fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1216 SECISSUE

Browse source 
- content 위젯에서 콘텐츠를 담을 때 strip_tags() 적용
- RSS 콘텐츠를 가져올 때 XSS 취약점 문제 수정
- 제보 : 한국인터넷진흥원
This commit is contained in:
bnu 2015-02-04 14:09:54 +09:00
parent 15c33963d4
commit db557b8488
1 changed files with 8 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

17
widgets/content/content.class.php
View file

@ -811,37 +811,36 @@ class contentItem extends Object
}
function setLink($url)
{
$this->add('url',$url);
$this->add('url', strip_tags($url));
}
function setTitle($title)
{
$this->add('title',$title);
$this->add('title', strip_tags($title));
}
function setThumbnail($thumbnail)
{
$this->add('thumbnail',$thumbnail);
$this->add('thumbnail', $thumbnail);
}
function setContent($content)
{
$this->add('content',$content);
$this->add('content', removeHackTag($content));
}
function setRegdate($regdate)
{
$this->add('regdate',$regdate);
$this->add('regdate', strip_tags($regdate));
}
function setNickName($nick_name)
{
$this->add('nick_name',$nick_name);
$this->add('nick_name', strip_tags($nick_name));
}
// Save author's homepage url. By misol
function setAuthorSite($site_url)
{
$this->add('author_site',$site_url);
$this->add('author_site', strip_tags($site_url));
}
function setCategory($category)
{
$this->add('category',$category);
$this->add('category', strip_tags($category));
}
function getBrowserTitle()
{