XSS 취약점 수정

2018-08-22 14:02:14 +09:00
parent ac5d6a4be7
commit b1fc952c76
12 changed files with 26 additions and 13 deletions
--- a/adm/boardgroup_form_update.php
+++ b/adm/boardgroup_form_update.php
@ -16,7 +16,9 @@ if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))

 if (!$gr_subject) alert('그룹 제목을 입력하세요.');

-$sql_common = " gr_subject = '{$_POST['gr_subject']}',
+$gr_subject = isset($_POST['gr_subject']) ? strip_tags($_POST['gr_subject']) : '';
+
+$sql_common = " gr_subject = '{$gr_subject}',
                gr_device = '{$_POST['gr_device']}',
                gr_admin  = '{$_POST['gr_admin']}',
                gr_1_subj = '{$_POST['gr_1_subj']}',