XSS 취약점 수정

lib/common.lib.php

@@ -2367,12 +2367,8 @@ function hyphen_hp_number($hp)
 function login_url($url='')
 {
     if (!$url) $url = G5_URL;
-    /*
-    $p = parse_url($url);
-    echo urlencode($_SERVER['REQUEST_URI']);
-    return $url.urldecode(preg_replace("/^".urlencode($p['path'])."/", "", urlencode($_SERVER['REQUEST_URI'])));
-    */
-    return $url;
+
+    return urlencode(clean_xss_tags($url));
 }
 
 

mobile/skin/member/basic/login.skin.php

@@ -9,7 +9,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <h1><?php echo $g5['title'] ?></h1>
 
     <form name="flogin" action="<?php echo $login_action_url ?>" onsubmit="return flogin_submit(this);" method="post">
-    <input type="hidden" name="url" value='<?php echo $login_url ?>'>
+    <input type="hidden" name="url" value="<?php echo $login_url ?>">
 
     <div id="login_frm">
         <label for="login_id" class="sound_only">아이디<strong class="sound_only"> 필수</strong></label>

skin/member/basic/login.skin.php

@@ -10,7 +10,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <h1><?php echo $g5['title'] ?></h1>
 
     <form name="flogin" action="<?php echo $login_action_url ?>" onsubmit="return flogin_submit(this);" method="post">
-    <input type="hidden" name="url" value='<?php echo $login_url ?>'>
+    <input type="hidden" name="url" value="<?php echo $login_url ?>">
 
     <fieldset id="login_fs">
         <legend>회원로그인</legend>