XSS 취약점 및 특수문자 치환오류 수정

2015-09-18 16:25:01 +09:00
parent b456c0feae
commit 688bc53da9
17 changed files with 40 additions and 53 deletions
--- a/bbs/move.php
+++ b/bbs/move.php
@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
    <input type="hidden" name="sod" value="<?php echo $sod ?>">
    <input type="hidden" name="page" value="<?php echo $page ?>">
    <input type="hidden" name="act" value="<?php echo $act ?>">
-    <input type="hidden" name="url" value="<?php echo clean_xss_tags($_SERVER['HTTP_REFERER']); ?>">
+    <input type="hidden" name="url" value="<?php echo get_text(clean_xss_tags($_SERVER['HTTP_REFERER'])); ?>">

    <div class="tbl_head01 tbl_wrap">
        <table>