cross site scripting 보안 적용

web-n · Jan 25, 2018 · 3d12053 · 3d12053
1 parent 836ac43
commit 3d12053
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/lib/print.php b/lib/print.php
@@ -1,14 +1,14 @@
 <?php
 function print_title(){
   if(isset($_GET['id'])){
-    echo $_GET['id'];
+    echo htmlspecialchars($_GET['id']);
   } else {
     echo "Welcome";
   }
 }
 function print_description(){
   if(isset($_GET['id'])){
-    echo file_get_contents("data/".$_GET['id']);
+    echo htmlspecialchars(file_get_contents("data/".$_GET['id']));
   } else {
     echo "Hello, PHP";
   }
@@ -17,9 +17,10 @@ function print_list(){
   $list = scandir('./data');
   $i = 0;
   while($i < count($list)){
+    $title = htmlspecialchars($list[$i]);
     if($list[$i] != '.') {
       if($list[$i] != '..') {
-        echo "<li><a href=\"index.php?id=$list[$i]\">$list[$i]</a></li>\n";
+        echo "<li><a href=\"index.php?id=$title\">$title</a></li>\n";
       }
     }
     $i = $i + 1;