From fe35a8c7820f1bb89505a3467412254fd46aa9ee Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Fri, 5 Dec 2014 17:13:10 +0900
Subject: [PATCH] =?UTF-8?q?SQL=20Injection=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/faq.php  | 1 +
 bbs/list.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/bbs/faq.php b/bbs/faq.php
index 381c7b2eb..ce6ea356d 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -55,6 +55,7 @@ if(is_file($skin_file)) {
     $faq_list = array();
 
     $stx = trim($stx);
+    $sql_search = '';
 
     if($stx) {
        $sql_search = " and ( INSTR(fa_subject, '$stx') > 0 or INSTR(fa_content, '$stx') > 0 ) ";
diff --git a/bbs/list.php b/bbs/list.php
index c55ed71e9..819fdf13f 100644
--- a/bbs/list.php
+++ b/bbs/list.php
@@ -149,6 +149,7 @@ if (!$sst) {
     $sst = preg_match("/^(wr_datetime|wr_hit|wr_good|wr_nogood)$/i", $sst) ? $sst : "";
 }
 
+$sql_order = '';
 if ($sst) {
     $sql_order = " order by {$sst} {$sod} ";
 }