KVE-2018-1316 그누보드,영카트 취약점 수정

2018-11-16 17:54:57 +09:00
parent ccba200fbd
commit bc5779fafb
3 changed files with 12 additions and 5 deletions
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@ -2,9 +2,9 @@
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');

-$url1 = clean_xss_tags($url1);
-$url2 = clean_xss_tags($url2);
-$url3 = clean_xss_tags($url3);
+$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
+$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
+$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));

 // url 체크
 check_url_host($url1);