firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/g4s

Browse Source
This commit is contained in:
rollydream
2013-03-21 11:11:44 +09:00
parent 1474ab2b4b 868af92760
commit 207d73eecb
35 changed files with 1736 additions and 1591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/member_list.php
View File

@ -123,6 +123,7 @@ $colspan = 15;
<th scope="col"><?=subject_sort_link('mb_level', '', 'desc')?>권한</a></th>
<th scope="col"><?=subject_sort_link('mb_point', '', 'desc')?> 포인트</a></th>
<th scope="col"><?=subject_sort_link('mb_today_login', '', 'desc')?>최종접속</a></th>
<th scope="col"><?=subject_sort_link('mb_datetime', '', 'desc')?>가입일</a></th>
<th scope="col"><?=subject_sort_link('mb_mailling', '', 'desc')?>수신</a></th>
<th scope="col"><?=subject_sort_link('mb_open', '', 'desc')?>공개</a></th>
<th scope="col"><?=subject_sort_link('mb_email_certify', '', 'desc')?>인증</a></th>
@ -189,6 +190,7 @@ $colspan = 15;
<td><?=get_member_level_select("mb_level[$i]", 1, $member['mb_level'], $row['mb_level'])?></td>
<td class="td_bignum"><a href="point_list.php?sfl=mb_id&amp;stx=<?=$row['mb_id']?>"><?=number_format($row['mb_point'])?></a></td>
<td><?=substr($row['mb_today_login'],2,8)?></td>
<td><?=substr($row['mb_datetime'],2,8)?></td>
<td><?=$row['mb_mailling']?'<span class="txt_true">Yes</span>':'<span class="txt_false">No</span>';?></td>
<td><?=$row['mb_open']?'<span class="txt_true">Yes</span>':'<span class="txt_false">No</span>';?></td>
<td><?=preg_match('/[1-9]/', $row['mb_email_certify'])?'<span class="txt_true">Yes</span>':'<span class="txt_false">No</span>';?></td>

11
adm/visit_list.php
View File

@ -63,15 +63,8 @@ $result = sql_query($sql);
$referer = get_text(cut_str($row['vi_referer'], 255, ''));
$referer = urldecode($referer);
if (strtolower($g4['charset']) == 'utf-8') {
if (!is_utf8($referer)) {
$referer = iconv('euc-kr', 'utf-8', $referer);
}
}
else {
if (is_utf8($referer)) {
$referer = iconv('utf-8', 'euc-kr', $referer);
}
if (!is_utf8($referer)) {
$referer = iconv_utf8($referer);
}
$title = str_replace(array('<', '>', '&'), array("&lt;", "&gt;", "&amp;"), $referer);

8
bbs/download.php
View File

@ -16,9 +16,9 @@ if (!$file['bf_file'])
alert_close('파일 정보가 존재하지 않습니다.');
// JavaScript 불가일 때
if($confirm != 'yes' && $board['bo_download_point'] < 0) {
if($js != 'on' && $board['bo_download_point'] < 0) {
$msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
$url1 = './download.php?'.$_SERVER['QUERY_STRING'].'&amp;confirm=yes';
$url1 = G4_BBS_URL.'/download.php?'.$_SERVER['QUERY_STRING'].'&amp;js=on';
$url2 = $_SERVER['HTTP_REFERER'];
//$url1 = 확인link, $url2=취소link
@ -31,7 +31,7 @@ if ($member['mb_level'] < $board['bo_download_level']) {
if ($member['mb_id'])
alert($alert_msg);
else
alert($alert_msg.'\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?wr_id='.$wr_id.'&amp;'.$qstr.'&amp;url='.urlencode($g4['bbs_path'].'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id));
alert($alert_msg.'\\n회원이시라면 로그인 후 이용해 보십시오.', G4_BBS_URL.'/login.php?wr_id='.$wr_id.'&amp;'.$qstr.'&amp;url='.urlencode(G4_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id));
}
$filepath = G4_DATA_PATH.'/file/'.$bo_table.'/'.$file['bf_file'];
@ -54,7 +54,7 @@ if (!get_session($ss_name))
{
// 다운로드 포인트가 음수이고 회원의 포인트가 0 이거나 작다면
if ($member['mb_point'] + $board['bo_download_point'] < 0)
alert('보유하신 포인트('.number_format($member['mb_point']).')가 없거나 모자라서 다운로드('.number_format($board['bo_download_point']).')가 불가합니다.'."\n\n".'포인트를 적립하신 후 다시 다운로드 해 주십시오.');
alert('보유하신 포인트('.number_format($member['mb_point']).')가 없거나 모자라서 다운로드('.number_format($board['bo_download_point']).')가 불가합니다.\\n\\n포인트를 적립하신 후 다시 다운로드 해 주십시오.');
// 게시물당 한번만 차감하도록 수정
insert_point($member['mb_id'], $board['bo_download_point'], "{$board['bo_subject']} $wr_id 파일 다운로드", $bo_table, $wr_id, "다운로드");

