fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

확장변수를 이용한 XSS 공격 가능성 차단

Browse source
This commit is contained in:
Kijin Sung 2015-03-30 14:00:23 +09:00
parent 330b6c502d
commit a943db7c84
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
classes/extravar/Extravar.class.php
View file

@ -225,6 +225,11 @@ class ExtraItem
$values = explode(',', $value);
}
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++)
{
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
return $values;
case 'checkbox' :
@ -247,11 +252,11 @@ class ExtraItem
$values = array($value);
}
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++)
{
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
return $values;
case 'kr_zip' :
@ -268,6 +273,11 @@ class ExtraItem
$values = array($value);
}
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++)
{
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
return $values;
//case 'date' :