firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0001, 0002, 0042, 0050 그누보드 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-01-28 10:07:29 +09:00
parent f1a69ff7a4
commit 31bf6e94ad
5 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adm/sms_admin/form_group_update.php
View File

@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$fg_no = (int) $_POST['fg_no'][$k];
$fg_name = strip_tags($_POST['fg_name'][$k]);
$fg_member = strip_tags($_POST['fg_member'][$k]);
$fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
$fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
if (!is_numeric($fg_no))
alert('그룹 고유번호가 없습니다.');
@ -83,7 +83,7 @@ else // 등록
if (!strlen(trim($fg_name)))
alert('그룹명을 입력해주세요');
$fg_name = strip_tags($fg_name);
$fg_name = addslashes(strip_tags($fg_name));
$res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
if ($res)