From f80ddf14686047039d6bc080fc9a662ded3fd05f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 10 Aug 2017 10:12:58 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B85=20SQL=20INJECTION?=
 =?UTF-8?q?=20=EC=B7=A8=EC=95=BD=EC=A0=90(=2017-480=20)=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/_common.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/mobile/shop/_common.php b/mobile/shop/_common.php
index 626e5075f..f75c60696 100644
--- a/mobile/shop/_common.php
+++ b/mobile/shop/_common.php
@@ -1,6 +1,19 @@
 <?php
 include_once('../../common.php');
 
+if (isset($_REQUEST['sort']))  {
+    $sort = trim($_REQUEST['sort']);
+    $sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
+} else {
+    $sort = '';
+}
+
+if (isset($_REQUEST['sortodr']))  {
+    $sortodr = preg_match("/^(asc|desc)$/i", $sortodr) ? $sortodr : '';
+} else {
+    $sortodr = '';
+}
+
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 define('_SHOP_', true);