From bab7fa1f394b614c29ff9c92649e8eeb80775dee Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 6 Jul 2017 09:22:24 +0900
Subject: [PATCH 01/20] =?UTF-8?q?=EC=9D=B8=EC=8A=A4=ED=86=A8=EC=8B=9C=20?=
 =?UTF-8?q?=ED=95=84=ED=84=B0=EB=A7=81=20=EB=8B=A8=EC=96=B4=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install/install_db.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/install_db.php b/install/install_db.php
index a6eed0e30..e436263e1 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -120,7 +120,7 @@ $sql = " insert into `{$table_prefix}config`
                 cf_mobile_pages = '5',
                 cf_link_target = '_blank',
                 cf_delay_sec = '30',
-                cf_filter = '18아,18놈,18새끼,18년,18뇬,18노,18것,18넘,개년,개놈,개뇬,개새,개색끼,개세끼,개세이,개쉐이,개쉑,개쉽,개시키,개자식,개좆,게색기,게색끼,광뇬,뇬,눈깔,뉘미럴,니귀미,니기미,니미,도촬,되질래,뒈져라,뒈진다,디져라,디진다,디질래,병쉰,병신,뻐큐,뻑큐,뽁큐,삐리넷,새꺄,쉬발,쉬밸,쉬팔,쉽알,스패킹,스팽,시벌,시부랄,시부럴,시부리,시불,시브랄,시팍,시팔,시펄,실밸,십8,십쌔,십창,싶알,쌉년,썅놈,쌔끼,쌩쑈,썅,써벌,썩을년,쎄꺄,쎄엑,쓰바,쓰발,쓰벌,쓰팔,씨8,씨댕,씨바,씨발,씨뱅,씨봉알,씨부랄,씨부럴,씨부렁,씨부리,씨불,씨브랄,씨빠,씨빨,씨뽀랄,씨팍,씨팔,씨펄,씹,아가리,아갈이,엄창,접년,잡놈,재랄,저주글,조까,조빠,조쟁이,조지냐,조진다,조질래,존나,존니,좀물,좁년,좃,좆,좇,쥐랄,쥐롤,쥬디,지랄,지럴,지롤,지미랄,쫍빱,凸,퍽큐,뻑큐,빠큐,ㅅㅂㄹㅁ',
+                cf_filter = '18아,18놈,18새끼,18뇬,18노,18것,18넘,개년,개놈,개뇬,개새,개색끼,개세끼,개세이,개쉐이,개쉑,개쉽,개시키,개자식,개좆,게색기,게색끼,광뇬,뇬,눈깔,뉘미럴,니귀미,니기미,니미,도촬,되질래,뒈져라,뒈진다,디져라,디진다,디질래,병쉰,병신,뻐큐,뻑큐,뽁큐,삐리넷,새꺄,쉬발,쉬밸,쉬팔,쉽알,스패킹,스팽,시벌,시부랄,시부럴,시부리,시불,시브랄,시팍,시팔,시펄,실밸,십8,십쌔,십창,싶알,쌉년,썅놈,쌔끼,쌩쑈,썅,써벌,썩을년,쎄꺄,쎄엑,쓰바,쓰발,쓰벌,쓰팔,씨8,씨댕,씨바,씨발,씨뱅,씨봉알,씨부랄,씨부럴,씨부렁,씨부리,씨불,씨브랄,씨빠,씨빨,씨뽀랄,씨팍,씨팔,씨펄,씹,아가리,아갈이,엄창,접년,잡놈,재랄,저주글,조까,조빠,조쟁이,조지냐,조진다,조질래,존나,존니,좀물,좁년,좃,좆,좇,쥐랄,쥐롤,쥬디,지랄,지럴,지롤,지미랄,쫍빱,凸,퍽큐,뻑큐,빠큐,ㅅㅂㄹㅁ',
                 cf_possible_ip = '',
                 cf_intercept_ip = '',
                 cf_analytics = '',

From 3000fc0b35980f185fe0ecbde926e605a07d30af Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 6 Jul 2017 10:27:45 +0900
Subject: [PATCH 02/20] =?UTF-8?q?include=20path=20=EC=B2=B4=ED=81=AC?=
 =?UTF-8?q?=ED=95=A8=EC=88=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index fade7b145..2062c4d05 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3320,11 +3320,12 @@ function is_include_path_check($path='')
             //echo 'Caught exception: ',  $e->getMessage(), "\n";
             return false;
         }
+
+        if( preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
+            return false;
+        }
     }
 
-    if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
-        return false;
-    }
     return true;
 }
 ?>
\ No newline at end of file

From ee9f85628dc5b4af297fa78de9662010fd81430a Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 6 Jul 2017 11:00:20 +0900
Subject: [PATCH 03/20] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=20=EB=8C=93?=
 =?UTF-8?q?=EA=B8=80=20https=20=EB=AF=B8=EC=B2=98=EB=A6=AC=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/skin/board/basic/view_comment.skin.php               | 2 +-
 mobile/skin/board/gallery/view_comment.skin.php             | 2 +-
 theme/basic/mobile/skin/board/basic/view_comment.skin.php   | 2 +-
 theme/basic/mobile/skin/board/gallery/view_comment.skin.php | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/mobile/skin/board/basic/view_comment.skin.php b/mobile/skin/board/basic/view_comment.skin.php
index ce49cf92a..6a60539e4 100644
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@@ -83,7 +83,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
     ?>
     <aside id="bo_vc_w">
         <h2>댓글쓰기</h2>
-        <form name="fviewcomment" action="./write_comment_update.php" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
+        <form name="fviewcomment" action="<?php echo $comment_action_url; ?>" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
         <input type="hidden" name="w" value="<?php echo $w ?>" id="w">
         <input type="hidden" name="bo_table" value="<?php echo $bo_table ?>">
         <input type="hidden" name="wr_id" value="<?php echo $wr_id ?>">
diff --git a/mobile/skin/board/gallery/view_comment.skin.php b/mobile/skin/board/gallery/view_comment.skin.php
index ce49cf92a..6a60539e4 100644
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@@ -83,7 +83,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
     ?>
     <aside id="bo_vc_w">
         <h2>댓글쓰기</h2>
-        <form name="fviewcomment" action="./write_comment_update.php" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
+        <form name="fviewcomment" action="<?php echo $comment_action_url; ?>" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
         <input type="hidden" name="w" value="<?php echo $w ?>" id="w">
         <input type="hidden" name="bo_table" value="<?php echo $bo_table ?>">
         <input type="hidden" name="wr_id" value="<?php echo $wr_id ?>">
diff --git a/theme/basic/mobile/skin/board/basic/view_comment.skin.php b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
index ce49cf92a..6a60539e4 100644
--- a/theme/basic/mobile/skin/board/basic/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
@@ -83,7 +83,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
     ?>
     <aside id="bo_vc_w">
         <h2>댓글쓰기</h2>
-        <form name="fviewcomment" action="./write_comment_update.php" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
+        <form name="fviewcomment" action="<?php echo $comment_action_url; ?>" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
         <input type="hidden" name="w" value="<?php echo $w ?>" id="w">
         <input type="hidden" name="bo_table" value="<?php echo $bo_table ?>">
         <input type="hidden" name="wr_id" value="<?php echo $wr_id ?>">
diff --git a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
index ce49cf92a..6a60539e4 100644
--- a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
@@ -83,7 +83,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
     ?>
     <aside id="bo_vc_w">
         <h2>댓글쓰기</h2>
-        <form name="fviewcomment" action="./write_comment_update.php" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
+        <form name="fviewcomment" action="<?php echo $comment_action_url; ?>" onsubmit="return fviewcomment_submit(this);" method="post" autocomplete="off">
         <input type="hidden" name="w" value="<?php echo $w ?>" id="w">
         <input type="hidden" name="bo_table" value="<?php echo $bo_table ?>">
         <input type="hidden" name="wr_id" value="<?php echo $wr_id ?>">

