firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

XSS 대응 코드 추가

Browse Source
This commit is contained in:
chicpro
2014-10-17 14:04:51 +09:00
parent 31bdd584e4
commit c3390ef902
8 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/shop_admin/couponformupdate.php
View File

@ -166,7 +166,7 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) {
// E-MAIL // E-MAIL
if($config['cf_email_use'] && $_POST['cp_email_send'] && $arr_send_list[$i]['mb_email'] && $arr_send_list[$i]['mb_mailling']) { if($config['cf_email_use'] && $_POST['cp_email_send'] && $arr_send_list[$i]['mb_email'] && $arr_send_list[$i]['mb_mailling']) {
$mb_name = $arr_send_list[$i]['mb_name']; $mb_name = get_text($arr_send_list[$i]['mb_name']);
switch($cp_method) { switch($cp_method) {
case 2: case 2:
$coupon_method = '결제금액할인'; $coupon_method = '결제금액할인';

2
adm/shop_admin/couponmember.php
View File

@ -59,7 +59,7 @@ $qstr1 = 'mb_name='.$_GET['mb_name'];
for($i=0; $row=sql_fetch_array($result); $i++) { for($i=0; $row=sql_fetch_array($result); $i++) {
?> ?>
<tr> <tr>
<td class="td_mbname"><?php echo $row['mb_name']; ?></td> <td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td><?php echo $row['mb_id']; ?></td> <td><?php echo $row['mb_id']; ?></td>
<td class="scp_find_select"><button type="button" class="btn_frmline" onclick="sel_member_id('<?php echo $row['mb_id']; ?>');">선택</button></td> <td class="scp_find_select"><button type="button" class="btn_frmline" onclick="sel_member_id('<?php echo $row['mb_id']; ?>');">선택</button></td>
</tr> </tr>

2
adm/shop_admin/itemqaform.php
View File

@ -12,7 +12,7 @@ $sql = " select *
$iq = sql_fetch($sql); $iq = sql_fetch($sql);
if (!$iq['iq_id']) alert('등록된 자료가 없습니다.'); if (!$iq['iq_id']) alert('등록된 자료가 없습니다.');
$name = get_sideview($is['mb_id'], $iq['iq_name'], $is['mb_email'], $is['mb_homepage']); $name = get_sideview($is['mb_id'], get_text($iq['iq_name']), $is['mb_email'], $is['mb_homepage']);
$g5['title'] = '상품문의'; $g5['title'] = '상품문의';
include_once (G5_ADMIN_PATH.'/admin.head.php'); include_once (G5_ADMIN_PATH.'/admin.head.php');

2
adm/shop_admin/itemqalist.php
View File

@ -120,7 +120,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
for ($i=0; $row=mysql_fetch_array($result); $i++) { for ($i=0; $row=mysql_fetch_array($result); $i++) {
$row['iq_subject'] = cut_str($row['iq_subject'], 30, "..."); $row['iq_subject'] = cut_str($row['iq_subject'], 30, "...");
$href = G5_SHOP_URL.'/item.php?it_id='.$row['it_id']; $href = G5_SHOP_URL.'/item.php?it_id='.$row['it_id'];
$name = get_sideview($row['mb_id'], $row['iq_name'], $row['mb_email'], $row['mb_homepage']); $name = get_sideview($row['mb_id'], get_text($row['iq_name']), $row['mb_email'], $row['mb_homepage']);
$answer = $row['iq_answer'] ? 'Y' : '&nbsp;'; $answer = $row['iq_answer'] ? 'Y' : '&nbsp;';
$iq_question = get_view_thumbnail($row['iq_question'], 300); $iq_question = get_view_thumbnail($row['iq_question'], 300);
$iq_answer = $row['iq_answer'] ? get_view_thumbnail($row['iq_answer'], 300) : "답변이 등록되지 않았습니다."; $iq_answer = $row['iq_answer'] ? get_view_thumbnail($row['iq_answer'], 300) : "답변이 등록되지 않았습니다.";

2
adm/shop_admin/orderlist.php
View File

@ -288,7 +288,7 @@ if(!sql_query(" select mb_id from {$g5['g5_shop_order_delete_table']} limit 1 ",
if ($row['od_receipt_point'] > 0) if ($row['od_receipt_point'] > 0)
$s_receipt_way .= $s_br."포인트"; $s_receipt_way .= $s_br."포인트";
$mb_nick = get_sideview($row['mb_id'], $row['od_name'], $row['od_email'], ''); $mb_nick = get_sideview($row['mb_id'], get_text($row['od_name']), $row['od_email'], '');
$od_cnt = 0; $od_cnt = 0;
if ($row['mb_id']) if ($row['mb_id'])

2
shop/itemqaformupdate.php
View File

@ -12,7 +12,7 @@ $iq_answer = trim($_POST['iq_answer']);
$hash = trim($_REQUEST['hash']); $hash = trim($_REQUEST['hash']);
if ($w == "" || $w == "u") { if ($w == "" || $w == "u") {
$iq_name = $member['mb_name']; $iq_name = addslashes($member['mb_name']);
$iq_password = $member['mb_password']; $iq_password = $member['mb_password'];
if (!$iq_subject) alert("제목을 입력하여 주십시오."); if (!$iq_subject) alert("제목을 입력하여 주십시오.");

2
shop/itemrecommendmail.php
View File

@ -36,7 +36,7 @@ if (!$it['it_id'])
$subject = stripslashes($subject); $subject = stripslashes($subject);
$content = nl2br(stripslashes($content)); $content = nl2br(stripslashes($content));
$from_name = $member['mb_name']; $from_name = get_text($member['mb_name']);
$from_email = $member['mb_email']; $from_email = $member['mb_email'];
$it_id = $it['it_id']; $it_id = $it['it_id'];
$it_name = $it['it_name']; $it_name = $it['it_name'];

2
shop/itemuseformupdate.php
View File

@ -16,7 +16,7 @@ $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
check_itemuse_write($it_id, $member['mb_id']); check_itemuse_write($it_id, $member['mb_id']);
if ($w == "" || $w == "u") { if ($w == "" || $w == "u") {
$is_name = $member['mb_name']; $is_name = addslashes($member['mb_name']);
$is_password = $member['mb_password']; $is_password = $member['mb_password'];
if (!$is_subject) alert("제목을 입력하여 주십시오."); if (!$is_subject) alert("제목을 입력하여 주십시오.");