Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
[KVE-2018-2443] 영카트 SQL Injection 취약점 수정
  • Loading branch information
thisgun committed Feb 14, 2019
1 parent a0f51b4 commit 7837255
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 0 deletions.
5 changes: 5 additions & 0 deletions mobile/shop/list.php
@@ -1,6 +1,11 @@
<?php
include_once('./_common.php');

// 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
$sort='';
}

$sql = " select *
from {$g5['g5_shop_category_table']}
where ca_id = '$ca_id'
Expand Down
1 change: 1 addition & 0 deletions shop/_common.php
Expand Up @@ -4,6 +4,7 @@
if (isset($_REQUEST['sort'])) {
$sort = trim($_REQUEST['sort']);
$sort = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sort);
$sort = preg_replace("/(--|#|\/\*|\*\/)/", "", $sort);
} else {
$sort = '';
}
Expand Down
5 changes: 5 additions & 0 deletions shop/list.php
@@ -1,6 +1,11 @@
<?php
include_once('./_common.php');

// 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
$sort='';
}

if (G5_IS_MOBILE) {
include_once(G5_MSHOP_PATH.'/list.php');
return;
Expand Down

0 comments on commit 7837255

Please sign in to comment.