Skip to content

Commit

Permalink
fix #2015 #2005 이슈에서 보안 문제로 메뉴명에서 모든 태그를 제거했던 동작을 변경
Browse files Browse the repository at this point in the history 
- 안전하지 않은 태그만 필터링하도록 변경
  • Loading branch information
bnu committed Apr 13, 2017
1 parent ad08168 commit bc971e2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/menu/menu.admin.controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1991,7 +1991,7 @@ function getPhpCacheCode($source_node, $tree, $site_srl, $domain)
}
else
{
$name_arr_str .= sprintf('"%s"=>\'%s\',', $key, str_replace(array('\\','\''), array('\\\\','\\\''), strip_tags($val)));
$name_arr_str .= sprintf('"%s"=>\'%s\',', $key, str_replace(array('\\','\''), array('\\\\','\\\''), removeHackTag($val)));
}
}
$name_str = sprintf('$_menu_names[%d] = array(%s); %s', $node->menu_item_srl, $name_arr_str, $child_output['name']);
Expand Down Expand Up @@ -2059,7 +2059,7 @@ function getPhpCacheCode($source_node, $tree, $site_srl, $domain)
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => \'%s\', "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? "%s" : ""), "is_shortcut" => "%s", "desc" => \'%s\', "open_window" => "%s", "normal_btn" => "%s", "hover_btn" => "%s", "active_btn" => "%s", "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => \'%s\', "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
$node->menu_item_srl,
$node->parent_srl,
strip_tags(addslashes($node->name)),
addslashes($node->name),
$group_check_code,
$group_check_code,
$node->menu_item_srl,
Expand Down

0 comments on commit bc971e2

Please sign in to comment.