From 136be871b54fec843824d0f8e8adb5fa1f22dbc6 Mon Sep 17 00:00:00 2001
From: gnuboard <kagla@naver.com>
Date: Tue, 19 Mar 2013 10:49:05 +0900
Subject: [PATCH] =?UTF-8?q?ie=209=20=EC=9D=B4=EC=83=81=20=EB=B0=98?=
 =?UTF-8?q?=EC=98=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/visit_insert.inc.php | 11 ++++++-----
 lib/visit.lib.php        |  7 +------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index 302c9d58f..243837339 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -2,19 +2,20 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
 
 // 컴퓨터의 아이피와 쿠키에 저장된 아이피가 다르다면 테이블에 반영함
-if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) {
+if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) 
+{
     set_cookie('ck_visit_ip', $_SERVER['REMOTE_ADDR'], 86400); // 하루동안 저장
 
     $tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g4['visit_table']} ");
     $vi_id = $tmp_row['max_vi_id'] + 1;
 
     // $_SERVER 배열변수 값의 변조를 이용한 SQL Injection 공격을 막는 코드입니다. 110810
-    $remote_addr = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
+    $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
-        $referer     = mysql_real_escape_string($_SERVER['HTTP_REFERER']);
-    $user_agent  = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);
-    $sql = " insert {$g4['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G4_TIME_YMD."', '{$g4['time_his']}', '{$referer}', '{$user_agent}' ) ";
+        $referer = escape_trim($_SERVER['HTTP_REFERER']);
+    $user_agent  = escape_trim($_SERVER['HTTP_USER_AGENT']);
+    $sql = " insert {$g4['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G4_TIME_YMD."', '".G4_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";
 
     $result = sql_query($sql, FALSE);
     // 정상으로 INSERT 되었다면 방문자 합계에 반영
diff --git a/lib/visit.lib.php b/lib/visit.lib.php
index 700780c70..9c28f0da8 100644
--- a/lib/visit.lib.php
+++ b/lib/visit.lib.php
@@ -40,12 +40,7 @@ function get_brow($agent)
 
     //echo $agent; echo "<br/>";
 
-    if (preg_match("/msie 5.0[0-9]*/", $agent))         { $s = "MSIE 5.0"; }
-    else if(preg_match("/msie 5.5[0-9]*/", $agent))     { $s = "MSIE 5.5"; }
-    else if(preg_match("/msie 6.0[0-9]*/", $agent))     { $s = "MSIE 6.0"; }
-    else if(preg_match("/msie 7.0[0-9]*/", $agent))     { $s = "MSIE 7.0"; }
-    else if(preg_match("/msie 8.0[0-9]*/", $agent))     { $s = "MSIE 8.0"; }
-    else if(preg_match("/msie 4.[0-9]*/", $agent))      { $s = "MSIE 4.x"; }
+    if (preg_match("/msie ([1-9][0-9]\.[0-9]+)/", $agent, $m)) { $s = 'MSIE '.$m[1]; }
     else if(preg_match("/firefox/", $agent))            { $s = "FireFox"; }
     else if(preg_match("/chrome/", $agent))             { $s = "Chrome"; }
     else if(preg_match("/x11/", $agent))                { $s = "Netscape"; }