firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

회원 홈페이지를 이용한 SQL Injection 오류 수정

Browse Source
This commit is contained in:
chicpro
2014-10-23 09:25:33 +09:00
parent 352deb6133
commit ad78efcdaa
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/write_update.php
View File

@ -407,9 +407,9 @@ if ($w == '' || $w == 'r') {
// 자신의 글이라면
if ($member['mb_id'] == $wr['mb_id']) {
$mb_id = $member['mb_id'];
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
$wr_email = $member['mb_email'];
$wr_homepage = $member['mb_homepage'];
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_email = addslashes($member['mb_email']);
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else {
$mb_id = $wr['mb_id'];
$wr_name = $wr['wr_name'];