2
bbs/memo_delete.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if (!$member[mb_id])
alert('회원만 이용하실 수 있습니다.');
$me_id = (int)$_REQUEST['me_id'];
$sql = " select * from {$g4[memo_table]} where me_id = '{$me_id}' ";
$row = sql_fetch($sql);
if (!$row[mb_read_datetime][0]) // 메모 받기전이면

2
bbs/memo_view.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if (!$is_member)
alert('회원만 이용하실 수 있습니다.');
$me_id = (int)$_REQUEST['me_id'];
if ($kind == 'recv')
{
$t = '받은';

8
bbs/rss.php
View File

@ -30,15 +30,15 @@ if (!$row['bo_use_rss_view']) {
exit;
}
Header("Content-type: text/xml");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header('Content-type: text/xml');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
$sql = " select gr_subject from {$g4['group_table']} where gr_id = '{$row['gr_id']}' ";
$row = sql_fetch($sql);
$subj1 = specialchars_replace($row['gr_subject'], 255);
echo '<?xml version="1.0" encoding="'.$g4['charset'].'"?>'."\n";
echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>

2
bbs/syndi/include/include.adm.board_delete.inc.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 게시판 삭제시 Syndication Ping
* gnuboard4/adm/board_delete.inc.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.adm.board_delete.inc.php';
* include '../syndi/include/include.adm.board_delete.inc.php';
*/
if(!defined('_GNUBOARD_')) return;

2
bbs/syndi/include/include.adm.board_form_update.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 게시판 삭제시 Syndication Ping
* gnuboard4/adm/board_form_update.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.adm.board_form_update.php';
* include '../syndi/include/include.adm.board_form_update.php';
*/
if(!defined('_GNUBOARD_')) return;

2
bbs/syndi/include/include.bbs.delete.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 글 삭제시 Syndication Ping
* gnuboard4/bbs/bbs.delete.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.bbs.delete.php';
* include '../syndi/include/include.bbs.delete.php';
*/
if(!defined('_GNUBOARD_')) return;

2
bbs/syndi/include/include.bbs.delete_all.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 글 삭제시 Syndication Ping
* gnuboard4/bbs/bbs.delete_all.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.bbs.delete_all.php';
* include '../syndi/include/include.bbs.delete_all.php';
*/
if(!defined('_GNUBOARD_')) return;

2
bbs/syndi/include/include.bbs.move_update.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 글 등록/수정시 Syndication Ping
* gnuboard4/bbs/move_update.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.bbs.move_update.php';
* include '../syndi/include/include.bbs.move_update.php';
*/
if(!defined('_GNUBOARD_')) return;

2
bbs/syndi/include/include.bbs.write_update.php
View File

@ -4,7 +4,7 @@
* @author sol (ngleader@gmail.com)
* @brief 글 등록/수정시 Syndication Ping
* gnuboard4/bbs/write_update.php 파일에 추가
* include '../syndi/include/gnuboard4_euckr/include.bbs.write_update.php';
* include '../syndi/include/include.bbs.write_update.php';
*/
if(!defined('_GNUBOARD_')) return;

4
bbs/write.php
View File

@ -3,8 +3,8 @@ include_once('./_common.php');
include_once(G4_CKEDITOR_PATH.'/ckeditor.lib.php');
include_once(G4_GCAPTCHA_PATH.'/gcaptcha.lib.php');
set_session('ss_bo_table', $bo_table);
set_session('ss_wr_id', $wr_id);
set_session('ss_bo_table', $_REQUEST['bo_table']);
set_session('ss_wr_id', $_REQUEST['wr_id']);
if (!$board['bo_table']) {
alert('존재하지 않는 게시판입니다.', G4_URL);

4
bbs/write_update.php
View File

@ -42,8 +42,8 @@ if (empty($_POST)) {
}
$w = $_POST['w'];
$wr_link1 = mysql_real_escape_string($_POST['wr_link1']);
$wr_link2 = mysql_real_escape_string($_POST['wr_link2']);
$wr_link1 = escape_trim(strip_tags($_POST['wr_link1']));
$wr_link2 = escape_trim(strip_tags($_POST['wr_link2']));
$notice_array = explode(',', trim($board['bo_notice']));

