영카트 5.0.41 수정내역 적용 및 XSS 취약점 수정

adm/css/admin.css

@@ -443,6 +443,8 @@ td.td_grpset {width:160px;border-left:1px solid #e9ecee;text-align:center}
 .banner_or_img button {display:block;margin:5px 0 0}
 .txt_active {color:#5d910b}
 .txt_expired {color:#ccc}
+#sct_mobileimg{width:125px}
+
 
 /* 환경설정 */
 .cf_cert_hide {display:none}

adm/shop_admin/bannerform.php

@@ -21,6 +21,13 @@
     $bn['bn_end_time']   = date("Y-m-d 00:00:00", time()+(60*60*24*31));
 }
 
+// 접속기기 필드 추가
+if(!sql_query(" select bn_device from {$g5['g5_shop_banner_table']} limit 0, 1 ")) {
+    sql_query(" ALTER TABLE `{$g5['g5_shop_banner_table']}`
+                    ADD `bn_device` varchar(10) not null default '' AFTER `bn_url` ", true);
+    sql_query(" update {$g5['g5_shop_banner_table']} set bn_device = 'pc' ", true);
+}
+
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
@@ -52,9 +59,6 @@
 
                 echo '<input type="checkbox" name="bn_bimg_del" value="1" id="bn_bimg_del"> <label for="bn_bimg_del">삭제</label>';
                 $bimg_str = '<img src="'.G5_DATA_URL.'/banner/'.$bn['bn_id'].'" width="'.$width.'">';
-                //$size = getimagesize($bimg);
-                //echo "<img src='$g5[admin_path]/img/icon_viewer.gif' border=0 align=absmiddle onclick=\"imageview('bimg', $size[0], $size[1]);\"><input type=checkbox name=bn_bimg_del value='1'>삭제";
-                //echo "<div id='bimg' style='left:0; top:0; z-index:+1; display:none; position:absolute;'><img src='$bimg' border=1></div>";
             }
             if ($bimg_str) {
                 echo '<div class="banner_or_img">';
@@ -78,10 +82,21 @@
             <input type="text" name="bn_url" size="80" value="<?php echo $bn['bn_url']; ?>" id="bn_url" class="frm_input">
         </td>
     </tr>
+    <tr>
+        <th scope="row"><label for="bn_device">접속기기</label></th>
+        <td>
+            <?php echo help('배너를 표시할 접속기기를 선택합니다.'); ?>
+            <select name="bn_device" id="bn_device">
+                <option value="both"<?php echo get_selected($bn['bn_device'], 'both', true); ?>>PC와 모바일</option>
+                <option value="pc"<?php echo get_selected($bn['bn_device'], 'pc'); ?>>PC</option>
+                <option value="mobile"<?php echo get_selected($bn['bn_device'], 'mobile'); ?>>모바일</option>
+        </select>
+        </td>
+    </tr>
     <tr>
         <th scope="row"><label for="bn_position">출력위치</label></th>
         <td>
-            <?php echo help("왼쪽 : 쇼핑몰화면 왼쪽에 출력합니다.\n메인 : 쇼핑몰 메인화면(index.php)에만 출력합니다.", 50); ?>
+            <?php echo help("왼쪽 : 쇼핑몰화면 왼쪽에 출력합니다.\n메인 : 쇼핑몰 메인화면(index.php)에만 출력합니다."); ?>
             <select name="bn_position" id="bn_position">
                 <option value="왼쪽" <?php echo get_selected($bn['bn_position'], '왼쪽'); ?>>왼쪽</option>
                 <option value="메인" <?php echo get_selected($bn['bn_position'], '메인'); ?>>메인</option>

adm/shop_admin/bannerformupdate.php

@@ -26,6 +26,7 @@
     $sql = " insert into {$g5['g5_shop_banner_table']}
                 set bn_alt        = '$bn_alt',
                     bn_url        = '$bn_url',
+                    bn_device     = '$bn_device',
                     bn_position   = '$bn_position',
                     bn_border     = '$bn_border',
                     bn_new_win    = '$bn_new_win',
@@ -43,6 +44,7 @@
     $sql = " update {$g5['g5_shop_banner_table']}
                 set bn_alt        = '$bn_alt',
                     bn_url        = '$bn_url',
+                    bn_device     = '$bn_device',
                     bn_position   = '$bn_position',
                     bn_border     = '$bn_border',
                     bn_new_win    = '$bn_new_win',

adm/shop_admin/bannerlist.php

@@ -34,6 +34,7 @@
     <thead>
     <tr>
         <th scope="col" rowspan="2" id="th_id">ID</th>
+        <th scope="col" id="th_dvc">접속기기</th>
         <th scope="col" id="th_loc">위치</th>
         <th scope="col" id="th_st">시작일시</th>
         <th scope="col" id="th_end">종료일시</th>
@@ -42,7 +43,7 @@
         <th scope="col" id="th_mng">관리</th>
     </tr>
     <tr>
-        <th scope="col" colspan="6" id="th_img">이미지</th>
+        <th scope="col" colspan="7" id="th_img">이미지</th>
     </tr>
     </thead>
     <tbody>
@@ -71,6 +72,18 @@
             $bn_img .= '<img src="'.G5_DATA_URL.'/banner/'.$row['bn_id'].'" width="'.$width.'" alt="'.$row['bn_alt'].'"></a>';
         }
 
