firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

관리자 CSRF 취약점 수정2

Browse Source
This commit is contained in:
chicpro
2015-11-24 11:09:54 +09:00
parent 32d09cff7d
commit 33e9d1e1d0
16 changed files with 43 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
adm/admin.js
View File

@ -57,12 +57,20 @@ function is_checked(elements_name)
return checked;
}
function delete_confirm()
function delete_confirm(el)
{
if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?"))
if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?")) {
var token = get_ajax_token();
var href = el.href.replace(/&token=.+$/g, "");
if(!token) {
alert("토큰 정보가 올바르지 않습니다.");
return false;
}
el.href = href+"&token="+token;
return true;
else
} else {
return false;
}
}
function delete_confirm2(msg)
@ -79,7 +87,7 @@ function get_ajax_token()
$.ajax({
type: "POST",
url: "./ajax.token.php",
url: g5_admin_url+"/ajax.token.php",
cache: false,
async: false,
dataType: "json",
@ -112,7 +120,7 @@ $(function() {
var $f = $(f);
if(typeof f.token === "undefined")
$f.append('<input type="hidden" name="token" value="">');
$f.prepend('<input type="hidden" name="token" value="">');
$f.find("input[name=token]").val(token);

2
adm/admin.lib.php
View File

@ -362,7 +362,7 @@ function check_admin_token()
$token = get_session('ss_admin_token');
set_session('ss_admin_token', '');
if(!$token || !$_POST['token'] || $token != $_POST['token'])
if(!$token || !$_REQUEST['token'] || $token != $_REQUEST['token'])
alert('올바른 방법으로 이용해 주십시오.');
return true;

2
adm/board_copy.php
View File

@ -8,6 +8,8 @@ $g5['title'] = '게시판 복사';
include_once(G5_PATH.'/head.sub.php');
?>
<script src="<?php echo G5_ADMIN_URL ?>/admin.js"></script>
<div class="new_win">
<h1><?php echo $g5['title']; ?></h1>

9
adm/contentformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd') {
admin_referer_check();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
} else {
check_admin_token();
else
auth_check($auth[$sub_menu], "w");
}
check_admin_token();
@mkdir(G5_DATA_PATH."/content", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/content", G5_DIR_PERMISSION);

2
adm/contentlist.php
View File

@ -78,7 +78,7 @@ $result = sql_query($sql);
<td class="td_mng">
<a href="./contentform.php?w=u&amp;co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>수정</a>
<a href="<?php echo G5_BBS_URL; ?>/content.php?co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span> 보기</a>
<a href="./contentformupdate.php?w=d&amp;co_id=<?php echo $row['co_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>삭제</a>
<a href="./contentformupdate.php?w=d&amp;co_id=<?php echo $row['co_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>삭제</a>
</td>
</tr>
<?php

9
adm/faqformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d")
check_demo();
if ($W == 'd') {
admin_referer_check();
if ($W == 'd')
auth_check($auth[$sub_menu], "d");
} else {
check_admin_token();
else
auth_check($auth[$sub_menu], "w");
}
check_admin_token();
$sql_common = " fa_subject = '$fa_subject',
fa_content = '$fa_content',

2
adm/faqlist.php
View File

@ -69,7 +69,7 @@ $result = sql_query($sql);
<td class="td_num"><?php echo $row['fa_order']; ?></td>
<td class="td_mngsmall">
<a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a>
<a href="javascript:del('./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>');"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a>
<a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a>
</td>
</tr>

9
adm/faqmasterformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d")
check_demo();
if ($W == 'd') {
admin_referer_check();
if ($W == 'd')
auth_check($auth[$sub_menu], "d");
} else {
check_admin_token();
else
auth_check($auth[$sub_menu], "w");
}
check_admin_token();
@mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);

2
adm/faqmasterlist.php
View File

@ -107,7 +107,7 @@ $result = sql_query($sql);
<td class="td_mng">
<a href="./faqmasterform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>수정</a>
<a href="<?php echo G5_BBS_URL; ?>/faq.php?fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>보기</a>
<a href="./faqmasterformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>삭제</a>
<a href="./faqmasterformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>삭제</a>
</td>
</tr>
<?php

2
adm/index.php
View File

@ -84,7 +84,7 @@ $colspan = 12;
else
{
$s_mod = '<a href="./member_form.php?$qstr&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
$s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'\');">삭제</a>';
$s_del = '<a href="./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'" onclick="return delete_confirm(this);">삭제</a>';
}
$s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

2
adm/mail_list.php
View File

@ -82,7 +82,7 @@ $colspan = 7;
</div>
<div class="btn_list01 btn_list">
<button type="submit">선택삭제</button>
<input type="submit" value="선택삭제">
</div>
</form>

9
adm/newwinformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd') {
admin_referer_check();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
} else {
check_admin_token();
else
auth_check($auth[$sub_menu], "w");
}
check_admin_token();
$sql_common = " nw_device = '{$_POST['nw_device']}',
nw_begin_time = '{$_POST['nw_begin_time']}',

2
adm/newwinlist.php
View File

@ -98,7 +98,7 @@ $result = sql_query($sql);
<td class="td_num"><?php echo $row['nw_height']; ?>px</td>
<td class="td_mngsmall">
<a href="./newwinform.php?w=u&amp;nw_id=<?php echo $row['nw_id']; ?>"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>수정</a>
<a href="./newwinformupdate.php?w=d&amp;nw_id=<?php echo $row['nw_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>삭제</a>
<a href="./newwinformupdate.php?w=d&amp;nw_id=<?php echo $row['nw_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>삭제</a>
</td>
</tr>
<?php

2
adm/poll_list.php
View File

@ -132,7 +132,7 @@ $colspan = 7;
</div>
<div class="btn_list01 btn_list">
<button type="submit">선택삭제</button>
<input type="submit" value="선택삭제">
</div>
</form>

2
adm/sms_admin/config_update.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");
check_demo();
check_admin_token();
$g5['title'] = "SMS 기본설정";
// 회신번호 체크

2
adm/sms_admin/sms_write_send.php
View File

@ -4,6 +4,8 @@ include_once("./_common.php");
auth_check($auth[$sub_menu], "w");
check_admin_token();
$g5['title'] = "문자전송중";
$wr_reply = preg_replace('#[^0-9\-]#', '', trim($wr_reply));