firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 영카트 다중 취약점(17-1029, 17-1047) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-13 16:11:52 +09:00
parent d7b5c9a4bd
commit 06ad4e534a
12 changed files with 50 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/view_comment.php
View File

@ -39,8 +39,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
$list[$i]['content'] = $list[$i]['content1']= '비밀글 입니다.';
if (!strstr($row['wr_option'], 'secret') ||
$is_admin ||
($write['mb_id']==$member['mb_id'] && $member['mb_id']) ||
($row['mb_id']==$member['mb_id'] && $member['mb_id'])) {
($write['mb_id']===$member['mb_id'] && $member['mb_id']) ||
($row['mb_id']===$member['mb_id'] && $member['mb_id'])) {
$list[$i]['content1'] = $row['wr_content'];
$list[$i]['content'] = conv_content($row['wr_content'], 0, 'wr_content');
$list[$i]['content'] = search_font($stx, $list[$i]['content']);
@ -71,7 +71,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
if ($member['mb_id'])
{
if ($row['mb_id'] == $member['mb_id'] || $is_admin)
if ($row['mb_id'] === $member['mb_id'] || $is_admin)
{
set_session('ss_delete_comment_'.$row['wr_id'].'_token', $token = uniqid(time()));
$list[$i]['del_link'] = './delete_comment.php?bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&token='.$token.'&page='.$page.$qstr;