firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 CSRF 취약점(KVE-2017-0883,0884,0923) 수정

Browse Source
This commit is contained in:
thisgun
2017-12-12 11:59:10 +09:00
parent 7f9664af0a
commit 875a326344
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bbs/memo.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if ($is_guest)
alert_close('회원만 이용하실 수 있습니다.');
set_session('ss_memo_delete_token', $token = uniqid(time()));
$g5['title'] = '내 쪽지함';
include_once(G5_PATH.'/head.sub.php');
@ -65,7 +67,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
$list[$i]['send_datetime'] = $send_datetime;
$list[$i]['read_datetime'] = $read_datetime;
$list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&kind='.$kind;
$list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&kind='.$kind;
$list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&token='.$token.'&kind='.$kind;
}
include_once($member_skin_path.'/memo.skin.php');