From 3a3434104c1b8a974f829b64d1dffcea3a6ad313 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Fri, 15 Oct 2021 16:40:04 +0900
Subject: [PATCH] =?UTF-8?q?(KVE-2021-0755)=20=EB=A9=94=EB=89=B4=EC=9D=98?=
 =?UTF-8?q?=20=EB=A7=81=ED=81=AC=20=EA=B8=B0=EB=8A=A5=EC=9D=84=20=EC=9D=B4?=
 =?UTF-8?q?=EC=9A=A9=ED=95=9C=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/menu_list_update.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index f62ab4714..7c5e03141 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -26,6 +26,7 @@ for ($i=0; $i<$count; $i++)
     }
 
     $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : '';
+    $_POST['me_link'][$i] = html_purifier($_POST['me_link'][$i]);
 
     $code    = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
     $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';