관리자 CSRF 취약점 수정

2015-11-23 18:22:10 +09:00
parent 976c9d0f9b
commit 32d09cff7d
49 changed files with 179 additions and 62 deletions
--- a/adm/admin.js
+++ b/adm/admin.js
@ -71,4 +71,51 @@ function delete_confirm2(msg)
        return true;
    else
        return false;
-}
+}
+
+function get_ajax_token()
+{
+    var token = "";
+
+    $.ajax({
+        type: "POST",
+        url: "./ajax.token.php",
+        cache: false,
+        async: false,
+        dataType: "json",
+        success: function(data) {
+            if(data.error) {
+                alert(data.error);
+                if(data.url)
+                    document.location.href = data.url;
+
+                return false;
+            }
+
+            token = data.token;
+        }
+    });
+
+    return token;
+}
+
+$(function() {
+    $(document).on("click", "form input:submit", function() {
+        var f = this.form;
+        var token = get_ajax_token();
+
+        if(!token) {
+            alert("토큰 정보가 올바르지 않습니다.");
+            return false;
+        }
+
+        var $f = $(f);
+
+        if(typeof f.token === "undefined")
+            $f.append('<input type="hidden" name="token" value="">');
+
+        $f.find("input[name=token]").val(token);
+
+        return true;
+    });
+});