KVE-2018-0300,0331,0356,0358,0370 그누보드/영카트 다중 취약점 수정

2018-05-23 11:58:06 +09:00
parent d9cc2f9414
commit c245be09a3
9 changed files with 13 additions and 4 deletions
--- a/shop/taxsave.php
+++ b/shop/taxsave.php
@ -4,6 +4,12 @@ include_once('./_common.php');
 $g5['title'] = '주문번호 '.$od_id.' 현금영수증 발행';
 include_once(G5_PATH.'/head.sub.php');

+if (!$od_id){
+    alert('주문번호가 누락되었습니다.');
+}
+
+$od_id = preg_replace('/[^a-z0-9_-]/i', '', $od_id);
+
 if($tx == 'personalpay') {
    $od = sql_fetch(" select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$od_id' ");
    if (!$od)