diff --git a/bbs/formmail.php b/bbs/formmail.php index 4b2d24aff..55a9847e5 100644 --- a/bbs/formmail.php +++ b/bbs/formmail.php @@ -30,6 +30,8 @@ include_once(G5_PATH.'/head.sub.php'); if (!$name) $name = base64_decode($email); +else + $name = get_text(stripslashes($name), true); if (!isset($type)) $type = 0; diff --git a/bbs/point.php b/bbs/point.php index d9adee088..e37fe67bc 100644 --- a/bbs/point.php +++ b/bbs/point.php @@ -4,7 +4,7 @@ include_once('./_common.php'); if ($is_guest) alert_close('회원만 조회하실 수 있습니다.'); -$g5['title'] = $member['mb_nick'].' 님의 포인트 내역'; +$g5['title'] = get_text($member['mb_nick']).' 님의 포인트 내역'; include_once(G5_PATH.'/head.sub.php'); $list = array(); diff --git a/bbs/profile.php b/bbs/profile.php index 30e172b8c..c9f53b8cb 100644 --- a/bbs/profile.php +++ b/bbs/profile.php @@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}') $row = sql_fetch($sql); $mb_reg_after = $row['days']; -$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage'])); +$mb_homepage = set_http(get_text(clean_xss_tags($mb['mb_homepage']))); $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.'; include_once($member_skin_path.'/profile.skin.php'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index c19b1bb9a..5b5c6c422 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -217,7 +217,7 @@ if($w == '' || $w == 'a' || $w == 'r') { $sql = " insert into {$g5['qa_content_table']} set qa_num = '$qa_num', mb_id = '{$member['mb_id']}', - qa_name = '{$member['mb_nick']}', + qa_name = '".addslashes($member['mb_nick'])."', qa_email = '$qa_email', qa_hp = '$qa_hp', qa_type = '$qa_type', diff --git a/bbs/scrap.php b/bbs/scrap.php index af0cf8fd0..61ced3e4c 100644 --- a/bbs/scrap.php +++ b/bbs/scrap.php @@ -4,7 +4,7 @@ include_once('./_common.php'); if (!$is_member) alert_close('회원만 조회하실 수 있습니다.'); -$g5['title'] = $member['mb_nick'].'님의 스크랩'; +$g5['title'] = get_text($member['mb_nick']).'님의 스크랩'; include_once(G5_PATH.'/head.sub.php'); $sql_common = " from {$g5['scrap_table']} where mb_id = '{$member['mb_id']}' "; diff --git a/lib/common.lib.php b/lib/common.lib.php index 749672e5f..a07c5d45d 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -383,8 +383,9 @@ function get_list($write_row, $board, $skin_url, $subject_len=40) $list['wr_homepage'] = get_text($list['wr_homepage']); $tmp_name = get_text(cut_str($list['wr_name'], $config['cf_cut_name'])); // 설정된 자리수 만큼만 이름 출력 + $tmp_name2 = cut_str($list['wr_name'], $config['cf_cut_name']); // 설정된 자리수 만큼만 이름 출력 if ($board['bo_use_sideview']) - $list['name'] = get_sideview($list['mb_id'], $tmp_name, $list['wr_email'], $list['wr_homepage']); + $list['name'] = get_sideview($list['mb_id'], $tmp_name2, $list['wr_email'], $list['wr_homepage']); else $list['name'] = ''.$tmp_name.''; @@ -1201,6 +1202,10 @@ function get_sideview($mb_id, $name='', $email='', $homepage='') $email = base64_encode($email); $homepage = set_http(clean_xss_tags($homepage)); + $name = get_text($name, 0, true); + $email = get_text($email); + $homepage = get_text($homepage); + $tmp_name = ""; if ($mb_id) { //$tmp_name = "$name"; @@ -1235,10 +1240,6 @@ function get_sideview($mb_id, $name='', $email='', $homepage='') $title_mb_id = '[비회원]'; } - $name = get_text($name); - $email = get_text($email); - $homepage = get_text($homepage); - $str = "\n"; $str .= $tmp_name."\n"; @@ -1360,7 +1361,7 @@ function cut_str($str, $len, $suffix="…") // TEXT 형식으로 변환 -function get_text($str, $html=0) +function get_text($str, $html=0, $restore=false) { $source[] = "<"; $target[] = "<"; @@ -1371,7 +1372,8 @@ function get_text($str, $html=0) $source[] = "\'"; $target[] = "'"; - $str = str_replace($target, $source, $str); + if($restore) + $str = str_replace($target, $source, $str); // 3.31 // TEXT 출력일 경우 &   등의 코드를 정상으로 출력해 주기 위함 @@ -2635,9 +2637,9 @@ function module_exec_check($exe, $type) // 주소출력 function print_address($addr1, $addr2, $addr3, $addr4) { - $address = trim($addr1); - $addr2 = trim($addr2); - $addr3 = trim($addr3); + $address = get_text(trim($addr1)); + $addr2 = get_text(trim($addr2)); + $addr3 = get_text(trim($addr3)); if($addr4 == 'N') { if($addr2) diff --git a/mobile/skin/poll/basic/poll_result.skin.php b/mobile/skin/poll/basic/poll_result.skin.php index 451d92217..9c38339fb 100644 --- a/mobile/skin/poll/basic/poll_result.skin.php +++ b/mobile/skin/poll/basic/poll_result.skin.php @@ -57,7 +57,7 @@ add_stylesheet('', 0) - +

diff --git a/skin/poll/basic/poll_result.skin.php b/skin/poll/basic/poll_result.skin.php index 4741f5941..2ac6d1d33 100644 --- a/skin/poll/basic/poll_result.skin.php +++ b/skin/poll/basic/poll_result.skin.php @@ -61,7 +61,7 @@ add_stylesheet('', 0) - +

diff --git a/theme/basic/mobile/skin/poll/basic/poll_result.skin.php b/theme/basic/mobile/skin/poll/basic/poll_result.skin.php index 65c0eb70f..fb9263603 100644 --- a/theme/basic/mobile/skin/poll/basic/poll_result.skin.php +++ b/theme/basic/mobile/skin/poll/basic/poll_result.skin.php @@ -57,7 +57,7 @@ add_stylesheet('', 0) - +

diff --git a/theme/basic/skin/poll/basic/poll_result.skin.php b/theme/basic/skin/poll/basic/poll_result.skin.php index a19233b4c..b198f1561 100644 --- a/theme/basic/skin/poll/basic/poll_result.skin.php +++ b/theme/basic/skin/poll/basic/poll_result.skin.php @@ -61,7 +61,7 @@ add_stylesheet('', 0) - +