firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점 수정 박재형님 제보

Browse Source
This commit is contained in:
thisgun
2025-06-05 14:12:55 +09:00
parent 38451a7d3d
commit dc4c2a79d9
2 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
adm/menu_form.php
View File

@ -117,6 +117,15 @@ if ($new == 'new' || !$code) {
});
});
function htmlEscape(str) {
return str
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;');
}
function add_menu_list(name, link, code) {
var $menulist = $("#menulist", opener.document);
var ms = new Date().getTime();
@ -126,7 +135,10 @@ if ($new == 'new' || !$code) {
<?php } else { ?>
sub_menu_class = " class=\"td_category sub_menu_class\"";
<?php } ?>
name = htmlEscape(name);
link = htmlEscape(link);
var list = "<tr class=\"menu_list menu_group_<?php echo $code; ?>\">";
list += "<td" + sub_menu_class + ">";
list += "<label for=\"me_name_" + ms + "\" class=\"sound_only\">메뉴<strong class=\"sound_only\"> 필수</strong></label>";