diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 533782c7a..f8ebc22fa 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
-$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
+$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){
diff --git a/adm/menu_list.php b/adm/menu_list.php
index 4a6c25127..4ff7db524 100644
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@@ -76,7 +76,7 @@ $colspan = 7;
|
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 3aaf18b11..a91b4897f 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
- $code = $_POST['code'][$i];
- $me_name = $_POST['me_name'][$i];
+ $code = strip_tags($_POST['code'][$i]);
+ $me_name = strip_tags($_POST['me_name'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
@@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
set me_code = '$me_code',
me_name = '$me_name',
me_link = '$me_link',
- me_target = '{$_POST['me_target'][$i]}',
- me_order = '{$_POST['me_order'][$i]}',
- me_use = '{$_POST['me_use'][$i]}',
- me_mobile_use = '{$_POST['me_mobile_use'][$i]}' ";
+ me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
+ me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
+ me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
+ me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
sql_query($sql);
}
diff --git a/plugin/syndi/ping.php b/plugin/syndi/ping.php
index fe5610c01..ff869b876 100644
--- a/plugin/syndi/ping.php
+++ b/plugin/syndi/ping.php
@@ -29,7 +29,7 @@ $feed_updated = date('Y-m-d\TH:i:s\+09:00', G5_SERVER_TIME);
$find = array('&', ' '); # 찾아서
$replace = array('&', ' '); # 바꾼다
-$content = str_replace( $find, $replace, $write['wr_content'] );
+$content = str_replace( $find, $replace, html_purifier($write['wr_content']) );
$summary = str_replace( $find, $replace, strip_tags($write['wr_content']) );
Header("Content-type: text/xml");
|