KVE-2019-0567, 0657 XSS 취약점 수정

gnuboard · Mar 19, 2019 · 40695f4 · 40695f4
1 parent 2edb3a8
commit 40695f4
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/mobile/shop/event.php b/mobile/shop/event.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 $sql = " select * from {$g5['g5_shop_event_table']}
           where ev_id = '$ev_id'
             and ev_use = 1 ";

diff --git a/shop/event.php b/shop/event.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ev_id = (int) $ev_id;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/event.php');
     return;

diff --git a/shop/orderform.php b/shop/orderform.php
@@ -7,6 +7,8 @@
 // 주문상품 재고체크 js 파일
 add_javascript('<script src="'.G5_JS_URL.'/shop.order.js"></script>', 0);
 
+$sw_direct = preg_replace('/[^a-z0-9_]/i', '', $sw_direct);
+
 // 모바일 주문인지
 $is_mobile_order = is_mobile();