firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0164]영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-03-12 12:14:14 +09:00
parent d0f81862bb
commit 4c90b5e3b1
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/itemformupdate.php
View File

@ -304,6 +304,8 @@ foreach( $check_sanitize_keys as $key ){
$$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
}
$it_basic = preg_replace('#<script(.*?)>(.*?)<\/script>#is', '', $it_basic);
if ($it_name == "")
alert("상품명을 입력해 주십시오.");

8
lib/shop.data.lib.php
View File

@ -15,7 +15,8 @@ function get_shop_item($it_id, $is_cache=false, $add_query=''){
$g5_object->set('shop', $it_id, $item, $add_query_key);
}
$item['it_basic'] = conv_content($item['it_basic'], 1);
return $item;
}
@ -29,7 +30,10 @@ function get_shop_item_with_category($it_id, $seo_title='', $add_query=''){
$sql = " select a.*, b.ca_name, b.ca_use from {$g5['g5_shop_item_table']} a, {$g5['g5_shop_category_table']} b where a.it_id = '$it_id' and a.ca_id = b.ca_id $add_query";
}
return sql_fetch($sql);
$item = sql_fetch($sql);
$item['it_basic'] = conv_content($item['it_basic'], 1);
return $item;
}
function get_shop_navigation_data($is_cache, $ca_id, $ca_id2='', $ca_id3=''){

3
lib/shop.lib.php
View File

@ -319,7 +319,8 @@ class item_list
if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){
shop_seo_title_update($row['it_id']);
}
$row['it_basic'] = conv_content($row['it_basic'], 1);
$list[] = $row;
}