From cb327e902f0ae5745c94826bebcc4fb528b8ff77 Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 28 Jun 2016 10:25:55 +0900 Subject: [PATCH] =?UTF-8?q?=EB=8C=93=EA=B8=80=20=EC=82=AD=EC=A0=9C=20?= =?UTF-8?q?=ED=86=A0=ED=81=B0=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/delete_comment.php | 4 ++-- bbs/password.php | 2 +- bbs/view_comment.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php index cd75e575c..c9e9bff24 100644 --- a/bbs/delete_comment.php +++ b/bbs/delete_comment.php @@ -2,8 +2,8 @@ // 코멘트 삭제 include_once('./_common.php'); -$delete_comment_token = get_session('ss_delete_comment_token'); -set_session('ss_delete_comment_token', ''); +$delete_comment_token = get_session('ss_delete_comment_'.$comment_id.'_token'); +set_session('ss_delete_comment_'.$comment_id.'_token', ''); if (!($token && $delete_comment_token == $token)) alert('토큰 에러로 삭제 불가합니다.'); diff --git a/bbs/password.php b/bbs/password.php index 32d31259a..072a98dbd 100644 --- a/bbs/password.php +++ b/bbs/password.php @@ -14,7 +14,7 @@ switch ($w) { $return_url = './board.php?bo_table='.$bo_table.'&wr_id='.$wr_id; break; case 'x' : - set_session('ss_delete_comment_token', $token = uniqid(time())); + set_session('ss_delete_comment_'.$comment_id.'_token', $token = uniqid(time())); $action = './delete_comment.php?token='.$token; $row = sql_fetch(" select wr_parent from $write_table where wr_id = '$comment_id' "); $return_url = './board.php?bo_table='.$bo_table.'&wr_id='.$row['wr_parent']; diff --git a/bbs/view_comment.php b/bbs/view_comment.php index c6e6614cc..d0294b4f5 100644 --- a/bbs/view_comment.php +++ b/bbs/view_comment.php @@ -73,7 +73,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { if ($row['mb_id'] == $member['mb_id'] || $is_admin) { - set_session('ss_delete_comment_token', $token = uniqid(time())); + set_session('ss_delete_comment_'.$row['wr_id'].'_token', $token = uniqid(time())); $list[$i]['del_link'] = './delete_comment.php?bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&token='.$token.'&page='.$page.$qstr; $list[$i]['is_edit'] = true; $list[$i]['is_del'] = true; @@ -82,7 +82,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) else { if (!$row['mb_id']) { - $list[$i]['del_link'] = './password.php?w=x&bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&token='.$token.'&page='.$page.$qstr; + $list[$i]['del_link'] = './password.php?w=x&bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&page='.$page.$qstr; $list[$i]['is_del'] = true; } }