From 78d5dce761f14a22345632e5324bfa3fcc769acd Mon Sep 17 00:00:00 2001
From: 39hn <admin@the.gg>
Date: Wed, 10 Aug 2022 13:05:17 +0900
Subject: [PATCH 1/8] =?UTF-8?q?fix:=20=ED=83=9D=EB=B0=B0=EC=82=AC=20?=
 =?UTF-8?q?=EB=B0=B0=EC=86=A1=EC=A1=B0=ED=9A=8C=20=EC=A3=BC=EC=86=8C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

대신택배, 우체국, 한진택배, CVSnet편의점택배, 건영택배 주소 수정
---
 extend/shop.extend.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/extend/shop.extend.php b/extend/shop.extend.php
index c0feded8a..9ee29b3a8 100644
--- a/extend/shop.extend.php
+++ b/extend/shop.extend.php
@@ -9,19 +9,19 @@ if (!defined('G5_USE_SHOP') || !G5_USE_SHOP) return;
 */
 define('G5_DELIVERY_COMPANY',
      '(경동택배^https://kdexp.com/basicNewDelivery.kd?barcode=^080-873-2178)'
-    .'(대신택배^http://home.daesinlogistics.co.kr/daesin/jsp/d_freight_chase/d_general_process2.jsp?billno1=^043-222-4582)'
+    .'(대신택배^https://www.ds3211.co.kr/freight/internalFreightSearch.ht?billno=^043-222-4582)'
     .'(동부택배^http://www.dongbups.com/delivery/delivery_search_view.jsp?item_no=^1588-8848)'
     .'(로젠택배^https://www.ilogen.com/m/personal/trace.pop/^1588-9988)'
-    .'(우체국^http://service.epost.go.kr/trace.RetrieveRegiPrclDeliv.postal?sid1=^1588-1300)'
+    .'(우체국^https://m.epost.go.kr/postal/mobile/mobile.trace.RetrieveDomRigiTraceList.comm?ems_gubun=E&sid1=^1588-1300)'
     .'(이노지스택배^http://www.innogis.co.kr/tracking_view.asp?invoice=^1566-4082)'
-    .'(한진택배^http://www.hanjin.co.kr/Delivery_html/inquiry/result_waybill.jsp?wbl_num=^1588-0011)'
+    .'(한진택배^https://www.hanjin.co.kr/kor/CMS/DeliveryMgr/WaybillResult.do?mCode=MN038&schLang=KR&wblnumText2=^1588-0011)'
     .'(롯데택배^https://www.lotteglogis.com/open/tracking?invno=^1588-2121)'
     .'(CJ대한통운^https://www.doortodoor.co.kr/parcel/doortodoor.do?fsp_action=PARC_ACT_002&fsp_cmd=retrieveInvNoACT&invc_no=^1588-1255)'
-    .'(CVSnet편의점택배^http://was.cvsnet.co.kr/_ver2/board/ctod_status.jsp?invoice_no=^1577-1287)'
+    .'(CVSnet편의점택배^https://www.cvsnet.co.kr/invoice/tracking.do?invoice_no=^1577-1287)'
     .'(KG옐로우캡택배^http://www.yellowcap.co.kr/custom/inquiry_result.asp?invoice_no=^1588-0123)'
     .'(KGB택배^http://www.kgbls.co.kr/sub5/trace.asp?f_slipno=^1577-4577)'
     .'(KG로지스^http://www.kglogis.co.kr/contents/waybill.jsp?item_no=^1588-8848)'
-    .'(건영택배^http://www.kunyoung.com/goods/goods_01.php?mulno=^031-460-2700)'
+    .'(건영택배^https://www.kunyoung.com/goods/goods_01.php?mulno=^031-460-2700)'
     .'(호남택배^http://www.honamlogis.co.kr/04estimate/songjang_list.php?c_search1=^031-376-6070)'
 );
 

