버전 5.3.2.3 수정

adm/admin.lib.php

@@ -435,7 +435,7 @@ function admin_check_xss_params($params){
         if ( empty($value) ) continue;
 
         if( is_array($value) ){
-            admin_check_xss_params($params);
+            admin_check_xss_params($value);
         } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();

adm/board_copy_update.php

@@ -38,43 +38,43 @@ $sql = " insert into {$g5['board_table']}
                 bo_subject = '$target_subject',
                 bo_device = '{$board['bo_device']}',
                 bo_admin = '{$board['bo_admin']}',
-                bo_list_level = '{$board[bo_list_level]}',
-                bo_read_level = '{$board[bo_read_level]}',
-                bo_write_level = '{$board[bo_write_level]}',
-                bo_reply_level = '{$board[bo_reply_level]}',
-                bo_comment_level = '{$board[bo_comment_level]}',
-                bo_upload_level = '{$board[bo_upload_level]}',
-                bo_download_level = '{$board[bo_download_level]}',
-                bo_html_level = '{$board[bo_html_level]}',
-                bo_link_level = '{$board[bo_link_level]}',
-                bo_count_modify = '{$board[bo_count_modify]}',
-                bo_count_delete = '{$board[bo_count_delete]}',
-                bo_read_point = '{$board[bo_read_point]}',
-                bo_write_point = '{$board[bo_write_point]}',
-                bo_comment_point = '{$board[bo_comment_point]}',
-                bo_download_point = '{$board[bo_download_point]}',
-                bo_use_category = '{$board[bo_use_category]}',
+                bo_list_level = '{$board['bo_list_level']}',
+                bo_read_level = '{$board['bo_read_level']}',
+                bo_write_level = '{$board['bo_write_level']}',
+                bo_reply_level = '{$board['bo_reply_level']}',
+                bo_comment_level = '{$board['bo_comment_level']}',
+                bo_upload_level = '{$board['bo_upload_level']}',
+                bo_download_level = '{$board['bo_download_level']}',
+                bo_html_level = '{$board['bo_html_level']}',
+                bo_link_level = '{$board['bo_link_level']}',
+                bo_count_modify = '{$board['bo_count_modify']}',
+                bo_count_delete = '{$board['bo_count_delete']}',
+                bo_read_point = '{$board['bo_read_point']}',
+                bo_write_point = '{$board['bo_write_point']}',
+                bo_comment_point = '{$board['bo_comment_point']}',
+                bo_download_point = '{$board['bo_download_point']}',
+                bo_use_category = '{$board['bo_use_category']}',
                 bo_category_list = '{$board['bo_category_list']}',
-                bo_use_sideview = '{$board[bo_use_sideview]}',
-                bo_use_file_content = '{$board[bo_use_file_content]}',
-                bo_use_secret = '{$board[bo_use_secret]}',
-                bo_use_dhtml_editor = '{$board[bo_use_dhtml_editor]}',
-                bo_use_rss_view = '{$board[bo_use_rss_view]}',
-                bo_use_good = '{$board[bo_use_good]}',
-                bo_use_nogood = '{$board[bo_use_nogood]}',
-                bo_use_name = '{$board[bo_use_name]}',
-                bo_use_signature = '{$board[bo_use_signature]}',
-                bo_use_ip_view = '{$board[bo_use_ip_view]}',
+                bo_use_sideview = '{$board['bo_use_sideview']}',
+                bo_use_file_content = '{$board['bo_use_file_content']}',
+                bo_use_secret = '{$board['bo_use_secret']}',
+                bo_use_dhtml_editor = '{$board['bo_use_dhtml_editor']}',
+                bo_use_rss_view = '{$board['bo_use_rss_view']}',
+                bo_use_good = '{$board['bo_use_good']}',
+                bo_use_nogood = '{$board['bo_use_nogood']}',
+                bo_use_name = '{$board['bo_use_name']}',
+                bo_use_signature = '{$board['bo_use_signature']}',
+                bo_use_ip_view = '{$board['bo_use_ip_view']}',
                 bo_use_list_view = '{$board['bo_use_list_view']}',
