#309 SECISSUE homepage필드를 이용한 XSS 공격 방어, 댓글 작성시에도 적용

modules/comment/comment.controller.php

@@ -266,9 +266,13 @@ function insertComment($obj, $manual_inserted = FALSE)
 				return new Object(-1, 'msg_invalid_request');
 			}
 
-			if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage))
+			if($obj->homepage)
 			{
-				$obj->homepage = 'http://' . $obj->homepage;
+				$obj->homepage = removeHackTag($obj->homepage);
+				if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+				{
+					$obj->homepage = 'http://'.$obj->homepage;
+				}
 			}
 
 			// input the member's information if logged-in
@@ -655,9 +659,13 @@ function updateComment($obj, $is_admin = FALSE)
 			$obj->password = md5($obj->password);
 		}
 
-		if($obj->homepage && !preg_match('/^[a-z]+:\/\//i', $obj->homepage))
+		if($obj->homepage) 
 		{
-			$obj->homepage = 'http://' . $obj->homepage;
+			$obj->homepage = removeHackTag($obj->homepage);
+			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+			{
+				$obj->homepage = 'http://'.$obj->homepage;
+			}
 		}
 
 		// set modifier's information if logged-in and posting author and modifier are matched.

modules/document/document.controller.php

@@ -398,7 +398,15 @@ function updateDocument($source_obj, $obj, $manual_updated = FALSE)
 		if(!$obj->commentStatus) $obj->commentStatus = 'DENY';
 		if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj);
 		if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N';
-		if($obj->homepage &&  !preg_match('/^[a-z]+:\/\//i',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage;
+		if($obj->homepage)
+		{
+			$obj->homepage = removeHackTag($obj->homepage);
+			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
+			{
+				$obj->homepage = 'http://'.$obj->homepage;
+			}
+		}
+
 		if($obj->notify_message != 'Y') $obj->notify_message = 'N';
 
 		// can modify regdate only manager