From 992d3d93f4fa89a2fdfb3d4ff14e5bcde352a38a Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Feb 2020 11:33:53 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2019-1581,1585,1586,1590,2020-0012]?=
 =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9CXSS=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/boardgroup_form_update.php     |  2 +-
 adm/faqmasterformupdate.php        |  2 +-
 adm/menu_list_update.php           |  4 ++--
 adm/sms_admin/form_update.php      |  4 ++--
 adm/sms_admin/form_write.php       |  2 +-
 adm/sms_admin/num_group.php        |  4 ++--
 adm/sms_admin/num_group_update.php | 10 +++++-----
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/adm/boardgroup_form_update.php b/adm/boardgroup_form_update.php
index 7ce694a8e..b7e5cb4f2 100644
--- a/adm/boardgroup_form_update.php
+++ b/adm/boardgroup_form_update.php
@@ -16,7 +16,7 @@ if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
 
 if (!$gr_subject) alert('그룹 제목을 입력하세요.');
 
-$gr_subject = isset($_POST['gr_subject']) ? strip_tags($_POST['gr_subject']) : '';
+$gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : '';
 
 $sql_common = " gr_subject = '{$gr_subject}',
                 gr_device = '{$_POST['gr_device']}',
diff --git a/adm/faqmasterformupdate.php b/adm/faqmasterformupdate.php
index f753683e3..609e805b3 100644
--- a/adm/faqmasterformupdate.php
+++ b/adm/faqmasterformupdate.php
@@ -18,7 +18,7 @@ check_admin_token();
 if ($fm_himg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
 if ($fm_timg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
 
-$fm_subject = strip_tags($fm_subject);
+$fm_subject = strip_tags(clean_xss_attributes($fm_subject));
 
 $sql_common = " set fm_subject = '$fm_subject',
                     fm_head_html = '$fm_head_html',
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index f7f4cf882..160c578a7 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -21,11 +21,11 @@ for ($i=0; $i<$count; $i++)
 {
     $_POST = array_map_deep('trim', $_POST);
     
-    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
+    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
 
     $code    = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
     $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
-    $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags(clean_xss_attributes($_POST['me_link'][$i]));
     
     if(!$code || !$me_name || !$me_link)
         continue;
diff --git a/adm/sms_admin/form_update.php b/adm/sms_admin/form_update.php
index 080656e94..1eb78101a 100644
--- a/adm/sms_admin/form_update.php
+++ b/adm/sms_admin/form_update.php
@@ -4,8 +4,8 @@ include_once("./_common.php");
 
 auth_check($auth[$sub_menu], "w");
 
-$fo_name = isset($fo_name) ? strip_tags($fo_name) : '';
-$fo_content = isset($fo_content) ? strip_tags($fo_content) : '';
+$fo_name = isset($fo_name) ? strip_tags(clean_xss_attributes($fo_name)) : '';
+$fo_content = isset($fo_content) ? strip_tags(clean_xss_attributes($fo_content)) : '';
 
 $g5['title'] = "이모티콘 업데이트";
 
diff --git a/adm/sms_admin/form_write.php b/adm/sms_admin/form_write.php
index a8a8816cd..6191bd59d 100644
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@@ -48,7 +48,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     </tr>
     <tr>
         <th scope="row"><label for="fo_name">제목<strong class="sound_only"> 필수</strong></label></th>
-        <td><input type="text" name="fo_name" id="fo_name" required value="<?php echo $write['fo_name']?>" class="frm_input required" size="70"></td>
+        <td><input type="text" name="fo_name" id="fo_name" required value="<?php echo get_sanitize_input($write['fo_name']); ?>" class="frm_input required" size="70"></td>
     </tr>
     <tr>
         <th scope="row">메세지</th>
diff --git a/adm/sms_admin/num_group.php b/adm/sms_admin/num_group.php
index c71483ca7..2da088f9c 100644
--- a/adm/sms_admin/num_group.php
+++ b/adm/sms_admin/num_group.php
@@ -129,7 +129,7 @@ function num_group_submit(f)
             <select name="select_bg_no_999" id="select_bg_no_999" onchange="move(<?php echo $no_group['bg_no']?>, '<?php echo $no_group['bg_name']?>', this);" >
                 <option value=""></option>
                 <?php for ($i=0; $i<count($group); $i++) { ?>
-                <option value="<?php echo $group[$i]['bg_no']?>"> <?php echo $group[$i]['bg_name']?> </option>
+                <option value="<?php echo $group[$i]['bg_no']?>"> <?php echo get_sanitize_input($group[$i]['bg_name']); ?> </option>
                 <?php } ?>
             </select>
         </td>
@@ -150,7 +150,7 @@ function num_group_submit(f)
         </td>
         <td>
             <label for="bg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
-            <input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['bg_name']?>" id="bg_name_<?php echo $i; ?>" class="frm_input">
+            <input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['bg_name']); ?>" id="bg_name_<?php echo $i; ?>" class="frm_input">
         </td>
         <td class="td_num"><?php echo number_format($group[$i]['bg_count'])?></td>
         <td class="td_num"><?php echo number_format($group[$i]['bg_member'])?></td>
diff --git a/adm/sms_admin/num_group_update.php b/adm/sms_admin/num_group_update.php
index f23f31bea..dffeab6ee 100644
--- a/adm/sms_admin/num_group_update.php
+++ b/adm/sms_admin/num_group_update.php
@@ -11,7 +11,7 @@ if ($w == 'u') // 업데이트
         // 실제 번호를 넘김
         $k = $_POST['chk'][$i];
         $bg_no = (int) $_POST['bg_no'][$k];
-        $bg_name = strip_tags($_POST['bg_name'][$k]);
+        $bg_name = strip_tags(clean_xss_attributes($_POST['bg_name'][$k]));
 
         if (!is_numeric($bg_no))
             alert('그룹 고유번호가 없습니다.');
@@ -23,11 +23,11 @@ if ($w == 'u') // 업데이트
         if (!strlen(trim($bg_name)))
             alert('그룹명을 입력해주세요');
 
-        $res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='$bg_name'");
+        $res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='".sql_real_escape_string($bg_name)."'");
         if ($res)
             alert('같은 그룹명이 존재합니다.');
 
-        sql_query("update {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."' where bg_no='$bg_no'");
+        sql_query("update {$g5['sms5_book_group_table']} set bg_name='".sql_real_escape_string($bg_name)."' where bg_no='$bg_no'");
     }
 }
 else if ($w == 'de') // 그룹삭제
@@ -63,7 +63,7 @@ else if ($w == 'em') // 비우기
 }
 else // 등록
 {
-    $bg_name = strip_tags($bg_name);
+    $bg_name = strip_tags(clean_xss_attributes($bg_name));
 
     if (!strlen(trim($bg_name)))
         alert('그룹명을 입력해주세요');
@@ -72,7 +72,7 @@ else // 등록
     if ($res)
         alert('같은 그룹명이 존재합니다.');
 
-    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."'");
+    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
 }
 
 goto_url('./num_group.php');