From 90e510091d5cb0b0abb8eebde2fe647df2bad5e9 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Wed, 29 Jun 2022 15:35:51 +0900
Subject: [PATCH] RVE-2022-3 filter skin and style parameters again in
 PollModel class
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

해당 변수를 화면에 출력하는 스킨이 있으므로 이중 방어
---
 modules/poll/poll.model.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/poll/poll.model.php b/modules/poll/poll.model.php
index b81afc313..a85aa276f 100644
--- a/modules/poll/poll.model.php
+++ b/modules/poll/poll.model.php
@@ -221,9 +221,10 @@ class pollModel extends poll
 		if(!$output->data) return '';
 
 		$poll = new stdClass;
-		$poll->style = $style;
+		$poll->style = preg_replace('/[^a-zA-Z0-9_-]/', '', $style);
 		$poll->poll_count = (int)$output->data->poll_count;
 		$poll->stop_date = $output->data->stop_date;
+		$skin = preg_replace('/[^a-zA-Z0-9_-]/', '', $skin);
 
 		$columnList = array('poll_index_srl', 'title', 'checkcount', 'poll_count');
 		$output = executeQuery('poll.getPollTitle', $args, $columnList);
@@ -279,7 +280,7 @@ class pollModel extends poll
 		if(!$output->data) return '';
 
 		$poll = new stdClass;
-		$poll->style = $skin;
+		$poll->style = preg_replace('/[^a-zA-Z0-9_-]/', '', $skin);
 		$poll->poll_count = (int)$output->data->poll_count;
 		$poll->stop_date = $output->data->stop_date;