[KVE-2019-1365]영카트XSS취약점 수정

2019-09-30 17:59:02 +09:00
parent 545efd6c2f
commit 928bf61853
2 changed files with 3 additions and 1 deletions
--- a/adm/shop_admin/orderform.php
+++ b/adm/shop_admin/orderform.php
@ -876,7 +876,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js

    <div class="tbl_wrap">
        <label for="od_shop_memo" class="sound_only">상점메모</label>
-        <textarea name="od_shop_memo" id="od_shop_memo" rows="8"><?php echo stripslashes($od['od_shop_memo']); ?></textarea>
+        <textarea name="od_shop_memo" id="od_shop_memo" rows="8"><?php echo html_purifier(stripslashes($od['od_shop_memo'])); ?></textarea>
    </div>

    <div class="btn_confirm01 btn_confirm">
--- a/adm/shop_admin/orderformupdate.php
+++ b/adm/shop_admin/orderformupdate.php
@ -4,6 +4,8 @@ include_once('./_common.php');

 check_admin_token();

+$od_shop_memo = strip_tags($od_shop_memo);
+
 if($_POST['mod_type'] == 'info') {
    $od_zip1   = substr($_POST['od_zip'], 0, 3);
    $od_zip2   = substr($_POST['od_zip'], 3);