From d4f4612b2245254a245e480f9a9b3b3c01eab950 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 17 Jun 2022 12:23:21 +0900
Subject: [PATCH] =?UTF-8?q?=EC=95=88=EC=A0=84=ED=95=98=EC=A7=80=20?=
 =?UTF-8?q?=EC=95=8A=EB=8A=94=20=EB=B3=80=EC=88=98=EC=97=90=20=ED=95=84?=
 =?UTF-8?q?=ED=84=B0=EB=A7=81=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/itemsupply.php                             | 8 ++++----
 adm/sms_admin/number_move_update.php                      | 2 +-
 mobile/skin/member/basic/password_reset.skin.php          | 2 +-
 shop/orderaddressupdate.php                               | 2 +-
 skin/member/basic/password_reset.skin.php                 | 2 +-
 .../mobile/skin/member/basic/password_reset.skin.php      | 2 +-
 theme/basic/skin/member/basic/password_reset.skin.php     | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/adm/shop_admin/itemsupply.php b/adm/shop_admin/itemsupply.php
index a992be375..389c2bf62 100644
--- a/adm/shop_admin/itemsupply.php
+++ b/adm/shop_admin/itemsupply.php
@@ -103,7 +103,7 @@ if($ps_run) {
                         $sql = " select io_price, io_stock_qty, io_noti_qty, io_use
                                     from {$g5['g5_shop_item_option_table']}
                                     where it_id = '{$post_it_id}'
-                                      and io_id = '$spl_id'
+                                      and io_id = '".sql_real_escape_string($spl_id)."'
                                       and io_type = '1' ";
                         $row = sql_fetch($sql);
 
@@ -117,11 +117,11 @@ if($ps_run) {
     ?>
     <tr>
         <td class="td_chk">
-            <input type="hidden" name="spl_id[]" value="<?php echo $spl_id; ?>">
-            <label for="spl_chk_<?php echo $i; ?>" class="sound_only"><?php echo $spl_subject.' '.$spl; ?></label>
+            <input type="hidden" name="spl_id[]" value="<?php echo get_text($spl_id); ?>">
+            <label for="spl_chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($spl_subject.' '.$spl); ?></label>
             <input type="checkbox" name="spl_chk[]" id="spl_chk_<?php echo $i; ?>" value="1">
         </td>
-        <td class="spl-subject-cell"><?php echo $spl_subject; ?></td>
+        <td class="spl-subject-cell"><?php echo get_text($spl_subject); ?></td>
         <td class="spl-cell"><?php echo $spl; ?></td>
         <td class="td_numsmall">
             <label for="spl_price_<?php echo $i; ?>" class="sound_only">상품금액</label>
diff --git a/adm/sms_admin/number_move_update.php b/adm/sms_admin/number_move_update.php
index 4118dd96a..b64a1459e 100644
--- a/adm/sms_admin/number_move_update.php
+++ b/adm/sms_admin/number_move_update.php
@@ -21,7 +21,7 @@ for ($kk=0;$row = sql_fetch_array($result);$kk++)
     $bk_no = $row['bk_no'];
     for ($i=0; $i<count($post_chk_bg_no); $i++)
     {
-        $bg_no = $post_chk_bg_no[$i];
+        $bg_no = (int) $post_chk_bg_no[$i];
         if( !$bg_no ) continue;
 
         $sql = " insert into {$g5['sms5_book_table']}
diff --git a/mobile/skin/member/basic/password_reset.skin.php b/mobile/skin/member/basic/password_reset.skin.php
index f7dfafdaa..f8d6accc5 100644
--- a/mobile/skin/member/basic/password_reset.skin.php
+++ b/mobile/skin/member/basic/password_reset.skin.php
@@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="' . $member_skin_url . '/style.css"
                 <p>새로운 비밀번호를 입력해주세요.</p>
                 <label for="mb_id" class="sound_only">아이디</label>
                 <br>
-                <b>회원 아이디 : <?php echo $_POST['mb_id']; ?></b>
+                <b>회원 아이디 : <?php echo get_text($_POST['mb_id']); ?></b>
                 <label for="mb_pw" class="sound_only">새 비밀번호<strong class="sound_only">필수</strong></label>
                 <input type="password" name="mb_password" id="mb_pw" required class="required frm_input full_input" size="30" placeholder="새 비밀번호">
                 <label for="mb_pw2" class="sound_only">새 비밀번호 확인<strong class="sound_only">필수</strong></label>
diff --git a/shop/orderaddressupdate.php b/shop/orderaddressupdate.php
index 8fb5a65f6..403d0d2bd 100644
--- a/shop/orderaddressupdate.php
+++ b/shop/orderaddressupdate.php
@@ -20,7 +20,7 @@ if ($is_member && $count) {
         $ad_subject = isset($_POST['ad_subject'][$k]) ? clean_xss_tags($_POST['ad_subject'][$k]) : '';
 
