From 4ad2f60c348fb3b7c3fb0d119274b70c9d48d96f Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Mon, 7 Mar 2022 16:32:35 +0900
Subject: [PATCH 1/4] =?UTF-8?q?[=EB=B3=B4=EC=95=88=ED=8C=A8=EC=B9=98]=20KV?=
 =?UTF-8?q?E-2021-1987=5F=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C(=EC=98=81?=
 =?UTF-8?q?=EC=B9=B4=ED=8A=B8)preauth=20SQL=20Injection=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0,=20shop/event.php=20?=
 =?UTF-8?q?=EB=A5=BC=20=EA=B1=B0=EC=B3=90=EC=84=9C=20=EC=A0=91=EA=B7=BC?=
 =?UTF-8?q?=ED=95=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/event.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mobile/shop/event.php b/mobile/shop/event.php
index 7090d2d16..d6f45ffdc 100644
--- a/mobile/shop/event.php
+++ b/mobile/shop/event.php
@@ -1,4 +1,5 @@
 <?php
+if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 include_once('./_common.php');
 
 $ev_id = isset($_GET['ev_id']) ? (int) $_GET['ev_id'] : 0;

From 7144c4f4befaac51c3ffafb0616f30bb397ca24c Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Tue, 22 Mar 2022 12:52:36 +0900
Subject: [PATCH 2/4] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=ED=8E=98?=
 =?UTF-8?q?=EC=9D=B4=EC=A7=80=EC=97=90=EC=84=9C=EC=9D=98=20=EC=A7=81?=
 =?UTF-8?q?=EC=A0=91=20=EC=A0=91=EA=B7=BC=EC=9D=84=20=EB=A7=89=EC=95=84=20?=
 =?UTF-8?q?KVE-2021-1888=5FReflected=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/event.php | 1 +
 shop/_common.php      | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/mobile/shop/event.php b/mobile/shop/event.php
index d6f45ffdc..b27763d19 100644
--- a/mobile/shop/event.php
+++ b/mobile/shop/event.php
@@ -1,6 +1,7 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 include_once('./_common.php');
+if (!defined('_SHOP_COMMON_')) exit; // 모바일 페이지로 직접 접근하는 것을 막음
 
 $ev_id = isset($_GET['ev_id']) ? (int) $_GET['ev_id'] : 0;
 
diff --git a/shop/_common.php b/shop/_common.php
index 87fb3397c..594dc4f7c 100644
--- a/shop/_common.php
+++ b/shop/_common.php
@@ -17,4 +17,6 @@ if (isset($_REQUEST['sortodr']))  {
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 
-define('_SHOP_', true);
\ No newline at end of file
+define('_SHOP_', true);
+define('_SHOP_COMMON_', true); // 모바일 페이지의 직접 접근을 막는 경우에 사용
+?>
\ No newline at end of file

From 38e732e71e008924ffc6235435fc456c58a9dd45 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Wed, 6 Apr 2022 14:08:20 +0900
Subject: [PATCH 3/4] =?UTF-8?q?KVE-2021-1277=20Open=20Redirect=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index b8315e2ca..6a6a6980f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3337,6 +3337,11 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
     if(!$msg)
         $msg = 'url에 타 도메인을 지정할 수 없습니다.';
 
+    // KVE-2021-1277 Open Redirect 취약점 해결
+    if (preg_match('#\\\0#', $url)) {
+        alert('url 에 올바르지 않은 값이 포함되어 있습니다.');
+    }
+
     $url = urldecode($url);
     $p = @parse_url(trim($url));
     $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);

