From a2cf2747bb8d4a5efcc4ff7a9e6fd92ec97d17ce Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Sat, 9 Jan 2021 17:19:31 +0900
Subject: [PATCH] =?UTF-8?q?PHP8=20=EB=B2=84=EC=A0=84=EC=97=90=EC=84=9C=20?=
 =?UTF-8?q?=EA=B2=BD=EA=B3=A0=20=ED=91=9C=EC=8B=9C=EA=B0=80=20=EB=9C=A8?=
 =?UTF-8?q?=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/itemcopy.php              |  3 ++-
 adm/shop_admin/itemcopyupdate.php        | 21 ++++++++++++++-------
 adm/shop_admin/itemdelete.inc.php        |  6 ++++--
 adm/shop_admin/itemevent.php             |  3 ++-
 adm/shop_admin/itemeventform.php         |  2 +-
 adm/shop_admin/personalpaylistdelete.php |  2 +-
 shop/item.php                            |  2 ++
 7 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/adm/shop_admin/itemcopy.php b/adm/shop_admin/itemcopy.php
index f1b8cd9ba..3b035889e 100644
--- a/adm/shop_admin/itemcopy.php
+++ b/adm/shop_admin/itemcopy.php
@@ -2,7 +2,8 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
-$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+$ca_id = isset($_REQUEST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_REQUEST['ca_id']) : '';
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
 
 auth_check_menu($auth, $sub_menu, "r");
 
diff --git a/adm/shop_admin/itemcopyupdate.php b/adm/shop_admin/itemcopyupdate.php
index b647a08b3..ac906ae20 100644
--- a/adm/shop_admin/itemcopyupdate.php
+++ b/adm/shop_admin/itemcopyupdate.php
@@ -6,24 +6,29 @@ auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$ca_id = isset($_REQUEST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_REQUEST['ca_id']) : '';
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 if ($is_admin != "super")
     alert("최고관리자만 접근 가능합니다.");
 
 if (!trim($it_id))
 	alert("복사할 상품코드가 없습니다.");
 
-$t_it_id = preg_replace("/[A-Za-z0-9\-_]/", "", $new_it_id);
-if($t_it_id)
+if(isset($_POST['new_it_id']) && preg_match('/[^A-Za-z0-9\-_]+/', $_POST['new_it_id']))
     alert("상품코드는 영문자, 숫자, -, _ 만 사용할 수 있습니다.");
 
+$new_it_id = isset($_REQUEST['new_it_id']) ? preg_replace("/[^A-Za-z0-9\-_]/", "", $_REQUEST['new_it_id']) : '';
+
+if( ! $new_it_id ) alert('상품코드를 입력해 주세요.');
+
 $row = sql_fetch(" select count(*) as cnt from {$g5['g5_shop_item_table']} where it_id = '$new_it_id' ");
-if ($row['cnt'])
+if (isset($row['cnt']) && $row['cnt'])
     alert('이미 존재하는 상품코드 입니다.');
 
 $sql = " select * from {$g5['g5_shop_item_table']} where it_id = '$it_id' limit 1 ";
 $cp = sql_fetch($sql);
 
-
 // 상품테이블의 필드가 추가되어도 수정하지 않도록 필드명을 추출하여 insert 퀴리를 생성한다. (상품코드만 새로운것으로 대체)
 $sql_common = "";
 $fields = sql_field_names($g5['g5_shop_item_table']);
@@ -50,9 +55,10 @@ sql_query($opt_sql);
 // html 에디터로 첨부된 이미지 파일 복사
 if($cp['it_explan']) {
     $matchs = get_editor_image($cp['it_explan'], false);
+    $count_matchs = (isset($matchs[1]) && is_array($matchs[1])) ? count($matchs[1]) : 0;
 
     // 파일의 경로를 얻어 복사
-    for($i=0;$i<count($matchs[1]);$i++) {
+    for($i=0;$i<$count_matchs;$i++) {
         $p = parse_url($matchs[1][$i]);
         if(strpos($p['path'], "/data/") != 0)
             $src_path = preg_replace("/^\/.*\/data/", "/data", $p['path']);
@@ -76,9 +82,10 @@ if($cp['it_explan']) {
 
 if($cp['it_mobile_explan']) {
     $matchs = get_editor_image($cp['it_mobile_explan'], false);
+    $count_matchs = (isset($matchs[1]) && is_array($matchs[1])) ? count($matchs[1]) : 0;
 
