diff --git a/bbs/alert.php b/bbs/alert.php
index d64b6f2fd..6b1ab26a7 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg2 = str_replace("\\n", "
", $msg);
-if (!$url) $url = $_SERVER['HTTP_REFERER'];
+$url = clean_xss_tags($url);
+if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
// url 체크
check_url_host($url);
diff --git a/bbs/confirm.php b/bbs/confirm.php
index 76e9c7652..fcf94e0e9 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -2,6 +2,10 @@
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');
+$url1 = clean_xss_tags($url1);
+$url2 = clean_xss_tags($url2);
+$url3 = clean_xss_tags($url3);
+
// url 체크
check_url_host($url1);
check_url_host($url2);
diff --git a/bbs/move.php b/bbs/move.php
index e3a7d86f2..a4631addf 100644
--- a/bbs/move.php
+++ b/bbs/move.php
@@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
-
+
diff --git a/bbs/move_update.php b/bbs/move_update.php
index bfaf54bcf..a058f5c0b 100644
--- a/bbs/move_update.php
+++ b/bbs/move_update.php
@@ -1,5 +1,6 @@
a.wr_parent ";
+else
+ $view = '';
$mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
$mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);
diff --git a/bbs/register_form.php b/bbs/register_form.php
index cb6fd2517..e6583e111 100644
--- a/bbs/register_form.php
+++ b/bbs/register_form.php
@@ -30,6 +30,9 @@ if ($w == "") {
alert('개인정보처리방침안내의 내용에 동의하셔야 회원가입 하실 수 있습니다.', G5_BBS_URL.'/register.php');
}
+ $agree = preg_replace('#[^0-9]#', '', $_POST['agree']);
+ $agree2 = preg_replace('#[^0-9]#', '', $_POST['agree2']);
+
$member['mb_birth'] = '';
$member['mb_sex'] = '';
$member['mb_name'] = '';
diff --git a/bbs/search.php b/bbs/search.php
index 4f4df3f19..0f3fe803b 100644
--- a/bbs/search.php
+++ b/bbs/search.php
@@ -17,7 +17,7 @@ if ($stx) {
$stx = preg_replace('/\//', '\/', trim($stx));
$sop = strtolower($sop);
if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or
- $srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
+ $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수
$g5_search['tables'] = Array();
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d8f4bc557..c7f842586 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg);
}
- if (!$url3) $url3 = $_SERVER['HTTP_REFERER'];
+ if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']);
$msg = str_replace("\\n", "
", $msg);
@@ -2723,6 +2723,11 @@ function clean_xss_tags($str)
{
$str = preg_replace('#]*+>#i', '', $str);
+ $search = array('"', "'");
+ $replace = array('"', ''');
+
+ $str = str_replace($search, $replace, $str);
+
return $str;
}
diff --git a/skin/new/basic/new.skin.php b/skin/new/basic/new.skin.php
index 085eec0e6..2558d8118 100644
--- a/skin/new/basic/new.skin.php
+++ b/skin/new/basic/new.skin.php
@@ -45,7 +45,6 @@ add_stylesheet('', 0);
-