firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-0994,0995,1014 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-06-12 17:14:23 +09:00
parent e6a3270936
commit a1dbe22063
7 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bbs/confirm.php
View File

@ -5,11 +5,11 @@ include_once(G5_PATH.'/head.sub.php');
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
$url1 = preg_replace($pattern2, "", $url1);
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
$url2 = preg_replace($pattern2, "", $url2);
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
$url3 = preg_replace($pattern2, "", $url3);
// url 체크
@ -31,12 +31,12 @@ if (confirm(conf)) {
<article id="confirm_check">
<header>
<hgroup>
<h1><?php echo $header; ?></h1> <!-- 수행 중이던 작업 내용 -->
<h1><?php echo get_text(strip_tags($header)); ?></h1> <!-- 수행 중이던 작업 내용 -->
<h2>아래 내용을 확인해 주세요.</h2>
</hgroup>
</header>
<p>
<?php echo $msg; ?>
<?php echo get_text(strip_tags($msg)); ?>
</p>
<a href="<?php echo $url1; ?>">확인</a>