diff --git a/adm/shop_admin/couponformupdate.php b/adm/shop_admin/couponformupdate.php
index 02f58835b..96738f9bb 100644
--- a/adm/shop_admin/couponformupdate.php
+++ b/adm/shop_admin/couponformupdate.php
@@ -8,6 +8,25 @@ check_admin_token();
$_POST = array_map('trim', $_POST);
+$check_sanitize_keys = array(
+'cp_subject', // 쿠폰이름
+'cp_method', // 쿠폰종류
+'cp_target', // 적용상품
+'mb_id', // 회원아이디
+'cp_start', // 사용시작일
+'cp_end', // 사용종료일
+'cp_type', // 쿠폰타입
+'cp_price', // 할인금액
+'cp_type', // 할인금액타입
+'cp_trunc', // 절사금액
+'cp_minimum', // 최소주문금액
+'cp_maximum', // 최대할인금액
+);
+
+foreach( $check_sanitize_keys as $key ){
+ $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
+}
+
if(!$_POST['cp_subject'])
alert('쿠폰이름을 입력해 주십시오.');
diff --git a/adm/shop_admin/couponlist_delete.php b/adm/shop_admin/couponlist_delete.php
index 81dadd43d..de03e7591 100644
--- a/adm/shop_admin/couponlist_delete.php
+++ b/adm/shop_admin/couponlist_delete.php
@@ -17,7 +17,7 @@ for ($i=0; $i<$count; $i++)
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
- $sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '{$_POST['cp_id'][$k]}' ";
+ $sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['cp_id'][$k])."' ";
sql_query($sql);
}
diff --git a/adm/shop_admin/couponzoneformupdate.php b/adm/shop_admin/couponzoneformupdate.php
index 98ce2ca43..fbaa7cbf7 100644
--- a/adm/shop_admin/couponzoneformupdate.php
+++ b/adm/shop_admin/couponzoneformupdate.php
@@ -11,6 +11,26 @@ check_admin_token();
$_POST = array_map('trim', $_POST);
+$check_sanitize_keys = array(
+'cz_subject', // 쿠폰이름
+'cz_type', // 발행쿠폰타입
+'cz_start', // 사용시작일
+'cz_end', // 사용종료일
+'cz_period', // 쿠폰사용기한
+'cz_point', // 쿠폰교환 포인트
+'cp_method', // 발급쿠폰종류
+'cp_target', // 적용상품
+'cp_price', // 할인금액
+'cp_type', // 할인금액타입
+'cp_trunc', // 절사금액
+'cp_minimum', // 최소주문금액
+'cp_maximum', // 최대할인금액
+);
+
+foreach( $check_sanitize_keys as $key ){
+ $$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
+}
+
if(!$_POST['cz_subject'])
alert('쿠폰이름을 입력해 주십시오.');
diff --git a/adm/shop_admin/itemeventform.php b/adm/shop_admin/itemeventform.php
index 0425c6eb0..a2f9d6a37 100644
--- a/adm/shop_admin/itemeventform.php
+++ b/adm/shop_admin/itemeventform.php
@@ -309,13 +309,13 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
| 상단내용 |
-
+
|
| 하단내용 |
-
+
|
diff --git a/adm/shop_admin/itemeventformupdate.php b/adm/shop_admin/itemeventformupdate.php
index d1346f29a..c4d0da73c 100644
--- a/adm/shop_admin/itemeventformupdate.php
+++ b/adm/shop_admin/itemeventformupdate.php
@@ -26,6 +26,7 @@ $skin_regex_patten = "^list.[0-9]+\.skin\.php";
$ev_skin = (preg_match("/$skin_regex_patten/", $ev_skin) && file_exists(G5_SHOP_SKIN_PATH.'/'.$ev_skin)) ? $ev_skin : '';
$ev_mobile_skin = (preg_match("/$skin_regex_patten/", $ev_mobile_skin) && file_exists(G5_MSHOP_SKIN_PATH.'/'.$ev_mobile_skin)) ? $ev_mobile_skin : '';
+$ev_subject = strip_tags($ev_subject);
$sql_common = " set ev_skin = '$ev_skin',
ev_mobile_skin = '$ev_mobile_skin',
diff --git a/adm/shop_admin/sendcostupdate.php b/adm/shop_admin/sendcostupdate.php
index e43e54692..a5c179b85 100644
--- a/adm/shop_admin/sendcostupdate.php
+++ b/adm/shop_admin/sendcostupdate.php
@@ -18,11 +18,11 @@ if($w == 'd') {
for($i=0; $i<$count; $i++) {
$k = $_POST['chk'][$i];
- $sc_id = $_POST['sc_id'][$k];
+ $sc_id = (int) $_POST['sc_id'][$k];
sql_query(" delete from {$g5['g5_shop_sendcost_table']} where sc_id = '$sc_id' ");
}
} else {
- $sc_name = trim($_POST['sc_name']);
+ $sc_name = trim(strip_tags($_POST['sc_name']));
$sc_zip1 = preg_replace('/[^0-9]/', '', $_POST['sc_zip1']);
$sc_zip2 = preg_replace('/[^0-9]/', '', $_POST['sc_zip2']);
$sc_price = preg_replace('/[^0-9]/', '', $_POST['sc_price']);
diff --git a/mobile/skin/member/basic/login.skin.php b/mobile/skin/member/basic/login.skin.php
index c2be419b5..e2a18a8ea 100644
--- a/mobile/skin/member/basic/login.skin.php
+++ b/mobile/skin/member/basic/login.skin.php
@@ -55,7 +55,7 @@ add_stylesheet('',
-
+
diff --git a/skin/member/basic/login.skin.php b/skin/member/basic/login.skin.php
index 8e33d0d76..face08c59 100644
--- a/skin/member/basic/login.skin.php
+++ b/skin/member/basic/login.skin.php
@@ -53,7 +53,7 @@ add_stylesheet('',
-
+
diff --git a/theme/basic/mobile/skin/member/basic/login.skin.php b/theme/basic/mobile/skin/member/basic/login.skin.php
index 3ba92abd5..5c1ac2e82 100644
--- a/theme/basic/mobile/skin/member/basic/login.skin.php
+++ b/theme/basic/mobile/skin/member/basic/login.skin.php
@@ -55,7 +55,7 @@ add_stylesheet('',
-
+
diff --git a/theme/basic/skin/member/basic/login.skin.php b/theme/basic/skin/member/basic/login.skin.php
index 8e33d0d76..face08c59 100644
--- a/theme/basic/skin/member/basic/login.skin.php
+++ b/theme/basic/skin/member/basic/login.skin.php
@@ -53,7 +53,7 @@ add_stylesheet('',
-
+