firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

옵션정보를 이용한 SQL Injection 취약점(16-682) 수정

Browse Source
This commit is contained in:
chicpro
2016-09-06 14:46:36 +09:00
parent 78a11a5230
commit 73bb020487
5 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/shop_admin/itemsupply.php
View File

@ -84,8 +84,8 @@ if($ps_run) {
} // for
} else {
for($i=0; $i<$subject_count; $i++) {
$spl_subject = preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['subject'][$i])));
$spl_val = explode(',', preg_replace('/[\'\"]/', '', trim(stripslashes($_POST['supply'][$i]))));
$spl_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i])));
$spl_val = explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i]))));
$spl_count = count($spl_val);
for($j=0; $j<$spl_count; $j++) {