XSS 취약점(16-320) 수정

gnuboard · May 3, 2016 · 051a544 · 051a544
1 parent d3aba96
commit 051a544
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/adm/shop_admin/orderform.php b/adm/shop_admin/orderform.php
@@ -213,14 +213,14 @@
                 </td>
                 <?php } ?>
                 <td>
-                    <label for="ct_opt_chk_<?php echo $chk_cnt; ?>" class="sound_only"><?php echo $opt['ct_option']; ?></label>
+                    <label for="ct_opt_chk_<?php echo $chk_cnt; ?>" class="sound_only"><?php echo get_text($opt['ct_option']); ?></label>
                     <input type="checkbox" name="ct_chk[<?php echo $chk_cnt; ?>]" id="ct_chk_<?php echo $chk_cnt; ?>" value="<?php echo $chk_cnt; ?>" class="sct_sel_<?php echo $i; ?>">
                     <input type="hidden" name="ct_id[<?php echo $chk_cnt; ?>]" value="<?php echo $opt['ct_id']; ?>">
-                    <?php echo $opt['ct_option']; ?>
+                    <?php echo get_text($opt['ct_option']); ?>
                 </td>
                 <td class="td_mngsmall"><?php echo $opt['ct_status']; ?></td>
                 <td class="td_num">
-                    <label for="ct_qty_<?php echo $chk_cnt; ?>" class="sound_only"><?php echo $opt['ct_option']; ?> 수량</label>
+                    <label for="ct_qty_<?php echo $chk_cnt; ?>" class="sound_only"><?php echo get_text($opt['ct_option']); ?> 수량</label>
                     <input type="text" name="ct_qty[<?php echo $chk_cnt; ?>]" id="ct_qty_<?php echo $chk_cnt; ?>" value="<?php echo $opt['ct_qty']; ?>" required class="frm_input required" size="5">
                 </td>
                 <td class="td_num"><?php echo number_format($opt_price); ?></td>

diff --git a/mobile/shop/orderinquiryview.php b/mobile/shop/orderinquiryview.php
@@ -101,7 +101,7 @@
                     $sell_price = $opt_price * $opt['ct_qty'];
                     $point = $opt['ct_point'] * $opt['ct_qty'];
             ?>
-                <div class="li_opt"><?php echo $opt['ct_option']; ?></div>
+                <div class="li_opt"><?php echo get_text($opt['ct_option']); ?></div>
                 <div class="li_prqty">
                     <span class="prqty_price li_prqty_sp"><span>판매가 </span><?php echo number_format($opt_price); ?></span>
                     <span class="prqty_qty li_prqty_sp"><span>수량 </span><?php echo number_format($opt['ct_qty']); ?></span>

diff --git a/shop/orderinquiryview.php b/shop/orderinquiryview.php
@@ -145,7 +145,7 @@
             </tr>
             <?php } ?>
             <tr>
-                <td headers="th_itopt"><?php echo $opt['ct_option']; ?></td>
+                <td headers="th_itopt"><?php echo get_text($opt['ct_option']); ?></td>
                 <td headers="th_itqty" class="td_mngsmall"><?php echo number_format($opt['ct_qty']); ?></td>
                 <td headers="th_itprice" class="td_numbig"><?php echo number_format($opt_price); ?></td>
                 <td headers="th_itsum" class="td_numbig"><?php echo number_format($sell_price); ?></td>