관리자 CSRF 취약점 수정

2015-11-23 18:22:10 +09:00
parent 976c9d0f9b
commit 32d09cff7d
49 changed files with 179 additions and 62 deletions
--- a/adm/faqformupdate.php
+++ b/adm/faqformupdate.php
@ -5,10 +5,13 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
    check_demo();

-if ($W == 'd')
+if ($W == 'd') {
+    admin_referer_check();
    auth_check($auth[$sub_menu], "d");
-else
+} else {
+    check_admin_token();
    auth_check($auth[$sub_menu], "w");
+}

 $sql_common = " fa_subject = '$fa_subject',
                fa_content = '$fa_content',