+        switch($row['bn_device']) {
+            case 'pc':
+                $bn_device = 'PC';
+                break;
+            case 'mobile':
+                $bn_device = '모바일';
+                break;
+            default:
+                $bn_device = 'PC와 모바일';
+                break;
+        }
+
         $bn_begin_time = substr($row['bn_begin_time'], 2, 14);
         $bn_end_time   = substr($row['bn_end_time'], 2, 14);
 
@@ -79,6 +92,7 @@
 
     <tr class="<?php echo $bg; ?>">
         <td headers="th_id" rowspan="2" class="td_num"><?php echo $row['bn_id']; ?></td>
+        <td headers="th_dvc"><?php echo $bn_device; ?></td>
         <td headers="th_loc"><?php echo $row['bn_position']; ?></td>
         <td headers="th_st" class="td_datetime"><?php echo $bn_begin_time; ?></td>
         <td headers="th_end" class="td_datetime"><?php echo $bn_end_time; ?></td>
@@ -90,7 +104,7 @@
         </td>
     </tr>
     <tr class="<?php echo $bg; ?>">
-        <td headers="th_img" colspan="6" class="td_img_view sbn_img">
+        <td headers="th_img" colspan="7" class="td_img_view sbn_img">
             <div class="sbn_image"><?php echo $bn_img; ?></div>
             <button type="button" class="sbn_img_view btn_frmline">이미지확인</button>
         </td>

adm/shop_admin/categoryform.php

@@ -56,7 +56,8 @@
         $ca['ca_mobile_img_height'] = $default['de_simg_height'];
         $ca['ca_list_mod'] = 3;
         $ca['ca_list_row'] = 5;
-        $ca['ca_mobile_list_mod'] = 10;
+        $ca['ca_mobile_list_mod'] = 3;
+        $ca['ca_mobile_list_row'] = 5;
         $ca['ca_stock_qty'] = 99999;
     }
     $ca['ca_skin'] = "list.10.skin.php";
@@ -108,6 +109,12 @@
     sql_query(" ALTER TABLE `{$g5['g5_shop_category_table']}` ADD INDEX(`ca_order`) ", true);
 }
 
+// 모바일 상품 출력줄수 필드 추가
+if(!sql_query(" select ca_mobile_list_row from {$g5['g5_shop_category_table']} limit 1 ", false)) {
+    sql_query(" ALTER TABLE `{$g5['g5_shop_category_table']}`
+                    ADD `ca_mobile_list_row` int(11) NOT NULL DEFAULT '0' AFTER `ca_mobile_list_mod` ", true);
+}
+
 // 스킨 Path
 if(!$ca['ca_skin_dir'])
     $g5_shop_skin_path = G5_SHOP_SKIN_PATH;
@@ -288,10 +295,17 @@
             </td>
         </tr>
         <tr>
-            <th scope="row"><label for="ca_mobile_list_mod">모바일 이미지 수</label></th>
+            <th scope="row"><label for="ca_mobile_list_mod">모바일 1줄당 이미지 수</label></th>
             <td>
-                <?php echo help("한 페이지에 출력할 이미지 수를 설정합니다."); ?>
-                <input type="text" name="ca_mobile_list_mod" value='<?php echo $ca['ca_mobile_list_mod']; ?>' id="ca_mobile_list_mod" required class="required frm_input" size="3">
+                <?php echo help("한 줄에 설정한 값만큼의 상품을 출력하지만 스킨에 따라 한 줄에 하나의 상품만 출력할 수도 있습니다."); ?>
+                <input type="text" name="ca_mobile_list_mod" value='<?php echo $ca['ca_mobile_list_mod']; ?>' id="ca_mobile_list_mod" required class="required frm_input" size="3"> 개
+            </td>
+        </tr>
+        <tr>
+            <th scope="row"><label for="ca_mobile_list_row">모바일 이미지 줄 수</label></th>
+            <td>
+                <?php echo help("한 페이지에 출력할 이미지 줄 수를 설정합니다.\n한 페이지에서 표시하는 상품수는 (1줄당 이미지 수 x 줄 수) 입니다."); ?>
+                <input type="text" name="ca_mobile_list_row" value='<?php echo $ca['ca_mobile_list_row']; ?>' id="ca_mobile_list_row" required class="required frm_input" size="3"> 줄
             </td>
         </tr>
         <tr>

