KVE-2019-0828 그누보드 XSS 취약점 수정

adm/contentform.php

@@ -104,6 +104,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <?php echo get_mobile_skin_select('content', 'co_mobile_skin', 'co_mobile_skin', $co['co_mobile_skin'], 'required'); ?>
         </td>
     </tr>
+    <!--
     <tr>
         <th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>
         <td>
@@ -114,6 +115,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             </select>
         </td>
     </tr>
+    -->
     <tr>
         <th scope="row"><label for="co_include_head">상단 파일 경로</label></th>
         <td>

adm/contentformupdate.php

@@ -24,6 +24,7 @@ $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
 $co_subject = strip_tags($co_subject);
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
+$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
 
 // 관리자가 자동등록방지를 사용해야 할 경우
 if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){

bbs/content.php

@@ -26,6 +26,8 @@ if ($co['co_include_head'] && is_include_path_check($co['co_include_head']))
 else
     include_once('./_head.php');
 
+// KVE-2019-0828 취약점 내용
+$co['co_tag_filter_use'] = 1;
 $str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']);
 
 // $src 를 $dst 로 변환