From af66f832fa4d28e7105d6bf626b74ef9ca505c54 Mon Sep 17 00:00:00 2001 From: woo Date: Mon, 21 Aug 2023 14:48:32 +0900 Subject: [PATCH] =?UTF-8?q?=EC=82=AC=EC=9A=A9=EC=9E=90=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=EA=B0=80=EC=9E=85=20=EC=9E=85=EB=A0=A5=ED=95=AD?= =?UTF-8?q?=EB=AA=A9=20XSS=20=ED=95=84=ED=84=B0=EB=A7=81=20=EC=98=88?= =?UTF-8?q?=EC=99=B8=20=ED=95=AD=EB=AA=A9=20=EC=B6=94=EA=B0=80=20=20-=20?= =?UTF-8?q?=ED=9A=8C=EC=9B=90=EC=95=84=EC=9D=B4=EB=94=94,=20=EC=9D=B4?= =?UTF-8?q?=EB=A9=94=EC=9D=BC=20=EC=A0=95=EB=B3=B4,=20=EC=B6=94=EC=B2=9C?= =?UTF-8?q?=EC=9D=B8=20=EC=95=84=EC=9D=B4=EB=94=94,=20=ED=9A=8C=EC=9B=90?= =?UTF-8?q?=EB=AA=85(=ED=9A=8C=EC=82=AC=EB=AA=85)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java b/src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java index a05eb3d1..3b299412 100644 --- a/src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java +++ b/src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java @@ -54,6 +54,10 @@ public class InterceptorHandler extends HandlerInterceptorAdapter{ && !name.toLowerCase().contains("certdi") && !name.toLowerCase().contains("di") && !name.toLowerCase().contains("mbldn") + && !name.toLowerCase().contains("mberid") + && !name.toLowerCase().contains("mberemailadres") + && !name.toLowerCase().contains("recommendid") + && !name.toLowerCase().contains("mbernm") ) { //파라미터 중에 URL 주소를 넘겨주는 부분이 있어서 해당 부분에것 select~, update~, delete~ 로 시작하는 주소경로가 있어서 제외처리를 하였음 String[] values = request.getParameterValues(name);