firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-1574,1575,1576,1577]영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-02-13 13:48:58 +09:00
parent 7b220eaeb9
commit a47162dffa
9 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/bannerform.php
View File

@ -81,7 +81,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<th scope="row"><label for="bn_url">링크</label></th>
<td>
<?php echo help("배너클릭시 이동하는 주소입니다."); ?>
<input type="text" name="bn_url" size="80" value="<?php echo $bn['bn_url']; ?>" id="bn_url" class="frm_input">
<input type="text" name="bn_url" size="80" value="<?php echo get_sanitize_input($bn['bn_url']); ?>" id="bn_url" class="frm_input">
</td>
</tr>
<tr>

4
adm/shop_admin/bannerformupdate.php
View File

@ -34,8 +34,8 @@ if( $bn_bimg || $bn_bimg_name ){
}
}
$bn_url = clean_xss_tags($bn_url);
$bn_alt = function_exists('clean_xss_attributes') ? clean_xss_attributes(strip_tags($bn_alt)) : strip_tags($bn_alt);
$bn_url = strip_tags(clean_xss_attributes($bn_url));
$bn_alt = strip_tags(clean_xss_attributes($bn_alt));
if ($w=="")
{

6
adm/shop_admin/categoryform.php
View File

@ -184,9 +184,9 @@ else {
<th scope="row"><?php if ($is_admin == 'super') { ?><label for="ca_mb_id"><?php } ?>관리 회원아이디<?php if ($is_admin == 'super') { ?></label><?php } ?></th>
<td>
<?php if ($is_admin == 'super') { ?>
<input type="text" name="ca_mb_id" value="<?php echo $ca['ca_mb_id']; ?>" id="ca_mb_id" class="frm_input" maxlength="20">
<input type="text" name="ca_mb_id" value="<?php echo get_sanitize_input($ca['ca_mb_id']); ?>" id="ca_mb_id" class="frm_input" maxlength="20">
<?php } else { ?>
<input type="hidden" name="ca_mb_id" value="<?php echo $ca['ca_mb_id']; ?>">
<input type="hidden" name="ca_mb_id" value="<?php echo get_sanitize_input($ca['ca_mb_id']); ?>">
<?php echo $ca['ca_mb_id']; ?>
<?php } ?>
</td>
@ -306,7 +306,7 @@ else {
<th scope="row"><label for="ca_sell_email">판매자 E-mail</label></th>
<td>
<?php echo help("운영자와 판매자가 다른 경우에 사용합니다.\n이 분류에 속한 상품을 등록할 경우에 기본값으로 입력됩니다."); ?>
<input type="text" name="ca_sell_email" size="40" value="<?php echo $ca['ca_sell_email']; ?>" id="ca_sell_email" class="frm_input">
<input type="text" name="ca_sell_email" size="40" value="<?php echo get_sanitize_input($ca['ca_sell_email']); ?>" id="ca_sell_email" class="frm_input">
</td>
</tr>
<tr>

5
adm/shop_admin/categoryformupdate.php
View File

@ -48,6 +48,11 @@ foreach( $check_keys as $key ){
}
}
$check_str_keys = array('ca_name', 'ca_mb_id', 'ca_sell_email');
foreach( $check_str_keys as $key ){
$$key = $_POST[$key] = strip_tags(clean_xss_attributes($_POST[$key]));
}
$ca_include_head = $_POST['ca_include_head'];
$ca_include_tail = $_POST['ca_include_tail'];

4
adm/shop_admin/categorylistupdate.php
View File

@ -60,11 +60,11 @@ for ($i=0; $i<count($_POST['ca_id']); $i++)
}
}
$p_ca_name = is_array($_POST['ca_name']) ? strip_tags($_POST['ca_name'][$i]) : '';
$p_ca_name = is_array($_POST['ca_name']) ? strip_tags(clean_xss_attributes($_POST['ca_name'][$i])) : '';
$sql = " update {$g5['g5_shop_category_table']}
set ca_name = '".$p_ca_name."',
ca_mb_id = '".sql_real_escape_string(strip_tags($_POST['ca_mb_id'][$i]))."',
ca_mb_id = '".sql_real_escape_string(strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])))."',
ca_use = '".sql_real_escape_string(strip_tags($_POST['ca_use'][$i]))."',
ca_list_mod = '".sql_real_escape_string(strip_tags($_POST['ca_list_mod'][$i]))."',
ca_cert_use = '".sql_real_escape_string(strip_tags($_POST['ca_cert_use'][$i]))."',