From 6f5775381ab1da5caba8407cbddfac08816a36fc Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 10 Jul 2017 17:53:16 +0900
Subject: [PATCH 04/20] =?UTF-8?q?=EC=95=84=EC=9D=B4=EC=BD=94=EB=93=9C=20?=
 =?UTF-8?q?=EC=B6=A9=EC=A0=84=ED=95=98=EA=B8=B0=20=EB=B2=84=ED=8A=BC=20?=
 =?UTF-8?q?=EB=A7=81=ED=81=AC=20=ED=83=9C=EA=B7=B8=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/config_form.php      | 2 +-
 adm/sms_admin/config.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/adm/config_form.php b/adm/config_form.php
index 0187b4c53..7c2c57ec8 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -1099,7 +1099,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
             <th scope="row">충전 잔액</th>
             <td colspan="3">
                 <?php echo number_format($userinfo['coin']); ?> 원.
-                <a href="http://www.icodekorea.com/smsbiz/credit_card_amt.php?icode_id=<?php echo $config['cf_icode_id']; ?>&amp;icode_passwd=<?php echo $config['cf_icode_pw']; ?>" target="_blank" class="btn_frmline" onclick="window.open(this.href,'icode_payment', 'scrollbars=1,resizable=1'); return false;">충전하기</a>
+                <a href="http://www.icodekorea.com/smsbiz/credit_card_amt.php?icode_id=<?php echo $config['cf_icode_id']; ?>&amp;icode_passwd=<?php echo $config['cf_icode_pw']; ?>" target="_blank" class="btn_frmline">충전하기</a>
             </td>
         </tr>
         <?php } ?>
diff --git a/adm/sms_admin/config.php b/adm/sms_admin/config.php
index 39d2144fb..17e358d98 100644
--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@@ -83,7 +83,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
         <th scope="row">충전 잔액</th>
         <td>
             <?php echo number_format($userinfo['coin'])?> 원
-            <input type="button" value="충전하기" class="btn_frmline" onclick="window.open('http://icodekorea.com/company/credit_card_input.php?icode_id=<?php echo $config['cf_icode_id']?>&icode_passwd=<?php echo $config['cf_icode_pw']?>','icode_payment','width=650,height=500')">
+            <a href="http://www.icodekorea.com/smsbiz/credit_card_amt.php?icode_id=<?php echo $config['cf_icode_id']; ?>&amp;icode_passwd=<?php echo $config['cf_icode_pw']; ?>" target="_blank" class="btn_frmline">충전하기</a>
         </td>
     </tr>
     <?php } ?>

From 14e863930cf37d239698ac539fdf1c0ef7d40e61 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Jul 2017 10:39:36 +0900
Subject: [PATCH 05/20] =?UTF-8?q?=EC=AA=BD=EC=A7=80=20=EB=B3=B4=EB=82=BC?=
 =?UTF-8?q?=EB=95=8C=20=EC=B0=A8=EA=B0=90=20=ED=8F=AC=EC=9D=B8=ED=8A=B8?=
 =?UTF-8?q?=EB=8F=84=20=ED=91=9C=EC=8B=9C=ED=95=98=EA=B8=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/skin/member/basic/memo_form.skin.php             | 7 +++++++
 skin/member/basic/memo_form.skin.php                    | 7 +++++++
 theme/basic/mobile/skin/member/basic/memo_form.skin.php | 7 +++++++
 theme/basic/skin/member/basic/memo_form.skin.php        | 7 +++++++
 4 files changed, 28 insertions(+)

diff --git a/mobile/skin/member/basic/memo_form.skin.php b/mobile/skin/member/basic/memo_form.skin.php
index 47d0355f0..5d1120028 100644
--- a/mobile/skin/member/basic/memo_form.skin.php
+++ b/mobile/skin/member/basic/memo_form.skin.php
@@ -19,6 +19,13 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <table>
         <caption>쪽지쓰기</caption>
         <tbody>
+        <?php if ($config['cf_memo_send_point']) { ?>
+        <tr>
+            <td colspan="2">
+                <strong>쪽지 보낼때 회원당 <?php echo number_format($config['cf_memo_send_point']); ?>점의 포인트를 차감합니다.</strong>
+            </td>
+        </tr>
+        <?php } ?>
         <tr>
             <th scope="row"><label for="me_recv_mb_id">받는 회원아이디<strong class="sound_only">필수</strong></label></th>
             <td>
diff --git a/skin/member/basic/memo_form.skin.php b/skin/member/basic/memo_form.skin.php
index 66d3d9c57..58a9dda6a 100644
--- a/skin/member/basic/memo_form.skin.php
+++ b/skin/member/basic/memo_form.skin.php
@@ -20,6 +20,13 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <table>
         <caption>쪽지쓰기</caption>
         <tbody>
+        <?php if ($config['cf_memo_send_point']) { ?>
+        <tr>
+            <td colspan="2">
+                <strong>쪽지 보낼때 회원당 <?php echo number_format($config['cf_memo_send_point']); ?>점의 포인트를 차감합니다.</strong>
+            </td>
+        </tr>
+        <?php } ?>
         <tr>
             <th scope="row"><label for="me_recv_mb_id">받는 회원아이디<strong class="sound_only">필수</strong></label></th>
             <td>
diff --git a/theme/basic/mobile/skin/member/basic/memo_form.skin.php b/theme/basic/mobile/skin/member/basic/memo_form.skin.php
index 47d0355f0..5d1120028 100644
--- a/theme/basic/mobile/skin/member/basic/memo_form.skin.php
+++ b/theme/basic/mobile/skin/member/basic/memo_form.skin.php
@@ -19,6 +19,13 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <table>
         <caption>쪽지쓰기</caption>
         <tbody>
+        <?php if ($config['cf_memo_send_point']) { ?>
+        <tr>
+            <td colspan="2">
+                <strong>쪽지 보낼때 회원당 <?php echo number_format($config['cf_memo_send_point']); ?>점의 포인트를 차감합니다.</strong>
+            </td>
+        </tr>
+        <?php } ?>
         <tr>
             <th scope="row"><label for="me_recv_mb_id">받는 회원아이디<strong class="sound_only">필수</strong></label></th>
             <td>
diff --git a/theme/basic/skin/member/basic/memo_form.skin.php b/theme/basic/skin/member/basic/memo_form.skin.php
index 66d3d9c57..58a9dda6a 100644
--- a/theme/basic/skin/member/basic/memo_form.skin.php
+++ b/theme/basic/skin/member/basic/memo_form.skin.php
@@ -20,6 +20,13 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <table>
         <caption>쪽지쓰기</caption>
         <tbody>
+        <?php if ($config['cf_memo_send_point']) { ?>
+        <tr>
+            <td colspan="2">
+                <strong>쪽지 보낼때 회원당 <?php echo number_format($config['cf_memo_send_point']); ?>점의 포인트를 차감합니다.</strong>
+            </td>
+        </tr>
+        <?php } ?>
         <tr>
             <th scope="row"><label for="me_recv_mb_id">받는 회원아이디<strong class="sound_only">필수</strong></label></th>
             <td>

