영카트 원격 코드 실행 취약점 수정(2017-1050)

2018-03-15 14:20:06 +09:00
parent 7017ee2dc2
commit 91a3ca9f8a
5 changed files with 10 additions and 4 deletions
--- a/adm/shop_admin/itemuseform.php
+++ b/adm/shop_admin/itemuseform.php
@ -75,7 +75,7 @@ $qstr .= ($qstr ? '&amp;' : '').'sca='.$sca;
    </tr>
    <tr>
        <th scope="row">내용</th>
-        <td><?php echo editor_html('is_content', get_text($is['is_content'], 0)); ?></td>
+        <td><?php echo editor_html('is_content', get_text(html_purifier($is['is_content']), 0)); ?></td>
    </tr>
    <tr>
        <th scope="row"><label for="is_reply_subject">답변 제목</label></th>
@ -84,7 +84,7 @@ $qstr .= ($qstr ? '&amp;' : '').'sca='.$sca;
    </tr>
    <tr>
        <th scope="row">답변 내용</th>
-        <td><?php echo editor_html('is_reply_content', get_text($is['is_reply_content'], 0)); ?></td>
+        <td><?php echo editor_html('is_reply_content', get_text(html_purifier($is['is_reply_content']), 0)); ?></td>
    </tr>
    <tr>
        <th scope="row">확인</th>