From 0d02afd712a45107df0152ab074450ec8ba3e15d Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 19 Aug 2022 09:55:22 +0900
Subject: [PATCH 2/8] =?UTF-8?q?=EC=9E=A5=EB=B0=94=EA=B5=AC=EB=8B=88=20?=
 =?UTF-8?q?=EB=A0=88=EC=9D=B4=EC=96=B4=20z-index=20=EC=86=8D=EC=84=B1=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 skin/shop/basic/style.css             | 2 +-
 theme/basic/skin/shop/basic/style.css | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/skin/shop/basic/style.css b/skin/shop/basic/style.css
index 8296fdb2e..8adedd69e 100644
--- a/skin/shop/basic/style.css
+++ b/skin/shop/basic/style.css
@@ -350,7 +350,7 @@
 .smt_10 .sct_op_btn {position:absolute;right:5px;bottom:0}
 .smt_10 .sct_op_btn>button {border:0;width:25px;height:20px;font-size:1.25em;text-align:center;color:#949494;background:transparent}
 
-.sct_cartop_wr {position:absolute;top:0;left:0;z-index:3;width:100%;height:100%;padding:10px;text-align:left;background:rgba(0,0,0,0.5);opacity:0.98}
+.sct_cartop_wr {position:absolute;top:0;left:0;z-index:9999;width:100%;height:100%;padding:10px;text-align:left;background:rgba(0,0,0,0.5);opacity:0.98}
 .sct_cartop_wr .it_option {width:100%;height:35px;margin-bottom:5px;}
 .sct_cartop_wr .cartopt_cart_btn {width:100%;border:1px solid #1c70e9;padding:8px 5px;margin-bottom:5px;background:#3a8afd;color:#fff;border-radius:3px}
 .sct_cartop_wr .cartopt_close_btn {width:100%;border:1px solid #1c70e9;padding:8px 5px;background:#fff;color:#1c70e9;border-radius:3px}
diff --git a/theme/basic/skin/shop/basic/style.css b/theme/basic/skin/shop/basic/style.css
index 13e79dbb8..3ad445b6c 100644
--- a/theme/basic/skin/shop/basic/style.css
+++ b/theme/basic/skin/shop/basic/style.css
@@ -351,7 +351,7 @@
 .smt_10 .sct_op_btn {position:absolute;right:5px;bottom:0}
 .smt_10 .sct_op_btn>button {border:0;width:25px;height:20px;font-size:1.25em;text-align:center;color:#949494;background:transparent}
 
-.sct_cartop_wr {position:absolute;top:0;left:0;z-index:3;width:100%;height:100%;padding:10px;text-align:left;background:rgba(0,0,0,0.5);opacity:0.98}
+.sct_cartop_wr {position:absolute;top:0;left:0;z-index:9999;width:100%;height:100%;padding:10px;text-align:left;background:rgba(0,0,0,0.5);opacity:0.98}
 .sct_cartop_wr .it_option {width:100%;height:35px;margin-bottom:5px;}
 .sct_cartop_wr .cartopt_cart_btn {width:100%;border:1px solid #1c70e9;padding:8px 5px;margin-bottom:5px;background:#3a8afd;color:#fff;border-radius:3px}
 .sct_cartop_wr .cartopt_close_btn {width:100%;border:1px solid #1c70e9;padding:8px 5px;background:#fff;color:#1c70e9;border-radius:3px}

From 25b3d8f6edce77079b651130582ae1c48e228fa4 Mon Sep 17 00:00:00 2001
From: kjh <kjhied@gmail.com>
Date: Mon, 22 Aug 2022 15:57:20 +0900
Subject: [PATCH 3/8] =?UTF-8?q?Fix=20gnuboard/gnuboard5#200=20HTTP=5FX=5FF?=
 =?UTF-8?q?ORWARDED=5FPROTO=20=EC=A1=B0=EA=B1=B4=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/common.php b/common.php
index 84f71e8df..e32b546da 100644
--- a/common.php
+++ b/common.php
@@ -362,7 +362,12 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)
 
             // IE 브라우저 또는 엣지브라우저 또는 IOS 모바일과 http환경에서는 secure; SameSite=None을 설정하지 않습니다.
             if (isset($_SERVER['HTTP_USER_AGENT'])) {
-                if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){
+                if (preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT'])
+                    || !(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
+                    || !(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https")){
                     return $res;
                 }
             }

