Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결

2026-04-29 15:22:15 +09:00 · 2017-01-06 17:21:01 +09:00 · 2017-01-06 17:21:01 +09:00 · 884c91a606
commit 884c91a606
parent fe5feddc63
8 changed files with 19 additions and 4 deletions
--- a/modules/point/point.admin.view.php
+++ b/modules/point/point.admin.view.php
@ -114,9 +114,10 @@ class pointAdminView extends point
 		$this->group_list = $oMemberModel->getGroups();
 		Context::set('group_list', $this->group_list);
 		//Security
-		$security = new Security();			
+		$security = new Security();
 		$security->encodeHTML('group_list..title','group_list..description');
 		$security->encodeHTML('member_list..');
+		$security->encodeHTML('search_target', 'search_keyword');

 		// Set the template
 		$this->setTemplateFile('member_list');