From f7113b9d894d2d309b32d7a43c191d7d6f62d6d0 Mon Sep 17 00:00:00 2001
From: Stellar <hapgaller@gmail.com>
Date: Mon, 20 Oct 2014 17:53:50 +0900
Subject: [PATCH 1/2] =?UTF-8?q?Vid=20parameter=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=ED=95=84=ED=84=B0=EB=A7=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

임의값을 vid parameter에 입력하여 취약점 발생 방지 필터링
---
 classes/context/Context.class.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index 6b1978544..7af660700 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -1289,10 +1289,14 @@ class Context
 			{
 				$result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
 			}
-			elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
+			elseif($key === 'mid' || $key === 'search_keyword')
 			{
 				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
 			}
+			elseif($key === 'vid' )
+			{
+				$result[$k] = urlencode($v);
+			}
 			else
 			{
 				$result[$k] = $v;

From 3069eaa100e23e1586564b7fdc3b190290cc2c78 Mon Sep 17 00:00:00 2001
From: Stellar <hapgaller@gmail.com>
Date: Mon, 20 Oct 2014 17:57:26 +0900
Subject: [PATCH 2/2] Update Context.class.php

---
 classes/context/Context.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index 7af660700..e055f320a 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -1293,7 +1293,7 @@ class Context
 			{
 				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
 			}
-			elseif($key === 'vid' )
+			elseif($key === 'vid')
 			{
 				$result[$k] = urlencode($v);
 			}