From 8cee18767ff80f08fd40f4bf6b08a6c3e02e3314 Mon Sep 17 00:00:00 2001
From: gnuboard <kagla@naver.com>
Date: Mon, 29 Apr 2013 15:16:29 +0900
Subject: [PATCH] =?UTF-8?q?=EB=A7=81=ED=81=AC=EC=9D=98=20=EC=9E=85?=
 =?UTF-8?q?=EB=A0=A5=EC=82=AC=EC=9D=B4=EC=A6=88=EB=A5=BC=201000=20?=
 =?UTF-8?q?=EB=AC=B8=EC=9E=90=20=EC=9D=B4=EB=82=B4=EB=A1=9C=20=EC=A1=B0?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/write_update.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/bbs/write_update.php b/bbs/write_update.php
index 3ae685222..2f65e9a4b 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -8,7 +8,7 @@ $msg = array();
 
 $wr_subject = '';
 if (isset($_POST['wr_subject'])) {
-    $wr_subject = trim($_POST['wr_subject']);
+    $wr_subject = substr(escape_trim($_POST['wr_subject']),0,255);
 }
 if ($wr_subject == '') {
     $msg[] = '<strong>제목</strong>을 입력하세요.';
@@ -16,12 +16,22 @@ if ($wr_subject == '') {
 
 $wr_content = '';
 if (isset($_POST['wr_content'])) {
-    $wr_content = trim($_POST['wr_content']);
+    $wr_content = escape_trim($_POST['wr_content']);
 }
 if ($wr_content == '') {
     $msg[] = '<strong>내용</strong>을 입력하세요.';
 }
 
+$wr_link1 = '';
+if (isset($_POST['wr_link1'])) {
+    $wr_link1 = substr(escape_trim($_POST['wr_link1']),0,1000);
+}
+
+$wr_link2 = '';
+if (isset($_POST['wr_link2'])) {
+    $wr_link2 = substr(escape_trim($_POST['wr_link2']),0,1000);
+}
+
 $msg = implode('<br>', $msg);
 if ($msg) {
     alert($msg);