From a7900022219dcbdd6bd788e92bf62862cd84fd41 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 2 Mar 2020 20:49:26 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-0047]=EC=98=81=EC=B9=B4=ED=8A=B8XSS?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/orderform.php       |  6 +++---
 adm/shop_admin/orderformupdate.php | 10 ++++++----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/adm/shop_admin/orderform.php b/adm/shop_admin/orderform.php
index 8489d71b1..8b0308f81 100644
--- a/adm/shop_admin/orderform.php
+++ b/adm/shop_admin/orderform.php
@@ -928,7 +928,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
                     <th scope="row"><span class="sound_only">주문하시는 분 </span>주소</th>
                     <td>
                         <label for="od_zip" class="sound_only">우편번호</label>
-                        <input type="text" name="od_zip" value="<?php echo $od['od_zip1'].$od['od_zip2']; ?>" id="od_zip" required class="frm_input required" size="5">
+                        <input type="text" name="od_zip" value="<?php echo get_text($od['od_zip1']).get_text($od['od_zip2']); ?>" id="od_zip" required class="frm_input required" size="5">
                         <button type="button" class="btn_frmline" onclick="win_zip('frmorderform3', 'od_zip', 'od_addr1', 'od_addr2', 'od_addr3', 'od_addr_jibeon');">주소 검색</button><br>
                         <span id="od_win_zip" style="display:block"></span>
                         <input type="text" name="od_addr1" value="<?php echo get_text($od['od_addr1']); ?>" id="od_addr1" required class="frm_input required" size="35">
@@ -943,7 +943,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
                 </tr>
                 <tr>
                     <th scope="row"><label for="od_email"><span class="sound_only">주문하신 분 </span>E-mail</label></th>
-                    <td><input type="text" name="od_email" value="<?php echo $od['od_email']; ?>" id="od_email" required class="frm_input email required" size="30"></td>
+                    <td><input type="text" name="od_email" value="<?php echo $od['od_email']; ?>" id="od_email" required class="frm_input required" size="30"></td>
                 </tr>
                 <tr>
                     <th scope="row"><span class="sound_only">주문하신 분 </span>IP Address</th>
@@ -981,7 +981,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
                     <th scope="row"><span class="sound_only">받으시는 분 </span>주소</th>
                     <td>
                         <label for="od_b_zip" class="sound_only">우편번호</label>
-                        <input type="text" name="od_b_zip" value="<?php echo $od['od_b_zip1'].$od['od_b_zip2']; ?>" id="od_b_zip" required class="frm_input required" size="5">
+                        <input type="text" name="od_b_zip" value="<?php echo get_text($od['od_b_zip1']).get_text($od['od_b_zip2']); ?>" id="od_b_zip" required class="frm_input required" size="5">
                         <button type="button" class="btn_frmline" onclick="win_zip('frmorderform3', 'od_b_zip', 'od_b_addr1', 'od_b_addr2', 'od_b_addr3', 'od_b_addr_jibeon');">주소 검색</button><br>
                         <input type="text" name="od_b_addr1" value="<?php echo get_text($od['od_b_addr1']); ?>" id="od_b_addr1" required class="frm_input required" size="35">
                         <label for="od_b_addr1">기본주소</label>
diff --git a/adm/shop_admin/orderformupdate.php b/adm/shop_admin/orderformupdate.php
index 8aa5f5989..c9c6fbc3a 100644
--- a/adm/shop_admin/orderformupdate.php
+++ b/adm/shop_admin/orderformupdate.php
@@ -7,10 +7,11 @@ check_admin_token();
 $od_shop_memo = strip_tags($od_shop_memo);
 
 if($_POST['mod_type'] == 'info') {
-    $od_zip1   = substr($_POST['od_zip'], 0, 3);
-    $od_zip2   = substr($_POST['od_zip'], 3);
-    $od_b_zip1 = substr($_POST['od_b_zip'], 0, 3);
-    $od_b_zip2 = substr($_POST['od_b_zip'], 3);
+    $od_zip1   = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3));
+    $od_zip2   = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3));
+    $od_b_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3));
+    $od_b_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3));
+    $od_email = strip_tags(clean_xss_attributes($od_email));
 
     $sql = " update {$g5['g5_shop_order_table']}
                 set od_name = '$od_name',
@@ -32,6 +33,7 @@ if($_POST['mod_type'] == 'info') {
                     od_b_addr2 = '$od_b_addr2',
                     od_b_addr3 = '$od_b_addr3',
                     od_b_addr_jibeon = '$od_b_addr_jibeon' ";
+
     if ($default['de_hope_date_use'])
         $sql .= " , od_hope_date = '$od_hope_date' ";
 } else {