diff --git a/adm/contentform.php b/adm/contentform.php
index 4abe574d9..d51ae661c 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -35,6 +35,7 @@ if(!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) {
$html_title = "내용";
$g5['title'] = $html_title.' 관리';
+$readonly = '';
if ($w == "u")
{
diff --git a/adm/visit_list.php b/adm/visit_list.php
index 02ce73f10..46744e99f 100644
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@@ -73,7 +73,7 @@ $result = sql_query($sql);
}
$title = str_replace(array('<', '>', '&'), array("<", ">", "&"), $referer);
- $link = '';
+ $link = '';
$link = str_replace('&', "&", $link);
$link2 = '';
}
diff --git a/adm/visit_search.php b/adm/visit_search.php
index 67e0f9188..e29a0e382 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -92,7 +92,7 @@ $listall = '처음'; //페이지 처
}
$title = str_replace(array("<", ">"), array("<", ">"), $referer);
- $link = '';
+ $link = '';
}
if ($is_admin == 'super')
diff --git a/bbs/alert.php b/bbs/alert.php
index fbac90876..18d5053c2 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg = isset($msg) ? strip_tags($msg) : '';
$msg2 = str_replace("\\n", "
", $msg);
-$url = clean_xss_tags($url);
-if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
+$url = clean_xss_tags($url, 1);
+if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
$url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
diff --git a/bbs/confirm.php b/bbs/confirm.php
index 5e71c009a..1d54d1384 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -5,11 +5,11 @@ include_once(G5_PATH.'/head.sub.php');
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
-$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
+$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
$url1 = preg_replace($pattern2, "", $url1);
-$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
+$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
$url2 = preg_replace($pattern2, "", $url2);
-$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
+$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
$url3 = preg_replace($pattern2, "", $url3);
// url 체크
@@ -31,12 +31,12 @@ if (confirm(conf)) {
-
+
확인
diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index 50a9bc709..b8154e215 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
$referer = "";
if (isset($_SERVER['HTTP_REFERER']))
- $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
- $user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
+ $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
+ $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
$vi_browser = '';
$vi_os = '';
$vi_device = '';
diff --git a/lib/common.lib.php b/lib/common.lib.php
index eb3f7c513..e57160234 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2887,13 +2887,17 @@ function get_search_string($stx)
}
// XSS 관련 태그 제거
-function clean_xss_tags($str)
+function clean_xss_tags($str, $check_entities=0)
{
$str_len = strlen($str);
$i = 0;
while($i <= $str_len){
$result = preg_replace('#]*+>#i', '', $str);
+
+ if( $check_entities ){
+ $result = str_replace(array(':', '(', ')', '
', ' '), '', $result);
+ }
if((string)$result === (string)$str) break;