firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 글 수정 XSS 취약점 수정 ( 17-454 )

Browse Source
This commit is contained in:
thisgun
2017-07-03 18:18:50 +09:00
parent d89acfd01d
commit b9f1b4e170
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bbs/write.php
View File

@ -401,6 +401,11 @@ if(!is_mobile() || defined('G5_IS_MOBILE_DHTML_USE') && G5_IS_MOBILE_DHTML_USE)
if ($config['cf_editor'] && $is_dhtml_editor_use && $board['bo_use_dhtml_editor'] && $member['mb_level'] >= $board['bo_html_level']) {
$is_dhtml_editor = true;
if ( $w == 'u' && (! $is_member || ! $is_admin || $write['mb_id'] !== $member['mb_id']) ){
// kisa 취약점 제보 xss 필터 적용
$content = get_text(html_purifier($write['wr_content']), 0);
}
if(is_file(G5_EDITOR_PATH.'/'.$config['cf_editor'].'/autosave.editor.js'))
$editor_content_js = '<script src="'.G5_EDITOR_URL.'/'.$config['cf_editor'].'/autosave.editor.js"></script>'.PHP_EOL;
}