firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

회원 홈페이지를 이용한 SQL Injection 오류 수정

Browse Source
This commit is contained in:
chicpro
2014-10-23 09:21:59 +09:00
parent 46f484461f
commit 36e6d53374
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/scrap_popin_update.php
View File

@ -40,10 +40,10 @@ if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
if ($wr['wr_id'])
{
$mb_id = $member['mb_id'];
$wr_name = $member['mb_nick'];
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password'];
$wr_email = $member['mb_email'];
$wr_homepage = $member['mb_homepage'];
$wr_email = addslashes($member['mb_email']);
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
$sql = " select max(wr_comment) as max_comment from $write_table
where wr_parent = '$wr_id' and wr_is_comment = '1' ";