From 9aa028221cba8ce20bbf09260c2454e2d3d1ebd3 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 18 Oct 2017 17:02:45 +0900
Subject: [PATCH] =?UTF-8?q?=EC=84=A0=ED=83=9D=EC=98=B5=EC=85=98=20?=
 =?UTF-8?q?=ED=95=84=ED=84=B0=EB=A7=81=20=EA=B5=AC=EB=AC=B8=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shop/itemoption.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shop/itemoption.php b/shop/itemoption.php
index 928ccac77..ceb918b66 100644
--- a/shop/itemoption.php
+++ b/shop/itemoption.php
@@ -4,7 +4,8 @@ include_once('./_common.php');
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
 
 $it_id  = preg_replace($pattern, '', $_POST['it_id']);
-$opt_id = preg_replace($pattern, '', $_POST['opt_id']);
+//$opt_id = preg_replace($pattern, '', $_POST['opt_id']);
+$opt_id = addslashes(sql_real_escape_string(preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id'])));
 $idx    = preg_replace('#[^0-9]#', '', $_POST['idx']);
 $sel_count = preg_replace('#[^0-9]#', '', $_POST['sel_count']);