firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-1045 영카트 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-06-13 17:08:36 +09:00
parent cc7142acee
commit cc19d95955
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
adm/shop_admin/coupontarget.php
View File

@ -5,7 +5,7 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
$sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
$sch_word = clean_xss_tags($_GET['sch_word']);
$sch_word = clean_xss_tags(strip_tags($_GET['sch_word']));
if($_GET['sch_target'] == 1) {
$html_title = '분류';
@ -28,14 +28,14 @@ if($sch_target == 1) {
$sql_common = " from {$g5['g5_shop_category_table']} ";
$sql_where = " where ca_use = '1' and ca_nocoupon = '0' ";
if($sch_word)
$sql_where .= " and ca_name like '%$sch_word%' ";
$sql_where .= " and ca_name like '%".sql_real_escape_string($sch_word)."%' ";
$sql_select = " select ca_id as t_id, ca_name as t_name ";
$sql_order = " order by ca_order, ca_name ";
} else {
$sql_common = " from {$g5['g5_shop_item_table']} ";
$sql_where = " where it_use = '1' and it_nocoupon = '0' ";
if($sch_word)
$sql_where .= " and it_name like '%$sch_word%' ";
$sql_where .= " and it_name like '%".sql_real_escape_string($sch_word)."%' ";
$sql_select = " select it_id as t_id, it_name as t_name ";
$sql_order = " order by it_order, it_name ";
}
@ -51,6 +51,7 @@ if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이
$from_record = ($page - 1) * $rows; // 시작 열을 구함
$sql = $sql_select . $sql_common . $sql_where . $sql_order . " limit $from_record, $rows ";
$result = sql_query($sql);
$qstr1 = 'sch_target='.$sch_target.'&amp;sch_word='.urlencode($sch_word);