diff --git a/AvocadoEdition_Light/adm/admin.lib.php b/AvocadoEdition_Light/adm/admin.lib.php
index 15b7c66..9a3a723 100644
--- a/AvocadoEdition_Light/adm/admin.lib.php
+++ b/AvocadoEdition_Light/adm/admin.lib.php
@@ -371,6 +371,15 @@ function get_admin_token()
return $token;
}
+//input value 에서 xss 공격 filter 역할을 함 ( 반드시 input value='' 타입에만 사용할것 )
+function get_sanitize_input($s, $is_html = false)
+{
+ if (!$is_html) {
+ $s = strip_tags($s);
+ }
+ $s = htmlspecialchars($s, ENT_QUOTES, 'utf-8');
+ return $s;
+}
// POST로 넘어온 토큰과 세션에 저장된 토큰 비교
function check_admin_token()
@@ -454,7 +463,7 @@ while ($entry = $tmp->read()) {
}
}
-usort($menu, function($a, $b) {
+usort($menu, function ($a, $b) {
return $a->order - $b->order;
});
@@ -475,4 +484,4 @@ if (run_replace('safe_admin_add_script_boolean', false) === false) {
$config['cf_analytics'] = '';
$config['cf_add_script'] = '';
$config['cf_add_meta'] = '';
-}
\ No newline at end of file
+}
diff --git a/AvocadoEdition_Light/adm/config_form_update.php b/AvocadoEdition_Light/adm/config_form_update.php
index 75dabff..fa6f47e 100644
--- a/AvocadoEdition_Light/adm/config_form_update.php
+++ b/AvocadoEdition_Light/adm/config_form_update.php
@@ -24,8 +24,6 @@ if (!$_POST['cf_cert_use']) {
$_POST['cf_cert_hp'] = '';
}
-
-
$site_style_path = G5_DATA_PATH . "/site";
$site_style_url = G5_DATA_URL . "/site";
@@ -40,6 +38,13 @@ if ($_FILES['admin_icon_file']['name']) {
upload_file($_FILES['admin_icon_file']['tmp_name'], $image_name, $site_style_path);
}
+$check_keys = ['cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret', 'cf_cert_kg_cd', 'cf_cert_kg_mid'];
+
+foreach ($check_keys as $key) {
+ if (isset($_POST[$key]) && $_POST[$key]) {
+ $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
+ }
+}
$sql = " update {$g5['config_table']}
set cf_admin = '{$_POST['cf_admin']}',
diff --git a/AvocadoEdition_Light/adm/menu_list.php b/AvocadoEdition_Light/adm/menu_list.php
index 5ded963..897707b 100644
--- a/AvocadoEdition_Light/adm/menu_list.php
+++ b/AvocadoEdition_Light/adm/menu_list.php
@@ -99,7 +99,7 @@ $colspan = 9;
|
diff --git a/AvocadoEdition_Light/adm/menu_list_update.php b/AvocadoEdition_Light/adm/menu_list_update.php
index 070b856..3005b9c 100644
--- a/AvocadoEdition_Light/adm/menu_list_update.php
+++ b/AvocadoEdition_Light/adm/menu_list_update.php
@@ -19,8 +19,8 @@ $count = count($_POST['code']);
for ($i = 0; $i < $count; $i++) {
$_POST = array_map_deep('trim', $_POST);
- $code = $_POST['code'][$i];
- $me_name = $_POST['me_name'][$i];
+ $code = strip_tags($_POST['code'][$i]);
+ $me_name = strip_tags($_POST['me_name'][$i]);
// kve-2021-0755 gnuboard 3a3434104c
$me_link = html_purifier($_POST['me_link'][$i]);
$me_depth = $_POST['me_depth'][$i];
@@ -59,9 +59,9 @@ for ($i = 0; $i < $count; $i++) {
me_icon = '{$_POST['me_icon'][$i]}',
me_name = '{$me_name}',
me_link = '{$me_link}',
- me_target = '{$_POST['me_target'][$i]}',
- me_order = '{$_POST['me_order'][$i]}',
- me_use = '{$_POST['me_use'][$i]}',
+ me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
+ me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
+ me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
me_depth = '{$me_depth}',
me_parent = '{$me_parent}'";
sql_query($sql);
|