firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-1597, 2021-0016] 그누보드 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2021-01-13 11:48:34 +09:00
parent b01e04a91e
commit 102715421f
7 changed files with 33 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/sms_admin/form_group.php
View File

@ -136,7 +136,7 @@ function grouplist_submit(f)
</td> </td>
<td class="td_left"> <td class="td_left">
<label for="fg_name_<?php echo $i; ?>" class="sound_only">그룹명</label> <label for="fg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
<input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['fg_name']?>" id="fg_name_<?php echo $i; ?>" class="frm_input"> <input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['fg_name']); ?>" id="fg_name_<?php echo $i; ?>" class="frm_input">
<input type="checkbox" name="fg_member[<?php echo $i; ?>]" value="1" id="fg_member_<?php echo $i; ?>" <?php if ($group[$i]['fg_member']) echo 'checked';?>> <input type="checkbox" name="fg_member[<?php echo $i; ?>]" value="1" id="fg_member_<?php echo $i; ?>" <?php if ($group[$i]['fg_member']) echo 'checked';?>>
<label for="fg_member_<?php echo $i; ?>">회원</label> <label for="fg_member_<?php echo $i; ?>">회원</label>
</td> </td>

6
adm/sms_admin/form_group_update.php
View File

@ -13,7 +13,7 @@ if ($w == 'u') // 업데이트
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $post_cnk[$i]; $k = $post_cnk[$i];
$fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0; $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
$fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : ''; $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags(clean_xss_attributes($_POST['fg_name'][$k]))) : '';
$fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : ''; $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
if (!is_numeric($fg_no)) if (!is_numeric($fg_no))
@ -82,11 +82,11 @@ else if ($w == 'no')
} }
else // 등록 else // 등록
{ {
$fg_name = isset($_POST['fg_name']) ? addslashes(strip_tags(clean_xss_attributes($_POST['fg_name']))) : '';
if (!strlen(trim($fg_name))) if (!strlen(trim($fg_name)))
alert('그룹명을 입력해주세요'); alert('그룹명을 입력해주세요');
$fg_name = addslashes(strip_tags($fg_name));
$res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'"); $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
if ($res) if ($res)
alert('같은 그룹명이 존재합니다.'); alert('같은 그룹명이 존재합니다.');

11
bbs/point.php
View File

@ -21,6 +21,17 @@ $total_page = ceil($total_count / $rows); // 전체 페이지 계산
if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
$from_record = ($page - 1) * $rows; // 시작 열을 구함 $from_record = ($page - 1) * $rows; // 시작 열을 구함
$sql = " select *
{$sql_common}
{$sql_order}
limit {$from_record}, {$rows} ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$list[] = $row;
}
include_once($member_skin_path.'/point.skin.php'); include_once($member_skin_path.'/point.skin.php');
include_once(G5_PATH.'/tail.sub.php'); include_once(G5_PATH.'/tail.sub.php');

13
mobile/skin/member/basic/point.skin.php
View File

@ -18,13 +18,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<ul class="point_list"> <ul class="point_list">
<?php <?php
$sum_point1 = $sum_point2 = $sum_point3 = 0; $sum_point1 = $sum_point2 = $sum_point3 = 0;
$sql = " select * $i = 0;
{$sql_common} foreach((array) $list as $row){
{$sql_order}
limit {$from_record}, {$rows} ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$point1 = $point2 = 0; $point1 = $point2 = 0;
$point_use_class = ''; $point_use_class = '';
if ($row['po_point'] > 0) { if ($row['po_point'] > 0) {
@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
</span> </span>
</li> </li>
<?php <?php
} $i++;
} // end foreach
if ($i == 0) if ($i == 0)
echo '<li class="empty_list">자료가 없습니다.</li>'; echo '<li class="empty_list">자료가 없습니다.</li>';

13
skin/member/basic/point.skin.php
View File

@ -18,13 +18,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<ul class="point_list"> <ul class="point_list">
<?php <?php
$sum_point1 = $sum_point2 = $sum_point3 = 0; $sum_point1 = $sum_point2 = $sum_point3 = 0;
$sql = " select * $i = 0;
{$sql_common} foreach((array) $list as $row){
{$sql_order}
limit {$from_record}, {$rows} ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$point1 = $point2 = 0; $point1 = $point2 = 0;
$point_use_class = ''; $point_use_class = '';
if ($row['po_point'] > 0) { if ($row['po_point'] > 0) {
@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
</span> </span>
</li> </li>
<?php <?php
} $i++;
} // end foreach
if ($i == 0) if ($i == 0)
echo '<li class="empty_li">자료가 없습니다.</li>'; echo '<li class="empty_li">자료가 없습니다.</li>';

11
theme/basic/mobile/skin/member/basic/point.skin.php
View File

@ -19,12 +19,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php <?php
$sum_point1 = $sum_point2 = $sum_point3 = 0; $sum_point1 = $sum_point2 = $sum_point3 = 0;
$sql = " select * $i = 0;
{$sql_common} foreach((array) $list as $row){
{$sql_order}
limit {$from_record}, {$rows} ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$point1 = $point2 = 0; $point1 = $point2 = 0;
$point_use_class = ''; $point_use_class = '';
if ($row['po_point'] > 0) { if ($row['po_point'] > 0) {
@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
</span> </span>
</li> </li>
<?php <?php
} $i++;
} // end foreach
if ($i == 0) if ($i == 0)
echo '<li class="empty_list">자료가 없습니다.</li>'; echo '<li class="empty_list">자료가 없습니다.</li>';

11
theme/basic/skin/member/basic/point.skin.php
View File

@ -19,12 +19,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php <?php
$sum_point1 = $sum_point2 = $sum_point3 = 0; $sum_point1 = $sum_point2 = $sum_point3 = 0;
$sql = " select * $i = 0;
{$sql_common} foreach((array) $list as $row){
{$sql_order}
limit {$from_record}, {$rows} ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$point1 = $point2 = 0; $point1 = $point2 = 0;
$point_use_class = ''; $point_use_class = '';
if ($row['po_point'] > 0) { if ($row['po_point'] > 0) {
@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
</span> </span>
</li> </li>
<?php <?php
} $i++;
} // end foreach
if ($i == 0) if ($i == 0)
echo '<li class="empty_li">자료가 없습니다.</li>'; echo '<li class="empty_li">자료가 없습니다.</li>';