From d50d618e01ad30a19bc6bfd572b4ca9efcaa34eb Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 3 Jul 2015 11:40:54 +0900 Subject: [PATCH] =?UTF-8?q?Blind=20SQL=20Injection=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/search.php b/bbs/search.php index 9548bfae7..4f4df3f19 100644 --- a/bbs/search.php +++ b/bbs/search.php @@ -17,7 +17,7 @@ if ($stx) { $stx = preg_replace('/\//', '\/', trim($stx)); $sop = strtolower($sop); if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or - $srows = isset($_GET['srows']) ? $_GET['srows'] : 10; + $srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수 $g5_search['tables'] = Array();