Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1604907

Timestamp:

02/28/2017 01:47:54 AM (9 years ago)

Author:

kagla

Message:

1.4.2 sanitize

Location:

gnucommerce/trunk

Files:

: 12 edited

adm/add_meta_box.class.php (modified) (2 diffs)
adm/orderformcartupdate.php (modified) (1 diff)
adm/orderlistupdate.php (modified) (1 diff)
adm/view/itemsupply.php (modified) (1 diff)
bbs/delete_all.php (modified) (2 diffs)
lib/gc_api.class.php (modified) (1 diff)
lib/gc_member_page.class.php (modified) (3 diffs)
plug/lgxpay/AuthOnlyRes.php (modified) (1 diff)
shop/cartoption.php (modified) (1 diff)
shop/cartupdate.php (modified) (2 diffs)
shop/inicis/m_settle_common.php (modified) (1 diff)
shop/kcp/pp_ax_hub.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

gnucommerce/trunk/adm/add_meta_box.class.php

-                      r1442174
+                      r1604907
             for($i=0; $i<$option_count; $i++) {
                 $o_data = array(
                         'io_id' => $_POST['opt_id'][$i],
+                        'io_id' => sanitize_text_field($_POST['opt_id'][$i]),
                         'io_type' => 0,
                         'it_id' => $r_post_id,
                         'io_price' => $_POST['opt_price'][$i],
                         'io_stock_qty' => $_POST['opt_stock_qty'][$i],
                         'io_noti_qty' => $_POST['opt_noti_qty'][$i],
                         'io_use' => $_POST['opt_use'][$i]
+                        'io_price' => sanitize_text_field($_POST['opt_price'][$i]),
+                        'io_stock_qty' => sanitize_text_field($_POST['opt_stock_qty'][$i]),
+                        'io_noti_qty' => sanitize_text_field($_POST['opt_noti_qty'][$i]),
+                        'io_use' => sanitize_text_field($_POST['opt_use'][$i])
                     );
 …
             for($i=0; $i<$supply_count; $i++) {
                 $i_data = array(
                         'io_id' => $_POST['spl_id'][$i],
+                        'io_id' => sanitize_text_field($_POST['spl_id'][$i]),
                         'io_type' => 1,
                         'it_id' => $r_post_id,
                         'io_price' => $_POST['spl_price'][$i],
                         'io_stock_qty' => $_POST['spl_stock_qty'][$i],
                         'io_noti_qty' => $_POST['spl_noti_qty'][$i],
                         'io_use' => $_POST['spl_use'][$i]
+                        'io_price' => sanitize_text_field($_POST['spl_price'][$i]),
+                        'io_stock_qty' => sanitize_text_field($_POST['spl_stock_qty'][$i]),
+                        'io_noti_qty' => sanitize_text_field($_POST['spl_noti_qty'][$i]),
+                        'io_use' => sanitize_text_field($_POST['spl_use'][$i])
                     );

gnucommerce/trunk/adm/orderformcartupdate.php

r1442174	r1604907
352	352
353	353	// 관리자 주문취소 로그
354		$mod_history .= GC_TIME_YMDHIS.' '.$member['user_id'].' 주문'.~~$_POST['ct_status']~~.' 처리'.$pg_cancel_log."\n";
	354	$mod_history .= GC_TIME_YMDHIS.' '.$member['user_id'].' 주문'.sanitize_text_field($_POST['ct_status']).' 처리'.$pg_cancel_log."\n";
355	355	}
356	356	}

gnucommerce/trunk/adm/orderlistupdate.php

r1442174	r1604907
216	216
217	217	$od_ids = isset($_POST['od_id']) ? (array) $_POST['od_id'] : array();
218		do_action('gc_order_form_cart_update', ~~$_POST['od_id']~~, $params, $qstr, $url );
	218	do_action('gc_order_form_cart_update', array_map('sanitize_text_field', $od_ids), $params, $qstr, $url );
219	219
220	220	gc_javascript_location_replace($url);

gnucommerce/trunk/adm/view/itemsupply.php

r1442174	r1604907
118	118	where it_id = '%s'
119	119	and io_id = '%s'
120		and io_type = '1' ", ~~$_POST['it_id']~~, $spl_id)
	120	and io_type = '1' ", sanitize_text_field($_POST['it_id']), $spl_id)
121	121	);
122	122

