firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

옵션정보를 이용한 SQL Injection 취약점(16-682) 수정

Browse Source
This commit is contained in:
chicpro
2016-09-06 14:46:36 +09:00
parent 78a11a5230
commit 73bb020487
5 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adm/shop_admin/itemoption.php
View File

@ -14,13 +14,13 @@ if($it['it_id']) {
if(sql_num_rows($result))
$po_run = true;
} else if(!empty($_POST)) {
$opt1_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt1_subject'])));
$opt2_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt2_subject'])));
$opt3_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt3_subject'])));
$opt1_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject'])));
$opt2_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject'])));
$opt3_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject'])));
$opt1_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt1'])));
$opt2_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt2'])));
$opt3_val = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['opt3'])));
$opt1_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1'])));
$opt2_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2'])));
$opt3_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3'])));
if(!$opt1_subject || !$opt1_val) {
echo '옵션1과 옵션1 항목을 입력해 주십시오.';