From 5b6d99a1265980227574f1ce5d5c10d75b81b4b7 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Fri, 18 Sep 2015 16:28:09 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=EB=90=9C=20=EB=B6=80=EB=B6=84=20=EB=B3=B5=EA=B5=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/write_update.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/bbs/write_update.php b/bbs/write_update.php
index ed4fa256b..e70f57e6c 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -181,19 +181,19 @@ if ($w == '' || $w == 'r') {
 
     if ($member['mb_id']) {
         $mb_id = $member['mb_id'];
-        $wr_name = addslashes($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']);
+        $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
         $wr_password = $member['mb_password'];
         $wr_email = addslashes($member['mb_email']);
-        $wr_homepage = addslashes($member['mb_homepage']);
+        $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
     } else {
         $mb_id = '';
         // 비회원의 경우 이름이 누락되는 경우가 있음
-        $wr_name = trim($_POST['wr_name']);
+        $wr_name = clean_xss_tags(trim($_POST['wr_name']));
         if (!$wr_name)
             alert('이름은 필히 입력하셔야 합니다.');
         $wr_password = get_encrypt_string($wr_password);
         $wr_email = get_email_address(trim($_POST['wr_email']));
-        $wr_homepage = $_POST['wr_homepage'];
+        $wr_homepage = clean_xss_tags($wr_homepage);
     }
 
     if ($w == 'r') {
@@ -301,29 +301,29 @@ if ($w == '' || $w == 'r') {
         // 자신의 글이라면
         if ($member['mb_id'] == $wr['mb_id']) {
             $mb_id = $member['mb_id'];
-            $wr_name = addslashes($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']);
+            $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
             $wr_email = addslashes($member['mb_email']);
-            $wr_homepage = addslashes($member['mb_homepage']);
+            $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
         } else {
             $mb_id = $wr['mb_id'];
             if(isset($_POST['wr_name']) && $_POST['wr_name'])
-                $wr_name = trim($_POST['wr_name']);
+                $wr_name = clean_xss_tags(trim($_POST['wr_name']));
             else
-                $wr_name = addslashes($wr['wr_name']);
+                $wr_name = addslashes(clean_xss_tags($wr['wr_name']));
             if(isset($_POST['wr_email']) && $_POST['wr_email'])
                 $wr_email = get_email_address(trim($_POST['wr_email']));
             else
                 $wr_email = addslashes($wr['wr_email']);
             if(isset($_POST['wr_homepage']) && $_POST['wr_homepage'])
-                $wr_homepage = addslashes($_POST['wr_homepage']);
+                $wr_homepage = addslashes(clean_xss_tags($_POST['wr_homepage']));
             else
-                $wr_homepage = addslashes($wr['wr_homepage']);
+                $wr_homepage = addslashes(clean_xss_tags($wr['wr_homepage']));
         }
     } else {
         $mb_id = "";
         // 비회원의 경우 이름이 누락되는 경우가 있음
-        $wr_name = trim($_POST['wr_name']);
-        if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.');
+        if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다.");
+        $wr_name = clean_xss_tags(trim($_POST['wr_name']));
         $wr_email = get_email_address(trim($_POST['wr_email']));
     }