Merge remote-tracking branch '그누보드/master'

2026-02-20 11:42:31 +09:00
parent 4900f86d74 ef1be317e1
commit bdf228e69d
33 changed files with 156 additions and 57 deletions
--- a/shop/naverpay/naverpay_order.php
+++ b/shop/naverpay/naverpay_order.php
@ -3,6 +3,8 @@ include_once('./_common.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');

+if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return;
+
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
 $post_naverpay_form = isset($_POST['naverpay_form']) ? clean_xss_tags($_POST['naverpay_form']) : '';

@ -98,7 +100,8 @@ for($i=0; $i<$count; $i++) {
    $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0;
    
    if( ! $it_id) continue;
-
+    if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue;
+    
    if($opt_count && $_POST['io_type'][$it_id][0] != 0)
        return_error2json('상품의 선택옵션을 선택해 주십시오.');

--- a/shop/naverpay/naverpay_wish.php
+++ b/shop/naverpay/naverpay_wish.php
@ -3,6 +3,8 @@ include_once('./_common.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');

+if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return;
+
 $count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;

 if ($count < 1)
@ -13,6 +15,8 @@ $item  = '';

 for($i=0; $i<$count; $i++) {
    $it_id = isset($_POST['it_id']) ? $_POST['it_id'][$i] : '';
+    
+    if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue;

    // 상품정보
    $it = get_shop_item($it_id, true);
--- a/shop/orderinquiryview.php
+++ b/shop/orderinquiryview.php
@ -410,13 +410,13 @@ if($od['od_pg'] == 'lg') {
                // 현금영수증 발급을 사용하는 경우에만
                if ((function_exists('shop_is_taxsave') && shop_is_taxsave($od)) || (function_exists('is_order_cashreceipt') && is_order_cashreceipt($od))) {
                    // 미수금이 없고 현금일 경우에만 현금영수증을 발급 할 수 있습니다.
-                    if ($misu_price == 0 && is_order_cashreceipt($od)) {
+                    if ($misu_price == 0) {
                ?>
                <tr>
                    <th scope="row">현금영수증</th>
                    <td>
                    <?php
-                    if ($od['od_cash'])
+                    if ($od['od_cash'] && is_order_cashreceipt($od))
                    {
                        if($od['od_pg'] == 'lg') {
                            require_once G5_SHOP_PATH.'/settle_lg.inc.php';
--- a/shop/settle_naverpay.inc.php
+++ b/shop/settle_naverpay.inc.php
@ -15,6 +15,8 @@ if(basename($_SERVER['SCRIPT_NAME']) == 'item.php') {
        return;
 }

+define('G5_SHOP_USE_NAVERPAY', 1);
+
 $naverpay_button_js = '';

 $is_mobile_order = is_mobile();
--- a/shop/toss/orderform.1.php
+++ b/shop/toss/orderform.1.php
@ -13,7 +13,7 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
 * 수정불가.
 */
 const clientKey = "<?php echo $config['cf_toss_client_key']; ?>";
-const customerKey = "<?php echo isset($member['mb_id']) ? $member['mb_id'] : ''; ?>";
+const customerKey = "<?php echo $is_member ? $member['mb_id'] : md5(get_session('ss_order_id')); ?>";
 const tossPayments = TossPayments(clientKey);

 const payment = tossPayments.payment({ customerKey });
--- a/shop/toss/toss_result.php
+++ b/shop/toss/toss_result.php
@ -16,9 +16,9 @@ $row = sql_fetch($sql);

 $data = isset($row['dt_data']) ? unserialize(base64_decode($row['dt_data'])) : array();

-$amount = isset($data['amountValue']) ? $data['amountValue'] : 0;
+$amount = isset($data['amountValue']) ? (int)$data['amountValue'] : 0;

-if ($amount <= 0) {
+if ($amount <= 0 || $amount !== (int)$order_price) {
    alert('결제금액이 올바르지 않습니다.', G5_SHOP_URL);
 }