XSS 취약점 및 특수문자 치환오류 수정

2015-09-18 16:25:01 +09:00
parent b456c0feae
commit 688bc53da9
17 changed files with 40 additions and 53 deletions
--- a/theme/basic/mobile/skin/member/basic/formmail.skin.php
+++ b/theme/basic/mobile/skin/member/basic/formmail.skin.php
@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
    <input type="hidden" name="attach" value="2">
    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php if ($is_member) { // 회원이면 ?>
-    <input type="hidden" name="fnick" value="<?php echo $member['mb_nick'] ?>">
+    <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
    <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">
    <?php } ?>

--- a/theme/basic/mobile/skin/popular/basic/popular.skin.php
+++ b/theme/basic/mobile/skin/popular/basic/popular.skin.php
@ -10,7 +10,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
        <h2>인기검색어</h2>
        <ul>
        <?php for ($i=0; $i<count($list); $i++) { ?>
-            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo $list[$i]['pp_word'] ?></a></li>
+            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
        <?php } ?>
        </ul>
    </div>