[KVE-2019-1581,1585,1586,1590,2020-0012]그누보드XSS취약점 수정

2020-02-12 11:33:53 +09:00
parent 30e0b93ecf
commit 992d3d93f4
7 changed files with 14 additions and 14 deletions
--- a/adm/faqmasterformupdate.php
+++ b/adm/faqmasterformupdate.php
@ -18,7 +18,7 @@ check_admin_token();
 if ($fm_himg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
 if ($fm_timg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");

-$fm_subject = strip_tags($fm_subject);
+$fm_subject = strip_tags(clean_xss_attributes($fm_subject));

 $sql_common = " set fm_subject = '$fm_subject',
                    fm_head_html = '$fm_head_html',