firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 XSS 취약점(KVE-2019-1235,1236,1238)

Browse Source
This commit is contained in:
thisgun
2019-08-29 12:23:29 +09:00
parent 120d42c431
commit c2922aaa13
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/qa_config.php
View File

@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) {
<tr> <tr>
<th scope="row"><label for="qa_insert_content">글쓰기 기본 내용</label></th> <th scope="row"><label for="qa_insert_content">글쓰기 기본 내용</label></th>
<td> <td>
<textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo $qaconfig['qa_insert_content'] ?></textarea> <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo html_purifier($qaconfig['qa_insert_content']); ?></textarea>
</td> </td>
</tr> </tr>
<?php for ($i=1; $i<=5; $i++) { ?> <?php for ($i=1; $i<=5; $i++) { ?>

2
bbs/qawrite.php
View File

@ -67,7 +67,7 @@ if(is_file($skin_file)) {
$content = ''; $content = '';
if ($w == '') { if ($w == '') {
$content = $qaconfig['qa_insert_content']; $content = html_purifier($qaconfig['qa_insert_content']);
} else if($w == 'r') { } else if($w == 'r') {
if($is_dhtml_editor) if($is_dhtml_editor)
$content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>'; $content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>';