XSS 취약점 및 특수문자 치환오류 수정

2015-09-18 16:25:01 +09:00
parent b456c0feae
commit 688bc53da9
17 changed files with 40 additions and 53 deletions
--- a/bbs/profile.php
+++ b/bbs/profile.php
@ -17,7 +17,7 @@ if (!$mb['mb_open'] && $is_admin != 'super' && $member['mb_id'] != $mb_id)
 $g5['title'] = $mb['mb_nick'].'님의 자기소개';
 include_once(G5_PATH.'/head.sub.php');

-$mb_nick = get_sideview($mb['mb_id'], $mb['mb_nick'], $mb['mb_email'], $mb['mb_homepage'], $mb['mb_open']);
+$mb_nick = get_sideview($mb['mb_id'], get_text($mb['mb_nick']), $mb['mb_email'], $mb['mb_homepage'], $mb['mb_open']);

 // 회원가입후 몇일째인지? + 1 은 당일을 포함한다는 뜻
 $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}') + 1) as days ";