firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-1581,1585,1586,1590,2020-0012]그누보드XSS취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-02-12 11:33:53 +09:00
parent 30e0b93ecf
commit 992d3d93f4
7 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/menu_list_update.php
View File

@ -21,11 +21,11 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags(clean_xss_attributes($_POST['me_link'][$i]));
if(!$code || !$me_name || !$me_link)
continue;