From d585c348949f86861b96398597e7d200556a8f7e Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Mon, 29 Dec 2014 10:38:06 +0900
Subject: [PATCH] =?UTF-8?q?Blind=20SQl=20Injection=20=EB=8C=80=EC=9D=91=20?=
 =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shop/_common.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/shop/_common.php b/shop/_common.php
index 2962729c9..5cdeec8c4 100644
--- a/shop/_common.php
+++ b/shop/_common.php
@@ -1,6 +1,19 @@
 <?php
 include_once('../common.php');
 
+if (isset($_REQUEST['sort']))  {
+    $sort = trim($_REQUEST['sort']);
+    $sort = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sort);
+} else {
+    $sort = '';
+}
+
+if (isset($_REQUEST['sortodr']))  {
+    $sortodr = preg_match("/^(asc|desc)$/i", $sortodr) ? $sortodr : '';
+} else {
+    $sortodr = '';
+}
+
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 define('_SHOP_', true);