fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

확장변수를 이용한 XSS 공격 가능성 차단

Browse source
This commit is contained in:
Kijin Sung 2015-03-30 14:00:23 +09:00
parent 330b6c502d
commit a943db7c84
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
classes/extravar/Extravar.class.php
View file

@ -225,6 +225,11 @@ class ExtraItem
$values = explode(',', $value); $values = explode(',', $value);
} }
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++)
{
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
return $values; return $values;
case 'checkbox' : case 'checkbox' :
@ -247,11 +252,11 @@ class ExtraItem
$values = array($value); $values = array($value);
} }
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++) for($i = 0, $c = count($values); $i < $c; $i++)
{ {
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false)); $values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
} }
return $values; return $values;
case 'kr_zip' : case 'kr_zip' :
@ -268,6 +273,11 @@ class ExtraItem
$values = array($value); $values = array($value);
} }
$values = array_values($values);
for($i = 0, $c = count($values); $i < $c; $i++)
{
$values[$i] = trim(htmlspecialchars($values[$i], ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
}
return $values; return $values;
//case 'date' : //case 'date' :