[KVE-2022-2036] Gnuboard5 관리자페이지 내 Stored XSS 취약점 수정

2022-12-01 15:22:48 +09:00
parent 21dc36199f
commit 97a8352117
8 changed files with 12 additions and 10 deletions
--- a/adm/poll_form.php
+++ b/adm/poll_form.php
@ -108,11 +108,11 @@ require_once './admin.head.php';
                    </tr>
                    <tr>
                        <th scope="row"><label for="po_ips">투표참가 IP</label></th>
-                        <td><textarea name="po_ips" id="po_ips" readonly rows="10"><?php echo preg_replace("/\n/", " / ", $po['po_ips']) ?></textarea></td>
+                        <td><textarea name="po_ips" id="po_ips" readonly rows="10"><?php echo html_purifier(preg_replace("/\n/", " / ", $po['po_ips'])); ?></textarea></td>
                    </tr>
                    <tr>
                        <th scope="row"><label for="mb_ids">투표참가 회원</label></th>
-                        <td><textarea name="mb_ids" id="mb_ids" readonly rows="10"><?php echo preg_replace("/\n/", " / ", $po['mb_ids']) ?></textarea></td>
+                        <td><textarea name="mb_ids" id="mb_ids" readonly rows="10"><?php echo html_purifier(preg_replace("/\n/", " / ", $po['mb_ids'])); ?></textarea></td>
                    </tr>
                <?php } ?>
            </tbody>