firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 및 특수문자 치환오류 수정

Browse Source
This commit is contained in:
chicpro
2015-09-18 16:25:01 +09:00
parent b456c0feae
commit 688bc53da9
17 changed files with 40 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
theme/basic/head.sub.php
View File

@ -85,7 +85,7 @@ if ($is_member) { // 회원이라면 로그인 중이라는 메세지를 출력
else if ($is_admin == 'group') $sr_admin_msg = "그룹관리자 ";
else if ($is_admin == 'board') $sr_admin_msg = "게시판관리자 ";
echo '<div id="hd_login_msg">'.$sr_admin_msg.$member['mb_nick'].'님 로그인 중 ';
echo '<div id="hd_login_msg">'.$sr_admin_msg.get_text($member['mb_nick']).'님 로그인 중 ';
echo '<a href="'.G5_BBS_URL.'/logout.php">로그아웃</a></div>';
}
?>

2
theme/basic/mobile/skin/member/basic/formmail.skin.php
View File

@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo $member['mb_nick'] ?>">
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
<?php } ?>

2
theme/basic/mobile/skin/popular/basic/popular.skin.php
View File

@ -10,7 +10,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
<h2>인기검색어</h2>
<ul>
<?php for ($i=0; $i<count($list); $i++) { ?>
<li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo $list[$i]['pp_word'] ?></a></li>
<li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
<?php } ?>
</ul>
</div>

2
theme/basic/skin/member/basic/formmail.skin.php
View File

@ -14,7 +14,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo $member['mb_nick'] ?>">
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
<?php } ?>

2
theme/basic/skin/popular/basic/popular.skin.php
View File

@ -11,7 +11,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
<h2>인기검색어</h2>
<ul>
<?php for ($i=0; $i<count($list); $i++) { ?>
<li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo $list[$i]['pp_word'] ?></a></li>
<li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
<?php } ?>
</ul>
</div>