Merge branch 'master' of github.com:gnuboard/g5

2018-11-21 15:59:33 +09:00
parent 3fb9c2c15f 8399dafd4b
commit 2549172969
13 changed files with 25 additions and 14 deletions
--- a/adm/contentform.php
+++ b/adm/contentform.php
@ -109,8 +109,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
        <td>
            <?php echo help("내용에서 iframe 등의 태그를 사용하려면 사용안함으로 선택해 주십시오."); ?>
            <select name="co_tag_filter_use" id="co_tag_filter_use">
-                <option value="1"<?php echo get_selected(1, $co['co_tag_filter_use']); ?>>사용함</option>
-                <option value="0"<?php echo get_selected(0, $co['co_tag_filter_use']); ?>>사용안함</option>
+                <option value="1"<?php echo get_selected($co['co_tag_filter_use'], 1); ?>>사용함</option>
+                <option value="0"<?php echo get_selected($co['co_tag_filter_use'], 0); ?>>사용안함</option>
            </select>
        </td>
    </tr>
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)

    $code    = $_POST['code'][$i];
    $me_name = $_POST['me_name'][$i];
-    $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
    
    if(!$code || !$me_name || !$me_link)
        continue;
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@ -2,9 +2,9 @@
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');

-$url1 = clean_xss_tags($url1);
-$url2 = clean_xss_tags($url2);
-$url3 = clean_xss_tags($url3);
+$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
+$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
+$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));

 // url 체크
 check_url_host($url1);
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -24,10 +24,15 @@ include_once('./_head.sub.php');
 // url 체크
 check_url_host($url, '', G5_URL, true);

-if( preg_match('#^/{3,}#', $url) ){
-    $url = preg_replace('#^/{3,}#', '/', $url);
+if($url){
+    $url = preg_replace('#^/\\\{1,}#', '/', $url);
+
+    if( preg_match('#^/{3,}#', $url) ){
+        $url = preg_replace('#^/{3,}#', '/', $url);
+    }
 }

+
 $url = get_text($url);

 include_once($member_skin_path.'/member_confirm.skin.php');
--- a/bbs/new_delete.php
+++ b/bbs/new_delete.php
@ -128,7 +128,7 @@ for($i=0;$i<count($_POST['chk_bn_id']);$i++)
        $row = sql_fetch($sql);

        // 원글의 코멘트 숫자를 감소
-        sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '$row[wr_last]' where wr_id = '{$write['wr_parent']}' ");
+        sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '{$row['wr_last']}' where wr_id = '{$write['wr_parent']}' ");

        // 코멘트 숫자 감소
        sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment - 1 where bo_table = '$bo_table' ");
--- a/config.php
+++ b/config.php
@ -5,7 +5,7 @@
 ********************/

 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.1.9');
+define('G5_GNUBOARD_VER', '5.3.2.0');

 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -2885,6 +2885,8 @@ function clean_xss_tags($str)
 {
    $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);

+    $str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
+
    return $str;
 }

--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@ -165,6 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
 <input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
 <?php
 foreach ($payReqMap as $key => $value) {
+    $key = htmlspecialchars(strip_tags($key));
+    $value = htmlspecialchars(strip_tags($value));
    echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
 }
 ?>
--- a/plugin/lgxpay/returnurl.php
+++ b/plugin/lgxpay/returnurl.php
@ -57,6 +57,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
 <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
 <?php
 	  foreach ($payReqMap as $key => $value) {
+        $key = htmlspecialchars(strip_tags($key));
+        $value = htmlspecialchars(strip_tags($value));
      echo "<input type='hidden' name='$key' id='$key' value='$value'>";
    }
 ?>
--- a/skin/board/basic/style.css
+++ b/skin/board/basic/style.css
@ -65,7 +65,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
--- a/skin/board/gallery/style.css
+++ b/skin/board/gallery/style.css
@ -55,7 +55,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
--- a/theme/basic/skin/board/basic/style.css
+++ b/theme/basic/skin/board/basic/style.css
@ -65,7 +65,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
--- a/theme/basic/skin/board/gallery/style.css
+++ b/theme/basic/skin/board/gallery/style.css
@ -55,7 +55,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}