From 74c59452b7ec686f45e54ed59dda831132523bd6 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 20 Apr 2018 11:50:56 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20Stored=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EB=B0=8F=20=ED=8C=8C=EC=9D=BC=20?=
 =?UTF-8?q?=EC=97=85=EB=A1=9C=EB=93=9C=20=EC=B7=A8=EC=95=BD=EC=A0=90=20(KV?=
 =?UTF-8?q?E-2018-0215,=202018-0342)=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/couponzoneformupdate.php | 11 +++++++++++
 shop/itemqaform.php                     |  2 +-
 shop/itemuseform.php                    |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/adm/shop_admin/couponzoneformupdate.php b/adm/shop_admin/couponzoneformupdate.php
index a45e3b8b1..98ce2ca43 100644
--- a/adm/shop_admin/couponzoneformupdate.php
+++ b/adm/shop_admin/couponzoneformupdate.php
@@ -29,6 +29,17 @@ if($_POST['cz_type'] && !$_POST['cz_point'])
 if(!$_POST['cz_period'])
     alert('쿠폰사용기한을 입력해 주십시오.');
 
+if( isset($_FILES['cp_img']) && !empty($_FILES['cp_img']['name']) ){
+    if( !preg_match('/\.(gif|jpe?g|bmp|png)$/i', $_FILES['cp_img']['name']) ){
+        alert("이미지 파일만 업로드 할수 있습니다.");
+    }
+
+    $timg = @getimagesize($_FILES['cp_img']['tmp_name']);
+    if ($timg['2'] < 1 || $timg['2'] > 16){
+        alert("이미지 파일만 업로드 할수 있습니다.");
+    }
+}
+
 if($_POST['cp_method'] == 0 && !$_POST['cp_target'])
     alert('적용상품을 입력해 주십시오.');
 
diff --git a/shop/itemqaform.php b/shop/itemqaform.php
index b488f590a..955be79c7 100644
--- a/shop/itemqaform.php
+++ b/shop/itemqaform.php
@@ -53,7 +53,7 @@ $is_dhtml_editor = false;
 if ($config['cf_editor'] && (!is_mobile() || defined('G5_IS_MOBILE_DHTML_USE') && G5_IS_MOBILE_DHTML_USE)) {
     $is_dhtml_editor = true;
 }
-$editor_html = editor_html('iq_question', get_text($qa['iq_question'], 0), $is_dhtml_editor);
+$editor_html = editor_html('iq_question', get_text(html_purifier($qa['iq_question']), 0), $is_dhtml_editor);
 $editor_js = '';
 $editor_js .= get_editor_js('iq_question', $is_dhtml_editor);
 $editor_js .= chk_editor_js('iq_question', $is_dhtml_editor);
diff --git a/shop/itemuseform.php b/shop/itemuseform.php
index f97d19529..9ecbaee49 100644
--- a/shop/itemuseform.php
+++ b/shop/itemuseform.php
@@ -48,7 +48,7 @@ $is_dhtml_editor = false;
 if ($config['cf_editor'] && (!is_mobile() || defined('G5_IS_MOBILE_DHTML_USE') && G5_IS_MOBILE_DHTML_USE)) {
     $is_dhtml_editor = true;
 }
-$editor_html = editor_html('is_content', get_text($use['is_content'], 0), $is_dhtml_editor);
+$editor_html = editor_html('is_content', get_text(html_purifier($use['is_content']), 0), $is_dhtml_editor);
 $editor_js = '';
 $editor_js .= get_editor_js('is_content', $is_dhtml_editor);
 $editor_js .= chk_editor_js('is_content', $is_dhtml_editor);