From 4883fb18aedf60dd01c6aa4f6d7fbded10061847 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 16 Jun 2022 16:06:33 +0900 Subject: [PATCH] =?UTF-8?q?[KVE-2022-0133]=20=EA=B7=B8=EB=88=84=EB=B3=B4?= =?UTF-8?q?=EB=93=9C=20XSS,=20CSRF=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/mail_select_list.php | 10 ++++++---- adm/member_form.php | 41 +++++++++++++++++++++++++++++++++++++- adm/member_form_update.php | 13 ++++++++++++ 3 files changed, 59 insertions(+), 5 deletions(-) diff --git a/adm/mail_select_list.php b/adm/mail_select_list.php index 482896643..a3046afac 100644 --- a/adm/mail_select_list.php +++ b/adm/mail_select_list.php @@ -4,18 +4,20 @@ require_once './_common.php'; auth_check_menu($auth, $sub_menu, 'r'); +$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0; + $ma_last_option = ""; $sql_common = " from {$g5['member_table']} "; $sql_where = " where (1) "; -$mb_id1 = isset($_POST['mb_id1']) ? $_POST['mb_id1'] : 1; +$mb_id1 = isset($_POST['mb_id1']) ? (int) $_POST['mb_id1'] : 1; $mb_id1_from = isset($_POST['mb_id1_from']) ? clean_xss_tags($_POST['mb_id1_from'], 1, 1, 30) : ''; $mb_id1_to = isset($_POST['mb_id1_to']) ? clean_xss_tags($_POST['mb_id1_to'], 1, 1, 30) : ''; $mb_email = isset($_POST['mb_email']) ? clean_xss_tags($_POST['mb_email'], 1, 1, 100) : ''; $mb_mailling = isset($_POST['mb_mailling']) ? clean_xss_tags($_POST['mb_mailling'], 1, 1, 100) : ''; -$mb_level_from = isset($_POST['mb_level_from'])? $_POST['mb_level_from'] : 1; -$mb_level_to = isset($_POST['mb_level_to']) ? $_POST['mb_level_to'] : 10; +$mb_level_from = isset($_POST['mb_level_from'])? (int) $_POST['mb_level_from'] : 1; +$mb_level_to = isset($_POST['mb_level_to']) ? (int) $_POST['mb_level_to'] : 10; // 회원ID ..에서 ..까지 if ($mb_id1 != 1) { @@ -81,7 +83,7 @@ require_once './admin.head.php';
- +
diff --git a/adm/member_form.php b/adm/member_form.php index fb59ae01b..8040e9d09 100644 --- a/adm/member_form.php +++ b/adm/member_form.php @@ -240,7 +240,19 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js 접근가능그룹보기 - + @@ -582,8 +594,35 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js return false; } + if( jQuery("#mb_password").val() ){ + + } + return true; } + + jQuery(function($){ + $("#captcha_key").prop('required', false).removeAttr("required").removeClass("required"); + + $("#mb_password").on("keyup", function(e) { + var $warp = $("#mb_password_captcha_wrap"), + tooptipid = "mp_captcha_tooltip", + $span_text = $("", {id:tooptipid, style:"font-size:0.95em;letter-spacing:-0.1em"}).html("비밀번호를 수정할 경우 캡챠를 입력해야 합니다."), + $parent = $(this).parent(), + is_invisible_recaptcha = $("#captcha").hasClass("invisible_recaptcha"); + + if($(this).val()){ + $warp.show(); + if(! is_invisible_recaptcha) { + $warp.css("margin-top","1em"); + if(! $("#"+tooptipid).length){ $parent.append($span_text) } + } + } else { + $warp.hide(); + if($("#"+tooptipid).length && ! is_invisible_recaptcha){ $parent.find("#"+tooptipid).remove(); } + } + }); + });
class="frm_input " size="15" maxlength="20"> +
+ class="frm_input " size="15" maxlength="20"> +
+ +