diff --git a/bbs/new.php b/bbs/new.php index 5c9919e1e..f8fc7ecc4 100644 --- a/bbs/new.php +++ b/bbs/new.php @@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' "); $list[$i] = $row2; - $name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']); + $name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row2['wr_datetime'],0,10); $datetime2 = $row2['wr_datetime']; @@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $list[$i]['wr_email'] = $row3['wr_email']; $list[$i]['wr_homepage'] = $row3['wr_homepage']; - $name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']); + $name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row3['wr_datetime'],0,10); $datetime2 = $row3['wr_datetime']; diff --git a/bbs/profile.php b/bbs/profile.php index 8169ddae0..158f32ead 100644 --- a/bbs/profile.php +++ b/bbs/profile.php @@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}') $row = sql_fetch($sql); $mb_reg_after = $row['days']; -$mb_homepage = set_http($mb['mb_homepage']); +$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage'])); $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.'; include_once($member_skin_path.'/profile.skin.php'); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 663349912..6359a5fdd 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') { if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true); } +$mb_name = clean_xss_tags($mb_name); +$mb_email = get_email_address($mb_email); +$mb_homepage = clean_xss_tags($mb_homepage); $mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1); $mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2); $mb_addr1 = clean_xss_tags($mb_addr1); diff --git a/bbs/write_update.php b/bbs/write_update.php index cdb140102..1124b849c 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') { if ($member['mb_id']) { $mb_id = $member['mb_id']; - $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = trim($_POST['wr_name']); + $wr_name = clean_xss_tags(trim($_POST['wr_name'])); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); $wr_email = get_email_address(trim($_POST['wr_email'])); + $wr_homepage = clean_xss_tags($wr_homepage); } if ($w == 'r') { diff --git a/mobile/skin/member/basic/register_result.skin.php b/mobile/skin/member/basic/register_result.skin.php index a9b5ce1a4..288b1ba4e 100644 --- a/mobile/skin/member/basic/register_result.skin.php +++ b/mobile/skin/member/basic/register_result.skin.php @@ -8,7 +8,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.

diff --git a/skin/member/basic/register_result.skin.php b/skin/member/basic/register_result.skin.php index 095e6951d..87003203f 100644 --- a/skin/member/basic/register_result.skin.php +++ b/skin/member/basic/register_result.skin.php @@ -9,7 +9,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.