From f02e4196bc69f283e54e9d13404aaa170d137a8b Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Dec 2018 16:58:22 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-1772,=201808,=201817=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/couponzoneform.php   | 2 ++
 adm/shop_admin/itemcopy.php         | 2 ++
 adm/shop_admin/itemuseform.php      | 2 ++
 adm/shop_admin/orderlist.php        | 6 ++++++
 adm/shop_admin/orderprintresult.php | 3 +++
 mobile/shop/item.php                | 2 +-
 mobile/shop/iteminfo.php            | 4 ++--
 mobile/shop/itemqaform.php          | 6 +++---
 mobile/shop/itemuseform.php         | 6 +++---
 mobile/shop/largeimage.php          | 4 ++--
 shop/item.php                       | 2 +-
 shop/itemuseform.php                | 2 +-
 shop/largeimage.php                 | 2 +-
 13 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/adm/shop_admin/couponzoneform.php b/adm/shop_admin/couponzoneform.php
index 2e09bb070..38b3c1535 100644
--- a/adm/shop_admin/couponzoneform.php
+++ b/adm/shop_admin/couponzoneform.php
@@ -2,6 +2,8 @@
 $sub_menu = '400810';
 include_once('./_common.php');
 
+$cz_id = (int) $cz_id;
+
 auth_check($auth[$sub_menu], "w");
 
 $g5['title'] = '쿠폰존 쿠폰관리';
diff --git a/adm/shop_admin/itemcopy.php b/adm/shop_admin/itemcopy.php
index 2166c44fb..a3ca5c939 100644
--- a/adm/shop_admin/itemcopy.php
+++ b/adm/shop_admin/itemcopy.php
@@ -2,6 +2,8 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
+$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = '상품 복사';
diff --git a/adm/shop_admin/itemuseform.php b/adm/shop_admin/itemuseform.php
index 9e7b7f267..a7726e0f7 100644
--- a/adm/shop_admin/itemuseform.php
+++ b/adm/shop_admin/itemuseform.php
@@ -3,6 +3,8 @@
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
+$is_id = preg_replace('/[^0-9]/', '', $is_id);
+
 auth_check($auth[$sub_menu], "w");
 
 $sql = " select *
diff --git a/adm/shop_admin/orderlist.php b/adm/shop_admin/orderlist.php
index 9fc83a246..83ae3ebbf 100644
--- a/adm/shop_admin/orderlist.php
+++ b/adm/shop_admin/orderlist.php
@@ -22,6 +22,12 @@
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
 if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
 
+$od_misu = preg_replace('/[^0-9a-z]/i', '', $od_misu);
+$od_cancel_price = preg_replace('/[^0-9a-z]/i', '', $od_cancel_price);
+$od_refund_price = preg_replace('/[^0-9a-z]/i', '', $od_refund_price);
+$od_receipt_point = preg_replace('/[^0-9a-z]/i', '', $od_receipt_point);
+$od_coupon = preg_replace('/[^0-9a-z]/i', '', $od_coupon); 
+
 $sql_search = "";
 if ($search != "") {
     if ($sel_field != "") {
diff --git a/adm/shop_admin/orderprintresult.php b/adm/shop_admin/orderprintresult.php
index ebb675d7f..ba745b380 100644
--- a/adm/shop_admin/orderprintresult.php
+++ b/adm/shop_admin/orderprintresult.php
@@ -2,6 +2,9 @@
 $sub_menu = '500120';
 include_once('./_common.php');
 
+$fr_date = preg_replace('/[^0-9_\-]/', '', $fr_date);
+$to_date = preg_replace('/[^0-9_\-]/', '', $to_date);
+
 auth_check($auth[$sub_menu], "r");
 
 //print_r2($_GET); exit;
diff --git a/mobile/shop/item.php b/mobile/shop/item.php
index 9b9ee9a4a..367f48a20 100644
--- a/mobile/shop/item.php
+++ b/mobile/shop/item.php
@@ -2,7 +2,7 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
-$it_id = trim($_GET['it_id']);
+$it_id = get_search_string(trim($_GET['it_id']));
 
 // 분류사용, 상품사용하는 상품의 정보를 얻음
 $sql = " select a.*,
diff --git a/mobile/shop/iteminfo.php b/mobile/shop/iteminfo.php
index 2356e67ae..7e3587e17 100644
--- a/mobile/shop/iteminfo.php
+++ b/mobile/shop/iteminfo.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_GET['it_id'];
-$info = $_GET['info'];
+$it_id = get_search_string(trim($_GET['it_id']));
+$info = preg_replace('/[^0-9a-z]/i', '', $_GET['info']);
 
 // 분류사용, 상품사용하는 상품의 정보를 얻음
 $sql = " select a.*,
diff --git a/mobile/shop/itemqaform.php b/mobile/shop/itemqaform.php
index a853b1c2b..6552fe5d1 100644
--- a/mobile/shop/itemqaform.php
+++ b/mobile/shop/itemqaform.php
@@ -6,9 +6,9 @@
     alert_close("상품문의는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$iq_id = trim($_REQUEST['iq_id']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));
 
 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
diff --git a/mobile/shop/itemuseform.php b/mobile/shop/itemuseform.php
index 2063d7eb1..ffdda752a 100644
--- a/mobile/shop/itemuseform.php
+++ b/mobile/shop/itemuseform.php
@@ -6,9 +6,9 @@
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
-$it_id = trim($_REQUEST['it_id']);
-$is_id = trim($_REQUEST['is_id']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
+$it_id = get_search_string(trim($_REQUEST['it_id']));
+$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
 
 // 상품정보체크
 $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
diff --git a/mobile/shop/largeimage.php b/mobile/shop/largeimage.php
index dad3c2fde..ce86145e8 100644
--- a/mobile/shop/largeimage.php
+++ b/mobile/shop/largeimage.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = $_GET['it_id'];
-$no = $_GET['no'];
+$it_id = get_search_string(trim($_GET['it_id']));
+$no = preg_replace('/[^0-9a-z]/i', '', $_GET['no']);
 
 $sql = " select it_id, it_name, it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10
             from {$g5['g5_shop_item_table']} where it_id='$it_id' ";
diff --git a/shop/item.php b/shop/item.php
index 640461cf7..6e8055da0 100644
--- a/shop/item.php
+++ b/shop/item.php
@@ -6,7 +6,7 @@
     return;
 }
 
-$it_id = trim($_GET['it_id']);
+$it_id = get_search_string(trim($_GET['it_id']));
 
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
diff --git a/shop/itemuseform.php b/shop/itemuseform.php
index 9ecbaee49..043259d33 100644
--- a/shop/itemuseform.php
+++ b/shop/itemuseform.php
@@ -12,7 +12,7 @@
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = trim($_REQUEST['w']);
+$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
 $it_id = get_search_string(trim($_REQUEST['it_id']));
 $is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
 
diff --git a/shop/largeimage.php b/shop/largeimage.php
index ffaed37d2..ac70dc91d 100644
--- a/shop/largeimage.php
+++ b/shop/largeimage.php
@@ -6,7 +6,7 @@
     return;
 }
 
-$it_id = $_GET['it_id'];
+$it_id = get_search_string(trim($_GET['it_id']));
 $no = $_GET['no'];
 
 $sql = " select it_id, it_name, it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10