firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge remote-tracking branch '그누보드/master'

Browse Source 
# Conflicts:
#	adm/shop_admin/orderform.php
#	bbs/register_form_update.php
#	lib/common.lib.php
#	mobile/shop/personalpayform.sub.php
#	plugin/htmlpurifier/extend.video.php
#	plugin/kcaptcha/kcaptcha.lib.php
#	shop/orderformupdate.php
#	skin/social/social_register_member.skin.php
#	version.php
This commit is contained in:
KWON
2025-11-25 16:06:26 +09:00
parent c0a22f2fa4 e26fb62f5d
commit 1ed02c8f3c
119 changed files with 7445 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/common.lib.php
View File

@ -257,7 +257,13 @@ function url_auto_link($str)
{
global $g5;
global $config;
if ($replace_str = run_replace('url_auto_link_before', '', $str)) {
return $replace_str;
}
$ori_str = $str;
// 140326 유창화님 제안코드로 수정
// http://sir.kr/pg_lecture/461
// http://sir.kr/pg_lecture/463
@ -290,7 +296,7 @@ function url_auto_link($str)
$str = preg_replace("/\t_gt_\t/", ">", $str);
*/
return run_replace('url_auto_link', $str);
return run_replace('url_auto_link', $str, $ori_str);
}
@ -1131,7 +1137,11 @@ function insert_point($mb_id, $point, $content='', $rel_table='', $rel_id='', $r
function insert_use_point($mb_id, $point, $po_id='')
{
global $g5, $config;
if ($replace_insert = run_replace('insert_use_point_before', '', $mb_id, $point, $po_id)) {
return $replace_insert;
}
if($config['cf_point_term'])
$sql_order = " order by po_expire_date asc, po_id asc ";
else
@ -3411,6 +3421,9 @@ function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len
$result = preg_replace('#([^\p{L}]|^)(?:javascript|jar|applescript|vbscript|vbs|wscript|jscript|behavior|mocha|livescript|view-source)\s*:(?:.*?([/\\\;()\'">]|$))#ius',
'$1$2', $result);
// 따옴표 + 속성으로 강제 진입 차단 (예: "style=..., 'onerror=...)
$result = preg_replace('/["\']\s*(?:on\w+|style)\s*=\s*/i', '', $result);
if((string)$result === (string)$str) break;
$str = $result;
@ -3667,6 +3680,10 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
alert('url 에 올바르지 않은 값이 포함되어 있습니다.');
}
if (preg_match('#//[^/@]+@#', $url)) {
alert('url에 사용자 정보가 포함되어 있어 접근할 수 없습니다.');
}
while ( ( $replace_url = preg_replace(array('/\/{2,}/', '/\\@/'), array('//', ''), urldecode($url)) ) != $url ) {
$url = $replace_url;
}
@ -4224,8 +4241,8 @@ function is_include_path_check($path='', $is_input='')
//echo 'Caught exception: ', $e->getMessage(), "\n";
return false;
}
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
if (preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) || preg_match('/pe(?:ar|cl)(?:cmd)?\.php/i', $replace_path)){
return false;
}
if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) || (preg_match('/search\.skin\.php/i', $replace_path) ) ){

1
lib/pbkdf2.compat.php
View File

@ -50,6 +50,7 @@ function create_hash($password, $force_compat = false)
$salt = base64_encode(mcrypt_create_iv(PBKDF2_COMPAT_SALT_BYTES, MCRYPT_DEV_URANDOM));
} elseif (@file_exists('/dev/urandom') && $fp = @fopen('/dev/urandom', 'r')) {
$salt = base64_encode(fread($fp, PBKDF2_COMPAT_SALT_BYTES));
fclose($fp); // 파일 닫기
} else {
$salt = '';
for ($i = 0; $i < PBKDF2_COMPAT_SALT_BYTES; $i += 2) {

10
lib/shop.lib.php
View File

@ -1010,7 +1010,7 @@ function get_item_options($it_id, $subject, $is_div='', $is_first_option_title='
for($k=0; $k<$opt_count; $k++) {
$opt_val = $opt[$k];
if(strlen($opt_val)) {
$select .= '<option value="'.$opt_val.'">'.$opt_val.'</option>'.PHP_EOL;
$select .= '<option value="'.get_text($opt_val).'">'.get_text($opt_val).'</option>'.PHP_EOL;
}
}
$select .= '</select>'.PHP_EOL;
@ -1046,7 +1046,7 @@ function get_item_options($it_id, $subject, $is_div='', $is_first_option_title='
else
$soldout = '';
$select .= '<option value="'.$row['io_id'].','.$row['io_price'].','.$row['io_stock_qty'].'">'.$row['io_id'].$price.$soldout.'</option>'.PHP_EOL;
$select .= '<option value="'.get_text($row['io_id']).','.$row['io_price'].','.$row['io_stock_qty'].'">'.get_text($row['io_id']).$price.$soldout.'</option>'.PHP_EOL;
}
$select .= '</select>'.PHP_EOL;
@ -1101,7 +1101,7 @@ function get_item_supply($it_id, $subject, $is_div='', $is_first_option_title=''
else
$soldout = '';
$options[$opt_id[0]][] = '<option value="'.$opt_id[1].','.$row['io_price'].','.$io_stock_qty.'">'.$opt_id[1].$price.$soldout.'</option>';
$options[$opt_id[0]][] = '<option value="'.get_text($opt_id[1]).','.$row['io_price'].','.$io_stock_qty.'">'.get_text($opt_id[1]).$price.$soldout.'</option>';
}
}
@ -1122,7 +1122,7 @@ function get_item_supply($it_id, $subject, $is_div='', $is_first_option_title=''
$first_option_title = $is_first_option_title ? $subj[$i] : '선택';
$select = '<select id="it_supply_'.$seq.'" class="it_supply">'.PHP_EOL;
$select .= '<option value="">'.$first_option_title.'</option>'.PHP_EOL;
$select .= '<option value="">'.get_text($first_option_title).'</option>'.PHP_EOL;
for($k=0; $k<$opt_count; $k++) {
$opt_val = $opt[$k];
if($opt_val) {
@ -2823,7 +2823,7 @@ function check_pay_name_replace($payname, $od=array(), $is_client=0){
} else if( isset($od['od_pg']) && $od['od_pg'] === 'inicis' ){
return 'KPAY';
} else if( isset($od['od_pg']) && $od['od_pg'] === 'kcp' ){
if( isset($od['od_other_pay_type']) && $od['od_other_pay_type'] === 'OT16' ){
if( isset($od['od_other_pay_type']) && ($od['od_other_pay_type'] === 'OT16' || $od['od_other_pay_type'] === 'NHNKCP_NAVERMONEY')){
return '네이버페이_NHNKCP'.$add_str;
} else if( isset($od['od_other_pay_type']) && ($od['od_other_pay_type'] === 'OT13' || $od['od_other_pay_type'] === 'NHNKCP_KAKAOMONEY') ){
return '카카오페이_NHNKCP'.$add_str;