옵션정보를 이용한 SQL Injection 취약점(16-682) 수정

2016-09-06 14:46:36 +09:00
parent 78a11a5230
commit 73bb020487
5 changed files with 19 additions and 12 deletions
--- a/adm/shop_admin/itemformupdate.php
+++ b/adm/shop_admin/itemformupdate.php
@ -214,6 +214,8 @@ if($option_count) {
    // 옵션명
    $opt1_cnt = $opt2_cnt = $opt3_cnt = 0;
    for($i=0; $i<$option_count; $i++) {
+        $_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id'][$i]);
+
        $opt_val = explode(chr(30), $_POST['opt_id'][$i]);
        if($opt_val[0])
            $opt1_cnt++;
@ -240,6 +242,8 @@ if($supply_count) {
    // 추가옵션명
    $arr_spl = array();
    for($i=0; $i<$supply_count; $i++) {
+        $_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['spl_id'][$i]);
+
        $spl_val = explode(chr(30), $_POST['spl_id'][$i]);
        if(!in_array($spl_val[0], $arr_spl))
            $arr_spl[] = $spl_val[0];
--- a/adm/shop_admin/itemoption.php
+++ b/adm/shop_admin/itemoption.php
@ -14,13 +14,13 @@ if($it['it_id']) {
    if(sql_num_rows($result))
        $po_run = true;
 } else if(!empty($_POST)) {
-    $opt1_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt1_subject'])));
-    $opt2_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt2_subject'])));
-    $opt3_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt3_subject'])));
+    $opt1_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject'])));
+    $opt2_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject'])));
+    $opt3_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject'])));

-    $opt1_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt1'])));
-    $opt2_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt2'])));
-    $opt3_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt3'])));
+    $opt1_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1'])));
+    $opt2_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2'])));
+    $opt3_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3'])));

    if(!$opt1_subject || !$opt1_val) {
        echo '옵션1과 옵션1 항목을 입력해 주십시오.';
--- a/adm/shop_admin/itemsupply.php
+++ b/adm/shop_admin/itemsupply.php
@ -84,8 +84,8 @@ if($ps_run) {
        } // for
    } else {
        for($i=0; $i<$subject_count; $i++) {
-            $spl_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['subject'][$i])));
-            $spl_val = explode(',', preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['supply'][$i]))));
+            $spl_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i])));
+            $spl_val = explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i]))));
            $spl_count = count($spl_val);

            for($j=0; $j<$spl_count; $j++) {