diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index c46121e05..e3041527e 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -31,6 +31,10 @@ if($url){
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
}
+
+ if (function_exists('safe_filter_url_host')) {
+ $url = safe_filter_url_host($url);
+ }
}
$url = get_text($url);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 5d1247e81..124335ce9 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -102,6 +102,10 @@ function goto_url($url)
{
run_event('goto_url', $url);
+ if (function_exists('safe_filter_url_host')) {
+ $url = safe_filter_url_host($url);
+ }
+
$url = str_replace("&", "&", $url);
//echo "";
@@ -182,6 +186,10 @@ function alert($msg='', $url='', $error=true, $post=false)
run_event('alert', $msg, $url, $error, $post);
+ if (function_exists('safe_filter_url_host')) {
+ $url = safe_filter_url_host($url);
+ }
+
$msg = $msg ? strip_tags($msg, '
') : '올바른 방법으로 이용해 주십시오.';
$header = '';
@@ -220,6 +228,12 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg);
}
+ if (function_exists('safe_filter_url_host')) {
+ $url1 = safe_filter_url_host($url1);
+ $url2 = safe_filter_url_host($url2);
+ $url3 = safe_filter_url_host($url3);
+ }
+
if(!trim($url1) || !trim($url2)) {
$msg = '$url1 과 $url2 를 지정해 주세요.';
alert($msg);
@@ -3598,6 +3612,13 @@ function login_password_check($mb, $pass, $hash)
return check_password($pass, $hash);
}
+function safe_filter_url_host($url) {
+
+ $regex = run_replace('safe_filter_url_regex', '\\', $url);
+
+ return $regex ? preg_replace('#'. preg_quote($regex, '#') .'#iu', '', $url) : '';
+}
+
// 동일한 host url 인지
function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
{