1:1문의 이메일 입력 XSS 취약점 재수정

2014-06-11 15:12:57 +09:00
parent 2adccca817
commit 9a16993762
3 changed files with 6 additions and 7 deletions
--- a/bbs/qaview.php
+++ b/bbs/qaview.php
@ -30,7 +30,7 @@ if(is_file($skin_file)) {
    $view['content'] = conv_content($view['qa_content'], $view['qa_html']);
    $view['name'] = get_text($view['qa_name']);
    $view['datetime'] = $view['qa_datetime'];
-    $view['email'] = get_text(strip_tags2($view['qa_email']));
+    $view['email'] = get_text(get_email_address($view['qa_email']));
    $view['hp'] = $view['qa_hp'];

    if (trim($stx))
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@ -16,7 +16,7 @@ $msg = array();

 // e-mail 체크
 if(isset($_POST['qa_email']) && $qa_email) {
-    $qa_email = strip_tags2(trim($_POST['qa_email']));
+    $qa_email = get_email_address(trim($_POST['qa_email']));

    if($qaconfig['qa_req_email'] && !$qa_email)
        $msg[] = '이메일을 입력하세요.';