관리자 CSRF 취약점 수정2

2015-11-24 11:09:54 +09:00
parent 32d09cff7d
commit 33e9d1e1d0
16 changed files with 43 additions and 33 deletions
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@ -362,7 +362,7 @@ function check_admin_token()
    $token = get_session('ss_admin_token');
    set_session('ss_admin_token', '');

-    if(!$token || !$_POST['token'] || $token != $_POST['token'])
+    if(!$token || !$_REQUEST['token'] || $token != $_REQUEST['token'])
        alert('올바른 방법으로 이용해 주십시오.');

    return true;