firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2019-0008, 0014, 0029] 영카트 XSS 및 SQL Injection 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-02-14 09:26:42 +09:00
parent b6d9260f3a
commit d81b56c0ec
5 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
shop/orderform.sub.php
View File

@ -361,7 +361,7 @@ if($is_kakaopay_use) {
$result = sql_query($sql);
for($i=0; $row=sql_fetch_array($result); $i++) {
$val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? $row['ad_subject'] : $row['ad_name']).')</label>';
$val2 = '<label for="ad_sel_addr_'.($i+1).'">최근배송지('.($row['ad_subject'] ? get_text($row['ad_subject']) : get_text($row['ad_name'])).')</label>';
$addr_list .= '<input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_'.($i+1).'"> '.PHP_EOL.$val2.PHP_EOL;
}