From 6705d014f9c2c39cc8ae0acc3b53cf9e3dada2ae Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 25 Mar 2024 09:25:53 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2024-0021]=20Stored=20XSS=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/itemformupdate.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/adm/shop_admin/itemformupdate.php b/adm/shop_admin/itemformupdate.php
index ccd16943c..9543b568f 100644
--- a/adm/shop_admin/itemformupdate.php
+++ b/adm/shop_admin/itemformupdate.php
@@ -285,8 +285,8 @@ if($supply_count) {
 $value_array = array();
 $count_ii_article = (isset($_POST['ii_article']) && is_array($_POST['ii_article'])) ? count($_POST['ii_article']) : 0;
 for($i=0; $i<$count_ii_article; $i++) {
-    $key = isset($_POST['ii_article'][$i]) ? strip_tags($_POST['ii_article'][$i], '<br><span><strong><b>') : '';
-    $val = isset($_POST['ii_value'][$i]) ? strip_tags($_POST['ii_value'][$i], '<br><span><strong><b>') : '';
+    $key = isset($_POST['ii_article'][$i]) ? html_purifier($_POST['ii_article'][$i]) : '';
+    $val = isset($_POST['ii_value'][$i]) ? html_purifier($_POST['ii_value'][$i]) : '';
     $value_array[$key] = $val;
 }
 $it_info_value = addslashes(serialize($value_array));