firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2022-0175] 그누보드 sql 취약점 수정

Browse Source
This commit is contained in:
thisgun
2022-06-23 14:29:14 +09:00
parent 2366e8ebfb
commit 929183b3e3
9 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adm/ajax.token.php
View File

@ -3,6 +3,12 @@ require_once './_common.php';
set_session('ss_admin_token', '');
$admin_csrf_token_key = isset($_POST['admin_csrf_token_key']) ? $_POST['admin_csrf_token_key'] : '';
if(function_exists('admin_csrf_token_key') && $admin_csrf_token_key !== admin_csrf_token_key(1)){
die(json_encode(array('error' => '토큰키 에러!', 'url' => G5_URL)));
}
$error = admin_referer_check(true);
if ($error) {
die(json_encode(array('error' => $error, 'url' => G5_URL)));