firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점(16-995, 1003) 수정

Browse Source
This commit is contained in:
thisgun
2017-01-05 12:29:20 +09:00
parent b705117c0d
commit 27d603a804
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
shop/itemqaform.php
View File

@ -13,8 +13,8 @@ if (!$is_member) {
}
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$iq_id = trim($_REQUEST['iq_id']);
$it_id = get_search_string(trim($_REQUEST['it_id']));
$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));
// 상품정보체크
$sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";

2
shop/itemqaformupdate.php
View File

@ -12,7 +12,7 @@ $iq_answer = trim($_POST['iq_answer']);
$hash = trim($_REQUEST['hash']);
if ($w == "" || $w == "u") {
$iq_name = addslashes($member['mb_name']);
$iq_name = addslashes(strip_tags($member['mb_name']));
$iq_password = $member['mb_password'];
if (!$iq_subject) alert("제목을 입력하여 주십시오.");

4
shop/itemuseform.php
View File

@ -13,8 +13,8 @@ if (!$is_member) {
}
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$is_id = trim($_REQUEST['is_id']);
$it_id = get_search_string(trim($_REQUEST['it_id']));
$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
// 상품정보체크
$sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";

2
shop/itemuseformupdate.php
View File

@ -16,7 +16,7 @@ $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
check_itemuse_write($it_id, $member['mb_id']);
if ($w == "" || $w == "u") {
$is_name = addslashes($member['mb_name']);
$is_name = addslashes(strip_tags($member['mb_name']));
$is_password = $member['mb_password'];
if (!$is_subject) alert("제목을 입력하여 주십시오.");