From 9a870506ab94acf04ea1a818a02d583b14f934ec Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Wed, 20 Jan 2016 16:23:38 +0900
Subject: [PATCH] =?UTF-8?q?Reflected=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(1?=
 =?UTF-8?q?6-036)=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/alert.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bbs/alert.php b/bbs/alert.php
index 6b1ab26a7..dabe311f6 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -33,6 +33,8 @@ $msg2 = str_replace("\\n", "<br>", $msg);
 $url = clean_xss_tags($url);
 if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
 
+$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
+
 // url 체크
 check_url_host($url);