댓글 wr_name을 이용한 xss 보안 취약점 수정

2014-07-30 17:48:48 +09:00
parent 0b4fe3148f
commit eb30cf84b4
4 changed files with 4 additions and 4 deletions
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@ -23,7 +23,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
    ?>
    <article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
        <header>
-            <h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
+            <h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
            <?php echo $list[$i]['name'] ?>
            <?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" alt="댓글의 댓글" class="icon_reply"><?php } ?>
            <?php if ($is_ip_view) { ?>
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@ -23,7 +23,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
    ?>
    <article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
        <header>
-            <h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
+            <h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
            <?php echo $list[$i]['name'] ?>
            <?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" alt="댓글의 댓글" class="icon_reply"><?php } ?>
            <?php if ($is_ip_view) { ?>
--- a/skin/board/basic/view_comment.skin.php
+++ b/skin/board/basic/view_comment.skin.php
@ -29,7 +29,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대

    <article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
        <header style="z-index:<?php echo $cmt_sv; ?>">
-            <h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
+            <h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
            <?php echo $list[$i]['name'] ?>
            <?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" class="icon_reply" alt="댓글의 댓글"><?php } ?>
            <?php if ($is_ip_view) { ?>
--- a/skin/board/gallery/view_comment.skin.php
+++ b/skin/board/gallery/view_comment.skin.php
@ -29,7 +29,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대

    <article id="c_<?php echo $comment_id ?>" <?php if ($cmt_depth) { ?>style="margin-left:<?php echo $cmt_depth ?>px;border-top-color:#e0e0e0"<?php } ?>>
        <header style="z-index:<?php echo $cmt_sv; ?>">
-            <h1><?php echo $list[$i]['wr_name'] ?>님의 댓글</h1>
+            <h1><?php echo get_text($list[$i]['wr_name']); ?>님의 댓글</h1>
            <?php echo $list[$i]['name'] ?>
            <?php if ($cmt_depth) { ?><img src="<?php echo $board_skin_url ?>/img/icon_reply.gif" class="icon_reply" alt="댓글의 댓글"><?php } ?>
            <?php if ($is_ip_view) { ?>