Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
[KVE-2020-1616]그누보드 메인화면 XSS 취약점 수정
  • Loading branch information
thisgun committed Mar 16, 2021
1 parent 607a8b6 commit 70daa53
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion adm/menu_list_update.php
Expand Up @@ -21,7 +21,11 @@
{
$_POST = array_map_deep('trim', $_POST);

$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
if(preg_match('/^javascript/i', preg_replace('/[ ]{1,}|[\t]/', '', $_POST['me_link'][$i]))){
$_POST['me_link'][$i] = G5_URL;
}

$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : '';

$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
Expand Down

0 comments on commit 70daa53

Please sign in to comment.