[KVE-2020-0797] 영카트 SQL 인젝션 취약점 추가 수정

2020-11-24 12:24:37 +09:00
parent bfcf64a1b1
commit d16537c2f1
6 changed files with 23 additions and 27 deletions
--- a/shop/search.php
+++ b/shop/search.php
@ -138,6 +138,13 @@ while($row = sql_fetch_array($result)){
 $q = get_text($q);
 $search_skin = G5_SHOP_SKIN_PATH.'/search.skin.php';

+$list_file = G5_SHOP_SKIN_PATH.'/'.$default['de_search_list_skin'];
+if (file_exists($list_file) && is_include_path_check($list_file)) {
+    define('G5_SHOP_CSS_URL', G5_SHOP_SKIN_URL);
+    $list = new item_list($list_file, $default['de_search_list_mod'], $default['de_search_list_row'], $default['de_search_img_width'], $default['de_search_img_height']);
+    $list->set_query(" select * $sql_common $sql_where {$order_by} limit $from_record, $items ");
+}
+
 if(!file_exists($search_skin)) {
    echo str_replace(G5_PATH.'/', '', $search_skin).' 스킨 파일이 존재하지 않습니다.';
 } else {