KVE-2018-1772, 1808, 1817 취약점 수정

2018-12-12 16:58:22 +09:00
parent 013b67a63b
commit e620f6aafa
13 changed files with 29 additions and 14 deletions
--- a/mobile/shop/itemuseform.php
+++ b/mobile/shop/itemuseform.php
@ -6,9 +6,9 @@ if (!$is_member) {
    alert_close("사용후기는 회원만 작성 가능합니다.");
 }

-$w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$is_id = trim($_REQUEST['is_id']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));

 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";