diff --git a/adm/admin.js b/adm/admin.js index 60412fa4a..4d971c321 100644 --- a/adm/admin.js +++ b/adm/admin.js @@ -57,12 +57,20 @@ function is_checked(elements_name) return checked; } -function delete_confirm() +function delete_confirm(el) { - if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?")) + if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?")) { + var token = get_ajax_token(); + var href = el.href.replace(/&token=.+$/g, ""); + if(!token) { + alert("토큰 정보가 올바르지 않습니다."); + return false; + } + el.href = href+"&token="+token; return true; - else + } else { return false; + } } function delete_confirm2(msg) @@ -79,7 +87,7 @@ function get_ajax_token() $.ajax({ type: "POST", - url: "./ajax.token.php", + url: g5_admin_url+"/ajax.token.php", cache: false, async: false, dataType: "json", @@ -112,7 +120,7 @@ $(function() { var $f = $(f); if(typeof f.token === "undefined") - $f.append(''); + $f.prepend(''); $f.find("input[name=token]").val(token); diff --git a/adm/admin.lib.php b/adm/admin.lib.php index fb68772d7..b18a2a28f 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -362,7 +362,7 @@ function check_admin_token() $token = get_session('ss_admin_token'); set_session('ss_admin_token', ''); - if(!$token || !$_POST['token'] || $token != $_POST['token']) + if(!$token || !$_REQUEST['token'] || $token != $_REQUEST['token']) alert('올바른 방법으로 이용해 주십시오.'); return true; diff --git a/adm/board_copy.php b/adm/board_copy.php index 01a725e58..3c4a38a2b 100644 --- a/adm/board_copy.php +++ b/adm/board_copy.php @@ -8,6 +8,8 @@ $g5['title'] = '게시판 복사'; include_once(G5_PATH.'/head.sub.php'); ?> + +

diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php index 1d6131c69..4212eedba 100644 --- a/adm/contentformupdate.php +++ b/adm/contentformupdate.php @@ -5,13 +5,12 @@ include_once('./_common.php'); if ($w == "u" || $w == "d") check_demo(); -if ($w == 'd') { - admin_referer_check(); +if ($w == 'd') auth_check($auth[$sub_menu], "d"); -} else { - check_admin_token(); +else auth_check($auth[$sub_menu], "w"); -} + +check_admin_token(); @mkdir(G5_DATA_PATH."/content", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/content", G5_DIR_PERMISSION); diff --git a/adm/contentlist.php b/adm/contentlist.php index bdd929bb9..afdffc175 100644 --- a/adm/contentlist.php +++ b/adm/contentlist.php @@ -78,7 +78,7 @@ $result = sql_query($sql); 수정 보기 - 삭제 + 삭제 수정 - 삭제 + 삭제 diff --git a/adm/faqmasterformupdate.php b/adm/faqmasterformupdate.php index a24681e9d..fed67d644 100644 --- a/adm/faqmasterformupdate.php +++ b/adm/faqmasterformupdate.php @@ -5,13 +5,12 @@ include_once('./_common.php'); if ($w == "u" || $w == "d") check_demo(); -if ($W == 'd') { - admin_referer_check(); +if ($W == 'd') auth_check($auth[$sub_menu], "d"); -} else { - check_admin_token(); +else auth_check($auth[$sub_menu], "w"); -} + +check_admin_token(); @mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); diff --git a/adm/faqmasterlist.php b/adm/faqmasterlist.php index c60c5accb..e0922bc3d 100644 --- a/adm/faqmasterlist.php +++ b/adm/faqmasterlist.php @@ -107,7 +107,7 @@ $result = sql_query($sql); 수정 보기 - 삭제 + 삭제 수정'; - $s_del = '삭제'; + $s_del = '삭제'; } $s_grp = '그룹'; diff --git a/adm/mail_list.php b/adm/mail_list.php index 910b588c9..681dcc298 100644 --- a/adm/mail_list.php +++ b/adm/mail_list.php @@ -82,7 +82,7 @@ $colspan = 7;
- +
diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php index 89a5e4d4d..191e54a3a 100644 --- a/adm/newwinformupdate.php +++ b/adm/newwinformupdate.php @@ -5,13 +5,12 @@ include_once('./_common.php'); if ($w == "u" || $w == "d") check_demo(); -if ($w == 'd') { - admin_referer_check(); +if ($w == 'd') auth_check($auth[$sub_menu], "d"); -} else { - check_admin_token(); +else auth_check($auth[$sub_menu], "w"); -} + +check_admin_token(); $sql_common = " nw_device = '{$_POST['nw_device']}', nw_begin_time = '{$_POST['nw_begin_time']}', diff --git a/adm/newwinlist.php b/adm/newwinlist.php index 065e7534d..1b24ab5d0 100644 --- a/adm/newwinlist.php +++ b/adm/newwinlist.php @@ -98,7 +98,7 @@ $result = sql_query($sql); px 수정 - 삭제 + 삭제
- +
diff --git a/adm/sms_admin/config_update.php b/adm/sms_admin/config_update.php index ec18b2ec8..3d9b57e03 100644 --- a/adm/sms_admin/config_update.php +++ b/adm/sms_admin/config_update.php @@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w"); check_demo(); +check_admin_token(); + $g5['title'] = "SMS 기본설정"; // 회신번호 체크 diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php index f0694ece7..c7ec11030 100644 --- a/adm/sms_admin/sms_write_send.php +++ b/adm/sms_admin/sms_write_send.php @@ -4,6 +4,8 @@ include_once("./_common.php"); auth_check($auth[$sub_menu], "w"); +check_admin_token(); + $g5['title'] = "문자전송중"; $wr_reply = preg_replace('#[^0-9\-]#', '', trim($wr_reply));