gnucommerce/trunk/bbs/delete_all.php

-                      r1442174
+                      r1604907
 foreach($post_arr as $v){
     $$v = isset( $_POST[$v] ) ? $_POST[$v] : '';
+    $$v = isset( $_POST[$v] ) ? sanitize_text_field($_POST[$v]) : '';
+}
 …
     $tmp_array[0] = $wr_id;
 else // 일괄삭제
     $tmp_array = $_POST['chk_wr_id'];
+    $tmp_array = gc_check_array_sanitize($_POST['chk_wr_id']);
 // 사용자 코드 실행

gnucommerce/trunk/lib/gc_api.class.php

r1518161	r1604907
31	31
32	32	if ( ! empty( $_GET['gc-api'] ) ) {
33		$wp->query_vars['gc-api'] = ~~$_GET['gc-api']~~;
	33	$wp->query_vars['gc-api'] = sanitize_key($_GET['gc-api']);
34	34	}
35	35

gnucommerce/trunk/lib/gc_member_page.class.php

-                      r1442174
+                      r1604907
         if($config['cf_use_join_password']){    //패드워드를 사용한다면
             $pass1 = isset($_POST['pass1']) ?  $_POST['pass1'] : '';
             $pass2 = isset($_POST['pass2']) ?  $_POST['pass2'] : '';
+            $pass1 = isset($_POST['pass1']) ?  sanitize_text_field($_POST['pass1']) : '';
+            $pass2 = isset($_POST['pass2']) ?  sanitize_text_field($_POST['pass2']) : '';
             if( ! is_user_logged_in() ){
 …
+            }
             $_POST['user_pass'] = $_POST['pass1'];
+            $_POST['user_pass'] = sanitize_text_field($_POST['pass1']);
+        }
 …
                     if ( $http_post = ('POST' == $_SERVER['REQUEST_METHOD']) ) {
                         $user_login = isset( $_POST['user_login'] ) ? $_POST['user_login'] : '';
                         $user_email = isset( $_POST['user_email'] ) ? $_POST['user_email'] : '';
+                        $user_login = isset( $_POST['user_login'] ) ? sanitize_text_field($_POST['user_login']) : '';
+                        $user_email = isset( $_POST['user_email'] ) ? sanitize_email($_POST['user_email']) : '';
                         GC_VAR()->add_err_msg = $error = register_new_user( $user_login, $user_email );
                         if ( ! is_wp_error( $error ) ) {
                             $redirect_to = ! empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : site_url( 'wp-login.php?checkemail=registered' );
+                            $redirect_to = ! empty( $_POST['redirect_to'] ) ? sanitize_text_field($_POST['redirect_to']) : site_url( 'wp-login.php?checkemail=registered' );
                             wp_safe_redirect( $redirect_to );
                             exit;

gnucommerce/trunk/plug/lgxpay/AuthOnlyRes.php

r1442174	r1604907
45	45	//테스트 아이디는 't'를 반드시 제외하고 입력하세요.
46	46	$LGD_MID = (('test' == $CST_PLATFORM) ? 't' : '').$CST_MID; //상점아이디(자동생성)
47		$LGD_AUTHONLYKEY = isset($_POST['LGD_AUTHONLYKEY']) ? ~~$_POST['LGD_AUTHONLYKEY']~~ : ''; //LG유플러스으로부터 부여받은 인증키
	47	$LGD_AUTHONLYKEY = isset($_POST['LGD_AUTHONLYKEY']) ? sanitize_text_field($_POST['LGD_AUTHONLYKEY']) : ''; //LG유플러스으로부터 부여받은 인증키
48	48	$LGD_PAYTYPE = isset($_POST['LGD_PAYTYPE']) ? sanitize_text_field($_POST['LGD_PAYTYPE']) : ''; //인증요청타입 (신용카드:ASC001, 휴대폰:ASC002, 계좌:ASC004)
49	49

gnucommerce/trunk/shop/cartoption.php

r1442174	r1604907
2	2	if( ! defined( 'GC_NAME' ) ) exit;
3	3
4		$it_id = isset($_POST['it_id']) ? ~~$_POST['it_id']~~ : 0;
	4	$it_id = isset($_POST['it_id']) ? sanitize_text_field($_POST['it_id']) : 0;
5	5
6	6	$it = gc_get_it_info($it_id, "and it_use = '1'");

gnucommerce/trunk/shop/cartupdate.php

-                      r1442174
+                      r1604907
         gc_alert(__('주문하실 상품을 하나이상 선택해 주십시오.', GC_NAME));
     gc_orderform_pre_check($_POST['ct_chk'], $_POST['it_id'], $act, $tmp_cart_id);
+    gc_orderform_pre_check(gc_check_array_sanitize($_POST['ct_chk']), gc_check_array_sanitize($_POST['it_id']), $act, $tmp_cart_id);
     //무조건 checkout 페이지로 이동
 …
             $io_price = isset($opt_list[$io_type][$io_id]['price']) ? $opt_list[$io_type][$io_id]['price'] : 0;
             $ct_qty = $_POST['ct_qty'][$it_id][$k];
+            $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
             // 구매가격이 음수인지 체크

