영카트 원격 코드 실행 취약점 수정(2017-1050)

2018-03-15 14:20:06 +09:00
parent 7017ee2dc2
commit 91a3ca9f8a
5 changed files with 10 additions and 4 deletions
--- a/shop/itemqaformupdate.php
+++ b/shop/itemqaformupdate.php
@ -8,6 +8,7 @@ if (!$is_member) {
 $iq_id = (int) trim($_REQUEST['iq_id']);
 $iq_subject = trim($_POST['iq_subject']);
 $iq_question = trim($_POST['iq_question']);
+$iq_question = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $iq_question);
 $iq_answer = trim($_POST['iq_answer']);
 $hash = trim($_REQUEST['hash']);
 $get_editor_img_mode = $config['cf_editor'] ? false : true;