Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
KVE-2019-0001, 0002, 0042, 0050 그누보드 다중 취약점 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisgun
thisgun committed Jan 28, 2019
1 parent b6168e0 commit 63081c5
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 11 deletions.
1 change: 1 addition & 0 deletions adm/sms_admin/_common.php
View file
Expand Up @@ -13,6 +13,7 @@
}

$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : '';

if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
Expand Down
6 changes: 3 additions & 3 deletions adm/sms_admin/form_group_update.php
View file
Expand Up @@ -11,8 +11,8 @@
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$fg_no = (int) $_POST['fg_no'][$k];
$fg_name = strip_tags($_POST['fg_name'][$k]);
$fg_member = strip_tags($_POST['fg_member'][$k]);
$fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
$fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';

if (!is_numeric($fg_no))
alert('그룹 고유번호가 없습니다.');
Expand Down Expand Up @@ -83,7 +83,7 @@
if (!strlen(trim($fg_name)))
alert('그룹명을 입력해주세요');

$fg_name = strip_tags($fg_name);
$fg_name = addslashes(strip_tags($fg_name));

$res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
if ($res)
Expand Down
8 changes: 4 additions & 4 deletions adm/sms_admin/history_num.php
View file
Expand Up @@ -11,15 +11,15 @@

if ($page < 1) $page = 1;

if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
$st = '';
}

if ($st && trim($sv))
$sql_search = " and $st like '%$sv%' ";
else
$sql_search = "";

if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
$st = '';
}

$total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
$total_count = $total_res['cnt'];

Expand Down
7 changes: 4 additions & 3 deletions adm/sms_admin/num_book_update.php
View file
Expand Up @@ -12,6 +12,9 @@

$bk_hp = get_hp($bk_hp);

$bk_memo = strip_tags($bk_memo);
$bk_name = strip_tags($bk_name);

if ($w=='u') // 업데이트
{
if (!$bg_no) $bg_no = 0;
Expand All @@ -21,8 +24,6 @@
if (!strlen(trim($bk_name)))
alert('이름을 입력해주세요');

$bk_name = strip_tags($bk_name);

if ($bk_hp == '')
alert('휴대폰번호만 입력 가능합니다.');
/*
Expand All @@ -48,7 +49,7 @@
sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
}

sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
if ($res['mb_id']){ //만약에 mb_id가 있다면...
// 휴대폰번호 중복체크
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
Expand Down
2 changes: 1 addition & 1 deletion adm/sms_admin/num_book_write.php
View file
Expand Up @@ -121,7 +121,7 @@
<tr>
<th scope="row"><label for="bk_memo">메모</label></th>
<td>
<textarea name="bk_memo" id="bk_memo"><?php echo $write['bk_memo']?></textarea>
<textarea name="bk_memo" id="bk_memo"><?php echo html_purifier($write['bk_memo']); ?></textarea>
</td>
</tr>
</tbody>
Expand Down

0 comments on commit 63081c5

Please sign in to comment.