2965
bbs/zip.db
View File

File diff suppressed because it is too large Load Diff

28
common.php
View File

@ -2,9 +2,6 @@
/*******************************************************************************
** 공통 변수, 상수, 코드
*******************************************************************************/
//error_reporting(E_ALL ^ E_NOTICE);
//error_reporting(E_ALL & ~E_NOTICE);
//error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT);
error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );
// 보안설정이나 프레임이 달라도 쿠키가 통하도록 설정
@ -69,20 +66,14 @@ $g4 = array();
function g4_path()
{
$path = dirname(__FILE__); // 예) /home/sir/www/g4s
$linux_dir = str_replace("\\", "/", $path); // 예) /home/sir/www/g4s
//$document_root = str_replace("\\", "/", $_SERVER['DOCUMENT_ROOT']); // 예) /home/sir/www
$document_root = str_replace("\\", "/", realpath($_SERVER['DOCUMENT_ROOT']));
$base_dir = preg_replace('#^'.$document_root.'#i', '', $linux_dir); // 예) /g4s
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$result = array();
$result['path'] = $path;
$result['url'] = $http.$_SERVER['SERVER_NAME'].$port.$base_dir;
$result['curr_url'] = $http.$_SERVER['SERVER_NAME'].$port.$_SERVER['PHP_SELF'];
$result['curr_uri'] = $result['curr_url'] . ($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
$result['path'] = str_replace('\\', '/', dirname(__FILE__));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
$document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
$root = str_replace($document_root, '', $result['path']);
$port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$result['url'] = $http.$_SERVER['SERVER_NAME'].$port.$user.$root;
return $result;
}
@ -128,7 +119,7 @@ div a {display:block;margin:50px auto 10px;width:170px;text-align:center}
<li><strong><?=G4_DATA_DIR.'/'.G4_DBCONFIG_FILE?></strong></li>
</ul>
<p>프로그램 설치 후 실행하시기 바랍니다.</p>
<a href="<?=G4_URL?>/install/">그누보드4S 설치하기</a>
<a href="./install/">그누보드4S 설치하기</a>
</div>
</body>
</html>
@ -221,6 +212,7 @@ if (isset($_REQUEST['sca'])) {
if (isset($_REQUEST['sfl'])) {
$sfl = escape_trim($_REQUEST['sfl']);
$sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl);
if ($sfl)
$qstr .= '&amp;sfl=' . urlencode($sfl); // search field (검색 필드)
} else {

7
css/admin.css
View File

@ -264,7 +264,7 @@ td {padding:8px 5px 6px;border-top:1px solid #e9e9e9;border-bottom:1px solid #e9
/* 공통 */
.td_chk {width:30px;text-align:center}
.td_num {width:60px;text-align:center}
.td_bignum {width:120px;text-align:center}
.td_bignum {width:100px;text-align:center}
.td_grid {width:60px;text-align:center}
.td_mbid,
.td_name,
@ -298,6 +298,11 @@ td {padding:8px 5px 6px;border-top:1px solid #e9e9e9;border-bottom:1px solid #e9
.new_win_ul a {display:block;padding:10px 10px 8px;border-right:1px solid #595959;border-left:1px solid #595959;color:#fff;font-family:"dotum";font-weight:bold;text-decoration:none}
.new_win_desc {margin:0 auto;width:93%}
/* 자바스크립트 alert 대안 */
#validation_check {margin:100px auto;width:500px}
#validation_check h1 {margin-bottom:20px;font-size:1.3em}
#validation_check p {margin-bottom:20px;padding:30px 20px;border:1px solid #e9e9e9;background:#fff}
/* 관리자 패스워드 확인 */
#admin_confirm {padding:0 0 10px;background:#222;text-align:center}
#admin_confirm p {margin:0 0 10px;color:#9ab9c5;background:#383a3f}

2
css/default.css
View File

@ -227,7 +227,7 @@ input.required:focus {padding:3px 3px 4px;border:0;background:#21272e !important
/* 자바스크립트 alert 대안 */
#validation_check {margin:100px auto;width:500px}
#validation_check h1 {margin-bottom:20px;font-size:1.3em}
#validation_check p {margin-bottom:20px;padding:30px 20px}
#validation_check p {margin-bottom:20px;padding:30px 20px;border:1px solid #e9e9e9;background:#fff}
/* 사이드뷰 */
.sv_wrap {display:inline-block;position:relative;font-weight:normal}

6
head.sub.php
View File

@ -32,7 +32,11 @@ header("Pragma: no-cache"); // HTTP/1.0
<html lang="ko">
<head>
<meta charset="utf-8">
<? if (G4_IS_MOBILE) {?><meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width"><? } ?>
<? if (G4_IS_MOBILE) {?>
<meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=0,maximum-scale=10,user-scalable=yes">
<meta name="HandheldFriendly" content="true">
<meta name="format-detection" content="telephone=no">
<? } ?>
<!-- <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> -->
<title><?=$g4_head_title?></title>
<? if (defined('G4_IS_ADMIN')) { ?>

10
install/index.php
View File

@ -4,6 +4,9 @@ include_once ('../config.php');
include_once ('./install.inc.php');
?>
<?
if ($exists_data_dir && $write_data_dir) {
?>
<p>
<strong class="st_strong">라이센스(License) 내용을 반드시 확인하십시오.</strong><br>
라이센스에 동의하시는 경우에만 설치가 진행됩니다.
@ -11,8 +14,6 @@ include_once ('./install.inc.php');
<textarea name="textarea" id="idx_license" readonly><?=implode('', file('../LICENSE.txt'));?></textarea>
</div>
<form action="./install_config.php" method="post" onsubmit="return frm_submit(this);">
<div id="idx_agree">
<label for="agree">동의합니다.</label>
@ -35,6 +36,11 @@ function frm_submit(f)
return true;
}
</script>
<?
} // if
?>
</div>
</body>
</html>