From 5ad2307175f2688e4b9f01eca0614d472ee2808f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 25 Aug 2022 10:10:29 +0900
Subject: [PATCH 4/8] =?UTF-8?q?=EB=A9=94=EC=9D=BC=EB=B3=B4=EB=82=B4?=
 =?UTF-8?q?=EA=B8=B0=20=EB=A9=94=EC=9D=BC=EC=A3=BC=EC=86=8C=EB=A5=BC=20?=
 =?UTF-8?q?=EB=8F=84=EB=A9=94=EC=9D=B8=EA=B3=BC=20=EB=8F=99=EC=9D=BC?=
 =?UTF-8?q?=ED=95=98=EA=B2=8C=20=EA=B6=8C=EC=9E=A5=ED=95=98=EB=8A=94=20?=
 =?UTF-8?q?=EB=AC=B8=EA=B5=AC=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.lib.php     | 10 ++++++++++
 adm/config_form.php   |  3 +++
 adm/sendmail_test.php |  5 +++++
 3 files changed, 18 insertions(+)

diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 728af6023..be1c48de0 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -421,6 +421,16 @@ function get_sanitize_input($s, $is_html = false)
     return $s;
 }
 
+function domain_mail_host($is_at=true){
+    list($domain_host,) = explode(':', $_SERVER['HTTP_HOST']);
+
+    if ('www.' === substr($domain_host, 0, 4)) {
+        $domain_host = substr($domain_host, 4);
+    }
+
+    return $is_at ? '@'.$domain_host : $domain_host;
+}
+
 function check_log_folder($log_path, $is_delete = true)
 {
 
diff --git a/adm/config_form.php b/adm/config_form.php
index 918f6ed90..6ea223ff9 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -475,6 +475,9 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                         <td colspan="3">
                             <?php echo help('관리자가 보내고 받는 용도로 사용하는 메일 주소를 입력합니다. (회원가입, 인증메일, 테스트, 회원메일발송 등에서 사용)') ?>
                             <input type="text" name="cf_admin_email" value="<?php echo get_sanitize_input($config['cf_admin_email']); ?>" id="cf_admin_email" required class="required email frm_input" size="40">
+                            <?php if (function_exists('domain_mail_host') && $config['cf_admin_email'] && stripos($config['cf_admin_email'], domain_mail_host()) === false) { ?>
+                            <?php echo help('외부메일설정이나 기타 설정을 하지 않았다면, 도메인과 다른 헤더로 여겨 스팸이나 차단될 가능성이 있습니다.<br>name'.domain_mail_host().' 과 같은 도메인 형식으로 설정할것을 권장합니다.') ?>
+                            <?php } ?>
                         </td>
                     </tr>
                     <tr>
diff --git a/adm/sendmail_test.php b/adm/sendmail_test.php
index bb7801d11..9cddfbd93 100644
--- a/adm/sendmail_test.php
+++ b/adm/sendmail_test.php
@@ -41,6 +41,7 @@ if (isset($_POST['email'])) {
         echo '해당 주소로 테스트 메일이 도착했는지 확인해 주십시오.<br>';
         echo '만약, 테스트 메일이 오지 않는다면 더 다양한 계정의 메일 주소로 메일을 보내 보십시오.<br>';
         echo '그래도 메일이 하나도 도착하지 않는다면 메일 서버(sendmail server)의 오류일 가능성이 높으니, 웹 서버관리자에게 문의하여 주십시오.<br>';
+        echo '도메인을 소유하고 있을시 SPF, DKIM 설정이 필요할수 있습니다.<br>';
         echo '</p></div>';
         echo '</section>';
     }
@@ -53,6 +54,10 @@ if (isset($_POST['email'])) {
         <p>
             메일서버가 정상적으로 동작 중인지 확인할 수 있습니다.<br>
             아래 입력칸에 테스트 메일을 발송하실 메일 주소를 입력하시면, [메일검사] 라는 제목으로 테스트 메일을 발송합니다.<br>
+            보내는 메일주소 : <?php echo get_sanitize_input($config['cf_admin_email']); ?><br>
+            <?php if (function_exists('domain_mail_host') && $config['cf_admin_email'] && stripos($config['cf_admin_email'], domain_mail_host()) === false) { ?>
+            <?php echo '외부메일설정이나 기타 설정을 하지 않았다면, 도메인과 다른 헤더로 여겨 스팸이나 차단될 가능성이 있습니다.<br>기본환경설정에서 관리자 메일 주소를 name'.domain_mail_host().' 과 같은 도메인 형식으로 설정할것을 권장합니다.'; ?>
+            <?php } ?>
         </p>
     </div>
     <form name="fsendmailtest" method="post">

