firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 관련 대응 get_text 함수 처리 추가

Browse Source
This commit is contained in:
chicpro
2014-06-12 10:20:06 +09:00
parent e56e6e376a
commit 2a5e9ad7fb
9 changed files with 41 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/shop_admin/orderlist.php
View File

@ -346,8 +346,8 @@ if(!sql_query(" select mb_id from {$g5['g5_shop_order_delete_table']} limit 1 ",
<?php echo $od_paytype; ?>
</td>
<td headers="th_odrer" class="td_name"><?php echo $mb_nick; ?></td>
<td headers="th_odrertel" class="td_tel"><?php echo $row['od_tel']; ?></td>
<td headers="th_recvr" class="td_name"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sort1=<?php echo $sort1; ?>&amp;sort2=<?php echo $sort2; ?>&amp;sel_field=od_b_name&amp;search=<?php echo $row['od_b_name']; ?>"><?php echo $row['od_b_name']; ?></a></td>
<td headers="th_odrertel" class="td_tel"><?php echo get_text($row['od_tel']); ?></td>
<td headers="th_recvr" class="td_name"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sort1=<?php echo $sort1; ?>&amp;sort2=<?php echo $sort2; ?>&amp;sel_field=od_b_name&amp;search=<?php echo get_text($row['od_b_name']); ?>"><?php echo get_text($row['od_b_name']); ?></a></td>
<td rowspan="3" class="td_numsum"><?php echo number_format($row['od_cart_price'] + $row['od_send_cost'] + $row['od_send_cost2']); ?></td>
<td rowspan="3" class="td_numincome"><?php echo number_format($row['od_receipt_price']); ?></td>
<td rowspan="3" class="td_numcancel<?php echo $td_color; ?>"><?php echo number_format($row['od_cancel_price']); ?></td>

20
adm/shop_admin/orderprintresult.php
View File

@ -257,33 +257,33 @@ if (mysql_num_rows($result) == 0)
if ($row1['od_name'] == $row1['od_b_name'] && $row1['od_addr'] == $row1['od_b_addr'] && $row1['od_tel'] == $row1['od_b_tel'] && $row1['od_hp'] == $row1['od_b_hp'] && $row1['od_hp'] != "&nbsp;") $samesamesame = 1;
else $samesamesame = '';
$od_memo = ($row1['od_memo']) ? stripslashes($row1['od_memo']) : '';
$od_shop_memo = ($row1['od_shop_memo']) ? stripslashes($row1['od_shop_memo']) : '';
$od_memo = ($row1['od_memo']) ? get_text(stripslashes($row1['od_memo'])) : '';
$od_shop_memo = ($row1['od_shop_memo']) ? get_text(stripslashes($row1['od_shop_memo'])) : '';
?>
<!-- 반복시작 - 지운아빠 2013-04-18 -->
<div class="sodr_print_pop_list">
<h2>주문번호 <?php echo $row1['od_id']; ?></h2>
<h3>보내는 사람 : <?php echo $row1['od_name']; ?></h3>
<h3>보내는 사람 : <?php echo get_text($row1['od_name']); ?></h3>
<dl>
<dt>주소</dt>
<dd><?php echo $row1['od_addr']; ?></dd>
<dd><?php echo get_text($row1['od_addr']); ?></dd>
<dt>휴대폰</dt>
<dd><?php echo $row1['od_hp']; ?></dd>
<dd><?php echo get_text($row1['od_hp']); ?></dd>
<dt>전화번호</dt>
<dd><?php echo $row1['od_tel']; ?></dd>
<dd><?php echo get_text($row1['od_tel']); ?></dd>
</dl>
<?php if ($samesamesame) { ?>
<p class="sodr_print_pop_same">보내는 사람과 받는 사람이 동일합니다.</p>
<?php } else { ?>
<h3>받는 사람 : <?php echo $row1['od_b_name']; ?></h3>
<h3>받는 사람 : <?php echo get_text($row1['od_b_name']); ?></h3>
<dl>
<dt>주소</dt>
<dd><?php echo $row1['od_b_addr']; ?></dd>
<dd><?php echo get_text($row1['od_b_addr']); ?></dd>
<dt>휴대폰</dt>
<dd><?php echo $row1['od_b_hp']; ?></dd>
<dd><?php echo get_text($row1['od_b_hp']); ?></dd>
<dt>전화번호</dt>
<dd><?php echo $row1['od_b_tel']; ?></dd>
<dd><?php echo get_text($row1['od_b_tel']); ?></dd>
</dl>
<?php } ?>