adm/shop_admin/categoryformupdate.php

@@ -45,6 +45,7 @@
                 ca_mobile_img_width     = '$ca_mobile_img_width',
                 ca_mobile_img_height    = '$ca_mobile_img_height',
 				ca_mobile_list_mod      = '$ca_mobile_list_mod',
+                ca_mobile_list_row      = '$ca_mobile_list_row',
                 ca_sell_email           = '$ca_sell_email',
                 ca_use                  = '$ca_use',
                 ca_stock_qty            = '$ca_stock_qty',

adm/shop_admin/categorylist.php

@@ -110,7 +110,7 @@
         <th scope="col" id="sct_imgw">이미지 폭</th>
         <th scope="col" id="sct_imgh">이미지 높이</th>
         <th scope="col" id="sct_imgcol">1행이미지수</th>
-        <th scope="col" id="sct_mobileimg">모바일이미지수</th>
+        <th scope="col" id="sct_mobileimg">모바일 1행이미지수</th>
         <th scope="col" id="sct_pcskin">PC스킨지정</th>
         <th scope="col" rowspan="2">관리</th>
     </tr>
@@ -120,7 +120,7 @@
         <th scope="col" id="sct_hpcert">본인인증</th>
         <th scope="col" id="sct_adultcert">성인인증</th>
         <th scope="col" id="sct_imgrow">이미지 행수</th>
-        <th scope="col" id="sct_order">순서</th>
+        <th scope="col" id="sct_mobilerow">모바일 이미지 행수</th>
         <th scope="col" id="sct_mskin">모바일스킨지정</th>
     </tr>
     </thead>
@@ -192,7 +192,7 @@
             <input type="text" name="ca_list_mod[<?php echo $i; ?>]" size="3" value="<?php echo $row['ca_list_mod']; ?>" id="ca_lineimg_num<?php echo $i; ?>" required class="required frm_input"> <span class="sound_only">개</span>
         </td>
         <td headers="sct_mobileimg" class="td_output">
-            <label for="ca_mobileimg_num<?php echo $i; ?>" class="sound_only">모바일 이미지 수</label>
+            <label for="ca_mobileimg_num<?php echo $i; ?>" class="sound_only">모바일 1줄당 이미지 수</label>
             <input type="text" name="ca_mobile_list_mod[<?php echo $i; ?>]" size="3" value="<?php echo $row['ca_mobile_list_mod']; ?>" id="ca_mobileimg_num<?php echo $i; ?>" required class="required frm_input"> <span class="sound_only">개</span>
         </td>
         <td headers="sct_pcskin">
@@ -238,9 +238,9 @@
             <label for="ca_imgline_num<?php echo $i; ?>" class="sound_only">이미지 줄 수</label>
             <input type="text" name="ca_list_row[<?php echo $i; ?>]" value='<?php echo $row['ca_list_row']; ?>' id="ca_imgline_num<?php echo $i; ?>" required class="required frm_input" size="3"> <span class="sound_only">줄</span>
         </td>
-        <td headers="sct_order" class="td_output">
-            <label for="ca_order<?php echo $i; ?>" class="sound_only">출력순서</label>
-            <input type="text" name="ca_order[<?php echo $i; ?>]" value='<?php echo $row['ca_order']; ?>' id="ca_order<?php echo $i; ?>" required class="required frm_input" size="3">
+        <td headers="sct_mobilerow" class="td_output">
+            <label for="ca_mobileimg_row<?php echo $i; ?>" class="sound_only">모바일 이미지 줄 수</label>
+            <input type="text" name="ca_mobile_list_row[<?php echo $i; ?>]" value='<?php echo $row['ca_mobile_list_row']; ?>' id="ca_mobileimg_row<?php echo $i; ?>" required class="required frm_input" size="3">
         </td>
         <td headers="sct_mskin">
             <label for="ca_mobile_skin_dir<?php echo $i; ?>" class="sound_only">모바일스킨폴더</label>

adm/shop_admin/categorylistupdate.php

@@ -18,7 +18,6 @@
 
     $sql = " update {$g5['g5_shop_category_table']}
                 set ca_name             = '{$_POST['ca_name'][$i]}',
-                    ca_order            = '{$_POST['ca_order'][$i]}',
                     ca_mb_id            = '{$_POST['ca_mb_id'][$i]}',
                     ca_use              = '{$_POST['ca_use'][$i]}',
                     ca_list_mod         = '{$_POST['ca_list_mod'][$i]}',
@@ -31,7 +30,8 @@
                     ca_img_width        = '{$_POST['ca_img_width'][$i]}',
                     ca_img_height       = '{$_POST['ca_img_height'][$i]}',
                     ca_list_row         = '{$_POST['ca_list_row'][$i]}',
-                    ca_mobile_list_mod  = '{$_POST['ca_mobile_list_mod'][$i]}'
+                    ca_mobile_list_mod  = '{$_POST['ca_mobile_list_mod'][$i]}',
+                    ca_mobile_list_row  = '{$_POST['ca_mobile_list_row'][$i]}'
               where ca_id = '{$_POST['ca_id'][$i]}' ";
     sql_query($sql);