5
install/install.inc.php
View File

@ -53,6 +53,7 @@ if (file_exists($dbconfig_file)) {
?>
<?
$exists_data_dir = true;
// data 디렉토리가 있는가?
if (!is_dir($data_path))
{
@ -62,10 +63,12 @@ if (!is_dir($data_path))
$> mkdir <?=G4_DATA_DIR?><br /><br />
위 명령 실행후 브라우저를 새로고침 하십시오.</p>
<?
$exists_data_dir = false;
}
?>
<?
$write_data_dir = true;
// data 디렉토리에 파일 생성 가능한지 검사.
if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
if (!(is_readable($data_path) && is_writeable($data_path) && is_executable($data_path)))
@ -75,7 +78,7 @@ if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
$> chmod 707 <?=G4_DATA_DIR?> 또는 chmod uo+rwx <?=G4_DATA_DIR?><br /><br />
위 명령 실행후 브라우저를 새로고침 하십시오.</p>
<?
exit;
$write_data_dir = false;
}
}
?>

25
js/filter.js
View File

@ -1,25 +0,0 @@
if (typeof(FILTER_JS) == 'undefined') // 한번만 실행
{
if (typeof g4_cf_filter == 'undefined')
alert('g4_cf_filter 변수가 선언되지 않았습니다. js/filter.js');
var FILTER_JS = true;
// 금지단어 필터링
function word_filter_check(v)
{
var trim_pattern = /(^\s*)|(\s*$)/g; // \s 공백 문자 // 양쪽 공백 없애기 trim()
var filter = g4_cf_filter;
var s = filter.split(",");
for (i=0; i<s.length; i++)
{
s[i] = s[i].replace(trim_pattern, "");
if (s[i]=="") continue;
if (v.indexOf(s[i]) != -1)
return s[i];
}
return "";
}
}

