From 445da5447dc9bef5a6661d27770e7d7bd0a11261 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 5 Feb 2015 09:43:58 +0900 Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/visit_insert.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index dccd1326f..a0ba612ef 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -13,7 +13,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']); $referer = ""; if (isset($_SERVER['HTTP_REFERER'])) - $referer = escape_trim($_SERVER['HTTP_REFERER']); + $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER'])); $user_agent = escape_trim($_SERVER['HTTP_USER_AGENT']); $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";