잘못된 코드 수정

gnuboard · Dec 28, 2018 · 4366d20 · 4366d20
1 parent e4d47cc
commit 4366d20
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 49 deletions.
diff --git a/adm/admin.lib.php b/adm/admin.lib.php
@@ -435,7 +435,7 @@ function admin_check_xss_params($params){
         if ( empty($value) ) continue;
 
         if( is_array($value) ){
-            admin_check_xss_params($params);
+            admin_check_xss_params($value);
         } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();

diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
@@ -38,43 +38,43 @@
                 bo_subject = '$target_subject',
                 bo_device = '{$board['bo_device']}',
                 bo_admin = '{$board['bo_admin']}',
-                bo_list_level = '{$board[bo_list_level]}',
-                bo_read_level = '{$board[bo_read_level]}',
-                bo_write_level = '{$board[bo_write_level]}',
-                bo_reply_level = '{$board[bo_reply_level]}',
-                bo_comment_level = '{$board[bo_comment_level]}',
-                bo_upload_level = '{$board[bo_upload_level]}',
-                bo_download_level = '{$board[bo_download_level]}',
-                bo_html_level = '{$board[bo_html_level]}',
-                bo_link_level = '{$board[bo_link_level]}',
-                bo_count_modify = '{$board[bo_count_modify]}',
-                bo_count_delete = '{$board[bo_count_delete]}',
-                bo_read_point = '{$board[bo_read_point]}',
-                bo_write_point = '{$board[bo_write_point]}',
-                bo_comment_point = '{$board[bo_comment_point]}',
-                bo_download_point = '{$board[bo_download_point]}',
-                bo_use_category = '{$board[bo_use_category]}',
+                bo_list_level = '{$board['bo_list_level']}',
+                bo_read_level = '{$board['bo_read_level']}',
+                bo_write_level = '{$board['bo_write_level']}',
+                bo_reply_level = '{$board['bo_reply_level']}',
+                bo_comment_level = '{$board['bo_comment_level']}',
+                bo_upload_level = '{$board['bo_upload_level']}',
+                bo_download_level = '{$board['bo_download_level']}',
+                bo_html_level = '{$board['bo_html_level']}',
+                bo_link_level = '{$board['bo_link_level']}',
+                bo_count_modify = '{$board['bo_count_modify']}',
+                bo_count_delete = '{$board['bo_count_delete']}',
+                bo_read_point = '{$board['bo_read_point']}',
+                bo_write_point = '{$board['bo_write_point']}',
+                bo_comment_point = '{$board['bo_comment_point']}',
+                bo_download_point = '{$board['bo_download_point']}',
+                bo_use_category = '{$board['bo_use_category']}',
                 bo_category_list = '{$board['bo_category_list']}',
-                bo_use_sideview = '{$board[bo_use_sideview]}',
-                bo_use_file_content = '{$board[bo_use_file_content]}',
-                bo_use_secret = '{$board[bo_use_secret]}',
-                bo_use_dhtml_editor = '{$board[bo_use_dhtml_editor]}',
-                bo_use_rss_view = '{$board[bo_use_rss_view]}',
-                bo_use_good = '{$board[bo_use_good]}',
-                bo_use_nogood = '{$board[bo_use_nogood]}',
-                bo_use_name = '{$board[bo_use_name]}',
-                bo_use_signature = '{$board[bo_use_signature]}',
-                bo_use_ip_view = '{$board[bo_use_ip_view]}',
+                bo_use_sideview = '{$board['bo_use_sideview']}',
+                bo_use_file_content = '{$board['bo_use_file_content']}',
+                bo_use_secret = '{$board['bo_use_secret']}',
+                bo_use_dhtml_editor = '{$board['bo_use_dhtml_editor']}',
+                bo_use_rss_view = '{$board['bo_use_rss_view']}',
+                bo_use_good = '{$board['bo_use_good']}',
