KVE-0778 영카트 다중 취약점 수정
This commit is contained in:
thisgun
@ -19,6 +19,11 @@ if ($ev_mimg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
|
|||||||
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
|
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
|
||||||
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
|
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
|
||||||
|
|
||||||
|
$skin_regex_patten = "^list.[0-9]+\.skin\.php";
|
||||||
|
|
||||||
|
$ev_skin = (preg_match("/$pattern/", $ev_skin) && G5_SHOP_SKIN_PATH.'/'.file_exists($ev_skin)) ? $ev_skin : '';
|
||||||
|
$ev_mobile_skin = (preg_match("/$pattern/", $ev_mobile_skin) && G5_MSHOP_SKIN_PATH.'/'.file_exists($ev_mobile_skin)) ? $ev_mobile_skin : '';
|
||||||
|
|
||||||
$sql_common = " set ev_skin = '$ev_skin',
|
$sql_common = " set ev_skin = '$ev_skin',
|
||||||
ev_mobile_skin = '$ev_mobile_skin',
|
ev_mobile_skin = '$ev_mobile_skin',
|
||||||
ev_img_width = '$ev_img_width',
|
ev_img_width = '$ev_img_width',
|
||||||
|
|||||||
@ -10,6 +10,7 @@ if (!in_array($sort1, array('a.it_id', 'it_name'))) $sort1 = "a.it_id";
|
|||||||
$sel_field = strip_tags($sel_field);
|
$sel_field = strip_tags($sel_field);
|
||||||
$sel_ca_id = get_search_string($sel_ca_id);
|
$sel_ca_id = get_search_string($sel_ca_id);
|
||||||
$search = get_search_string($search);
|
$search = get_search_string($search);
|
||||||
|
$ev_title = isset($ev_title) ? strip_tags($ev_title) : '';
|
||||||
|
|
||||||
$g5['title'] = '이벤트일괄처리';
|
$g5['title'] = '이벤트일괄처리';
|
||||||
include_once (G5_ADMIN_PATH.'/admin.head.php');
|
include_once (G5_ADMIN_PATH.'/admin.head.php');
|
||||||
|
|||||||
Reference in New Issue
Block a user