         $sql = " update {$g5['g5_shop_order_address_table']}
-                    set ad_subject = '$ad_subject' ";
+                    set ad_subject = '".sql_real_escape_string($ad_subject)."' ";
 
         if(!empty($_POST['ad_default']) && $ad_id === $_POST['ad_default']) {
             sql_query(" update {$g5['g5_shop_order_address_table']} set ad_default = '0' where mb_id = '{$member['mb_id']}' ");
diff --git a/skin/member/basic/password_reset.skin.php b/skin/member/basic/password_reset.skin.php
index f7dfafdaa..f8d6accc5 100644
--- a/skin/member/basic/password_reset.skin.php
+++ b/skin/member/basic/password_reset.skin.php
@@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="' . $member_skin_url . '/style.css"
                 <p>새로운 비밀번호를 입력해주세요.</p>
                 <label for="mb_id" class="sound_only">아이디</label>
                 <br>
-                <b>회원 아이디 : <?php echo $_POST['mb_id']; ?></b>
+                <b>회원 아이디 : <?php echo get_text($_POST['mb_id']); ?></b>
                 <label for="mb_pw" class="sound_only">새 비밀번호<strong class="sound_only">필수</strong></label>
                 <input type="password" name="mb_password" id="mb_pw" required class="required frm_input full_input" size="30" placeholder="새 비밀번호">
                 <label for="mb_pw2" class="sound_only">새 비밀번호 확인<strong class="sound_only">필수</strong></label>
diff --git a/theme/basic/mobile/skin/member/basic/password_reset.skin.php b/theme/basic/mobile/skin/member/basic/password_reset.skin.php
index f7dfafdaa..f8d6accc5 100644
--- a/theme/basic/mobile/skin/member/basic/password_reset.skin.php
+++ b/theme/basic/mobile/skin/member/basic/password_reset.skin.php
@@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="' . $member_skin_url . '/style.css"
                 <p>새로운 비밀번호를 입력해주세요.</p>
                 <label for="mb_id" class="sound_only">아이디</label>
                 <br>
-                <b>회원 아이디 : <?php echo $_POST['mb_id']; ?></b>
+                <b>회원 아이디 : <?php echo get_text($_POST['mb_id']); ?></b>
                 <label for="mb_pw" class="sound_only">새 비밀번호<strong class="sound_only">필수</strong></label>
                 <input type="password" name="mb_password" id="mb_pw" required class="required frm_input full_input" size="30" placeholder="새 비밀번호">
                 <label for="mb_pw2" class="sound_only">새 비밀번호 확인<strong class="sound_only">필수</strong></label>
diff --git a/theme/basic/skin/member/basic/password_reset.skin.php b/theme/basic/skin/member/basic/password_reset.skin.php
index f7dfafdaa..f8d6accc5 100644
--- a/theme/basic/skin/member/basic/password_reset.skin.php
+++ b/theme/basic/skin/member/basic/password_reset.skin.php
@@ -13,7 +13,7 @@ add_stylesheet('<link rel="stylesheet" href="' . $member_skin_url . '/style.css"
                 <p>새로운 비밀번호를 입력해주세요.</p>
                 <label for="mb_id" class="sound_only">아이디</label>
                 <br>
-                <b>회원 아이디 : <?php echo $_POST['mb_id']; ?></b>
+                <b>회원 아이디 : <?php echo get_text($_POST['mb_id']); ?></b>
                 <label for="mb_pw" class="sound_only">새 비밀번호<strong class="sound_only">필수</strong></label>
                 <input type="password" name="mb_password" id="mb_pw" required class="required frm_input full_input" size="30" placeholder="새 비밀번호">
                 <label for="mb_pw2" class="sound_only">새 비밀번호 확인<strong class="sound_only">필수</strong></label>