From 3cf0546711fc91758765fd04225898d3f351850d Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 13 Feb 2020 15:23:11 +0900 Subject: [PATCH] =?UTF-8?q?[KVE-2020-0100,0101]=EA=B7=B8=EB=88=84=EB=B3=B4?= =?UTF-8?q?=EB=93=9C=20=EA=B4=80=EB=A6=AC=EC=9E=90=ED=8E=98=EC=9D=B4?= =?UTF-8?q?=EC=A7=80=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/form_write.php | 2 ++ adm/sms_admin/sms_write_form.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/adm/sms_admin/form_write.php b/adm/sms_admin/form_write.php index 6191bd59d..b8e4913f7 100644 --- a/adm/sms_admin/form_write.php +++ b/adm/sms_admin/form_write.php @@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w"); $g5['title'] = "이모티콘 "; +$fg_no = isset($fg_no) ? (int) $fg_no : ''; + if ($w == 'u' && is_numeric($fo_no)) { $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'"); $g5['title'] .= '수정'; diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php index fdbf64c91..103535b5e 100644 --- a/adm/sms_admin/sms_write_form.php +++ b/adm/sms_admin/sms_write_form.php @@ -7,6 +7,8 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res); $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0"); $no_count = $res['cnt']; + +$fg_no = isset($fg_no) ? (int) $fg_no : ''; ?>