댓글 수정 CSRF 취약점 수정

2016-08-08 17:44:29 +09:00
parent c1eab8e3c7
commit c23f6c0161
11 changed files with 55 additions and 0 deletions
--- a/bbs/ajax.comment_token.php
+++ b/bbs/ajax.comment_token.php
@ -0,0 +1,14 @@
+<?php
+include_once('./_common.php');
+include_once(G5_LIB_PATH.'/json.lib.php');
+
+$ss_name = 'ss_comment_token';
+
+set_session($ss_name, '');
+
+$token = _token();
+
+set_session($ss_name, $token);
+
+die(json_encode(array('token'=>$token)));
+?>