83
lib/common.lib.php
View File

@ -87,7 +87,7 @@ function goto_url($url)
{
$url = str_replace("&amp;", "&", $url);
//echo "<script> location.replace('$url'); </script>";
header("Location:$url");
@header("Location:$url");
exit;
}
@ -137,19 +137,6 @@ function alert($msg='', $url='', $error=true, $post=false)
if (!$msg) $msg = '올바른 방법으로 이용해 주십시오.';
/*
//header("Content-Type: text/html; charset=$g4['charset']");
echo "<meta http-equiv=\"content-type\" content=\"text/html; charset={$g4['charset']}\">";
echo "<script>alert('$msg');";
if (!$url)
echo "history.go(-1);";
echo "</script>";
if ($url)
// 4.06.00 : 불여우의 경우 아래의 코드를 제대로 인식하지 못함
//echo "<meta http-equiv='refresh' content='0;url=$url'>";
goto_url($url);
exit;
*/
$header = '';
if (isset($g4['title'])) {
$header = $g4['title'];
@ -164,11 +151,6 @@ function alert_close($msg, $error=true)
{
global $g4;
/*
echo "<meta http-equiv=\"content-type\" content=\"text/html; charset={$g4['charset']}\">";
echo "<script> alert('$msg'); window.close(); </script>";
exit;
*/
$header = '';
if (isset($g4['title'])) {
$header = $g4['title'];
@ -495,6 +477,13 @@ function bad120422($matches)
return $matches['0'];
}
// tag 내의 주석문 무효화 하기
function bad130128($matches)
{
$str = $matches[2];
return '<'.$matches[1].preg_replace('#(\/\*|\*\/)#', '', $str).'>';
}
// 내용을 변환
function conv_content($content, $html)
{
@ -521,14 +510,18 @@ function conv_content($content, $html)
$content .= "</table>";
}
$content = preg_replace_callback("/<([^>]+)>/s", 'bad130128', $content);
$content = preg_replace($source, $target, $content);
$content = bad_tag_convert($content);
// XSS (Cross Site Script) 막기
// 완벽한 XSS 방지는 없다.
// 이런 경우를 방지함 <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
$content = preg_replace("#\/\*.*\*\/#iU", "", $content);
//$content = preg_replace("#\/\*.*\*\/#iU", "", $content);
// 위의 정규식이 아래와 같은 내용을 통과시키므로 not greedy(비탐욕수량자?) 옵션을 제거함. ignore case 옵션도 필요 없으므로 제거
// <IMG STYLE="xss:ex//*XSS*/**/pression(alert('XSS'))"></IMG>
$content = preg_replace("#\/\*.*\*\/#", "", $content);
// object, embed 태그에서 javascript 코드 막기
$content = preg_replace_callback("#<(object|embed)([^>]+)>#i", "bad120422", $content);
@ -538,7 +531,8 @@ function conv_content($content, $html)
$content = preg_replace("/(lo)(wsrc)/i", "&#108;&#111;$2", $content);
$content = preg_replace("/(sc)(ript)/i", "&#115;&#99;$2", $content);
$content = preg_replace_callback("#<([^>]+)#", create_function('$m', 'return "<".str_replace("<", "&lt;", $m[1]);'), $content);
$content = preg_replace("/\<(\w|\s|\?)*(xml)/i", "", $content);
//$content = preg_replace("/\<(\w|\s|\?)*(xml)/i", "", $content);
$content = preg_replace("/\<(\w|\s|\?)*(xml)/i", "_$1$2_", $content);
// 플래시의 액션스크립트와 자바스크립트의 연동을 차단하여 악의적인 사이트로의 이동을 막는다.
// value="always" 를 value="never" 로, allowScriptaccess="always" 를 allowScriptaccess="never" 로 변환하는데 목적이 있다.
@ -550,6 +544,9 @@ function conv_content($content, $html)
$content = preg_replace("/<(img[^>]+logout\.php[^>]+)/i", "*** CSRF 감지 : &lt;$1", $content);
$content = preg_replace("/<(img[^>]+download\.php[^>]+bo_table[^>]+)/i", "*** CSRF 감지 : &lt;$1", $content);
$content = preg_replace_callback("#style\s*=\s*[\"\']?[^\"\']+[\"\']?#i",
create_function('$matches', 'return str_replace("\\\\", "", stripslashes($matches[0]));'), $content);
$pattern = "";
$pattern .= "(e|&#(x65|101);?)";
$pattern .= "(x|&#(x78|120);?)";
@ -558,10 +555,15 @@ function conv_content($content, $html)
$pattern .= "(e|&#(x65|101);?)";
$pattern .= "(s|&#(x73|115);?)";
$pattern .= "(s|&#(x73|115);?)";
$pattern .= "(i|&#(x6a|105);?)";
//$pattern .= "(i|&#(x6a|105);?)";
$pattern .= "(i|&#(x69|105);?)";
$pattern .= "(o|&#(x6f|111);?)";
$pattern .= "(n|&#(x6e|110);?)";
$content = preg_replace("/".$pattern."/i", "__EXPRESSION__", $content);
//$content = preg_replace("/".$pattern."/i", "__EXPRESSION__", $content);
$content = preg_replace("/<[^>]*".$pattern."/i", "__EXPRESSION__", $content);
// <IMG STYLE="xss:e\xpression(alert('XSS'))"></IMG> 와 같은 코드에 취약점이 있어 수정함. 121213
$content = preg_replace("/(?<=style)(\s*=\s*[\"\']?xss\:)/i", '="__XSS__', $content);
$content = bad_tag_convert($content);
}
else // text 이면
{
@ -1309,10 +1311,7 @@ function get_table_define($table, $crlf="\n")
$schema_create .= implode($columns, ', ') . ')';
} // end while
if (strtolower($g4['charset']) == 'utf-8')
$schema_create .= $crlf . ') DEFAULT CHARSET=utf8';
else
$schema_create .= $crlf . ')';
$schema_create .= $crlf . ') DEFAULT CHARSET=utf8';
return $schema_create;
} // end of the 'PMA_getTableDef()' function
@ -1517,13 +1516,6 @@ function cut_hangul_last($hangul)
}
}
// 홀수라면 한글이 반쪽난 상태이므로
if (strtoupper($g4['charset']) != 'UTF-8') {
if ($cnt%2) {
$hangul = substr($hangul, 0, $cnt-1);
}
}
return $hangul;
}
@ -1554,9 +1546,7 @@ function bad_tag_convert($code)
$code);
}
//return preg_replace("/\<([\/]?)(script|iframe)([^\>]*)\>/i", "&lt;$1$2$3&gt;", $code);
// script 나 iframe 태그를 막지 않는 경우 필터링이 되도록 수정
return preg_replace("/\<([\/]?)(script|iframe)([^\>]*)\>?/i", "&lt;$1$2$3&gt;", $code);
return preg_replace("/\<([\/]?)(script|iframe|form)([^\>]*)\>?/i", "&lt;$1$2$3&gt;", $code);
}
@ -1737,7 +1727,7 @@ function delete_cache_latest($bo_table)
{
$files = glob(G4_DATA_PATH.'/cache/latest-'.$bo_table.'-*');
if (is_array($files)) {
foreach ($files as $filename)
foreach ($files as $filename)
unlink($filename);
}
}
@ -1751,7 +1741,7 @@ function delete_board_thumbnail($bo_table, $file)
$fn = preg_replace("/\.[^\.]+$/i", "", basename($file));
$files = glob(G4_DATA_PATH.'/file/'.$bo_table.'/thumb-'.$fn.'*');
if (is_array($files)) {
foreach ($files as $filename)
foreach ($files as $filename)
unlink($filename);
}
}
@ -1763,7 +1753,7 @@ function get_editor_image($contents)
return false;
// $contents 중 img 태그 추출
$pattern = "/<img[^>]*src=[\'\"]?([^>\'\"]+".str_replace(".", "\.", $_SERVER['HTTP_HOST'])."[^>\'\"]+)[\'\"]?[^>]*>/";
$pattern = "/<img[^>]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/";
preg_match_all($pattern, $contents, $matchs);
return $matchs;
@ -1802,16 +1792,9 @@ function get_skin_stylesheet($skin_path)
if(!$skin_path)
return "";
$doc_root = realpath($_SERVER['DOCUMENT_ROOT']);
$skin_path = realpath($skin_path);
$str = "";
$p = parse_url(G4_URL);
$skin_url = $p['scheme'].'://'.$p['host'];
if(isset($p['port']))
$skin_url .= ':'.$p['port'];
$skin_url .= str_replace("\\", "/", str_replace($doc_root, "", $skin_path));
$skin_url = G4_URL.str_replace("\\", "/", str_replace(G4_PATH, "", $skin_path));
if(is_dir($skin_path)) {
if($dh = opendir($skin_path)) {

