[KVE-2020-0797] 영카트 SQL 인젝션 취약점 추가 수정

2020-11-24 12:24:37 +09:00
parent bfcf64a1b1
commit d16537c2f1
6 changed files with 23 additions and 27 deletions
--- a/mobile/skin/shop/basic/search.skin.php
+++ b/mobile/skin/shop/basic/search.skin.php
@ -69,11 +69,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
    <div>
        <?php
        // 리스트 유형별로 출력
-        define('G5_SHOP_CSS_URL', G5_MSHOP_SKIN_URL);
-        $list_file = G5_MSHOP_SKIN_PATH.'/'.$default['de_mobile_search_list_skin'];
-        if (file_exists($list_file)) {
-            $list = new item_list($list_file, $default['de_mobile_search_list_mod'], $default['de_mobile_search_list_row'], $default['de_mobile_search_img_width'], $default['de_mobile_search_img_height']);
-            $list->set_query(" select * $sql_common $sql_where {$order_by} limit $from_record, $items ");
+        if (isset($list) && is_object($list) && method_exists($list, 'run')) {
            $list->set_is_page(true);
            $list->set_mobile(true);
            $list->set_view('it_img', true);