From ad102421cb348d4aa286c0a75330c41e83ab3118 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 14 Aug 2017 17:23:23 +0900 Subject: [PATCH] =?UTF-8?q?Stored=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=20(17-557)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bbs/qawrite.php b/bbs/qawrite.php index d9ffd7b98..5a7a47345 100644 --- a/bbs/qawrite.php +++ b/bbs/qawrite.php @@ -76,7 +76,10 @@ if(is_file($skin_file)) { $content .= get_text($write['qa_content'], 0); } else { - $content = get_text($write['qa_content'], 0); + //$content = get_text($write['qa_content'], 0); + + // KISA 취약점 권고사항 Stored XSS + $content = get_text(html_purifier($write['qa_content']), 0); } $editor_html = editor_html('qa_content', $content, $is_dhtml_editor);