From 013b67a63b94298b50491a939350511ffd35ebdc Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Dec 2018 11:31:10 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20Reflected=20XSS?=
 =?UTF-8?q?=20=EC=B7=A8=EC=95=BD=EC=A0=90=20(KVE-2018-1618)=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shop/itemqaform.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shop/itemqaform.php b/shop/itemqaform.php
index 955be79c7..d85c4257a 100644
--- a/shop/itemqaform.php
+++ b/shop/itemqaform.php
@@ -12,7 +12,7 @@ if (!$is_member) {
     alert_close("상품문의는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
 $it_id = get_search_string(trim($_REQUEST['it_id']));
 $iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));