From 1a0eb48b9720f39149fabd3dddb2415b30b7cd08 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 13 Jul 2017 09:17:47 +0900
Subject: [PATCH 06/20] =?UTF-8?q?=ED=8C=A8=EC=8A=A4=EC=9B=8C=EB=93=9C=20?=
 =?UTF-8?q?=EC=B0=BE=EA=B8=B0=20https=20url=20=EC=B2=98=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/password_check.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbs/password_check.php b/bbs/password_check.php
index 086508911..b13e6fc85 100644
--- a/bbs/password_check.php
+++ b/bbs/password_check.php
@@ -31,5 +31,5 @@ if ($w == 's') {
 } else
     alert('w 값이 제대로 넘어오지 않았습니다.');
 
-goto_url('./board.php?'.$qstr);
+goto_url(G5_HTTP_BBS_URL.'/board.php?'.$qstr);
 ?>

From 121d369ab84ee935ebe366a51ec43e702473fa4f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 20 Jul 2017 19:52:00 +0900
Subject: [PATCH 07/20] =?UTF-8?q?=EC=B5=9C=EA=B3=A0=EA=B4=80=EB=A6=AC?=
 =?UTF-8?q?=EC=9E=90=20=EC=A0=95=EB=B3=B4=EC=88=98=EC=A0=95=20=EB=AC=B8?=
 =?UTF-8?q?=EC=A0=9C=20(=2017-00465=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EA=B4=80=EB=A0=A8=20)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/member_form_update.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/adm/member_form_update.php b/adm/member_form_update.php
index 29aba6432..a407141c7 100644
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@@ -95,6 +95,10 @@ else if ($w == 'u')
     if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level'])
         alert('자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.');
 
+    if ($is_admin !== 'super' && is_admin($mb['mb_id']) === 'super' ) {
+        alert('최고관리자의 비밀번호를 수정할수 없습니다.');
+    }
+
     if ($_POST['mb_id'] == $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
         alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
 

From cd8a9078d522dbd472556f5be0bd1512d27d0f0d Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 14 Aug 2017 17:04:11 +0900
Subject: [PATCH 08/20] =?UTF-8?q?433=20=ED=8F=AC=ED=8A=B8=EB=B2=88?=
 =?UTF-8?q?=ED=98=B8=20=EC=B2=98=EB=A6=AC=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.php b/common.php
index da867ec16..d0ed644af 100644
--- a/common.php
+++ b/common.php
@@ -34,7 +34,7 @@ function g5_path()
     $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
     $pattern = '/' . preg_quote($document_root, '/') . '/i';
     $root = preg_replace($pattern, '', $result['path']);
-    $port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
+    $port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
     $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
     $user = str_replace(preg_replace($pattern, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
     $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];

From d9789a636e42c5d131d445905ed56487750a4607 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 14 Aug 2017 17:23:23 +0900
Subject: [PATCH 09/20] =?UTF-8?q?Stored=20XSS=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95=20(17-557)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/qawrite.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bbs/qawrite.php b/bbs/qawrite.php
index d9ffd7b98..5a7a47345 100644
--- a/bbs/qawrite.php
+++ b/bbs/qawrite.php
@@ -76,7 +76,10 @@ if(is_file($skin_file)) {
 
         $content .= get_text($write['qa_content'], 0);
     } else {
-        $content = get_text($write['qa_content'], 0);
+        //$content = get_text($write['qa_content'], 0);
+        
+        // KISA 취약점 권고사항 Stored XSS
+        $content = get_text(html_purifier($write['qa_content']), 0);
     }
 
     $editor_html = editor_html('qa_content', $content, $is_dhtml_editor);

From 3a311906bfcd84d021869403b206fb73eed3062f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 16 Aug 2017 09:24:15 +0900
Subject: [PATCH 10/20] =?UTF-8?q?1:1=20=EB=AC=B8=EC=9D=98=20=EB=B0=8F=20?=
 =?UTF-8?q?=EB=82=B4=EC=9A=A9=EA=B4=80=EB=A6=AC=20=EC=83=81=EB=8B=A8=20?=
 =?UTF-8?q?=ED=95=98=EB=8B=A8=20=EA=B2=BD=EB=A1=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/content.php | 4 ++--
 bbs/qahead.php  | 2 +-
 bbs/qatail.php  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bbs/content.php b/bbs/content.php
index 8aa2f36af..b46d6f338 100644
--- a/bbs/content.php
+++ b/bbs/content.php
@@ -19,7 +19,7 @@ if (!$co['co_id'])
 
 $g5['title'] = $co['co_subject'];
 
-if (is_include_path_check($co['co_include_head']))
+if ($co['co_include_head'] && is_include_path_check($co['co_include_head']))
     @include_once($co['co_include_head']);
 else
     include_once('./_head.php');
@@ -85,7 +85,7 @@ if(is_file($skin_file)) {
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
 }
 
-if (is_include_path_check($co['co_include_tail']))
+if ($co['co_include_tail'] && is_include_path_check($co['co_include_tail']))
     @include_once($co['co_include_tail']);
 else
     include_once('./_tail.php');
diff --git a/bbs/qahead.php b/bbs/qahead.php
index d4aaa4d6e..976f4d524 100644
--- a/bbs/qahead.php
+++ b/bbs/qahead.php
@@ -9,7 +9,7 @@ if (G5_IS_MOBILE) {
     include_once('./_head.php');
     echo conv_content($qaconfig['qa_mobile_content_head'], 1);
 } else {
-    if(is_include_path_check($qaconfig['qa_include_head']))
+    if($qaconfig['qa_include_head'] && is_include_path_check($qaconfig['qa_include_head']))
         @include ($qaconfig['qa_include_head']);
     else
         include ('./_head.php');
diff --git a/bbs/qatail.php b/bbs/qatail.php
index 8cc00e1a3..8b22bcf66 100644
--- a/bbs/qatail.php
+++ b/bbs/qatail.php
@@ -7,7 +7,7 @@ if (G5_IS_MOBILE) {
     include_once('./_tail.php');
 } else {
     echo conv_content($qaconfig['qa_content_tail'], 1);
-    if(is_include_path_check($qaconfig['qa_include_tail']))
+    if($qaconfig['qa_include_tail'] && is_include_path_check($qaconfig['qa_include_tail']))
         @include ($qaconfig['qa_include_tail']);
     else
         include ('./_tail.php');

From cf680e43d81cca5c3da6732f9967c7d2eeaf06f4 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 16 Aug 2017 09:30:52 +0900
Subject: [PATCH 11/20] =?UTF-8?q?5.2.9.2=20=EB=B2=84=EC=A0=84=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index 6073b0a83..155c2a968 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.2.9');
+define('G5_GNUBOARD_VER', '5.2.9.2');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

