From 9a16993762ce037087f9e412d766de8769e931c9 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 11 Jun 2014 15:12:57 +0900 Subject: [PATCH] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EC=9D=B4=EB=A9=94?= =?UTF-8?q?=EC=9D=BC=20=EC=9E=85=EB=A0=A5=20XSS=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=9E=AC=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qaview.php | 2 +- bbs/qawrite_update.php | 2 +- lib/common.lib.php | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bbs/qaview.php b/bbs/qaview.php index f2565edee..f6b294468 100644 --- a/bbs/qaview.php +++ b/bbs/qaview.php @@ -30,7 +30,7 @@ if(is_file($skin_file)) { $view['content'] = conv_content($view['qa_content'], $view['qa_html']); $view['name'] = get_text($view['qa_name']); $view['datetime'] = $view['qa_datetime']; - $view['email'] = get_text(strip_tags2($view['qa_email'])); + $view['email'] = get_text(get_email_address($view['qa_email'])); $view['hp'] = $view['qa_hp']; if (trim($stx)) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index e96e4df63..b4ec7d3d5 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -16,7 +16,7 @@ $msg = array(); // e-mail 체크 if(isset($_POST['qa_email']) && $qa_email) { - $qa_email = strip_tags2(trim($_POST['qa_email'])); + $qa_email = get_email_address(trim($_POST['qa_email'])); if($qaconfig['qa_req_email'] && !$qa_email) $msg[] = '이메일을 입력하세요.'; diff --git a/lib/common.lib.php b/lib/common.lib.php index c12bce9e7..5fa08880e 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2711,12 +2711,11 @@ function member_delete($mb_id) sql_query($sql); } -// strip_tags 변형 -function strip_tags2($str) +// 이메일 주소 추출 +function get_email_address($email) { - if(!$str) - return ''; + preg_match("/[0-9a-z._-]+@[a-z0-9._-]{4,}/i", $email, $matches); - return strip_tags(preg_replace("#]*>#i", "", $str)); + return $matches[0]; } ?> \ No newline at end of file