firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0164]영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-03-12 12:14:14 +09:00
parent d0f81862bb
commit 4c90b5e3b1
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/itemformupdate.php
View File

@ -304,6 +304,8 @@ foreach( $check_sanitize_keys as $key ){
$$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : ''; $$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
} }
$it_basic = preg_replace('#<script(.*?)>(.*?)<\/script>#is', '', $it_basic);
if ($it_name == "") if ($it_name == "")
alert("상품명을 입력해 주십시오."); alert("상품명을 입력해 주십시오.");

8
lib/shop.data.lib.php
View File

@ -15,7 +15,8 @@ function get_shop_item($it_id, $is_cache=false, $add_query=''){
$g5_object->set('shop', $it_id, $item, $add_query_key); $g5_object->set('shop', $it_id, $item, $add_query_key);
} }
$item['it_basic'] = conv_content($item['it_basic'], 1);
return $item; return $item;
} }
@ -29,7 +30,10 @@ function get_shop_item_with_category($it_id, $seo_title='', $add_query=''){
$sql = " select a.*, b.ca_name, b.ca_use from {$g5['g5_shop_item_table']} a, {$g5['g5_shop_category_table']} b where a.it_id = '$it_id' and a.ca_id = b.ca_id $add_query"; $sql = " select a.*, b.ca_name, b.ca_use from {$g5['g5_shop_item_table']} a, {$g5['g5_shop_category_table']} b where a.it_id = '$it_id' and a.ca_id = b.ca_id $add_query";
} }
return sql_fetch($sql); $item = sql_fetch($sql);
$item['it_basic'] = conv_content($item['it_basic'], 1);
return $item;
} }
function get_shop_navigation_data($is_cache, $ca_id, $ca_id2='', $ca_id3=''){ function get_shop_navigation_data($is_cache, $ca_id, $ca_id2='', $ca_id3=''){

3
lib/shop.lib.php
View File

@ -319,7 +319,8 @@ class item_list
if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){ if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){
shop_seo_title_update($row['it_id']); shop_seo_title_update($row['it_id']);
} }
$row['it_basic'] = conv_content($row['it_basic'], 1);
$list[] = $row; $list[] = $row;
} }