관리자 XSS 대응 코드 추가

2014-10-17 13:22:26 +09:00
parent 12f9a05106
commit 9691405fd4
8 changed files with 11 additions and 11 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
    global $bo_table, $sca, $is_admin, $member;

    $email = base64_encode($email);
-    $homepage = set_http($homepage);
+    $homepage = set_http(clean_xss_tags($homepage));

    $name = preg_replace("/\&#039;/", "", $name);
    $name = preg_replace("/\'/", "", $name);