From 08f47f7cebaa5f042b3ade2034387acaf322c320 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 3 Jul 2018 15:59:51 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20[18-346]=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/categoryform.php       | 62 ++++++++++++++++++++++++++-
 adm/shop_admin/categoryformupdate.php | 33 +++++++++++++-
 shop/item.php                         |  4 +-
 shop/list.php                         |  4 +-
 4 files changed, 96 insertions(+), 7 deletions(-)

diff --git a/adm/shop_admin/categoryform.php b/adm/shop_admin/categoryform.php
index 5b37d2e40..afa658952 100644
--- a/adm/shop_admin/categoryform.php
+++ b/adm/shop_admin/categoryform.php
@@ -358,6 +358,22 @@ else {
                 <input type="text" name="ca_include_tail" value="<?php echo $ca['ca_include_tail']; ?>" id="ca_include_tail" class="frm_input" size="60">
             </td>
         </tr>
+        <tr id="admin_captcha_box" style="display:none;">
+            <th scope="row">자동등록방지</th>
+            <td>
+                <?php
+                echo help("파일 경로를 입력 또는 수정시 캡챠를 반드시 입력해야 합니다.");
+
+                include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
+                $captcha_html = captcha_html();
+                $captcha_js   = chk_captcha_js();
+                echo $captcha_html;
+                ?>
+                <script>
+                jQuery("#captcha_key").removeAttr("required").removeClass("required");
+                </script>
+            </td>
+        </tr>
         <tr>
             <th scope="row">상단내용</th>
             <td>
@@ -521,7 +537,51 @@ function fcategoryformcheck(f)
     return true;
 }
 
-$(function() {
+var captcha_chk = false;
+
+function use_captcha_check(){
+    $.ajax({
+        type: "POST",
+        url: g5_admin_url+"/ajax.use_captcha.php",
+        data: { admin_use_captcha: "1" },
+        cache: false,
+        async: false,
+        dataType: "json",
+        success: function(data) {
+        }
+    });
+}
+
+function frm_check_file(){
+    var ca_include_head = "<?php echo $ca['ca_include_head']; ?>";
+    var ca_include_tail = "<?php echo $ca['ca_include_tail']; ?>";
+    var head = jQuery.trim(jQuery("#ca_include_head").val());
+    var tail = jQuery.trim(jQuery("#ca_include_tail").val());
+
+    if(ca_include_head !== head || ca_include_tail !== tail){
+        // 캡챠를 사용합니다.
+        jQuery("#admin_captcha_box").show();
+        captcha_chk = true;
+
+        use_captcha_check();
+
+        return false;
+    } else {
+        jQuery("#admin_captcha_box").hide();
+    }
+
+    return true;
+}
+
+jQuery(function($){
+    if( window.self !== window.top ){   // frame 또는 iframe을 사용할 경우 체크
+        $("#ca_include_head, #ca_include_tail").on("change paste keyup", function(e) {
+            frm_check_file();
+        });
+
+        use_captcha_check();
+    }
+
     $(".shop_category").on("click", function() {
         if(!confirm("현재 테마의 스킨, 이미지 사이즈 등의 설정을 적용하시겠습니까?"))
             return false;
diff --git a/adm/shop_admin/categoryformupdate.php b/adm/shop_admin/categoryformupdate.php
index d1e994d6d..7fc4ff873 100644
--- a/adm/shop_admin/categoryformupdate.php
+++ b/adm/shop_admin/categoryformupdate.php
@@ -3,17 +3,43 @@ $sub_menu = '400200';
 include_once('./_common.php');
 
 if ($file = $_POST['ca_include_head']) {
-    if (!preg_match("/\.(php|htm[l]?)$/i", $file)) {
+    $file_ext = pathinfo($file, PATHINFO_EXTENSION);
+
+    if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
         alert("상단 파일 경로가 php, html 파일이 아닙니다.");
     }
 }
 
 if ($file = $_POST['ca_include_tail']) {
-    if (!preg_match("/\.(php|htm[l]?)$/i", $file)) {
+    $file_ext = pathinfo($file, PATHINFO_EXTENSION);
+
+    if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
         alert("하단 파일 경로가 php, html 파일이 아닙니다.");
     }
 }
 
+if( isset($_POST['ca_id']) ){
+    $ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+    $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
+    $ca = sql_fetch($sql);
+
+    if (($ca['ca_include_head'] !== $_POST['ca_include_head'] || $ca['ca_include_tail'] !== $_POST['ca_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
+        include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
+
+        if (!chk_captcha()) {
+            alert('자동등록방지 숫자가 틀렸습니다.');
+        }
+    }
+}
+
+if(!is_include_path_check($_POST['ca_include_head'], 1)) {
+    alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
+}
+
+if(!is_include_path_check($_POST['ca_include_tail'], 1)) {
+    alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
+}
+
 if ($w == "u" || $w == "d")
     check_demo();
 
@@ -153,6 +179,9 @@ else if ($w == "d")
     sql_query($sql);
 }
 
+if(function_exists('get_admin_captcha_by'))
+    get_admin_captcha_by('remove');
+
 if ($w == "" || $w == "u")
 {
     goto_url("./categoryform.php?w=u&amp;ca_id=$ca_id&amp;$qstr");
diff --git a/shop/item.php b/shop/item.php
index b2aee8d84..640461cf7 100644
--- a/shop/item.php
+++ b/shop/item.php
@@ -98,7 +98,7 @@ define('G5_SHOP_CSS_URL', str_replace(G5_PATH, G5_URL, $skin_dir));
 $g5['title'] = $it['it_name'].' &gt; '.$it['ca_name'];
 
 // 분류 상단 코드가 있으면 출력하고 없으면 기본 상단 코드 출력
-if ($ca['ca_include_head'])
+if ($ca['ca_include_head'] && is_include_path_check($ca['ca_include_head']))
     @include_once($ca['ca_include_head']);
 else
     include_once(G5_SHOP_PATH.'/_head.php');
@@ -268,7 +268,7 @@ echo conv_content($it['it_tail_html'], 1);
 ?>
 
 <?php
-if ($ca['ca_include_tail'])
+if ($ca['ca_include_tail'] && is_include_path_check($ca['ca_include_tail']))
     @include_once($ca['ca_include_tail']);
 else
     include_once(G5_SHOP_PATH.'/_tail.php');
diff --git a/shop/list.php b/shop/list.php
index ca2b86f78..7b9fdc706 100644
--- a/shop/list.php
+++ b/shop/list.php
@@ -29,7 +29,7 @@ if(!$is_admin) {
 
 $g5['title'] = $ca['ca_name'].' 상품리스트';
 
-if ($ca['ca_include_head'])
+if ($ca['ca_include_head'] && is_include_path_check($ca['ca_include_head']))
     @include_once($ca['ca_include_head']);
 else
     include_once(G5_SHOP_PATH.'/_head.php');
@@ -157,7 +157,7 @@ var itemlist_ca_id = "<?php echo $ca_id; ?>";
 <!-- } 상품 목록 끝 -->
 
 <?php
-if ($ca['ca_include_tail'])
+if ($ca['ca_include_tail'] && is_include_path_check($ca['ca_include_tail']))
     @include_once($ca['ca_include_tail']);
 else
     include_once(G5_SHOP_PATH.'/_tail.php');