From 2adccca81739c363461d6ba46b986b26b92f4c7f Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 11 Jun 2014 11:04:39 +0900
Subject: [PATCH 1/2] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EC=9D=B4=EB=A9=94?=
 =?UTF-8?q?=EC=9D=BC=20=EC=9E=85=EB=A0=A5=20XSS=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/qaview.php         |  2 +-
 bbs/qawrite_update.php | 13 +++++++++++++
 lib/common.lib.php     |  9 +++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/bbs/qaview.php b/bbs/qaview.php
index a3b0ad393..f2565edee 100644
--- a/bbs/qaview.php
+++ b/bbs/qaview.php
@@ -30,7 +30,7 @@ if(is_file($skin_file)) {
     $view['content'] = conv_content($view['qa_content'], $view['qa_html']);
     $view['name'] = get_text($view['qa_name']);
     $view['datetime'] = $view['qa_datetime'];
-    $view['email'] = $view['qa_email'];
+    $view['email'] = get_text(strip_tags2($view['qa_email']));
     $view['hp'] = $view['qa_hp'];
 
     if (trim($stx))
diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index d384659f6..e96e4df63 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -10,8 +10,21 @@ $w == u : 수정
 if($is_guest)
     alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qalist.php'));
 
+$qaconfig = get_qa_config();
+
 $msg = array();
 
+// e-mail 체크
+if(isset($_POST['qa_email']) && $qa_email) {
+    $qa_email = strip_tags2(trim($_POST['qa_email']));
+
+    if($qaconfig['qa_req_email'] && !$qa_email)
+        $msg[] = '이메일을 입력하세요.';
+
+    if (!preg_match("/([0-9a-zA-Z_-]+)@([0-9a-zA-Z_-]+)\.([0-9a-zA-Z_-]+)/", $qa_email))
+        $msg[] = '이메일 주소가 형식에 맞지 않습니다.';
+}
+
 $qa_subject = '';
 if (isset($_POST['qa_subject'])) {
     $qa_subject = substr(trim($_POST['qa_subject']),0,255);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d0077577f..c12bce9e7 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2710,4 +2710,13 @@ function member_delete($mb_id)
     $sql = " update {$g5['member_table']} set mb_password = '', mb_level = 1, mb_email = '', mb_homepage = '', mb_tel = '', mb_hp = '', mb_zip1 = '', mb_zip2 = '', mb_addr1 = '', mb_addr2 = '', mb_birth = '', mb_sex = '', mb_signature = '', mb_memo = '".date('Ymd', G5_SERVER_TIME)." 삭제함\n{$mb['mb_memo']}', mb_leave_date = '".date('Ymd', G5_SERVER_TIME)."' where mb_id = '{$mb_id}' ";
     sql_query($sql);
 }
+
+// strip_tags 변형
+function strip_tags2($str)
+{
+    if(!$str)
+        return '';
+
+    return strip_tags(preg_replace("#<script[^<]*</script[^>]*>#i", "", $str));
+}
 ?>
\ No newline at end of file

From 9a16993762ce037087f9e412d766de8769e931c9 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 11 Jun 2014 15:12:57 +0900
Subject: [PATCH 2/2] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EC=9D=B4=EB=A9=94?=
 =?UTF-8?q?=EC=9D=BC=20=EC=9E=85=EB=A0=A5=20XSS=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=9E=AC=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/qaview.php         | 2 +-
 bbs/qawrite_update.php | 2 +-
 lib/common.lib.php     | 9 ++++-----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/bbs/qaview.php b/bbs/qaview.php
index f2565edee..f6b294468 100644
--- a/bbs/qaview.php
+++ b/bbs/qaview.php
@@ -30,7 +30,7 @@ if(is_file($skin_file)) {
     $view['content'] = conv_content($view['qa_content'], $view['qa_html']);
     $view['name'] = get_text($view['qa_name']);
     $view['datetime'] = $view['qa_datetime'];
-    $view['email'] = get_text(strip_tags2($view['qa_email']));
+    $view['email'] = get_text(get_email_address($view['qa_email']));
     $view['hp'] = $view['qa_hp'];
 
     if (trim($stx))
diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index e96e4df63..b4ec7d3d5 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -16,7 +16,7 @@ $msg = array();
 
 // e-mail 체크
 if(isset($_POST['qa_email']) && $qa_email) {
-    $qa_email = strip_tags2(trim($_POST['qa_email']));
+    $qa_email = get_email_address(trim($_POST['qa_email']));
 
     if($qaconfig['qa_req_email'] && !$qa_email)
         $msg[] = '이메일을 입력하세요.';
diff --git a/lib/common.lib.php b/lib/common.lib.php
index c12bce9e7..5fa08880e 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2711,12 +2711,11 @@ function member_delete($mb_id)
     sql_query($sql);
 }
 
-// strip_tags 변형
-function strip_tags2($str)
+// 이메일 주소 추출
+function get_email_address($email)
 {
-    if(!$str)
-        return '';
+    preg_match("/[0-9a-z._-]+@[a-z0-9._-]{4,}/i", $email, $matches);
 
-    return strip_tags(preg_replace("#<script[^<]*</script[^>]*>#i", "", $str));
+    return $matches[0];
 }
 ?>
\ No newline at end of file