firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

CSRF 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-06-29 10:20:59 +09:00
parent 808ac0f0e6
commit c56498a529
3 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bbs/scrap_popin_update.php
View File

@ -6,7 +6,7 @@ include_once(G5_PATH.'/head.sub.php');
if (!$is_member)
{
$href = './login.php?'.$qstr.'&url='.urlencode('./board.php?bo_table='.$bo_table.'&wr_id='.$wr_id);
echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.$href.'\'; </script>';
echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.str_replace('&amp;', '&', $href).'\'; </script>';
exit;
}
@ -32,6 +32,8 @@ if ($row['cnt'])
exit;
}
$wr_content = trim($_POST['wr_content']);
// 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
{