firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 해결

Browse Source
This commit is contained in:
gnuboard
2013-08-22 16:14:29 +09:00
parent a0b352db23
commit b598c94537
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/new.php
View File

@ -18,7 +18,7 @@ if ($view == "w")
else if ($view == "c") else if ($view == "c")
$sql_common .= " and a.wr_id <> a.wr_parent "; $sql_common .= " and a.wr_id <> a.wr_parent ";
$mb_id = isset($_GET['mb_id']) ? $_GET['mb_id'] : ""; $mb_id = isset($_GET['mb_id']) ? strip_tags($_GET['mb_id']) : "";
if ($mb_id) { if ($mb_id) {
$sql_common .= " and a.mb_id = '{$mb_id}' "; $sql_common .= " and a.mb_id = '{$mb_id}' ";
} }

2
tail.php
View File

@ -44,7 +44,7 @@ if(!G4_IS_MOBILE) {
if($key == 'device') if($key == 'device')
continue; continue;
$href .= $sep.$key.'='.$val; $href .= $sep.$key.'='.strip_tags($val);
$sep = '&amp;'; $sep = '&amp;';
$seq++; $seq++;
} }