From 7f9664af0a3d470c6f23d09859ff69f593921eec Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 11 Dec 2017 17:52:20 +0900 Subject: [PATCH] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20Reflecte?= =?UTF-8?q?d=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20(891,=20906,=20908,=209?= =?UTF-8?q?10)=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/poll_form.php | 2 ++ adm/sms_admin/form_group_update.php | 14 +++++++++----- adm/sms_admin/form_update.php | 3 +++ adm/sms_admin/num_group_update.php | 10 ++++++---- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/adm/poll_form.php b/adm/poll_form.php index 6181b1375..2d259b58e 100644 --- a/adm/poll_form.php +++ b/adm/poll_form.php @@ -4,6 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'w'); +$po_id = isset($po_id) ? (int) $po_id : 0; + $html_title = '투표'; if ($w == '') $html_title .= ' 생성'; diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php index 058980a11..ee8b1627a 100644 --- a/adm/sms_admin/form_group_update.php +++ b/adm/sms_admin/form_group_update.php @@ -10,9 +10,9 @@ if ($w == 'u') // 업데이트 { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $fg_no = $_POST['fg_no'][$k]; - $fg_name = $_POST['fg_name'][$k]; - $fg_member = $_POST['fg_member'][$k]; + $fg_no = (int) $_POST['fg_no'][$k]; + $fg_name = strip_tags($_POST['fg_name'][$k]); + $fg_member = strip_tags($_POST['fg_member'][$k]); if (!is_numeric($fg_no)) alert('그룹 고유번호가 없습니다.'); @@ -38,7 +38,7 @@ else if ($w == 'de') // 그룹삭제 { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $fg_no = $_POST['fg_no'][$k]; + $fg_no = (int) $_POST['fg_no'][$k]; if (!is_numeric($fg_no)) alert('그룹 고유번호가 없습니다.'); @@ -57,7 +57,7 @@ else if ($w == 'em') { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $fg_no = $_POST['fg_no'][$k]; + $fg_no = (int) $_POST['fg_no'][$k]; if ($fg_no == 'no') $fg_no = 0; @@ -71,6 +71,8 @@ else if ($w == 'no') { if ($fg_no == 'no') $fg_no = 0; + $fg_no = (int) $fg_no; + if ($fg_no) sql_query("update {$g5['sms5_form_group_table']} set fg_count = 0 where fg_no = '$fg_no'"); @@ -81,6 +83,8 @@ else // 등록 if (!strlen(trim($fg_name))) alert('그룹명을 입력해주세요'); + $fg_name = strip_tags($fg_name); + $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'"); if ($res) alert('같은 그룹명이 존재합니다.'); diff --git a/adm/sms_admin/form_update.php b/adm/sms_admin/form_update.php index 9059b91bf..080656e94 100644 --- a/adm/sms_admin/form_update.php +++ b/adm/sms_admin/form_update.php @@ -4,6 +4,9 @@ include_once("./_common.php"); auth_check($auth[$sub_menu], "w"); +$fo_name = isset($fo_name) ? strip_tags($fo_name) : ''; +$fo_content = isset($fo_content) ? strip_tags($fo_content) : ''; + $g5['title'] = "이모티콘 업데이트"; if ($w == 'u') // 업데이트 diff --git a/adm/sms_admin/num_group_update.php b/adm/sms_admin/num_group_update.php index ea9af2423..f23f31bea 100644 --- a/adm/sms_admin/num_group_update.php +++ b/adm/sms_admin/num_group_update.php @@ -10,8 +10,8 @@ if ($w == 'u') // 업데이트 { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $bg_no = $_POST['bg_no'][$k]; - $bg_name = $_POST['bg_name'][$k]; + $bg_no = (int) $_POST['bg_no'][$k]; + $bg_name = strip_tags($_POST['bg_name'][$k]); if (!is_numeric($bg_no)) alert('그룹 고유번호가 없습니다.'); @@ -36,7 +36,7 @@ else if ($w == 'de') // 그룹삭제 { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $bg_no = $_POST['bg_no'][$k]; + $bg_no = (int) $_POST['bg_no'][$k]; if (!is_numeric($bg_no)) alert('그룹 고유번호가 없습니다.'); @@ -55,7 +55,7 @@ else if ($w == 'em') // 비우기 { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; - $bg_no = $_POST['bg_no'][$k]; + $bg_no = (int) $_POST['bg_no'][$k]; sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'"); sql_query("delete from {$g5['sms5_book_table']} where bg_no='$bg_no'"); @@ -63,6 +63,8 @@ else if ($w == 'em') // 비우기 } else // 등록 { + $bg_name = strip_tags($bg_name); + if (!strlen(trim($bg_name))) alert('그룹명을 입력해주세요');