KVE-2018-2451, 2452, 2453, 2019-0208 그누보드 다중 취약점 수정

2019-01-28 11:11:49 +09:00
parent 31bf6e94ad
commit 40508b05d0
5 changed files with 15 additions and 6 deletions
--- a/adm/sms_admin/emoticon_move.php
+++ b/adm/sms_admin/emoticon_move.php
@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
 include_once(G5_PATH.'/head.sub.php');

 $list = array();    //배열 변수 초기화
-$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
+$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';

 $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
 $result = sql_query($sql);