KVE-2018-1772, 1808, 1817 취약점 수정

2018-12-12 16:58:22 +09:00
parent 013b67a63b
commit e620f6aafa
13 changed files with 29 additions and 14 deletions
--- a/adm/shop_admin/couponzoneform.php
+++ b/adm/shop_admin/couponzoneform.php
@ -2,6 +2,8 @@
 $sub_menu = '400810';
 include_once('./_common.php');

+$cz_id = (int) $cz_id;
+
 auth_check($auth[$sub_menu], "w");

 $g5['title'] = '쿠폰존 쿠폰관리';
--- a/adm/shop_admin/itemcopy.php
+++ b/adm/shop_admin/itemcopy.php
@ -2,6 +2,8 @@
 $sub_menu = '400300';
 include_once('./_common.php');

+$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+
 auth_check($auth[$sub_menu], "r");

 $g5['title'] = '상품 복사';
--- a/adm/shop_admin/itemuseform.php
+++ b/adm/shop_admin/itemuseform.php
@ -3,6 +3,8 @@ $sub_menu = '400650';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);

+$is_id = preg_replace('/[^0-9]/', '', $is_id);
+
 auth_check($auth[$sub_menu], "w");

 $sql = " select *
--- a/adm/shop_admin/orderlist.php
+++ b/adm/shop_admin/orderlist.php
@ -22,6 +22,12 @@ $search = get_search_string($search);
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';

+$od_misu = preg_replace('/[^0-9a-z]/i', '', $od_misu);
+$od_cancel_price = preg_replace('/[^0-9a-z]/i', '', $od_cancel_price);
+$od_refund_price = preg_replace('/[^0-9a-z]/i', '', $od_refund_price);
+$od_receipt_point = preg_replace('/[^0-9a-z]/i', '', $od_receipt_point);
+$od_coupon = preg_replace('/[^0-9a-z]/i', '', $od_coupon); 
+
 $sql_search = "";
 if ($search != "") {
    if ($sel_field != "") {
--- a/adm/shop_admin/orderprintresult.php
+++ b/adm/shop_admin/orderprintresult.php
@ -2,6 +2,9 @@
 $sub_menu = '500120';
 include_once('./_common.php');

+$fr_date = preg_replace('/[^0-9_\-]/', '', $fr_date);
+$to_date = preg_replace('/[^0-9_\-]/', '', $to_date);
+
 auth_check($auth[$sub_menu], "r");

 //print_r2($_GET); exit;