From f675c38441633bbe12797fa0b6debb44dfdab2e6 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 19 Jul 2019 19:58:12 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=9A=8C?=
 =?UTF-8?q?=EC=9B=90=EB=A9=94=EC=9D=BC=EB=B0=9C=EC=86=A1=20=ED=8E=98?=
 =?UTF-8?q?=EC=9D=B4=EC=A7=80=20xss=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/mail_form.php   |  2 ++
 adm/mail_update.php | 12 +++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/adm/mail_form.php b/adm/mail_form.php
index 547beadf0..a95035be2 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -10,6 +10,8 @@ $html_title = '회원메일';
 if ($w == 'u') {
     $html_title .= '수정';
     $readonly = ' readonly';
+    
+    $ma_id = (int) $ma_id;
 
     $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
     $ma = sql_fetch($sql);
diff --git a/adm/mail_update.php b/adm/mail_update.php
index ff539cd55..68c85ae71 100644
--- a/adm/mail_update.php
+++ b/adm/mail_update.php
@@ -9,11 +9,13 @@ auth_check($auth[$sub_menu], 'w');
 
 check_admin_token();
 
+$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
+$ma_subject = isset($_POST['ma_subject']) ? strip_tags($_POST['ma_subject']) : '';
+
 if ($w == '')
 {
     $sql = " insert {$g5['mail_table']}
-                set ma_id = '{$_POST['ma_id']}',
-                     ma_subject = '{$_POST['ma_subject']}',
+                set ma_subject = '{$ma_subject}',
                      ma_content = '{$_POST['ma_content']}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}' ";
@@ -22,16 +24,16 @@ if ($w == '')
 else if ($w == 'u')
 {
     $sql = " update {$g5['mail_table']}
-                set ma_subject = '{$_POST['ma_subject']}',
+                set ma_subject = '{$ma_subject}',
                      ma_content = '{$_POST['ma_content']}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}'
-                where ma_id = '{$_POST['ma_id']}' ";
+                where ma_id = '{$ma_id}' ";
     sql_query($sql);
 }
 else if ($w == 'd')
 {
-	$sql = " delete from {$g5['mail_table']} where ma_id = '{$_POST['ma_id']}' ";
+	$sql = " delete from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
     sql_query($sql);
 }