XSS 취약점(16-059) 수정
This commit is contained in:
chicpro
@ -28,6 +28,12 @@ if ($sendmail_count > 3)
|
|||||||
$g5['title'] = '메일 쓰기';
|
$g5['title'] = '메일 쓰기';
|
||||||
include_once(G5_PATH.'/head.sub.php');
|
include_once(G5_PATH.'/head.sub.php');
|
||||||
|
|
||||||
|
$email = get_email_address(base64_decode($email));
|
||||||
|
if(!$email)
|
||||||
|
alert_close('이메일이 올바르지 않습니다.');
|
||||||
|
|
||||||
|
$email = base64_encode($email);
|
||||||
|
|
||||||
if (!$name)
|
if (!$name)
|
||||||
$name = base64_decode($email);
|
$name = base64_decode($email);
|
||||||
else
|
else
|
||||||
|
|||||||
@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
|
|||||||
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
||||||
<input type="hidden" name="to" value="<?php echo $email ?>">
|
<input type="hidden" name="to" value="<?php echo $email ?>">
|
||||||
<input type="hidden" name="attach" value="2">
|
<input type="hidden" name="attach" value="2">
|
||||||
<input type="hidden" name="token" value="<?php echo $token ?>">
|
|
||||||
<?php if ($is_member) { // 회원이면 ?>
|
<?php if ($is_member) { // 회원이면 ?>
|
||||||
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
||||||
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
||||||
|
|||||||
@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
|
|||||||
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
||||||
<input type="hidden" name="to" value="<?php echo $email ?>">
|
<input type="hidden" name="to" value="<?php echo $email ?>">
|
||||||
<input type="hidden" name="attach" value="2">
|
<input type="hidden" name="attach" value="2">
|
||||||
<input type="hidden" name="token" value="<?php echo $token ?>">
|
|
||||||
<?php if ($is_member) { // 회원이면 ?>
|
<?php if ($is_member) { // 회원이면 ?>
|
||||||
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
||||||
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
||||||
|
|||||||
@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
|
|||||||
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
||||||
<input type="hidden" name="to" value="<?php echo $email ?>">
|
<input type="hidden" name="to" value="<?php echo $email ?>">
|
||||||
<input type="hidden" name="attach" value="2">
|
<input type="hidden" name="attach" value="2">
|
||||||
<input type="hidden" name="token" value="<?php echo $token ?>">
|
|
||||||
<?php if ($is_member) { // 회원이면 ?>
|
<?php if ($is_member) { // 회원이면 ?>
|
||||||
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
|
||||||
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
||||||
|
|||||||
@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
|
|||||||
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
|
||||||
<input type="hidden" name="to" value="<?php echo $email ?>">
|
<input type="hidden" name="to" value="<?php echo $email ?>">
|
||||||
<input type="hidden" name="attach" value="2">
|
<input type="hidden" name="attach" value="2">
|
||||||
<input type="hidden" name="token" value="<?php echo $token ?>">
|
|
||||||
<?php if ($is_member) { // 회원이면 ?>
|
<?php if ($is_member) { // 회원이면 ?>
|
||||||
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
|
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
|
||||||
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
|
||||||
|
|||||||
Reference in New Issue
Block a user