[KVE-2019-0688,0689,0691,0694,0708,0709,0750,0762,0791,0802,0846] 그누보드,영카트 다중 취약점 수정

2019-05-24 10:50:28 +09:00
parent ab8c94b53f
commit 6b2e0e9b58
12 changed files with 429 additions and 206 deletions
--- a/adm/shop_admin/configform.php
+++ b/adm/shop_admin/configform.php
@ -1006,11 +1006,11 @@ if(!isset($default['de_listtype_list_skin'])) {
        </tr>
        <tr>
            <th scope="row">배송정보</th>
-            <td><?php echo editor_html('de_baesong_content', get_text($default['de_baesong_content'], 0)); ?></td>
+            <td><?php echo editor_html('de_baesong_content', get_text(html_purifier($default['de_baesong_content']), 0)); ?></td>
        </tr>
        <tr>
            <th scope="row">교환/반품</th>
-            <td><?php echo editor_html('de_change_content', get_text($default['de_change_content'], 0)); ?></td>
+            <td><?php echo editor_html('de_change_content', get_text(html_purifier($default['de_change_content']), 0)); ?></td>
        </tr>
        </tbody>
        </table>
@ -1316,7 +1316,7 @@ if(!isset($default['de_listtype_list_skin'])) {
        </tr>
        <tr>
            <th scope="row">비회원에 대한<br/>개인정보수집 내용</th>
-            <td><?php echo editor_html('de_guest_privacy', get_text($default['de_guest_privacy'], 0)); ?></td>
+            <td><?php echo editor_html('de_guest_privacy', get_text(html_purifier($default['de_guest_privacy']), 0)); ?></td>
        </tr>
        <tr>
            <th scope="row">MYSQL USER</th>
@ -1545,7 +1545,7 @@ function byte_check(el_cont, el_byte)
                <input type="checkbox" name="de_sms_use<?php echo $i; ?>" value="1" id="de_sms_use<?php echo $i; ?>" <?php echo ($default["de_sms_use".$i] ? " checked" : ""); ?>>
                <label for="de_sms_use<?php echo $i; ?>"><span class="sound_only"><?php echo $scf_sms_title[$i]; ?></span>사용</label>
                <div class="scf_sms_img">
-                    <textarea id="de_sms_cont<?php echo $i; ?>" name="de_sms_cont<?php echo $i; ?>" ONKEYUP="byte_check('de_sms_cont<?php echo $i; ?>', 'byte<?php echo $i; ?>');"><?php echo $default['de_sms_cont'.$i]; ?></textarea>
+                    <textarea id="de_sms_cont<?php echo $i; ?>" name="de_sms_cont<?php echo $i; ?>" ONKEYUP="byte_check('de_sms_cont<?php echo $i; ?>', 'byte<?php echo $i; ?>');"><?php echo html_purifier($default['de_sms_cont'.$i]); ?></textarea>
                </div>
                <span id="byte<?php echo $i; ?>" class="scf_sms_cnt">0 / 80 바이트</span>
            </section>