diff --git a/adm/shop_admin/itemuselist.php b/adm/shop_admin/itemuselist.php index 989af468d..db1a25205 100644 --- a/adm/shop_admin/itemuselist.php +++ b/adm/shop_admin/itemuselist.php @@ -9,6 +9,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); $where = " where "; $sql_search = ""; +$save_stx = isset($_REQUEST['save_stx']) ? clean_xss_tags($_REQUEST['save_stx'], 1, 1) : ''; + if ($stx != "") { if ($sfl != "") { $sql_search .= " $where $sfl like '%$stx%' "; diff --git a/adm/shop_admin/personalpaylistdelete.php b/adm/shop_admin/personalpaylistdelete.php index 9bf45cb10..3fe79ce6c 100644 --- a/adm/shop_admin/personalpaylistdelete.php +++ b/adm/shop_admin/personalpaylistdelete.php @@ -16,7 +16,7 @@ for ($i=0; $i<$count; $i++) { // 실제 번호를 넘김 $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0; - $ppp_id = isset($_POST['pp_id'][$i]) ? (int) $_POST['pp_id'][$k] : 0; + $ppp_id = isset($_POST['pp_id'][$i]) ? preg_replace('/[^0-9]/', '', $_POST['pp_id'][$k]) : 0; $sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' "; sql_query($sql); diff --git a/lib/shop.uri.lib.php b/lib/shop.uri.lib.php index 9b4578ce7..3e46838d6 100644 --- a/lib/shop.uri.lib.php +++ b/lib/shop.uri.lib.php @@ -50,7 +50,7 @@ function add_pretty_shop_url($url, $folder, $no='', $query_string='', $action='' if( $config['cf_bbs_rewrite'] > 1 && ! preg_match('/^(list|type)\-([^\/]+)/i', $no) ){ $item = get_shop_item($no, true); - $segments[2] = $item['it_seo_title'] ? urlencode($item['it_seo_title']).'/' : urlencode($no); + $segments[2] = (isset($item['it_seo_title']) && $item['it_seo_title']) ? urlencode($item['it_seo_title']).'/' : urlencode($no); } else { $segments[2] = urlencode($no); } diff --git a/mobile/shop/item.php b/mobile/shop/item.php index fb142ef42..5d95f05ee 100644 --- a/mobile/shop/item.php +++ b/mobile/shop/item.php @@ -6,7 +6,7 @@ $it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : ''; $it_seo_title = isset($it_seo_title) ? $it_seo_title : ''; $it = get_shop_item_with_category($it_id, $it_seo_title); -$it_id = $it['it_id']; +$it_id = $_REQUEST['it_id'] = $it['it_id']; if (! (isset($it['it_id']) && $it['it_id'])) { alert('자료가 없습니다.'); diff --git a/shop/item.php b/shop/item.php index 673a1f2b4..fc30eb45f 100644 --- a/shop/item.php +++ b/shop/item.php @@ -14,7 +14,7 @@ $it = get_shop_item_with_category($it_id, $it_seo_title); if (! (isset($it['it_id']) && $it['it_id'])) alert('자료가 없습니다.'); -$it_id = $it['it_id']; +$it_id = $_REQUEST['it_id'] = $it['it_id']; if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){ shop_seo_title_update($row['it_id']); diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index 9f6abd190..bb44f1e19 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -5,6 +5,7 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성이 가능합니다."); } +$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : ''; $iq_id = isset($_REQUEST['iq_id']) ? (int) $_REQUEST['iq_id'] : 0; $iq_subject = isset($_POST['iq_subject']) ? trim($_POST['iq_subject']) : ''; $iq_question = isset($_POST['iq_question']) ? trim($_POST['iq_question']) : ''; diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 078a4d0de..997e1bbab 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -5,7 +5,7 @@ if (!$is_member) { alert_close("사용후기는 회원만 작성이 가능합니다."); } -$it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : ''; +$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : ''; $is_subject = isset($_POST['is_subject']) ? trim($_POST['is_subject']) : ''; $is_content = isset($_POST['is_content']) ? trim($_POST['is_content']) : ''; $is_content = preg_replace('#(.*?)#is', '', $is_content);