patch secure: 18d4a60e03

AvocadoEdition_Light/adm/board_list_update.php

@@ -27,6 +27,18 @@ if ($_POST['act_button'] == "선택수정") {
         alert('최고관리자가 아닌 경우 다른 관리자의 게시판(' . $board_table[$k] . ')은 수정이 불가합니다.');
     }
 
+    $purify_keys = ["gr_id", "bo_subject", "bo_skin", "bo_list_level", "bo_read_level", "bo_write_level", "bo_comment_level", "bo_reply_level", "board_table"];
+
+    foreach($_POST as $key => $value) {
+      if (in_array($key, $purify_keys)) {
+        if (is_array($_POST[$key])) {
+          $_POST[$key][$k] = sql_real_escape_string(strip_tags($_POST[$key][$k]));
+        } else {
+          $_POST[$key] = sql_real_escape_string(strip_tags($_POST[$key]));
+        }
+      }
+    }
+
     $sql = "UPDATE {$g5['board_table']}
               SET gr_id           = '{$_POST['gr_id'][$k]}',
                 bo_subject        = '{$_POST['bo_subject'][$k]}',

AvocadoEdition_Light/adm/contentform.php

@@ -85,7 +85,7 @@ include_once(G5_ADMIN_PATH . '/admin.head.php');
         </tr>
         <tr>
           <th scope="row">내용</th>
-          <td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
+          <td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
         </tr>
         <tr>
           <th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>

AvocadoEdition_Light/head.sub.php

@@ -14,6 +14,8 @@ if (!isset($g5['title'])) {
   $g5_head_title .= " | " . $config['cf_title'];
 }
 
+$g5['title'] = strip_tags(get_text($g5['title']));
+$g5_head_title = strip_tags(get_text($g5_head_title));
 
 $g5['lo_location'] = addslashes($g5['title']);