git-svn-id: http://xe-core.googlecode.com/svn/trunk@1121 201d5d3c-b55e-5fd7-737f-ddc643e51545

2026-01-14 00:39:57 +09:00 · 2007-04-13 02:53:36 +00:00 · 2007-04-13 02:53:36 +00:00 · c2117c1a16
commit c2117c1a16
parent 6d6d6c5b8b
34 changed files with 122 additions and 133 deletions
--- a/modules/board/skins/default/comment.html
+++ b/modules/board/skins/default/comment.html
@ -22,17 +22,17 @@
            </tr>
            <tr>
                <th>{$lang->writer}</th>
-                <td><div class="member_{$val->member_srl}">{$val->nick_name}</div></td>
+                <td><div class="member_{$val->member_srl}">{htmlspecialchars($val->nick_name)}</div></td>
            </tr>
            <!--@if($val->homepage)-->
            <tr>
                <th>{$lang->homepage}</th>
-                <td><a href="{$val->homepage}" onclick="winopen('{$val->homepage}'); return false;">{$val->homepage}</a></td>
+                <td><a href="{$val->homepage}" onclick="winopen('{$val->homepage}'); return false;">{htmlspecialchars($val->homepage)}</a></td>
            </tr>
            <!--@end-->
            <tr>
                <th>{$lang->content}</th>
-                <td height="100" valign="top">{nl2br($val->content)}</td>
+                <td height="100" valign="top">{$val->content}</td>
            </tr>
            <tr>
                <th>ipaddress</th>
--- a/modules/board/skins/default/comment_form.html
+++ b/modules/board/skins/default/comment_form.html
@ -18,11 +18,11 @@
    </tr>
    <tr>
        <th>{$lang->writer}</th>
-        <td><div class="member_{$source_comment->member_srl}">{$source_comment->nick_name}</div></td>
+        <td><div class="member_{$source_comment->member_srl}">{htmlspecialchars($source_comment->nick_name)}</div></td>
    </tr>
    <tr>
        <th>{$lang->content}</th>
-        <td height="100" valign="top">{nl2br($source_comment->content)}</td>
+        <td height="100" valign="top">{$source_comment->content}</td>
    </tr>
    </table>
 </div>
@ -43,7 +43,7 @@
    <!--@if(!$is_logged)-->
    <tr>
        <th>{$lang->writer}</th>
-        <td><input type="text" name="nick_name" value="{$comment->nick_name}" /></td>
+        <td><input type="text" name="nick_name" value="{htmlspecialchars($comment->nick_name)}" /></td>
    </tr>
    <tr>
        <th>{$lang->password}</th>
@ -51,11 +51,11 @@
    </tr>
    <tr>
        <th>{$lang->email_address}</th>
-        <td><input type="text" name="email_address" value="{$comment->email_address}"/></td>
+        <td><input type="text" name="email_address" value="{htmlspecialchars($comment->email_address)}"/></td>
    </tr>
    <tr>
        <th>{$lang->homepage}</th>
-        <td><input type="text" name="homepage" value="{$comment->homepage}" /></td>
+        <td><input type="text" name="homepage" value="{htmlspecialchars($comment->homepage)}" /></td>
    </tr>
    <!--@end-->

--- a/modules/board/skins/default/header.html
+++ b/modules/board/skins/default/header.html
@ -1,24 +1,6 @@
 <!--%import("js/board.js")-->
 {$module_info->header_text}

-<!-- 게시판 제목/ 설명 -->
-<!--@if($module_info->title || $module_info->desc)-->
-<div>
-    <table>
-    <tr>
-        <td>{$module_info->title}</td>
-    </tr>
-
-    <!--@if($module_info->desc)-->
-    <tr>
-        <td>{nl2br($module_info->desc)}</td>
-    </tr>
-    <!--@end-->
-
-    </table>
-</div>
-<!--@end-->
-
 <!-- 게시판 정보 -->
 <div>
    <!--@if($total_count)-->
--- a/modules/board/skins/default/list.html
+++ b/modules/board/skins/default/list.html
@ -44,10 +44,11 @@
            <!--@if($grant->is_admin == 'Y')-->
            <input type="checkbox" value="{$val->document_srl}" onclick="doAddCart('{$mid}',this)" <!--@if($check_list[$val->document_srl])-->checked="true"<!--@end--> /> 
            <!--@end-->
+
            <!--@if($grant->view)-->
-                <a href="{getUrl('document_srl',$val->document_srl)}">{$val->title}</a>
+                <a href="{getUrl('document_srl',$val->document_srl)}">{htmlspecialchars($val->title)}</a>
            <!--@else-->
-                {$val->title}
+                {htmlspecialchars($val->title)}
            <!--@end-->

            <!--@if($val->comment_count>0)-->
--- a/modules/board/skins/default/view_document.html
+++ b/modules/board/skins/default/view_document.html
@ -21,12 +21,12 @@

    <tr>
        <th>{$lang->title}</th>
-        <td>{$document->title}</td>
+        <td>{htmlspecialchars($document->title)}</td>
    </tr>
    <!--@if($document->homepage)-->
    <tr>
        <th>{$lang->homepage}</th>
-        <td><a href="{$document->homepage}" onclick="winopen('{$document->homepage}'); return false;">{$document->homepage}</a></td>
+        <td><a href="{$document->homepage}" onclick="winopen('{$document->homepage}'); return false;">{htmlspecialchars($document->homepage)}</a></td>
    </tr>
    <!--@end-->
    <tr>
@ -35,7 +35,7 @@
    </tr>
    <tr>
        <th>{$lang->writer}</th>
-        <td><div class="member_{$document->member_srl}">{$document->nick_name}</div></td>
+        <td><div class="member_{$document->member_srl}">{htmlspecialchars($document->nick_name)}</div></td>
    </tr>
    <tr>
        <th>{$lang->readed_count}</th>
@ -64,7 +64,7 @@
    <!--@if($document->tags)-->
    <tr>
        <th>{$lang->tag}</th>
-        <td>{$document->tags}</td>
+        <td>{htmlspecialchars($document->tags)}</td>
    </tr>
    <!--@end-->

