From ab37de42927539f86c42429782c3f0cd82de0b77 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 12 Mar 2014 10:25:42 +0900
Subject: [PATCH 1/2] =?UTF-8?q?sql=20error=20=EC=B6=9C=EB=A0=A5=EC=97=AC?=
 =?UTF-8?q?=EB=B6=80=20=EC=84=A4=EC=A0=95=20=EC=83=81=EC=88=98=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80=20-=20=EB=A1=9C=EB=B9=88=EC=95=84=EB=B9=A0=EB=8B=98?=
 =?UTF-8?q?=20=EC=A0=9C=EC=95=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php         | 4 ++++
 lib/common.lib.php | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/config.php b/config.php
index 8782b3820..b11c08c6b 100644
--- a/config.php
+++ b/config.php
@@ -153,6 +153,10 @@ define('G5_SMTP', '127.0.0.1');
     기타 상수
 ********************/
 
+// SQL 에러를 표시할 것인지 지정
+// 에러를 표시하지 않으려면 FALSE 로 변경
+define('G5_DISPLAY_SQL_ERROR', TRUE);
+
 // escape string 처리 함수 지정
 // POST 등에서 한글이 깨질 경우 addslashes 로 변경
 define('G5_ESCAPE_FUNCTION', 'mysql_real_escape_string');
diff --git a/lib/common.lib.php b/lib/common.lib.php
index e36816502..a7011c249 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1433,7 +1433,7 @@ function sql_select_db($db, $connect)
 
 
 // mysql_query 와 mysql_error 를 한꺼번에 처리
-function sql_query($sql, $error=TRUE)
+function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
 {
     if ($error)
         $result = @mysql_query($sql) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['PHP_SELF']}");
@@ -1444,7 +1444,7 @@ function sql_query($sql, $error=TRUE)
 
 
 // 쿼리를 실행한 후 결과값에서 한행을 얻는다.
-function sql_fetch($sql, $error=TRUE)
+function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR)
 {
     $result = sql_query($sql, $error);
     //$row = @sql_fetch_array($result) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER['PHP_SELF']");

From 2d13c3b4b488a3c9d2a84bb184c4becf2b073260 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 12 Mar 2014 10:42:03 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=EA=B2=80=EC=83=89=EC=97=90=20=EC=82=AC?=
 =?UTF-8?q?=EC=9A=A9=EB=90=98=EB=8A=94=20=EB=B3=80=EC=88=98=EC=97=90?=
 =?UTF-8?q?=EC=84=9C=20=ED=8A=B9=EC=88=98=EB=AC=B8=EC=9E=90=20=EC=A0=9C?=
 =?UTF-8?q?=EA=B1=B0=20=EB=B0=8F=20=EA=B8=B8=EC=9D=B4=EC=A0=9C=ED=95=9C=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common.php b/common.php
index d12c2f05f..5dd46b317 100644
--- a/common.php
+++ b/common.php
@@ -225,13 +225,14 @@ if (isset($_REQUEST['sfl']))  {
 if (isset($_REQUEST['stx']))  { // search text (검색어)
     $stx = trim($_REQUEST['stx']);
     if ($stx)
-        $qstr .= '&amp;stx=' . urlencode($stx);
+        $qstr .= '&amp;stx=' . urlencode(cut_str($stx, 20, ''));
 } else {
     $stx = '';
 }
 
 if (isset($_REQUEST['sst']))  {
     $sst = trim($_REQUEST['sst']);
+    $sst = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sst);
     if ($sst)
         $qstr .= '&amp;sst=' . urlencode($sst); // search sort (검색 정렬 필드)
 } else {