diff --git a/config/func.inc.php b/config/func.inc.php index 86d8a3cc5..75bb88f33 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -346,4 +346,16 @@ return preg_replace('/%u([[:alnum:]]{4})/', '&#x\\1;',$str); } + /** + * @brief iframe, script코드 제거 + **/ + function removeHackTag($content) { + // iframe 제거 + $content = preg_replace("!!is","",$content); + + // script code 제거 + $content = preg_replace("!!is","",$content); + return $content; + } + ?> diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index b50d6e7c1..91f3b3225 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -25,6 +25,7 @@ * @brief 댓글 입력 **/ function insertComment($obj, $manual_inserted = false) { + $obj->content = removeHackTag($obj->content); // document_srl에 해당하는 글이 있는지 확인 $document_srl = $obj->document_srl; @@ -33,6 +34,7 @@ // document model 객체 생성 $oDocumentModel = &getModel('document'); + // 원본글을 가져옴 if(!$manual_inserted) { $oDocument = $oDocumentModel->getDocument($document_srl); @@ -106,6 +108,8 @@ * @brief 댓글 수정 **/ function updateComment($obj, $is_admin = false) { + $obj->content = removeHackTag($obj->content); + // comment model 객체 생성 $oCommentModel = &getModel('comment'); diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 12778a89f..6cabafa66 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -38,6 +38,9 @@ if($obj->homepage && !eregi('^http:\/\/',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage; if($obj->notify_message != "Y") $obj->notify_message = "N"; + // 내용의 경우 javascript, iframe제거 + $obj->content = removeHackTag($obj->content); + // 자동저장용 필드 제거 unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); @@ -129,6 +132,7 @@ if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N'; if($obj->homepage && !eregi('^http:\/\/',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage; if($obj->notify_message != "Y") $obj->notify_message = "N"; + $obj->content = removeHackTag($obj->content); // 자동저장용 필드 제거 unset($obj->_saved_doc_srl); diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 0e758edf0..022ed7ee3 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -152,9 +152,7 @@ $_SESSION['accessible'][$this->document_srl] = true; - $content = $this->get('content'); - $content = preg_replace("!!is","",$content); return htmlspecialchars($content); } @@ -164,7 +162,6 @@ $_SESSION['accessible'][$this->document_srl] = true; $content = $this->get('content'); - $content = preg_replace("!!is","",$content); return sprintf('%s', $this->document_srl, $this->get('member_srl'), $content, $this->document_srl, $this->get('member_srl')); } diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index 109d53687..5e96cc98a 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -163,6 +163,8 @@ } function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true) { + $content = removeHackTag($content); + // 보내는 사용자의 쪽지함에 넣을 쪽지 $sender_args->sender_srl = $sender_srl; $sender_args->receiver_srl = $receiver_srl; @@ -812,6 +814,7 @@ * @brief 서명을 파일로 저장 **/ function putSignature($member_srl, $signature) { + $signature = removeHackTag($signature); $path = sprintf('files/attach/member_extra_info/signature/%s/', getNumberingPath($member_srl)); $filename = sprintf('%s%d.signature.php', $path, $member_srl); if(!trim($signature) || trim(strtolower($signature))=='
') return @unlink($filename);