From c2922aaa13fe5d9ffabd5370d67125209d5bb5a8 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 29 Aug 2019 12:23:29 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90(KVE-2019-1235,1236,1238)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/qa_config.php | 2 +-
 bbs/qawrite.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/adm/qa_config.php b/adm/qa_config.php
index 92e9a4632..b73062251 100644
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) {
         <tr>
             <th scope="row"><label for="qa_insert_content">글쓰기 기본 내용</label></th>
             <td>
-                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo $qaconfig['qa_insert_content'] ?></textarea>
+                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo html_purifier($qaconfig['qa_insert_content']); ?></textarea>
             </td>
         </tr>
         <?php for ($i=1; $i<=5; $i++) { ?>
diff --git a/bbs/qawrite.php b/bbs/qawrite.php
index 5a7a47345..484f271b5 100644
--- a/bbs/qawrite.php
+++ b/bbs/qawrite.php
@@ -67,7 +67,7 @@ if(is_file($skin_file)) {
 
     $content = '';
     if ($w == '') {
-        $content = $qaconfig['qa_insert_content'];
+        $content = html_purifier($qaconfig['qa_insert_content']);
     } else if($w == 'r') {
         if($is_dhtml_editor)
             $content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>';