[KVE-2020-0100,0101]그누보드 관리자페이지 XSS 취약점 수정

2020-02-13 15:23:11 +09:00
parent 120d8cf564
commit 3cf0546711
2 changed files with 4 additions and 0 deletions
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");

 $g5['title'] = "이모티콘 ";

+$fg_no = isset($fg_no) ? (int) $fg_no : '';
+
 if ($w == 'u' && is_numeric($fo_no)) {
    $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
    $g5['title'] .= '수정';
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@ -7,6 +7,8 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);

 $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
 $no_count = $res['cnt'];
+
+$fg_no = isset($fg_no) ? (int) $fg_no : '';
 ?>

 <form name="emo_frm">