firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2022-0133] 그누보드 XSS, CSRF 취약점 수정

Browse Source
This commit is contained in:
thisgun
2022-06-16 16:06:33 +09:00
parent 32e9797fef
commit 4883fb18ae
3 changed files with 59 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adm/mail_select_list.php
View File

@ -4,18 +4,20 @@ require_once './_common.php';
auth_check_menu($auth, $sub_menu, 'r');
$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
$ma_last_option = "";
$sql_common = " from {$g5['member_table']} ";
$sql_where = " where (1) ";
$mb_id1 = isset($_POST['mb_id1']) ? $_POST['mb_id1'] : 1;
$mb_id1 = isset($_POST['mb_id1']) ? (int) $_POST['mb_id1'] : 1;
$mb_id1_from = isset($_POST['mb_id1_from']) ? clean_xss_tags($_POST['mb_id1_from'], 1, 1, 30) : '';
$mb_id1_to = isset($_POST['mb_id1_to']) ? clean_xss_tags($_POST['mb_id1_to'], 1, 1, 30) : '';
$mb_email = isset($_POST['mb_email']) ? clean_xss_tags($_POST['mb_email'], 1, 1, 100) : '';
$mb_mailling = isset($_POST['mb_mailling']) ? clean_xss_tags($_POST['mb_mailling'], 1, 1, 100) : '';
$mb_level_from = isset($_POST['mb_level_from'])? $_POST['mb_level_from'] : 1;
$mb_level_to = isset($_POST['mb_level_to']) ? $_POST['mb_level_to'] : 10;
$mb_level_from = isset($_POST['mb_level_from'])? (int) $_POST['mb_level_from'] : 1;
$mb_level_to = isset($_POST['mb_level_to']) ? (int) $_POST['mb_level_to'] : 10;
// 회원ID ..에서 ..까지
if ($mb_id1 != 1) {
@ -81,7 +83,7 @@ require_once './admin.head.php';
<form name="fmailselectlist" id="fmailselectlist" method="post" action="./mail_select_update.php">
<input type="hidden" name="token" value="">
<input type="hidden" name="ma_id" value="<?php echo $ma_id ?>">
<input type="hidden" name="ma_id" value="<?php echo get_text($ma_id); ?>">
<div class="tbl_head01 tbl_wrap">
<table>