diff --git a/AvocadoEdition_Light/adm/board_list_update.php b/AvocadoEdition_Light/adm/board_list_update.php
index f02b4fe..0711f4c 100644
--- a/AvocadoEdition_Light/adm/board_list_update.php
+++ b/AvocadoEdition_Light/adm/board_list_update.php
@@ -27,6 +27,18 @@ if ($_POST['act_button'] == "선택수정") {
alert('최고관리자가 아닌 경우 다른 관리자의 게시판(' . $board_table[$k] . ')은 수정이 불가합니다.');
}
+ $purify_keys = ["gr_id", "bo_subject", "bo_skin", "bo_list_level", "bo_read_level", "bo_write_level", "bo_comment_level", "bo_reply_level", "board_table"];
+
+ foreach($_POST as $key => $value) {
+ if (in_array($key, $purify_keys)) {
+ if (is_array($_POST[$key])) {
+ $_POST[$key][$k] = sql_real_escape_string(strip_tags($_POST[$key][$k]));
+ } else {
+ $_POST[$key] = sql_real_escape_string(strip_tags($_POST[$key]));
+ }
+ }
+ }
+
$sql = "UPDATE {$g5['board_table']}
SET gr_id = '{$_POST['gr_id'][$k]}',
bo_subject = '{$_POST['bo_subject'][$k]}',
diff --git a/AvocadoEdition_Light/adm/contentform.php b/AvocadoEdition_Light/adm/contentform.php
index e92cb07..a0a8f41 100644
--- a/AvocadoEdition_Light/adm/contentform.php
+++ b/AvocadoEdition_Light/adm/contentform.php
@@ -85,7 +85,7 @@ include_once(G5_ADMIN_PATH . '/admin.head.php');
| 내용 |
- |
+ |
|
diff --git a/AvocadoEdition_Light/head.sub.php b/AvocadoEdition_Light/head.sub.php
index 0d63d6d..48c0dc3 100644
--- a/AvocadoEdition_Light/head.sub.php
+++ b/AvocadoEdition_Light/head.sub.php
@@ -14,6 +14,8 @@ if (!isset($g5['title'])) {
$g5_head_title .= " | " . $config['cf_title'];
}
+$g5['title'] = strip_tags(get_text($g5['title']));
+$g5_head_title = strip_tags(get_text($g5_head_title));
$g5['lo_location'] = addslashes($g5['title']);