firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

관리자 CSRF 취약점 수정2

Browse Source
This commit is contained in:
chicpro
2015-11-24 11:09:54 +09:00
parent 32d09cff7d
commit 33e9d1e1d0
16 changed files with 43 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
adm/admin.js
View File

@ -57,12 +57,20 @@ function is_checked(elements_name)
return checked; return checked;
} }
function delete_confirm() function delete_confirm(el)
{ {
if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?")) if(confirm("한번 삭제한 자료는 복구할 방법이 없습니다.\n\n정말 삭제하시겠습니까?")) {
var token = get_ajax_token();
var href = el.href.replace(/&token=.+$/g, "");
if(!token) {
alert("토큰 정보가 올바르지 않습니다.");
return false;
}
el.href = href+"&token="+token;
return true; return true;
else } else {
return false; return false;
}
} }
function delete_confirm2(msg) function delete_confirm2(msg)
@ -79,7 +87,7 @@ function get_ajax_token()
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: "./ajax.token.php", url: g5_admin_url+"/ajax.token.php",
cache: false, cache: false,
async: false, async: false,
dataType: "json", dataType: "json",
@ -112,7 +120,7 @@ $(function() {
var $f = $(f); var $f = $(f);
if(typeof f.token === "undefined") if(typeof f.token === "undefined")
$f.append('<input type="hidden" name="token" value="">'); $f.prepend('<input type="hidden" name="token" value="">');
$f.find("input[name=token]").val(token); $f.find("input[name=token]").val(token);

2
adm/admin.lib.php
View File

@ -362,7 +362,7 @@ function check_admin_token()
$token = get_session('ss_admin_token'); $token = get_session('ss_admin_token');
set_session('ss_admin_token', ''); set_session('ss_admin_token', '');
if(!$token || !$_POST['token'] || $token != $_POST['token']) if(!$token || !$_REQUEST['token'] || $token != $_REQUEST['token'])
alert('올바른 방법으로 이용해 주십시오.'); alert('올바른 방법으로 이용해 주십시오.');
return true; return true;

2
adm/board_copy.php
View File

@ -8,6 +8,8 @@ $g5['title'] = '게시판 복사';
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
?> ?>
<script src="<?php echo G5_ADMIN_URL ?>/admin.js"></script>
<div class="new_win"> <div class="new_win">
<h1><?php echo $g5['title']; ?></h1> <h1><?php echo $g5['title']; ?></h1>

9
adm/contentformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($w == 'd') { if ($w == 'd')
admin_referer_check();
auth_check($auth[$sub_menu], "d"); auth_check($auth[$sub_menu], "d");
} else { else
check_admin_token();
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
}
check_admin_token();
@mkdir(G5_DATA_PATH."/content", G5_DIR_PERMISSION); @mkdir(G5_DATA_PATH."/content", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/content", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/content", G5_DIR_PERMISSION);

2
adm/contentlist.php
View File

@ -78,7 +78,7 @@ $result = sql_query($sql);
<td class="td_mng"> <td class="td_mng">
<a href="./contentform.php?w=u&amp;co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>수정</a> <a href="./contentform.php?w=u&amp;co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>수정</a>
<a href="<?php echo G5_BBS_URL; ?>/content.php?co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span> 보기</a> <a href="<?php echo G5_BBS_URL; ?>/content.php?co_id=<?php echo $row['co_id']; ?>"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span> 보기</a>
<a href="./contentformupdate.php?w=d&amp;co_id=<?php echo $row['co_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>삭제</a> <a href="./contentformupdate.php?w=d&amp;co_id=<?php echo $row['co_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo htmlspecialchars2($row['co_subject']); ?> </span>삭제</a>
</td> </td>
</tr> </tr>
<?php <?php

9
adm/faqformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($W == 'd') { if ($W == 'd')
admin_referer_check();
auth_check($auth[$sub_menu], "d"); auth_check($auth[$sub_menu], "d");
} else { else
check_admin_token();
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
}
check_admin_token();
$sql_common = " fa_subject = '$fa_subject', $sql_common = " fa_subject = '$fa_subject',
fa_content = '$fa_content', fa_content = '$fa_content',

2
adm/faqlist.php
View File

@ -69,7 +69,7 @@ $result = sql_query($sql);
<td class="td_num"><?php echo $row['fa_order']; ?></td> <td class="td_num"><?php echo $row['fa_order']; ?></td>
<td class="td_mngsmall"> <td class="td_mngsmall">
<a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a> <a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a>
<a href="javascript:del('./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>');"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a> <a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a>
</td> </td>
</tr> </tr>

