Merge branch 'g5'

2016-10-05 10:34:46 +09:00
parent d4c148bd00 b69720836b
commit 47179792fa
6 changed files with 92 additions and 2 deletions
--- a/adm/admin.tail.php
+++ b/adm/admin.tail.php
@ -21,7 +21,7 @@ if (!defined('_GNUBOARD_')) exit;

 <!-- <p>실행시간 : <?php echo get_microtime() - $begin_time; ?> -->

-<script src="<?php echo G5_ADMIN_URL ?>/admin.js<?php echo G5_JS_VER; ?>"></script>
+<script src="<?php echo G5_ADMIN_URL ?>/admin.js?ver=<?php echo G5_JS_VER; ?>"></script>
 <script>
 $(function(){
    var hide_menu = false;
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@ -8,7 +8,7 @@ $g5['title'] = '게시판 복사';
 include_once(G5_PATH.'/head.sub.php');
 ?>

-<script src="<?php echo G5_ADMIN_URL ?>/admin.js<?php echo G5_JS_VER; ?>"></script>
+<script src="<?php echo G5_ADMIN_URL ?>/admin.js?ver=<?php echo G5_JS_VER; ?>"></script>

 <div class="new_win">
    <h1><?php echo $g5['title']; ?></h1>
--- a/bbs/write_token.php
+++ b/bbs/write_token.php
@ -0,0 +1,13 @@
+<?php
+include_once('./_common.php');
+include_once(G5_LIB_PATH.'/json.lib.php');
+
+if(!$bo_table)
+   die(json_encode(array('error'=>'게시판 정보가 올바르지 않습니다.', 'url'=>G5_URL)));
+
+set_session('ss_write_'.$bo_table.'_token', '');
+
+$token = get_write_token($bo_table);
+
+die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
+?>
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@ -3,6 +3,9 @@ include_once('./_common.php');
 include_once(G5_LIB_PATH.'/naver_syndi.lib.php');
 include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');

+// 토큰체크
+check_write_token($bo_table);
+
 $g5['title'] = '게시글 저장';

 $msg = array();
--- a/js/common.js
+++ b/js/common.js
@ -689,4 +689,53 @@ $(function(){
            return false;
        }
    });
+});
+
+function get_write_token(bo_table)
+{
+    var token = "";
+
+    $.ajax({
+        type: "POST",
+        url: g5_bbs_url+"/write_token.php",
+        data: { bo_table: bo_table },
+        cache: false,
+        async: false,
+        dataType: "json",
+        success: function(data) {
+            if(data.error) {
+                alert(data.error);
+                if(data.url)
+                    document.location.href = data.url;
+
+                return false;
+            }
+
+            token = data.token;
+        }
+    });
+
+    return token;
+}
+
+$(function() {
+    $(document).on("click", "form[name=fwrite] input:submit", function() {
+        var f = this.form;
+        var bo_table = f.bo_table.value;
+        var token = get_write_token(bo_table);
+
+        if(!token) {
+            alert("토큰 정보가 올바르지 않습니다.");
+            return false;
+        }
+
+        var $f = $(f);
+
+        if(typeof f.token === "undefined")
+            $f.prepend('<input type="hidden" name="token" value="">');
+
+        $f.find("input[name=token]").val(token);
+
+        return true;
+    });
 });
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3248,4 +3248,29 @@ class str_encrypt
        return $result;
    }
 }
+
+// 불법접근을 막도록 토큰을 생성하면서 토큰값을 리턴
+function get_write_token($bo_table)
+{
+    $token = md5(uniqid(rand(), true));
+    set_session('ss_write_'.$bo_table.'_token', $token);
+
+    return $token;
+}
+
+
+// POST로 넘어온 토큰과 세션에 저장된 토큰 비교
+function check_write_token($bo_table)
+{
+    if(!$bo_table)
+        alert('올바른 방법으로 이용해 주십시오.', G5_URL);
+
+    $token = get_session('ss_write_'.$bo_table.'_token');
+    set_session('ss_write_'.$bo_table.'_token', '');
+
+    if(!$token || !$_REQUEST['token'] || $token != $_REQUEST['token'])
+        alert('올바른 방법으로 이용해 주십시오.', G5_URL);
+
+    return true;
+}
 ?>