From a1e11d952131356ea9371d6f79454054fa5821cd Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 8 Aug 2014 11:16:56 +0900 Subject: [PATCH 1/2] =?UTF-8?q?sms5=20icode=EB=A5=BC=20=EB=AF=B8=EC=84=A0?= =?UTF-8?q?=ED=83=9D=EC=8B=9C=20=EC=82=AC=EC=9A=A9=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EA=B2=BD=EC=9A=B0=20=EC=98=A4=EB=A5=98=EC=B2=98=EB=A6=AC?= =?UTF-8?q?=EB=B0=8F=20common.php=EC=97=90=20faq=20=EC=8A=A4=ED=82=A8=20?= =?UTF-8?q?=EA=B2=BD=EB=A1=9C=20=EC=B6=94=EA=B0=80=20#35?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/member_update.php | 9 +++++++-- adm/sms_admin/member_update_run.php | 8 ++++++++ bbs/faq.php | 9 --------- common.php | 4 ++++ extend/sms5.extend.php | 2 +- 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/adm/sms_admin/member_update.php b/adm/sms_admin/member_update.php index b0b20bd3f..667919971 100644 --- a/adm/sms_admin/member_update.php +++ b/adm/sms_admin/member_update.php @@ -45,8 +45,13 @@ include_once(G5_ADMIN_PATH.'/admin.head.php'); dataType:"json", data:params, success: function(data) { - $("#datetime").html( data.datetime ); - $("#res_msg").html( data.res_msg ); + if(data.error){ + alert( data.error ); + $("#res_msg").html(""); + } else { + $("#datetime").html( data.datetime ); + $("#res_msg").html( data.res_msg ); + } }, error: function (xhr, ajaxOptions, thrownError) { alert(xhr.status); diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php index 323cbc9e0..41467cd53 100644 --- a/adm/sms_admin/member_update_run.php +++ b/adm/sms_admin/member_update_run.php @@ -3,6 +3,14 @@ $sub_menu = "900200"; include_once("./_common.php"); @include_once(G5_PLUGIN_PATH."/sms5/JSON.php"); +if(empty($config['cf_sms_use'])){ + if( $mtype == "json" ){ + die("{\"error\":\"환경 설정의 SMS 사용에서 아이코드를 사용설정해 주셔야 실행할수 있습니다.\"}"); + } else { + die("환경 설정의 SMS 사용에서 아이코드를 사용설정해 주셔야 실행할수 있습니다."); + } +} + if( !function_exists('json_encode') ) { function json_encode($data) { $json = new Services_JSON(); diff --git a/bbs/faq.php b/bbs/faq.php index affa51c97..eaa3b491a 100644 --- a/bbs/faq.php +++ b/bbs/faq.php @@ -27,15 +27,6 @@ if (!$fm['fm_id']) $g5['title'] = $fm['fm_subject']; -if(G5_IS_MOBILE){ - $faq_skin = $config['cf_mobile_faq_skin']; -} else { - $faq_skin = $config['cf_faq_skin']; -} - -if(!$faq_skin) $faq_skin = 'basic'; -$faq_skin_path = (G5_IS_MOBILE ? G5_MOBILE_PATH : G5_PATH).'/'.G5_SKIN_DIR.'/faq/'.$faq_skin; -$faq_skin_url = (G5_IS_MOBILE ? G5_MOBILE_URL : G5_URL).'/'.G5_SKIN_DIR.'/faq/'.$faq_skin; $skin_file = $faq_skin_path.'/list.skin.php'; include_once('./_head.php'); diff --git a/common.php b/common.php index 8a8b3b7f8..38a2c4d05 100644 --- a/common.php +++ b/common.php @@ -496,6 +496,8 @@ if (G5_IS_MOBILE) { $search_skin_url = G5_MOBILE_URL .'/'.G5_SKIN_DIR.'/search/'.$config['cf_mobile_search_skin']; $connect_skin_path = G5_MOBILE_PATH.'/'.G5_SKIN_DIR.'/connect/'.$config['cf_mobile_connect_skin']; $connect_skin_url = G5_MOBILE_URL .'/'.G5_SKIN_DIR.'/connect/'.$config['cf_mobile_connect_skin']; + $faq_skin_path = G5_MOBILE_PATH .'/'.G5_SKIN_DIR.'/faq/'.$config['cf_mobile_faq_skin']; + $faq_skin_url = G5_MOBILE_URL .'/'.G5_SKIN_DIR.'/faq/'.$config['cf_mobile_faq_skin']; } else { $board_skin_path = G5_SKIN_PATH.'/board/'.$board['bo_skin']; $board_skin_url = G5_SKIN_URL .'/board/'.$board['bo_skin']; @@ -507,6 +509,8 @@ if (G5_IS_MOBILE) { $search_skin_url = G5_SKIN_URL .'/search/'.$config['cf_search_skin']; $connect_skin_path = G5_SKIN_PATH.'/connect/'.$config['cf_connect_skin']; $connect_skin_url = G5_SKIN_URL .'/connect/'.$config['cf_connect_skin']; + $faq_skin_path = G5_SKIN_PATH.'/faq/'.$config['cf_faq_skin']; + $faq_skin_url = G5_SKIN_URL.'/faq/'.$config['cf_faq_skin']; } //============================================================================== diff --git a/extend/sms5.extend.php b/extend/sms5.extend.php index 8b47fc273..5596f9ad0 100644 --- a/extend/sms5.extend.php +++ b/extend/sms5.extend.php @@ -24,7 +24,7 @@ $g5['sms5_form_table'] = $g5['sms5_prefix'] . 'form'; $g5['sms5_form_group_table'] = $g5['sms5_prefix'] . 'form_group'; $g5['sms5_member_history_table'] = $g5['sms5_prefix'] . 'member_history'; -if ($config['cf_sms_use'] == 'icode') { +if (!empty($config['cf_sms_use'])) { $sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false); if( $sms5['cf_member'] && trim($member['mb_hp']) ) { From 1cc13235cf07aa6d427fca1bcc1b676969524f11 Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 8 Aug 2014 13:38:42 +0900 Subject: [PATCH 2/2] =?UTF-8?q?xss=20=EA=B4=80=EB=A0=A8=20=ED=83=9C?= =?UTF-8?q?=EA=B7=B8=20=EC=A0=9C=EA=B1=B0=20=ED=95=A8=EC=88=98=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 2 +- lib/common.lib.php | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/common.php b/common.php index 38a2c4d05..5bab616f7 100644 --- a/common.php +++ b/common.php @@ -252,7 +252,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) $qstr = ''; if (isset($_REQUEST['sca'])) { - $sca = trim($_REQUEST['sca']); + $sca = clean_xss_tags(trim($_REQUEST['sca'])); if ($sca) $qstr .= '&sca=' . urlencode($sca); } else { diff --git a/lib/common.lib.php b/lib/common.lib.php index df4a783dc..cefddb0aa 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2653,6 +2653,14 @@ function get_search_string($stx) return $stx; } +// XSS 관련 태그 제거 +function clean_xss_tags($str) +{ + $str = preg_replace('#]*+>#i', '', $str); + + return $str; +} + // unescape nl 얻기 function conv_unescape_nl($str) {