From 91f60763d885ce581fec99b8abc6890dd78b2ea6 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 21 Aug 2017 19:38:14 +0900
Subject: [PATCH 12/20] =?UTF-8?q?IOS=2010.3.x=20=EB=B2=84=EC=A0=84?=
 =?UTF-8?q?=EB=8C=80=EC=97=90=EC=84=9C=20=EB=8B=A4=EC=9D=8C=20=EC=9A=B0?=
 =?UTF-8?q?=ED=8E=B8=EC=A3=BC=EC=86=8C=20=EC=98=A4=EB=A5=98=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 js/common.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/js/common.js b/js/common.js
index e63c0f0eb..83f42221d 100644
--- a/js/common.js
+++ b/js/common.js
@@ -459,6 +459,7 @@ var win_zip = function(frm_name, frm_zip, frm_addr1, frm_addr2, frm_addr3, frm_j
                 onresize : function(size) {
                     element_wrap.style.height = size.height + "px";
                 },
+                maxSuggestItems : g5_is_mobile ? 6 : 10,
                 width : '100%',
                 height : '100%'
             }).embed(element_wrap);
@@ -494,6 +495,7 @@ var win_zip = function(frm_name, frm_zip, frm_addr1, frm_addr2, frm_addr3, frm_j
                     // iframe을 넣은 element를 안보이게 한다.
                     element_layer.style.display = 'none';
                 },
+                maxSuggestItems : g5_is_mobile ? 6 : 10,
                 width : '100%',
                 height : '100%'
             }).embed(element_layer);

From 3d2d3b99483e3f5a46a82a1dc86ea3c4b117b1ad Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 22 Aug 2017 16:46:36 +0900
Subject: [PATCH 13/20] =?UTF-8?q?=EC=98=A4=ED=94=88=20=EB=A6=AC=EB=8B=A4?=
 =?UTF-8?q?=EC=9D=B4=EB=A0=89=ED=8A=B8=20=EC=9C=A0=EC=A0=80=20=ED=8C=A8?=
 =?UTF-8?q?=EC=8A=A4=EC=9B=8C=EB=93=9C=20Leak=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95=20adm1nkyj@UpRoot=EB=8B=98?=
 =?UTF-8?q?=EC=9D=B4=20=EC=95=8C=EB=A0=A4=EC=A3=BC=EC=8B=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 2062c4d05..72801dc7f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2988,15 +2988,32 @@ function check_url_host($url, $msg='', $return_url=G5_URL)
 
     $p = @parse_url($url);
     $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+    $is_host_check = false;
 
     if(stripos($url, 'http:') !== false) {
         if(!isset($p['scheme']) || !$p['scheme'] || !isset($p['host']) || !$p['host'])
             alert('url 정보가 올바르지 않습니다.', $return_url);
     }
 
-    if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
+    //php 5.6.29 이하 버전에서는 parse_url 버그가 존재함
+    if ( (isset($p['host']) && $p['host']) && version_compare(PHP_VERSION, '5.6.29') < 0) {
+        $bool_ch = false;
+        foreach( array('user','host') as $key) {
+            if ( isset( $p[ $key ] ) && strpbrk( $p[ $key ], ':/?#@' ) ) {
+                $bool_ch = true;
+            }
+        }
+        if( $bool_ch ){
+            $regex = '/https?\:\/\/'.$host.'/i';
+            if( ! preg_match($regex, $url) ){
+                $is_host_check = true;
+            }
+        }
+    }
+
+    if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host']) || $is_host_check) {
         //if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
-        if ($p['host'] != $host) {
+        if ( ($p['host'] != $host) || $is_host_check ) {
             echo '<script>'.PHP_EOL;
             echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
             echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;

From 8af8e136862ff468654e56724b2dd7c7659e65cb Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 25 Aug 2017 09:29:35 +0900
Subject: [PATCH 14/20] =?UTF-8?q?=ED=8E=98=EC=9D=B4=EC=8A=A4=EB=B6=81=20?=
 =?UTF-8?q?=EC=97=B0=EA=B2=B0=20=EA=B5=AC=EB=AC=B8=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/sns/facebook/src/base_facebook.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugin/sns/facebook/src/base_facebook.php b/plugin/sns/facebook/src/base_facebook.php
index 2ea0fb438..f83495d62 100644
--- a/plugin/sns/facebook/src/base_facebook.php
+++ b/plugin/sns/facebook/src/base_facebook.php
@@ -372,8 +372,11 @@ abstract class BaseFacebook
       return false;
     }
 
+    $response_params = json_decode($access_token_response, true);
+    /*
     $response_params = array();
     parse_str($access_token_response, $response_params);
+    */
 
     if (!isset($response_params['access_token'])) {
       return false;

From edbefc256b80453472ca4b605e4cfdc01c0bf46a Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 6 Sep 2017 11:58:51 +0900
Subject: [PATCH 15/20] =?UTF-8?q?=ED=9C=B4=EB=8C=80=ED=8F=B0=EB=B3=B8?=
 =?UTF-8?q?=EC=9D=B8=ED=99=95=EC=9D=B8=20lg=20=EB=AA=A8=EB=93=88=20?=
 =?UTF-8?q?=EC=B5=9C=EA=B7=BC=20=EB=B2=84=EC=A0=84=EC=9C=BC=EB=A1=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 js/certify.js                                 |  40 +++++-
 .../skin/member/basic/register_form.skin.php  |   6 +-
 plugin/kcpcert/kcpcert_result.php             |   9 +-
 plugin/lgxpay/AuthOnlyReq.php                 | 131 +++++++++++++-----
 plugin/lgxpay/AuthOnlyRes.php                 |  38 ++++-
 plugin/lgxpay/returnurl.php                   |  65 +++++++++
 .../skin/member/basic/register_form.skin.php  |   6 +-
 7 files changed, 249 insertions(+), 46 deletions(-)
 create mode 100644 plugin/lgxpay/returnurl.php

diff --git a/js/certify.js b/js/certify.js
index 616760c72..d98c59785 100644
--- a/js/certify.js
+++ b/js/certify.js
@@ -22,10 +22,14 @@ function certify_win_open(type, url)
             if($("#kcp_cert").size() < 1) {
                 $frm.wrap('<div id="cert_info"></div>');
 
-                $("#cert_info").append('<form name="form_temp" method="post">')
-                               .after('<iframe id="kcp_cert" name="kcp_cert" width="100%" height="700" frameborder="0" scrolling="no" style="display:none"></iframe>');
+                $("#cert_info").append('<form name="form_temp" method="post">');
+            } else {
+                $("#kcp_cert").remove();
             }
 
+            $("#cert_info")
+                .after('<iframe id="kcp_cert" name="kcp_cert" width="100%" height="700" frameborder="0" scrolling="no" style="display:none"></iframe>');
+
             var temp_form = document.form_temp;
             temp_form.target = "kcp_cert";
             temp_form.action = url;
@@ -51,8 +55,36 @@ function certify_win_open(type, url)
     }
     else if(type == 'lg-hp')
     {
-        var popupWindow = window.open( url, "auth_popup", "left=200, top=100, width=400, height=400, scrollbar=yes" );
-        popupWindow.focus();
+
+        if( g5_is_mobile )
+        {
+            var $frm = $(event.target.form),
+                lgu_cert = "lgu_cert";
+
+            if($("#lgu_cert").size() < 1) {
+                $frm.wrap('<div id="cert_info"></div>');
+
+                $("#cert_info").append('<form name="form_temp" method="post">');
+            } else {
+                $("#"+lgu_cert).remove();
+            }
+
+            $("#cert_info")
+                .after('<iframe id="'+lgu_cert+'" name="lgu_cert" width="100%" src="'+url+'" height="700" frameborder="0" scrolling="no" style="display:none"></iframe>');
+
+            document.getElementById( "cert_info" ).style.display = "none";
+            document.getElementById( lgu_cert  ).style.display = "";
+
+        } else {
+            var width= 640;
+            var height = 660;
+
+            var leftpos = screen.width  / 2 - ( width  / 2 );
+            var toppos  = screen.height / 2 - ( height / 2 );
+
+            var popupWindow = window.open( url, "auth_popup", "left=" + leftpos + ", top="    + toppos + ", width=" + width   + ", height=" + height + ", scrollbar=yes" );
+            popupWindow.focus();
+        }
     }
 }
 
