From d746bf15c67589c065d7a6c2c845c15aa4e2af11 Mon Sep 17 00:00:00 2001
From: "Namhyeon, Go" <gnh1201@gmail.com>
Date: Mon, 14 Oct 2019 00:43:14 +0900
Subject: [PATCH] Update orderpay.pgkcp.php

---
 route/orderpay.pgkcp.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/route/orderpay.pgkcp.php b/route/orderpay.pgkcp.php
index 2cb4738..4ca69ea 100644
--- a/route/orderpay.pgkcp.php
+++ b/route/orderpay.pgkcp.php
@@ -2,6 +2,7 @@
 /**
  * @file orderpay.pgkcp.php
  * @date 2018-08-25
+ * @updated 2019-10-14
  * @author Go Namhyeon <gnh1201@gmail.com>
  * @brief KCP PG(Payment Gateway) Controller
  */
@@ -9,6 +10,7 @@
 if(!defined("_DEF_RSF_")) set_error_exit("do not allow access");
 
 $debug = get_requested_value("debug");
+$mode = get_requested_value("mode");
 
 if($debug != "true") {
     // 필수 항목 체크
@@ -20,7 +22,7 @@ if($debug != "true") {
     }
 
     // detect CSRF attack
-    if(check_token_abuse_by_requests("_token")) {
+    if($mode != "widget" && check_token_abuse_by_requests("_token")) {
         set_error("Security violation: Access denied. May be your session is expired or abused.");
         show_errors();
     }