[KVE-2018-2443] 영카트 SQL Injection 취약점 수정
This commit is contained in:
@ -4,6 +4,7 @@ include_once('../common.php');
|
||||
if (isset($_REQUEST['sort'])) {
|
||||
$sort = trim($_REQUEST['sort']);
|
||||
$sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
|
||||
$sort = preg_replace("/(--|#|\/\*|\*\/)/", "", $sort);
|
||||
} else {
|
||||
$sort = '';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user