영카트 모바일 주문시 SQL Injection 취약점 수정

2023-08-07 10:26:50 +09:00
parent 641656047d
commit 6868cee8d1
1 changed files with 1 additions and 1 deletions
--- a/mobile/shop/orderformupdate.php
+++ b/mobile/shop/orderformupdate.php
@ -766,7 +766,7 @@ $od_memo = nl2br(htmlspecialchars2(stripslashes($od_memo))) . "&nbsp;";
 if($is_member) {
    $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
    for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = isset($_POST['cp_id'][$i]) ? $_POST['cp_id'][$i] : '';
+        $cid = isset($_POST['cp_id'][$i]) ? clean_xss_tags($_POST['cp_id'][$i], 1, 1) : '';
        $cp_it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
        $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;