Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결

2026-04-02 01:52:10 +09:00 · 2017-01-06 17:21:01 +09:00 · 2017-01-06 17:21:01 +09:00 · 884c91a606
commit 884c91a606
parent fe5feddc63
8 changed files with 19 additions and 4 deletions
--- a/modules/document/document.admin.view.php
+++ b/modules/document/document.admin.view.php
@ -121,6 +121,9 @@ class documentAdminView extends document
 		}
 		Context::set('member_nick_name', $member_nick_neme);

+		$security = new Security();
+		$security->encodeHTML('search_target', 'search_keyword');
+
 		// Specify a template
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('document_list');