firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-1276,1546] CSRF 취약점 제보로 1:1 문의 토큰 체크 코드 추가

Browse Source
This commit is contained in:
thisgun
2021-01-04 17:47:14 +09:00
parent 83b4c80964
commit a7fa3a20fc
14 changed files with 122 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bbs/qaview.php
View File

@ -10,6 +10,9 @@ if($is_guest)
$qaconfig = get_qa_config();
$content = '';
$token = _token();
set_session('ss_qa_delete_token', $token);
$g5['title'] = $qaconfig['qa_title'];
include_once('./qahead.php');
@ -110,9 +113,9 @@ if(is_file($skin_file)) {
$update_href = G5_BBS_URL.'/qawrite.php?w=u&qa_id='.$view['qa_id'].$qstr;
}
*/
if(($view['qa_type'] && $is_admin) || (!$view['qa_type'] && $view['qa_status'] == 0)) {
$update_href = G5_BBS_URL.'/qawrite.php?w=u&qa_id='.$view['qa_id'].$qstr;
set_session('ss_qa_delete_token', $token = uniqid(time()));
$delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$view['qa_id'].'&token='.$token.$qstr;
}
@ -129,7 +132,7 @@ if(is_file($skin_file)) {
if($is_admin) {
$answer_update_href = G5_BBS_URL.'/qawrite.php?w=u&qa_id='.$answer['qa_id'].$qstr;
$answer_delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$answer['qa_id'].$qstr;
$answer_delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$answer['qa_id'].'&token='.$token.$qstr;
}
}