admin_check_xss_params 함수 추가

gnuboard · Oct 8, 2018 · a305bc6 · a305bc6
1 parent 930a2a1
commit a305bc6
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/adm/admin.lib.php b/adm/admin.lib.php
@@ -426,6 +426,25 @@ function admin_referer_check($return=false)
     }
 }
 
+function admin_check_xss_params($params){
+
+    if( ! $params ) return;
+
+    foreach( $params as $key=>$value ){
+
+        if ( empty($value) ) continue;
+
+        if( is_array($value) ){
+            admin_check_xss_params($params);
+        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
+            alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
+            die();
+        }
+    }
+
+    return;
+}
+
 // 접근 권한 검사
 if (!$member['mb_id'])
 {
@@ -491,14 +510,7 @@ function admin_referer_check($return=false)
 
 if ( isset($_REQUEST) && $_REQUEST ){
     if( admin_referer_check(true) ){
-
-        foreach( $_REQUEST as $key=>$value ){
-            if( $value && preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
-                alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
-                die();
-            }
-        }
-
+        admin_check_xss_params($_REQUEST);
     }
 }