firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2019-0082 원격취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-03-13 15:20:13 +09:00
parent bf75dc1d97
commit e1bd6082b2
10 changed files with 52 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adm/shop_admin/couponzonelist_delete.php
View File

@ -16,8 +16,9 @@ for ($i=0; $i<$count; $i++)
{ {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$ccz_id = (int) $_POST['cz_id'][$k];
$sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$_POST['cz_id'][$k]}' "; $sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$ccz_id}' ";
sql_query($sql); sql_query($sql);
} }

7
adm/shop_admin/itemeventformupdate.php
View File

@ -19,10 +19,13 @@ if ($ev_mimg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h"); if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t"); if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
$ev_skin = preg_replace('#\.+/#', '', $ev_skin);
$ev_mobile_skin = preg_replace('#\.+/#', '', $ev_mobile_skin);
$skin_regex_patten = "^list.[0-9]+\.skin\.php"; $skin_regex_patten = "^list.[0-9]+\.skin\.php";
$ev_skin = (preg_match("/$pattern/", $ev_skin) && G5_SHOP_SKIN_PATH.'/'.file_exists($ev_skin)) ? $ev_skin : ''; $ev_skin = (preg_match("/$skin_regex_patten/", $ev_skin) && file_exists(G5_SHOP_SKIN_PATH.'/'.$ev_skin)) ? $ev_skin : '';
$ev_mobile_skin = (preg_match("/$pattern/", $ev_mobile_skin) && G5_MSHOP_SKIN_PATH.'/'.file_exists($ev_mobile_skin)) ? $ev_mobile_skin : ''; $ev_mobile_skin = (preg_match("/$skin_regex_patten/", $ev_mobile_skin) && file_exists(G5_MSHOP_SKIN_PATH.'/'.$ev_mobile_skin)) ? $ev_mobile_skin : '';
$sql_common = " set ev_skin = '$ev_skin', $sql_common = " set ev_skin = '$ev_skin',
ev_mobile_skin = '$ev_mobile_skin', ev_mobile_skin = '$ev_mobile_skin',

8
adm/shop_admin/itemeventlistupdate.php
View File

@ -8,16 +8,18 @@ auth_check($auth[$sub_menu], "w");
for ($i=0; $i<count($_POST['it_id']); $i++) for ($i=0; $i<count($_POST['it_id']); $i++)
{ {
$iit_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]);
$sql = " delete from {$g5['g5_shop_event_item_table']} $sql = " delete from {$g5['g5_shop_event_item_table']}
where ev_id = '$ev_id' where ev_id = '$ev_id'
and it_id = '{$_POST['it_id'][$i]}' "; and it_id = '{$iit_id}' ";
sql_query($sql); sql_query($sql);
if ($_POST['ev_chk'][$i]) if (isset($_POST['ev_chk'][$i]) && $_POST['ev_chk'][$i])
{ {
$sql = "insert into {$g5['g5_shop_event_item_table']} $sql = "insert into {$g5['g5_shop_event_item_table']}
set ev_id = '$ev_id', set ev_id = '$ev_id',
it_id = '{$_POST['it_id'][$i]}' "; it_id = '{$iit_id}' ";
sql_query($sql); sql_query($sql);
} }

3
adm/shop_admin/itemqalistupdate.php
View File

@ -17,8 +17,9 @@ if ($_POST['act_button'] == "선택삭제") {
for ($i=0; $i<count($_POST['chk']); $i++) { for ($i=0; $i<count($_POST['chk']); $i++) {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$iiq_id = (int) $_POST['iq_id'][$k];
$sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$_POST['iq_id'][$k]}' "; $sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$iiq_id}' ";
sql_query($sql); sql_query($sql);
} }
} }

12
adm/shop_admin/itemstocklistupdate.php
View File

@ -12,12 +12,12 @@ check_admin_token();
for ($i=0; $i<count($_POST['it_id']); $i++) for ($i=0; $i<count($_POST['it_id']); $i++)
{ {
$sql = "update {$g5['g5_shop_item_table']} $sql = "update {$g5['g5_shop_item_table']}
set it_stock_qty = '{$_POST['it_stock_qty'][$i]}', set it_stock_qty = '".sql_real_escape_string($_POST['it_stock_qty'][$i])."',
it_noti_qty = '{$_POST['it_noti_qty'][$i]}', it_noti_qty = '".sql_real_escape_string($_POST['it_noti_qty'][$i])."',
it_use = '{$_POST['it_use'][$i]}', it_use = '".sql_real_escape_string($_POST['it_use'][$i])."',
it_soldout = '{$_POST['it_soldout'][$i]}', it_soldout = '".sql_real_escape_string($_POST['it_soldout'][$i])."',
it_stock_sms = '{$_POST['it_stock_sms'][$i]}' it_stock_sms = '".sql_real_escape_string($_POST['it_stock_sms'][$i])."'
where it_id = '{$_POST['it_id'][$i]}' "; where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
sql_query($sql); sql_query($sql);
} }

