[KVE-2019-0008, 0014, 0029] 영카트 XSS 및 SQL Injection 취약점 수정
This commit is contained in:
thisgun
@ -24,20 +24,20 @@ if ($_POST['act_button'] == "선택수정") {
|
||||
}
|
||||
|
||||
$sql = "update {$g5['g5_shop_item_table']}
|
||||
set ca_id = '{$_POST['ca_id'][$k]}',
|
||||
ca_id2 = '{$_POST['ca_id2'][$k]}',
|
||||
ca_id3 = '{$_POST['ca_id3'][$k]}',
|
||||
it_name = '{$_POST['it_name'][$k]}',
|
||||
it_cust_price = '{$_POST['it_cust_price'][$k]}',
|
||||
it_price = '{$_POST['it_price'][$k]}',
|
||||
it_stock_qty = '{$_POST['it_stock_qty'][$k]}',
|
||||
it_skin = '{$_POST['it_skin'][$k]}',
|
||||
it_mobile_skin = '{$_POST['it_mobile_skin'][$k]}',
|
||||
it_use = '{$_POST['it_use'][$k]}',
|
||||
it_soldout = '{$_POST['it_soldout'][$k]}',
|
||||
it_order = '{$_POST['it_order'][$k]}',
|
||||
set ca_id = '".sql_real_escape_string($_POST['ca_id'][$k])."',
|
||||
ca_id2 = '".sql_real_escape_string($_POST['ca_id2'][$k])."',
|
||||
ca_id3 = '".sql_real_escape_string($_POST['ca_id3'][$k])."',
|
||||
it_name = '".sql_real_escape_string($_POST['it_name'][$k])."',
|
||||
it_cust_price = '".sql_real_escape_string($_POST['it_cust_price'][$k])."',
|
||||
it_price = '".sql_real_escape_string($_POST['it_price'][$k])."',
|
||||
it_stock_qty = '".sql_real_escape_string($_POST['it_stock_qty'][$k])."',
|
||||
it_skin = '".sql_real_escape_string($_POST['it_skin'][$k])."',
|
||||
it_mobile_skin = '".sql_real_escape_string($_POST['it_mobile_skin'][$k])."',
|
||||
it_use = '".sql_real_escape_string($_POST['it_use'][$k])."',
|
||||
it_soldout = '".sql_real_escape_string($_POST['it_soldout'][$k])."',
|
||||
it_order = '".sql_real_escape_string($_POST['it_order'][$k])."',
|
||||
it_update_time = '".G5_TIME_YMDHIS."'
|
||||
where it_id = '{$_POST['it_id'][$k]}' ";
|
||||
where it_id = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k])."' ";
|
||||
sql_query($sql);
|
||||
}
|
||||
} else if ($_POST['act_button'] == "선택삭제") {
|
||||
@ -55,7 +55,7 @@ if ($_POST['act_button'] == "선택수정") {
|
||||
$k = $_POST['chk'][$i];
|
||||
|
||||
// include 전에 $it_id 값을 반드시 넘겨야 함
|
||||
$it_id = $_POST['it_id'][$k];
|
||||
$it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
|
||||
include ('./itemdelete.inc.php');
|
||||
}
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ include_once(G5_PATH.'/head.sub.php');
|
||||
<input type="text" name="ad_subject[<?php echo $i; ?>]" value="<?php echo $row['ad_subject']; ?>" class="ad_subject" maxlength="20">
|
||||
</div>
|
||||
<div class="addr_info">
|
||||
<div class="addr_name"><?php echo $row['ad_name']; ?></div>
|
||||
<div class="addr_name"><?php echo get_text($row['ad_name']); ?></div>
|
||||
<div class="addr_addr"><?php echo print_address($row['ad_addr1'], $row['ad_addr2'], $row['ad_addr3'], $row['ad_jibeon']); ?></div>
|
||||
<div class="addr_tel"><i class="fa fa-phone" aria-hidden="true"></i> <?php echo $row['ad_tel']; ?> / <i class="fa fa-mobile" aria-hidden="true"></i> <?php echo $row['ad_hp']; ?></div>
|
||||
</div>
|
||||
|
||||
@ -378,7 +378,7 @@ if($is_kakaopay_use) {
|
||||
$result = sql_query($sql);
|
||||
for($i=0; $row=sql_fetch_array($result); $i++) {
|
||||
$val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
|
||||
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
|
||||
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
|
||||
$addr_list .= '<br><input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
|
||||
}
|
||||
|
||||
|
||||
@ -320,7 +320,7 @@ else // 장바구니에 담기
|
||||
else if($it['it_sc_type'] > 1 && $it['it_sc_method'] == 1)
|
||||
$ct_send_cost = 1; // 착불
|
||||
|
||||
$io_value = sql_real_escape_string($io_value);
|
||||
$io_value = sql_real_escape_string(strip_tags($io_value));
|
||||
$remote_addr = get_real_client_ip();
|
||||
|
||||
$sql .= $comma."( '$tmp_cart_id', '{$member['mb_id']}', '{$it['it_id']}', '".addslashes($it['it_name'])."', '{$it['it_sc_type']}', '{$it['it_sc_method']}', '{$it['it_sc_price']}', '{$it['it_sc_minimum']}', '{$it['it_sc_qty']}', '쇼핑', '{$it['it_price']}', '$point', '0', '0', '$io_value', '$ct_qty', '{$it['it_notax']}', '$io_id', '$io_type', '$io_price', '".G5_TIME_YMDHIS."', '$remote_addr', '$ct_send_cost', '$sw_direct', '$ct_select', '$ct_select_time' )";
|
||||
|
||||
@ -361,7 +361,7 @@ if($is_kakaopay_use) {
|
||||
$result = sql_query($sql);
|
||||
for($i=0; $row=sql_fetch_array($result); $i++) {
|
||||
$val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
|
||||
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
|
||||
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
|
||||
$addr_list .= '<input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user