=ED=8A=B9=EC=88=98=EB=AC=B8=EC=9E=90=20=EC=A0=9C?=
 =?UTF-8?q?=EA=B1=B0=20=EB=B0=8F=20=EA=B8=B8=EC=9D=B4=EC=A0=9C=ED=95=9C=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common.php b/common.php
index d12c2f05f..5dd46b317 100644
--- a/common.php
+++ b/common.php
@@ -225,13 +225,14 @@ if (isset($_REQUEST['sfl']))  {
 if (isset($_REQUEST['stx']))  { // search text (검색어)
     $stx = trim($_REQUEST['stx']);
     if ($stx)
-        $qstr .= '&amp;stx=' . urlencode($stx);
+        $qstr .= '&amp;stx=' . urlencode(cut_str($stx, 20, ''));
 } else {
     $stx = '';
 }
 
 if (isset($_REQUEST['sst']))  {
     $sst = trim($_REQUEST['sst']);
+    $sst = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sst);
     if ($sst)
         $qstr .= '&amp;sst=' . urlencode($sst); // search sort (검색 정렬 필드)
 } else {