[KVE-2025-0234] 관리자 XSS 취약점 수정

2025-04-15 10:11:31 +09:00
parent 918ad48675
commit c5817594d0
12 changed files with 156 additions and 36 deletions
--- a/adm/shop_admin/couponform.php
+++ b/adm/shop_admin/couponform.php
@ -46,13 +46,13 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 ?>

 <form name="fcouponform" action="./couponformupdate.php" method="post" onsubmit="return form_check(this);">
-<input type="hidden" name="w" value="<?php echo $w; ?>">
-<input type="hidden" name="cp_id" value="<?php echo $cp_id; ?>">
-<input type="hidden" name="sst" value="<?php echo $sst; ?>">
-<input type="hidden" name="sod" value="<?php echo $sod; ?>">
-<input type="hidden" name="sfl" value="<?php echo $sfl; ?>">
-<input type="hidden" name="stx" value="<?php echo $stx; ?>">
-<input type="hidden" name="page" value="<?php echo $page;?>">
+<input type="hidden" name="w" value="<?php echo get_sanitize_input($w); ?>">
+<input type="hidden" name="cp_id" value="<?php echo get_sanitize_input($cp_id); ?>">
+<input type="hidden" name="sst" value="<?php echo get_sanitize_input($sst); ?>">
+<input type="hidden" name="sod" value="<?php echo get_sanitize_input($sod); ?>">
+<input type="hidden" name="sfl" value="<?php echo get_sanitize_input($sfl); ?>">
+<input type="hidden" name="stx" value="<?php echo get_sanitize_input($stx); ?>">
+<input type="hidden" name="page" value="<?php echo get_sanitize_input($page);?>">

 <div class="tbl_frm01 tbl_wrap">
    <table>