firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2022-2036] Gnuboard5 관리자페이지 내 Stored XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2022-12-01 15:22:48 +09:00
parent 21dc36199f
commit 97a8352117
8 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/sms_admin/ajax.sms_write_form.php
View File

@ -66,6 +66,8 @@ while($res = sql_fetch_array($qry))
$group_name = '미분류';
else
$group_name = $tmp['fg_name'];
$res['fo_content'] = html_purifier($res['fo_content']);
$list_text .="
<li class=\"screen_list sms5_box\">
<span class=\"box_ico\"></span>

2
adm/sms_admin/form_list.php
View File

@ -174,7 +174,7 @@ function multi_update(sel)
<input type="checkbox" name="fo_no[]" value="<?php echo $res['fo_no']?>" id="fo_no_<?php echo $i; ?>">
</div>
<div class="li_preview">
<textarea readonly class="box_txt box_square"><?php echo $res['fo_content']?></textarea>
<textarea readonly class="box_txt box_square"><?php echo html_purifier($res['fo_content']); ?></textarea>
</div>
<div class="li_info">
<span class="sound_only">그룹 </span><b><?php echo $group_name?></b><br>

2
adm/sms_admin/form_write.php
View File

@ -67,7 +67,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
<div class="sms5_box write_wrap">
<span class="box_ico"></span>
<label for="sms_contents" id="wr_message_lbl">내용</label>
<textarea name="fo_content" id="sms_contents" class="box_txt box_square" onkeyup="byte_check('sms_contents', 'sms_bytes');" accesskey="m"><?php echo $write['fo_content']?></textarea>
<textarea name="fo_content" id="sms_contents" class="box_txt box_square" onkeyup="byte_check('sms_contents', 'sms_bytes');" accesskey="m"><?php echo html_purifier($write['fo_content']); ?></textarea>
<div id="sms_byte"><span id="sms_bytes">0</span> / 80 byte</div>

2
adm/sms_admin/history_view.php
View File

@ -109,7 +109,7 @@ function all_send()
<div id="con_sms" class="sms5_box">
<span class="box_ico"></span>
<textarea class="box_txt is_overview" readonly><?php echo $write['wr_message'];?></textarea>
<textarea class="box_txt is_overview" readonly><?php echo html_purifier($write['wr_message']); ?></textarea>
</div>
<?php if ($write['wr_re_total'] && !$wr_renum) { ?>