From 7863d42834ba27d35ff3c4b6baf32f3b0154c1ab Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 20 Oct 2014 09:42:08 +0900 Subject: [PATCH] =?UTF-8?q?=EC=84=A4=EB=AC=B8=EC=A1=B0=EC=82=AC=20?= =?UTF-8?q?=EA=B8=B0=ED=83=80=EC=9D=98=EA=B2=AC=20XSS=20=EA=B3=B5=EA=B2=A9?= =?UTF-8?q?=20=EB=8C=80=EC=9D=91=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/poll_etc_update.php | 2 +- bbs/poll_result.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bbs/poll_etc_update.php b/bbs/poll_etc_update.php index 9828bdc35..35df2dbd4 100644 --- a/bbs/poll_etc_update.php +++ b/bbs/poll_etc_update.php @@ -18,7 +18,7 @@ if ($w == '') $pc_idea = stripslashes($pc_idea); - $name = cut_str($pc_name, $config['cf_cut_name']); + $name = get_text(cut_str($pc_name, $config['cf_cut_name'])); $mb_id = ''; if ($member['mb_id']) $mb_id = '('.$member['mb_id'].')'; diff --git a/bbs/poll_result.php b/bbs/poll_result.php index 7e549abcc..0866439a8 100644 --- a/bbs/poll_result.php +++ b/bbs/poll_result.php @@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open where po_id = '{$po_id}' order by pc_id desc "; $result = sql_query($sql); for ($i=0; $row=sql_fetch_array($result); $i++) { - $list2[$i]['pc_name'] = $row['pc_name']; - $list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']); + $list2[$i]['pc_name'] = get_text($row['pc_name']); + $list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']); $list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255)); $list2[$i]['datetime'] = $row['pc_datetime'];