-                bo_use_list_content = '{$board[bo_use_list_content]}',
-                bo_table_width = '{$board[bo_table_width]}',
-                bo_subject_len = '{$board[bo_subject_len]}',
-                bo_mobile_subject_len = '{$board[bo_mobile_subject_len]}',
-                bo_page_rows = '{$board[bo_page_rows]}',
-                bo_mobile_page_rows = '{$board[bo_mobile_page_rows]}',
-                bo_new = '{$board[bo_new]}',
-                bo_hot = '{$board[bo_hot]}',
-                bo_image_width = '{$board[bo_image_width]}',
+                bo_use_list_content = '{$board['bo_use_list_content']}',
+                bo_table_width = '{$board['bo_table_width']}',
+                bo_subject_len = '{$board['bo_subject_len']}',
+                bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}',
+                bo_page_rows = '{$board['bo_page_rows']}',
+                bo_mobile_page_rows = '{$board['bo_mobile_page_rows']}',
+                bo_new = '{$board['bo_new']}',
+                bo_hot = '{$board['bo_hot']}',
+                bo_image_width = '{$board['bo_image_width']}',
                 bo_skin = '{$board['bo_skin']}',
                 bo_mobile_skin = '{$board['bo_mobile_skin']}',
                 bo_include_head = '{$board['bo_include_head']}',
@@ -84,20 +84,20 @@ $sql = " insert into {$g5['board_table']}
                 bo_mobile_content_head = '".addslashes($board['bo_mobile_content_head'])."',
                 bo_mobile_content_tail = '".addslashes($board['bo_mobile_content_tail'])."',
                 bo_insert_content = '".addslashes($board['bo_insert_content'])."',
-                bo_gallery_cols = '{$board[bo_gallery_cols]}',
-                bo_gallery_width = '{$board[bo_gallery_width]}',
-                bo_gallery_height = '{$board[bo_gallery_height]}',
-                bo_mobile_gallery_width = '{$board[bo_mobile_gallery_width]}',
-                bo_mobile_gallery_height = '{$board[bo_mobile_gallery_height]}',
-                bo_upload_size = '{$board[bo_upload_size]}',
-                bo_reply_order = '{$board[bo_reply_order]}',
-                bo_use_search = '{$board[bo_use_search]}',
-                bo_order = '{$board[bo_order]}',
+                bo_gallery_cols = '{$board['bo_gallery_cols']}',
+                bo_gallery_width = '{$board['bo_gallery_width']}',
+                bo_gallery_height = '{$board['bo_gallery_height']}',
+                bo_mobile_gallery_width = '{$board['bo_mobile_gallery_width']}',
+                bo_mobile_gallery_height = '{$board['bo_mobile_gallery_height']}',
+                bo_upload_size = '{$board['bo_upload_size']}',
+                bo_reply_order = '{$board['bo_reply_order']}',
+                bo_use_search = '{$board['bo_use_search']}',
+                bo_order = '{$board['bo_order']}',
                 bo_notice = '{$board['bo_notice']}',
-                bo_upload_count = '{$board[bo_upload_count]}',
-                bo_use_email = '{$board[bo_use_email]}',
-                bo_use_cert = '{$board[bo_use_cert]}',
-                bo_use_sns = '{$board[bo_use_sns]}',
+                bo_upload_count = '{$board['bo_upload_count']}',
+                bo_use_email = '{$board['bo_use_email']}',
+                bo_use_cert = '{$board['bo_use_cert']}',
+                bo_use_sns = '{$board['bo_use_sns']}',
                 bo_sort_field = '{$board['bo_sort_field']}',
                 bo_1_subj = '".addslashes($board['bo_1_subj'])."',
                 bo_2_subj = '".addslashes($board['bo_2_subj'])."',

config.php

@@ -5,8 +5,8 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.2.2');
-define('G5_YOUNGCART_VER', '5.3.2.2');
+define('G5_GNUBOARD_VER', '5.3.2.3');
+define('G5_YOUNGCART_VER', '5.3.2.3');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

lib/thumbnail.lib.php

@@ -25,29 +25,31 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
         $matches = get_editor_image($write['wr_content'], false);
         $edt = true;
 
