From 6fe20b0a132d51e8ec91dcc5abb71359ea29bb6f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 2 Mar 2020 20:23:38 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-0013]=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C=5FReflect=20XSS=5F=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/board_copy.php        | 2 +-
 adm/board_copy_update.php | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/adm/board_copy.php b/adm/board_copy.php
index 291a225ac..fb889174a 100644
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@@ -31,7 +31,7 @@ include_once(G5_PATH.'/head.sub.php');
             </tr>
             <tr>
                 <th scope="col"><label for="target_subject">게시판 제목<strong class="sound_only">필수</strong></label></th>
-                <td><input type="text" name="target_subject" value="[복사본] <?php echo $board['bo_subject'] ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
+                <td><input type="text" name="target_subject" value="[복사본] <?php echo get_sanitize_input($board['bo_subject']); ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
             </tr>
             <tr>
                 <th scope="col">복사 유형</th>
diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
index 9b3bd55a9..7a44a9c48 100644
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@@ -11,6 +11,8 @@ check_admin_token();
 $target_table   = trim($_POST['target_table']);
 $target_subject = trim($_POST['target_subject']);
 
+$target_subject = strip_tags(clean_xss_attributes($target_subject));
+
 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
     alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
 }