[KVE-2024-0022] 쇼핑몰 사용후기 별점 조작 취약점 수정

2024-03-25 10:03:07 +09:00
parent 6705d014f9
commit 0d9c773d22
1 changed files with 1 additions and 1 deletions
--- a/shop/itemuseformupdate.php
+++ b/shop/itemuseformupdate.php
@ -12,7 +12,7 @@ $is_content = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $is_content);
 $is_name     = isset($_POST['is_name']) ? trim($_POST['is_name']) : '';
 $is_password = isset($_POST['is_password']) ? trim($_POST['is_password']) : '';
 $is_score    = isset($_POST['is_score']) ? (int) $_POST['is_score'] : 0;
-$is_score    = ($is_score > 5) ? 0 : $is_score;
+$is_score    = ($is_score > 5 || $is_score < 1) ? 1 : $is_score;
 $get_editor_img_mode = $config['cf_editor'] ? false : true;
 $is_id       = isset($_REQUEST['is_id']) ? (int) $_REQUEST['is_id'] : 0;
 $is_mobile_shop = isset($_REQUEST['is_mobile_shop']) ? (int) $_REQUEST['is_mobile_shop'] : 0;