KVE-2018-1772, 1808, 1817 취약점 수정

gnuboard · Dec 18, 2018 · f02e419 · f02e419
1 parent 4242516
commit f02e419
Show file tree

Hide file tree

Showing 13 changed files with 29 additions and 14 deletions.
diff --git a/adm/shop_admin/couponzoneform.php b/adm/shop_admin/couponzoneform.php
@@ -2,6 +2,8 @@
 $sub_menu = '400810';
 include_once('./_common.php');
 
+$cz_id = (int) $cz_id;
+
 auth_check($auth[$sub_menu], "w");
 
 $g5['title'] = '쿠폰존 쿠폰관리';

diff --git a/adm/shop_admin/itemcopy.php b/adm/shop_admin/itemcopy.php
@@ -2,6 +2,8 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
+$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = '상품 복사';

diff --git a/adm/shop_admin/itemuseform.php b/adm/shop_admin/itemuseform.php
@@ -3,6 +3,8 @@
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
+$is_id = preg_replace('/[^0-9]/', '', $is_id);
+
 auth_check($auth[$sub_menu], "w");
 
 $sql = " select *

diff --git a/adm/shop_admin/orderlist.php b/adm/shop_admin/orderlist.php
@@ -22,6 +22,12 @@
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
 
+$od_misu = preg_replace('/[^0-9a-z]/i', '', $od_misu);
+$od_cancel_price = preg_replace('/[^0-9a-z]/i', '', $od_cancel_price);
+$od_refund_price = preg_replace('/[^0-9a-z]/i', '', $od_refund_price);
+$od_receipt_point = preg_replace('/[^0-9a-z]/i', '', $od_receipt_point);
+$od_coupon = preg_replace('/[^0-9a-z]/i', '', $od_coupon); 
+
 $sql_search = "";
 if ($search != "") {
     if ($sel_field != "") {

diff --git a/adm/shop_admin/orderprintresult.php b/adm/shop_admin/orderprintresult.php
@@ -2,6 +2,9 @@
 $sub_menu = '500120';
 include_once('./_common.php');
 
+$fr_date = preg_replace('/[^0-9_\-]/', '', $fr_date);
+$to_date = preg_replace('/[^0-9_\-]/', '', $to_date);
+
 auth_check($auth[$sub_menu], "r");
 
 //print_r2($_GET); exit;

diff --git a/mobile/shop/item.php b/mobile/shop/item.php
@@ -2,7 +2,7 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
-$it_id = trim($_GET['it_id']);
+$it_id = get_search_string(trim($_GET['it_id']));
 
 // 분류사용, 상품사용하는 상품의 정보를 얻음
 $sql = " select a.*,

diff --git a/mobile/shop/iteminfo.php b/mobile/shop/iteminfo.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_GET['it_id'];
-$info = $_GET['info'];
+$it_id = get_search_string(trim($_GET['it_id']));
+$info = preg_replace('/[^0-9a-z]/i', '', $_GET['info']);
 
 // 분류사용, 상품사용하는 상품의 정보를 얻음
 $sql = " select a.*,

diff --git a/mobile/shop/itemqaform.php b/mobile/shop/itemqaform.php
@@ -6,9 +6,9 @@
     alert_close("상품문의는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$iq_id = trim($_REQUEST['iq_id']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));
 
 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";

diff --git a/mobile/shop/itemuseform.php b/mobile/shop/itemuseform.php
@@ -6,9 +6,9 @@
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$is_id = trim($_REQUEST['is_id']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
 
 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";

diff --git a/mobile/shop/largeimage.php b/mobile/shop/largeimage.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_GET['it_id'];
-$no = $_GET['no'];
+$it_id = get_search_string(trim($_GET['it_id']));
+$no = preg_replace('/[^0-9a-z]/i', '', $_GET['no']);
 
 $sql = " select it_id, it_name, it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10
             from {$g5['g5_shop_item_table']} where it_id='$it_id' ";

diff --git a/shop/item.php b/shop/item.php
@@ -6,7 +6,7 @@
     return;
 }
 
-$it_id = trim($_GET['it_id']);
+$it_id = get_search_string(trim($_GET['it_id']));
 
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 

diff --git a/shop/itemuseform.php b/shop/itemuseform.php
@@ -12,7 +12,7 @@
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
 $it_id = get_search_string(trim($_REQUEST['it_id']));
 $is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
 

diff --git a/shop/largeimage.php b/shop/largeimage.php
@@ -6,7 +6,7 @@
     return;
 }
 
-$it_id = $_GET['it_id'];
+$it_id = get_search_string(trim($_GET['it_id']));
 $no = $_GET['no'];
 
 $sql = " select it_id, it_name, it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10