firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

설문조사 기타의견 XSS 공격 대응코드 추가

Browse Source
This commit is contained in:
chicpro
2014-10-20 09:42:08 +09:00
parent 743c206bc7
commit 7863d42834
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/poll_etc_update.php
View File

@ -18,7 +18,7 @@ if ($w == '')
$pc_idea = stripslashes($pc_idea); $pc_idea = stripslashes($pc_idea);
$name = cut_str($pc_name, $config['cf_cut_name']); $name = get_text(cut_str($pc_name, $config['cf_cut_name']));
$mb_id = ''; $mb_id = '';
if ($member['mb_id']) if ($member['mb_id'])
$mb_id = '('.$member['mb_id'].')'; $mb_id = '('.$member['mb_id'].')';

4
bbs/poll_result.php
View File

@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open
where po_id = '{$po_id}' order by pc_id desc "; where po_id = '{$po_id}' order by pc_id desc ";
$result = sql_query($sql); $result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) { for ($i=0; $row=sql_fetch_array($result); $i++) {
$list2[$i]['pc_name'] = $row['pc_name']; $list2[$i]['pc_name'] = get_text($row['pc_name']);
$list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']); $list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']);
$list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255)); $list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255));
$list2[$i]['datetime'] = $row['pc_datetime']; $list2[$i]['datetime'] = $row['pc_datetime'];