From f0e176033fc5b781ac9bf83de3ac9ccbef393a11 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 6 Sep 2019 17:48:35 +0900
Subject: [PATCH 1/6] =?UTF-8?q?=EC=B9=B4=EC=B9=B4=EC=98=A4=20=EB=A7=81?=
 =?UTF-8?q?=ED=81=AC=20v2=20=EB=B2=84=EC=A0=84=20=EC=BD=94=EB=93=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/sns/view.sns.skin.php | 39 ++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/plugin/sns/view.sns.skin.php b/plugin/sns/view.sns.skin.php
index 5a45b6392..97bb0523b 100644
--- a/plugin/sns/view.sns.skin.php
+++ b/plugin/sns/view.sns.skin.php
@@ -24,11 +24,38 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : '';
 ?>
 
 <?php if($config['cf_kakao_js_apikey']) { ?>
-<script src="//developers.kakao.com/sdk/js/kakao.min.js"></script>
-<script src="<?php echo G5_JS_URL; ?>/kakaolink.js"></script>
-<script>
-    // 사용할 앱의 Javascript 키를 설정해 주세요.
-    Kakao.init("<?php echo $config['cf_kakao_js_apikey']; ?>");
+<script src="//developers.kakao.com/sdk/js/kakao.min.js" charset="utf-8"></script>
+<script src="<?php echo G5_JS_URL; ?>/kakaolink.js" charset="utf-8"></script>
+<script type='text/javascript'>
+    //<![CDATA[
+        // 사용할 앱의 Javascript 키를 설정해 주세요.
+        Kakao.init("<?php echo $config['cf_kakao_js_apikey']; ?>");
+
+        function Kakao_sendLink() {
+            var webUrl = location.protocol+"<?php echo '//'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?>",
+                imageUrl = $("#bo_v_img").find("img").attr("src") || $(".view_image").find("img").attr("src") || '';
+
+            Kakao.Link.sendDefault({
+                objectType: 'feed',
+                content: {
+                    title: "<?php echo str_replace(array('%27', '&#034;' , '\"'), '', strip_tags($view['subject'])); ?>",
+                    description: "<?php echo preg_replace('/\r\n|\r|\n/','', strip_tags(get_text(cut_str(strip_tags($view['wr_content']), 200), 1))); ?>",
+                    imageUrl: imageUrl,
+                    link: {
+                        mobileWebUrl: webUrl,
+                        webUrl: webUrl
+                    }
+                },
+                buttons: [{
+                    title: '자세히 보기',
+                    link: {
+                        mobileWebUrl: webUrl,
+                        webUrl: webUrl
+                    }
+                }]
+            });
+        }
+    //]]>
 </script>
 <?php } ?>
 <div class="bo_v_snswr">
@@ -39,7 +66,7 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : '';
     <li><a href="<?php echo $facebook_url; ?>" target="_blank" class="sns_f"><img src="<?php echo G5_SNS_URL; ?>/icon/facebook.png" alt="페이스북으로 보내기" width="20"></a></li>
     <li><a href="<?php echo $gplus_url; ?>" target="_blank" class="sns_g"><img src="<?php echo G5_SNS_URL; ?>/icon/gplus.png" alt="구글플러스로 보내기" width="20"></a></li>
     <?php if($config['cf_kakao_js_apikey']) { ?>
-    <li><a href="javascript:kakaolink_send('<?php echo str_replace(array('%27', '\''), '', $sns_msg); ?>', '<?php echo urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); ?>');" class="sns_k" ><img src="<?php echo G5_SNS_URL; ?>/icon/kakaotalk.png" alt="카카오톡으로 보내기" width="20"></a></li>
+    <li><a href="javascript:Kakao_sendLink();" class="sns_k" ><img src="<?php echo G5_SNS_URL; ?>/icon/kakaotalk.png" alt="카카오톡으로 보내기" width="20"></a></li>
     <?php } ?>
 </ul>
 </div>

From 7ad199ccd557f0f2736f3e52a5b9a5eb51454175 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 9 Sep 2019 11:30:44 +0900
Subject: [PATCH 2/6] =?UTF-8?q?=EC=86=8C=EC=85=9C=20=EB=A1=9C=EA=B7=B8?=
 =?UTF-8?q?=EC=9D=B8=20=EA=B0=80=EC=9E=85=EC=8B=9C=20=EB=8B=89=EB=84=A4?=
 =?UTF-8?q?=EC=9E=84=20=EC=A4=91=EB=B3=B5=20=EC=B2=B4=ED=81=AC=20=EC=BD=94?=
 =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/social/register_member_update.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plugin/social/register_member_update.php b/plugin/social/register_member_update.php
index 2fbec2f98..748a82281 100644
--- a/plugin/social/register_member_update.php
+++ b/plugin/social/register_member_update.php
@@ -44,6 +44,7 @@ if( ! $mb_nick || ! $mb_name ){
     $tmp = explode('@', $mb_email);
     $mb_nick = $mb_nick ? $mb_nick : $tmp[0];
     $mb_name = $mb_name ? $mb_name : $tmp[0];
+    $mb_nick = exist_mb_nick_recursive($mb_nick, '');
 }
 
 if( ! isset($mb_password) || ! $mb_password ){

From b4604fca6781e8302e240d5f4c6e2ae3f455909a Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 9 Sep 2019 12:27:14 +0900
Subject: [PATCH 3/6] =?UTF-8?q?[KVE-2019-1318]=20SQL=20Injection=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/history_view.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 43e144fa4..a62558385 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -12,6 +12,10 @@ if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
     $st = '';
 }
 
