diff --git a/AvocadoEdition_Light/adm/contentform.php b/AvocadoEdition_Light/adm/contentform.php
index c993abb..e92cb07 100644
--- a/AvocadoEdition_Light/adm/contentform.php
+++ b/AvocadoEdition_Light/adm/contentform.php
@@ -35,6 +35,7 @@ if (!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) {
$html_title = "내용";
$g5['title'] = $html_title . ' 관리';
+$readonly = '';
if ($w == "u") {
$html_title .= " 수정";
diff --git a/AvocadoEdition_Light/adm/visit_list.php b/AvocadoEdition_Light/adm/visit_list.php
index d783962..5cabf30 100644
--- a/AvocadoEdition_Light/adm/visit_list.php
+++ b/AvocadoEdition_Light/adm/visit_list.php
@@ -75,7 +75,7 @@ $result = sql_query($sql);
}
$title = str_replace(array('<', '>', '&'), array("<", ">", "&"), $referer);
- $link = '';
+ $link = '';
$link = str_replace('&', "&", $link);
$link2 = '';
}
diff --git a/AvocadoEdition_Light/adm/visit_search.php b/AvocadoEdition_Light/adm/visit_search.php
index 073fc92..9a53bdc 100644
--- a/AvocadoEdition_Light/adm/visit_search.php
+++ b/AvocadoEdition_Light/adm/visit_search.php
@@ -93,7 +93,7 @@ $listall = '처음'; //페이지
}
$title = str_replace(array("<", ">"), array("<", ">"), $referer);
- $link = '';
+ $link = '';
}
if ($is_admin == 'super')
diff --git a/AvocadoEdition_Light/bbs/alert.php b/AvocadoEdition_Light/bbs/alert.php
index 53470ae..82a5321 100644
--- a/AvocadoEdition_Light/bbs/alert.php
+++ b/AvocadoEdition_Light/bbs/alert.php
@@ -30,9 +30,9 @@ include_once(G5_PATH . '/head.sub.php');
$msg2 = str_replace("\\n", "
", $msg);
-$url = clean_xss_tags($url);
+$url = clean_xss_tags($url, 1);
if (!$url)
- $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
+ $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
diff --git a/AvocadoEdition_Light/bbs/confirm.php b/AvocadoEdition_Light/bbs/confirm.php
index bb06ed1..8e219b5 100644
--- a/AvocadoEdition_Light/bbs/confirm.php
+++ b/AvocadoEdition_Light/bbs/confirm.php
@@ -2,9 +2,9 @@
include_once('./_common.php');
include_once(G5_PATH . '/head.sub.php');
-$url1 = clean_xss_tags($url1);
-$url2 = clean_xss_tags($url2);
-$url3 = clean_xss_tags($url3);
+$url1 = clean_xss_tags($url1, 1);
+$url2 = clean_xss_tags($url2, 1);
+$url3 = clean_xss_tags($url3, 1);
// url 체크
check_url_host($url1);
@@ -25,12 +25,12 @@ check_url_host($url3);
-
+
확인
diff --git a/AvocadoEdition_Light/bbs/visit_insert.inc.php b/AvocadoEdition_Light/bbs/visit_insert.inc.php
index edbf06e..67cb1f2 100644
--- a/AvocadoEdition_Light/bbs/visit_insert.inc.php
+++ b/AvocadoEdition_Light/bbs/visit_insert.inc.php
@@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) {
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
$referer = "";
if (isset($_SERVER['HTTP_REFERER']))
- $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
- $user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
+ $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
+ $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
$vi_browser = '';
$vi_os = '';
$vi_device = '';