From fe03163cce08287d0ea5a2eab95d506180a2aee2 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 17 Apr 2023 14:41:38 +0900
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbs/search.php b/bbs/search.php
index 4211a6db6..831ebde40 100644
--- a/bbs/search.php
+++ b/bbs/search.php
@@ -25,7 +25,7 @@ if ($stx) {
     $sql = " select gr_id, bo_table, bo_read_level from {$g5['board_table']} where bo_use_search = 1 and bo_list_level <= '{$member['mb_level']}' ";
     if ($gr_id)
         $sql .= " and gr_id = '{$gr_id}' ";
-    $onetable = isset($onetable) ? $onetable : "";
+    $onetable = isset($onetable) ? preg_replace('/[^a-z0-9_]/i', '', $onetable) : '';
     if ($onetable) // 하나의 게시판만 검색한다면
         $sql .= " and bo_table = '{$onetable}' ";
     $sql .= " order by bo_order, gr_id, bo_table ";