firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-0300,0331,0356,0358,0370 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-05-21 20:32:09 +09:00
parent c0fcd3a1ed
commit 980e65361c
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/sms_admin/form_multi_update.php
View File

@ -4,7 +4,7 @@ include_once("./_common.php");
auth_check($auth[$sub_menu], "w");
check_token();
check_admin_token();
if($atype == "del"){
$count = count($_POST['fo_no']);
@ -14,7 +14,7 @@ if($atype == "del"){
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$fo_no = $_POST['fo_no'][$i];
$fo_no = (int) $_POST['fo_no'][$i];
if (!trim($fo_no)) continue;
$res = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");

2
adm/sms_admin/num_book.php
View File

@ -13,6 +13,8 @@ $g5['title'] = "휴대폰번호 관리";
if ($page < 1) $page = 1;
$bg_no = isset($bg_no) ? (int) $bg_no : 0;
if (is_numeric($bg_no))
$sql_group = " and bg_no='$bg_no' ";
else