From 340602a5b87781bdaff86f4596beded0d6a73fe5 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 24 Apr 2020 15:43:26 +0900 Subject: [PATCH] =?UTF-8?q?[KVE-2020-0200,0202]=EC=98=81=EC=B9=B4=ED=8A=B8?= =?UTF-8?q?=20=EB=8B=A4=EC=A4=91=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/categoryform.php | 2 ++ adm/shop_admin/itemdelete.inc.php | 10 +++++----- install/install_config.php | 2 +- install/install_db.php | 14 +++++++------- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/adm/shop_admin/categoryform.php b/adm/shop_admin/categoryform.php index 5c4a10ec0..8664d7bfc 100644 --- a/adm/shop_admin/categoryform.php +++ b/adm/shop_admin/categoryform.php @@ -5,6 +5,8 @@ include_once(G5_EDITOR_LIB); auth_check($auth[$sub_menu], "w"); +$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : ''; + $sql_common = " from {$g5['g5_shop_category_table']} "; if ($is_admin != 'super') $sql_common .= " where ca_mb_id = '{$member['mb_id']}' "; diff --git a/adm/shop_admin/itemdelete.inc.php b/adm/shop_admin/itemdelete.inc.php index 3df806357..78c5ac531 100644 --- a/adm/shop_admin/itemdelete.inc.php +++ b/adm/shop_admin/itemdelete.inc.php @@ -19,7 +19,7 @@ if (!function_exists("itemdelete")) { // 상품 이미지 삭제 $dir_list = array(); for($i=1; $i<=10; $i++) { - $file = G5_DATA_PATH.'/item/'.$it['it_img'.$i]; + $file = G5_DATA_PATH.'/item/'.clean_relative_paths($it['it_img'.$i]); if(is_file($file) && $it['it_img'.$i]) { @unlink($file); $dir = dirname($file); @@ -78,9 +78,9 @@ if (!function_exists("itemdelete")) { else $data_path = $p['path']; - $destfile = G5_PATH.$data_path; + $destfile = G5_PATH.clean_relative_paths($data_path); - if(is_file($destfile)) + if(is_file($destfile) && preg_match('/(\.(gif|jpe?g|png))$/i', $destfile)) @unlink($destfile); } @@ -95,9 +95,9 @@ if (!function_exists("itemdelete")) { else $data_path = $p['path']; - $destfile = G5_PATH.$data_path; + $destfile = G5_PATH.clean_relative_paths($data_path); - if(is_file($destfile)) + if(is_file($destfile) && preg_match('/(\.(gif|jpe?g|png))$/i', $destfile)) @unlink($destfile); } //------------------------------------------------------------------------ diff --git a/install/install_config.php b/install/install_config.php index a4aff0f04..937dc7008 100644 --- a/install/install_config.php +++ b/install/install_config.php @@ -67,7 +67,7 @@ $ajax_token = md5($tmp_str.$_SERVER['REMOTE_ADDR'].$_SERVER['DOCUMENT_ROOT']); - 가능한 변경하지 마십시오. + 쇼핑몰TABLE명 접두사는 영문자, 숫자, _ 만 입력 가능합니다. diff --git a/install/install_db.php b/install/install_db.php index 20bbdbd9b..50f86f287 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -23,11 +23,11 @@ include_once ('./install.inc.php'); //print_r($_POST); exit; -$mysql_host = $_POST['mysql_host']; -$mysql_user = $_POST['mysql_user']; -$mysql_pass = $_POST['mysql_pass']; -$mysql_db = $_POST['mysql_db']; -$table_prefix= $_POST['table_prefix']; +$mysql_host = safe_install_string_check($_POST['mysql_host']); +$mysql_user = safe_install_string_check($_POST['mysql_user']); +$mysql_pass = safe_install_string_check($_POST['mysql_pass']); +$mysql_db = safe_install_string_check($_POST['mysql_db']); +$table_prefix= safe_install_string_check($_POST['table_prefix']); $admin_id = $_POST['admin_id']; $admin_pass = $_POST['admin_pass']; $admin_name = $_POST['admin_name']; @@ -35,10 +35,10 @@ $admin_email = $_POST['admin_email']; $g5_install = 0; if (isset($_POST['g5_install'])) $g5_install = $_POST['g5_install']; -$g5_shop_prefix = $_POST['g5_shop_prefix']; +$g5_shop_prefix = safe_install_string_check($_POST['g5_shop_prefix']); $g5_shop_install= $_POST['g5_shop_install']; -if (preg_match("/[^0-9a-z_]+/i", $table_prefix) ) { +if (preg_match("/[^0-9a-z_]+/i", $table_prefix) || preg_match("/[^0-9a-z_]+/i", $g5_shop_prefix)) { die('

TABLE명 접두사는 영문자, 숫자, _ 만 입력하세요.

뒤로가기
'); }