KVE-0994,0995,1014 취약점 수정

2019-06-12 17:14:23 +09:00
parent e6a3270936
commit a1dbe22063
7 changed files with 17 additions and 12 deletions
--- a/bbs/alert.php
+++ b/bbs/alert.php
@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
 $msg = isset($msg) ? strip_tags($msg) : '';
 $msg2 = str_replace("\\n", "<br>", $msg);

-$url = clean_xss_tags($url);
-if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
+$url = clean_xss_tags($url, 1);
+if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);

 $url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
 $url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);