쇼핑몰 관리자 CSRF 취약점 수정

2015-11-24 14:43:42 +09:00
parent bfaa429721
commit a155f4d659
34 changed files with 72 additions and 27 deletions
--- a/adm/shop_admin/itemformupdate.php
+++ b/adm/shop_admin/itemformupdate.php
@ -10,6 +10,8 @@ if ($w == '' || $w == 'u')
 else if ($w == 'd')
    auth_check($auth[$sub_menu], "d");

+check_admin_token();
+
@mkdir(G5_DATA_PATH."/item", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/item", G5_DIR_PERMISSION);