[KVE-2019-0688,0689,0691,0694,0708,0709,0750,0762,0791,0802,0846] 그누보드,영카트 다중 취약점 수정

2019-05-24 10:50:28 +09:00
parent ab8c94b53f
commit 6b2e0e9b58
12 changed files with 429 additions and 206 deletions
--- a/shop/_common.php
+++ b/shop/_common.php
@ -1,10 +1,9 @@
 <?php
 include_once('../common.php');

-if (isset($_REQUEST['sort']))  {
+if (isset($_REQUEST['sort']) && !preg_match("/(--|#|\/\*|\*\/)/", $_REQUEST['sort']))  {
    $sort = trim($_REQUEST['sort']);
    $sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
-    $sort = preg_replace("/(--|#|\/\*|\*\/)/", "", $sort);
 } else {
    $sort = '';
 }