배송지 이름 필터링 코드 추가

gnuboard · Jan 7, 2016 · a2b6d43 · a2b6d43
1 parent 357cfa2
commit a2b6d43
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php
@@ -862,6 +862,8 @@
         sql_query($sql);
     }
 
+    $ad_subject = clean_xss_tags($ad_subject);
+
     if($row['ad_id']){
         $sql = " update {$g5['g5_shop_order_address_table']}
                       set ad_default = '$ad_default',

diff --git a/shop/orderaddressupdate.php b/shop/orderaddressupdate.php
@@ -16,8 +16,10 @@
         // 실제 번호를 넘김
         $k = $_POST['chk'][$i];
 
+        $ad_subject = clean_xss_tags($_POST['ad_subject'][$k]);
+
         $sql = " update {$g5['g5_shop_order_address_table']}
-                    set ad_subject = '{$_POST['ad_subject'][$k]}' ";
+                    set ad_subject = '$ad_subject' ";
 
         if($_POST['ad_default'] && $_POST['ad_id'][$k] == $_POST['ad_default']) {
             sql_query(" update {$g5['g5_shop_order_address_table']} set ad_default = '0' where mb_id = '{$member['mb_id']}' ");

diff --git a/shop/orderformupdate.php b/shop/orderformupdate.php
@@ -843,6 +843,8 @@
         sql_query($sql);
     }
 
+    $ad_subject = clean_xss_tags($ad_subject);
+
     if($row['ad_id']){
         $sql = " update {$g5['g5_shop_order_address_table']}
                       set ad_default = '$ad_default',