firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0464]영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2025-08-27 17:58:06 +09:00
parent 5da91ab73e
commit 6a3c2b1002
4 changed files with 42 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
adm/shop_admin/itemformupdate.php
View File

@ -235,6 +235,14 @@ sql_query(" delete from {$g5['g5_shop_event_item_table']} where it_id = '$it_id'
// 선택옵션
sql_query(" delete from {$g5['g5_shop_item_option_table']} where io_type = '0' and it_id = '$it_id' "); // 기존선택옵션삭제
// 금지할 패턴 목록
$forbidden_patterns = array(
'/<\s*script/i', // <script>
'/<\s*iframe/i', // <iframe>
'/on\w+\s*=/i', // onclick=, onerror= 등 이벤트 핸들러
'/javascript:/i' // javascript: 프로토콜
);
$option_count = (isset($_POST['opt_id']) && is_array($_POST['opt_id'])) ? count($_POST['opt_id']) : array();
$it_option_subject = '';
$it_supply_subject = '';
@ -243,8 +251,18 @@ if($option_count) {
// 옵션명
$opt1_cnt = $opt2_cnt = $opt3_cnt = 0;
for($i=0; $i<$option_count; $i++) {
$post_opt_id = isset($_POST['opt_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i])) : '';
$post_opt_id = isset($_POST['opt_id'][$i]) ? $_POST['opt_id'][$i] : '';
foreach ($forbidden_patterns as $pattern) {
if (preg_match($pattern, $post_opt_id)) {
$post_opt_id = '';
$_POST['opt_id'][$i] = '';
continue 2;
}
}
$post_opt_id = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($post_opt_id));
$opt_val = explode(chr(30), $post_opt_id);
if(isset($opt_val[0]) && $opt_val[0])
$opt1_cnt++;
@ -271,8 +289,18 @@ if($supply_count) {
// 추가옵션명
$arr_spl = array();
for($i=0; $i<$supply_count; $i++) {
$post_spl_id = isset($_POST['spl_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i])) : '';
$post_spl_id = isset($_POST['spl_id'][$i]) ? $_POST['spl_id'][$i] : '';
foreach ($forbidden_patterns as $pattern) {
if (preg_match($pattern, $post_spl_id)) {
$post_spl_id = '';
$_POST['spl_id'][$i] = '';
continue 2;
}
}
$post_spl_id = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($post_spl_id));
$spl_val = explode(chr(30), $post_spl_id);
if(!in_array($spl_val[0], $arr_spl))
$arr_spl[] = $spl_val[0];