From 8cc0463ff4a5d4abdea77f62a8879de55ddd1385 Mon Sep 17 00:00:00 2001
From: Arcturus <github@drk.st>
Date: Sat, 5 Oct 2024 05:53:57 +0900
Subject: [PATCH] patch:
 https://github.com/gnuboard/gnuboard5/commit/474fc8f9a90feb4750ae4aac90d02f799d0a6fab

---
 AvocadoEdition_Light/adm/admin.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/AvocadoEdition_Light/adm/admin.lib.php b/AvocadoEdition_Light/adm/admin.lib.php
index 0fc36b8..9de1f58 100644
--- a/AvocadoEdition_Light/adm/admin.lib.php
+++ b/AvocadoEdition_Light/adm/admin.lib.php
@@ -432,7 +432,7 @@ function admin_check_xss_params($params)
 
     if (is_array($value)) {
       admin_check_xss_params($value);
-    } else if (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value))) {
+    } else if (preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/(onload|onerror)=.*/ius', $value))) {
       alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
       die();
     }