firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1045 영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-06-13 17:08:36 +09:00
parent cc7142acee
commit cc19d95955
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adm/shop_admin/couponmember.php
View File

@ -12,8 +12,10 @@ include_once(G5_PATH.'/head.sub.php');
$sql_common = " from {$g5['member_table']} ";
$sql_where = " where mb_id <> '{$config['cf_admin']}' and mb_leave_date = '' and mb_intercept_date ='' ";
if($_GET['mb_name'])
$sql_where .= " and mb_name like '%$mb_name%' ";
if($mb_name){
$mb_name = strip_tags($mb_name);
$sql_where .= " and mb_name like '%".sql_real_escape_string($mb_name)."%' ";
}
// 테이블의 전체 레코드수만 얻음
$sql = " select count(*) as cnt " . $sql_common . $sql_where;
@ -32,7 +34,7 @@ $sql = " select mb_id, mb_name
limit $from_record, $rows ";
$result = sql_query($sql);
$qstr1 = 'mb_name='.$_GET['mb_name'];
$qstr1 = 'mb_name='.urlencode($mb_name);
?>
<div id="sch_member_frm" class="new_win scp_new_win">
@ -41,7 +43,7 @@ $qstr1 = 'mb_name='.$_GET['mb_name'];
<form name="fmember" method="get">
<div id="scp_list_find">
<label for="mb_name">회원이름</label>
<input type="text" name="mb_name" id="mb_name" value="<?php echo $mb_name; ?>" class="frm_input required" required size="20">
<input type="text" name="mb_name" id="mb_name" value="<?php echo get_text($mb_name); ?>" class="frm_input required" required size="20">
<input type="submit" value="검색" class="btn_frmline">
</div>
<div class="tbl_head01 tbl_wrap new_win_con">

7
adm/shop_admin/coupontarget.php
View File

@ -5,7 +5,7 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
$sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
$sch_word = clean_xss_tags($_GET['sch_word']);
$sch_word = clean_xss_tags(strip_tags($_GET['sch_word']));
if($_GET['sch_target'] == 1) {
$html_title = '분류';
@ -28,14 +28,14 @@ if($sch_target == 1) {
$sql_common = " from {$g5['g5_shop_category_table']} ";
$sql_where = " where ca_use = '1' and ca_nocoupon = '0' ";
if($sch_word)
$sql_where .= " and ca_name like '%$sch_word%' ";
$sql_where .= " and ca_name like '%".sql_real_escape_string($sch_word)."%' ";
$sql_select = " select ca_id as t_id, ca_name as t_name ";
$sql_order = " order by ca_order, ca_name ";
} else {
$sql_common = " from {$g5['g5_shop_item_table']} ";
$sql_where = " where it_use = '1' and it_nocoupon = '0' ";
if($sch_word)
$sql_where .= " and it_name like '%$sch_word%' ";
$sql_where .= " and it_name like '%".sql_real_escape_string($sch_word)."%' ";
$sql_select = " select it_id as t_id, it_name as t_name ";
$sql_order = " order by it_order, it_name ";
}
@ -51,6 +51,7 @@ if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이
$from_record = ($page - 1) * $rows; // 시작 열을 구함
$sql = $sql_select . $sql_common . $sql_where . $sql_order . " limit $from_record, $rows ";
$result = sql_query($sql);
$qstr1 = 'sch_target='.$sch_target.'&amp;sch_word='.urlencode($sch_word);