From ad2419026a70bef3160423c6889065f5f0160988 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 30 Oct 2018 16:09:56 +0900
Subject: [PATCH 1/7] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20php=20?=
 =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/new_delete.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbs/new_delete.php b/bbs/new_delete.php
index 45341a244..6791e33e3 100644
--- a/bbs/new_delete.php
+++ b/bbs/new_delete.php
@@ -128,7 +128,7 @@ for($i=0;$i<count($_POST['chk_bn_id']);$i++)
         $row = sql_fetch($sql);
 
         // 원글의 코멘트 숫자를 감소
-        sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '$row[wr_last]' where wr_id = '{$write['wr_parent']}' ");
+        sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '{$row['wr_last']}' where wr_id = '{$write['wr_parent']}' ");
 
         // 코멘트 숫자 감소
         sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment - 1 where bo_table = '$bo_table' ");

From e7caff2e63dfca02ec46c21e3de1ccdd5d55a538 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 16 Nov 2018 10:55:56 +0900
Subject: [PATCH 2/7] =?UTF-8?q?KVE-2018-0979=20=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C=20=EC=98=81=EC=B9=B4=ED=8A=B8=20lgxpay=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/lgxpay/AuthOnlyReq.php | 2 ++
 plugin/lgxpay/returnurl.php   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php
index f8c42b1b6..571d7d9c9 100644
--- a/plugin/lgxpay/AuthOnlyReq.php
+++ b/plugin/lgxpay/AuthOnlyReq.php
@@ -165,6 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
 <input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
 <?php
 foreach ($payReqMap as $key => $value) {
+    $key = htmlspecialchars(strip_tags($key));
+    $value = htmlspecialchars(strip_tags($value));
     echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
 }
 ?>
diff --git a/plugin/lgxpay/returnurl.php b/plugin/lgxpay/returnurl.php
index e0cd0a37b..b40e8940e 100644
--- a/plugin/lgxpay/returnurl.php
+++ b/plugin/lgxpay/returnurl.php
@@ -57,6 +57,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
 <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
 <?php
 	  foreach ($payReqMap as $key => $value) {
+        $key = htmlspecialchars(strip_tags($key));
+        $value = htmlspecialchars(strip_tags($value));
       echo "<input type='hidden' name='$key' id='$key' value='$value'>";
     }
 ?>

From ccba200fbdcbad9f4a75ebf27eddb1341cd5628d Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 16 Nov 2018 11:15:10 +0900
Subject: [PATCH 3/7] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?=
 =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/contentform.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/adm/contentform.php b/adm/contentform.php
index 7ebe8bf01..6217e4603 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -109,8 +109,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
         <td>
             <?php echo help("내용에서 iframe 등의 태그를 사용하려면 사용안함으로 선택해 주십시오."); ?>
             <select name="co_tag_filter_use" id="co_tag_filter_use">
-                <option value="1"<?php echo get_selected(1, $co['co_tag_filter_use']); ?>>사용함</option>
-                <option value="0"<?php echo get_selected(0, $co['co_tag_filter_use']); ?>>사용안함</option>
+                <option value="1"<?php echo get_selected($co['co_tag_filter_use'], 1); ?>>사용함</option>
+                <option value="0"<?php echo get_selected($co['co_tag_filter_use'], 0); ?>>사용안함</option>
             </select>
         </td>
     </tr>

From bc5779fafbd9a363b0b392c2b30b03f70d1b87f8 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 16 Nov 2018 17:54:57 +0900
Subject: [PATCH 4/7] =?UTF-8?q?KVE-2018-1316=20=EA=B7=B8=EB=88=84=EB=B3=B4?=
 =?UTF-8?q?=EB=93=9C,=EC=98=81=EC=B9=B4=ED=8A=B8=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/confirm.php        | 6 +++---
 bbs/member_confirm.php | 9 +++++++--
 lib/common.lib.php     | 2 ++
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/bbs/confirm.php b/bbs/confirm.php
index fcf94e0e9..a80f5eab1 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -2,9 +2,9 @@
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
 
