diff --git a/adm/admin.lib.php b/adm/admin.lib.php index d601c1ab9..8df3ba958 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -435,7 +435,7 @@ function admin_check_xss_params($params){ if ( empty($value) ) continue; if( is_array($value) ){ - admin_check_xss_params($params); + admin_check_xss_params($value); } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){ alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); die(); diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index fede12b88..19ca6729e 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -38,43 +38,43 @@ bo_subject = '$target_subject', bo_device = '{$board['bo_device']}', bo_admin = '{$board['bo_admin']}', - bo_list_level = '{$board[bo_list_level]}', - bo_read_level = '{$board[bo_read_level]}', - bo_write_level = '{$board[bo_write_level]}', - bo_reply_level = '{$board[bo_reply_level]}', - bo_comment_level = '{$board[bo_comment_level]}', - bo_upload_level = '{$board[bo_upload_level]}', - bo_download_level = '{$board[bo_download_level]}', - bo_html_level = '{$board[bo_html_level]}', - bo_link_level = '{$board[bo_link_level]}', - bo_count_modify = '{$board[bo_count_modify]}', - bo_count_delete = '{$board[bo_count_delete]}', - bo_read_point = '{$board[bo_read_point]}', - bo_write_point = '{$board[bo_write_point]}', - bo_comment_point = '{$board[bo_comment_point]}', - bo_download_point = '{$board[bo_download_point]}', - bo_use_category = '{$board[bo_use_category]}', + bo_list_level = '{$board['bo_list_level']}', + bo_read_level = '{$board['bo_read_level']}', + bo_write_level = '{$board['bo_write_level']}', + bo_reply_level = '{$board['bo_reply_level']}', + bo_comment_level = '{$board['bo_comment_level']}', + bo_upload_level = '{$board['bo_upload_level']}', + bo_download_level = '{$board['bo_download_level']}', + bo_html_level = '{$board['bo_html_level']}', + bo_link_level = '{$board['bo_link_level']}', + bo_count_modify = '{$board['bo_count_modify']}', + bo_count_delete = '{$board['bo_count_delete']}', + bo_read_point = '{$board['bo_read_point']}', + bo_write_point = '{$board['bo_write_point']}', + bo_comment_point = '{$board['bo_comment_point']}', + bo_download_point = '{$board['bo_download_point']}', + bo_use_category = '{$board['bo_use_category']}', bo_category_list = '{$board['bo_category_list']}', - bo_use_sideview = '{$board[bo_use_sideview]}', - bo_use_file_content = '{$board[bo_use_file_content]}', - bo_use_secret = '{$board[bo_use_secret]}', - bo_use_dhtml_editor = '{$board[bo_use_dhtml_editor]}', - bo_use_rss_view = '{$board[bo_use_rss_view]}', - bo_use_good = '{$board[bo_use_good]}', - bo_use_nogood = '{$board[bo_use_nogood]}', - bo_use_name = '{$board[bo_use_name]}', - bo_use_signature = '{$board[bo_use_signature]}', - bo_use_ip_view = '{$board[bo_use_ip_view]}', + bo_use_sideview = '{$board['bo_use_sideview']}', + bo_use_file_content = '{$board['bo_use_file_content']}', + bo_use_secret = '{$board['bo_use_secret']}', + bo_use_dhtml_editor = '{$board['bo_use_dhtml_editor']}', + bo_use_rss_view = '{$board['bo_use_rss_view']}', + bo_use_good = '{$board['bo_use_good']}', + bo_use_nogood = '{$board['bo_use_nogood']}', + bo_use_name = '{$board['bo_use_name']}', + bo_use_signature = '{$board['bo_use_signature']}', + bo_use_ip_view = '{$board['bo_use_ip_view']}', bo_use_list_view = '{$board['bo_use_list_view']}', - bo_use_list_content = '{$board[bo_use_list_content]}', - bo_table_width = '{$board[bo_table_width]}', - bo_subject_len = '{$board[bo_subject_len]}', - bo_mobile_subject_len = '{$board[bo_mobile_subject_len]}', - bo_page_rows = '{$board[bo_page_rows]}', - bo_mobile_page_rows = '{$board[bo_mobile_page_rows]}', - bo_new = '{$board[bo_new]}', - bo_hot = '{$board[bo_hot]}', - bo_image_width = '{$board[bo_image_width]}', + bo_use_list_content = '{$board['bo_use_list_content']}', + bo_table_width = '{$board['bo_table_width']}', + bo_subject_len = '{$board['bo_subject_len']}', + bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}', + bo_page_rows = '{$board['bo_page_rows']}', + bo_mobile_page_rows = '{$board['bo_mobile_page_rows']}', + bo_new = '{$board['bo_new']}', + bo_hot = '{$board['bo_hot']}', + bo_image_width = '{$board['bo_image_width']}', bo_skin = '{$board['bo_skin']}', bo_mobile_skin = '{$board['bo_mobile_skin']}', bo_include_head = '{$board['bo_include_head']}', @@ -84,20 +84,20 @@ bo_mobile_content_head = '".addslashes($board['bo_mobile_content_head'])."', bo_mobile_content_tail = '".addslashes($board['bo_mobile_content_tail'])."', bo_insert_content = '".addslashes($board['bo_insert_content'])."', - bo_gallery_cols = '{$board[bo_gallery_cols]}', - bo_gallery_width = '{$board[bo_gallery_width]}', - bo_gallery_height = '{$board[bo_gallery_height]}', - bo_mobile_gallery_width = '{$board[bo_mobile_gallery_width]}', - bo_mobile_gallery_height = '{$board[bo_mobile_gallery_height]}', - bo_upload_size = '{$board[bo_upload_size]}', - bo_reply_order = '{$board[bo_reply_order]}', - bo_use_search = '{$board[bo_use_search]}', - bo_order = '{$board[bo_order]}', + bo_gallery_cols = '{$board['bo_gallery_cols']}', + bo_gallery_width = '{$board['bo_gallery_width']}', + bo_gallery_height = '{$board['bo_gallery_height']}', + bo_mobile_gallery_width = '{$board['bo_mobile_gallery_width']}', + bo_mobile_gallery_height = '{$board['bo_mobile_gallery_height']}', + bo_upload_size = '{$board['bo_upload_size']}', + bo_reply_order = '{$board['bo_reply_order']}', + bo_use_search = '{$board['bo_use_search']}', + bo_order = '{$board['bo_order']}', bo_notice = '{$board['bo_notice']}', - bo_upload_count = '{$board[bo_upload_count]}', - bo_use_email = '{$board[bo_use_email]}', - bo_use_cert = '{$board[bo_use_cert]}', - bo_use_sns = '{$board[bo_use_sns]}', + bo_upload_count = '{$board['bo_upload_count']}', + bo_use_email = '{$board['bo_use_email']}', + bo_use_cert = '{$board['bo_use_cert']}', + bo_use_sns = '{$board['bo_use_sns']}', bo_sort_field = '{$board['bo_sort_field']}', bo_1_subj = '".addslashes($board['bo_1_subj'])."', bo_2_subj = '".addslashes($board['bo_2_subj'])."',