Merge branch 'develop' of github.com:gnuboard/gnuboard5 into develop

2022-03-22 12:51:28 +09:00
parent 4ad2f60c34 84a065c31b
commit 15d13e2fbc
8 changed files with 19 additions and 10 deletions
--- a/bbs/memo.php
+++ b/bbs/memo.php
@ -16,8 +16,7 @@ if ($kind == 'recv')
 else if ($kind == 'send')
    $unkind = 'recv';
 else {
-    $kind = clean_xss_tags(trim($kind));
-    alert(''.$kind .'값을 넘겨주세요.');
+    alert("kind 변수 값이 올바르지 않습니다.");
 }

 if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@ -221,6 +221,9 @@ if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject']))

 $wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id);

+$options = array($html,$secret,$mail);
+$wr_option = implode(',', array_filter($options, function($v) { return trim($v); }));
+
 if ($w == '' || $w == 'r') {

    if ($member['mb_id']) {
@ -258,7 +261,7 @@ if ($w == '' || $w == 'r') {
                     wr_reply = '$wr_reply',
                     wr_comment = 0,
                     ca_name = '$ca_name',
-                     wr_option = '$html,$secret,$mail',
+                     wr_option = '$wr_option',
                     wr_subject = '$wr_subject',
                     wr_content = '$wr_content',
                     wr_seo_title = '$wr_seo_title',
@ -380,7 +383,7 @@ if ($w == '' || $w == 'r') {

    $sql = " update {$write_table}
                set ca_name = '{$ca_name}',
-                     wr_option = '{$html},{$secret},{$mail}',
+                     wr_option = '{$wr_option}',
                     wr_subject = '{$wr_subject}',
                     wr_content = '{$wr_content}',
                     wr_seo_title = '$wr_seo_title',
--- a/config.php
+++ b/config.php
@ -229,7 +229,8 @@ define('G5_VISIT_BROWSCAP_USE', false);
 */
 define('G5_IP_DISPLAY', '\\1.♡.\\3.\\4');

-if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') {   //https 통신일때 daum 주소 js
+if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || 
+    (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']==='https')) {   //https 통신일때 daum 주소 js
    define('G5_POSTCODE_JS', '<script src="https://spi.maps.daum.net/imap/map_js_init/postcode.v2.js"></script>');
 } else {  //http 통신일때 daum 주소 js
    define('G5_POSTCODE_JS', '<script src="http://dmaps.daum.net/map_js_init/postcode.v2.js"></script>');
--- a/mobile/shop/lg/mispwapurl.php
+++ b/mobile/shop/lg/mispwapurl.php
@ -2,7 +2,7 @@
 // 해당 페이지는 사용자가 ISP{국민/BC) 카드 결제를 성공하였을 때, 사용자에게 보여지는 페이지입니다.
 include_once('./_common.php');

-$LGD_OID    = $_GET['LGD_OID'];
+$LGD_OID    = clean_xss_tags($_GET['LGD_OID']);

 echo "LGD_OID = ".$LGD_OID;

--- a/shop/inicis/libs/HttpClient.php
+++ b/shop/inicis/libs/HttpClient.php
@ -32,6 +32,12 @@ class HttpClient {
        $data = substr($data, 1); // remove leading "&"
        $url_data = parse_url($url);

+        // host 가 inicis.com 의 주소가 아니라면 false 반환
+        // [scheme] => https, [host] => fcstdpay.inicis.com, [path] => /api/payAuth
+        if (preg_match("#inicis\.com$#", $url_data["host"]) == false) {
+            // error_log(print_r($url_data, 1));
+            return false;
+        }

        if ($url_data["scheme"] == "https") {
            $this->ssl = "ssl://";
--- a/shop/settle_inicis_common.php
+++ b/shop/settle_inicis_common.php
@ -14,7 +14,7 @@ $INIpayLog  = false;                  // 로그를 기록하려면 true 로 수

 //**********************************************************************************

-$PG_IP = $_SERVER['REMOTE_ADDR'];
+$PG_IP = get_real_client_ip();

 if( $PG_IP == "203.238.37.3" || $PG_IP == "203.238.37.15" || $PG_IP == "203.238.37.16" || $PG_IP == "203.238.37.25" || $PG_IP == "39.115.212.9" )  //PG에서 보냈는지 IP로 체크
 {
--- a/shop/settle_lg_common.php
+++ b/shop/settle_lg_common.php
@ -80,7 +80,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면

            $result = false;

-            if($row['pp_id']) {
+            if(isset($row['pp_id']) && $row['pp_id']) {
                // 개인결제 UPDATE
                $sql = " update {$g5['g5_shop_personalpay_table']}
                            set pp_receipt_price = '$LGD_AMOUNT',
@ -113,7 +113,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면
            }

            if($result) {
-                if($row['od_id'])
+                if(isset($row['od_id']) && $row['od_id'])
                    $od_id = $row['od_id'];
                else
                    $od_id = $LGD_OID;
--- a/theme/basic/css/default.css
+++ b/theme/basic/css/default.css
@ -169,7 +169,7 @@ box-shadow:0 2px 5px rgba(0,0,0,0.2)}
 #container_wr {margin:0 auto;zoom:1}
 #aside {float:right;width:235px;padding:0;height:100%;margin:20px 0 20px 20px}

-#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;height:500px;font-size:1em;width:930px;zoom:1}
+#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;font-size:1em;width:930px;zoom:1}
 #container:after {display:block;visibility:hidden;clear:both;content:""}
 #container_title {font-size:1.333em;margin:0 auto;font-weight:bold}
 #container_title span {margin:0 auto 10px;display:block;line-height:30px}