From 3a59bca369a6936a2d5f0f2b13d1ae8616b6866f Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 25 Aug 2022 10:29:11 +0900
Subject: [PATCH 5/8] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=9A=8C?=
 =?UTF-8?q?=EC=9B=90=20=EC=88=98=EC=A0=95=EC=97=90=EC=84=9C=20=EA=B4=80?=
 =?UTF-8?q?=EB=A6=AC=EC=9E=90=EB=8A=94=20=ED=83=88=ED=87=B4=EC=9D=BC?=
 =?UTF-8?q?=EC=9E=90=20=EB=98=90=EB=8A=94=20=EC=A0=91=EA=B7=BC=EC=B0=A8?=
 =?UTF-8?q?=EB=8B=A8=EC=9D=BC=EC=9E=90=EB=A5=BC=20=EC=A0=81=EC=9A=A9?=
 =?UTF-8?q?=EB=AA=BB=ED=95=98=EA=B2=8C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/member_form_update.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/adm/member_form_update.php b/adm/member_form_update.php
index 2cc714327..55b8a58a0 100644
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@@ -158,7 +158,13 @@ if ($w == '') {
     }
 
     if ($mb_id === $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level']) {
-        alert($mb['mb_id'] . ' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
+        alert($mb['mb_id'] . ' : 로그인 중인 관리자 레벨은 수정할 수 없습니다.');
+    }
+
+    if ($posts['mb_leave_date'] || $posts['mb_intercept_date']){
+        if ($member['mb_id'] === $mb['mb_id'] || is_admin($mb['mb_id']) === 'super'){
+            alert('해당 관리자의 탈퇴 일자 또는 접근 차단 일자를 수정할 수 없습니다.');
+        }
     }
 
     // 닉네임중복체크

From 1bca642b33b58fcc6764a6d119180394cfd0859e Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 1 Sep 2022 15:05:41 +0900
Subject: [PATCH 6/8] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=20=EC=BF=A0?=
 =?UTF-8?q?=ED=8F=B0=EC=A0=81=EC=9A=A9=20=ED=9B=84=20=EC=B7=A8=EC=86=8C=20?=
 =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/shop/orderform.sub.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mobile/shop/orderform.sub.php b/mobile/shop/orderform.sub.php
index ae37aea42..71935a5f3 100644
--- a/mobile/shop/orderform.sub.php
+++ b/mobile/shop/orderform.sub.php
@@ -922,7 +922,7 @@ $(function() {
         $("#od_coupon_frm").remove();
         $("#od_coupon_btn").text("변경").focus();
         if(!$("#od_coupon_cancel").length)
-            $("#od_coupon_btn").after("<button type=\"button\" id=\"od_coupon_cancel\" class=\"cp_cancel1\">취소</button>");
+            $("#od_coupon_btn").after("<button type=\"button\" id=\"od_coupon_cancel\" class=\"cp_cancel cp_cancel1\">취소</button>");
     });
 
     $(document).on("click", "#od_coupon_close", function() {

From ba062ca5b62809106d5a2f7df942ffcb44ecb5a9 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 1 Sep 2022 16:08:08 +0900
Subject: [PATCH 7/8] =?UTF-8?q?[KVE-2022-0981]=20=EA=B7=B8=EB=88=84?=
 =?UTF-8?q?=EB=B3=B4=EB=93=9C=20Reflected=20XSS=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/faq.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bbs/faq.php b/bbs/faq.php
index d34da00f2..39774f07d 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -18,6 +18,7 @@ while ($row=sql_fetch_array($result))
 }
 
 if (isset($fm_id) && $fm_id){
+    $fm_id = (int) $fm_id;
     $qstr .= '&amp;fm_id=' . $fm_id; // 마스터faq key_id
 }
 

From f1a303e445883bf43486f92881f9a52130f5c4a7 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 13 Sep 2022 10:38:05 +0900
Subject: [PATCH 8/8] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.5.8.2.1=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 version.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.php b/version.php
index 67c27f288..c61c1bfc2 100644
--- a/version.php
+++ b/version.php
@@ -2,7 +2,7 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.5.8.2');
+define('G5_GNUBOARD_VER', '5.5.8.2.1');
 // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617)
 // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함
 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.