firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

5.2.7 버전변경

Browse Source
This commit is contained in:
thisgun
2017-03-20 17:33:29 +09:00
parent e88a7db2cf 08b8d1e3e2
commit 08518d0a2d
19 changed files with 137 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/board_form_update.php
View File

@ -35,6 +35,14 @@ if ($file = $_POST['bo_include_tail']) {
$_POST['bo_include_tail'] = $file;
}
if(!is_include_path_check($_POST['bo_include_head'])) {
alert('/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.');
}
if(!is_include_path_check($_POST['bo_include_tail'])) {
alert('/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.');
}
$board_path = G5_DATA_PATH.'/file/'.$bo_table;
// 게시판 디렉토리 생성

2
adm/board_list.php
View File

@ -63,7 +63,7 @@ $colspan = 15;
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_subject", true); ?>>TABLE</option>
<option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_table", true); ?>>TABLE</option>
<option value="bo_subject"<?php echo get_selected($_GET['sfl'], "bo_subject"); ?>>제목</option>
<option value="a.gr_id"<?php echo get_selected($_GET['sfl'], "a.gr_id"); ?>>그룹ID</option>
</select>

18
adm/contentformupdate.php
View File

@ -18,6 +18,18 @@ check_admin_token();
if ($co_himg_del) @unlink(G5_DATA_PATH."/content/{$co_id}_h");
if ($co_timg_del) @unlink(G5_DATA_PATH."/content/{$co_id}_t");
$error_msg = '';
if( $co_include_head && ! is_include_path_check($co_include_head) ){
$co_include_head = '';
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.';
}
if( $co_include_tail && ! is_include_path_check($co_include_tail) ){
$co_include_tail = '';
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
}
$sql_common = " co_include_head = '$co_include_head',
co_include_tail = '$co_include_tail',
co_html = '$co_html',
@ -74,7 +86,11 @@ if ($w == "" || $w == "u")
@chmod($dest_path, G5_FILE_PERMISSION);
}
goto_url("./contentform.php?w=u&amp;co_id=$co_id");
if( $error_msg ){
alert($error_msg, "./contentform.php?w=u&amp;co_id=$co_id");
} else {
goto_url("./contentform.php?w=u&amp;co_id=$co_id");
}
}
else
{

22
adm/qa_config_update.php
View File

@ -8,6 +8,18 @@ auth_check($auth[$sub_menu], 'w');
check_admin_token();
$error_msg = '';
if( $qa_include_head && ! is_include_path_check($qa_include_head) ){
$qa_include_head = '';
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.';
}
if( $qa_include_tail && ! is_include_path_check($qa_include_tail) ){
$qa_include_tail = '';
$error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
}
$sql = " update {$g5['qa_config_table']}
set qa_title = '{$_POST['qa_title']}',
qa_category = '{$_POST['qa_category']}',
@ -29,8 +41,8 @@ $sql = " update {$g5['qa_config_table']}
qa_image_width = '{$_POST['qa_image_width']}',
qa_upload_size = '{$_POST['qa_upload_size']}',
qa_insert_content = '{$_POST['qa_insert_content']}',
qa_include_head = '{$_POST['qa_include_head']}',
qa_include_tail = '{$_POST['qa_include_tail']}',
qa_include_head = '{$qa_include_head}',
qa_include_tail = '{$qa_include_tail}',
qa_content_head = '{$_POST['qa_content_head']}',
qa_content_tail = '{$_POST['qa_content_tail']}',
qa_mobile_content_head = '{$_POST['qa_mobile_content_head']}',
@ -47,5 +59,9 @@ $sql = " update {$g5['qa_config_table']}
qa_5 = '{$_POST['qa_5']}' ";
sql_query($sql);
goto_url('./qa_config.php');
if($error_msg){
alert($error_msg, './qa_config.php');
} else {
goto_url('./qa_config.php');
}
?>

2
adm/sms_admin/_common.php
View File

@ -12,5 +12,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
//$sms5 = sql_fetch("select * from ".$g5['sms5_config_table'] );
}
$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
?>

1
adm/visit_date.php
View File

@ -71,6 +71,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
</tr>
<?php
$i++;
}
} else {
echo '<tr><td colspan="'.$colspan.'" class="empty_table">자료가 없습니다.</td></tr>';

