필터링 코드 추가

shop/cartoption.php

@@ -1,7 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_POST['it_id'];
+$pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#i';
+$it_id  = preg_replace($pattern, '', $_POST['it_id']);
 
 $sql = " select * from {$g5['g5_shop_item_table']} where it_id = '$it_id' and it_use = '1' ";
 $it = sql_fetch($sql);

shop/itemoption.php

@@ -1,10 +1,12 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_POST['it_id'];
+$pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#i';
-$opt_id = $_POST['opt_id'];
+
-$idx = $_POST['idx'];
+$it_id  = preg_replace($pattern, '', $_POST['it_id']);
-$sel_count = $_POST['sel_count'];
+$opt_id = preg_replace($pattern, '', $_POST['opt_id']);
+$idx    = preg_replace('#[^0-9]#', '', $_POST['idx']);
+$sel_count = preg_replace('#[^0-9]#', '', $_POST['sel_count']);
 
 $sql = " select * from {$g5['g5_shop_item_option_table']}
                 where io_type = '0'

shop/ordercoupon.php

@@ -4,7 +4,7 @@ include_once('./_common.php');
 if($is_guest)
     exit;
 
-$price = (int)$_POST['price'];
+$price = (int)preg_replace('#[^0-9]#', '', $_POST['price']);
 
 if($price <= 0)
     die('상품금액이 0원이므로 쿠폰을 사용할 수 없습니다.');

shop/orderitemcoupon.php

@@ -5,7 +5,8 @@ if($is_guest)
     exit;
 
 // 상품정보
-$it_id = $_POST['it_id'];
+$pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#i';
+$it_id  = preg_replace($pattern, '', $_POST['it_id']);
 $sw_direct = $_POST['sw_direct'];
 $sql = " select it_id, ca_id, ca_id2, ca_id3 from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
 $it = sql_fetch($sql);

shop/ordersendcostcoupon.php

@@ -4,8 +4,8 @@ include_once('./_common.php');
 if($is_guest)
     exit;
 
-$price = $_POST['price'];
+$price = preg_replace('#[^0-9]#', '', $_POST['price']);
-$send_cost = $_POST['send_cost'];
+$send_cost = preg_replace('#[^0-9]#', '', $_POST['send_cost']);
 
 // 쿠폰정보
 $sql = " select *