From bf75dc1d97178ad6ad4f557317866a2b20e32582 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Mar 2019 09:37:48 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2019-0567,=200657=20XSS=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/event.php | 2 ++
 shop/event.php        | 2 ++
 shop/orderform.php    | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/mobile/shop/event.php b/mobile/shop/event.php
index d690164b6..74dfd2836 100644
--- a/mobile/shop/event.php
+++ b/mobile/shop/event.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 $sql = " select * from {$g5['g5_shop_event_table']}
           where ev_id = '$ev_id'
             and ev_use = 1 ";
diff --git a/shop/event.php b/shop/event.php
index dd372a3d6..c78b1ba8d 100644
--- a/shop/event.php
+++ b/shop/event.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/event.php');
     return;
diff --git a/shop/orderform.php b/shop/orderform.php
index 14b51933b..84c59ae34 100644
--- a/shop/orderform.php
+++ b/shop/orderform.php
@@ -7,6 +7,8 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
 // 주문상품 재고체크 js 파일
 add_javascript('<script src="'.G5_JS_URL.'/shop.order.js"></script>', 0);
 
+$sw_direct = preg_replace('/[^a-z0-9_]/i', '', $sw_direct);
+
 // 모바일 주문인지
 $is_mobile_order = is_mobile();