+if( $sst && !in_array($sst, array('mb_id', 'bk_no', 'hs_name', 'hs_hp', 'hs_datetime', 'hs_flag', 'hs_code', 'hs_memo', 'hs_log')) ){
+    $sst = '';
+}
+
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = "문자전송 상세내역";
@@ -22,7 +26,7 @@ if (!is_numeric($wr_no))
 if ($spage < 1) $spage = 1;
 
 if ($sst && trim($ssv))
-    $sql_search = " and $sst like '%$ssv%' ";
+    $sql_search = " and $sst like '%".sql_real_escape_string($ssv)."%' ";
 else
     $sql_search = "";
 

From 8182cac90d2ee2f9da06469ecba759170e782ee3 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 16 Sep 2019 10:36:10 +0900
Subject: [PATCH 4/6] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/ajax.sms_write_form.php | 13 ++++++++-----
 plugin/sms5/ajax.sms_emoticon.php     | 15 ++++++++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index e82a01cef..82a02b22a 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -74,10 +74,13 @@ while($res = sql_fetch_array($qry))
     ";
 }
 
-$arr_ajax_msg['error'] = "";
-$arr_ajax_msg['list_text'] = $list_text;
-$arr_ajax_msg['page'] = $page;
-$arr_ajax_msg['total_count'] = $total_count;
-$arr_ajax_msg['total_page'] = $total_page;
+$arr_ajax_msg = array(
+'error'=>'',
+'list_text'=>$list_text,
+'page'=>$page,
+'total_count'=>$total_count,
+'total_page'=>$total_page
+);
+
 die( json_encode($arr_ajax_msg) );
 ?>
\ No newline at end of file
diff --git a/plugin/sms5/ajax.sms_emoticon.php b/plugin/sms5/ajax.sms_emoticon.php
index 7299bc157..12d6431e8 100644
--- a/plugin/sms5/ajax.sms_emoticon.php
+++ b/plugin/sms5/ajax.sms_emoticon.php
@@ -18,6 +18,8 @@ if (is_numeric($fg_no))
 else
     $sql_group = "";
 
+$sv = isset($sv) ? get_search_string($sv) : '';
+
 if ($st == 'all') {
     $sql_search = "and (fo_name like '%{$sv}%' or fo_content like '%{$sv}%')";
 } else if ($st == 'name') {
@@ -61,10 +63,13 @@ for($k=0;$res = sql_fetch_array($qry);$k++)
     $list_text[$k]['fo_name'] = cut_str($res['fo_name'],20);
 }
 
-$arr_ajax_msg['error'] = "";
-$arr_ajax_msg['list_text'] = $list_text;
-$arr_ajax_msg['page'] = $page;
-$arr_ajax_msg['total_count'] = $total_count;
-$arr_ajax_msg['total_page'] = $total_page;
+$arr_ajax_msg = array(
+'error'=>'',
+'list_text'=>$list_text,
+'page'=>$page,
+'total_count'=>$total_count,
+'total_page'=>$total_page
+);
+
 die( json_encode($arr_ajax_msg) );
 ?>
\ No newline at end of file

From 47bee3d294929505bb0ef23003aabd52ab10f664 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 16 Sep 2019 11:15:18 +0900
Subject: [PATCH 5/6] =?UTF-8?q?=ED=83=88=ED=87=B4=ED=95=9C=20=ED=9A=8C?=
 =?UTF-8?q?=EC=9B=90=EC=9D=B4=20=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8?=
 =?UTF-8?q?=EB=A5=BC=20=EC=B0=BE=EA=B8=B0=20=ED=95=A0=EC=88=98=20=EC=9E=88?=
 =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/password_lost2.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php
index fade9a22f..9e7bfd437 100644
--- a/bbs/password_lost2.php
+++ b/bbs/password_lost2.php
@@ -21,9 +21,9 @@ $row = sql_fetch($sql);
 if ($row['cnt'] > 1)
     alert('동일한 메일주소가 2개 이상 존재합니다.\\n\\n관리자에게 문의하여 주십시오.');
 
-$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime from {$g5['member_table']} where mb_email = '$email' ";
+$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime, mb_leave_date from {$g5['member_table']} where mb_email = '$email' ";
 $mb = sql_fetch($sql);
-if (!$mb['mb_id'])
+if (!$mb['mb_id'] || $mb['mb_leave_date'])
     alert('존재하지 않는 회원입니다.');
 else if (is_admin($mb['mb_id']))
     alert('관리자 아이디는 접근 불가합니다.');

From d72a3b5a73f097511f24941a2ec6dac42338ff29 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 16 Sep 2019 11:39:25 +0900
Subject: [PATCH 6/6] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.3.3.3=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index 51854fc9e..c228aa5d1 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.3.2');
+define('G5_GNUBOARD_VER', '5.3.3.3');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);