firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

admin_check_xss_params 함수 추가

Browse Source
This commit is contained in:
thisgun
2018-10-05 13:55:45 +09:00
parent b7989d617f
commit 908d242e52
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
adm/admin.lib.php
View File

@ -426,6 +426,25 @@ function admin_referer_check($return=false)
} }
} }
function admin_check_xss_params($params){
if( ! $params ) return;
foreach( $params as $key=>$value ){
if ( empty($value) ) continue;
if( is_array($value) ){
admin_check_xss_params($params);
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}
}
return;
}
// 접근 권한 검사 // 접근 권한 검사
if (!$member['mb_id']) if (!$member['mb_id'])
{ {
@ -491,14 +510,7 @@ $qstr = implode("&amp;", $arr_query);
if ( isset($_REQUEST) && $_REQUEST ){ if ( isset($_REQUEST) && $_REQUEST ){
if( admin_referer_check(true) ){ if( admin_referer_check(true) ){
admin_check_xss_params($_REQUEST);
foreach( $_REQUEST as $key=>$value ){
if( $value && preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}
}
} }
} }