[KVE-2019-1424]영카트 Stored XSS 취약점 수정

adm/shop_admin/personalpayformupdate.php

@@ -4,6 +4,10 @@ include_once('./_common.php');
 
 check_admin_token();
 
+if( isset($_POST['pp_name']) ){
+	$_POST['pp_name'] = strip_tags($_POST['pp_name']);
+}
+
 if($w == 'd') {
     auth_check($auth[$sub_menu], 'd');
 

adm/shop_admin/personalpaylist.php

@@ -115,7 +115,7 @@ $colspan = 10;
             <input type="hidden" id="pp_id_<?php echo $i; ?>" name="pp_id[<?php echo $i; ?>]" value="<?php echo $row['pp_id']; ?>">
             <input type="checkbox" id="chk_<?php echo $i; ?>" name="chk[]" value="<?php echo $i; ?>" title="내역선택">
         </td>
-        <td class="td_left"><?php echo $row['pp_name']; ?></td>
+        <td class="td_left"><?php echo get_text($row['pp_name']); ?></td>
         <td class="td_odrnum3"><?php echo $od_id; ?></td>
         <td class="td_numsum"><?php echo number_format($row['pp_price']); ?></td>
         <td class="td_numincome"><?php echo number_format($row['pp_receipt_price']); ?></td>

shop/personalpayform.php

@@ -13,6 +13,8 @@ if(!$pp['pp_id'])
 if($pp['pp_tno'])
     alert('이미 결제하신 개인결제 내역입니다.');
 
+$pp['pp_name'] = strip_tags($pp['pp_name']);
+
 $g5['title'] = $pp['pp_name'].'님 개인결제';
 
 if(G5_IS_MOBILE)