[KVE-2025-0384]XSS lead to RCE 취약점 수정

2025-06-04 17:44:50 +09:00
parent 87d11d5c78
commit 38451a7d3d
2 changed files with 19 additions and 10 deletions
--- a/plugin/sns/twitter/html.inc
+++ b/plugin/sns/twitter/html.inc
@ -22,18 +22,20 @@
        Contact @<a href='http://twitter.com/abraham'>abraham</a>
      </p>
      <hr />
-      <?php if (isset($menu)) { ?>
-        <?php echo $menu; ?>
+      <?php if (isset($menu) && is_string($menu)) { ?>
+        <?php echo htmlspecialchars($menu, ENT_QUOTES, 'UTF-8'); ?>
      <?php } ?>
    </div>
-    <?php if (isset($status_text)) { ?>
-      <?php echo '<h3>'.$status_text.'</h3>'; ?>
+    <?php if (isset($status_text) && is_string($status_text)) { ?>
+      <?php echo '<h3>'.htmlspecialchars($status_text, ENT_QUOTES, 'UTF-8').'</h3>'; ?>
    <?php } ?>
-    <p>
+    <div>
      <pre>
-        <?php print_r($content); ?>
+        <?php if (isset($content) && (is_array($content) || is_object($content))) {
+            echo htmlspecialchars(json_encode($content, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES), ENT_QUOTES, 'UTF-8');
+        } ?>
      </pre>
-    </p>
+    </div>

  </body>
 </html>