관리자 CSRF 취약점 수정

2015-11-23 18:22:10 +09:00
parent 976c9d0f9b
commit 32d09cff7d
49 changed files with 179 additions and 62 deletions
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@ -5,8 +5,6 @@ include_once('./_common.php');
 if ($is_admin != 'super')
    alert('최고관리자만 접근 가능합니다.');

-$token = get_token();
-
 // 메뉴테이블 생성
 if( !isset($g5['menu_table']) ){
    die('<meta charset="utf-8">dbconfig.php 파일에 <strong>$g5[\'menu_table\'] = G5_TABLE_PREFIX.\'menu\';</strong> 를 추가해 주세요.');
@ -40,7 +38,7 @@ $colspan = 7;
 </div>

 <form name="fmenulist" id="fmenulist" method="post" action="./menu_list_update.php" onsubmit="return fmenulist_submit(this);">
-<input type="hidden" name="token" value="<?php echo $token ?>">
+<input type="hidden" name="token" value="">

 <div class="btn_add01 btn_add">
    <button type="button" onclick="return add_menu();">메뉴추가<span class="sound_only"> 새창</span></button>