XSS 취약점 수정

2015-07-14 12:01:21 +09:00
parent aa140eb846
commit f74e8f7250
9 changed files with 20 additions and 5 deletions
--- a/bbs/new.php
+++ b/bbs/new.php
@ -17,6 +17,8 @@ if ($view == "w")
    $sql_common .= " and a.wr_id = a.wr_parent ";
 else if ($view == "c")
    $sql_common .= " and a.wr_id <> a.wr_parent ";
+else
+    $view = '';

 $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
 $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);