     // 파일의 경로를 얻어 복사
-    for($i=0;$i<count($matchs[1]);$i++) {
+    for($i=0;$i<$count_matchs;$i++) {
         $p = parse_url($matchs[1][$i]);
         if(strpos($p['path'], "/data/") != 0)
             $src_path = preg_replace("/^\/.*\/data/", "/data", $p['path']);
@@ -159,6 +166,6 @@ $sql = " update {$g5['g5_shop_item_table']}
             where it_id = '$new_it_id' ";
 sql_query($sql);
 
-$qstr = "ca_id=$ca_id&amp;sfl=$sfl&amp;sca=$sca&amp;page=$page&amp;stx=".urlencode($stx)."&amp;save_stx=".urlencode($save_stx);
+$qstr = "ca_id=$ca_id&amp;sfl=$sfl&amp;sca=$sca&amp;page=$page&amp;stx=".urlencode($stx);
 
 goto_url("itemlist.php?$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/itemdelete.inc.php b/adm/shop_admin/itemdelete.inc.php
index 17e8bb0d6..2c0837667 100644
--- a/adm/shop_admin/itemdelete.inc.php
+++ b/adm/shop_admin/itemdelete.inc.php
@@ -68,8 +68,9 @@ if (!function_exists("itemdelete")) {
         // HTML 내용에서 에디터에 올라간 이미지의 경로를 얻어 삭제함
         //------------------------------------------------------------------------
         $imgs = get_editor_image($it['it_explan'], false);
+        $count_imgs = (isset($imgs[1]) && is_array($imgs[1])) ? count($imgs[1]) : 0;
 
-        for($i=0;$i<count($imgs[1]);$i++) {
+        for($i=0;$i<$count_imgs;$i++) {
             $p = parse_url($imgs[1][$i]);
             if(strpos($p['path'], "/data/editor/") === false)
                 continue;
@@ -85,8 +86,9 @@ if (!function_exists("itemdelete")) {
         }
 
         $imgs = get_editor_image($it['it_mobile_explan'], false);
+        $count_imgs = (isset($imgs[1]) && is_array($imgs[1])) ? count($imgs[1]) : 0;
 
-        for($i=0;$i<count($imgs[1]);$i++) {
+        for($i=0;$i<$count_imgs;$i++) {
             $p = parse_url($imgs[1][$i]);
             if(strpos($p['path'], "/data/editor/") === false)
                 continue;
diff --git a/adm/shop_admin/itemevent.php b/adm/shop_admin/itemevent.php
index 12fd9deec..b5ad637da 100644
--- a/adm/shop_admin/itemevent.php
+++ b/adm/shop_admin/itemevent.php
@@ -43,7 +43,8 @@ $result = sql_query($sql);
     <?php
     for ($i=0; $row=sql_fetch_array($result); $i++) {
 
-        $href = "";
+        $href = '';
+        $href_close = '';
         $sql = " select count(ev_id) as cnt from {$g5['g5_shop_event_item_table']} where ev_id = '{$row['ev_id']}' ";
         $ev = sql_fetch($sql);
         if ($ev['cnt']) {
diff --git a/adm/shop_admin/itemeventform.php b/adm/shop_admin/itemeventform.php
index b4e2c15ae..1ec6b43c9 100644
--- a/adm/shop_admin/itemeventform.php
+++ b/adm/shop_admin/itemeventform.php
@@ -26,7 +26,7 @@ if ($w == "u")
 
     $sql = " select * from {$g5['g5_shop_event_table']} where ev_id = '$ev_id' ";
     $ev = sql_fetch($sql);
-    if (!$ev['ev_id'])
+    if (! (isset($ev['ev_id']) && $ev['ev_id']))
         alert("등록된 자료가 없습니다.");
 
     // 등록된 이벤트 상품
diff --git a/adm/shop_admin/personalpaylistdelete.php b/adm/shop_admin/personalpaylistdelete.php
index cf1763aee..9bf45cb10 100644
--- a/adm/shop_admin/personalpaylistdelete.php
+++ b/adm/shop_admin/personalpaylistdelete.php
@@ -8,7 +8,7 @@ auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) ? 0;
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 if(!$count)
     alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
diff --git a/shop/item.php b/shop/item.php
index 1b3b0c003..673a1f2b4 100644
--- a/shop/item.php
+++ b/shop/item.php
@@ -205,6 +205,8 @@ $is_orderable = true;
 if(!$it['it_use'] || $it['it_tel_inq'] || $is_soldout)
     $is_orderable = false;
 
+$option_item = $supply_item = '';
+
 if($is_orderable) {
     if(defined('G5_THEME_USE_OPTIONS_TRTD') && G5_THEME_USE_OPTIONS_TRTD){
         $option_item = get_item_options($it['it_id'], $it['it_option_subject'], '');