firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1827, 1828, 1829, 1830 그누보드/영카트 다중 취약점 처리

Browse Source
This commit is contained in:
thisgun
2019-01-07 14:13:03 +09:00
parent 1ba5bb09fc
commit 4cc8284016
5 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/sms_admin/emoticon_move_update.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "r");
if(!count($_POST['chk_fg_no']))
alert('이모티콘을 이동할 그룹을 한개 이상 선택해 주십시오.', $url);
$fo_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $fo_no_list);
$sql = "select * from {$g5['sms5_form_table']} where fo_no in ($fo_no_list) order by fo_no desc ";
$result = sql_query($sql);
$save = array();

4
adm/sms_admin/history_num.php
View File

@ -16,6 +16,10 @@ if ($st && trim($sv))
else
$sql_search = "";
if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
$st = '';
}
$total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
$total_count = $total_res['cnt'];

4
adm/sms_admin/history_view.php
View File

@ -8,6 +8,10 @@ $colspan = 10;
$st = isset($st) ? strip_tags($st) : '';
$ssv = isset($ssv) ? strip_tags($ssv) : '';
if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
$st = '';
}
auth_check($auth[$sub_menu], "r");
$g5['title'] = "문자전송 상세내역";

4
adm/sms_admin/num_book_move.php
View File

@ -31,8 +31,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
<form name="fboardmoveall" method="post" action="./number_move_update.php" onsubmit="return fboardmoveall_submit(this);">
<input type="hidden" name="sw" value="<?php echo $sw ?>">
<input type="hidden" name="bk_no_list" value="<?php echo $bk_no_list ?>">
<input type="hidden" name="act" value="<?php echo $act ?>">
<input type="hidden" name="bk_no_list" value="<?php echo get_sanitize_input($bk_no_list); ?>">
<input type="hidden" name="act" value="<?php echo get_sanitize_input($act); ?>">
<input type="hidden" name="url" value="<?php echo clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])); ?>">
<div class=" new_win_con">
<div class="tbl_head01 tbl_wrap">

2
adm/sms_admin/number_move_update.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "r");
if(!count($_POST['chk_bg_no']))
alert('번호를 '.$act.'할 그룹을 한개 이상 선택해 주십시오.', $url);
$bk_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $bk_no_list);
$sql = "select * from {$g5['sms5_book_table']} where bk_no in ($bk_no_list) order by bk_no desc ";
$result = sql_query($sql);
$save = array();