Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
그누보드 글 수정 XSS 취약점 수정 ( 17-454 )
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisgun
thisgun committed Jul 3, 2017
1 parent 2892919 commit df20a23
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions bbs/write.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,11 @@
if ($config['cf_editor'] && $is_dhtml_editor_use && $board['bo_use_dhtml_editor'] && $member['mb_level'] >= $board['bo_html_level']) {
$is_dhtml_editor = true;

if ( $w == 'u' && (! $is_member || ! $is_admin || $write['mb_id'] !== $member['mb_id']) ){
// kisa 취약점 제보 xss 필터 적용
$content = get_text(html_purifier($write['wr_content']), 0);
}

if(is_file(G5_EDITOR_PATH.'/'.$config['cf_editor'].'/autosave.editor.js'))
$editor_content_js = '<script src="'.G5_EDITOR_URL.'/'.$config['cf_editor'].'/autosave.editor.js"></script>'.PHP_EOL;
}
Expand Down

0 comments on commit df20a23

Please sign in to comment.