Merge branch 'dhtml-editor' into ckeditor4

2021-07-06 15:41:07 +09:00
parent 57e41498bc a58bc5d2fb
commit bda235bf01
11 changed files with 47 additions and 43 deletions
--- a/bbs/ajax.filter.php
+++ b/bbs/ajax.filter.php
@ -11,7 +11,7 @@ for ($i=0; $i<count($filter); $i++) {
    $str = $filter[$i];

    // 제목 필터링 (찾으면 중지)
-    $subj = "";
+    $subj = $cont = "";
    $pos = stripos($subject, $str);
    if ($pos !== false) {
        $subj = $str;
@ -19,7 +19,6 @@ for ($i=0; $i<count($filter); $i++) {
    }

    // 내용 필터링 (찾으면 중지)
-    $cont = "";
    $pos = stripos($content, $str);
    if ($pos !== false) {
        $cont = $str;
@ -27,4 +26,4 @@ for ($i=0; $i<count($filter); $i++) {
    }
 }

-die("{\"subject\":\"$subj\",\"content\":\"$cont\"}");
+die("{\"subject\":\"{$subj}\",\"content\":\"{$cont}\"}");
--- a/bbs/qawrite.php
+++ b/bbs/qawrite.php
@ -79,7 +79,8 @@ if(is_file($skin_file)) {
        else
            $content = "\n\n\n\n====== 이전 답변내용 =======\n";

-        $content .= get_text($write['qa_content'], 0);
+        // KISA 취약점 권고사항 Stored XSS (210624)
+        $content .= get_text(html_purifier($write['qa_content']), 0);
    } else {
        //$content = get_text($write['qa_content'], 0);