XSS 취약점 해결

2013-08-22 16:14:29 +09:00
parent a0b352db23
commit b598c94537
2 changed files with 2 additions and 2 deletions
--- a/bbs/new.php
+++ b/bbs/new.php
@ -18,7 +18,7 @@ if ($view == "w")
 else if ($view == "c")
    $sql_common .= " and a.wr_id <> a.wr_parent ";

-$mb_id = isset($_GET['mb_id']) ? $_GET['mb_id'] : "";
+$mb_id = isset($_GET['mb_id']) ? strip_tags($_GET['mb_id']) : "";
 if ($mb_id) {
    $sql_common .= " and a.mb_id = '{$mb_id}' ";
 }
--- a/tail.php
+++ b/tail.php
@ -44,7 +44,7 @@ if(!G4_IS_MOBILE) {
            if($key == 'device')
                continue;

-            $href .= $sep.$key.'='.$val;
+            $href .= $sep.$key.'='.strip_tags($val);
            $sep = '&amp;';
            $seq++;
        }