Merge branch 'master' of github.com:gnuboard/g5
This commit is contained in:
thisgun
@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
|
||||
|
||||
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
|
||||
|
||||
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
|
||||
|
||||
foreach( $check_keys as $key ){
|
||||
if ( isset($_POST[$key]) && $_POST[$key] ){
|
||||
$_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
$sql = " update {$g5['config_table']}
|
||||
set cf_title = '{$_POST['cf_title']}',
|
||||
cf_admin = '{$_POST['cf_admin']}',
|
||||
|
||||
@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
|
||||
|
||||
$code = $_POST['code'][$i];
|
||||
$me_name = $_POST['me_name'][$i];
|
||||
$me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
|
||||
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
|
||||
|
||||
if(!$code || !$me_name || !$me_link)
|
||||
continue;
|
||||
|
||||
@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
|
||||
}
|
||||
|
||||
$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
|
||||
$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : '';
|
||||
|
||||
if( isset($token) ){
|
||||
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
|
||||
|
||||
@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
|
||||
include_once(G5_PATH.'/head.sub.php');
|
||||
|
||||
$list = array(); //배열 변수 초기화
|
||||
$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
|
||||
$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';
|
||||
|
||||
$sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
|
||||
$result = sql_query($sql);
|
||||
|
||||
@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트
|
||||
// 실제 번호를 넘김
|
||||
$k = $_POST['chk'][$i];
|
||||
$fg_no = (int) $_POST['fg_no'][$k];
|
||||
$fg_name = strip_tags($_POST['fg_name'][$k]);
|
||||
$fg_member = strip_tags($_POST['fg_member'][$k]);
|
||||
$fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
|
||||
$fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
|
||||
|
||||
if (!is_numeric($fg_no))
|
||||
alert('그룹 고유번호가 없습니다.');
|
||||
@ -83,7 +83,7 @@ else // 등록
|
||||
if (!strlen(trim($fg_name)))
|
||||
alert('그룹명을 입력해주세요');
|
||||
|
||||
$fg_name = strip_tags($fg_name);
|
||||
$fg_name = addslashes(strip_tags($fg_name));
|
||||
|
||||
$res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
|
||||
if ($res)
|
||||
|
||||
@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)";
|
||||
|
||||
if ($page < 1) $page = 1;
|
||||
|
||||
if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
|
||||
$st = '';
|
||||
}
|
||||
|
||||
if ($st && trim($sv))
|
||||
$sql_search = " and $st like '%$sv%' ";
|
||||
else
|
||||
$sql_search = "";
|
||||
|
||||
if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
|
||||
$st = '';
|
||||
}
|
||||
|
||||
$total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
|
||||
$total_count = $total_res['cnt'];
|
||||
|
||||
|
||||
@ -12,6 +12,9 @@ $is_hp_exist = false;
|
||||
|
||||
$bk_hp = get_hp($bk_hp);
|
||||
|
||||
$bk_memo = strip_tags($bk_memo);
|
||||
$bk_name = strip_tags($bk_name);
|
||||
|
||||
if ($w=='u') // 업데이트
|
||||
{
|
||||
if (!$bg_no) $bg_no = 0;
|
||||
@ -21,8 +24,6 @@ if ($w=='u') // 업데이트
|
||||
if (!strlen(trim($bk_name)))
|
||||
alert('이름을 입력해주세요');
|
||||
|
||||
$bk_name = strip_tags($bk_name);
|
||||
|
||||
if ($bk_hp == '')
|
||||
alert('휴대폰번호만 입력 가능합니다.');
|
||||
/*
|
||||
@ -48,7 +49,7 @@ if ($w=='u') // 업데이트
|
||||
sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
|
||||
}
|
||||
|
||||
sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
|
||||
sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
|
||||
if ($res['mb_id']){ //만약에 mb_id가 있다면...
|
||||
// 휴대폰번호 중복체크
|
||||
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
|
||||
|
||||
@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
|
||||
<tr>
|
||||
<th scope="row"><label for="bk_memo">메모</label></th>
|
||||
<td>
|
||||
<textarea name="bk_memo" id="bk_memo"><?php echo $write['bk_memo']?></textarea>
|
||||
<textarea name="bk_memo" id="bk_memo"><?php echo html_purifier($write['bk_memo']); ?></textarea>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id)
|
||||
while ($row = sql_fetch_array($result))
|
||||
{
|
||||
$no = $row['bf_no'];
|
||||
$bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
|
||||
$file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&wr_id=$wr_id&no=$no" . $qstr;
|
||||
$file[$no]['download'] = $row['bf_download'];
|
||||
// 4.00.11 - 파일 path 추가
|
||||
@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id)
|
||||
$file[$no]['size'] = get_filesize($row['bf_filesize']);
|
||||
$file[$no]['datetime'] = $row['bf_datetime'];
|
||||
$file[$no]['source'] = addslashes($row['bf_source']);
|
||||
$file[$no]['bf_content'] = $row['bf_content'];
|
||||
$file[$no]['content'] = get_text($row['bf_content']);
|
||||
$file[$no]['bf_content'] = $bf_content;
|
||||
$file[$no]['content'] = get_text($bf_content);
|
||||
//$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']);
|
||||
$file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']);
|
||||
$file[$no]['file'] = $row['bf_file'];
|
||||
|
||||
@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
|
||||
<input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
|
||||
<?php
|
||||
foreach ($payReqMap as $key => $value) {
|
||||
$key = htmlspecialchars(strip_tags($key));
|
||||
$value = htmlspecialchars(strip_tags($value));
|
||||
$key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
|
||||
$value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
|
||||
echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user