From 6868cee8d1f7c0d8b7aa7e8ee98e82ce2fe8cc6d Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 7 Aug 2023 10:26:50 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EB=AA=A8?=
 =?UTF-8?q?=EB=B0=94=EC=9D=BC=20=EC=A3=BC=EB=AC=B8=EC=8B=9C=20SQL=20Inject?=
 =?UTF-8?q?ion=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/orderformupdate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php
index da38f5a20..afca88cda 100644
--- a/mobile/shop/orderformupdate.php
+++ b/mobile/shop/orderformupdate.php
@@ -766,7 +766,7 @@ $od_memo = nl2br(htmlspecialchars2(stripslashes($od_memo))) . "&nbsp;";
 if($is_member) {
     $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = isset($_POST['cp_id'][$i]) ? $_POST['cp_id'][$i] : '';
+        $cid = isset($_POST['cp_id'][$i]) ? clean_xss_tags($_POST['cp_id'][$i], 1, 1) : '';
         $cp_it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
         $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;