firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

notice 오류 해결중

Browse Source
This commit is contained in:
gnuboard
2012-12-27 15:04:40 +09:00
parent 5ed9a4d24d
commit 2b5c471bdb
13 changed files with 186 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bbs/list.php
View File

@ -21,11 +21,11 @@ if ($sca || $stx) {
// 가장 작은 번호를 얻어서 변수에 저장 (하단의 페이징에서 사용)
$sql = " select MIN(wr_num) as min_wr_num from {$write_table} ";
$row = sql_fetch($sql);
$min_spt = $row[min_wr_num];
$min_spt = $row['min_wr_num'];
if (!$spt) $spt = $min_spt;
$sql_search .= " and (wr_num between {$spt} and ({$spt} + {$config[cf_search_part]})) ";
$sql_search .= " and (wr_num between {$spt} and ({$spt} + {$config['cf_search_part']})) ";
// 원글만 얻는다. (코멘트의 내용도 검색하기 위함)
$sql = " select distinct wr_parent from {$write_table} where {$sql_search} ";
@ -109,7 +109,7 @@ while ($row = sql_fetch_array($result))
{
// 검색일 경우 wr_id만 얻었으므로 다시 한행을 얻는다
if ($sca || $stx)
$row = sql_fetch(" select * from {$write_table} where wr_id = '{$row[wr_parent]}' ");
$row = sql_fetch(" select * from {$write_table} where wr_id = '{$row['wr_parent']}' ");
$list[$i] = get_list($row, $board, $board_skin_path, $board['bo_subject_len']);
if (strstr($sfl, 'subject')) {
@ -131,11 +131,11 @@ if ($sca || $stx) {
$list_href = './board.php?bo_table='.$bo_table;
//if ($prev_spt >= $min_spt)
$prev_spt = $spt - $config[cf_search_part];
$prev_spt = $spt - $config['cf_search_part'];
if (isset($min_spt) && $prev_spt >= $min_spt)
$prev_part_href = './board.php?bo_table='.$bo_table.$qstr.'&spt='.$prev_spt.'&page=1';
$next_spt = $spt + $config[cf_search_part];
$next_spt = $spt + $config['cf_search_part'];
if ($next_spt < 0)
$next_part_href = './board.php?bo_table='.$bo_table.$qstr.'&amp;spt='.$next_spt.'&amp;page=1';
}

36
bbs/visit_insert.inc.php
View File

@ -5,25 +5,26 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) {
set_cookie('ck_visit_ip', $_SERVER['REMOTE_ADDR'], 86400); // 하루동안 저장
$tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g4[visit_table]} ");
$vi_id = $tmp_row[max_vi_id] + 1;
$tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g4['visit_table']} ");
$vi_id = $tmp_row['max_vi_id'] + 1;
// $_SERVER 배열변수 값의 변조를 이용한 SQL Injection 공격을 막는 코드입니다. 110810
$remote_addr = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$referer = mysql_real_escape_string($_SERVER['HTTP_REFERER']);
$referer = "";
if (isset($_SERVER['HTTP_REFERER']))
$referer = mysql_real_escape_string($_SERVER['HTTP_REFERER']);
$user_agent = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);
$sql = " insert {$g4[visit_table]} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '{$g4[time_ymd]}', '{$g4[time_his]}', '{$referer}', '{$user_agent}' ) ";
//$sql = " insert {$g4[visit_table]} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$_SERVER[REMOTE_ADDR]}', '{$g4[time_ymd]}', '{$g4[time_his]}', '{$_SERVER[HTTP_REFERER]}', '{$_SERVER[HTTP_USER_AGENT]}' ) ";
$sql = " insert {$g4['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '{$g4['time_ymd']}', '{$g4['time_his']}', '{$referer}', '{$user_agent}' ) ";
$result = sql_query($sql, FALSE);
// 정상으로 INSERT 되었다면 방문자 합계에 반영
if ($result) {
$sql = " insert {$g4[visit_sum_table]} ( vs_count, vs_date) values ( 1, '{$g4[time_ymd]}' ) ";
$sql = " insert {$g4['visit_sum_table']} ( vs_count, vs_date) values ( 1, '{$g4['time_ymd']}' ) ";
$result = sql_query($sql, FALSE);
// DUPLICATE 오류가 발생한다면 이미 날짜별 행이 생성되었으므로 UPDATE 실행
if (!$result) {
$sql = " update {$g4[visit_sum_table]} set vs_count = vs_count + 1 where vs_date = '{$g4[time_ymd]}' ";
$sql = " update {$g4['visit_sum_table']} set vs_count = vs_count + 1 where vs_date = '{$g4['time_ymd']}' ";
$result = sql_query($sql);
}
@ -31,32 +32,31 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) {
// 방문객 접속시마다 따로 쿼리를 하지 않기 위함 (엄청난 쿼리를 줄임 ^^)
// 오늘
$sql = " select vs_count as cnt from {$g4[visit_sum_table]} where vs_date = '{$g4[time_ymd]}' ";
$sql = " select vs_count as cnt from {$g4['visit_sum_table']} where vs_date = '{$g4['time_ymd']}' ";
$row = sql_fetch($sql);
$vi_today = $row[cnt];
$vi_today = $row['cnt'];
// 어제
$sql = " select vs_count as cnt from {$g4[visit_sum_table]} where vs_date = DATE_SUB('$g4[time_ymd]', INTERVAL 1 DAY) ";
$sql = " select vs_count as cnt from {$g4['visit_sum_table']} where vs_date = DATE_SUB('{$g4['time_ymd']}', INTERVAL 1 DAY) ";
$row = sql_fetch($sql);
$vi_yesterday = $row[cnt];
$vi_yesterday = $row['cnt'];
// 최대
$sql = " select max(vs_count) as cnt from {$g4[visit_sum_table]} ";
$sql = " select max(vs_count) as cnt from {$g4['visit_sum_table']} ";
$row = sql_fetch($sql);
$vi_max = $row[cnt];
$vi_max = $row['cnt'];
// 전체
//$sql = " select count(*) as cnt from {$g4[visit_table]} ";
$sql = " select sum(vs_count) as total from {$g4[visit_sum_table]} ";
$sql = " select sum(vs_count) as total from {$g4['visit_sum_table']} ";
$row = sql_fetch($sql);
$vi_sum = $row[total];
$vi_sum = $row['total'];
$visit = '오늘:'.$vi_today.',어제:'.$vi_yesterday.',최대:'.$vi_max.',전체:'.$vi_sum;
// 기본설정 테이블에 방문자수를 기록한 후
// 방문자수 테이블을 읽지 않고 출력한다.
// 쿼리의 수를 상당부분 줄임
sql_query(" update {$g4[config_table]} set cf_visit = '{$visit}' ");
sql_query(" update {$g4['config_table']} set cf_visit = '{$visit}' ");
}
}
?>
?>

