From 46e138f3214de027b7c585ef15083204db735aef Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 23 Jan 2020 12:10:30 +0900 Subject: [PATCH] =?UTF-8?q?[KVE-2019-1518]=20=EC=98=81=EC=B9=B4=ED=8A=B8?= =?UTF-8?q?=205=5FCross=20Site=20Scripting(XSS)=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/itemformupdate.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/adm/shop_admin/itemformupdate.php b/adm/shop_admin/itemformupdate.php index acb1703bd..529c92498 100644 --- a/adm/shop_admin/itemformupdate.php +++ b/adm/shop_admin/itemformupdate.php @@ -218,7 +218,7 @@ if($option_count) { // 옵션명 $opt1_cnt = $opt2_cnt = $opt3_cnt = 0; for($i=0; $i<$option_count; $i++) { - $_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id'][$i]); + $_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i])); $opt_val = explode(chr(30), $_POST['opt_id'][$i]); if($opt_val[0]) @@ -246,7 +246,7 @@ if($supply_count) { // 추가옵션명 $arr_spl = array(); for($i=0; $i<$supply_count; $i++) { - $_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['spl_id'][$i]); + $_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i])); $spl_val = explode(chr(30), $_POST['spl_id'][$i]); if(!in_array($spl_val[0], $arr_spl))