KVE-2019-0567, 0657 XSS 취약점 수정

mobile/shop/event.php

@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 $sql = " select * from {$g5['g5_shop_event_table']}
           where ev_id = '$ev_id'
             and ev_use = 1 ";

shop/event.php

@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/event.php');
     return;

shop/orderform.php

@@ -7,6 +7,8 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
 // 주문상품 재고체크 js 파일
 add_javascript('<script src="'.G5_JS_URL.'/shop.order.js"></script>', 0);
 
+$sw_direct = preg_replace('/[^a-z0-9_]/i', '', $sw_direct);
+
 // 모바일 주문인지
 $is_mobile_order = is_mobile();