new.php XSS 취약점 수정

bbs/new.php

@@ -6,7 +6,7 @@
 
 $sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['group_table']} c where a.bo_table = b.bo_table and b.gr_id = c.gr_id and b.bo_use_search = 1 ";
 
-$gr_id = isset($_GET['gr_id']) ? $_GET['gr_id'] : "";
+$gr_id = isset($_GET['gr_id']) ? substr(preg_replace('#[^a-z0-9_]#i', '', $_GET['gr_id']), 0, 10) : '';
 if ($gr_id) {
     $sql_common .= " and b.gr_id = '$gr_id' ";
 }