firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

xss 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-09-22 10:49:56 +09:00
parent 3741c53e8b
commit e2aec15879
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/index.php
View File

@ -91,7 +91,7 @@ $colspan = 12;
$leave_date = $row['mb_leave_date'] ? $row['mb_leave_date'] : date("Ymd", G5_SERVER_TIME);
$intercept_date = $row['mb_intercept_date'] ? $row['mb_intercept_date'] : date("Ymd", G5_SERVER_TIME);
$mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);
$mb_nick = get_sideview($row['mb_id'], get_text($row['mb_nick']), $row['mb_email'], $row['mb_homepage']);
$mb_id = $row['mb_id'];
if ($row['mb_leave_date'])

3
adm/member_form.php
View File

@ -31,6 +31,8 @@ else if ($w == 'u')
$required_mb_password = '';
$html_title = '수정';
$mb['mb_name'] = get_text($mb['mb_name']);
$mb['mb_nick'] = get_text($mb['mb_nick']);
$mb['mb_email'] = get_text($mb['mb_email']);
$mb['mb_homepage'] = get_text($mb['mb_homepage']);
$mb['mb_birth'] = get_text($mb['mb_birth']);
@ -38,6 +40,7 @@ else if ($w == 'u')
$mb['mb_hp'] = get_text($mb['mb_hp']);
$mb['mb_addr1'] = get_text($mb['mb_addr1']);
$mb['mb_addr2'] = get_text($mb['mb_addr2']);
$mb['mb_addr3'] = get_text($mb['mb_addr3']);
$mb['mb_signature'] = get_text($mb['mb_signature']);
$mb['mb_recommend'] = get_text($mb['mb_recommend']);
$mb['mb_profile'] = get_text($mb['mb_profile']);

4
adm/member_list.php
View File

@ -166,7 +166,7 @@ $colspan = 16;
$leave_date = $row['mb_leave_date'] ? $row['mb_leave_date'] : date('Ymd', G5_SERVER_TIME);
$intercept_date = $row['mb_intercept_date'] ? $row['mb_intercept_date'] : date('Ymd', G5_SERVER_TIME);
$mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);
$mb_nick = get_sideview($row['mb_id'], get_text($row['mb_nick']), $row['mb_email'], $row['mb_homepage']);
$mb_id = $row['mb_id'];
$leave_msg = '';
@ -211,7 +211,7 @@ $colspan = 16;
<tr class="<?php echo $bg; ?>">
<td headers="mb_list_chk" class="td_chk" rowspan="2">
<input type="hidden" name="mb_id[<?php echo $i ?>]" value="<?php echo $row['mb_id'] ?>" id="mb_id_<?php echo $i ?>">
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['mb_name']); ?> <?php echo $row['mb_nick']; ?>님</label>
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['mb_name']); ?> <?php echo get_text($row['mb_nick']); ?>님</label>
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td headers="mb_list_id" rowspan="2" class="td_name sv_use"><?php echo $mb_id ?></td>