firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0234] 관리자 XSS 취약점 수정

Browse Source
This commit is contained in:
2025-04-15 10:11:31 +09:00
parent 918ad48675
commit c5817594d0
12 changed files with 156 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
adm/shop_admin/couponform.php
View File

@ -46,13 +46,13 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
?>
<form name="fcouponform" action="./couponformupdate.php" method="post" onsubmit="return form_check(this);">
<input type="hidden" name="w" value="<?php echo $w; ?>">
<input type="hidden" name="cp_id" value="<?php echo $cp_id; ?>">
<input type="hidden" name="sst" value="<?php echo $sst; ?>">
<input type="hidden" name="sod" value="<?php echo $sod; ?>">
<input type="hidden" name="sfl" value="<?php echo $sfl; ?>">
<input type="hidden" name="stx" value="<?php echo $stx; ?>">
<input type="hidden" name="page" value="<?php echo $page;?>">
<input type="hidden" name="w" value="<?php echo get_sanitize_input($w); ?>">
<input type="hidden" name="cp_id" value="<?php echo get_sanitize_input($cp_id); ?>">
<input type="hidden" name="sst" value="<?php echo get_sanitize_input($sst); ?>">
<input type="hidden" name="sod" value="<?php echo get_sanitize_input($sod); ?>">
<input type="hidden" name="sfl" value="<?php echo get_sanitize_input($sfl); ?>">
<input type="hidden" name="stx" value="<?php echo get_sanitize_input($stx); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page);?>">
<div class="tbl_frm01 tbl_wrap">
<table>

8
adm/shop_admin/itemsellrank.php
View File

@ -68,10 +68,10 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="sort1" value="<?php echo $sort1; ?>">
<input type="hidden" name="sort2" value="<?php echo $sort2; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="sort1" value="<?php echo get_sanitize_input($sort1); ?>">
<input type="hidden" name="sort2" value="<?php echo get_sanitize_input($sort2); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sel_ca_id" class="sound_only">검색대상</label>
<select name="sel_ca_id" id="sel_ca_id">

8
adm/shop_admin/itemstocklist.php
View File

@ -67,10 +67,10 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="sort1" value="<?php echo $sort1; ?>">
<input type="hidden" name="sort2" value="<?php echo $sort2; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="sort1" value="<?php echo get_sanitize_input($sort1); ?>">
<input type="hidden" name="sort2" value="<?php echo get_sanitize_input($sort2); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sel_ca_id" class="sound_only">분류선택</label>
<select name="sel_ca_id" id="sel_ca_id">

8
adm/shop_admin/itemstocksms.php
View File

@ -74,10 +74,10 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="sort1" value="<?php echo $sort1; ?>">
<input type="hidden" name="sort2" value="<?php echo $sort2; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="sort1" value="<?php echo get_sanitize_input($sort1); ?>">
<input type="hidden" name="sort2" value="<?php echo get_sanitize_input($sort2); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sel_field" class="sound_only">검색대상</label>
<select name="sel_field" id="sel_field">

4
adm/shop_admin/itemtypelist.php
View File

@ -85,8 +85,8 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sca" class="sound_only">분류선택</label>
<select name="sca" id="sca">

8
adm/shop_admin/optionstocklist.php
View File

@ -69,10 +69,10 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="sort1" value="<?php echo $sort1; ?>">
<input type="hidden" name="sort2" value="<?php echo $sort2; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="sort1" value="<?php echo get_sanitize_input($sort1); ?>">
<input type="hidden" name="sort2" value="<?php echo get_sanitize_input($sort2); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sel_ca_id" class="sound_only">분류선택</label>
<select name="sel_ca_id" id="sel_ca_id">

10
adm/shop_admin/orderlist.php
View File

@ -160,11 +160,11 @@ if( function_exists('pg_setting_check') ){
</div>
<form name="frmorderlist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="sort1" value="<?php echo $sort1; ?>">
<input type="hidden" name="sort2" value="<?php echo $sort2; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="save_search" value="<?php echo $search; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="sort1" value="<?php echo get_sanitize_input($sort1); ?>">
<input type="hidden" name="sort2" value="<?php echo get_sanitize_input($sort2); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<input type="hidden" name="save_search" value="<?php echo get_sanitize_input($search); ?>">
<label for="sel_field" class="sound_only">검색대상</label>
<select name="sel_field" id="sel_field">

4
adm/shop_admin/wishlist.php
View File

@ -58,8 +58,8 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</div>
<form name="flist" class="local_sch01 local_sch">
<input type="hidden" name="doc" value="<?php echo $doc; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="doc" value="<?php echo get_sanitize_input($doc); ?>">
<input type="hidden" name="page" value="<?php echo get_sanitize_input($page); ?>">
<label for="sel_ca_id" class="sound_only">검색대상</label>
<select name="sel_ca_id" id="sel_ca_id">