1
mobile/shop/orderformupdate.php
View File

@ -410,6 +410,7 @@ if($default['de_tax_flag_use']) {
}
$od_pg = $default['de_pg_service'];
$od_email = get_email_address($od_email);
// 주문서에 입력
$sql = " insert {$g5['g5_shop_order_table']}

22
mobile/shop/orderinquiryview.php
View File

@ -292,11 +292,11 @@ if($od['od_pg'] == 'lg') {
?>
<tr>
<th scope="row">입금자명</th>
<td><?php echo $od['od_deposit_name']; ?></td>
<td><?php echo get_text($od['od_deposit_name']); ?></td>
</tr>
<tr>
<th scope="row">입금계좌</th>
<td><?php echo $od['od_bank_account']; ?></td>
<td><?php echo get_text($od['od_bank_account']); ?></td>
</tr>
<?php
}
@ -432,23 +432,23 @@ if($od['od_pg'] == 'lg') {
<tbody>
<tr>
<th scope="row">이 름</th>
<td><?php echo $od['od_name']; ?></td>
<td><?php echo get_text($od['od_name']); ?></td>
</tr>
<tr>
<th scope="row">전화번호</th>
<td><?php echo $od['od_tel']; ?></td>
<td><?php echo get_text($od['od_tel']); ?></td>
</tr>
<tr>
<th scope="row">핸드폰</th>
<td><?php echo $od['od_hp']; ?></td>
<td><?php echo get_text($od['od_hp']); ?></td>
</tr>
<tr>
<th scope="row">주 소</th>
<td><?php echo sprintf("(%s-%s)", $od['od_zip1'], $od['od_zip2']).' '.print_address($od['od_addr1'], $od['od_addr2'], $od['od_addr3']); ?></td>
<td><?php echo get_text(sprintf("(%s-%s)", $od['od_zip1'], $od['od_zip2']).' '.print_address($od['od_addr1'], $od['od_addr2'], $od['od_addr3'])); ?></td>
</tr>
<tr>
<th scope="row">E-mail</th>
<td><?php echo $od['od_email']; ?></td>
<td><?php echo get_text($od['od_email']); ?></td>
</tr>
</tbody>
</table>
@ -468,19 +468,19 @@ if($od['od_pg'] == 'lg') {
<tbody>
<tr>
<th scope="row">이 름</th>
<td><?php echo $od['od_b_name']; ?></td>
<td><?php echo get_text($od['od_b_name']); ?></td>
</tr>
<tr>
<th scope="row">전화번호</th>
<td><?php echo $od['od_b_tel']; ?></td>
<td><?php echo get_text($od['od_b_tel']); ?></td>
</tr>
<tr>
<th scope="row">핸드폰</th>
<td><?php echo $od['od_b_hp']; ?></td>
<td><?php echo get_text($od['od_b_hp']); ?></td>
</tr>
<tr>
<th scope="row">주 소</th>
<td><?php echo sprintf("(%s-%s)", $od['od_b_zip1'], $od['od_b_zip2']).' '.print_address($od['od_b_addr1'], $od['od_b_addr2'], $od['od_b_addr3']); ?></td>
<td><?php echo get_text(sprintf("(%s-%s)", $od['od_b_zip1'], $od['od_b_zip2']).' '.print_address($od['od_b_addr1'], $od['od_b_addr2'], $od['od_b_addr3'])); ?></td>
</tr>
<?php
// 희망배송일을 사용한다면

4
mobile/shop/personalpayresult.php
View File

@ -117,11 +117,11 @@ if($od['od_pg'] == 'lg') {
?>
<tr>
<th scope="row">입금자명</th>
<td><?php echo $pp['pp_deposit_name']; ?></td>
<td><?php echo get_text($pp['pp_deposit_name']); ?></td>
</tr>
<tr>
<th scope="row">입금계좌</th>
<td><?php echo $pp['pp_bank_account']; ?></td>
<td><?php echo get_text($pp['pp_bank_account']); ?></td>
</tr>
<?php
}

