영카트 모바일 주문시 SQL Injection 취약점 수정

gnuboard · Aug 7, 2023 · 6868cee · 6868cee
1 parent 6416560
commit 6868cee
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php
@@ -766,7 +766,7 @@
 if($is_member) {
     $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = isset($_POST['cp_id'][$i]) ? $_POST['cp_id'][$i] : '';
+        $cid = isset($_POST['cp_id'][$i]) ? clean_xss_tags($_POST['cp_id'][$i], 1, 1) : '';
         $cp_it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
         $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;