firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Union based SQL injection 취약점 수정

Browse Source
This commit is contained in:
thisgun
2024-02-15 15:26:33 +09:00
parent 248cb2b173
commit c1c4089883
4 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common.php
View File

@ -426,7 +426,7 @@ if (isset($_REQUEST['sca'])) {
if (isset($_REQUEST['sfl'])) {
$sfl = trim($_REQUEST['sfl']);
$sfl = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*\s]/", "", $sfl);
$sfl = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*\s\#]/", "", $sfl);
if ($sfl)
$qstr .= '&amp;sfl=' . urlencode($sfl); // search field (검색 필드)
} else {