그누보드 XSS 취약점 수정

2020-02-13 16:24:27 +09:00
parent 3cf0546711
commit 3c0cde3fe2
5 changed files with 8 additions and 8 deletions
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@ -12,7 +12,7 @@ else

 check_admin_token();

-$nw_subject = isset($_POST['nw_subject']) ? strip_tags($_POST['nw_subject']) : '';
+$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';

 $sql_common = " nw_device = '{$_POST['nw_device']}',
                nw_begin_time = '{$_POST['nw_begin_time']}',