22
adm/shop_admin/configform.php
View File

@ -210,57 +210,57 @@ if( function_exists('pg_setting_check') ){
<tr>
<th scope="row"><label for="de_admin_company_name">회사명</label></th>
<td>
<input type="text" name="de_admin_company_name" value="<?php echo $default['de_admin_company_name']; ?>" id="de_admin_company_name" class="frm_input" size="30">
<input type="text" name="de_admin_company_name" value="<?php echo get_sanitize_input($default['de_admin_company_name']); ?>" id="de_admin_company_name" class="frm_input" size="30">
</td>
<th scope="row"><label for="de_admin_company_saupja_no">사업자등록번호</label></th>
<td>
<input type="text" name="de_admin_company_saupja_no" value="<?php echo $default['de_admin_company_saupja_no']; ?>" id="de_admin_company_saupja_no" class="frm_input" size="30">
<input type="text" name="de_admin_company_saupja_no" value="<?php echo get_sanitize_input($default['de_admin_company_saupja_no']); ?>" id="de_admin_company_saupja_no" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="de_admin_company_owner">대표자명</label></th>
<td colspan="3">
<input type="text" name="de_admin_company_owner" value="<?php echo $default['de_admin_company_owner']; ?>" id="de_admin_company_owner" class="frm_input" size="30">
<input type="text" name="de_admin_company_owner" value="<?php echo get_sanitize_input($default['de_admin_company_owner']); ?>" id="de_admin_company_owner" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="de_admin_company_tel">대표전화번호</label></th>
<td>
<input type="text" name="de_admin_company_tel" value="<?php echo $default['de_admin_company_tel']; ?>" id="de_admin_company_tel" class="frm_input" size="30">
<input type="text" name="de_admin_company_tel" value="<?php echo get_sanitize_input($default['de_admin_company_tel']); ?>" id="de_admin_company_tel" class="frm_input" size="30">
</td>
<th scope="row"><label for="de_admin_company_fax">팩스번호</label></th>
<td>
<input type="text" name="de_admin_company_fax" value="<?php echo $default['de_admin_company_fax']; ?>" id="de_admin_company_fax" class="frm_input" size="30">
<input type="text" name="de_admin_company_fax" value="<?php echo get_sanitize_input($default['de_admin_company_fax']); ?>" id="de_admin_company_fax" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="de_admin_tongsin_no">통신판매업 신고번호</label></th>
<td>
<input type="text" name="de_admin_tongsin_no" value="<?php echo $default['de_admin_tongsin_no']; ?>" id="de_admin_tongsin_no" class="frm_input" size="30">
<input type="text" name="de_admin_tongsin_no" value="<?php echo get_sanitize_input($default['de_admin_tongsin_no']); ?>" id="de_admin_tongsin_no" class="frm_input" size="30">
</td>
<th scope="row"><label for="de_admin_buga_no">부가통신 사업자번호</label></th>
<td>
<input type="text" name="de_admin_buga_no" value="<?php echo $default['de_admin_buga_no']; ?>" id="de_admin_buga_no" class="frm_input" size="30">
<input type="text" name="de_admin_buga_no" value="<?php echo get_sanitize_input($default['de_admin_buga_no']); ?>" id="de_admin_buga_no" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="de_admin_company_zip">사업장우편번호</label></th>
<td>
<input type="text" name="de_admin_company_zip" value="<?php echo $default['de_admin_company_zip']; ?>" id="de_admin_company_zip" class="frm_input" size="10">
<input type="text" name="de_admin_company_zip" value="<?php echo get_sanitize_input($default['de_admin_company_zip']); ?>" id="de_admin_company_zip" class="frm_input" size="10">
</td>
<th scope="row"><label for="de_admin_company_addr">사업장주소</label></th>
<td>
<input type="text" name="de_admin_company_addr" value="<?php echo $default['de_admin_company_addr']; ?>" id="de_admin_company_addr" class="frm_input" size="30">
<input type="text" name="de_admin_company_addr" value="<?php echo get_sanitize_input($default['de_admin_company_addr']); ?>" id="de_admin_company_addr" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="de_admin_info_name">정보관리책임자명</label></th>
<td>
<input type="text" name="de_admin_info_name" value="<?php echo $default['de_admin_info_name']; ?>" id="de_admin_info_name" class="frm_input" size="30">
<input type="text" name="de_admin_info_name" value="<?php echo get_sanitize_input($default['de_admin_info_name']); ?>" id="de_admin_info_name" class="frm_input" size="30">
</td>
<th scope="row"><label for="de_admin_info_email">정보책임자 e-mail</label></th>
<td>
<input type="text" name="de_admin_info_email" value="<?php echo $default['de_admin_info_email']; ?>" id="de_admin_info_email" class="frm_input" size="30">
<input type="text" name="de_admin_info_email" value="<?php echo get_sanitize_input($default['de_admin_info_email']); ?>" id="de_admin_info_email" class="frm_input" size="30">
</td>
</tr>
</tbody>

2
adm/shop_admin/configformupdate.php
View File

@ -232,7 +232,7 @@ $check_sanitize_keys = array(
);
foreach( $check_sanitize_keys as $key ){
$$key = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
$$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
}
//

2
adm/shop_admin/itemform.php
View File

@ -449,7 +449,7 @@ if(!sql_query(" select it_skin from {$g5['g5_shop_item_table']} limit 1", false)
<th scope="row"><label for="it_sell_email">판매자 e-mail</label></th>
<td>
<?php echo help("운영자와 실제 판매자가 다른 경우 실제 판매자의 e-mail을 입력하면, 상품 주문 시점을 기준으로 실제 판매자에게도 주문서를 발송합니다."); ?>
<input type="text" name="it_sell_email" value="<?php echo $it['it_sell_email']; ?>" id="it_sell_email" class="frm_input" size="40">
<input type="text" name="it_sell_email" value="<?php echo get_sanitize_input($it['it_sell_email']); ?>" id="it_sell_email" class="frm_input" size="40">
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_ca_it_sell_email" value="1" id="chk_ca_it_sell_email">

2
adm/shop_admin/itemformupdate.php
View File

@ -301,7 +301,7 @@ $check_sanitize_keys = array(
);
foreach( $check_sanitize_keys as $key ){
$$key = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
$$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
}
if ($it_name == "")