관리자 CSRF 취약점 수정2

2015-11-24 11:09:54 +09:00
parent 32d09cff7d
commit 33e9d1e1d0
16 changed files with 43 additions and 33 deletions
--- a/adm/faqformupdate.php
+++ b/adm/faqformupdate.php
@ -5,13 +5,12 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
    check_demo();

-if ($W == 'd') {
-    admin_referer_check();
+if ($W == 'd')
    auth_check($auth[$sub_menu], "d");
-} else {
-    check_admin_token();
+else
    auth_check($auth[$sub_menu], "w");
-}
+
+check_admin_token();

 $sql_common = " fa_subject = '$fa_subject',
                fa_content = '$fa_content',