관리자 XSS 대응 코드 추가

2014-10-17 13:22:26 +09:00
parent 12f9a05106
commit 9691405fd4
8 changed files with 11 additions and 11 deletions
--- a/adm/mail_select_list.php
+++ b/adm/mail_select_list.php
@ -93,7 +93,7 @@ include_once('./admin.head.php');
    $cr = "";
    while ($row=sql_fetch_array($result)) {
        $i++;
-        $ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
+        $ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . get_text($row['mb_name']) . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
        $cr = "\n";

        $bg = 'bg'.($i%2);
@ -101,7 +101,7 @@ include_once('./admin.head.php');
    <tr class="<?php echo $bg; ?>">
        <td class="td_num"><?php echo $i ?></td>
        <td class="td_mbid"><?php echo $row['mb_id'] ?></td>
-        <td class="td_mbname"><?php echo $row['mb_name'] ?></td>
+        <td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
        <td class="td_mbname"><?php echo $row['mb_nick'] ?></td>
        <td><?php echo $row['mb_email'] ?></td>
    </tr>