영카트 다중 취약점( 17-0556 ) 수정

gnuboard · Sep 11, 2017 · 71c5a40 · 71c5a40
1 parent 374c8cd
commit 71c5a40
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/adm/shop_admin/bannerformupdate.php b/adm/shop_admin/bannerformupdate.php
@@ -17,6 +17,8 @@
 $bn_bimg      = $_FILES['bn_bimg']['tmp_name'];
 $bn_bimg_name = $_FILES['bn_bimg']['name'];
 
+$bn_id = (int) $bn_id;
+
 if ($bn_bimg_del)  @unlink(G5_DATA_PATH."/banner/$bn_id");
 
 //파일이 이미지인지 체크합니다.

diff --git a/adm/shop_admin/itemsellrank.php b/adm/shop_admin/itemsellrank.php
@@ -16,6 +16,9 @@
 $doc = strip_tags($doc);
 $sort1 = strip_tags($sort1);
 
+if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
+if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
+
 $sql  = " select a.it_id,
                  b.*,
                  SUM(IF(ct_status = '쇼핑',ct_qty, 0)) as ct_status_1,