firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

옵션정보를 이용한 SQL Injection 취약점(16-682) 수정

Browse Source
This commit is contained in:
chicpro
2016-09-06 14:46:36 +09:00
parent 78a11a5230
commit 73bb020487
5 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/shop_admin/itemformupdate.php
View File

@ -214,6 +214,8 @@ if($option_count) {
// 옵션명
$opt1_cnt = $opt2_cnt = $opt3_cnt = 0;
for($i=0; $i<$option_count; $i++) {
$_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id'][$i]);
$opt_val = explode(chr(30), $_POST['opt_id'][$i]);
if($opt_val[0])
$opt1_cnt++;
@ -240,6 +242,8 @@ if($supply_count) {
// 추가옵션명
$arr_spl = array();
for($i=0; $i<$supply_count; $i++) {
$_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['spl_id'][$i]);
$spl_val = explode(chr(30), $_POST['spl_id'][$i]);
if(!in_array($spl_val[0], $arr_spl))
$arr_spl[] = $spl_val[0];