firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 및 SQL Injection 취약점 수정

Browse Source
This commit is contained in:
chicpro
2014-07-31 15:48:34 +09:00
parent 3100f342c3
commit 4d115fd895
7 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common.php
View File

@ -381,8 +381,8 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면
$tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
// 최고관리자는 자동로그인 금지
if ($tmp_mb_id != $config['cf_admin']) {
$sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where binary(mb_id) = '{$tmp_mb_id}' ";
if (strtolower($tmp_mb_id) != strtolower($config['cf_admin'])) {
$sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
$row = sql_fetch($sql);
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
// 쿠키에 저장된 키와 같다면