clean_xss_tags 함수 수정으로 인해 일부 입력값에서 줄바꿈이 안되는 문제 수정

adm/member_form_update.php

@@ -70,7 +70,11 @@ for ($i = 1; $i <= 10; $i++) {
 }
 
 foreach ($check_keys as $key) {
-    $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+    if( in_array($key, array('mb_signature', 'mb_profile')) ){
+        $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1, 0, 0) : '';
+    } else {
+        $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+    }
 }
 
 $mb_memo = isset($_POST['mb_memo']) ? $_POST['mb_memo'] : '';

adm/shop_admin/configformupdate.php

@@ -239,7 +239,11 @@ $check_sanitize_keys = array(
 );
 
 foreach( $check_sanitize_keys as $key ){
-    $$key = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+    if( in_array($key, array('de_bank_account')) ){
+        $$key = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1, 0, 0) : '';
+    } else {
+        $$key = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+    }
 }
 
 $warning_msg = '';

adm/shop_admin/inorderformupdate.php

@@ -232,7 +232,7 @@ $od_b_addr1       = clean_xss_tags($data['od_b_addr1']);
 $od_b_addr2       = clean_xss_tags($data['od_b_addr2']);
 $od_b_addr3       = clean_xss_tags($data['od_b_addr3']);
 $od_b_addr_jibeon = preg_match("/^(N|R)$/", $data['od_b_addr_jibeon']) ? $data['od_b_addr_jibeon'] : '';
-$od_memo          = clean_xss_tags($data['od_memo']);
+$od_memo          = clean_xss_tags($data['od_memo'], 0, 1, 0, 0);
 $od_deposit_name  = clean_xss_tags($data['od_deposit_name']);
 $od_tax_flag      = $default['de_tax_flag_use'];
 $od_receipt_price = $tot_ct_price + $od_send_cost + $od_send_cost2 - ($od_temp_point + $tot_cp_price + $tot_sc_cp_price);

adm/sms_admin/sms_write_send.php

@@ -25,7 +25,7 @@ if ( ! (($config['cf_icode_id'] && $config['cf_icode_pw']) || $config['cf_icode_
 }
 
 $wr_reply   = isset($_REQUEST['wr_reply']) ? preg_replace('#[^0-9\-]#', '', trim($_REQUEST['wr_reply'])) : '';
-$wr_message = isset($_REQUEST['wr_message']) ? clean_xss_tags(trim($_REQUEST['wr_message'])) : '';
+$wr_message = isset($_REQUEST['wr_message']) ? clean_xss_tags(trim($_REQUEST['wr_message']), 1, 1, 0, 0) : '';
 $send_list = isset($_REQUEST['send_list']) ? clean_xss_tags(trim($_REQUEST['send_list']), 1, 1) : '';
 
 $wr_by = isset($_REQUEST['wr_by']) ? clean_xss_tags(trim($_REQUEST['wr_by']), 1, 1) : '';

lib/common.lib.php

@@ -3075,10 +3075,12 @@ function get_search_string($stx)
 }
 
 // XSS 관련 태그 제거
-function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0)
+function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0, $is_trim_both=1)
 {
-    // tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다.
-    $str = preg_replace("#[\t\f\v\n\r]#", '', $str);
+    if( $is_trim_both ) {
+        // tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다.
+        $str = preg_replace("#[\t\f\v\n\r]#", '', $str);
+    }
 
     if( $is_remove_tags ){
         $str = strip_tags($str);

mobile/shop/inicis/pay_approval.php

@@ -168,7 +168,11 @@ if(isset($data['pp_id']) && !empty($data['pp_id'])) {
                 $_POST[$key][$k] = $params[$key][$k] = clean_xss_tags(strip_tags($v));
             }
         } else {
-            $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value));
+            if(in_array($key, array('od_memo'))){
+                $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value), 0, 0, 0, 0);
+            } else {
+                $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value));
+            }
         }
     }
 

mobile/shop/orderformupdate.php

@@ -589,7 +589,7 @@ $od_b_addr1       = clean_xss_tags($od_b_addr1);
 $od_b_addr2       = clean_xss_tags($od_b_addr2);
 $od_b_addr3       = clean_xss_tags($od_b_addr3);
 $od_b_addr_jibeon = preg_match("/^(N|R)$/", $od_b_addr_jibeon) ? $od_b_addr_jibeon : '';
-$od_memo          = clean_xss_tags($od_memo);
+$od_memo          = clean_xss_tags($od_memo, 0, 1, 0, 0);
 $od_deposit_name  = clean_xss_tags($od_deposit_name);
 $od_tax_flag      = $default['de_tax_flag_use'];
 

shop/inicis/inistdpay_return.php

@@ -38,7 +38,11 @@ foreach($data as $key=>$value) {
             $_POST[$key][$k] = $params[$key][$k] = clean_xss_tags(strip_tags($v));
         }
     } else {
-        $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value));
+        if(in_array($key, array('od_memo'))){
+            $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value), 0, 0, 0, 0);
+        } else {
+            $_POST[$key] = $params[$key] = clean_xss_tags(strip_tags($value));
+        }
     }
 }
 

shop/orderformupdate.php

@@ -542,7 +542,7 @@ $od_b_addr1       = clean_xss_tags($od_b_addr1);
 $od_b_addr2       = clean_xss_tags($od_b_addr2);
 $od_b_addr3       = clean_xss_tags($od_b_addr3);
 $od_b_addr_jibeon = preg_match("/^(N|R)$/", $od_b_addr_jibeon) ? $od_b_addr_jibeon : '';
-$od_memo          = clean_xss_tags($od_memo);
+$od_memo          = clean_xss_tags($od_memo, 1, 1, 0, 0);
 $od_deposit_name  = clean_xss_tags($od_deposit_name);
 $od_tax_flag      = $default['de_tax_flag_use'];
 

theme/basic/css/default_shop.css

@@ -1067,6 +1067,17 @@ a.btn_frmline.is-long-text{height:auto;width:160px}
 
 #sod_fin_dvr .dvr_link {color:#ff3061;text-decoration:underline}
 
+#sod_fin_tot {margin:10px 0}
+#sod_fin_tot h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
+#sod_fin_tot ul {margin:0;padding:0;list-style:none}
+#sod_fin_tot li {padding:10px;background:#38b2b9;border-bottom:1px solid #5ec2c7;color:#fff;zoom:1}
+#sod_fin_tot li:after {display:block;visibility:hidden;clear:both;content:""}
+#sod_fin_tot #alrdy {border-bottom:0 !important}
+#sod_fin_tot #alrdy .right{margin-top:10px;text-align:right;color:#f3f3f3;font-size:0.9em}
+#sod_fin_tot #alrdy .right p{position:relative}
+#sod_fin_tot #alrdy .right .title{position:absolute;left:0;padding-left:8px}
+#sod_fin_tot strong {float:right}
+
 #sod_fin_cancel {text-align:center}
 #sod_fin_cancel .sod_fin_c_btn {height:50px;border:1px solid #bababa;border-radius:3px;font-weight:bold;width:100%;background:none;color:#5e6b6f}
 #sod_fin_cancel .sod_fin_c_btn:hover {background:#fff}