9
adm/faqmasterformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($W == 'd') { if ($W == 'd')
admin_referer_check();
auth_check($auth[$sub_menu], "d"); auth_check($auth[$sub_menu], "d");
} else { else
check_admin_token();
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
}
check_admin_token();
@mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); @mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);

2
adm/faqmasterlist.php
View File

@ -107,7 +107,7 @@ $result = sql_query($sql);
<td class="td_mng"> <td class="td_mng">
<a href="./faqmasterform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>수정</a> <a href="./faqmasterform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>수정</a>
<a href="<?php echo G5_BBS_URL; ?>/faq.php?fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>보기</a> <a href="<?php echo G5_BBS_URL; ?>/faq.php?fm_id=<?php echo $row['fm_id']; ?>"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>보기</a>
<a href="./faqmasterformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>삭제</a> <a href="./faqmasterformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo stripslashes($row['fm_subject']); ?> </span>삭제</a>
</td> </td>
</tr> </tr>
<?php <?php

2
adm/index.php
View File

@ -84,7 +84,7 @@ $colspan = 12;
else else
{ {
$s_mod = '<a href="./member_form.php?$qstr&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>'; $s_mod = '<a href="./member_form.php?$qstr&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
$s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'\');">삭제</a>'; $s_del = '<a href="./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'" onclick="return delete_confirm(this);">삭제</a>';
} }
$s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>'; $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

2
adm/mail_list.php
View File

@ -82,7 +82,7 @@ $colspan = 7;
</div> </div>
<div class="btn_list01 btn_list"> <div class="btn_list01 btn_list">
<button type="submit">선택삭제</button> <input type="submit" value="선택삭제">
</div> </div>
</form> </form>

9
adm/newwinformupdate.php
View File

@ -5,13 +5,12 @@ include_once('./_common.php');
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($w == 'd') { if ($w == 'd')
admin_referer_check();
auth_check($auth[$sub_menu], "d"); auth_check($auth[$sub_menu], "d");
} else { else
check_admin_token();
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
}
check_admin_token();
$sql_common = " nw_device = '{$_POST['nw_device']}', $sql_common = " nw_device = '{$_POST['nw_device']}',
nw_begin_time = '{$_POST['nw_begin_time']}', nw_begin_time = '{$_POST['nw_begin_time']}',

2
adm/newwinlist.php
View File

@ -98,7 +98,7 @@ $result = sql_query($sql);
<td class="td_num"><?php echo $row['nw_height']; ?>px</td> <td class="td_num"><?php echo $row['nw_height']; ?>px</td>
<td class="td_mngsmall"> <td class="td_mngsmall">
<a href="./newwinform.php?w=u&amp;nw_id=<?php echo $row['nw_id']; ?>"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>수정</a> <a href="./newwinform.php?w=u&amp;nw_id=<?php echo $row['nw_id']; ?>"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>수정</a>
<a href="./newwinformupdate.php?w=d&amp;nw_id=<?php echo $row['nw_id']; ?>" onclick="return delete_confirm();"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>삭제</a> <a href="./newwinformupdate.php?w=d&amp;nw_id=<?php echo $row['nw_id']; ?>" onclick="return delete_confirm(this);"><span class="sound_only"><?php echo $row['nw_subject']; ?> </span>삭제</a>
</td> </td>
</tr> </tr>
<?php <?php

2
adm/poll_list.php
View File

@ -132,7 +132,7 @@ $colspan = 7;
</div> </div>
<div class="btn_list01 btn_list"> <div class="btn_list01 btn_list">
<button type="submit">선택삭제</button> <input type="submit" value="선택삭제">
</div> </div>
</form> </form>

2
adm/sms_admin/config_update.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");
check_demo(); check_demo();
check_admin_token();
$g5['title'] = "SMS 기본설정"; $g5['title'] = "SMS 기본설정";
// 회신번호 체크 // 회신번호 체크

2
adm/sms_admin/sms_write_send.php
View File

@ -4,6 +4,8 @@ include_once("./_common.php");
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
check_admin_token();
$g5['title'] = "문자전송중"; $g5['title'] = "문자전송중";
$wr_reply = preg_replace('#[^0-9\-]#', '', trim($wr_reply)); $wr_reply = preg_replace('#[^0-9\-]#', '', trim($wr_reply));