firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 영카트 다중 취약점(17-1029, 17-1047) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-13 16:11:52 +09:00
parent d7b5c9a4bd
commit 06ad4e534a
12 changed files with 50 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/view.php
View File

@ -70,7 +70,7 @@ if ($member['mb_level'] >= $board['bo_reply_level'])
// 수정, 삭제 링크
$update_href = $delete_href = '';
// 로그인중이고 자신의 글이라면 또는 관리자라면 비밀번호를 묻지 않고 바로 수정, 삭제 가능
if (($member['mb_id'] && ($member['mb_id'] == $write['mb_id'])) || $is_admin) {
if (($member['mb_id'] && ($member['mb_id'] === $write['mb_id'])) || $is_admin) {
$update_href = './write.php?w=u&bo_table='.$bo_table.'&wr_id='.$wr_id.'&page='.$page.$qstr;
set_session('ss_delete_token', $token = uniqid(time()));
$delete_href ='./delete.php?bo_table='.$bo_table.'&wr_id='.$wr_id.'&token='.$token.'&page='.$page.urldecode($qstr);