From 4cc8284016941159ea0f0c4848c3a55982ebec2f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 7 Jan 2019 14:13:03 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-1827,=201828,=201829,=201830=20?=
 =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C/=EC=98=81=EC=B9=B4?=
 =?UTF-8?q?=ED=8A=B8=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=B2=98=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/emoticon_move_update.php | 2 ++
 adm/sms_admin/history_num.php          | 4 ++++
 adm/sms_admin/history_view.php         | 4 ++++
 adm/sms_admin/num_book_move.php        | 4 ++--
 adm/sms_admin/number_move_update.php   | 2 ++
 5 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/adm/sms_admin/emoticon_move_update.php b/adm/sms_admin/emoticon_move_update.php
index aa1227f6a..8fe03b539 100644
--- a/adm/sms_admin/emoticon_move_update.php
+++ b/adm/sms_admin/emoticon_move_update.php
@@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "r");
 if(!count($_POST['chk_fg_no']))
     alert('이모티콘을 이동할 그룹을 한개 이상 선택해 주십시오.', $url);
 
+$fo_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $fo_no_list);
+
 $sql = "select * from {$g5['sms5_form_table']} where fo_no in ($fo_no_list) order by fo_no desc ";
 $result = sql_query($sql);
 $save = array();
diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php
index 530cfcdcd..f53dfb407 100644
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@@ -16,6 +16,10 @@ if ($st && trim($sv))
 else
     $sql_search = "";
 
+if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
+    $st = '';
+}
+
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
 $total_count = $total_res['cnt'];
 
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 2fd9d1b0c..498d7fe03 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -8,6 +8,10 @@ $colspan = 10;
 $st = isset($st) ? strip_tags($st) : '';
 $ssv = isset($ssv) ? strip_tags($ssv) : '';
 
+if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
+    $st = '';
+}
+
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = "문자전송 상세내역";
diff --git a/adm/sms_admin/num_book_move.php b/adm/sms_admin/num_book_move.php
index 0097f9150..f69248d89 100644
--- a/adm/sms_admin/num_book_move.php
+++ b/adm/sms_admin/num_book_move.php
@@ -31,8 +31,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
 
     <form name="fboardmoveall" method="post" action="./number_move_update.php" onsubmit="return fboardmoveall_submit(this);">
     <input type="hidden" name="sw" value="<?php echo $sw ?>">
-    <input type="hidden" name="bk_no_list" value="<?php echo $bk_no_list ?>">
-    <input type="hidden" name="act" value="<?php echo $act ?>">
+    <input type="hidden" name="bk_no_list" value="<?php echo get_sanitize_input($bk_no_list); ?>">
+    <input type="hidden" name="act" value="<?php echo get_sanitize_input($act); ?>">
     <input type="hidden" name="url" value="<?php echo clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])); ?>">
     <div class=" new_win_con"> 
         <div class="tbl_head01 tbl_wrap">
diff --git a/adm/sms_admin/number_move_update.php b/adm/sms_admin/number_move_update.php
index ad24a7010..76ad32fcb 100644
--- a/adm/sms_admin/number_move_update.php
+++ b/adm/sms_admin/number_move_update.php
@@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "r");
 if(!count($_POST['chk_bg_no']))
     alert('번호를 '.$act.'할 그룹을 한개 이상 선택해 주십시오.', $url);
 
+$bk_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $bk_no_list);
+
 $sql = "select * from {$g5['sms5_book_table']} where bk_no in ($bk_no_list) order by bk_no desc ";
 $result = sql_query($sql);
 $save = array();