firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-0729 영카트 원격코드인젝션 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-09-06 13:34:49 +09:00
parent d21010276a
commit 3df899179f
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/shop.lib.php
View File

@ -2245,7 +2245,7 @@ function get_shop_order_data($od_id, $type='item')
{
global $g5;
$od_id = clean_xss_tags($od_id);
$od_id = preg_replace('/[^0-9a-z_-]/i', '', clean_xss_tags($od_id));
if( $type == 'personal' ){
$row = sql_fetch("select * from {$g5['g5_shop_personalpay_table']} where pp_id = $od_id ", false);

2
mobile/shop/inicis/pay_return.php
View File

@ -7,6 +7,8 @@ set_session('P_TID', '');
set_session('P_AMT', '');
set_session('P_HASH', '');
$oid = preg_replace('/[^0-9a-z_-]/i', '', $oid);
$sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$oid' ";
$row = sql_fetch($sql);