firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트CSS 취약점(17-880) 수정

Browse Source
This commit is contained in:
thisgun
2017-12-05 13:44:05 +09:00
parent 09fc105d54
commit 8d3ee4903a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/shop_admin/coupontarget.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "w"); auth_check($auth[$sub_menu], "w");
$sch_target = substr($_GET['sch_target'], 0, 1); $sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
$sch_word = clean_xss_tags($_GET['sch_word']); $sch_word = clean_xss_tags($_GET['sch_word']);
if($_GET['sch_target'] == 1) { if($_GET['sch_target'] == 1) {
@ -67,7 +67,7 @@ $qstr1 = 'sch_target='.$sch_target.'&sch_word='.urlencode($sch_word);
</div> </div>
<form name="ftarget" method="get"> <form name="ftarget" method="get">
<input type="hidden" name="sch_target" value="<?php echo $_GET['sch_target']; ?>"> <input type="hidden" name="sch_target" value="<?php echo preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])); ?>">
<div id="scp_list_find"> <div id="scp_list_find">
<label for="sch_word"><?php echo $t_name; ?></label> <label for="sch_word"><?php echo $t_name; ?></label>