firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/g5

Browse Source
This commit is contained in:
thisgun
2018-04-23 10:39:17 +09:00
parent c74e18424f 215ea45b1f
commit dfe0756954
4 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/admin.lib.php
View File

@ -436,7 +436,7 @@ else if ($is_admin != 'super')
}
// 관리자의 아이피, 브라우저와 다르다면 세션을 끊고 관리자에게 메일을 보낸다.
$admin_key = md5($member['mb_datetime'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']);
$admin_key = md5($member['mb_datetime'] . get_real_client_ip() . $_SERVER['HTTP_USER_AGENT']);
if (get_session('ss_mb_key') !== $admin_key) {
session_destroy();

2
adm/board_form.php
View File

@ -1245,7 +1245,7 @@ $pg_anchor = '<ul class="anchor">
<div class="btn_fixed_top">
<?php if( $bo_table && $w ){ ?>
<a href="./board_copy.php?bo_table=<?php echo $board['bo_table']; ?>" id="board_copy" target="win_board_copy" class=" btn_02 btn">게시판복사</a>
<a href="<?php echo G5_BBS_URL ?>/board.php?bo_table=<?php echo $board['bo_table']; ?>'" class=" btn_02 btn">게시판 바로가기</a>
<a href="<?php echo G5_BBS_URL ?>/board.php?bo_table=<?php echo $board['bo_table']; ?>" class=" btn_02 btn">게시판 바로가기</a>
<a href="./board_thumbnail_delete.php?bo_table=<?php echo $board['bo_table'].'&amp;'.$qstr;?>" onclick="return delete_confirm2('게시판 썸네일 파일을 삭제하시겠습니까?');" class="btn_02 btn">게시판 썸네일 삭제</a>
<?php } ?>
<input type="submit" value="확인" class="btn_submi btn btn_01" accesskey="s">

2
bbs/login_check.php
View File

@ -56,7 +56,7 @@ if ( is_use_email_certify() && !preg_match("/[1-9]/", $mb['mb_email_certify']))
// 회원아이디 세션 생성
set_session('ss_mb_id', $mb['mb_id']);
// FLASH XSS 공격에 대응하기 위하여 회원의 고유키를 생성해 놓는다. 관리자에서 검사함 - 110106
set_session('ss_mb_key', md5($mb['mb_datetime'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
set_session('ss_mb_key', md5($mb['mb_datetime'] . get_real_client_ip() . $_SERVER['HTTP_USER_AGENT']));
// 포인트 체크
if($config['cf_use_point']) {

8
lib/common.lib.php
View File

@ -3418,6 +3418,14 @@ function is_use_email_certify(){
return $config['cf_use_email_certify'];
}
function get_real_client_ip(){
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
return $_SERVER['REMOTE_ADDR'];
}
function get_call_func_cache($func, $args=array()){
static $cache = array();