gnucommerce/trunk/shop/inicis/m_settle_common.php

-                      r1568385
+                      r1604907
     $P_FN_CD1  = isset($_POST['P_FN_CD1']) ? sanitize_text_field($_POST['P_FN_CD1']) : '';
     $P_FN_CD2  = isset($_POST['P_FN_CD2']) ? sanitize_text_field($_POST['P_FN_CD2']) : '';
     $P_FN_NM   = isset($_POST['P_FN_NM']) ? $_POST['P_FN_NM'] : '';
+    $P_FN_NM   = isset($_POST['P_FN_NM']) ? sanitize_text_field($_POST['P_FN_NM']) : '';
     $P_AMT     = isset($_POST['P_AMT']) ? (int)$_POST['P_AMT'] : 0;
     $P_UNAME   = isset($_POST['P_UNAME']) ? sanitize_text_field($_POST['P_UNAME']) : '';
     $P_RMESG1  = isset($_POST['P_RMESG1']) ? $_POST['P_RMESG1'] : '';
     $P_RMESG2  = isset($_POST['P_RMESG2']) ? $_POST['P_RMESG2'] : '';
+    $P_RMESG1  = isset($_POST['P_RMESG1']) ? sanitize_text_field($_POST['P_RMESG1']) : '';
+    $P_RMESG2  = isset($_POST['P_RMESG2']) ? sanitize_text_field($_POST['P_RMESG2']) : '';
     $P_NOTI    = isset($_POST['P_NOTI']) ? sanitize_text_field($_POST['P_NOTI']) : '';
     $P_AUTH_NO = isset($_POST['P_AUTH_NO']) ? sanitize_text_field($_POST['P_AUTH_NO']) : '';

gnucommerce/trunk/shop/kcp/pp_ax_hub.php

-                      r1444712
+                      r1604907
     $cust_ip        = getenv( "REMOTE_ADDR"    ); // 요청 IP
     $ordr_idxx      = isset($_POST["ordr_idxx"]) ? gc_check_array_sanitize($_POST[ "ordr_idxx"      ]) : ''; // 쇼핑몰 주문번호
     $good_name      = isset($_POST["good_name"]) ? addslashes($_POST[ "good_name"]) : ''; // 상품명
+    $good_name      = isset($_POST["good_name"]) ? addslashes(sanitize_text_field($_POST[ "good_name"])) : ''; // 상품명
     $good_mny       = isset($_POST["good_mny"]) ? gc_check_array_sanitize($_POST["good_mny"]) : ''; // 결제 총금액
     /* = -------------------------------------------------------------------------- = */
 …
     $tno            = isset($_POST["tno"]) ? gc_check_array_sanitize($_POST["tno"]) : ''; // KCP 거래 고유 번호
     /* = -------------------------------------------------------------------------- = */
     $buyr_name      = addslashes($_POST["buyr_name"]); // 주문자명
+    $buyr_name      = addslashes(sanitize_text_field($_POST["buyr_name"])); // 주문자명
     $buyr_tel1      = isset($_POST["buyr_tel1"]) ? gc_check_array_sanitize($_POST["buyr_tel1"]) : ''; // 주문자 전화번호
     $buyr_tel2      = isset($_POST["buyr_tel2"]) ? gc_check_array_sanitize($_POST["buyr_tel2"]) : ''; // 주문자 핸드폰 번호

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 1604907

Legend:

gnucommerce/trunk/adm/add_meta_box.class.php

gnucommerce/trunk/adm/orderformcartupdate.php

gnucommerce/trunk/adm/orderlistupdate.php

gnucommerce/trunk/adm/view/itemsupply.php

gnucommerce/trunk/bbs/delete_all.php

gnucommerce/trunk/lib/gc_api.class.php

gnucommerce/trunk/lib/gc_member_page.class.php

gnucommerce/trunk/plug/lgxpay/AuthOnlyRes.php

gnucommerce/trunk/shop/cartoption.php

gnucommerce/trunk/shop/cartupdate.php

gnucommerce/trunk/shop/inicis/m_settle_common.php

gnucommerce/trunk/shop/kcp/pp_ax_hub.php

Download in other formats: