From a81e75de75c1148f825349c2dc10cef5ad09d72e Mon Sep 17 00:00:00 2001
From: Arcturus <github@drk.st>
Date: Sun, 22 Sep 2024 11:01:55 +0900
Subject: [PATCH] patch secure:
 https://github.com/gnuboard/gnuboard5/commit/18d4a60e035cc578e979a6f4a0b42477ddb7f032

---
 AvocadoEdition_Light/adm/board_list_update.php | 12 ++++++++++++
 AvocadoEdition_Light/adm/contentform.php       |  2 +-
 AvocadoEdition_Light/head.sub.php              |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/AvocadoEdition_Light/adm/board_list_update.php b/AvocadoEdition_Light/adm/board_list_update.php
index f02b4fe..0711f4c 100644
--- a/AvocadoEdition_Light/adm/board_list_update.php
+++ b/AvocadoEdition_Light/adm/board_list_update.php
@@ -27,6 +27,18 @@ if ($_POST['act_button'] == "선택수정") {
         alert('최고관리자가 아닌 경우 다른 관리자의 게시판(' . $board_table[$k] . ')은 수정이 불가합니다.');
     }
 
+    $purify_keys = ["gr_id", "bo_subject", "bo_skin", "bo_list_level", "bo_read_level", "bo_write_level", "bo_comment_level", "bo_reply_level", "board_table"];
+
+    foreach($_POST as $key => $value) {
+      if (in_array($key, $purify_keys)) {
+        if (is_array($_POST[$key])) {
+          $_POST[$key][$k] = sql_real_escape_string(strip_tags($_POST[$key][$k]));
+        } else {
+          $_POST[$key] = sql_real_escape_string(strip_tags($_POST[$key]));
+        }
+      }
+    }
+
     $sql = "UPDATE {$g5['board_table']}
               SET gr_id           = '{$_POST['gr_id'][$k]}',
                 bo_subject        = '{$_POST['bo_subject'][$k]}',
diff --git a/AvocadoEdition_Light/adm/contentform.php b/AvocadoEdition_Light/adm/contentform.php
index e92cb07..a0a8f41 100644
--- a/AvocadoEdition_Light/adm/contentform.php
+++ b/AvocadoEdition_Light/adm/contentform.php
@@ -85,7 +85,7 @@ include_once(G5_ADMIN_PATH . '/admin.head.php');
         </tr>
         <tr>
           <th scope="row">내용</th>
-          <td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
+          <td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
         </tr>
         <tr>
           <th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>
diff --git a/AvocadoEdition_Light/head.sub.php b/AvocadoEdition_Light/head.sub.php
index 0d63d6d..48c0dc3 100644
--- a/AvocadoEdition_Light/head.sub.php
+++ b/AvocadoEdition_Light/head.sub.php
@@ -14,6 +14,8 @@ if (!isset($g5['title'])) {
   $g5_head_title .= " | " . $config['cf_title'];
 }
 
+$g5['title'] = strip_tags(get_text($g5['title']));
+$g5_head_title = strip_tags(get_text($g5_head_title));
 
 $g5['lo_location'] = addslashes($g5['title']);