firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0785, 0788] 타 아이디가 에디터 업로드 된 이미지 삭제 가능 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-11-20 16:51:02 +09:00
parent 02b085b4be
commit afc8adf737
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugin/editor/cheditor5/imageUpload/config.php
View File

@ -30,8 +30,14 @@ define("SAVE_DIR", $data_dir);
define("SAVE_URL", $data_url);
function che_get_user_id() {
@session_start();
return session_id();
global $member;
if(session_id() == '') {
@session_start();
}
$add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
return session_id().$add_str;
}
function che_get_file_passname(){