firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0829 영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-05-24 18:40:02 +09:00
parent 6b2e0e9b58
commit a0fa82eabe
10 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
adm/shop_admin/itemeventformupdate.php
View File

@ -26,6 +26,7 @@ $skin_regex_patten = "^list.[0-9]+\.skin\.php";
$ev_skin = (preg_match("/$skin_regex_patten/", $ev_skin) && file_exists(G5_SHOP_SKIN_PATH.'/'.$ev_skin)) ? $ev_skin : '';
$ev_mobile_skin = (preg_match("/$skin_regex_patten/", $ev_mobile_skin) && file_exists(G5_MSHOP_SKIN_PATH.'/'.$ev_mobile_skin)) ? $ev_mobile_skin : '';
$ev_subject = strip_tags($ev_subject);
$sql_common = " set ev_skin = '$ev_skin',
ev_mobile_skin = '$ev_mobile_skin',