diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 126786382..533782c7a 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
+$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
+
+foreach( $check_keys as $key ){
+ if ( isset($_POST[$key]) && $_POST[$key] ){
+ $_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]);
+ }
+}
+
$sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}',
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 324f26209..3aaf18b11 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
- $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+ $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
continue;
diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php
index 075c7b4a4..4e04cf496 100644
--- a/adm/sms_admin/emoticon_move.php
+++ b/adm/sms_admin/emoticon_move.php
@@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
include_once(G5_PATH.'/head.sub.php');
$list = array(); //배열 변수 초기화
-$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
+$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';
$sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
$result = sql_query($sql);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 4b2423f2c..c41b3e412 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id)
while ($row = sql_fetch_array($result))
{
$no = $row['bf_no'];
+ $bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
$file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&wr_id=$wr_id&no=$no" . $qstr;
$file[$no]['download'] = $row['bf_download'];
// 4.00.11 - 파일 path 추가
@@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id)
$file[$no]['size'] = get_filesize($row['bf_filesize']);
$file[$no]['datetime'] = $row['bf_datetime'];
$file[$no]['source'] = addslashes($row['bf_source']);
- $file[$no]['bf_content'] = $row['bf_content'];
- $file[$no]['content'] = get_text($row['bf_content']);
+ $file[$no]['bf_content'] = $bf_content;
+ $file[$no]['content'] = get_text($bf_content);
//$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']);
$file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']);
$file[$no]['file'] = $row['bf_file'];
diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index 571d7d9c9..e1eb02e9c 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
$value) {
- $key = htmlspecialchars(strip_tags($key));
- $value = htmlspecialchars(strip_tags($value));
+ $key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
+ $value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
echo "".PHP_EOL;
}
?>