diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index daf6383c7..7f0d6f63e 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -477,8 +477,8 @@ function admin_check_xss_params($params){
if( is_array($value) ){
admin_check_xss_params($value);
- } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*get_ajax_token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) ){
- alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
+ } else if ( (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) || preg_match('/^(?=.*token\()(?=.*xmlhttprequest\()(?=.*send\().*$/im', $value) || (preg_match('/[onload|onerror]=.*/ius', $value) && preg_match('/(eval|expression|exec|prompt)(\s*)\((.*)\)/ius', $value)) ){
+ alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.', G5_URL);
die();
}
}
diff --git a/adm/theme_detail.php b/adm/theme_detail.php
index a0018f707..616e72749 100644
--- a/adm/theme_detail.php
+++ b/adm/theme_detail.php
@@ -12,13 +12,13 @@ if(!in_array($theme, $theme_dir))
die('선택하신 테마가 설치되어 있지 않습니다.');
$info = get_theme_info($theme);
+$name = get_text($info['theme_name']);
if($info['screenshot'])
$screenshot = '
';
else
$screenshot = '
';
-$name = get_text($info['theme_name']);
if($info['theme_uri']) {
$name = ''.$name.'';
}
diff --git a/adm/visit_search.php b/adm/visit_search.php
index e29a0e382..524f2026f 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -11,6 +11,11 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
$colspan = 6;
$listall = '처음'; //페이지 처음으로 (초기화용도)
+$sql_search = '';
+
+if(isset($sfl) && $sfl && !in_array($sfl, array('vi_ip','vi_date','vi_time','vi_referer','vi_agent','vi_browser','vi_os','vi_device')) ) {
+ $sfl = '';
+}
?>