KVE-2018-0300,0331,0356,0358,0370 그누보드/영카트 다중 취약점 수정

2018-05-23 11:58:06 +09:00
parent d9cc2f9414
commit c245be09a3
9 changed files with 13 additions and 4 deletions
--- a/adm/shop_admin/itemsellrank.php
+++ b/adm/shop_admin/itemsellrank.php
@ -11,6 +11,7 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 if (!$to_date) $to_date = date("Ymd", time());

 if ($sort1 == "") $sort1 = "ct_status_sum";
+if (!in_array($sort1, array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) $sort1 = "ct_status_sum";
 if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";

 $doc = strip_tags($doc);