From f2ab751e5f81719b0d933ec8f59c758e8e831a3a Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 14 Nov 2025 07:30:47 +0000 Subject: [PATCH] =?UTF-8?q?[KVE-2025-0828]=EC=98=81=EC=B9=B4=ED=8A=B8=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/configformupdate.php | 2 ++ shop/naverpay/naverpay_order.php | 5 ++++- shop/naverpay/naverpay_wish.php | 4 ++++ shop/settle_naverpay.inc.php | 2 ++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/adm/shop_admin/configformupdate.php b/adm/shop_admin/configformupdate.php index adfb06ea8..adf10c60c 100644 --- a/adm/shop_admin/configformupdate.php +++ b/adm/shop_admin/configformupdate.php @@ -64,6 +64,8 @@ foreach($check_skin_keys as $key){ if( isset($_POST[$key]) && preg_match('#\.+(\/|\\\)#', $_POST[$key]) ){ alert('스킨설정에 유효하지 문자가 포함되어 있습니다.'); } + + $$key = $_POST[$key] = sql_real_escape_string($_POST[$key]); } // 현금영수증 발급수단 diff --git a/shop/naverpay/naverpay_order.php b/shop/naverpay/naverpay_order.php index 7d98b317a..840b493fb 100644 --- a/shop/naverpay/naverpay_order.php +++ b/shop/naverpay/naverpay_order.php @@ -3,6 +3,8 @@ include_once('./_common.php'); include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php'); include_once(G5_LIB_PATH.'/naverpay.lib.php'); +if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return; + $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#'; $post_naverpay_form = isset($_POST['naverpay_form']) ? clean_xss_tags($_POST['naverpay_form']) : ''; @@ -98,7 +100,8 @@ for($i=0; $i<$count; $i++) { $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0; if( ! $it_id) continue; - + if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue; + if($opt_count && $_POST['io_type'][$it_id][0] != 0) return_error2json('상품의 선택옵션을 선택해 주십시오.'); diff --git a/shop/naverpay/naverpay_wish.php b/shop/naverpay/naverpay_wish.php index 9e62bf486..6ccd3c34a 100644 --- a/shop/naverpay/naverpay_wish.php +++ b/shop/naverpay/naverpay_wish.php @@ -3,6 +3,8 @@ include_once('./_common.php'); include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php'); include_once(G5_LIB_PATH.'/naverpay.lib.php'); +if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return; + $count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0; if ($count < 1) @@ -13,6 +15,8 @@ $item = ''; for($i=0; $i<$count; $i++) { $it_id = isset($_POST['it_id']) ? $_POST['it_id'][$i] : ''; + + if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue; // 상품정보 $it = get_shop_item($it_id, true); diff --git a/shop/settle_naverpay.inc.php b/shop/settle_naverpay.inc.php index 93c4b501b..808d8e393 100644 --- a/shop/settle_naverpay.inc.php +++ b/shop/settle_naverpay.inc.php @@ -15,6 +15,8 @@ if(basename($_SERVER['SCRIPT_NAME']) == 'item.php') { return; } +define('G5_SHOP_USE_NAVERPAY', 1); + $naverpay_button_js = ''; $is_mobile_order = is_mobile();