diff --git a/mobile/skin/member/basic/register_form.skin.php b/mobile/skin/member/basic/register_form.skin.php
index db17e0fa2..595c0bfb2 100644
--- a/mobile/skin/member/basic/register_form.skin.php
+++ b/mobile/skin/member/basic/register_form.skin.php
@@ -60,7 +60,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 if($config['cf_cert_use']) {
                     if($config['cf_cert_ipin'])
                         echo '<button type="button" id="win_ipin_cert" class="btn_frmline">아이핀 본인확인</button>'.PHP_EOL;
-                    if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg')
+                    if($config['cf_cert_hp'])
                         echo '<button type="button" id="win_hp_cert" class="btn_frmline">휴대폰 본인확인</button>'.PHP_EOL;
 
                     echo '<noscript>본인확인을 위해서는 자바스크립트 사용이 가능해야합니다.</noscript>'.PHP_EOL;
@@ -288,6 +288,10 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                     $cert_url = G5_KCPCERT_URL.'/kcpcert_form.php';
                     $cert_type = 'kcp-hp';
                     break;
+                case 'lg':
+                    $cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php';
+                    $cert_type = 'lg-hp';
+                    break;
                 default:
                     echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");';
                     echo 'return false;';
diff --git a/plugin/kcpcert/kcpcert_result.php b/plugin/kcpcert/kcpcert_result.php
index 5eaab75ab..031942fa9 100644
--- a/plugin/kcpcert/kcpcert_result.php
+++ b/plugin/kcpcert/kcpcert_result.php
@@ -173,7 +173,14 @@ if( $cert_enc_use == "Y" )
 else if( $cert_enc_use != "Y" )
 {
     // 암호화 인증 안함
-    alert_close("휴대폰 본인확인을 취소 하셨습니다.");
+    if( G5_IS_MOBILE ){
+        echo '<script>'.PHP_EOL;
+        echo 'window.parent.$("#cert_info").css("display", "");'.PHP_EOL;
+        echo 'window.parent.$("#kcp_cert" ).css("display", "none");'.PHP_EOL;
+        echo '</script>'.PHP_EOL;
+    } else {
+        alert_close("휴대폰 본인확인을 취소 하셨습니다.");
+    }
     exit;
 }
 
diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index 476b78ac7..9f08230d2 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -46,6 +46,45 @@ $LGD_CUSTOM_SKIN            = 'red';                            // 상점정의
 
 $LGD_MERTKEY    = $config['cf_lg_mert_key'];
 $LGD_HASHDATA   = md5($LGD_MID.$LGD_BUYERSSN.$LGD_TIMESTAMP.$LGD_MERTKEY);
+$LGD_RETURNURL  = G5_PLUGIN_URL.'/lgxpay/returnurl.php';
+if( G5_IS_MOBILE ){
+    $LGD_WINDOW_TYPE = 'submit';
+} else {
+    $LGD_WINDOW_TYPE = 'iframe';
+}
+
+$LGD_NAMECHECKYN = 'N';
+$LGD_HOLDCHECKYN = 'Y';
+$LGD_CUSTOM_USABLEPAY = 'ASC007';
+
+$payReqMap = array();
+
+$payReqMap['CST_PLATFORM']              = $CST_PLATFORM;           				// 테스트, 서비스 구분
+$payReqMap['CST_MID']                   = $CST_MID;                				// 상점아이디
+$payReqMap['LGD_MID']                   = $LGD_MID;                				// 상점아이디
+$payReqMap['LGD_HASHDATA'] 				= $LGD_HASHDATA;      	           		// MD5 해쉬암호값
+$payReqMap['LGD_BUYER']              	= $LGD_BUYER;							// 요청자 성명
+$payReqMap['LGD_BUYERSSN']              = $LGD_BUYERSSN;           				// 요청자 생년월일 / 사업자번호
+
+$payReqMap['LGD_NAMECHECKYN']           = $LGD_NAMECHECKYN;           			// 계좌실명확인여부
+$payReqMap['LGD_HOLDCHECKYN']           = $LGD_HOLDCHECKYN;           			// 휴대폰본인확인 SMS발송 여부
+$payReqMap['LGD_MOBILE_SUBAUTH_SITECD'] = $LGD_MOBILE_SUBAUTH_SITECD;           // 신용평가사에서 부여받은 회원사 고유 코드
+
+$payReqMap['LGD_CUSTOM_SKIN'] 			= $LGD_CUSTOM_SKIN;                		// 본인확인창 SKIN
+$payReqMap['LGD_TIMESTAMP'] 			= $LGD_TIMESTAMP;                  		// 타임스탬프
+$payReqMap['LGD_CUSTOM_USABLEPAY']      = $LGD_CUSTOM_USABLEPAY;        		// [반드시 설정]상점정의 이용가능 인증수단으로 한 개의 값만 설정 (예:"ASC007")
+$payReqMap['LGD_WINDOW_TYPE']           = $LGD_WINDOW_TYPE;        				// 호출방식 (수정불가)
+$payReqMap['LGD_RETURNURL'] 			= $LGD_RETURNURL;      			   		// 응답수신페이지
+$payReqMap['LGD_VERSION'] 				= "PHP_Non-ActiveX_AuthOnly";			// 사용타입 정보(수정 및 삭제 금지): 이 정보를 근거로 어떤 서비스를 사용하는지 판단할 수 있습니다.
+ 
+
+/*Return URL에서 인증 결과 수신 시 셋팅될 파라미터 입니다.*/
+$payReqMap['LGD_RESPCODE'] 				= "";
+$payReqMap['LGD_RESPMSG'] 				= "";
+$payReqMap['LGD_AUTHONLYKEY'] 			= "";
+$payReqMap['LGD_PAYTYPE'] 				= "";
+
+$_SESSION['lgd_certify'] = $payReqMap;
 
