firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0082 원격취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-03-13 15:20:13 +09:00
parent bf75dc1d97
commit e1bd6082b2
10 changed files with 52 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
adm/shop_admin/itemuselistupdate.php
View File

@ -21,23 +21,29 @@ if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++)
{
$k = $_POST['chk'][$i]; // 실제 번호를 넘김
$iit_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
$iis_id = isset($_POST['is_id'][$k]) ? (int) $_POST['is_id'][$k] : 0;
$iis_score = isset($_POST['is_score'][$k]) ? (int) $_POST['is_score'][$k] : 0;
$iis_confirm = isset($_POST['is_confirm'][$k]) ? (int) $_POST['is_confirm'][$k] : 0;
if ($_POST['act_button'] == "선택수정")
{
$sql = "update {$g5['g5_shop_item_use_table']}
set is_score = '{$_POST['is_score'][$k]}',
is_confirm = '{$_POST['is_confirm'][$k]}'
where is_id = '{$_POST['is_id'][$k]}' ";
set is_score = '{$iis_score}',
is_confirm = '{$iis_confirm}'
where is_id = '{$iis_id}' ";
sql_query($sql);
}
else if ($_POST['act_button'] == "선택삭제")
{
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$_POST['is_id'][$k]}' ";
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$iis_id}' ";
sql_query($sql);
}
update_use_cnt($_POST['it_id'][$k]);
update_use_avg($_POST['it_id'][$k]);
if($iit_id){
update_use_cnt($iit_id);
update_use_avg($iit_id);
}
}
goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");