XSS 취약점(16-059) 수정

2016-01-20 14:29:32 +09:00
parent cd72e1c06b
commit 43f4b2c5fb
5 changed files with 6 additions and 4 deletions
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@ -28,6 +28,12 @@ if ($sendmail_count > 3)
 $g5['title'] = '메일 쓰기';
 include_once(G5_PATH.'/head.sub.php');

+$email = get_email_address(base64_decode($email));
+if(!$email)
+    alert_close('이메일이 올바르지 않습니다.');
+
+$email = base64_encode($email);
+
 if (!$name)
    $name = base64_decode($email);
 else
--- a/mobile/skin/member/basic/formmail.skin.php
+++ b/mobile/skin/member/basic/formmail.skin.php
@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
    <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
    <input type="hidden" name="to" value="<?php echo $email ?>">
    <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php if ($is_member) { // 회원이면 ?>
    <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
    <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
--- a/skin/member/basic/formmail.skin.php
+++ b/skin/member/basic/formmail.skin.php
@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
    <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
    <input type="hidden" name="to" value="<?php echo $email ?>">
    <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php if ($is_member) { // 회원이면  ?>
    <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
    <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
--- a/theme/basic/mobile/skin/member/basic/formmail.skin.php
+++ b/theme/basic/mobile/skin/member/basic/formmail.skin.php
@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
    <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
    <input type="hidden" name="to" value="<?php echo $email ?>">
    <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php if ($is_member) { // 회원이면 ?>
    <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
    <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
--- a/theme/basic/skin/member/basic/formmail.skin.php
+++ b/theme/basic/skin/member/basic/formmail.skin.php
@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
    <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
    <input type="hidden" name="to" value="<?php echo $email ?>">
    <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php if ($is_member) { // 회원이면  ?>
    <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
    <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">