 /*
  *************************************************
@@ -61,25 +100,54 @@ $LGD_HASHDATA   = md5($LGD_MID.$LGD_BUYERSSN.$LGD_TIMESTAMP.$LGD_MERTKEY);
 <title>LG유플러스 전자결제 본인확인서비스</title>
 <!-- 고객사 사이트가 https인 경우는 아래 http://을 https:// 으로 변경하시면 됩니다. -->
 <link rel="stylesheet" href="<?php echo G5_CSS_URL;?>/default.css">
-<script language="javascript" src="//xpay.uplus.co.kr/xpay/js/xpay_authonly.js" type="text/javascript" charset="EUC-KR"></script>
-<script>
-function do_Authonly() {
-    ret = xpay_authonly_check(document.getElementById("LGD_PAYINFO"), document.getElementById("CST_PLATFORM").value);
-    if (ret == "00"){     //ActiveX 로딩 성공
-        if(dpop.getData("LGD_RESPCODE") == "0000"){
-            document.getElementById("LGD_AUTHONLYKEY").value = dpop.getData("LGD_AUTHONLYKEY");
-            document.getElementById("LGD_PAYTYPE").value = dpop.getData("LGD_PAYTYPE");
-            //alert("인증요청을 합니다.");
-            document.getElementById("LGD_PAYINFO").submit();
-        } else {
-            alert(dpop.getData("LGD_RESPMSG"));
-        }
-    } else {
-        alert("LG유플러스 본인확인서비스를 위한 ActiveX 설치 실패\nInternet Explorer 외의 브라우저에서는 사용할 수 없습니다.");
-        //window.close();
-    }
-}
+<script language="javascript" src="<?php echo (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 'https' : 'http'; ?>://xpay.uplus.co.kr/xpay/js/xpay_crossplatform.js" type="text/javascript"></script>
+
+<script type="text/javascript">
+
+	/*
+	* 수정불가.
+	*/
+	var LGD_window_type = "<?php echo $LGD_WINDOW_TYPE;?>";
+	var lgd_form = "LGD_PAYINFO";
+	/*
+	* 수정불가.
+	*/
+	function launchCrossPlatform(){
+		
+        <?php if( G5_IS_MOBILE ){   //모바일이면 ?>
+            lgdwin = open_paymentwindow(document.getElementById(lgd_form), '<?php echo $CST_PLATFORM ?>', LGD_window_type);
+        <?php } else {  //PC 이면 ?>
+		    lgdwin = openAuthonly( document.getElementById(lgd_form), "<?php echo $CST_PLATFORM; ?>", LGD_window_type, null );
+        <?php } ?>
+
+	}
+	
+	/*
+	* FORM 명만  수정 가능
+	*/
+	function getFormObject() {
+	        return document.getElementById(lgd_form);
+	}
+	
+	function  payment_return() {
+		
+		var fDoc = lgdwin.contentWindow || lgdwin.contentDocument;
+	
+		if (fDoc.document.getElementById('LGD_RESPCODE').value == "0000") {
+			document.getElementById("LGD_AUTHONLYKEY").value = fDoc.document.getElementById('LGD_AUTHONLYKEY').value;
+			document.getElementById("LGD_PAYTYPE").value = fDoc.document.getElementById('LGD_PAYTYPE').value;
+			
+			document.getElementById(lgd_form).target = "_self";
+            document.getElementById("LGD_PAYINFO").action = "AuthOnlyRes.php";
+			document.getElementById(lgd_form).submit();
+		} else {
+			alert("LGD_RESPCODE (결과코드2) : " + fDoc.document.getElementById('LGD_RESPCODE').value + "\n" + "LGD_RESPMSG (결과메시지): " + fDoc.document.getElementById('LGD_RESPMSG').value);
+			closeIframe();
+            window.close();
+		}//end if
+	}//end payment_return
 </script>
+
 <style>
 #uplus_win {}
 .up_cmt {text-align:center; font-size:14px;}
@@ -92,22 +160,15 @@ function do_Authonly() {
 </style>
 </head>
 <body>
-<form method="post" id="LGD_PAYINFO" action="<?php echo G5_LGXPAY_URL; ?>/AuthOnlyRes.php">
-<input type="hidden" name="CST_MID" id="CST_MID" value="<?php echo $CST_MID; ?>" />
-<input type="hidden" name="LGD_MID" id="LGD_MID" value="<?php echo $LGD_MID; ?>"/>
-<input type="hidden" name="CST_PLATFORM" id="CST_PLATFORM" value="<?php echo $CST_PLATFORM; ?>"/>
-<input type="hidden" name="LGD_BUYERSSN" value="<?php echo $LGD_BUYERSSN; ?>"/>
-<input type="hidden" name="LGD_BUYER" value="<?php echo $LGD_BUYER; ?>"/>
-<input type="hidden" name="LGD_MOBILE_SUBAUTH_SITECD" value="<?php echo  $LGD_MOBILE_SUBAUTH_SITECD; ?>"/>
-<input type="hidden" name="LGD_TIMESTAMP" value="<?php echo $LGD_TIMESTAMP; ?>"/>
-<input type="hidden" name="LGD_HASHDATA" value="<?php echo $LGD_HASHDATA; ?>"/>
-<input type="hidden" name="LGD_NAMECHECKYN" value="N">
-<input type="hidden" name="LGD_HOLDCHECKYN" value="Y">
-<input type="hidden" name="LGD_CUSTOM_SKIN" value="red">
-<input type="hidden" name="LGD_CUSTOM_FIRSTPAY" value="ASC007">
-<input type="hidden" name="LGD_CUSTOM_USABLEPAY" value="ASC007">
-<input type="hidden" name="LGD_PAYTYPE" id="LGD_PAYTYPE"/>
-<input type="hidden" name="LGD_AUTHONLYKEY" id="LGD_AUTHONLYKEY"/>
+
+<form method="post" name ="LGD_PAYINFO" id="LGD_PAYINFO" action="<?php echo G5_LGXPAY_URL; ?>/AuthOnlyRes.php">
+<input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
+<?php
+foreach ($payReqMap as $key => $value) {
+    echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
+}
+?>
+
 </form>
 
 <div id="uplus_win" class="new_win mbskin">
@@ -123,7 +184,7 @@ function do_Authonly() {
     </div>
 </div>
 <script>
-setTimeout("do_Authonly();",300);
+setTimeout("launchCrossPlatform();", 1);
 </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/plugin/lgxpay/AuthOnlyRes.php b/plugin/lgxpay/AuthOnlyRes.php
index 96b7256d6..df5baea1f 100644
--- a/plugin/lgxpay/AuthOnlyRes.php
+++ b/plugin/lgxpay/AuthOnlyRes.php
@@ -156,7 +156,15 @@ if ($xpay->TX()) {
         //인증요청 결과 실패 DB처리
         //echo "인증요청 결과 실패 DB처리하시기 바랍니다.<br>";
 
-        alert_close('인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg());
+        if( G5_IS_MOBILE ){
+            echo '<script>'.PHP_EOL;
+            echo 'window.parent.$("#cert_info").css("display", "");'.PHP_EOL;
+            echo 'window.parent.$("#lgu_cert" ).css("display", "none");'.PHP_EOL;
+            echo 'alert("인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg().'")';
+            echo '</script>'.PHP_EOL;
+        } else {
+            alert_close('인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg());
+        }
         exit;
     }
 } else {
@@ -170,14 +178,31 @@ if ($xpay->TX()) {
     echo "인증요청 결과 실패 DB처리하시기 바랍니다.<br>";
     */
 
-    alert_close('인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg());
+    if( G5_IS_MOBILE ){
+        echo '<script>'.PHP_EOL;
+        echo 'window.parent.$("#cert_info").css("display", "");'.PHP_EOL;
+        echo 'window.parent.$("#lgu_cert" ).css("display", "none");'.PHP_EOL;
+        echo 'alert("인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg().'")';
+        echo '</script>'.PHP_EOL;
+    } else {
+        alert_close('인증요청이 실패하였습니다.\\n\\n코드 : '.$xpay->Response_Code().'  '.$xpay->Response_Msg());
+    }
     exit;
 }
 ?>
 
 <script>
-$(function() {
+jQuery(function($) {
+    
     var $opener = window.opener;
+    var is_mobile = false;
+
+    if (typeof g5_is_mobile != "undefined" && g5_is_mobile ) {
+        $opener = window.parent;
+        is_mobile = true;
+    } else {
+        $opener = window.opener;
+    }
 