+                bo_use_nogood = '{$board['bo_use_nogood']}',
+                bo_use_name = '{$board['bo_use_name']}',
+                bo_use_signature = '{$board['bo_use_signature']}',
+                bo_use_ip_view = '{$board['bo_use_ip_view']}',
                 bo_use_list_view = '{$board['bo_use_list_view']}',
-                bo_use_list_content = '{$board[bo_use_list_content]}',
-                bo_table_width = '{$board[bo_table_width]}',
-                bo_subject_len = '{$board[bo_subject_len]}',
-                bo_mobile_subject_len = '{$board[bo_mobile_subject_len]}',
-                bo_page_rows = '{$board[bo_page_rows]}',
-                bo_mobile_page_rows = '{$board[bo_mobile_page_rows]}',
-                bo_new = '{$board[bo_new]}',
-                bo_hot = '{$board[bo_hot]}',
-                bo_image_width = '{$board[bo_image_width]}',
+                bo_use_list_content = '{$board['bo_use_list_content']}',
+                bo_table_width = '{$board['bo_table_width']}',
+                bo_subject_len = '{$board['bo_subject_len']}',
+                bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}',
+                bo_page_rows = '{$board['bo_page_rows']}',
+                bo_mobile_page_rows = '{$board['bo_mobile_page_rows']}',
+                bo_new = '{$board['bo_new']}',
+                bo_hot = '{$board['bo_hot']}',
+                bo_image_width = '{$board['bo_image_width']}',
                 bo_skin = '{$board['bo_skin']}',
                 bo_mobile_skin = '{$board['bo_mobile_skin']}',
                 bo_include_head = '{$board['bo_include_head']}',
@@ -84,20 +84,20 @@
                 bo_mobile_content_head = '".addslashes($board['bo_mobile_content_head'])."',
                 bo_mobile_content_tail = '".addslashes($board['bo_mobile_content_tail'])."',
                 bo_insert_content = '".addslashes($board['bo_insert_content'])."',
-                bo_gallery_cols = '{$board[bo_gallery_cols]}',
-                bo_gallery_width = '{$board[bo_gallery_width]}',
-                bo_gallery_height = '{$board[bo_gallery_height]}',
-                bo_mobile_gallery_width = '{$board[bo_mobile_gallery_width]}',
-                bo_mobile_gallery_height = '{$board[bo_mobile_gallery_height]}',
-                bo_upload_size = '{$board[bo_upload_size]}',
-                bo_reply_order = '{$board[bo_reply_order]}',
-                bo_use_search = '{$board[bo_use_search]}',
-                bo_order = '{$board[bo_order]}',
+                bo_gallery_cols = '{$board['bo_gallery_cols']}',
+                bo_gallery_width = '{$board['bo_gallery_width']}',
+                bo_gallery_height = '{$board['bo_gallery_height']}',
+                bo_mobile_gallery_width = '{$board['bo_mobile_gallery_width']}',
+                bo_mobile_gallery_height = '{$board['bo_mobile_gallery_height']}',
+                bo_upload_size = '{$board['bo_upload_size']}',
+                bo_reply_order = '{$board['bo_reply_order']}',
+                bo_use_search = '{$board['bo_use_search']}',
+                bo_order = '{$board['bo_order']}',
                 bo_notice = '{$board['bo_notice']}',
-                bo_upload_count = '{$board[bo_upload_count]}',
-                bo_use_email = '{$board[bo_use_email]}',
-                bo_use_cert = '{$board[bo_use_cert]}',
-                bo_use_sns = '{$board[bo_use_sns]}',
+                bo_upload_count = '{$board['bo_upload_count']}',
+                bo_use_email = '{$board['bo_use_email']}',
+                bo_use_cert = '{$board['bo_use_cert']}',
+                bo_use_sns = '{$board['bo_use_sns']}',
                 bo_sort_field = '{$board['bo_sort_field']}',
                 bo_1_subj = '".addslashes($board['bo_1_subj'])."',
                 bo_2_subj = '".addslashes($board['bo_2_subj'])."',