From 9ac9e01a51460c5cf25306f62cc1eaadb6fc9d07 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Thu, 7 Apr 2022 15:43:33 +0900
Subject: [PATCH 4/4] =?UTF-8?q?[KVE-2022-0184]=20XSS=20=EB=B0=8F=20SQLInje?=
 =?UTF-8?q?ction=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0?=
 =?UTF-8?q?=EC=9D=84=20=EC=9C=84=ED=95=B4=20=EC=82=AC=EC=9A=A9=ED=95=98?=
 =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EA=B3=A0=20=EC=9E=88=EB=8D=98=20"?=
 =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=A4=91=EB=B3=B5=EA=B2=80=EC=82=AC"=20?=
 =?UTF-8?q?=EA=B8=B0=EB=8A=A5=20=EC=A0=9C=EA=B1=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/categoryform.php |  2 --
 adm/shop_admin/codedupcheck.php | 24 ------------------------
 adm/shop_admin/configform.php   |  7 -------
 adm/shop_admin/itemform.php     | 33 ---------------------------------
 4 files changed, 66 deletions(-)
 delete mode 100644 adm/shop_admin/codedupcheck.php

diff --git a/adm/shop_admin/categoryform.php b/adm/shop_admin/categoryform.php
index 8a133d515..1950ec2c3 100644
--- a/adm/shop_admin/categoryform.php
+++ b/adm/shop_admin/categoryform.php
@@ -157,7 +157,6 @@ else {
 
 <form name="fcategoryform" action="./categoryformupdate.php" onsubmit="return fcategoryformcheck(this);" method="post" enctype="multipart/form-data">
 
-<input type="hidden" name="codedup"  value="<?php echo $default['de_code_dup_use']; ?>">
 <input type="hidden" name="w" value="<?php echo $w; ?>">
 <input type="hidden" name="sst" value="<?php echo $sst; ?>">
 <input type="hidden" name="sod" value="<?php echo $sod; ?>">
@@ -184,7 +183,6 @@ else {
             <?php if ($w == "") { ?>
                 <?php echo help("자동으로 보여지는 분류코드를 사용하시길 권해드리지만 직접 입력한 값으로도 사용할 수 있습니다.\n분류코드는 나중에 수정이 되지 않으므로 신중하게 결정하여 사용하십시오.\n\n분류코드는 2자리씩 10자리를 사용하여 5단계를 표현할 수 있습니다.\n0~z까지 입력이 가능하며 한 분류당 최대 1296가지를 표현할 수 있습니다.\n그러므로 총 3656158440062976가지의 분류를 사용할 수 있습니다."); ?>
                 <input type="text" name="ca_id" value="<?php echo $subid; ?>" id="ca_id" required class="required frm_input" size="<?php echo $sublen; ?>" maxlength="<?php echo $sublen; ?>">
-                <!-- <?php if ($default['de_code_dup_use']) { ?><a href="javascript:;" onclick="codedupcheck(document.getElementById('ca_id').value)">코드 중복검사</a><?php } ?> -->
             <?php } else { ?>
                 <input type="hidden" name="ca_id" value="<?php echo $ca['ca_id']; ?>">
                 <span class="frm_ca_id"><?php echo $ca['ca_id']; ?></span>
diff --git a/adm/shop_admin/codedupcheck.php b/adm/shop_admin/codedupcheck.php
deleted file mode 100644
index 3436c7797..000000000
--- a/adm/shop_admin/codedupcheck.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-include_once('./_common.php');
-
-$it_id = isset($it_id) ? clean_xss_tags(trim($it_id)) : '';
-$ca_id = isset($ca_id) ? clean_xss_tags(trim($ca_id)) : '';
-
-$code = '';
-$name = '';
-
-if ($it_id)
-{
-    $row = get_shop_item($it_id, true);
-    $code = $it_id;
-    $name = $row['it_name'];
-}
-else if ($ca_id)
-{
-    $sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
-    $row = sql_fetch($sql);
-    $code = $ca_id;
-    $name = $row['ca_name'];
-}
-
-echo '{ "code": "' . $code . '", "name": "' . $name . '" }';
\ No newline at end of file
diff --git a/adm/shop_admin/configform.php b/adm/shop_admin/configform.php
index 2cc89e2fd..14e808e4b 100644
--- a/adm/shop_admin/configform.php
+++ b/adm/shop_admin/configform.php
@@ -1398,13 +1398,6 @@ if(!$default['de_kakaopay_cancelpwd']){
                 <?php echo get_member_level_select('de_level_sell', 1, 10, $default['de_level_sell']); ?>
             </td>
         </tr>
-        <tr>
-            <th scope="row"><label for="de_code_dup_use">코드 중복검사</label></th>
-            <td>
-                 <?php echo help("분류, 상품 등을 추가할 때 자동으로 코드 중복검사를 하려면 체크하십시오."); ?>
-                <input type="checkbox" name="de_code_dup_use" value="1" id="de_code_dup_use"<?php echo $default['de_code_dup_use']?' checked':''; ?>> 사용
-            </td>
-        </tr>
         <tr>
             <th scope="row"><label for="de_cart_keep_term">장바구니 보관기간</label></th>
             <td>
diff --git a/adm/shop_admin/itemform.php b/adm/shop_admin/itemform.php
index eea31a8cf..9afd81fe4 100644
--- a/adm/shop_admin/itemform.php
+++ b/adm/shop_admin/itemform.php
@@ -210,7 +210,6 @@ if(!sql_query(" select it_skin from {$g5['g5_shop_item_table']} limit 1", false)
 
