firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-0008, 0014, 0029] 영카트 XSS 및 SQL Injection 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-02-14 09:26:42 +09:00
parent b6d9260f3a
commit d81b56c0ec
5 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mobile/shop/orderaddress.php
View File

@ -36,7 +36,7 @@ include_once(G5_PATH.'/head.sub.php');
<input type="text" name="ad_subject[<?php echo $i; ?>]" value="<?php echo $row['ad_subject']; ?>" class="ad_subject" maxlength="20">
</div>
<div class="addr_info">
<div class="addr_name"><?php echo $row['ad_name']; ?></div>
<div class="addr_name"><?php echo get_text($row['ad_name']); ?></div>
<div class="addr_addr"><?php echo print_address($row['ad_addr1'], $row['ad_addr2'], $row['ad_addr3'], $row['ad_jibeon']); ?></div>
<div class="addr_tel"><i class="fa fa-phone" aria-hidden="true"></i> <?php echo $row['ad_tel']; ?> / <i class="fa fa-mobile" aria-hidden="true"></i> <?php echo $row['ad_hp']; ?></div>
</div>

2
mobile/shop/orderform.sub.php
View File

@ -378,7 +378,7 @@ if($is_kakaopay_use) {
$result = sql_query($sql);
for($i=0; $row=sql_fetch_array($result); $i++) {
$val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
$addr_list .= '<br><input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
}