From dc4c2a79d95f405284b9b6a30878f2aa53c0eb63 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 5 Jun 2025 14:12:55 +0900
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=20=EB=B0=95=EC=9E=AC=ED=98=95=EB=8B=98=20=EC=A0=9C?=
 =?UTF-8?q?=EB=B3=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/menu_form.php            | 14 +++++++++++++-
 bbs/register_form_update.php | 12 ++++++------
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/adm/menu_form.php b/adm/menu_form.php
index ce10a176b..20c2a9533 100644
--- a/adm/menu_form.php
+++ b/adm/menu_form.php
@@ -117,6 +117,15 @@ if ($new == 'new' || !$code) {
         });
     });
 
+    function htmlEscape(str) {
+        return str
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#39;');
+    }
+
     function add_menu_list(name, link, code) {
         var $menulist = $("#menulist", opener.document);
         var ms = new Date().getTime();
@@ -126,7 +135,10 @@ if ($new == 'new' || !$code) {
         <?php } else { ?>
             sub_menu_class = " class=\"td_category sub_menu_class\"";
         <?php } ?>
-
+        
+        name = htmlEscape(name);
+        link = htmlEscape(link);
+        
         var list = "<tr class=\"menu_list menu_group_<?php echo $code; ?>\">";
         list += "<td" + sub_menu_class + ">";
         list += "<label for=\"me_name_" + ms + "\"  class=\"sound_only\">메뉴<strong class=\"sound_only\"> 필수</strong></label>";
diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php
index 08cd81ead..2617aa4ce 100644
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@@ -64,15 +64,15 @@ $mb_8           = isset($_POST['mb_8'])             ? trim($_POST['mb_8'])
 $mb_9           = isset($_POST['mb_9'])             ? trim($_POST['mb_9'])           : "";
 $mb_10          = isset($_POST['mb_10'])            ? trim($_POST['mb_10'])          : "";
 
-$mb_name        = clean_xss_tags($mb_name);
+$mb_name        = clean_xss_tags($mb_name, 1, 1);
 $mb_email       = get_email_address($mb_email);
-$mb_homepage    = clean_xss_tags($mb_homepage);
-$mb_tel         = clean_xss_tags($mb_tel);
+$mb_homepage    = clean_xss_tags($mb_homepage, 1, 1);
+$mb_tel         = clean_xss_tags($mb_tel, 1, 1);
 $mb_zip1        = preg_replace('/[^0-9]/', '', $mb_zip1);
 $mb_zip2        = preg_replace('/[^0-9]/', '', $mb_zip2);
-$mb_addr1       = clean_xss_tags($mb_addr1);
-$mb_addr2       = clean_xss_tags($mb_addr2);
-$mb_addr3       = clean_xss_tags($mb_addr3);
+$mb_addr1       = clean_xss_tags($mb_addr1, 1, 1);
+$mb_addr2       = clean_xss_tags($mb_addr2, 1, 1);
+$mb_addr3       = clean_xss_tags($mb_addr3, 1, 1);
 $mb_addr_jibeon = preg_match("/^(N|R)$/", $mb_addr_jibeon) ? $mb_addr_jibeon : '';
 
 run_event('register_form_update_before', $mb_id, $w);