From 4d4c781a8efb7b7f7093079349d2eb6b5d1b5588 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 5 Jan 2017 17:54:32 +0900 Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(16-1008)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/faqmasterform.php | 2 ++ adm/newwinform.php | 2 ++ adm/popular_rank.php | 4 ++-- adm/visit.sub.php | 4 ++-- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php index 545bf9b60..8681e5c89 100644 --- a/adm/faqmasterform.php +++ b/adm/faqmasterform.php @@ -7,6 +7,8 @@ auth_check($auth[$sub_menu], "w"); $html_title = 'FAQ'; +$fm_id = preg_replace('/[^0-9]/', '', $fm_id); + if ($w == "u") { $html_title .= ' 수정'; diff --git a/adm/newwinform.php b/adm/newwinform.php index cf936891c..c93c187b6 100644 --- a/adm/newwinform.php +++ b/adm/newwinform.php @@ -5,6 +5,8 @@ include_once(G5_EDITOR_LIB); auth_check($auth[$sub_menu], "w"); +$nw_id = preg_replace('/[^0-9]/', '', $nw_id); + $html_title = "팝업레이어"; if ($w == "u") { diff --git a/adm/popular_rank.php b/adm/popular_rank.php index 3bce6dca1..fbbea0e75 100644 --- a/adm/popular_rank.php +++ b/adm/popular_rank.php @@ -4,8 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'r'); -if (empty($fr_date)) $fr_date = G5_TIME_YMD; -if (empty($to_date)) $to_date = G5_TIME_YMD; +if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD; +if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD; $qstr = "fr_date={$fr_date}{&to_date}={$to_date}"; diff --git a/adm/visit.sub.php b/adm/visit.sub.php index 4d1f97f42..def2df342 100644 --- a/adm/visit.sub.php +++ b/adm/visit.sub.php @@ -5,8 +5,8 @@ include_once(G5_LIB_PATH.'/visit.lib.php'); include_once('./admin.head.php'); include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php'); -if (empty($fr_date)) $fr_date = G5_TIME_YMD; -if (empty($to_date)) $to_date = G5_TIME_YMD; +if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD; +if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD; $qstr = "fr_date=".$fr_date."&to_date=".$to_date; $query_string = $qstr ? '?'.$qstr : '';