diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 126786382..533782c7a 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
+$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
+
+foreach( $check_keys as $key ){
+ if ( isset($_POST[$key]) && $_POST[$key] ){
+ $_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]);
+ }
+}
+
$sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}',
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 324f26209..3aaf18b11 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
- $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+ $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
continue;
diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
index 23e15e5ef..3c53259a8 100644
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
}
$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
+$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : '';
if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php
index 075c7b4a4..4e04cf496 100644
--- a/adm/sms_admin/emoticon_move.php
+++ b/adm/sms_admin/emoticon_move.php
@@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
include_once(G5_PATH.'/head.sub.php');
$list = array(); //배열 변수 초기화
-$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
+$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';
$sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
$result = sql_query($sql);
diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php
index ee8b1627a..d5257dcea 100644
--- a/adm/sms_admin/form_group_update.php
+++ b/adm/sms_admin/form_group_update.php
@@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$fg_no = (int) $_POST['fg_no'][$k];
- $fg_name = strip_tags($_POST['fg_name'][$k]);
- $fg_member = strip_tags($_POST['fg_member'][$k]);
+ $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
+ $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
if (!is_numeric($fg_no))
alert('그룹 고유번호가 없습니다.');
@@ -83,7 +83,7 @@ else // 등록
if (!strlen(trim($fg_name)))
alert('그룹명을 입력해주세요');
- $fg_name = strip_tags($fg_name);
+ $fg_name = addslashes(strip_tags($fg_name));
$res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
if ($res)
diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php
index f53dfb407..043fdd3f0 100644
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)";
if ($page < 1) $page = 1;
+if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
+ $st = '';
+}
+
if ($st && trim($sv))
$sql_search = " and $st like '%$sv%' ";
else
$sql_search = "";
-if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
- $st = '';
-}
-
$total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
$total_count = $total_res['cnt'];
diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php
index 0a13c641f..079c5eae1 100644
--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@@ -12,6 +12,9 @@ $is_hp_exist = false;
$bk_hp = get_hp($bk_hp);
+$bk_memo = strip_tags($bk_memo);
+$bk_name = strip_tags($bk_name);
+
if ($w=='u') // 업데이트
{
if (!$bg_no) $bg_no = 0;
@@ -21,8 +24,6 @@ if ($w=='u') // 업데이트
if (!strlen(trim($bk_name)))
alert('이름을 입력해주세요');
- $bk_name = strip_tags($bk_name);
-
if ($bk_hp == '')
alert('휴대폰번호만 입력 가능합니다.');
/*
@@ -48,7 +49,7 @@ if ($w=='u') // 업데이트
sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
}
- sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
+ sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
if ($res['mb_id']){ //만약에 mb_id가 있다면...
// 휴대폰번호 중복체크
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
diff --git a/adm/sms_admin/num_book_write.php b/adm/sms_admin/num_book_write.php
index 06896f81e..665673472 100644
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
|
-
+
|
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d2a0d53ff..a75f31605 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id)
while ($row = sql_fetch_array($result))
{
$no = $row['bf_no'];
+ $bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
$file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&wr_id=$wr_id&no=$no" . $qstr;
$file[$no]['download'] = $row['bf_download'];
// 4.00.11 - 파일 path 추가
@@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id)
$file[$no]['size'] = get_filesize($row['bf_filesize']);
$file[$no]['datetime'] = $row['bf_datetime'];
$file[$no]['source'] = addslashes($row['bf_source']);
- $file[$no]['bf_content'] = $row['bf_content'];
- $file[$no]['content'] = get_text($row['bf_content']);
+ $file[$no]['bf_content'] = $bf_content;
+ $file[$no]['content'] = get_text($bf_content);
//$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']);
$file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']);
$file[$no]['file'] = $row['bf_file'];
diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index 571d7d9c9..e1eb02e9c 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
$value) {
- $key = htmlspecialchars(strip_tags($key));
- $value = htmlspecialchars(strip_tags($value));
+ $key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
+ $value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
echo "".PHP_EOL;
}
?>