[KVE-2020-0013]그누보드_Reflect XSS_수정

2020-03-02 20:23:38 +09:00
parent 31705f32c9
commit 6fe20b0a13
2 changed files with 3 additions and 1 deletions
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@ -31,7 +31,7 @@ include_once(G5_PATH.'/head.sub.php');
            </tr>
            <tr>
                <th scope="col"><label for="target_subject">게시판 제목<strong class="sound_only">필수</strong></label></th>
-                <td><input type="text" name="target_subject" value="[복사본] <?php echo $board['bo_subject'] ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
+                <td><input type="text" name="target_subject" value="[복사본] <?php echo get_sanitize_input($board['bo_subject']); ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
            </tr>
            <tr>
                <th scope="col">복사 유형</th>
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@ -11,6 +11,8 @@ check_admin_token();
 $target_table   = trim($_POST['target_table']);
 $target_subject = trim($_POST['target_subject']);

+$target_subject = strip_tags(clean_xss_attributes($target_subject));
+
 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
    alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
 }