firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

쇼핑몰 관리자 CSRF 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-11-24 14:43:42 +09:00
parent bfaa429721
commit a155f4d659
34 changed files with 72 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adm/shop_admin/itemuselistupdate.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
check_demo();
check_admin_token();
if (!count($_POST['chk'])) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
}
@ -16,19 +18,19 @@ if ($_POST['act_button'] == "선택수정") {
alert("선택수정이나 선택삭제 작업이 아닙니다.");
}
for ($i=0; $i<count($_POST['chk']); $i++)
for ($i=0; $i<count($_POST['chk']); $i++)
{
$k = $_POST['chk'][$i]; // 실제 번호를 넘김
if ($_POST['act_button'] == "선택수정")
if ($_POST['act_button'] == "선택수정")
{
$sql = "update {$g5['g5_shop_item_use_table']}
set is_score = '{$_POST['is_score'][$k]}',
is_confirm = '{$_POST['is_confirm'][$k]}'
where is_id = '{$_POST['is_id'][$k]}' ";
sql_query($sql);
}
else if ($_POST['act_button'] == "선택삭제")
}
else if ($_POST['act_button'] == "선택삭제")
{
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$_POST['is_id'][$k]}' ";
sql_query($sql);