From e7caff2e63dfca02ec46c21e3de1ccdd5d55a538 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 16 Nov 2018 10:55:56 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-0979=20=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C=20=EC=98=81=EC=B9=B4=ED=8A=B8=20lgxpay=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/lgxpay/AuthOnlyReq.php | 2 ++
 plugin/lgxpay/returnurl.php   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index f8c42b1b6..571d7d9c9 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -165,6 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
 <input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
 <?php
 foreach ($payReqMap as $key => $value) {
+    $key = htmlspecialchars(strip_tags($key));
+    $value = htmlspecialchars(strip_tags($value));
     echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
 }
 ?>
diff --git a/plugin/lgxpay/returnurl.php b/plugin/lgxpay/returnurl.php
index e0cd0a37b..b40e8940e 100644
--- a/plugin/lgxpay/returnurl.php
+++ b/plugin/lgxpay/returnurl.php
@@ -57,6 +57,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
 <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
 <?php
 	  foreach ($payReqMap as $key => $value) {
+        $key = htmlspecialchars(strip_tags($key));
+        $value = htmlspecialchars(strip_tags($value));
       echo "<input type='hidden' name='$key' id='$key' value='$value'>";
     }
 ?>