그누보드 5.0.36 수정 내역 및 XSS 취약점 수정

mobile/skin/board/basic/view_comment.skin.php

@@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
 
         <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);
 
             if($w == 'cu') {
                 $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";

mobile/skin/board/gallery/view_comment.skin.php

@@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
 
         <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);
 
             if($w == 'cu') {
                 $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";

mobile/skin/member/basic/member_confirm.skin.php

@@ -10,7 +10,11 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
 
     <p>
         <strong>비밀번호를 한번 더 입력해주세요.</strong>
+        <?php if ($url == 'member_leave.php') { ?>
+        비밀번호를 입력하시면 회원탈퇴가 완료됩니다.
+        <?php }else{ ?>
         회원님의 정보를 안전하게 보호하기 위해 비밀번호를 한번 더 확인합니다.
+        <?php }  ?>
     </p>
 
     <form name="fmemberconfirm" action="<?php echo $url ?>" onsubmit="return fmemberconfirm_submit(this);" method="post">