7
lib/latest.lib.php
View File

@ -5,6 +5,7 @@ if (!defined('_GNUBOARD_')) exit;
function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40)
{
global $g4;
static $css = array();
if (!$skin_dir) $skin_dir = 'basic';
@ -38,6 +39,12 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40)
include_once($cache_file);
// 같은 스킨은 .css 를 한번만 호출한다.
if (!in_array($skin_dir, $css)) {
echo '<link rel="stylesheet" href="'.$latest_skin_url.'/style.css">';
$css[] = $skin_dir;
}
ob_start();
include $latest_skin_path.'/latest.skin.php';
$content = ob_get_contents();

3
lib/mailer.lib.php
View File

@ -11,11 +11,8 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file='', $cc=
// 메일발송 사용을 하지 않는다면
if (!$config['cf_email_use']) return;
//$fname = "=?$g4[charset]?B?" . base64_encode($fname) . "?=";
//$subject = "=?$g4[charset]?B?" . base64_encode($subject) . "?=";
$fname = "=?utf-8?B?" . base64_encode($fname) . "?=";
$subject = "=?utf-8?B?" . base64_encode($subject) . "?=";
//$g4[charset] = ($g4[charset] != "") ? "charset=$g4[charset]" : "";
$header = "Return-Path: <$fmail>\n";
$header .= "From: $fname <$fmail>\n";

23
lib/thumbnail.lib.php
View File

@ -34,15 +34,21 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
for($i=0; $i<count($matchs[1]); $i++)
{
// 이미지 path 구함
$imgurl = parse_url($matchs[1][$i]);
$srcfile = $_SERVER['DOCUMENT_ROOT'].$imgurl['path'];
$src_url = $matchs[1][$i];
if(!stristr($src_url, G4_URL) || stripos($src_url, G4_URL) != 0)
continue;
$srcfile = G4_PATH.str_replace(G4_URL, "", $matchs[1][$i]);
if(preg_match("/\.({$config['cf_image_extension']})$/i", $srcfile) && is_file($srcfile)) {
$size = @getimagesize($srcfile);
if(empty($size))
continue;
$filename = basename($srcfile);
$filepath = dirname($srcfile);
preg_match("/alt=[\'\"]{1}(.*)[\'\"]{1}/", $matchs[0][$i], $malt);
preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $matchs[0][$i], $malt);
$alt = get_text($malt[1]);
break;
@ -94,13 +100,15 @@ function get_view_thumbnail($contents)
// $contents 중 img 태그 추출
$matchs = get_editor_image($contents);
if(!$matchs)
if(empty($matchs))
return $contents;
for($i=0; $i<count($matchs[1]); $i++) {
if(!stristr($matchs[1][$i], G4_URL) || stripos($matchs[1][$i], G4_URL) != 0)
continue;
// 이미지 path 구함
$imgurl = parse_url($matchs[1][$i]);
$srcfile = $_SERVER['DOCUMENT_ROOT'].$imgurl['path'];
$srcfile = G4_PATH.str_replace(G4_URL, "", $matchs[1][$i]);
if(is_file($srcfile)) {
// 썸네일 높이
@ -145,7 +153,8 @@ function get_view_thumbnail($contents)
// $img_tag에 editor 경로가 있으면 원본보기 링크 추가
if(strpos($matchs[1][$i], 'data/editor') && preg_match("/\.({$config['cf_image_extension']})$/i", $filename)) {
$thumb_tag = '<a href="'.G4_BBS_URL.'/view_image.php?fn='.urlencode($imgurl['path']).'" target="_blank" class="view_image">'.$thumb_tag.'</a>';
$imgurl = str_replace(G4_URL, "", $matchs[1][$i]);
$thumb_tag = '<a href="'.G4_BBS_URL.'/view_image.php?fn='.urlencode($imgurl).'" target="_blank" class="view_image">'.$thumb_tag.'</a>';
}
$contents = str_replace($img_tag, $thumb_tag, $contents);

2
mobile/skin/board/basic/list.skin.php
View File

@ -140,7 +140,7 @@ if ($is_nogood) $colspan++;
<option value="wr_name,1"<?=get_selected($sfl, 'wr_name,1');?>>글쓴이</option>
<option value="wr_name,0"<?=get_selected($sfl, 'wr_name,0');?>>글쓴이(코)</option>
</select>
<input name="stx" value="<?=stripslashes($stx)?>" title="검색어(필수)" required class="required" size="15" maxlength="15">
<input name="stx" value="<?=stripslashes($stx)?>" title="검색어(필수)" required class="required" size="15" maxlength="15">
<input type="submit" value="검색">
</form>
</fieldset>

