From cc19d959556a353cdba456f9a22cce0d340bba47 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 13 Jun 2019 17:08:36 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2019-1045=20=EC=98=81=EC=B9=B4=ED=8A=B8=20X?=
 =?UTF-8?q?SS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/couponmember.php | 10 ++++++----
 adm/shop_admin/coupontarget.php |  7 ++++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/adm/shop_admin/couponmember.php b/adm/shop_admin/couponmember.php
index 69acf3376..e8883ef10 100644
--- a/adm/shop_admin/couponmember.php
+++ b/adm/shop_admin/couponmember.php
@@ -12,8 +12,10 @@ include_once(G5_PATH.'/head.sub.php');
 $sql_common = " from {$g5['member_table']} ";
 $sql_where = " where mb_id <> '{$config['cf_admin']}' and mb_leave_date = '' and mb_intercept_date ='' ";
 
-if($_GET['mb_name'])
-    $sql_where .= " and mb_name like '%$mb_name%' ";
+if($mb_name){
+    $mb_name = strip_tags($mb_name);
+    $sql_where .= " and mb_name like '%".sql_real_escape_string($mb_name)."%' ";
+}
 
 // 테이블의 전체 레코드수만 얻음
 $sql = " select count(*) as cnt " . $sql_common . $sql_where;
@@ -32,7 +34,7 @@ $sql = " select mb_id, mb_name
             limit $from_record, $rows ";
 $result = sql_query($sql);
 
-$qstr1 = 'mb_name='.$_GET['mb_name'];
+$qstr1 = 'mb_name='.urlencode($mb_name);
 ?>
 
 <div id="sch_member_frm" class="new_win scp_new_win">
@@ -41,7 +43,7 @@ $qstr1 = 'mb_name='.$_GET['mb_name'];
     <form name="fmember" method="get">
     <div id="scp_list_find">
         <label for="mb_name">회원이름</label>
-        <input type="text" name="mb_name" id="mb_name" value="<?php echo $mb_name; ?>" class="frm_input required" required size="20">
+        <input type="text" name="mb_name" id="mb_name" value="<?php echo get_text($mb_name); ?>" class="frm_input required" required size="20">
         <input type="submit" value="검색" class="btn_frmline">
     </div>
     <div class="tbl_head01 tbl_wrap new_win_con">
diff --git a/adm/shop_admin/coupontarget.php b/adm/shop_admin/coupontarget.php
index 9977c3c26..91279b93a 100644
--- a/adm/shop_admin/coupontarget.php
+++ b/adm/shop_admin/coupontarget.php
@@ -5,7 +5,7 @@ include_once('./_common.php');
 auth_check($auth[$sub_menu], "w");
 
 $sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
-$sch_word   = clean_xss_tags($_GET['sch_word']);
+$sch_word   = clean_xss_tags(strip_tags($_GET['sch_word']));
 
 if($_GET['sch_target'] == 1) {
     $html_title = '분류';
@@ -28,14 +28,14 @@ if($sch_target == 1) {
     $sql_common = " from {$g5['g5_shop_category_table']} ";
     $sql_where = " where ca_use = '1' and ca_nocoupon = '0' ";
     if($sch_word)
-        $sql_where .= " and ca_name like '%$sch_word%' ";
+        $sql_where .= " and ca_name like '%".sql_real_escape_string($sch_word)."%' ";
     $sql_select = " select ca_id as t_id, ca_name as t_name ";
     $sql_order = " order by ca_order, ca_name ";
 } else {
     $sql_common = " from {$g5['g5_shop_item_table']} ";
     $sql_where = " where it_use = '1' and it_nocoupon = '0' ";
     if($sch_word)
-        $sql_where .= " and it_name like '%$sch_word%' ";
+        $sql_where .= " and it_name like '%".sql_real_escape_string($sch_word)."%' ";
     $sql_select = " select it_id as t_id, it_name as t_name ";
     $sql_order = " order by it_order, it_name ";
 }
@@ -51,6 +51,7 @@ if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이
 $from_record = ($page - 1) * $rows; // 시작 열을 구함
 
 $sql = $sql_select . $sql_common . $sql_where . $sql_order . " limit $from_record, $rows ";
+
 $result = sql_query($sql);
 
 $qstr1 = 'sch_target='.$sch_target.'&amp;sch_word='.urlencode($sch_word);