[KVE-2020-1276,1546] CSRF 취약점 제보로 1:1 문의 토큰 체크 코드 추가

2021-01-04 17:47:14 +09:00
parent 83b4c80964
commit a7fa3a20fc
14 changed files with 122 additions and 4 deletions
--- a/skin/qa/basic/list.skin.php
+++ b/skin/qa/basic/list.skin.php
@ -72,6 +72,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$qa_skin_url.'/style.css">', 0);
    <input type="hidden" name="stx" value="<?php echo $stx; ?>">
    <input type="hidden" name="sca" value="<?php echo $sca; ?>">
    <input type="hidden" name="page" value="<?php echo $page; ?>">
+    <input type="hidden" name="token" value="<?php echo get_text($token); ?>">
            
    <div class="tbl_head01 tbl_wrap">
        <table>
--- a/skin/qa/basic/write.skin.php
+++ b/skin/qa/basic/write.skin.php
@ -14,6 +14,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$qa_skin_url.'/style.css">', 0);
    <input type="hidden" name="sca" value="<?php echo $sca ?>">
    <input type="hidden" name="stx" value="<?php echo $stx ?>">
    <input type="hidden" name="page" value="<?php echo $page ?>">
+    <input type="hidden" name="token" value="<?php echo $token ?>">
    <?php
    $option = '';
    $option_hidden = '';
@ -166,6 +167,25 @@ add_stylesheet('<link rel="stylesheet" href="'.$qa_skin_url.'/style.css">', 0);
        }
        <?php } ?>

+        $.ajax({
+            type: "POST",
+            url: g5_bbs_url+"/ajax.write.token.php",
+            data: { 'token_case' : 'qa_write' },
+            cache: false,
+            async: false,
+            dataType: "json",
+            success: function(data) {
+                if (typeof data.token !== "undefined") {
+                    token = data.token;
+
+                    if(typeof f.token === "undefined")
+                        $(f).prepend('<input type="hidden" name="token" value="">');
+
+                    $(f).find("input[name=token]").val(token);
+                }
+            }
+        });
+
        document.getElementById("btn_submit").disabled = "disabled";

        return true;