22
mobile/skin/board/basic/view.skin.php
View File

@ -40,7 +40,7 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) {
?>
<li>
<a href="<? echo $view['file'][$i]['href']; ?>" onclick="javascript:file_download('<? echo $view['file'][$i]['href'].'&amp;confirm=yes'; ?>', '<?=$view['file'][$i]['source']?>'); return false;">
<a href="<? echo $view['file'][$i]['href']; ?>" class="view_file_download">
<img src="<?=$board_skin_url?>/img/icon_file.gif" alt="첨부파일">
<strong><?=$view['file'][$i]['source']?></strong>
<span> (<?=$view['file'][$i]['size']?>)</span>
@ -183,10 +183,22 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
<script>
function file_download(link, file) {
<? if ($board['bo_download_point'] < 0) { ?>if (confirm("'"+file+"' 파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?"))<?}?>
document.location.href=link;
}
<? if ($board['bo_download_point'] < 0) { ?>
$(function() {
$("a.view_file_download").click(function() {
var msg = "파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?";
if(confirm(msg)) {
var href = $(this).attr("href")+"&js=on";
$(this).attr("href", href);
return true;
} else {
return false;
}
});
});
<?}?>
function board_move(href)
{

6
mobile/skin/board/gallery/list.skin.php
View File

@ -87,12 +87,12 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
<strong style="width:<?=$board['bo_mobile_gallery_width']?>px;height:<?=$board['bo_mobile_gallery_height']?>px">공지</strong>
<?
} else {
$thumb = get_list_thumbnail($board['bo_table'], $list[$i]['wr_id'], $board['bo_gallery_width'], $board['bo_gallery_height']);
$thumb = get_list_thumbnail($board['bo_table'], $list[$i]['wr_id'], $board['bo_mobile_gallery_width'], $board['bo_mobile_gallery_height']);
if($thumb['src']) {
$img_content = '<img src="'.$thumb['src'].'" alt="'.$thumb['alt'].'" width="'.$board['bo_gallery_width'].'" height="'.$board['bo_gallery_height'].'">';
$img_content = '<img src="'.$thumb['src'].'" alt="'.$thumb['alt'].'" width="'.$board['bo_mobile_gallery_width'].'" height="'.$board['bo_mobile_gallery_height'].'">';
} else {
$img_content = '<span style="width:'.$board['bo_gallery_width'].'px;height:'.$board['bo_gallery_height'].'px">no image</span>';
$img_content = '<span style="width:'.$board['bo_mobile_gallery_width'].'px;height:'.$board['bo_mobile_gallery_height'].'px">no image</span>';
}
echo $img_content;

22
mobile/skin/board/gallery/view.skin.php
View File

@ -40,7 +40,7 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) {
?>
<li>
<a href="<? echo $view['file'][$i]['href']; ?>" onclick="javascript:file_download('<? echo $view['file'][$i]['href'].'&amp;confirm=yes'; ?>', '<?=$view['file'][$i]['source']?>'); return false;">
<a href="<? echo $view['file'][$i]['href']; ?>" class="view_file_download">
<img src="<?=$board_skin_url?>/img/icon_file.gif" alt="첨부파일">
<strong><?=$view['file'][$i]['source']?></strong>
<span> (<?=$view['file'][$i]['size']?>)</span>
@ -182,10 +182,22 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
<script>
function file_download(link, file) {
<? if ($board['bo_download_point'] < 0) { ?>if (confirm("'"+file+"' 파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?"))<?}?>
document.location.href=link;
}
<? if ($board['bo_download_point'] < 0) { ?>
$(function() {
$("a.view_file_download").click(function() {
var msg = "파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?";
if(confirm(msg)) {
var href = $(this).attr("href")+"&js=on";
$(this).attr("href", href);
return true;
} else {
return false;
}
});
});
<?}?>
function board_move(href)
{

4
mobile/skin/outlogin/basic/outlogin.skin.1.php
View File

@ -10,8 +10,8 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
<form name="foutlogin" action="<?=$outlogin_action_url?>" onsubmit="return fhead_submit(this);" method="post" autocomplete="off">
<fieldset>
<input type="hidden" name="url" value="<?=$outlogin_url?>">
<input type="text" name="mb_id" id="ol_id" title="회원아이디(필수)" placeholder="회원아이디(필수)" required class="required" maxlength="20">
<input type="password" id="ol_pw" name="mb_password" title="패스워드(필수)" placeholder="패스워드(필수)" required class="required" maxlength="20">
<input type="text" name="mb_id" id="ol_id" placeholder="회원아이디(필수)" required class="required" maxlength="20">
<input type="password" id="ol_pw" name="mb_password" placeholder="패스워드(필수)" required class="required" maxlength="20">
<input type="submit" id="ol_submit" value="로그인">
<div id="ol_svc">
<input type="checkbox" id="auto_login" name="auto_login" value="1">

22
skin/board/basic/view.skin.php
View File

@ -40,7 +40,7 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) {
?>
<li>
<a href="<? echo $view['file'][$i]['href']; ?>" onclick="javascript:file_download('<? echo $view['file'][$i]['href'].'&amp;confirm=yes'; ?>', '<?=$view['file'][$i]['source']?>'); return false;">
<a href="<? echo $view['file'][$i]['href']; ?>" class="view_file_download">
<img src="<?=$board_skin_url?>/img/icon_file.gif" alt="첨부파일">
<strong><?=$view['file'][$i]['source']?></strong>
<span> (<?=$view['file'][$i]['size']?>)</span>
@ -184,10 +184,22 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
<script>
function file_download(link, file) {
<? if ($board['bo_download_point'] < 0) { ?>if (confirm("'"+file+"' 파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?"))<?}?>
document.location.href=link;
}
<? if ($board['bo_download_point'] < 0) { ?>
$(function() {
$("a.view_file_download").click(function() {
var msg = "파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?";
if(confirm(msg)) {
var href = $(this).attr("href")+"&js=on";
$(this).attr("href", href);
return true;
} else {
return false;
}
});
});
<?}?>
function board_move(href)
{

