firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점(16-1007) 수정

Browse Source
This commit is contained in:
thisgun
2017-01-05 17:56:22 +09:00
parent 27d603a804
commit 340fd32449
10 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/bannerform.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
$bn_id = preg_replace('/[^0-9]/', '', $bn_id);
$html_title = '배너';
$g5['title'] = $html_title.'관리';

2
adm/shop_admin/itemeventform.php
View File

@ -5,6 +5,8 @@ include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
$html_title = "이벤트";
$g5['title'] = $html_title.' 관리';

8
adm/shop_admin/itemeventlist.php
View File

@ -4,6 +4,12 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
$sort1 = strip_tags($sort1);
$sel_field = strip_tags($sel_field);
$sel_ca_id = get_search_string($sel_ca_id);
$search = get_search_string($search);
$g5['title'] = '이벤트일괄처리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -42,7 +48,7 @@ if (!$sort1) {
$sort1 = "b.ev_id";
}
if (!$sort2) {
if (!$sort2 || $sort2 != "asc") {
$sort2 = "desc";
}

5
adm/shop_admin/itemsellrank.php
View File

@ -11,7 +11,10 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
if (!$to_date) $to_date = date("Ymd", time());
if ($sort1 == "") $sort1 = "ct_status_sum";
if ($sort2 == "") $sort2 = "desc";
if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sql = " select a.it_id,
b.*,

7
adm/shop_admin/itemstocklist.php
View File

@ -4,6 +4,13 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_ca_id = get_search_string($sel_ca_id);
$sel_field = get_search_string($sel_field);
$search = get_search_string($search);
$g5['title'] = '상품재고관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');

7
adm/shop_admin/itemstocksms.php
View File

@ -33,7 +33,12 @@ if ($search != "") {
if ($sel_field == "") $sel_field = "it_it";
if ($sort1 == "") $sort1 = "ss_send";
if ($sort2 == "") $sort2 = "asc";
if ($sort2 == "" || $sort2 != "desc") $sort2 = "asc";
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sel_field = strip_tags($sel_field);
$search = get_search_string($search);
$sql_common = " from {$g5['g5_shop_item_stocksms_table']} ";

2
adm/shop_admin/itemtypelist.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
$doc = strip_tags($doc);
$g5['title'] = '상품유형관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');

7
adm/shop_admin/optionstocklist.php
View File

@ -4,6 +4,13 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_ca_id = get_search_string($sel_ca_id);
$sel_field = get_search_string($sel_field);
$search = get_search_string($search);
$g5['title'] = '상품옵션재고관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');

9
adm/shop_admin/orderlist.php
View File

@ -10,6 +10,15 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
$where = array();
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_field = get_search_string($sel_field);
$od_status = get_search_string($od_status);
$search = get_search_string($search);
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
$sql_search = "";
if ($search != "") {
if ($sel_field != "") {

9
adm/shop_admin/wishlist.php
View File

@ -10,8 +10,15 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
if (!$to_date) $to_date = date("Ymd", time());
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sel_ca_id = get_search_string($sel_ca_id);
if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
if ($sort1 == "") $sort1 = "it_id_cnt";
if ($sort2 == "") $sort2 = "desc";
if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
$sql = " select a.it_id,
b.it_name,