Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결

2026-01-04 01:01:41 +09:00 · 2017-01-06 17:21:01 +09:00 · 2017-01-06 17:21:01 +09:00 · 884c91a606
commit 884c91a606
parent fe5feddc63
8 changed files with 19 additions and 4 deletions
--- a/modules/poll/poll.admin.view.php
+++ b/modules/poll/poll.admin.view.php
@ -92,6 +92,8 @@ class pollAdminView extends poll

 		$security = new Security();
 		$security->encodeHTML('poll_list..title', 'poll_list..nick_name');
+		$security->encodeHTML('search_target', 'search_keyword');
+
 		// Set a template
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('poll_list');