1
adm/visit_month.php
View File

@ -72,6 +72,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
</tr>
<?php
$i++;
}

2
adm/visit_search.php
View File

@ -44,7 +44,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처
<?php
$sql_common = " from {$g5['visit_table']} ";
if ($sfl) {
if($sst=='vi_ip' || $sst=='vi_date'){
if($sfl=='vi_ip' || $sfl=='vi_date'){
$sql_search = " where $sfl like '$stx%' ";
}else{
$sql_search = " where $sfl like '%$stx%' ";

6
bbs/board_head.php
View File

@ -7,7 +7,11 @@ if (G5_IS_MOBILE) {
include_once(G5_BBS_PATH.'/_head.php');
echo stripslashes($board['bo_mobile_content_head']);
} else {
@include ($board['bo_include_head']);
if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크
@include ($board['bo_include_head']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴
include_once(G5_BBS_PATH.'/_head.php');
}
echo stripslashes($board['bo_content_head']);
}
?>

6
bbs/board_tail.php
View File

@ -8,6 +8,10 @@ if (G5_IS_MOBILE) {
include_once(G5_BBS_PATH.'/_tail.php');
} else {
echo stripslashes($board['bo_content_tail']);
@include ($board['bo_include_tail']);
if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크
@include ($board['bo_include_tail']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴
include_once(G5_BBS_PATH.'/_tail.php');
}
}
?>

4
bbs/content.php
View File

@ -19,7 +19,7 @@ if (!$co['co_id'])
$g5['title'] = $co['co_subject'];
if ($co['co_include_head'])
if (is_include_path_check($co['co_include_head']))
@include_once($co['co_include_head']);
else
include_once('./_head.php');
@ -85,7 +85,7 @@ if(is_file($skin_file)) {
echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
}
if ($co['co_include_tail'])
if (is_include_path_check($co['co_include_tail']))
@include_once($co['co_include_tail']);
else
include_once('./_tail.php');

2
bbs/qahead.php
View File

@ -9,7 +9,7 @@ if (G5_IS_MOBILE) {
include_once('./_head.php');
echo conv_content($qaconfig['qa_mobile_content_head'], 1);
} else {
if($qaconfig['qa_include_head'])
if(is_include_path_check($qaconfig['qa_include_head']))
@include ($qaconfig['qa_include_head']);
else
include ('./_head.php');

2
bbs/qatail.php
View File

@ -7,7 +7,7 @@ if (G5_IS_MOBILE) {
include_once('./_tail.php');
} else {
echo conv_content($qaconfig['qa_content_tail'], 1);
if($qaconfig['qa_include_tail'])
if(is_include_path_check($qaconfig['qa_include_tail']))
@include ($qaconfig['qa_include_tail']);
else
include ('./_tail.php');

4
config.php
View File

@ -5,8 +5,8 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.2.6');
define('G5_YOUNGCART_VER', '5.2.6');
define('G5_GNUBOARD_VER', '5.2.7');
define('G5_YOUNGCART_VER', '5.2.7');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
define('_GNUBOARD_', true);

2
head.sub.php
View File

@ -45,7 +45,7 @@ if (G5_IS_MOBILE) {
echo '<meta name="format-detection" content="telephone=no">'.PHP_EOL;
} else {
echo '<meta http-equiv="imagetoolbar" content="no">'.PHP_EOL;
echo '<meta http-equiv="X-UA-Compatible" content="IE=10,chrome=1">'.PHP_EOL;
echo '<meta http-equiv="X-UA-Compatible" content="IE=Edge">'.PHP_EOL;
}
if($config['cf_add_meta'])

9
lib/common.lib.php
View File

@ -3274,4 +3274,13 @@ function check_write_token($bo_table)
return true;
}
// include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
function is_include_path_check($path='')
{
if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
return false;
}
return true;
}
?>

