From 724a4e4bf610163d2af1ab44f1d94d2a96129af0 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 13 Jan 2023 11:00:00 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2023-0046]=20=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C5(gnuboard5)=20SQL=20Injection=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/listtype.php | 12 ++++++------
 shop/listtype.php        | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/mobile/shop/listtype.php b/mobile/shop/listtype.php
index 7e6eff45f..f0a8e1913 100644
--- a/mobile/shop/listtype.php
+++ b/mobile/shop/listtype.php
@@ -1,12 +1,12 @@
 <?php
 include_once('./_common.php');
 
-$type = isset($_REQUEST['type']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']) : '';
-if ($type == 1)      $g5['title'] = '히트상품';
-else if ($type == 2) $g5['title'] = '추천상품';
-else if ($type == 3) $g5['title'] = '최신상품';
-else if ($type == 4) $g5['title'] = '인기상품';
-else if ($type == 5) $g5['title'] = '세일상품';
+$type = isset($_REQUEST['type']) ? (int) preg_replace("/[^0-9]/", "", $_REQUEST['type']) : 1;
+if ($type === 1)      $g5['title'] = '히트상품';
+else if ($type === 2) $g5['title'] = '추천상품';
+else if ($type === 3) $g5['title'] = '최신상품';
+else if ($type === 4) $g5['title'] = '인기상품';
+else if ($type === 5) $g5['title'] = '세일상품';
 else
     alert('상품유형이 아닙니다.');
 
diff --git a/shop/listtype.php b/shop/listtype.php
index 21aea7de7..c516a7cfc 100644
--- a/shop/listtype.php
+++ b/shop/listtype.php
@@ -3,18 +3,18 @@ include_once('./_common.php');
 
 // 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
 $sort = (isset($_REQUEST['sort']) && in_array($_REQUEST['sort'], array('it_name', 'it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time'))) ? $_REQUEST['sort'] : '';
-$type = isset($_REQUEST['type']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']) : '';
+$type = isset($_REQUEST['type']) ? (int) preg_replace("/[^0-9]/", "", $_REQUEST['type']) : 1;
 
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/listtype.php');
     return;
 }
 
-if ($type == 1)      $g5['title'] = '히트상품';
-else if ($type == 2) $g5['title'] = '추천상품';
-else if ($type == 3) $g5['title'] = '최신상품';
-else if ($type == 4) $g5['title'] = '인기상품';
-else if ($type == 5) $g5['title'] = '할인상품';
+if ($type === 1)      $g5['title'] = '히트상품';
+else if ($type === 2) $g5['title'] = '추천상품';
+else if ($type === 3) $g5['title'] = '최신상품';
+else if ($type === 4) $g5['title'] = '인기상품';
+else if ($type === 5) $g5['title'] = '할인상품';
 else
     alert('상품유형이 아닙니다.');