XSS 취약점(16-995, 1003) 수정

2017-01-05 12:29:20 +09:00
parent b705117c0d
commit 27d603a804
4 changed files with 6 additions and 6 deletions
--- a/shop/itemuseform.php
+++ b/shop/itemuseform.php
@ -13,8 +13,8 @@ if (!$is_member) {
 }

 $w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$is_id = trim($_REQUEST['is_id']);
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));

 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";