관리자 회원메일발송 페이지 xss 취약점 수정

2019-07-19 19:58:12 +09:00
parent cbde9c91d7
commit f675c38441
2 changed files with 9 additions and 5 deletions
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@ -10,6 +10,8 @@ $html_title = '회원메일';
 if ($w == 'u') {
    $html_title .= '수정';
    $readonly = ' readonly';
+    
+    $ma_id = (int) $ma_id;

    $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
    $ma = sql_fetch($sql);