영카트5 SQL INJECTION 취약점( 17-480 ) 수정

2017-08-10 10:12:58 +09:00
parent 18c8ecfa6a
commit f80ddf1468
1 changed files with 13 additions and 0 deletions
--- a/mobile/shop/_common.php
+++ b/mobile/shop/_common.php
@ -1,6 +1,19 @@
 <?php
 include_once('../../common.php');

+if (isset($_REQUEST['sort']))  {
+    $sort = trim($_REQUEST['sort']);
+    $sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
+} else {
+    $sort = '';
+}
+
+if (isset($_REQUEST['sortodr']))  {
+    $sortodr = preg_match("/^(asc|desc)$/i", $sortodr) ? $sortodr : '';
+} else {
+    $sortodr = '';
+}
+
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
    die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 define('_SHOP_', true);