CSRF 취약점 수정

adm/newwinformupdate.php

@@ -5,23 +5,23 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
     check_demo();
 
-if ($W == 'd')
+if ($w == 'd')
     auth_check($auth[$sub_menu], "d");
 else
     auth_check($auth[$sub_menu], "w");
 
-$sql_common = " nw_division = '$nw_division',
-                nw_device = '$nw_device',
-                nw_begin_time = '$nw_begin_time',
-                nw_end_time = '$nw_end_time',
-                nw_disable_hours = '$nw_disable_hours',
-                nw_left = '$nw_left',
-                nw_top = '$nw_top',
-                nw_height = '$nw_height',
-                nw_width = '$nw_width',
-                nw_subject = '$nw_subject',
-                nw_content = '$nw_content',
-                nw_content_html = '$nw_content_html' ";
+$sql_common = " nw_division = '{$_POST['nw_division']}',
+                nw_device = '{$_POST['nw_device']}',
+                nw_begin_time = '{$_POST['nw_begin_time']}',
+                nw_end_time = '{$_POST['nw_end_time']}',
+                nw_disable_hours = '{$_POST['nw_disable_hours']}',
+                nw_left = '{$_POST['nw_left']}',
+                nw_top = '{$_POST['nw_top']}',
+                nw_height = '{$_POST['nw_height']}',
+                nw_width = '{$_POST['nw_width']}',
+                nw_subject = '{$_POST['nw_subject']}',
+                nw_content = '{$_POST['nw_content']}',
+                nw_content_html = '{$_POST['nw_content_html']}' ";
 
 if($w == "")
 {

bbs/poll_etc_update.php

@@ -4,8 +4,12 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
 
 if ($w == '')
 {
+    $po_id   = $_POST['po_id'];
+    $pc_name = $_POST['pc_name'];
+    $pc_idea = $_POST['pc_idea'];
+
     $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
-    if (!$po[po_id])
+    if (!$po['po_id'])
         alert('po_id 값이 제대로 넘어오지 않았습니다.');
 
     $tmp_row = sql_fetch(" select max(pc_id) as max_pc_id from {$g5['poll_etc_table']} ");

bbs/scrap_popin_update.php

@@ -6,7 +6,7 @@ include_once(G5_PATH.'/head.sub.php');
 if (!$is_member)
 {
     $href = './login.php?'.$qstr.'&url='.urlencode('./board.php?bo_table='.$bo_table.'&wr_id='.$wr_id);
-    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.$href.'\'; </script>';
+    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.str_replace('&amp;', '&', $href).'\'; </script>';
     exit;
 }
 
@@ -32,6 +32,8 @@ if ($row['cnt'])
     exit;
 }
 
+$wr_content = trim($_POST['wr_content']);
+
 // 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
 if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
 {

config.php

@@ -6,8 +6,9 @@
 
 define('G5_VERSION', '그누보드5');
 
-define('G5_GNUBOARD_VER', '5.0.37');
-define('G5_YOUNGCART_VER', '5.0.38');
+
+define('G5_GNUBOARD_VER', '5.0.38');
+define('G5_YOUNGCART_VER', '5.0.39');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);