firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0829 영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-24 18:40:02 +09:00
parent 6b2e0e9b58
commit a0fa82eabe
10 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/couponlist_delete.php
View File

@ -17,7 +17,7 @@ for ($i=0; $i<$count; $i++)
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '{$_POST['cp_id'][$k]}' ";
$sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['cp_id'][$k])."' ";
sql_query($sql);
}