firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-1276,1546] CSRF 취약점 제보로 1:1 문의 토큰 체크 코드 추가

Browse Source
This commit is contained in:
thisgun
2021-01-04 17:47:14 +09:00
parent 83b4c80964
commit a7fa3a20fc
14 changed files with 122 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bbs/ajax.write.token.php Normal file
View File

@ -0,0 +1,11 @@
<?php
include_once('./_common.php');
include_once(G5_LIB_PATH.'/json.lib.php');
$token_case = isset($_POST['token_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['token_case']) : '';
if( $token_case ){
$token = _token();
set_session('ss_'.$token_case.'_token', $token);
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
}