From 74a65636f7b96add040286dc087dc83284d056b9 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 6 Sep 2018 13:34:49 +0900 Subject: [PATCH] =?UTF-8?q?KVE-2018-0729=20=EC=98=81=EC=B9=B4=ED=8A=B8=20?= =?UTF-8?q?=EC=9B=90=EA=B2=A9=EC=BD=94=EB=93=9C=EC=9D=B8=EC=A0=9D=EC=85=98?= =?UTF-8?q?=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/shop.lib.php | 2 +- mobile/shop/inicis/pay_return.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/shop.lib.php b/lib/shop.lib.php index c56cd70d0..ba7b79824 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -2245,7 +2245,7 @@ function get_shop_order_data($od_id, $type='item') { global $g5; - $od_id = clean_xss_tags($od_id); + $od_id = preg_replace('/[^0-9a-z_-]/i', '', clean_xss_tags($od_id)); if( $type == 'personal' ){ $row = sql_fetch("select * from {$g5['g5_shop_personalpay_table']} where pp_id = $od_id ", false); diff --git a/mobile/shop/inicis/pay_return.php b/mobile/shop/inicis/pay_return.php index eb759b943..b66167096 100644 --- a/mobile/shop/inicis/pay_return.php +++ b/mobile/shop/inicis/pay_return.php @@ -7,6 +7,8 @@ set_session('P_AMT', ''); set_session('P_HASH', ''); +$oid = preg_replace('/[^0-9a-z_-]/i', '', $oid); + $sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$oid' "; $row = sql_fetch($sql);