firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0047]영카트XSS취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-03-02 20:49:26 +09:00
parent 3dbaf66ada
commit a790002221
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adm/shop_admin/orderformupdate.php
View File

@ -7,10 +7,11 @@ check_admin_token();
$od_shop_memo = strip_tags($od_shop_memo);
if($_POST['mod_type'] == 'info') {
$od_zip1 = substr($_POST['od_zip'], 0, 3);
$od_zip2 = substr($_POST['od_zip'], 3);
$od_b_zip1 = substr($_POST['od_b_zip'], 0, 3);
$od_b_zip2 = substr($_POST['od_b_zip'], 3);
$od_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3));
$od_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3));
$od_b_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3));
$od_b_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3));
$od_email = strip_tags(clean_xss_attributes($od_email));
$sql = " update {$g5['g5_shop_order_table']}
set od_name = '$od_name',
@ -32,6 +33,7 @@ if($_POST['mod_type'] == 'info') {
od_b_addr2 = '$od_b_addr2',
od_b_addr3 = '$od_b_addr3',
od_b_addr_jibeon = '$od_b_addr_jibeon' ";
if ($default['de_hope_date_use'])
$sql .= " , od_hope_date = '$od_hope_date' ";
} else {