diff --git a/bbs/alert.php b/bbs/alert.php index d64b6f2fd..6b1ab26a7 100644 --- a/bbs/alert.php +++ b/bbs/alert.php @@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php'); $msg2 = str_replace("\\n", "
", $msg); -if (!$url) $url = $_SERVER['HTTP_REFERER']; +$url = clean_xss_tags($url); +if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']); // url 체크 check_url_host($url); diff --git a/bbs/confirm.php b/bbs/confirm.php index 76e9c7652..fcf94e0e9 100644 --- a/bbs/confirm.php +++ b/bbs/confirm.php @@ -2,6 +2,10 @@ include_once('./_common.php'); include_once(G5_PATH.'/head.sub.php'); +$url1 = clean_xss_tags($url1); +$url2 = clean_xss_tags($url2); +$url3 = clean_xss_tags($url3); + // url 체크 check_url_host($url1); check_url_host($url2); diff --git a/bbs/move.php b/bbs/move.php index e3a7d86f2..a4631addf 100644 --- a/bbs/move.php +++ b/bbs/move.php @@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) - +
diff --git a/bbs/new.php b/bbs/new.php index bbf9ccf96..9e008e861 100644 --- a/bbs/new.php +++ b/bbs/new.php @@ -17,6 +17,8 @@ if ($view == "w") $sql_common .= " and a.wr_id = a.wr_parent "; else if ($view == "c") $sql_common .= " and a.wr_id <> a.wr_parent "; +else + $view = ''; $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : ''; $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20); diff --git a/bbs/newwin.inc.php b/bbs/newwin.inc.php index 0e587ce53..2882aa9c3 100644 --- a/bbs/newwin.inc.php +++ b/bbs/newwin.inc.php @@ -19,14 +19,11 @@ $result = sql_query($sql, false);

팝업레이어 알림

diff --git a/bbs/register_form.php b/bbs/register_form.php index cb6fd2517..4729c7692 100644 --- a/bbs/register_form.php +++ b/bbs/register_form.php @@ -115,6 +115,9 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) & $required = ($w=='') ? 'required' : ''; $readonly = ($w=='u') ? 'readonly' : ''; +$agree = preg_replace('#[^0-9]#', '', $agree); +$agree2 = preg_replace('#[^0-9]#', '', $agree2); + // add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨 if ($config['cf_use_addr']) add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js diff --git a/bbs/search.php b/bbs/search.php index 4f4df3f19..0f3fe803b 100644 --- a/bbs/search.php +++ b/bbs/search.php @@ -17,7 +17,7 @@ if ($stx) { $stx = preg_replace('/\//', '\/', trim($stx)); $sop = strtolower($sop); if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or - $srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; + $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수 $g5_search['tables'] = Array(); diff --git a/lib/common.lib.php b/lib/common.lib.php index 0d64c8a17..1fdff9183 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='') alert($msg); } - if (!$url3) $url3 = $_SERVER['HTTP_REFERER']; + if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']); $msg = str_replace("\\n", "
", $msg); @@ -2738,6 +2738,11 @@ function clean_xss_tags($str) { $str = preg_replace('#]*+>#i', '', $str); + $search = array('"', "'"); + $replace = array('"', '''); + + $str = str_replace($search, $replace, $str); + return $str; } diff --git a/mobile/newwin.inc.php b/mobile/newwin.inc.php index 978f8fcb7..812ebff28 100644 --- a/mobile/newwin.inc.php +++ b/mobile/newwin.inc.php @@ -19,14 +19,11 @@ $result = sql_query($sql, false);

팝업레이어 알림

diff --git a/skin/new/basic/new.skin.php b/skin/new/basic/new.skin.php index 085eec0e6..2558d8118 100644 --- a/skin/new/basic/new.skin.php +++ b/skin/new/basic/new.skin.php @@ -45,7 +45,6 @@ add_stylesheet('', 0); -