8
adm/shop_admin/itemstocksmsupdate.php
View File

@ -20,10 +20,11 @@ if ($_POST['act_button'] == "선택SMS전송") {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$sql = " select a.ss_id, a.ss_hp, a.ss_send, b.it_id, b.it_name $sql = " select a.ss_id, a.ss_hp, a.ss_send, b.it_id, b.it_name
from {$g5['g5_shop_item_stocksms_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id ) from {$g5['g5_shop_item_stocksms_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )
where a.ss_id = '{$_POST['ss_id'][$k]}' "; where a.ss_id = '$sss_id' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if(!$row['ss_id'] || !$row['it_id'] || $row['ss_send']) if(!$row['ss_id'] || !$row['it_id'] || $row['ss_send'])
@ -43,7 +44,7 @@ if ($_POST['act_button'] == "선택SMS전송") {
$sql = " update {$g5['g5_shop_item_stocksms_table']} $sql = " update {$g5['g5_shop_item_stocksms_table']}
set ss_send = '1', set ss_send = '1',
ss_send_time = '".G5_TIME_YMDHIS."' ss_send_time = '".G5_TIME_YMDHIS."'
where ss_id = '{$_POST['ss_id'][$k]}' "; where ss_id = '{$sss_id}' ";
sql_query($sql); sql_query($sql);
} }
@ -105,8 +106,9 @@ if ($_POST['act_button'] == "선택SMS전송") {
for ($i=0; $i<count($_POST['chk']); $i++) { for ($i=0; $i<count($_POST['chk']); $i++) {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$_POST['ss_id'][$k]}' "; $sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$sss_id}' ";
sql_query($sql); sql_query($sql);
} }
} }

12
adm/shop_admin/itemtypelistupdate.php
View File

@ -11,12 +11,12 @@ check_admin_token();
for ($i=0; $i<count($_POST['it_id']); $i++) for ($i=0; $i<count($_POST['it_id']); $i++)
{ {
$sql = "update {$g5['g5_shop_item_table']} $sql = "update {$g5['g5_shop_item_table']}
set it_type1 = '{$_POST['it_type1'][$i]}', set it_type1 = '".sql_real_escape_string($_POST['it_type1'][$i])."',
it_type2 = '{$_POST['it_type2'][$i]}', it_type2 = '".sql_real_escape_string($_POST['it_type2'][$i])."',
it_type3 = '{$_POST['it_type3'][$i]}', it_type3 = '".sql_real_escape_string($_POST['it_type3'][$i])."',
it_type4 = '{$_POST['it_type4'][$i]}', it_type4 = '".sql_real_escape_string($_POST['it_type4'][$i])."',
it_type5 = '{$_POST['it_type5'][$i]}' it_type5 = '".sql_real_escape_string($_POST['it_type5'][$i])."'
where it_id = '{$_POST['it_id'][$i]}' "; where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
sql_query($sql); sql_query($sql);
} }

20
adm/shop_admin/itemuselistupdate.php
View File

@ -21,23 +21,29 @@ if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++) for ($i=0; $i<count($_POST['chk']); $i++)
{ {
$k = $_POST['chk'][$i]; // 실제 번호를 넘김 $k = $_POST['chk'][$i]; // 실제 번호를 넘김
$iit_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
$iis_id = isset($_POST['is_id'][$k]) ? (int) $_POST['is_id'][$k] : 0;
$iis_score = isset($_POST['is_score'][$k]) ? (int) $_POST['is_score'][$k] : 0;
$iis_confirm = isset($_POST['is_confirm'][$k]) ? (int) $_POST['is_confirm'][$k] : 0;
if ($_POST['act_button'] == "선택수정") if ($_POST['act_button'] == "선택수정")
{ {
$sql = "update {$g5['g5_shop_item_use_table']} $sql = "update {$g5['g5_shop_item_use_table']}
set is_score = '{$_POST['is_score'][$k]}', set is_score = '{$iis_score}',
is_confirm = '{$_POST['is_confirm'][$k]}' is_confirm = '{$iis_confirm}'
where is_id = '{$_POST['is_id'][$k]}' "; where is_id = '{$iis_id}' ";
sql_query($sql); sql_query($sql);
} }
else if ($_POST['act_button'] == "선택삭제") else if ($_POST['act_button'] == "선택삭제")
{ {
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$_POST['is_id'][$k]}' "; $sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$iis_id}' ";
sql_query($sql); sql_query($sql);
} }
update_use_cnt($_POST['it_id'][$k]); if($iit_id){
update_use_avg($_POST['it_id'][$k]); update_use_cnt($iit_id);
update_use_avg($iit_id);
}
} }
goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page"); goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");

12
adm/shop_admin/optionstocklistupdate.php
View File

@ -12,12 +12,12 @@ check_admin_token();
for ($i=0; $i<count($_POST['it_id']); $i++) for ($i=0; $i<count($_POST['it_id']); $i++)
{ {
$sql = "update {$g5['g5_shop_item_option_table']} $sql = "update {$g5['g5_shop_item_option_table']}
set io_stock_qty = '{$_POST['io_stock_qty'][$i]}', set io_stock_qty = '".sql_real_escape_string($_POST['io_stock_qty'][$i])."',
io_noti_qty = '{$_POST['io_noti_qty'][$i]}', io_noti_qty = '".sql_real_escape_string($_POST['io_noti_qty'][$i])."',
io_use = '{$_POST['io_use'][$i]}' io_use = '".sql_real_escape_string($_POST['io_use'][$i])."'
where it_id = '{$_POST['it_id'][$i]}' where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."'
and io_id = '{$_POST['io_id'][$i]}' and io_id = '".sql_real_escape_string($_POST['io_id'][$i])."'
and io_type = '{$_POST['io_type'][$i]}' "; and io_type = '".sql_real_escape_string($_POST['io_type'][$i])."' ";
sql_query($sql); sql_query($sql);
} }

3
adm/shop_admin/personalpaylistdelete.php
View File

@ -16,8 +16,9 @@ for ($i=0; $i<$count; $i++)
{ {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = $_POST['chk'][$i];
$ppp_id = (int) $_POST['pp_id'][$k];
$sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id'][$k]}' "; $sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' ";
sql_query($sql); sql_query($sql);
} }