firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-0688,0689,0691,0694,0708,0709,0750,0762,0791,0802,0846] 그누보드,영카트 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-24 10:50:28 +09:00
parent ab8c94b53f
commit 6b2e0e9b58
12 changed files with 429 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adm/shop_admin/itemeventlist.php
View File

@ -7,7 +7,7 @@ auth_check($auth[$sub_menu], "r");
$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
$sort1 = strip_tags($sort1);
if (!in_array($sort1, array('a.it_id', 'it_name'))) $sort1 = "a.it_id";
$sel_field = strip_tags($sel_field);
$sel_field = in_array($sel_field, array('a.it_id', 'it_name')) ? strip_tags($sel_field) : 'it_name';
$sel_ca_id = get_search_string($sel_ca_id);
$search = get_search_string($search);
$ev_title = isset($ev_title) ? strip_tags($ev_title) : '';
@ -28,10 +28,6 @@ if ($sel_ca_id != "") {
$sql_search .= " $where ca_id like '$sel_ca_id%' ";
}
if ($sel_field == "") {
$sel_field = "it_name";
}
$sql_common = " from {$g5['g5_shop_item_table']} a
left join {$g5['g5_shop_event_item_table']} b on (a.it_id=b.it_id and b.ev_id='$ev_id') ";
$sql_common .= $sql_search;