취약점 [KVE-18-339] 수정

adm/faqlist.php

@@ -5,7 +5,13 @@ include_once('./_common.php');
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = 'FAQ 상세관리';
-if ($fm_subject) $g5['title'] .= ' : '.$fm_subject;
+if ($fm_subject){
+    $fm_subject = clean_xss_tags(strip_tags($fm_subject));
+    $g5['title'] .= ' : '.$fm_subject;
+}
+
+$fm_id = (int) $fm_id;
+
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 
 $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";

adm/popular_list.php

@@ -7,7 +7,7 @@ auth_check($auth[$sub_menu], 'r');
 // 체크된 자료 삭제
 if (isset($_POST['chk']) && is_array($_POST['chk'])) {
     for ($i=0; $i<count($_POST['chk']); $i++) {
-        $pp_id = $_POST['chk'][$i];
+        $pp_id = (int) $_POST['chk'][$i];
 
         sql_query(" delete from {$g5['popular_table']} where pp_id = '$pp_id' ", true);
     }

skin/member/basic/register_form.skin.php

@@ -200,7 +200,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
 
                 <?php if ($w == 'u' && file_exists($mb_img_path)) {  ?>
-                <img src="<?php echo $mb_img_url ?>" alt="회원아이콘">
+                <img src="<?php echo $mb_img_url ?>" alt="회원이미지">
                 <input type="checkbox" name="del_mb_img" value="1" id="del_mb_img">
                 <label for="del_mb_img">삭제</label>
                 <?php }  ?>

theme/basic/skin/member/basic/register_form.skin.php

@@ -200,7 +200,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
 
                 <?php if ($w == 'u' && file_exists($mb_img_path)) {  ?>
-                <img src="<?php echo $mb_img_url ?>" alt="회원아이콘">
+                <img src="<?php echo $mb_img_url ?>" alt="회원이미지">
                 <input type="checkbox" name="del_mb_img" value="1" id="del_mb_img">
                 <label for="del_mb_img">삭제</label>
                 <?php }  ?>