From 43f4b2c5fb04b5bd885139bb31f9fb6d701e1d45 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Wed, 20 Jan 2016 14:29:32 +0900
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(16-059)=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/formmail.php                                       | 6 ++++++
 mobile/skin/member/basic/formmail.skin.php             | 1 -
 skin/member/basic/formmail.skin.php                    | 1 -
 theme/basic/mobile/skin/member/basic/formmail.skin.php | 1 -
 theme/basic/skin/member/basic/formmail.skin.php        | 1 -
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/bbs/formmail.php b/bbs/formmail.php
index 55a9847e5..fdeeab869 100644
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@@ -28,6 +28,12 @@ if ($sendmail_count > 3)
 $g5['title'] = '메일 쓰기';
 include_once(G5_PATH.'/head.sub.php');
 
+$email = get_email_address(base64_decode($email));
+if(!$email)
+    alert_close('이메일이 올바르지 않습니다.');
+
+$email = base64_encode($email);
+
 if (!$name)
     $name = base64_decode($email);
 else
diff --git a/mobile/skin/member/basic/formmail.skin.php b/mobile/skin/member/basic/formmail.skin.php
index bb1c32e7c..8d3eaead2 100644
--- a/mobile/skin/member/basic/formmail.skin.php
+++ b/mobile/skin/member/basic/formmail.skin.php
@@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
     <input type="hidden" name="to" value="<?php echo $email ?>">
     <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
     <?php if ($is_member) { // 회원이면 ?>
     <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
     <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
diff --git a/skin/member/basic/formmail.skin.php b/skin/member/basic/formmail.skin.php
index 9f821b06a..e57be622c 100644
--- a/skin/member/basic/formmail.skin.php
+++ b/skin/member/basic/formmail.skin.php
@@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
     <input type="hidden" name="to" value="<?php echo $email ?>">
     <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
     <?php if ($is_member) { // 회원이면  ?>
     <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
     <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
diff --git a/theme/basic/mobile/skin/member/basic/formmail.skin.php b/theme/basic/mobile/skin/member/basic/formmail.skin.php
index bb1c32e7c..8d3eaead2 100644
--- a/theme/basic/mobile/skin/member/basic/formmail.skin.php
+++ b/theme/basic/mobile/skin/member/basic/formmail.skin.php
@@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
     <input type="hidden" name="to" value="<?php echo $email ?>">
     <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
     <?php if ($is_member) { // 회원이면 ?>
     <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
     <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
diff --git a/theme/basic/skin/member/basic/formmail.skin.php b/theme/basic/skin/member/basic/formmail.skin.php
index 5d1ec65b5..274bbc96e 100644
--- a/theme/basic/skin/member/basic/formmail.skin.php
+++ b/theme/basic/skin/member/basic/formmail.skin.php
@@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
     <input type="hidden" name="to" value="<?php echo $email ?>">
     <input type="hidden" name="attach" value="2">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
     <?php if ($is_member) { // 회원이면  ?>
     <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
     <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">