firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 및 SQL Injection 보안 취약점 수정

Browse Source
This commit is contained in:
chicpro
2014-07-31 17:01:06 +09:00
parent 0742c5f81b
commit 79d7a690f4
8 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/index.php
View File

@ -176,7 +176,7 @@ $colspan = 5;
$comment_link = "";
$row2 = sql_fetch(" select * from $tmp_write_table where wr_id = '{$row['wr_id']}' ");
$name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
$name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row2['wr_datetime'],0,10);
$datetime2 = $row2['wr_datetime'];
@ -193,7 +193,7 @@ $colspan = 5;
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_parent']}' ");
$row3 = sql_fetch(" select mb_id, wr_name, wr_email, wr_homepage, wr_datetime from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
$name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
$name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row3['wr_datetime'],0,10);
$datetime2 = $row3['wr_datetime'];