firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트 다중 취약점 (18-062, 092, 101, 102) 수정

Browse Source
This commit is contained in:
thisgun
2018-03-13 10:56:07 +09:00
parent 2bfc3aae4e
commit 2920cc8147
6 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mobile/skin/shop/basic/itemqalist.skin.php
View File

@ -16,7 +16,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
<option value="">선택</option> <option value="">선택</option>
<option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option> <option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option>
<option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option> <option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option>
<option value="a.iq_subject" <?php echo get_selected($sfl, "a.is_subject"); ?>>문의제목</option> <option value="a.iq_subject" <?php echo get_selected($sfl, "a.iq_subject"); ?>>문의제목</option>
<option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option> <option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option>
<option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option> <option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option>
<option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option> <option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option>

8
shop/itemqalist.php
View File

@ -1,14 +1,16 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
if( isset($sfl) && ! in_array($sfl, array('b.it_name', 'a.it_id', 'a.iq_subject', 'a.iq_question', 'a.iq_name', 'a.mb_id')) ){
//다른값이 들어가있다면 초기화
$sfl = '';
}
if (G5_IS_MOBILE) { if (G5_IS_MOBILE) {
include_once(G5_MSHOP_PATH.'/itemqalist.php'); include_once(G5_MSHOP_PATH.'/itemqalist.php');
return; return;
} }
//$sfl = trim($_REQUEST['sfl']);
//$stx = trim($_REQUEST['stx']);
$g5['title'] = '상품문의'; $g5['title'] = '상품문의';
include_once('./_head.php'); include_once('./_head.php');

8
shop/itemuselist.php
View File

@ -1,14 +1,16 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
if( isset($sfl) && ! in_array($sfl, array('b.it_name', 'a.it_id', 'a.is_subject', 'a.is_content', 'a.is_name', 'a.mb_id')) ){
//다른값이 들어가있다면 초기화
$sfl = '';
}
if (G5_IS_MOBILE) { if (G5_IS_MOBILE) {
include_once(G5_MSHOP_PATH.'/itemuselist.php'); include_once(G5_MSHOP_PATH.'/itemuselist.php');
return; return;
} }
//$sfl = trim($_REQUEST['sfl']);
//$stx = trim($_REQUEST['stx']);
$g5['title'] = '사용후기'; $g5['title'] = '사용후기';
include_once('./_head.php'); include_once('./_head.php');

2
skin/shop/basic/itemqalist.skin.php
View File

@ -17,7 +17,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
<option value="">선택</option> <option value="">선택</option>
<option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option> <option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option>
<option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option> <option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option>
<option value="a.iq_subject" <?php echo get_selected($sfl, "a.is_subject"); ?>>문의제목</option> <option value="a.iq_subject" <?php echo get_selected($sfl, "a.iq_subject"); ?>>문의제목</option>
<option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option> <option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option>
<option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option> <option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option>
<option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option> <option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option>

2
theme/basic/mobile/skin/shop/basic/itemqalist.skin.php
View File

@ -16,7 +16,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
<option value="">선택</option> <option value="">선택</option>
<option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option> <option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option>
<option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option> <option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option>
<option value="a.iq_subject" <?php echo get_selected($sfl, "a.is_subject"); ?>>문의제목</option> <option value="a.iq_subject" <?php echo get_selected($sfl, "a.iq_subject"); ?>>문의제목</option>
<option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option> <option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option>
<option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option> <option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option>
<option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option> <option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option>

2
theme/basic/skin/shop/basic/itemqalist.skin.php
View File

@ -17,7 +17,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
<option value="">선택</option> <option value="">선택</option>
<option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option> <option value="b.it_name" <?php echo get_selected($sfl, "b.it_name", true); ?>>상품명</option>
<option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option> <option value="a.it_id" <?php echo get_selected($sfl, "a.it_id"); ?>>상품코드</option>
<option value="a.iq_subject" <?php echo get_selected($sfl, "a.is_subject"); ?>>문의제목</option> <option value="a.iq_subject" <?php echo get_selected($sfl, "a.iq_subject"); ?>>문의제목</option>
<option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option> <option value="a.iq_question"<?php echo get_selected($sfl, "a.iq_question"); ?>>문의내용</option>
<option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option> <option value="a.iq_name" <?php echo get_selected($sfl, "a.iq_name"); ?>>작성자명</option>
<option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option> <option value="a.mb_id" <?php echo get_selected($sfl, "a.mb_id"); ?>>작성자아이디</option>