-        for($i=0; $i<count($matches[1]); $i++)
-        {
-            // 이미지 path 구함
-            $p = parse_url($matches[1][$i]);
-            if(strpos($p['path'], '/'.G5_DATA_DIR.'/') != 0)
-                $data_path = preg_replace('/^\/.*\/'.G5_DATA_DIR.'/', '/'.G5_DATA_DIR, $p['path']);
-            else
-                $data_path = $p['path'];
+        if(isset($matches[1]) && is_array($matches[1])){
+            for($i=0; $i<count($matches[1]); $i++)
+            {
+                // 이미지 path 구함
+                $p = parse_url($matches[1][$i]);
+                if(strpos($p['path'], '/'.G5_DATA_DIR.'/') != 0)
+                    $data_path = preg_replace('/^\/.*\/'.G5_DATA_DIR.'/', '/'.G5_DATA_DIR, $p['path']);
+                else
+                    $data_path = $p['path'];
 
-            $srcfile = G5_PATH.$data_path;
+                $srcfile = G5_PATH.$data_path;
 
-            if(preg_match("/\.({$config['cf_image_extension']})$/i", $srcfile) && is_file($srcfile)) {
-                $size = @getimagesize($srcfile);
-                if(empty($size))
-                    continue;
+                if(preg_match("/\.({$config['cf_image_extension']})$/i", $srcfile) && is_file($srcfile)) {
+                    $size = @getimagesize($srcfile);
+                    if(empty($size))
+                        continue;
 
-                $filename = basename($srcfile);
-                $filepath = dirname($srcfile);
+                    $filename = basename($srcfile);
+                    $filepath = dirname($srcfile);
 
-                preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $matches[0][$i], $malt);
-                $alt = get_text($malt[1]);
+                    preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $matches[0][$i], $malt);
+                    $alt = get_text($malt[1]);
 
-                break;
+                    break;
+                }
             }
         }
     }

mobile/skin/content/basic/style.css

@@ -7,5 +7,6 @@ webkit-box-shadow: 0 1px 4px #cbd1df;
        box-shadow: 0 1px 4px #cbd1df;}
 .ctt_admin {margin:0 5px;text-align:right}
 #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden}
+#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto}
 #ctt_con {padding:10px 0}
 .ctt_img {text-align:center}

plugin/htmlpurifier/safeiframe.txt

@@ -11,4 +11,5 @@ www.microsoft.com/showcase/video.aspx/
 w.soundcloud.com/
 www.facebook.com/
 kakaotv.daum.net/
-v.afree.ca/
+v.afree.ca/
+play-tv.kakao.com/

skin/content/basic/style.css

@@ -5,5 +5,5 @@
 .ctt_admin {text-align:right}
 #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden}
 #ctt_con {padding:10px 0;line-height:1.6em}
-#ctt_con img{max-width:100%;height:auto}
+#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto}
 .ctt_img {text-align:center}

theme/basic/mobile/skin/content/basic/style.css

@@ -7,5 +7,6 @@ webkit-box-shadow: 0 1px 4px #cbd1df;
        box-shadow: 0 1px 4px #cbd1df;}
 .ctt_admin {margin:0 5px;text-align:right}
 #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden}
+#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto}
 #ctt_con {padding:10px 0}
 .ctt_img {text-align:center}

theme/basic/skin/content/basic/style.css

@@ -5,5 +5,5 @@
 .ctt_admin {text-align:right}
 #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden}
 #ctt_con {padding:10px 0;line-height:1.6em}
-#ctt_con img{max-width:100%;height:auto}
+#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto}
 .ctt_img {text-align:center}