firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0259]XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2025-05-15 09:53:28 +09:00
parent c2da219473
commit 316d3542a9
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/shop.lib.php
View File

@ -2641,10 +2641,10 @@ function make_order_field($data, $exclude)
if(is_array($value)) { if(is_array($value)) {
foreach($value as $k=>$v) { foreach($value as $k=>$v) {
$field .= '<input type="hidden" name="'.$key.'['.$k.']" value="'.get_text($v).'">'.PHP_EOL; $field .= '<input type="hidden" name="'.get_text($key.'['.$k.']').'" value="'.get_text($v).'">'.PHP_EOL;
} }
} else { } else {
$field .= '<input type="hidden" name="'.$key.'" value="'.get_text($value).'">'.PHP_EOL; $field .= '<input type="hidden" name="'.get_text($key).'" value="'.get_text($value).'">'.PHP_EOL;
} }
} }

4
mobile/shop/lg/returnurl.php
View File

@ -54,8 +54,8 @@ echo '<form name="forderform" method="post" action="'.$order_action_url.'" autoc
echo make_order_field($data, $exclude); echo make_order_field($data, $exclude);
echo '<input type="hidden" name="res_cd" value="'.$LGD_RESPCODE.'">'.PHP_EOL; echo '<input type="hidden" name="res_cd" value="'.get_text($LGD_RESPCODE).'">'.PHP_EOL;
echo '<input type="hidden" name="LGD_PAYKEY" value="'.$LGD_PAYKEY.'">'.PHP_EOL; echo '<input type="hidden" name="LGD_PAYKEY" value="'.get_text($LGD_PAYKEY).'">'.PHP_EOL;
echo '</form>'.PHP_EOL; echo '</form>'.PHP_EOL;
?> ?>

2
mobile/shop/lg/xpay_approval.php
View File

@ -167,7 +167,7 @@ function getFormObject() {
<form method="post" name="LGD_PAYINFO" id="LGD_PAYINFO" action=""> <form method="post" name="LGD_PAYINFO" id="LGD_PAYINFO" action="">
<?php <?php
foreach ($payReqMap as $key => $value) { foreach ($payReqMap as $key => $value) {
echo'"<input type="hidden" name="'.$key.'" id="'.$key.'" value="'.$value.'">'; echo'"<input type="hidden" name="'.get_text($key).'" id="'.get_text($key).'" value="'.get_text($value).'">';
} }
?> ?>
</form> </form>

2
plugin/lgxpay/returnurl.php
View File

@ -59,7 +59,7 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
foreach ($payReqMap as $key => $value) { foreach ($payReqMap as $key => $value) {
$key = htmlspecialchars(strip_tags($key)); $key = htmlspecialchars(strip_tags($key));
$value = htmlspecialchars(strip_tags($value)); $value = htmlspecialchars(strip_tags($value));
echo "<input type='hidden' name='$key' id='$key' value='$value'>"; echo "<input type='hidden' name='".get_text($key)."' id='".get_text($key)."' value='".get_text($value)."'>";
} }
?> ?>
</form> </form>

2
shop/lg/returnurl.php
View File

@ -46,7 +46,7 @@ $payReqMap = $_SESSION['PAYREQ_MAP'];//결제 요청시, Session에 저장했던
<form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO"> <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
<?php <?php
foreach ($payReqMap as $key => $value) { foreach ($payReqMap as $key => $value) {
echo "<input type='hidden' name='$key' id='$key' value='$value'>"; echo "<input type='hidden' name='".get_text($key)."' id='".get_text($key)."' value='".get_text($value)."'>";
} }
?> ?>
</form> </form>