--- a/modules/board/skins/default/write_form.html
+++ b/modules/board/skins/default/write_form.html
@ -34,17 +34,17 @@
    </tr>
    <tr>
        <th>{$lang->email_address}</th>
-        <td><input type="text" name="email_address" value="{$document->email_address}"/></td>
+        <td><input type="text" name="email_address" value="{htmlspecialchars($document->email_address)}"/></td>
    </tr>
    <tr>
        <th>{$lang->homepage}</th>
-        <td><input type="text" name="homepage" value="{$document->homepage}" /></td>
+        <td><input type="text" name="homepage" value="{htmlspecialchars($document->homepage)}" /></td>
    </tr>
    <!--@end-->

    <tr>
        <th>{$lang->title}</th>
-        <td><input type="text" name="title" value="{$document->title}" /></td>
+        <td><input type="text" name="title" value="{htmlspecialchars($document->title)}" /></td>
    </tr>
    <tr>
        <td>&nbsp;</td>
--- a/modules/board/tpl/board_info.html
+++ b/modules/board/tpl/board_info.html
@ -27,7 +27,7 @@
 </tr>
 <tr>
    <th>{$lang->browser_title}</th>
-    <td>{$module_info->browser_title}</td>
+    <td>{htmlspecialchars($module_info->browser_title)}</td>
 </tr>
 <tr>
    <th>{$lang->use_category}</th>
@ -43,15 +43,15 @@
 </tr>
 <tr>
    <th>{$lang->description}</th>
-    <td>{nl2br($module_info->description)}</td>
+    <td>{nl2br(htmlspecialchars($module_info->description))}</td>
 </tr>
 <tr>
    <th>{$lang->header_text}</th>
-    <td>{$module_info->header_text}</td>
+    <td>{htmlspecialchars($module_info->header_text)}</td>
 </tr>
 <tr>
    <th>{$lang->footer_text}</th>
-    <td>{$module_info->footer_text}</td>
+    <td>{htmlspecialchars($module_info->footer_text)}</td>
 </tr>
 <tr>
    <th>{$lang->admin_id}</th>
--- a/modules/board/tpl/board_insert.html
+++ b/modules/board/tpl/board_insert.html
@ -44,7 +44,7 @@
    </tr>
    <tr>
        <th rowspan="2">{$lang->browser_title}</th>
-        <td><input type="text" name="browser_title" value="{$module_info->browser_title}" /></td>
+        <td><input type="text" name="browser_title" value="{htmlspecialchars($module_info->browser_title)}" /></td>
    </tr>
    <tr>
        <td>{$lang->about_browser_title}</td>
--- a/modules/board/tpl/category_list.html
+++ b/modules/board/tpl/category_list.html
@ -28,7 +28,7 @@

    <!--@foreach($category_list as $category_srl => $category_info)-->
    <tr>
-        <td>{$category_info->title}</td>
+        <td>{htmlspecialchars($category_info->title)}</td>
        <td>{zdate($category_info->last_update,"Y-m-d H:i:s")}</td>
        <td><a href="{getUrl('category_srl',$category_info->category_srl)}">{$lang->cmd_modify}</a></td>
        <td><a href="#" onclick="doUpdateCategory('{$category_info->category_srl}','up');return false;">{$lang->cmd_move_up}</a></td>
--- a/modules/board/tpl/category_update_form.html
+++ b/modules/board/tpl/category_update_form.html
@ -12,7 +12,7 @@

    <div style="margin-bottom:30px">
          {$lang->category_title} :
-          <input type="text" name="category_title" value="{$selected_category->title}" />
+          <input type="text" name="category_title" value="{htmlspecialchars($selected_category->title)}" />
          <input type="submit" value="{$lang->cmd_modify}" />
          <input type="button" value="{$lang->cmd_cancel}" onclick="location.href='{getUrl('category_srl','')}'" />
    </div>
--- a/modules/board/tpl/index.html
+++ b/modules/board/tpl/index.html
@ -43,7 +43,7 @@
            <!--@end-->
        </td>
        <td><a href="{getUrl('act','dispBoardAdminBoardInfo','module_srl',$val->module_srl)}">{$val->mid}</a></td>
-        <td>{$val->browser_title}</td>
+        <td>{htmlspecialchars($val->browser_title)}</td>
        <td>{$val->is_default}</td>
        <td>{$val->skin}</td>
        <td>{$val->admin_id}</td>
--- a/modules/board/tpl/skin_info.html
+++ b/modules/board/tpl/skin_info.html
@ -63,10 +63,10 @@
            <th <!--@if($val->description)-->rowspan="2"<!--@end-->>{$val->title}</th>
            <td>
                <!--@if($val->type=="text")-->
-                <input type="text" name="{$val->name}" value="{$val->value}" />
+                <input type="text" name="{$val->name}" value="{htmlspecialchars($val->value)}" />

                <!--@elseif($val->type=="textarea")-->
-                <textarea name="{$val->name}">{$val->value}</textarea>
+                <textarea name="{$val->name}">{htmlspecialchars($val->value)}</textarea>

                <!--@elseif($val->type=="select")-->
                <select name="{$val->name}">