영카트 Reflected XSS 취약점(17-560) 수정

gnuboard · Sep 21, 2017 · 9353d66 · 9353d66
1 parent b45cdfa
commit 9353d66
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/adm/shop_admin/sale1date.php b/adm/shop_admin/sale1date.php
@@ -4,6 +4,9 @@
 
 auth_check($auth[$sub_menu], "r");
 
+$fr_date = preg_replace('/[^0-9]/i', '', $fr_date);
+$to_date = preg_replace('/[^0-9]/i', '', $to_date);
+
 $fr_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $fr_date);
 $to_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $to_date);
 

diff --git a/adm/shop_admin/sale1month.php b/adm/shop_admin/sale1month.php
@@ -4,6 +4,9 @@
 
 auth_check($auth[$sub_menu], "r");
 
+$fr_month = preg_replace('/[^0-9]/i', '', $fr_month);
+$to_month = preg_replace('/[^0-9]/i', '', $to_month);
+
 $fr_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $fr_month);
 $to_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $to_month);
 

diff --git a/adm/shop_admin/sale1today.php b/adm/shop_admin/sale1today.php
@@ -4,6 +4,8 @@
 
 auth_check($auth[$sub_menu], "r");
 
+$date = preg_replace('/[^0-9]/i', '', $date);
+
 $date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $date);
 
 $g5['title'] = "$date 일 매출현황";

diff --git a/adm/shop_admin/sale1year.php b/adm/shop_admin/sale1year.php
@@ -4,6 +4,9 @@
 
 auth_check($auth[$sub_menu], "r");
 
+$fr_year = preg_replace('/[^0-9]/i', '', $fr_year);
+$to_year = preg_replace('/[^0-9]/i', '', $to_year);
+
 $g5['title'] = $fr_year.' ~ '.$to_year.' 연간 매출현황';
 include_once (G5_ADMIN_PATH.'/admin.head.php');