[KVE-2020-0047]영카트XSS취약점 수정
This commit is contained in:
thisgun
@ -928,7 +928,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
|
||||
<th scope="row"><span class="sound_only">주문하시는 분 </span>주소</th>
|
||||
<td>
|
||||
<label for="od_zip" class="sound_only">우편번호</label>
|
||||
<input type="text" name="od_zip" value="<?php echo $od['od_zip1'].$od['od_zip2']; ?>" id="od_zip" required class="frm_input required" size="5">
|
||||
<input type="text" name="od_zip" value="<?php echo get_text($od['od_zip1']).get_text($od['od_zip2']); ?>" id="od_zip" required class="frm_input required" size="5">
|
||||
<button type="button" class="btn_frmline" onclick="win_zip('frmorderform3', 'od_zip', 'od_addr1', 'od_addr2', 'od_addr3', 'od_addr_jibeon');">주소 검색</button><br>
|
||||
<span id="od_win_zip" style="display:block"></span>
|
||||
<input type="text" name="od_addr1" value="<?php echo get_text($od['od_addr1']); ?>" id="od_addr1" required class="frm_input required" size="35">
|
||||
@ -943,7 +943,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="od_email"><span class="sound_only">주문하신 분 </span>E-mail</label></th>
|
||||
<td><input type="text" name="od_email" value="<?php echo $od['od_email']; ?>" id="od_email" required class="frm_input email required" size="30"></td>
|
||||
<td><input type="text" name="od_email" value="<?php echo $od['od_email']; ?>" id="od_email" required class="frm_input required" size="30"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><span class="sound_only">주문하신 분 </span>IP Address</th>
|
||||
@ -981,7 +981,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
|
||||
<th scope="row"><span class="sound_only">받으시는 분 </span>주소</th>
|
||||
<td>
|
||||
<label for="od_b_zip" class="sound_only">우편번호</label>
|
||||
<input type="text" name="od_b_zip" value="<?php echo $od['od_b_zip1'].$od['od_b_zip2']; ?>" id="od_b_zip" required class="frm_input required" size="5">
|
||||
<input type="text" name="od_b_zip" value="<?php echo get_text($od['od_b_zip1']).get_text($od['od_b_zip2']); ?>" id="od_b_zip" required class="frm_input required" size="5">
|
||||
<button type="button" class="btn_frmline" onclick="win_zip('frmorderform3', 'od_b_zip', 'od_b_addr1', 'od_b_addr2', 'od_b_addr3', 'od_b_addr_jibeon');">주소 검색</button><br>
|
||||
<input type="text" name="od_b_addr1" value="<?php echo get_text($od['od_b_addr1']); ?>" id="od_b_addr1" required class="frm_input required" size="35">
|
||||
<label for="od_b_addr1">기본주소</label>
|
||||
|
||||
@ -7,10 +7,11 @@ check_admin_token();
|
||||
$od_shop_memo = strip_tags($od_shop_memo);
|
||||
|
||||
if($_POST['mod_type'] == 'info') {
|
||||
$od_zip1 = substr($_POST['od_zip'], 0, 3);
|
||||
$od_zip2 = substr($_POST['od_zip'], 3);
|
||||
$od_b_zip1 = substr($_POST['od_b_zip'], 0, 3);
|
||||
$od_b_zip2 = substr($_POST['od_b_zip'], 3);
|
||||
$od_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3));
|
||||
$od_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3));
|
||||
$od_b_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3));
|
||||
$od_b_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3));
|
||||
$od_email = strip_tags(clean_xss_attributes($od_email));
|
||||
|
||||
$sql = " update {$g5['g5_shop_order_table']}
|
||||
set od_name = '$od_name',
|
||||
@ -32,6 +33,7 @@ if($_POST['mod_type'] == 'info') {
|
||||
od_b_addr2 = '$od_b_addr2',
|
||||
od_b_addr3 = '$od_b_addr3',
|
||||
od_b_addr_jibeon = '$od_b_addr_jibeon' ";
|
||||
|
||||
if ($default['de_hope_date_use'])
|
||||
$sql .= " , od_hope_date = '$od_hope_date' ";
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user