From 6cfb34ab224b55eb7aa9df1e640c2bfb3294ec59 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 6 Nov 2017 16:47:24 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20Reflected=20XSS?=
 =?UTF-8?q?=20(17-0789)=20=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/menu_form.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/adm/menu_form.php b/adm/menu_form.php
index 15592bd33..8dee73269 100644
--- a/adm/menu_form.php
+++ b/adm/menu_form.php
@@ -8,6 +8,8 @@ if ($is_admin != 'super')
 $g5['title'] = '메뉴 추가';
 include_once(G5_PATH.'/head.sub.php');
 
+$code = isset($code) ? preg_replace('/[^0-9a-zA-Z]/', '', strip_tags($code)) : '';
+
 // 코드
 if($new == 'new' || !$code) {
     $code = base_convert(substr($code,0, 2), 36, 10);