2
shop/orderform.php
View File

@ -20,7 +20,7 @@ if (get_cart_count($tmp_cart_id) == 0)
$g5['title'] = '주문서 작성';
// LG Xpay 전자결제를 사용할 때만 실행
// 전자결제를 사용할 때만 실행
if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use'] || $default['de_card_use']) {
switch($default['de_pg_service']) {
case 'lg':

1
shop/orderformupdate.php
View File

@ -404,6 +404,7 @@ if($default['de_tax_flag_use']) {
}
$od_pg = $default['de_pg_service'];
$od_email = get_email_address($od_email);
// 주문서에 입력
$sql = " insert {$g5['g5_shop_order_table']}

22
shop/orderinquiryview.php
View File

@ -309,11 +309,11 @@ if($od['od_pg'] == 'lg') {
?>
<tr>
<th scope="row">입금자명</th>
<td><?php echo $od['od_deposit_name']; ?></td>
<td><?php echo get_text($od['od_deposit_name']); ?></td>
</tr>
<tr>
<th scope="row">입금계좌</th>
<td><?php echo $od['od_bank_account']; ?></td>
<td><?php echo get_text($od['od_bank_account']); ?></td>
</tr>
<?php
}
@ -449,23 +449,23 @@ if($od['od_pg'] == 'lg') {
<tbody>
<tr>
<th scope="row">이 름</th>
<td><?php echo $od['od_name']; ?></td>
<td><?php echo get_text($od['od_name']); ?></td>
</tr>
<tr>
<th scope="row">전화번호</th>
<td><?php echo $od['od_tel']; ?></td>
<td><?php echo get_text($od['od_tel']); ?></td>
</tr>
<tr>
<th scope="row">핸드폰</th>
<td><?php echo $od['od_hp']; ?></td>
<td><?php echo get_text($od['od_hp']); ?></td>
</tr>
<tr>
<th scope="row">주 소</th>
<td><?php echo sprintf("(%s-%s)", $od['od_zip1'], $od['od_zip2']).' '.print_address($od['od_addr1'], $od['od_addr2'], $od['od_addr3']); ?></td>
<td><?php echo get_text(sprintf("(%s-%s)", $od['od_zip1'], $od['od_zip2']).' '.print_address($od['od_addr1'], $od['od_addr2'], $od['od_addr3'])); ?></td>
</tr>
<tr>
<th scope="row">E-mail</th>
<td><?php echo $od['od_email']; ?></td>
<td><?php echo get_text($od['od_email']); ?></td>
</tr>
</tbody>
</table>
@ -484,19 +484,19 @@ if($od['od_pg'] == 'lg') {
<tbody>
<tr>
<th scope="row">이 름</th>
<td><?php echo $od['od_b_name']; ?></td>
<td><?php echo get_text($od['od_b_name']); ?></td>
</tr>
<tr>
<th scope="row">전화번호</th>
<td><?php echo $od['od_b_tel']; ?></td>
<td><?php echo get_text($od['od_b_tel']); ?></td>
</tr>
<tr>
<th scope="row">핸드폰</th>
<td><?php echo $od['od_b_hp']; ?></td>
<td><?php echo get_text($od['od_b_hp']); ?></td>
</tr>
<tr>
<th scope="row">주 소</th>
<td><?php echo sprintf("(%s-%s)", $od['od_b_zip1'], $od['od_b_zip2']).' '.print_address($od['od_b_addr1'], $od['od_b_addr2'], $od['od_b_addr3']); ?></td>
<td><?php echo get_text(sprintf("(%s-%s)", $od['od_b_zip1'], $od['od_b_zip2']).' '.print_address($od['od_b_addr1'], $od['od_b_addr2'], $od['od_b_addr3'])); ?></td>
</tr>
<?php
// 희망배송일을 사용한다면

4
shop/personalpayresult.php
View File

@ -123,11 +123,11 @@ if($od['od_pg'] == 'lg') {
?>
<tr>
<th scope="row">입금자명</th>
<td><?php echo $pp['pp_deposit_name']; ?></td>
<td><?php echo get_text($pp['pp_deposit_name']); ?></td>
</tr>
<tr>
<th scope="row">입금계좌</th>
<td><?php echo $pp['pp_bank_account']; ?></td>
<td><?php echo get_text($pp['pp_bank_account']); ?></td>
</tr>
<?php
}