37
bbs/write.php
View File

@ -1,8 +1,7 @@
<?
include_once('./_common.php');
if ($editor->lib) {
if ($editor->lib)
include_once($editor->lib);
}
set_session('ss_bo_table', $bo_table);
set_session('ss_wr_id', $wr_id);
@ -207,9 +206,7 @@ if ($member['mb_level'] >= $board['bo_html_level'])
$is_html = true;
$is_secret = $board['bo_use_secret'];
// DHTML 에디터 사용 선택 가능하게 수정 : 061021
//$is_dhtml_editor = $board[bo_use_dhtml_editor];
// 090713
if ($board['bo_use_dhtml_editor'] && $member['mb_level'] >= $board['bo_html_level'])
$is_dhtml_editor = true;
else
@ -341,11 +338,11 @@ if ($w == '') {
$content = $board['bo_insert_content'];
} else if ($w == 'r') {
if (!strstr($write['wr_option'], 'html')) {
$content = PHP_EOL.PHP_EOL.PHP_EOL.' &gt; '
.PHP_EOL.' &gt; '
.PHP_EOL.' &gt; '.preg_replace("/\n/", "\n> ", get_text($write['wr_content'], 0))
.PHP_EOL.' &gt; '
.PHP_EOL.' &gt; ';
$content = "\\n\\n\\n &gt; "
."\\n &gt; "
."\\n &gt; ".preg_replace("/\n/", "\n> ", get_text($write['wr_content'], 0))
."\\n &gt; "
."\\n &gt; ";
}
} else {
@ -382,13 +379,10 @@ include_once('./board_head.php');
$file_script = '';
$file_length = -1;
// 수정의 경우 파일업로드 필드가 가변적으로 늘어나야 하고 삭제 표시도 해주어야 합니다.
if ($w == 'u')
{
for ($i=0; $i<$file[count]; $i++)
{
if ($w == 'u') {
for ($i=0; $i<$file[count]; $i++) {
$row = sql_fetch(" select bf_file, bf_content from {$g4[board_file_table]} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
if ($row[bf_file])
{
if ($row[bf_file]) {
$file_script .= 'add_file("<input type="checkbox" name="bf_file_del['.$i.']" value="1"><a href="'.$file[$i][href].'">'.$file[$i][source].'('.$file[$i][size].')</a> 파일 삭제';
if ($is_file_content)
//$file_script .= '<br><input type="text" class="ed" size="50" name="bf_content['.$i.']" value="'.$row[bf_content].'" title="업로드 이미지 파일에 해당 되는 내용을 입력하세요.">';
@ -402,8 +396,7 @@ if ($w == 'u')
$file_length = $file[count] - 1;
}
if ($file_length < 0)
{
if ($file_length < 0) {
$file_script .= 'add_file("");'.PHP_EOL;
$file_length = 0;
}
@ -411,14 +404,6 @@ if ($file_length < 0)
include_once ($board_skin_path.'/write.skin.php');
if ($is_guest) {
echo '<script src="'.$g4['path'].'/js/md5.js"></script>'.PHP_EOL;
}
// 필터
//echo '<script> var g4_cf_filter = \''.$config[cf_filter].'\'; </script>'.PHP_EOL;
//echo '<script src="'.$g4['path'].'/js/filter.js"></script>'.PHP_EOL;
include_once('./board_tail.php');
include_once($g4['path'].'/tail.sub.php');