KVE-2018-2451, 2452, 2453, 2019-0208 그누보드 다중 취약점 수정

2019-01-28 11:11:49 +09:00
parent 31bf6e94ad
commit 40508b05d0
5 changed files with 15 additions and 6 deletions
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
 <input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
 <?php
 foreach ($payReqMap as $key => $value) {
-    $key = htmlspecialchars(strip_tags($key));
-    $value = htmlspecialchars(strip_tags($value));
+    $key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
+    $value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
    echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
 }
 ?>