     // 인증정보
     $opener.$("input[name=cert_type]").val("<?php echo $cert_type; ?>");
@@ -185,6 +210,11 @@ $(function() {
     $opener.$("input[name=mb_hp]").val("<?php echo $phone_no; ?>").attr("readonly", true);
     $opener.$("input[name=cert_no]").val("<?php echo $md5_cert_no; ?>");
 
+    if(is_mobile) {
+        $opener.$("#cert_info").css("display", "");
+        $opener.$("#lgu_cert" ).css("display", "none");
+    }
+
     alert("본인의 휴대폰번호로 확인 되었습니다.");
     window.close();
 });
@@ -192,4 +222,4 @@ $(function() {
 
 <?php
 include_once(G5_PATH.'/tail.sub.php');
-?>
+?>
\ No newline at end of file
diff --git a/plugin/lgxpay/returnurl.php b/plugin/lgxpay/returnurl.php
new file mode 100644
index 000000000..e0cd0a37b
--- /dev/null
+++ b/plugin/lgxpay/returnurl.php
@@ -0,0 +1,65 @@
+<?php
+include_once('./_common.php');
+
+/*
+  payreq_crossplatform 에서 세션에 저장했던 파라미터 값이 유효한지 체크
+  세션 유지 시간(로그인 유지시간)을 적당히 유지 하거나 세션을 사용하지 않는 경우 DB처리 하시기 바랍니다.
+*/
+if(!isset($_SESSION['lgd_certify'])){
+    echo '세션이 만료 되었거나 유효하지 않은 요청 입니다.';
+    return;
+}
+
+$payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했던 파라미터 MAP
+?>
+<html>
+<head>
+	<script type="text/javascript">
+
+		function setLGDResult() {
+                
+                <?php if ( G5_IS_MOBILE ) {  // 모바일이면 ?>
+                
+                var lgd_form = document.getElementById('LGD_RETURNINFO');
+                
+                lgd_form.action = "AuthOnlyRes.php";
+                lgd_form.submit();
+
+                <?php } else {  // PC 이면 ?>
+                parent.payment_return();
+                <?php } ?>
+			try {
+			} catch (e) {
+				alert(e.message);
+			}
+		}
+
+	</script>
+</head>
+<body onload="setLGDResult()">
+<?php
+  $LGD_RESPCODE = $_POST['LGD_RESPCODE'];
+  $LGD_RESPMSG 	= iconv("EUC-KR","UTF-8",$_POST['LGD_RESPMSG']);
+  $LGD_AUTHONLYKEY		= "";	
+  $LGD_PAYTYPE			= "";
+
+  $payReqMap['LGD_RESPCODE'] = $LGD_RESPCODE;
+  $payReqMap['LGD_RESPMSG']	 = $LGD_RESPMSG;
+
+  if($LGD_RESPCODE == "0000"){
+	  $payReqMap['LGD_AUTHONLYKEY'] = isset($_POST['LGD_AUTHONLYKEY']) ? $_POST['LGD_AUTHONLYKEY'] : '';
+	  $payReqMap['LGD_PAYTYPE'] 	= isset($_POST['LGD_PAYTYPE']) ? $_POST['LGD_PAYTYPE'] : '';
+  }
+  else{
+	  echo "LGD_RESPCODE:" + $LGD_RESPCODE + " ,LGD_RESPMSG:" + $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가
+  }
+?>
+<form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
+<?php
+	  foreach ($payReqMap as $key => $value) {
+      echo "<input type='hidden' name='$key' id='$key' value='$value'>";
+    }
+?>
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/member/basic/register_form.skin.php b/theme/basic/mobile/skin/member/basic/register_form.skin.php
index db17e0fa2..595c0bfb2 100644
--- a/theme/basic/mobile/skin/member/basic/register_form.skin.php
+++ b/theme/basic/mobile/skin/member/basic/register_form.skin.php
@@ -60,7 +60,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 if($config['cf_cert_use']) {
                     if($config['cf_cert_ipin'])
                         echo '<button type="button" id="win_ipin_cert" class="btn_frmline">아이핀 본인확인</button>'.PHP_EOL;
-                    if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg')
+                    if($config['cf_cert_hp'])
                         echo '<button type="button" id="win_hp_cert" class="btn_frmline">휴대폰 본인확인</button>'.PHP_EOL;
 
                     echo '<noscript>본인확인을 위해서는 자바스크립트 사용이 가능해야합니다.</noscript>'.PHP_EOL;
@@ -288,6 +288,10 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                     $cert_url = G5_KCPCERT_URL.'/kcpcert_form.php';
                     $cert_type = 'kcp-hp';
                     break;
+                case 'lg':
+                    $cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php';
+                    $cert_type = 'lg-hp';
+                    break;
                 default:
                     echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");';
                     echo 'return false;';

From 94cb7f7956853a53c47c1f54c79af8aa21d52d7b Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 6 Sep 2017 14:30:55 +0900
Subject: [PATCH 16/20] =?UTF-8?q?lgu=20=EB=B3=B8=EC=9D=B8=ED=99=95?=
 =?UTF-8?q?=EC=9D=B8=20=EC=BD=94=EB=93=9C=20=EC=9D=BC=EB=B6=80=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/lgxpay/AuthOnlyReq.php | 4 ++--
 plugin/lgxpay/AuthOnlyRes.php | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index 9f08230d2..f8c42b1b6 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -19,10 +19,10 @@ $CST_MID                    = 'si_'.$config['cf_lg_mid'];       // 상점아이
                                                                 //테스트 아이디는 't'를 반드시 제외하고 입력하세요.
 $LGD_MID                    = (('test' == $CST_PLATFORM) ? 't':'').$CST_MID;  //상점아이디(자동생성)
 $LGD_BUYER                  = '홍길동';                         // 성명 (보안을 위해 DB난 세션에서 가져오세요)
-$LGD_BUYERSSN               = '0000000000000';                  // 주민등록번호 (보안을 위해 DB나 세션에서 가져오세요)
+$LGD_BUYERSSN               = '000000';                  // 주민등록번호 (보안을 위해 DB나 세션에서 가져오세요)
                                                                 // 휴대폰 본인인증을 사용할 경우 주민번호는 '0' 13자리를 넘기세요. 예)0000000000000
                                                                 // 기타 인증도 사용할 경우 실 주민등록번호 (보안을 위해 DB나 세션에 저장처리 권장)
-$LGD_MOBILE_SUBAUTH_SITECD  = '';                               // 신용평가사에서 부여받은 회원사 고유 코드
+$LGD_MOBILE_SUBAUTH_SITECD  = '123456789abc';                               // 신용평가사에서 부여받은 회원사 고유 코드
                                                                 //  (CI값만 필요한 경우 옵션, DI값도 필요한 경우 필수)
 $LGD_TIMESTAMP              = date('YmdHis');                   // 타임스탬프 (YYYYMMDDhhmmss)
 $LGD_CUSTOM_SKIN            = 'red';                            // 상점정의 인증창 스킨 (red, blue, cyan, green, yellow)
diff --git a/plugin/lgxpay/AuthOnlyRes.php b/plugin/lgxpay/AuthOnlyRes.php
index df5baea1f..cc6b882cc 100644
--- a/plugin/lgxpay/AuthOnlyRes.php
+++ b/plugin/lgxpay/AuthOnlyRes.php
@@ -66,6 +66,7 @@ include_once(G5_PATH.'/head.sub.php');
  */
 if ($xpay->TX()) {
     //1)인증결과 화면처리(성공,실패 결과 처리를 하시기 바랍니다.)
+    
     /*
     echo "인증요청이 완료되었습니다.  <br>";
     echo "TX Response_code = " . $xpay->Response_Code() . "<br>";
@@ -76,7 +77,7 @@ if ($xpay->TX()) {
         echo $name . " = " . $xpay->Response($name, 0) . "<br>";
     }
 