68
lib/thumbnail.lib.php
View File

@ -4,7 +4,7 @@ if (!defined('_GNUBOARD_')) exit;
@ini_set('memory_limit', '-1');
// 게시글리스트 썸네일 생성
function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_create=false, $is_crop=true, $crop_mode='center', $is_sharpen=false, $um_value='80/0.5/3')
function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_create=false, $is_crop=false, $crop_mode='center', $is_sharpen=false, $um_value='80/0.5/3')
{
global $g5, $config;
$filename = $alt = "";
@ -238,10 +238,10 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
$degree = 0;
if ($size[2] == 1) {
$src = imagecreatefromgif($source_file);
$src_transparency = imagecolortransparent($src);
$src = @imagecreatefromgif($source_file);
$src_transparency = @imagecolortransparent($src);
} else if ($size[2] == 2) {
$src = imagecreatefromjpeg($source_file);
$src = @imagecreatefromjpeg($source_file);
if(function_exists('exif_read_data')) {
// exif 정보를 기준으로 회전각도 구함
@ -273,8 +273,8 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
}
}
} else if ($size[2] == 3) {
$src = imagecreatefrompng($source_file);
imagealphablending($src, true);
$src = @imagecreatefrompng($source_file);
@imagealphablending($src, true);
} else {
return;
}
@ -330,20 +330,52 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
}
break;
}
}
$dst = imagecreatetruecolor($dst_w, $dst_h);
$dst = imagecreatetruecolor($dst_w, $dst_h);
if($size[2] == 3) {
imagealphablending($dst, false);
imagesavealpha($dst, true);
} else if($size[2] == 1) {
$palletsize = imagecolorstotal($src);
if($src_transparency >= 0 && $src_transparency < $palletsize) {
$transparent_color = imagecolorsforindex($src, $src_transparency);
$current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
imagefill($dst, 0, 0, $current_transparent);
imagecolortransparent($dst, $current_transparent);
if($size[2] == 3) {
imagealphablending($dst, false);
imagesavealpha($dst, true);
} else if($size[2] == 1) {
$palletsize = imagecolorstotal($src);
if($src_transparency >= 0 && $src_transparency < $palletsize) {
$transparent_color = imagecolorsforindex($src, $src_transparency);
$current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
imagefill($dst, 0, 0, $current_transparent);
imagecolortransparent($dst, $current_transparent);
}
}
} else { // 비율에 맞게 생성
$dst = imagecreatetruecolor($dst_w, $dst_h);
$bgcolor = imagecolorallocate($dst, 255, 255, 255); // 배경색
if($src_w > $src_h) {
$tmp_h = round(($dst_w * $src_h) / $src_w);
$dst_y = round(($dst_h - $tmp_h) / 2);
$dst_h = $tmp_h;
} else {
$tmp_w = round(($dst_h * $src_w) / $src_h);
$dst_x = round(($dst_w - $tmp_w) / 2);
$dst_w = $tmp_w;
}
if($size[2] == 3) {
$bgcolor = imagecolorallocatealpha($dst, 0, 0, 0, 127);
imagefill($dst, 0, 0, $bgcolor);
imagealphablending($dst, false);
imagesavealpha($dst, true);
} else if($size[2] == 1) {
$palletsize = imagecolorstotal($src);
if($src_transparency >= 0 && $src_transparency < $palletsize) {
$transparent_color = imagecolorsforindex($src, $src_transparency);
$current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
imagefill($dst, 0, 0, $current_transparent);
imagecolortransparent($dst, $current_transparent);
} else {
imagefill($dst, 0, 0, $bgcolor);
}
} else {
imagefill($dst, 0, 0, $bgcolor);
}
}
} else {

6
plugin/editor/cheditor5/popup/js/image.html5.js
View File

@ -1064,7 +1064,11 @@ DoUpload.prototype = {
if (evt.target.readyState === FileReader.DONE) {
blob = new self.MyBlob(self.NewBlob(evt.target.result, filetype));
orientation = self.getOrientation(evt.target.result.slice(0, 64 * 1024));
try {
orientation = self.getOrientation(evt.target.result.slice(0, 64 * 1024));
} catch(err) {
}
image = new Image();
image.onload = function () {

6
plugin/htmlpurifier/safeiframe.txt
View File

@ -4,3 +4,9 @@ www.youtube(?:-nocookie)?.com/
serviceapi.rmcnmv.naver.com/
videofarm.daum.net/
player.vimeo.com/
maps.google.com/
play.afreeca.com/
v.nate.com/
www.microsoft.com/showcase/video.aspx/
w.soundcloud.com/
www.facebook.com/