firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1145 XSS, CSRF를 이용한 원격코드 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-07-15 18:35:16 +09:00
parent 828b362f67
commit 05f913258d
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/couponmember.php
View File

@ -13,7 +13,7 @@ $sql_common = " from {$g5['member_table']} ";
$sql_where = " where mb_id <> '{$config['cf_admin']}' and mb_leave_date = '' and mb_intercept_date ='' ";
if($mb_name){
$mb_name = strip_tags($mb_name);
$mb_name = preg_replace('/\!\?\*$#<>()\[\]\{\}/i', '', strip_tags($mb_name));
$sql_where .= " and mb_name like '%".sql_real_escape_string($mb_name)."%' ";
}