firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-0688,0689,0691,0694,0708,0709,0750,0762,0791,0802,0846] 그누보드,영카트 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-24 10:50:28 +09:00
parent ab8c94b53f
commit 6b2e0e9b58
12 changed files with 429 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mobile/shop/inicis/pay_approval.php
View File

@ -8,6 +8,11 @@ set_session('P_AMT', '');
set_session('P_HASH', '');
$oid = trim($_REQUEST['P_NOTI']);
$p_req_url = trim($_REQUEST['P_REQ_URL']);
if( ! $p_req_url || !preg_match('/^https\:\/\//i', $p_req_url)){
alert("잘못된 요청 URL 입니다.");
}
$sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$oid' ";
$row = sql_fetch($sql);
@ -76,6 +81,7 @@ if($_REQUEST['P_STATUS'] != '00') {
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_PORT, 443);
curl_setopt($ch, CURLOPT_URL, $_REQUEST['P_REQ_URL']);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);