From 7b220eaeb93f64872069ccdf99151e8d409617f5 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Feb 2020 12:17:36 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2019-1582,1590,1594]=EC=98=81=EC=B9=B4?=
 =?UTF-8?q?=ED=8A=B8XSS=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/couponform.php           | 2 +-
 adm/shop_admin/couponformupdate.php     | 2 +-
 adm/shop_admin/couponzoneformupdate.php | 2 +-
 adm/shop_admin/itemlistupdate.php       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/adm/shop_admin/couponform.php b/adm/shop_admin/couponform.php
index e29cff8ea..eee8f45f7 100644
--- a/adm/shop_admin/couponform.php
+++ b/adm/shop_admin/couponform.php
@@ -52,7 +52,7 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
     <tr>
         <th scope="row"><label for="cp_subject">쿠폰이름</label></th>
         <td>
-            <input type="text" name="cp_subject" value="<?php echo stripslashes($cp['cp_subject']); ?>" id="cp_subject" required class="required frm_input" size="50">
+            <input type="text" name="cp_subject" value="<?php echo get_sanitize_input($cp['cp_subject']); ?>" id="cp_subject" required class="required frm_input" size="50">
         </td>
     </tr>
     <tr>
diff --git a/adm/shop_admin/couponformupdate.php b/adm/shop_admin/couponformupdate.php
index 295dc8964..16045a893 100644
--- a/adm/shop_admin/couponformupdate.php
+++ b/adm/shop_admin/couponformupdate.php
@@ -24,7 +24,7 @@ $check_sanitize_keys = array(
 );
 
 foreach( $check_sanitize_keys as $key ){
-    $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
+    $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
 }
 
 if(!$_POST['cp_subject'])
diff --git a/adm/shop_admin/couponzoneformupdate.php b/adm/shop_admin/couponzoneformupdate.php
index e14ecc213..864bccf96 100644
--- a/adm/shop_admin/couponzoneformupdate.php
+++ b/adm/shop_admin/couponzoneformupdate.php
@@ -28,7 +28,7 @@ $check_sanitize_keys = array(
 );
 
 foreach( $check_sanitize_keys as $key ){
-    $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
+    $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
 }
 
 if(!$_POST['cz_subject'])
diff --git a/adm/shop_admin/itemlistupdate.php b/adm/shop_admin/itemlistupdate.php
index 02c1d827b..83a6fc6f4 100644
--- a/adm/shop_admin/itemlistupdate.php
+++ b/adm/shop_admin/itemlistupdate.php
@@ -26,7 +26,7 @@ if ($_POST['act_button'] == "선택수정") {
         $p_ca_id = is_array($_POST['ca_id']) ? strip_tags($_POST['ca_id'][$k]) : '';
         $p_ca_id2 = is_array($_POST['ca_id2']) ? strip_tags($_POST['ca_id2'][$k]) : '';
         $p_ca_id3 = is_array($_POST['ca_id3']) ? strip_tags($_POST['ca_id3'][$k]) : '';
-        $p_it_name = is_array($_POST['it_name']) ? strip_tags($_POST['it_name'][$k]) : '';
+        $p_it_name = is_array($_POST['it_name']) ? strip_tags(clean_xss_attributes($_POST['it_name'][$k])) : '';
         $p_it_cust_price = is_array($_POST['it_cust_price']) ? strip_tags($_POST['it_cust_price'][$k]) : '';
         $p_it_price = is_array($_POST['it_price']) ? strip_tags($_POST['it_price'][$k]) : '';
         $p_it_stock_qty = is_array($_POST['it_stock_qty']) ? strip_tags($_POST['it_stock_qty'][$k]) : '';