KVE-2019-0829 영카트 XSS 취약점 수정

2019-05-24 18:40:02 +09:00
parent 6b2e0e9b58
commit a0fa82eabe
10 changed files with 49 additions and 9 deletions
--- a/adm/shop_admin/itemeventform.php
+++ b/adm/shop_admin/itemeventform.php
@ -309,13 +309,13 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
    <tr>
        <th scope="row">상단내용</th>
        <td>
-            <?php echo editor_html('ev_head_html', get_text($ev['ev_head_html'], 0)); ?>
+            <?php echo editor_html('ev_head_html', get_text(html_purifier($ev['ev_head_html']), 0)); ?>
        </td>
    </tr>
    <tr>
        <th scope="row">하단내용</th>
        <td>
-            <?php echo editor_html('ev_tail_html', get_text($ev['ev_tail_html'], 0)); ?>
+            <?php echo editor_html('ev_tail_html', get_text(html_purifier($ev['ev_tail_html']), 0)); ?>
        </td>
    </tr>
    </tbody>