 <form name="fitemform" action="./itemformupdate.php" method="post" enctype="MULTIPART/FORM-DATA" autocomplete="off" onsubmit="return fitemformcheck(this)">
 
-<input type="hidden" name="codedup" value="<?php echo $default['de_code_dup_use']; ?>">
 <input type="hidden" name="w" value="<?php echo $w; ?>">
 <input type="hidden" name="sca" value="<?php echo $sca; ?>">
 <input type="hidden" name="sst" value="<?php echo $sst; ?>">
@@ -333,11 +332,8 @@ if(!sql_query(" select it_skin from {$g5['g5_shop_item_table']} limit 1", false)
             <th scope="row">상품코드</th>
             <td colspan="2">
                 <?php if ($w == '') { // 추가 ?>
-                    <!-- 최근에 입력한 코드(자동 생성시)가 목록의 상단에 출력되게 하려면 아래의 코드로 대체하십시오. -->
-                    <!-- <input type=text class=required name=it_id value="<?php echo 10000000000-time()?>" size=12 maxlength=10 required> <a href='javascript:;' onclick="codedupcheck(document.all.it_id.value)"><img src='./img/btn_code.gif' border=0 align=absmiddle></a> -->
                     <?php echo help("상품의 코드는 10자리 숫자로 자동생성합니다. <b>직접 상품코드를 입력할 수도 있습니다.</b>\n상품코드는 영문자, 숫자, - 만 입력 가능합니다."); ?>
                     <input type="text" name="it_id" value="<?php echo time(); ?>" id="it_id" required class="frm_input required" size="20" maxlength="20">
-                    <!-- <?php if ($default['de_code_dup_use']) { ?><button type="button" class="btn_frmline" onclick="codedupcheck(document.all.it_id.value)">중복검사</a><?php } ?> -->
                 <?php } else { ?>
                     <input type="hidden" name="it_id" value="<?php echo $it['it_id']; ?>">
                     <span class="frm_ca_id"><?php echo $it['it_id']; ?></span>
@@ -1782,35 +1778,6 @@ $(function() {
 });
 <?php } ?>
 
-function codedupcheck(id)
-{
-    if (!id) {
-        alert('상품코드를 입력하십시오.');
-        f.it_id.focus();
-        return;
-    }
-
-    var it_id = id.replace(/[A-Za-z0-9\-_]/g, "");
-    if(it_id.length > 0) {
-        alert("상품코드는 영문자, 숫자, -, _ 만 사용할 수 있습니다.");
-        return false;
-    }
-
-    $.post(
-        "./codedupcheck.php",
-        { it_id: id },
-        function(data) {
-            if(data.name) {
-                alert("코드 '"+data.code+"' 는 '".data.name+"' (으)로 이미 등록되어 있으므로\n\n사용하실 수 없습니다.");
-                return false;
-            } else {
-                alert("'"+data.code+"' 은(는) 등록된 코드가 없으므로 사용하실 수 있습니다.");
-                document.fitemform.codedup.value = '';
-            }
-        }, "json"
-    );
-}
-
 function fitemformcheck(f)
 {
     if (!f.ca_id.value) {