fix #1216 SECISSUE 위젯 코드를 비활성하는 blockWidgetCode() 추가 및 removeHackTag()에 적용

2026-04-02 01:52:10 +09:00 · 2015-02-04 14:08:28 +09:00 · 2015-02-04 14:08:28 +09:00 · 15c33963d4
commit 15c33963d4
parent 0f3140b491
1 changed files with 15 additions and 1 deletions
--- a/config/func.inc.php
+++ b/config/func.inc.php
@ -1101,8 +1101,22 @@ function removeHackTag($content)
 	 */
 	$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)($|>|<)@i', 'removeSrcHack', $content);

-	// xmp tag ?뺤씤 <20>??<3F>붽?
 	$content = checkXmpTag($content);
+	$content = blockWidgetCode($content);
+
+	return $content;
+}
+
+/**
+ * blocking widget code
+ *
+ * @param string $content Taget content
+ * @return string
+ **/
+function blockWidgetCode($content)
+{
+	$content = preg_replace('/(<(?:img|div)(?:[^>]*))(widget)(?:(=([^>]*?)>))/is', '$1blocked-widget$3', $content);
+
 	return $content;
 }