그누보드 Reflected XSS 취약점(KVE-2018-0086) 수정

2018-03-12 15:00:58 +09:00
parent 4aeae4915a
commit 81b39b59c3
1 changed files with 1 additions and 1 deletions
--- a/adm/sms_admin/num_book_move.php
+++ b/adm/sms_admin/num_book_move.php
@ -33,7 +33,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
    <input type="hidden" name="sw" value="<?php echo $sw ?>">
    <input type="hidden" name="bk_no_list" value="<?php echo $bk_no_list ?>">
    <input type="hidden" name="act" value="<?php echo $act ?>">
-    <input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>">
+    <input type="hidden" name="url" value="<?php echo clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])); ?>">

    <div class="tbl_head01 tbl_wrap">
        <table>