그누보드 5.0.40 수정내역 적용 및 XSS 취약점 수정

config.php

@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.0.39');
+define('G5_GNUBOARD_VER', '5.0.40');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

lib/common.lib.php

@@ -2367,12 +2367,8 @@ function hyphen_hp_number($hp)
 function login_url($url='')
 {
     if (!$url) $url = G5_URL;
-    /*
-    $p = parse_url($url);
-    echo urlencode($_SERVER['REQUEST_URI']);
-    return $url.urldecode(preg_replace("/^".urlencode($p['path'])."/", "", urlencode($_SERVER['REQUEST_URI'])));
-    */
-    return $url;
+
+    return urlencode(clean_xss_tags(urldecode($url)));
 }
 
 

mobile/skin/member/basic/login.skin.php

@@ -9,7 +9,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <h1><?php echo $g5['title'] ?></h1>
 
     <form name="flogin" action="<?php echo $login_action_url ?>" onsubmit="return flogin_submit(this);" method="post">
-    <input type="hidden" name="url" value='<?php echo $login_url ?>'>
+    <input type="hidden" name="url" value="<?php echo $login_url ?>">
 
     <div id="login_frm">
         <label for="login_id" class="sound_only">아이디<strong class="sound_only"> 필수</strong></label>

skin/member/basic/login.skin.php

@@ -10,7 +10,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     <h1><?php echo $g5['title'] ?></h1>
 
     <form name="flogin" action="<?php echo $login_action_url ?>" onsubmit="return flogin_submit(this);" method="post">
-    <input type="hidden" name="url" value='<?php echo $login_url ?>'>
+    <input type="hidden" name="url" value="<?php echo $login_url ?>">
 
     <fieldset id="login_fs">
         <legend>회원로그인</legend>