Union based SQL injection 취약점 수정

2024-02-15 15:26:33 +09:00
parent 248cb2b173
commit c1c4089883
4 changed files with 13 additions and 1 deletions
--- a/adm/shop_admin/itemuselist.php
+++ b/adm/shop_admin/itemuselist.php
@ -4,6 +4,10 @@ include_once('./_common.php');

 auth_check_menu($auth, $sub_menu, "r");

+if (isset($sfl) && $sfl && !in_array($sfl, array('it_name','a.it_id','is_name'))) {
+    $sfl = '';
+}
+
 $g5['title'] = '사용후기';
 include_once (G5_ADMIN_PATH.'/admin.head.php');