From b6d9260f3a7bdab584f08bf53e3836b8a007c61b Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Feb 2019 12:19:19 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2018-2443]=20=EC=98=81=EC=B9=B4=ED=8A=B8?=
 =?UTF-8?q?=20SQL=20Injection=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/list.php | 5 +++++
 shop/_common.php     | 1 +
 shop/list.php        | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/mobile/shop/list.php b/mobile/shop/list.php
index 9ae99635b..b3232c48a 100644
--- a/mobile/shop/list.php
+++ b/mobile/shop/list.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 
+// 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
+if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
+    $sort='';
+}
+
 $sql = " select *
            from {$g5['g5_shop_category_table']}
           where ca_id = '$ca_id'
diff --git a/shop/_common.php b/shop/_common.php
index 31f78b72c..39a9469c8 100644
--- a/shop/_common.php
+++ b/shop/_common.php
@@ -4,6 +4,7 @@ include_once('../common.php');
 if (isset($_REQUEST['sort']))  {
     $sort = trim($_REQUEST['sort']);
     $sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
+    $sort = preg_replace("/(--|#|\/\*|\*\/)/", "", $sort);
 } else {
     $sort = '';
 }
diff --git a/shop/list.php b/shop/list.php
index 7b9fdc706..5a3188318 100644
--- a/shop/list.php
+++ b/shop/list.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 
+// 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
+if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
+    $sort='';
+}
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/list.php');
     return;