firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

SQL Injection 및 관리자가 게시글 수정때 정보 반영되도록 수정

Browse Source
This commit is contained in:
chicpro
2014-10-24 11:01:34 +09:00
parent 36e6d53374
commit 50c42776e7
2 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bbs/write.php
View File

@ -294,10 +294,10 @@ $homepage = "";
if ($w == "" || $w == "r") { if ($w == "" || $w == "r") {
if ($is_member) { if ($is_member) {
if (isset($write['wr_name'])) { if (isset($write['wr_name'])) {
$name = get_text(cut_str($write['wr_name'],20)); $name = get_text(cut_str(stripslashes($write['wr_name']),20));
} }
$email = $member['mb_email']; $email = get_email_address($member['mb_email']);
$homepage = get_text($member['mb_homepage']); $homepage = get_text(stripslashes($member['mb_homepage']));
} }
} }
@ -318,9 +318,9 @@ if ($w == '') {
} }
} }
$name = get_text(cut_str($write['wr_name'],20)); $name = get_text(cut_str(stripslashes($write['wr_name']),20));
$email = get_email_address($write['wr_email']); $email = get_email_address($write['wr_email']);
$homepage = get_text($write['wr_homepage']); $homepage = get_text(stripslashes($write['wr_homepage']));
for ($i=1; $i<=G5_LINK_COUNT; $i++) { for ($i=1; $i<=G5_LINK_COUNT; $i++) {
$write['wr_link'.$i] = get_text($write['wr_link'.$i]); $write['wr_link'.$i] = get_text($write['wr_link'.$i]);

18
bbs/write_update.php
View File

@ -412,14 +412,24 @@ if ($w == '' || $w == 'r') {
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else { } else {
$mb_id = $wr['mb_id']; $mb_id = $wr['mb_id'];
$wr_name = $wr['wr_name']; if(isset($_POST['wr_name']) && $_POST['wr_name'])
$wr_email = $wr['wr_email']; $wr_name = clean_xss_tags(trim($_POST['wr_name']));
$wr_homepage = $wr['wr_homepage']; else
$wr_name = addslashes(clean_xss_tags($wr['wr_name']));
if(isset($_POST['wr_email']) && $_POST['wr_email'])
$wr_email = get_email_address(trim($_POST['wr_email']));
else
$wr_email = addslashes($wr['wr_email']);
if(isset($_POST['wr_homepage']) && $_POST['wr_homepage'])
$wr_homepage = addslashes(clean_xss_tags($_POST['wr_homepage']));
else
$wr_homepage = addslashes(clean_xss_tags($wr['wr_homepage']));
} }
} else { } else {
$mb_id = ""; $mb_id = "";
// 비회원의 경우 이름이 누락되는 경우가 있음 // 비회원의 경우 이름이 누락되는 경우가 있음
//if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다."); if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다.");
$wr_name = clean_xss_tags(trim($_POST['wr_name']));
$wr_email = get_email_address(trim($_POST['wr_email'])); $wr_email = get_email_address(trim($_POST['wr_email']));
} }