Blind SQl Injection 대응 코드 추가

2014-12-29 10:38:06 +09:00
parent d6a45ac2eb
commit d585c34894
1 changed files with 13 additions and 0 deletions
--- a/shop/_common.php
+++ b/shop/_common.php
@ -1,6 +1,19 @@
 <?php
 include_once('../common.php');

+if (isset($_REQUEST['sort']))  {
+    $sort = trim($_REQUEST['sort']);
+    $sort = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sort);
+} else {
+    $sort = '';
+}
+
+if (isset($_REQUEST['sortodr']))  {
+    $sortodr = preg_match("/^(asc|desc)$/i", $sortodr) ? $sortodr : '';
+} else {
+    $sortodr = '';
+}
+
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
    die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 define('_SHOP_', true);