그누보드4 보안패치 일괄 적용

2013-03-20 15:53:44 +09:00
parent 6180493eb6
commit b072f9fe23
7 changed files with 1578 additions and 1436 deletions
--- a/bbs/memo_delete.php
+++ b/bbs/memo_delete.php
@ -4,6 +4,8 @@ include_once('./_common.php');
 if (!$member[mb_id]) 
    alert('회원만 이용하실 수 있습니다.');

+$me_id = (int)$_REQUEST['me_id'];
+
 $sql = " select * from {$g4[memo_table]} where me_id = '{$me_id}' ";
 $row = sql_fetch($sql);
 if (!$row[mb_read_datetime][0]) // 메모 받기전이면
--- a/bbs/memo_view.php
+++ b/bbs/memo_view.php
@ -4,6 +4,8 @@ include_once('./_common.php');
 if (!$is_member)
    alert('회원만 이용하실 수 있습니다.');

+$me_id = (int)$_REQUEST['me_id'];
+
 if ($kind == 'recv')
 {
    $t = '받은';
--- a/bbs/write.php
+++ b/bbs/write.php
@ -3,8 +3,8 @@ include_once('./_common.php');
 include_once(G4_CKEDITOR_PATH.'/ckeditor.lib.php');
 include_once(G4_GCAPTCHA_PATH.'/gcaptcha.lib.php');

-set_session('ss_bo_table', $bo_table);
-set_session('ss_wr_id', $wr_id);
+set_session('ss_bo_table', $_REQUEST['bo_table']);
+set_session('ss_wr_id', $_REQUEST['wr_id']);

 if (!$board['bo_table']) {
    alert('존재하지 않는 게시판입니다.', G4_URL);
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@ -42,8 +42,8 @@ if (empty($_POST)) {
 }

 $w = $_POST['w'];
-$wr_link1 = mysql_real_escape_string($_POST['wr_link1']);
-$wr_link2 = mysql_real_escape_string($_POST['wr_link2']);
+$wr_link1 = escape_trim(strip_tags($_POST['wr_link1']));
+$wr_link2 = escape_trim(strip_tags($_POST['wr_link2']));

 $notice_array = explode(',', trim($board['bo_notice']));

--- a/bbs/zip.db
+++ b/bbs/zip.db