스마트에디터 업로드 방식 수정
This commit is contained in:
thisgun
@ -3,9 +3,15 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
|
||||
|
||||
function editor_html($id, $content, $is_dhtml_editor=true)
|
||||
{
|
||||
global $g5, $config;
|
||||
global $g5, $config, $w, $board;
|
||||
static $js = true;
|
||||
|
||||
if( $is_dhtml_editor && $content && !$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']) ) ){ //글쓰기 기본 내용 처리
|
||||
if( preg_match('/\r|\n/', $content) && $content === strip_tags($content, '<a><strong><b>') ) { //textarea로 작성되고, html 내용이 없다면
|
||||
$content = nl2br($content);
|
||||
}
|
||||
}
|
||||
|
||||
$editor_url = G5_EDITOR_URL.'/'.$config['cf_editor'];
|
||||
|
||||
$html = "";
|
||||
@ -66,36 +72,17 @@ function chk_editor_js($id, $is_dhtml_editor=true)
|
||||
}
|
||||
|
||||
/*
|
||||
* Name: FT-NONCE-LIB
|
||||
* Created By: Full Throttle Development, LLC (http://fullthrottledevelopment.com)
|
||||
* Created On: July 2009
|
||||
* Last Modified On: August 12, 2009
|
||||
* Last Modified By: Glenn Ansley (glenn@fullthrottledevelopment.com)
|
||||
* Version: 0.2
|
||||
*/
|
||||
|
||||
/*
|
||||
Copyright 2009 Full Throttle Development, LLC
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
https://github.com/timostamm/NonceUtil-PHP
|
||||
*/
|
||||
|
||||
if (!defined('FT_NONCE_UNIQUE_KEY'))
|
||||
define( 'FT_NONCE_UNIQUE_KEY' , sha1(G5_MYSQL_USER) );
|
||||
define( 'FT_NONCE_UNIQUE_KEY' , sha1($_SERVER['SERVER_SOFTWARE'].G5_MYSQL_USER.session_id().G5_TABLE_PREFIX) );
|
||||
|
||||
if (!defined('FT_NONCE_SESSION_KEY'))
|
||||
define( 'FT_NONCE_SESSION_KEY' , substr(md5(FT_NONCE_UNIQUE_KEY), 5) );
|
||||
|
||||
if (!defined('FT_NONCE_DURATION'))
|
||||
define( 'FT_NONCE_DURATION' , 2160000 ); // 300 makes link or form good for 5 minutes from time of generation, 300은 5분간 유효, 2160000은 10시간동안 유효
|
||||
define( 'FT_NONCE_DURATION' , 60 * 60 ); // 300 makes link or form good for 5 minutes from time of generation, 300은 5분간 유효, 60 * 60 은 1시간
|
||||
|
||||
if (!defined('FT_NONCE_KEY'))
|
||||
define( 'FT_NONCE_KEY' , '_nonce' );
|
||||
@ -107,29 +94,73 @@ if(!function_exists('ft_nonce_create_query_string')){
|
||||
}
|
||||
}
|
||||
|
||||
if(!function_exists('ft_get_secret_key')){
|
||||
function ft_get_secret_key($secret){
|
||||
return md5(FT_NONCE_UNIQUE_KEY.$secret);
|
||||
}
|
||||
}
|
||||
|
||||
// This method creates an nonce. It should be called by one of the previous two functions.
|
||||
if(!function_exists('ft_nonce_create')){
|
||||
function ft_nonce_create( $action = '' , $user='' ){
|
||||
return substr( ft_nonce_generate_hash( $action . $user ), -12, 10);
|
||||
function ft_nonce_create( $action = '',$user='', $timeoutSeconds=FT_NONCE_DURATION ){
|
||||
|
||||
$secret = ft_get_secret_key($action.$user);
|
||||
|
||||
set_session('token_'.FT_NONCE_SESSION_KEY, $secret);
|
||||
|
||||
$salt = ft_nonce_generate_hash();
|
||||
$time = time();
|
||||
$maxTime = $time + $timeoutSeconds;
|
||||
$nonce = $salt . "|" . $maxTime . "|" . sha1( $salt . $secret . $maxTime );
|
||||
return $nonce;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// This method validates an nonce
|
||||
if(!function_exists('ft_nonce_is_valid')){
|
||||
function ft_nonce_is_valid( $nonce , $action = '' , $user='' ){
|
||||
// Nonce generated 0-12 hours ago
|
||||
if ( substr(ft_nonce_generate_hash( $action . $user ), -12, 10) == $nonce ){
|
||||
return true;
|
||||
function ft_nonce_is_valid( $nonce, $action = '', $user='' ){
|
||||
|
||||
$secret = ft_get_secret_key($action.$user);
|
||||
|
||||
$token = get_session('token_'.FT_NONCE_SESSION_KEY);
|
||||
|
||||
if ($secret != $token){
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
|
||||
if (is_string($nonce) == false) {
|
||||
return false;
|
||||
}
|
||||
$a = explode('|', $nonce);
|
||||
if (count($a) != 3) {
|
||||
return false;
|
||||
}
|
||||
$salt = $a[0];
|
||||
$maxTime = intval($a[1]);
|
||||
$hash = $a[2];
|
||||
$back = sha1( $salt . $secret . $maxTime );
|
||||
if ($back != $hash) {
|
||||
return false;
|
||||
}
|
||||
if (time() > $maxTime) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// This method generates the nonce timestamp
|
||||
if(!function_exists('ft_nonce_generate_hash')){
|
||||
function ft_nonce_generate_hash( $action='' , $user='' ){
|
||||
$i = ceil( time() / ( FT_NONCE_DURATION / 2 ) );
|
||||
return md5( $i . $action . $user . $action );
|
||||
function ft_nonce_generate_hash(){
|
||||
$length = 10;
|
||||
$chars='1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM';
|
||||
$ll = strlen($chars)-1;
|
||||
$o = '';
|
||||
while (strlen($o) < $length) {
|
||||
$o .= $chars[ rand(0, $ll) ];
|
||||
}
|
||||
return $o;
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user