From a47002d71f58ad02f10a48dec2bbd96b58f23414 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 16 Mar 2018 17:10:54 +0900 Subject: [PATCH] =?UTF-8?q?1:1=20=EB=AC=B8=EC=9D=98=20=EB=A6=AC=EC=8A=A4?= =?UTF-8?q?=ED=8A=B8=EC=97=90=EC=84=9C=20=EC=82=AD=EC=A0=9C=20=ED=86=A0?= =?UTF-8?q?=ED=81=B0=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qadelete.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bbs/qadelete.php b/bbs/qadelete.php index a26fff7e1..09e7b82cc 100644 --- a/bbs/qadelete.php +++ b/bbs/qadelete.php @@ -7,7 +7,8 @@ if($is_guest) $delete_token = get_session('ss_qa_delete_token'); set_session('ss_qa_delete_token', ''); -if (!($token && $delete_token == $token)) +//관리자가 아닌경우에는 토큰을 검사합니다. +if (!$is_admin && !($token && $delete_token == $token)) alert('토큰 에러로 삭제 불가합니다.'); $tmp_array = array(); @@ -21,7 +22,7 @@ if(!$count) alert('삭제할 게시글을 하나이상 선택해 주십시오.'); for($i=0; $i<$count; $i++) { - $qa_id = $tmp_array[$i]; + $qa_id = (int) $tmp_array[$i]; $sql = " select qa_id, mb_id, qa_type, qa_status, qa_parent, qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} @@ -32,7 +33,7 @@ for($i=0; $i<$count; $i++) { continue; // 자신의 글이 아니면 건너뜀 - if($is_admin != 'super' && $row['mb_id'] != $member['mb_id']) + if($is_admin != 'super' && $row['mb_id'] !== $member['mb_id']) continue; // 답변이 달린 글은 삭제못함