firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0789, 0821, 0860 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-29 12:01:25 +09:00
parent b1ac49a738
commit 630e39de16
4 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adm/menu_list_update.php
View File

@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$code = strip_tags($_POST['code'][$i]);
$me_name = strip_tags($_POST['me_name'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
set me_code = '$me_code',
me_name = '$me_name',
me_link = '$me_link',
me_target = '{$_POST['me_target'][$i]}',
me_order = '{$_POST['me_order'][$i]}',
me_use = '{$_POST['me_use'][$i]}',
me_mobile_use = '{$_POST['me_mobile_use'][$i]}' ";
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
sql_query($sql);
}