[KVE-2019-1158,1159]영카트_XSS_취약점 수정

2019-08-07 11:35:15 +09:00
parent 1ac74cf88e
commit 92f2f9100e
2 changed files with 9 additions and 9 deletions
--- a/shop/lg/returnurl.php
+++ b/shop/lg/returnurl.php
@ -28,8 +28,8 @@ $payReqMap = $_SESSION['PAYREQ_MAP'];//결제 요청시, Session에 저장했던
 </head>
 <body onload="setLGDResult()">
 <?php
-  $LGD_RESPCODE = $_POST['LGD_RESPCODE'];
-  $LGD_RESPMSG 	= $_POST['LGD_RESPMSG'];
+  $LGD_RESPCODE = clean_xss_tags(strip_tags($_POST['LGD_RESPCODE']));
+  $LGD_RESPMSG 	= clean_xss_tags(strip_tags($_POST['LGD_RESPMSG']));
  $LGD_PAYKEY	= '';

  $payReqMap['LGD_RESPCODE'] = $LGD_RESPCODE;