-    echo "<p>";
+    echo "</p>";
     */
 
     // 인증내역기록

From 36fff814bf588307c877d65277283abea9a11225 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 6 Sep 2017 16:38:23 +0900
Subject: [PATCH 17/20] =?UTF-8?q?get=5Fsock=20=ED=95=A8=EC=88=98=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 72801dc7f..4f86541d3 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2666,7 +2666,10 @@ if (!function_exists("get_sock")) {
         $fp = fsockopen ($host, 80, $errno, $errstr, 30);
         if (!$fp)
         {
-            die("$errstr ($errno)\n");
+            //die("$errstr ($errno)\n");
+
+            echo "$errstr ($errno)\n";
+            return null;
         }
         else
         {

From 7e5e973d09b6d7a7020055ab794c061228607cfe Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 6 Sep 2017 17:07:11 +0900
Subject: [PATCH 18/20] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EB=8B=A4?=
 =?UTF-8?q?=EC=A4=91=20=EC=B7=A8=EC=95=BD=EC=A0=90(=2017-0556=20)=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/sns/facebook/tests/tests.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugin/sns/facebook/tests/tests.php b/plugin/sns/facebook/tests/tests.php
index d261cce11..e0777e54f 100644
--- a/plugin/sns/facebook/tests/tests.php
+++ b/plugin/sns/facebook/tests/tests.php
@@ -15,6 +15,10 @@
  * under the License.
  */
 
+if( ! class_exists('PHPUnit_Framework_TestCase') ){
+    return;
+}
+
 class PHPSDKTestCase extends PHPUnit_Framework_TestCase {
   const APP_ID = '117743971608120';
   const SECRET = '9c8ea2071859659bea1246d33a9207cf';

From 277ce801e685bd971d0b529b95d3cee33fa1330e Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 7 Sep 2017 10:05:14 +0900
Subject: [PATCH 19/20] =?UTF-8?q?=EC=9B=90=EA=B2=A9=20=EC=BD=94=EB=93=9C?=
 =?UTF-8?q?=20=EC=8B=A4=ED=96=89=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=20(=2017-0524,525=20)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install/install_config.php | 22 ++++++++++++++++++++++
 install/install_db.php     | 20 +++++++++++++++-----
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/install/install_config.php b/install/install_config.php
index facb68255..a6581af2d 100644
--- a/install/install_config.php
+++ b/install/install_config.php
@@ -140,6 +140,28 @@ function frm_install_submit(f)
         alert('최고관리자 E-mail 을 입력하십시오.'); f.admin_email.focus(); return false;
     }
 
+    var reg = /^\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)/gi;
+    var reg_msg = " 에 유효하지 않는 문자가 있습니다. 다른 문자로 대체해 주세요.";
+
+    if( reg.test(f.mysql_host.value) ){
+        alert('MySQL Host'+reg_msg); f.mysql_host.focus(); return false;
+    }
+
+    if( reg.test(f.mysql_user.value) ){
+        alert('MySQL User'+reg_msg); f.mysql_user.focus(); return false;
+    }
+
+    if( f.mysql_pass.value && reg.test(f.mysql_pass.value) ){
+        alert('MySQL PASSWORD'+reg_msg); f.mysql_pass.focus(); return false;
+    }
+
+    if( reg.test(f.mysql_db.value) ){
+        alert('MySQL DB'+reg_msg); f.mysql_db.focus(); return false;
+    }
+
+    if( f.table_prefix.value && reg.test(f.table_prefix.value) ){
+        alert('TABLE명 접두사'+reg_msg); f.table_prefix.focus(); return false;
+    }
 
     if(/^[a-z][a-z0-9]/i.test(f.admin_id.value) == false) {
         alert('최고관리자 회원 ID는 첫자는 반드시 영문자 그리고 영문자와 숫자로만 만드셔야 합니다.');
diff --git a/install/install_db.php b/install/install_db.php
index e436263e1..1612d09b6 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -12,16 +12,26 @@ header('Pragma: no-cache'); // HTTP/1.0
 include_once ('../config.php');
 include_once ('../lib/common.lib.php');
 
+if( ! function_exists('safe_install_string_check') ){
+    function safe_install_string_check( $str ) {
+        if(preg_match('#^\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)#i', $str)) {
+            die("입력한 값에 안전하지 않는 문자가 포함되어 있습니다. 설치를 중단합니다.");
+        }
+
+        return $str;
+    }
+}
+
 $title = G5_VERSION." 설치 완료 3/3";
 include_once ('./install.inc.php');
 
 //print_r($_POST); exit;
 
-$mysql_host  = $_POST['mysql_host'];
-$mysql_user  = $_POST['mysql_user'];
-$mysql_pass  = $_POST['mysql_pass'];
-$mysql_db    = $_POST['mysql_db'];
-$table_prefix= $_POST['table_prefix'];
+$mysql_host  = safe_install_string_check($_POST['mysql_host']);
+$mysql_user  = safe_install_string_check($_POST['mysql_user']);
+$mysql_pass  = safe_install_string_check($_POST['mysql_pass']);
+$mysql_db    = safe_install_string_check($_POST['mysql_db']);
+$table_prefix= safe_install_string_check($_POST['table_prefix']);
 $admin_id    = $_POST['admin_id'];
 $admin_pass  = $_POST['admin_pass'];
 $admin_name  = $_POST['admin_name'];

From dbe131633a2ab6d10ff5e41c368337d57cb63225 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 7 Sep 2017 10:36:38 +0900
Subject: [PATCH 20/20] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=95=98?=
 =?UTF-8?q?=EB=8B=A8=EC=97=90=20=EB=B2=84=EC=A0=84=20=EC=A0=95=EB=B3=B4=20?=
 =?UTF-8?q?=ED=91=9C=EC=8B=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.tail.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/adm/admin.tail.php b/adm/admin.tail.php
index 16412fc61..d7a359226 100644
--- a/adm/admin.tail.php
+++ b/adm/admin.tail.php
@@ -1,5 +1,7 @@
 <?php
 if (!defined('_GNUBOARD_')) exit;
+
+$print_version = (defined('G5_IS_SHOP_ADMIN_PAGE') && defined('G5_YOUNGCART_VER')) ? 'Cart Version '.G5_YOUNGCART_VER : 'Version '.G5_GNUBOARD_VER;
 ?>
 
         <noscript>
@@ -14,7 +16,7 @@ if (!defined('_GNUBOARD_')) exit;
 
 <footer id="ft">
     <p>
-        Copyright &copy; <?php echo $_SERVER['HTTP_HOST']; ?>. All rights reserved.<br>
+        Copyright &copy; <?php echo $_SERVER['HTTP_HOST']; ?>. All rights reserved. <?php echo $print_version; ?><br>
         <a href="#">상단으로</a>
     </p>
 </footer>