22
skin/board/gallery/view.skin.php
View File

@ -40,7 +40,7 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) {
?>
<li>
<a href="<? echo $view['file'][$i]['href']; ?>" onclick="javascript:file_download('<? echo $view['file'][$i]['href'].'&amp;confirm=yes'; ?>', '<?=$view['file'][$i]['source']?>'); return false;">
<a href="<? echo $view['file'][$i]['href']; ?>" class="view_file_download">
<img src="<?=$board_skin_url?>/img/icon_file.gif" alt="첨부파일">
<strong><?=$view['file'][$i]['source']?></strong>
<span> (<?=$view['file'][$i]['size']?>)</span>
@ -182,10 +182,22 @@ include_once(G4_LIB_PATH.'/thumbnail.lib.php');
<script>
function file_download(link, file) {
<? if ($board['bo_download_point'] < 0) { ?>if (confirm("'"+file+"' 파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?"))<?}?>
document.location.href=link;
}
<? if ($board['bo_download_point'] < 0) { ?>
$(function() {
$("a.view_file_download").click(function() {
var msg = "파일을 다운로드 하시면 포인트가 차감(<?=number_format($board['bo_download_point'])?>점)됩니다.\n\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\n\n그래도 다운로드 하시겠습니까?";
if(confirm(msg)) {
var href = $(this).attr("href")+"&js=on";
$(this).attr("href", href);
return true;
} else {
return false;
}
});
});
<?}?>
function board_move(href)
{

2
skin/latest/basic/latest.skin.php
View File

@ -2,8 +2,6 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
?>
<link rel="stylesheet" href="<?=$latest_skin_url?>/style.css">
<div class="lt">
<strong class="lt_title"><a href="<?=G4_BBS_URL?>/board.php?bo_table=<?=$bo_table?>"><?=$bo_subject?></a></strong>
<ul>

8
skin/member/basic/register_form.skin.php
View File

@ -103,12 +103,12 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
<? if ($config['cf_req_addr']) {?><strong class="sound_only">필수</strong><? } ?>
</th>
<td>
<input type="text" name="mb_zip1" value="<?=$member['mb_zip1']?>" id="reg_mb_zip1" <?=$config['cf_req_addr']?"required":"";?> title="우편번호 앞자리" class="frm_input <?=$config['cf_req_addr']?"required":"";?>" size="2" maxlength="3">
<input type="text" name="mb_zip1" value="<?=$member['mb_zip1']?>" id="reg_mb_zip1" <?=$config['cf_req_addr']?"required":"";?> title="우편번호 앞자리<?=$config['cf_req_addr']?"(필수)":"";?>" class="frm_input <?=$config['cf_req_addr']?"required":"";?>" size="2" maxlength="3">
-
<input type="text" name="mb_zip2" value="<?=$member['mb_zip2']?>" id="reg_mb_zip2" <?=$config['cf_req_addr']?"required":"";?> title="우편번호 뒷자리" class="frm_input <?=$config['cf_req_addr']?"required":"";?>" size="2" maxlength="3">
<input type="text" name="mb_zip2" value="<?=$member['mb_zip2']?>" id="reg_mb_zip2" <?=$config['cf_req_addr']?"required":"";?> title="우편번호 뒷자리<?=$config['cf_req_addr']?"(필수)":"";?>" class="frm_input <?=$config['cf_req_addr']?"required":"";?>" size="2" maxlength="3">
<a href="<? echo $zip_href; ?>" id="reg_zip_find" class="btn_frmline win_zip_find" target="_blank">주소찾기</a>
<input type="text" name="mb_addr1" value="<?=$member['mb_addr1']?>" id="reg_mb_addr1" <?=$config['cf_req_addr']?"required":"";?> title="행정구역주소" class="frm_input frm_address <?=$config['cf_req_addr']?"required":"";?>" size="50">
<input type="text" name="mb_addr2" value="<?=$member['mb_addr2']?>" id="reg_mb_addr2" <?=$config['cf_req_addr']?"required":"";?> title="상세주소" class="frm_input frm_address <?=$config['cf_req_addr']?"required":"";?>" size="50">
<input type="text" name="mb_addr1" value="<?=$member['mb_addr1']?>" id="reg_mb_addr1" <?=$config['cf_req_addr']?"required":"";?> title="행정구역주소<?=$config['cf_req_addr']?"(필수)":"";?>" class="frm_input frm_address <?=$config['cf_req_addr']?"required":"";?>" size="50">
<input type="text" name="mb_addr2" value="<?=$member['mb_addr2']?>" id="reg_mb_addr2" <?=$config['cf_req_addr']?"required":"";?> title="상세주소<?=$config['cf_req_addr']?"(필수)":"";?>" class="frm_input frm_address <?=$config['cf_req_addr']?"required":"";?>" size="50">
</td>
</tr>
<? } ?>