firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 5.0.37 수정내역 적용 및 XSS 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-06-23 11:12:23 +09:00
parent d5aca5ab93
commit 6e90622328
8 changed files with 50 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bbs/current_connect.php
View File

@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
order by a.lo_datetime desc ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$row['lo_url'] = get_text($row['lo_url']);
$list[$i] = $row;
if ($row['mb_id']) {

2
bbs/member_confirm.php
View File

@ -14,7 +14,7 @@ else
$g5['title'] = '회원 비밀번호 확인';
include_once('./_head.sub.php');
$url = $_GET['url'];
$url = clean_xss_tags($_GET['url']);
// url 체크
check_url_host($url);