firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 및 CSRF 취약점 수정

Browse Source
This commit is contained in:
chicpro
2015-06-23 15:26:08 +09:00
parent 43ab358f84
commit fc3fd39e36
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adm/shop_admin/index.php
View File

@ -389,7 +389,7 @@ function get_max_value($arr)
?>
<li>
<span class="oneq_cate oneq_span"><?php echo get_text($row['qa_category']); ?></span>
<a href="<?php echo G5_BBS_URL; ?>/qaview.php?qa_id=<?php echo $row['qa_id']; ?>" target="_blank" class="oneq_link"><?php echo cut_str($row['qa_subject'],40); ?></a>
<a href="<?php echo G5_BBS_URL; ?>/qaview.php?qa_id=<?php echo $row['qa_id']; ?>" target="_blank" class="oneq_link"><?php echo conv_subject($row['qa_subject'],40); ?></a>
<?php echo $name; ?>
</li>
<?php
@ -426,7 +426,7 @@ function get_max_value($arr)
$name = get_sideview($row['mb_id'], get_text($row['iq_name']), $row1['mb_email'], $row1['mb_homepage']);
?>
<li>
<a href="./itemqaform.php?w=u&amp;iq_id=<?php echo $row['iq_id']; ?>" class="qna_link"><?php echo cut_str($row['iq_subject'],40); ?></a>
<a href="./itemqaform.php?w=u&amp;iq_id=<?php echo $row['iq_id']; ?>" class="qna_link"><?php echo conv_subject($row['iq_subject'],40); ?></a>
<?php echo $name; ?>
</li>
<?php
@ -463,7 +463,7 @@ function get_max_value($arr)
$name = get_sideview($row['mb_id'], get_text($row['is_name']), $row1['mb_email'], $row1['mb_homepage']);
?>
<li>
<a href="./itemuseform.php?w=u&amp;is_id=<?php echo $row['is_id']; ?>" class="ps_link"><?php echo cut_str($row['is_subject'],40); ?></a>
<a href="./itemuseform.php?w=u&amp;is_id=<?php echo $row['is_id']; ?>" class="ps_link"><?php echo conv_subject($row['is_subject'],40); ?></a>
<?php echo $name; ?>
</li>
<?php

8
adm/shop_admin/itemqalist.php
View File

@ -123,8 +123,8 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
$href = G5_SHOP_URL.'/item.php?it_id='.$row['it_id'];
$name = get_sideview($row['mb_id'], get_text($row['iq_name']), $row['mb_email'], $row['mb_homepage']);
$answer = $row['iq_answer'] ? 'Y' : '&nbsp;';
$iq_question = get_view_thumbnail($row['iq_question'], 300);
$iq_answer = $row['iq_answer'] ? get_view_thumbnail($row['iq_answer'], 300) : "답변이 등록되지 않았습니다.";
$iq_question = get_view_thumbnail(conv_content($row['iq_question'], 1), 300);
$iq_answer = $row['iq_answer'] ? get_view_thumbnail(conv_content($row['iq_answer'], 1), 300) : "답변이 등록되지 않았습니다.";
$bg = 'bg'.($i%2);
?>
@ -136,7 +136,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
</td>
<td><a href="<?php echo $href; ?>"><?php echo get_it_image($row['it_id'], 50, 50); ?> <?php echo cut_str($row['it_name'],30); ?></a></td>
<td>
<a href="#" class="qa_href" onclick="return false;" target="<?php echo $i; ?>"><?php echo $row['iq_subject']; ?></a>
<a href="#" class="qa_href" onclick="return false;" target="<?php echo $i; ?>"><?php echo get_text($row['iq_subject']); ?></a>
<div id="qa_div<?php echo $i; ?>" class="qa_div" style="display:none;">
<strong>문의내용</strong><br>
<?php echo $iq_question; ?>
@ -147,7 +147,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
<td class="td_name"><?php echo $name; ?></td>
<td class="td_boolean"><?php echo $answer; ?></td>
<td class="td_mngsmall">
<a href="./itemqaform.php?w=u&amp;iq_id=<?php echo $row['iq_id']; ?>&amp;<?php echo $qstr; ?>"><span class="sound_only"><?php echo $row['iq_subject']; ?> </span>수정</a>
<a href="./itemqaform.php?w=u&amp;iq_id=<?php echo $row['iq_id']; ?>&amp;<?php echo $qstr; ?>"><span class="sound_only"><?php echo get_text($row['iq_subject']); ?> </span>수정</a>
</td>
</tr>
<?php

6
adm/shop_admin/itemuselist.php
View File

@ -124,7 +124,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
$row['is_subject'] = cut_str($row['is_subject'], 30, "...");
$href = G5_SHOP_URL.'/item.php?it_id='.$row['it_id'];
$name = get_sideview($row['mb_id'], get_text($row['is_name']), $row['mb_email'], $row['mb_homepage']);
$is_content = get_view_thumbnail($row['is_content'], 300);
$is_content = get_view_thumbnail(conv_content($row['is_content'], 1), 300);
$bg = 'bg'.($i%2);
?>
@ -139,7 +139,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
<td><a href="<?php echo $href; ?>"><?php echo get_it_image($row['it_id'], 50, 50); ?><?php echo cut_str($row['it_name'],30); ?></a></td>
<td class="td_name"><?php echo $name; ?></td>
<td class="sit_use_subject">
<a href="#" class="use_href" onclick="return false;" target="<?php echo $i; ?>"><?php echo $row['is_subject']; ?></a>
<a href="#" class="use_href" onclick="return false;" target="<?php echo $i; ?>"><?php echo get_text($row['is_subject']); ?></a>
<div id="use_div<?php echo $i; ?>" class="use_div" style="display:none;">
<?php echo $is_content; ?>
</div>
@ -159,7 +159,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
<input type="checkbox" name="is_confirm[<?php echo $i; ?>]" <?php echo ($row['is_confirm'] ? 'checked' : ''); ?> value="1" id="confirm_<?php echo $i; ?>">
</td>
<td class="td_mngsmall">
<a href="./itemuseform.php?w=u&amp;is_id=<?php echo $row['is_id']; ?>&amp;<?php echo $qstr; ?>"><span class="sound_only"><?php echo $row['is_subject']; ?> </span>수정</a>
<a href="./itemuseform.php?w=u&amp;is_id=<?php echo $row['is_id']; ?>&amp;<?php echo $qstr; ?>"><span class="sound_only"><?php echo get_text($row['is_subject']); ?> </span>수정</a>
</td>
</tr>