firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 취약점(16-1007) 수정

Browse Source
This commit is contained in:
thisgun
2017-01-05 17:56:22 +09:00
parent 27d603a804
commit 340fd32449
10 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
adm/shop_admin/orderlist.php
View File

@ -10,6 +10,15 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
$where = array();
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_field = get_search_string($sel_field);
$od_status = get_search_string($od_status);
$search = get_search_string($search);
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
$sql_search = "";
if ($search != "") {
if ($sel_field != "") {