[KVE-2020-0013]그누보드_Reflect XSS_수정

gnuboard · Mar 3, 2020 · 4905006 · 4905006
1 parent 894f43d
commit 4905006
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/adm/board_copy.php b/adm/board_copy.php
@@ -31,7 +31,7 @@
             </tr>
             <tr>
                 <th scope="col"><label for="target_subject">게시판 제목<strong class="sound_only">필수</strong></label></th>
-                <td><input type="text" name="target_subject" value="[복사본] <?php echo $board['bo_subject'] ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
+                <td><input type="text" name="target_subject" value="[복사본] <?php echo get_sanitize_input($board['bo_subject']); ?>" id="target_subject" required class="required frm_input" maxlength="120"></td>
             </tr>
             <tr>
                 <th scope="col">복사 유형</th>

diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
@@ -11,6 +11,8 @@
 $target_table   = trim($_POST['target_table']);
 $target_subject = trim($_POST['target_subject']);
 
+$target_subject = strip_tags(clean_xss_attributes($target_subject));
+
 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
     alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
 }