firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-02-13 17:43:26 +09:00
parent 43ce9d376b
commit 56647c1807
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/categorylistupdate.php
View File

@ -10,7 +10,7 @@ check_admin_token();
for ($i=0; $i<count($_POST['ca_id']); $i++)
{
$str_ca_mb_id = isset($_POST['ca_mb_id'][$i]) ? strip_tags($_POST['ca_mb_id'][$i]) : '';
$str_ca_mb_id = isset($_POST['ca_mb_id'][$i]) ? strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])) : '';
if ($str_ca_mb_id)
{

4
adm/shop_admin/itemformupdate.php
View File

@ -269,7 +269,7 @@ $it_info_value = addslashes(serialize($value_array));
if(($it_point_type == 1 || $it_point_type == 2) && $it_point > 99)
alert("포인트 비율을 0과 99 사이의 값으로 입력해 주십시오.");
$it_name = strip_tags(trim($_POST['it_name']));
$it_name = strip_tags(clean_xss_attributes(trim($_POST['it_name'])));
// KVE-2019-0708
$check_sanitize_keys = array(
@ -326,7 +326,7 @@ $sql_common = " ca_id = '$ca_id',
it_type5 = '$it_type5',
it_basic = '$it_basic',
it_explan = '$it_explan',
it_explan2 = '".strip_tags(trim($_POST['it_explan']))."',
it_explan2 = '".strip_tags(trim(clean_xss_attributes($_POST['it_explan'])))."',
it_mobile_explan = '$it_mobile_explan',
it_cust_price = '$it_cust_price',
it_price = '$it_price',

2
adm/shop_admin/personalpayformupdate.php
View File

@ -5,7 +5,7 @@ include_once('./_common.php');
check_admin_token();
if( isset($_POST['pp_name']) ){
$_POST['pp_name'] = strip_tags($_POST['pp_name']);
$_POST['pp_name'] = strip_tags(clean_xss_attributes($_POST['pp_name']));
}
if($w == 'd') {

2
adm/shop_admin/sendcostupdate.php
View File

@ -22,7 +22,7 @@ if($w == 'd') {
sql_query(" delete from {$g5['g5_shop_sendcost_table']} where sc_id = '$sc_id' ");
}
} else {
$sc_name = trim(strip_tags($_POST['sc_name']));
$sc_name = trim(strip_tags(clean_xss_attributes($_POST['sc_name'])));
$sc_zip1 = preg_replace('/[^0-9]/', '', $_POST['sc_zip1']);
$sc_zip2 = preg_replace('/[^0-9]/', '', $_POST['sc_zip2']);
$sc_price = preg_replace('/[^0-9]/', '', $_POST['sc_price']);