영카트 XSS 취약점 수정

2020-02-13 17:43:26 +09:00
parent 43ce9d376b
commit 56647c1807
4 changed files with 5 additions and 5 deletions
--- a/adm/shop_admin/sendcostupdate.php
+++ b/adm/shop_admin/sendcostupdate.php
@ -22,7 +22,7 @@ if($w == 'd') {
        sql_query(" delete from {$g5['g5_shop_sendcost_table']} where sc_id = '$sc_id' ");
    }
 } else {
-    $sc_name = trim(strip_tags($_POST['sc_name']));
+    $sc_name = trim(strip_tags(clean_xss_attributes($_POST['sc_name'])));
    $sc_zip1 = preg_replace('/[^0-9]/', '', $_POST['sc_zip1']);
    $sc_zip2 = preg_replace('/[^0-9]/', '', $_POST['sc_zip2']);
    $sc_price = preg_replace('/[^0-9]/', '', $_POST['sc_price']);