-$url1 = clean_xss_tags($url1);
-$url2 = clean_xss_tags($url2);
-$url3 = clean_xss_tags($url3);
+$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
+$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
+$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
 
 // url 체크
 check_url_host($url1);
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index 722a78302..e3fc28498 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -24,10 +24,15 @@ include_once('./_head.sub.php');
 // url 체크
 check_url_host($url, '', G5_URL, true);
 
-if( preg_match('#^/{3,}#', $url) ){
-    $url = preg_replace('#^/{3,}#', '/', $url);
+if($url){
+    $url = preg_replace('#^/\\\{1,}#', '/', $url);
+
+    if( preg_match('#^/{3,}#', $url) ){
+        $url = preg_replace('#^/{3,}#', '/', $url);
+    }
 }
 
+
 $url = get_text($url);
 
 include_once($member_skin_path.'/member_confirm.skin.php');
diff --git a/lib/common.lib.php b/lib/common.lib.php
index c12ff17e3..5391220b6 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2885,6 +2885,8 @@ function clean_xss_tags($str)
 {
     $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
 
+    $str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
+
     return $str;
 }
 

From e14f25d10f58ff96ace6f5ddc531c5be936db1df Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 21 Nov 2018 14:55:57 +0900
Subject: [PATCH 5/7] =?UTF-8?q?KVE-2018-1403=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/menu_list_update.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 4244d3343..324f26209 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
 
     $code    = $_POST['code'][$i];
     $me_name = $_POST['me_name'][$i];
-    $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
     
     if(!$code || !$me_name || !$me_link)
         continue;

From 30a0016d0bbd8a475bee8e45ce4202bfd51b7758 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 21 Nov 2018 15:03:33 +0900
Subject: [PATCH 6/7] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EA=B2=8C?=
 =?UTF-8?q?=EC=8B=9C=ED=8C=90=20=EC=8A=A4=ED=82=A8=20css=20=EC=BD=94?=
 =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 skin/board/basic/style.css               | 2 +-
 skin/board/gallery/style.css             | 2 +-
 theme/basic/skin/board/basic/style.css   | 2 +-
 theme/basic/skin/board/gallery/style.css | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/skin/board/basic/style.css b/skin/board/basic/style.css
index 37bf7fab7..d85f02315 100644
--- a/skin/board/basic/style.css
+++ b/skin/board/basic/style.css
@@ -65,7 +65,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
diff --git a/skin/board/gallery/style.css b/skin/board/gallery/style.css
index 7dd98d16b..cb38ea31f 100644
--- a/skin/board/gallery/style.css
+++ b/skin/board/gallery/style.css
@@ -55,7 +55,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
diff --git a/theme/basic/skin/board/basic/style.css b/theme/basic/skin/board/basic/style.css
index 37bf7fab7..d85f02315 100644
--- a/theme/basic/skin/board/basic/style.css
+++ b/theme/basic/skin/board/basic/style.css
@@ -65,7 +65,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}
diff --git a/theme/basic/skin/board/gallery/style.css b/theme/basic/skin/board/gallery/style.css
index e20ab1c66..035553804 100644
--- a/theme/basic/skin/board/gallery/style.css
+++ b/theme/basic/skin/board/gallery/style.css
@@ -55,7 +55,7 @@
 #bo_w .tbl_frm01 {}
 #bo_w .tbl_frm01 th {}
 #bo_w .tbl_frm01 td {}
-#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
+#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
 #bo_w .tbl_frm01 textarea {}
 /*
 #bo_w .tbl_frm01 #captcha {}

From 8399dafd4b4a0611c91697c8859a0ca3c5e5cdb9 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 21 Nov 2018 15:52:18 +0900
Subject: [PATCH 7/7] =?UTF-8?q?5.3.2.0=20=EB=B2=84=EC=A0=84=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index c7356a38d..4b7987a60 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.1.9');
+define('G5_GNUBOARD_VER', '5.3.2.0');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);