[KVE-2025-0464]영카트 XSS 취약점 수정

2025-08-27 17:58:06 +09:00
parent 5da91ab73e
commit 6a3c2b1002
4 changed files with 42 additions and 14 deletions
--- a/adm/shop_admin/itemsupply.php
+++ b/adm/shop_admin/itemsupply.php
@ -55,12 +55,12 @@ if($ps_run) {
    ?>
    <tr>
        <td class="td_chk">
-            <input type="hidden" name="spl_id[]" value="<?php echo $spl_id; ?>">
-            <label for="spl_chk_<?php echo $i; ?>" class="sound_only"><?php echo $spl_subject.' '.$spl; ?></label>
+            <input type="hidden" name="spl_id[]" value="<?php echo get_text($spl_id); ?>">
+            <label for="spl_chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($spl_subject.' '.$spl); ?></label>
            <input type="checkbox" name="spl_chk[]" id="spl_chk_<?php echo $i; ?>" value="1">
        </td>
-        <td class="spl-subject-cell"><?php echo $spl_subject; ?></td>
-        <td class="spl-cell"><?php echo $spl; ?></td>
+        <td class="spl-subject-cell"><?php echo get_text($spl_subject); ?></td>
+        <td class="spl-cell"><?php echo get_text($spl); ?></td>
        <td class="td_numsmall">
            <label for="spl_price_<?php echo $i; ?>" class="sound_only">상품금액</label>
            <input type="text" name="spl_price[]" value="<?php echo $spl_price; ?>" id="spl_price_<?php echo $i; ?>" class="frm_input" size="5">