firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 CSRF 취약점(KVE-2017-0883,0884,0923) 수정

Browse Source
This commit is contained in:
thisgun
2017-12-12 11:59:10 +09:00
parent 7f9664af0a
commit 875a326344
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bbs/qaview.php
View File

@ -109,7 +109,8 @@ if(is_file($skin_file)) {
*/
if(($view['qa_type'] && $is_admin) || (!$view['qa_type'] && $view['qa_status'] == 0)) {
$update_href = G5_BBS_URL.'/qawrite.php?w=u&qa_id='.$view['qa_id'].$qstr;
$delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$view['qa_id'].$qstr;
set_session('ss_qa_delete_token', $token = uniqid(time()));
$delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$view['qa_id'].'&token='.$token.$qstr;
}
// 질문글이고 등록된 답변이 있다면