[KVE-2022-2036] Gnuboard5 관리자페이지 내 Stored XSS 취약점 수정

2022-12-01 15:22:48 +09:00
parent 21dc36199f
commit 97a8352117
8 changed files with 12 additions and 10 deletions
--- a/adm/mail_select_list.php
+++ b/adm/mail_select_list.php
@ -121,7 +121,7 @@ require_once './admin.head.php';
                <?php } ?>
            </tbody>
        </table>
-        <textarea name="ma_list" style="display:none"><?php echo $ma_list ?></textarea>
+        <textarea name="ma_list" style="display:none"><?php echo html_purifier($ma_list); ?></textarea>
    </div>

    <div class="btn_confirm01 btn_confirm">
--- a/adm/member_form.php
+++ b/adm/member_form.php
@ -380,15 +380,15 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
                </tr>
                <tr>
                    <th scope="row"><label for="mb_signature">서명</label></th>
-                    <td colspan="3"><textarea name="mb_signature" id="mb_signature"><?php echo $mb['mb_signature'] ?></textarea></td>
+                    <td colspan="3"><textarea name="mb_signature" id="mb_signature"><?php echo html_purifier($mb['mb_signature']); ?></textarea></td>
                </tr>
                <tr>
                    <th scope="row"><label for="mb_profile">자기 소개</label></th>
-                    <td colspan="3"><textarea name="mb_profile" id="mb_profile"><?php echo $mb['mb_profile'] ?></textarea></td>
+                    <td colspan="3"><textarea name="mb_profile" id="mb_profile"><?php echo html_purifier($mb['mb_profile']); ?></textarea></td>
                </tr>
                <tr>
                    <th scope="row"><label for="mb_memo">메모</label></th>
-                    <td colspan="3"><textarea name="mb_memo" id="mb_memo"><?php echo $mb['mb_memo'] ?></textarea></td>
+                    <td colspan="3"><textarea name="mb_memo" id="mb_memo"><?php echo html_purifier($mb['mb_memo']); ?></textarea></td>
                </tr>
                <tr>
                    <th scope="row"><label for="mb_cert_history">본인인증 내역</label></th>
--- a/adm/poll_form.php
+++ b/adm/poll_form.php
@ -108,11 +108,11 @@ require_once './admin.head.php';
                    </tr>
                    <tr>
                        <th scope="row"><label for="po_ips">투표참가 IP</label></th>
-                        <td><textarea name="po_ips" id="po_ips" readonly rows="10"><?php echo preg_replace("/\n/", " / ", $po['po_ips']) ?></textarea></td>
+                        <td><textarea name="po_ips" id="po_ips" readonly rows="10"><?php echo html_purifier(preg_replace("/\n/", " / ", $po['po_ips'])); ?></textarea></td>
                    </tr>
                    <tr>
                        <th scope="row"><label for="mb_ids">투표참가 회원</label></th>
-                        <td><textarea name="mb_ids" id="mb_ids" readonly rows="10"><?php echo preg_replace("/\n/", " / ", $po['mb_ids']) ?></textarea></td>
+                        <td><textarea name="mb_ids" id="mb_ids" readonly rows="10"><?php echo html_purifier(preg_replace("/\n/", " / ", $po['mb_ids'])); ?></textarea></td>
                    </tr>
                <?php } ?>
            </tbody>
--- a/adm/shop_admin/configform.php
+++ b/adm/shop_admin/configform.php
@ -593,7 +593,7 @@ if(!$default['de_kakaopay_cancelpwd']){
        <tr>
            <th scope="row"><label for="de_bank_account">은행계좌번호</label></th>
            <td>
-                <textarea name="de_bank_account" id="de_bank_account"><?php echo $default['de_bank_account']; ?></textarea>
+                <textarea name="de_bank_account" id="de_bank_account"><?php echo html_purifier($default['de_bank_account']); ?></textarea>
            </td>
        </tr>
        <tr>
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@ -66,6 +66,8 @@ while($res = sql_fetch_array($qry))
        $group_name = '미분류';
    else
        $group_name = $tmp['fg_name'];
+
+    $res['fo_content'] = html_purifier($res['fo_content']);
    $list_text .="
    <li class=\"screen_list sms5_box\">
        <span class=\"box_ico\"></span>
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@ -174,7 +174,7 @@ function multi_update(sel)
            <input type="checkbox" name="fo_no[]" value="<?php echo $res['fo_no']?>" id="fo_no_<?php echo $i; ?>">
        </div>
        <div class="li_preview">
-            <textarea readonly class="box_txt box_square"><?php echo $res['fo_content']?></textarea>
+            <textarea readonly class="box_txt box_square"><?php echo html_purifier($res['fo_content']); ?></textarea>
        </div>
        <div class="li_info">
            <span class="sound_only">그룹 </span><b><?php echo $group_name?></b><br>
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -67,7 +67,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
            <div class="sms5_box write_wrap">
                <span class="box_ico"></span>
                <label for="sms_contents" id="wr_message_lbl">내용</label>
-                <textarea name="fo_content" id="sms_contents" class="box_txt box_square" onkeyup="byte_check('sms_contents', 'sms_bytes');" accesskey="m"><?php echo $write['fo_content']?></textarea>
+                <textarea name="fo_content" id="sms_contents" class="box_txt box_square" onkeyup="byte_check('sms_contents', 'sms_bytes');" accesskey="m"><?php echo html_purifier($write['fo_content']); ?></textarea>

                <div id="sms_byte"><span id="sms_bytes">0</span> / 80 byte</div>

--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@ -109,7 +109,7 @@ function all_send()

    <div id="con_sms" class="sms5_box">
        <span class="box_ico"></span>
-        <textarea class="box_txt is_overview" readonly><?php echo $write['wr_message'];?></textarea>
+        <textarea class="box_txt is_overview" readonly><?php echo html_purifier($write['wr_message']); ?></textarea>
    </div>

    <?php if ($write['wr_re_total'] && !$wr_renum) { ?>