From c245be09a36c4921f4deee8f7a429040f14213a6 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 23 May 2018 11:58:06 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-0300,0331,0356,0358,0370=20=EA=B7=B8?=
 =?UTF-8?q?=EB=88=84=EB=B3=B4=EB=93=9C/=EC=98=81=EC=B9=B4=ED=8A=B8=20?=
 =?UTF-8?q?=EB=8B=A4=EC=A4=91=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/inorderlistdelete.php     | 2 +-
 adm/shop_admin/itemeventlist.php         | 1 +
 adm/shop_admin/itemsellrank.php          | 1 +
 adm/shop_admin/itemstocksms.php          | 1 +
 adm/shop_admin/itemstocksmsupdate.php    | 2 --
 adm/shop_admin/optionstocklist.php       | 1 +
 adm/shop_admin/personalpaylistdelete.php | 2 +-
 adm/shop_admin/wishlist.php              | 1 +
 shop/taxsave.php                         | 6 ++++++
 9 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/adm/shop_admin/inorderlistdelete.php b/adm/shop_admin/inorderlistdelete.php
index 1f718672d..a4b75cef1 100644
--- a/adm/shop_admin/inorderlistdelete.php
+++ b/adm/shop_admin/inorderlistdelete.php
@@ -6,7 +6,7 @@ check_demo();
 
 auth_check($auth[$sub_menu], 'd');
 
-check_token();
+check_admin_token();
 
 $count = count($_POST['chk']);
 if(!$count)
diff --git a/adm/shop_admin/itemeventlist.php b/adm/shop_admin/itemeventlist.php
index 099a4a67f..7568b0cf9 100644
--- a/adm/shop_admin/itemeventlist.php
+++ b/adm/shop_admin/itemeventlist.php
@@ -6,6 +6,7 @@ auth_check($auth[$sub_menu], "r");
 
 $ev_id = preg_replace('/[^0-9]/', '', $ev_id);
 $sort1 = strip_tags($sort1);
+if (!in_array($sort1, array('a.it_id', 'it_name'))) $sort1 = "a.it_id";
 $sel_field = strip_tags($sel_field);
 $sel_ca_id = get_search_string($sel_ca_id);
 $search = get_search_string($search);
diff --git a/adm/shop_admin/itemsellrank.php b/adm/shop_admin/itemsellrank.php
index 858ed4d9d..7de79c8aa 100644
--- a/adm/shop_admin/itemsellrank.php
+++ b/adm/shop_admin/itemsellrank.php
@@ -11,6 +11,7 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 if (!$to_date) $to_date = date("Ymd", time());
 
 if ($sort1 == "") $sort1 = "ct_status_sum";
+if (!in_array($sort1, array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) $sort1 = "ct_status_sum";
 if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
 
 $doc = strip_tags($doc);
diff --git a/adm/shop_admin/itemstocksms.php b/adm/shop_admin/itemstocksms.php
index 9e567b76e..8a0dc6539 100644
--- a/adm/shop_admin/itemstocksms.php
+++ b/adm/shop_admin/itemstocksms.php
@@ -33,6 +33,7 @@ if ($search != "") {
 
 if ($sel_field == "")  $sel_field = "it_it";
 if ($sort1 == "") $sort1 = "ss_send";
+if (!in_array($sort1, array('it_id', 'ss_hp', 'ss_send', 'ss_send_time', 'ss_datetime'))) $sort1 = "ss_send";
 if ($sort2 == "" || $sort2 != "desc") $sort2 = "asc";
 
 $doc = strip_tags($doc);
diff --git a/adm/shop_admin/itemstocksmsupdate.php b/adm/shop_admin/itemstocksmsupdate.php
index 624766de5..f78ce5358 100644
--- a/adm/shop_admin/itemstocksmsupdate.php
+++ b/adm/shop_admin/itemstocksmsupdate.php
@@ -102,8 +102,6 @@ if ($_POST['act_button'] == "선택SMS전송") {
 
     auth_check($auth[$sub_menu], 'd');
 
-    check_token();
-
     for ($i=0; $i<count($_POST['chk']); $i++) {
         // 실제 번호를 넘김
         $k = $_POST['chk'][$i];
diff --git a/adm/shop_admin/optionstocklist.php b/adm/shop_admin/optionstocklist.php
index 49289aa17..d0424d031 100644
--- a/adm/shop_admin/optionstocklist.php
+++ b/adm/shop_admin/optionstocklist.php
@@ -27,6 +27,7 @@ if ($sel_ca_id != "") {
 
 if ($sel_field == "")  $sel_field = "b.it_name";
 if ($sort1 == "") $sort1 = "a.io_stock_qty";
+if (!in_array($sort1, array('b.it_name', 'a.io_stock_qty', 'a.io_use'))) $sort1 = "a.io_stock_qty";
 if ($sort2 == "") $sort2 = "asc";
 
 $sql_common = "  from {$g5['g5_shop_item_option_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id ) ";
diff --git a/adm/shop_admin/personalpaylistdelete.php b/adm/shop_admin/personalpaylistdelete.php
index f5c6bee0f..adb8eaed4 100644
--- a/adm/shop_admin/personalpaylistdelete.php
+++ b/adm/shop_admin/personalpaylistdelete.php
@@ -6,7 +6,7 @@ check_demo();
 
 auth_check($auth[$sub_menu], 'd');
 
-check_token();
+check_admin_token();
 
 $count = count($_POST['chk']);
 if(!$count)
diff --git a/adm/shop_admin/wishlist.php b/adm/shop_admin/wishlist.php
index f3a9b0d68..62db43c1f 100644
--- a/adm/shop_admin/wishlist.php
+++ b/adm/shop_admin/wishlist.php
@@ -18,6 +18,7 @@ if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
 if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
 
 if ($sort1 == "") $sort1 = "it_id_cnt";
+if (!in_array($sort1, array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) $sort1 = "it_id_cnt";
 if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
 
 $sql  = " select a.it_id,
diff --git a/shop/taxsave.php b/shop/taxsave.php
index d03832a90..1732c54cc 100644
--- a/shop/taxsave.php
+++ b/shop/taxsave.php
@@ -4,6 +4,12 @@ include_once('./_common.php');
 $g5['title'] = '주문번호 '.$od_id.' 현금영수증 발행';
 include_once(G5_PATH.'/head.sub.php');
 
+if (!$od_id){
+    alert('주문번호가 누락되었습니다.');
+}
+
+$od_id = preg_replace('/[^a-z0-9_-]/i', '', $od_id);
+
 if($tx == 'personalpay') {
     $od = sql_fetch(" select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$od_id' ");
     if (!$od)