From 90175ad951a165fcf569613e00723d219cddb83d Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 6 Mar 2019 18:01:22 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2019-0436=20=EC=B7=A8=EC=95=BD=EC=A0=90]?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/itemformupdate.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/adm/shop_admin/itemformupdate.php b/adm/shop_admin/itemformupdate.php
index 81613568d..2bb197940 100644
--- a/adm/shop_admin/itemformupdate.php
+++ b/adm/shop_admin/itemformupdate.php
@@ -18,6 +18,10 @@ check_admin_token();
 // input vars 체크
 check_input_vars();
 
+$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : '';
+$ca_id2 = isset($ca_id2) ? preg_replace('/[^0-9a-z]/i', '', $ca_id2) : '';
+$ca_id3 = isset($ca_id3) ? preg_replace('/[^0-9a-z]/i', '', $ca_id3) : '';
+
 // 파일정보
 if($w == "u") {
     $sql = " select it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10