diff --git a/adm/shop_admin/_common.php b/adm/shop_admin/_common.php index cd6d90222..74beddfec 100644 --- a/adm/shop_admin/_common.php +++ b/adm/shop_admin/_common.php @@ -9,4 +9,6 @@ if (!defined('G5_USE_SHOP') || !G5_USE_SHOP) include_once(G5_ADMIN_PATH.'/admin.lib.php'); include_once('./admin.shop.lib.php'); +run_event('admin_common'); + check_order_inicis_tmps(); \ No newline at end of file diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index 4c2f104a1..c2c07af1c 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -4,15 +4,14 @@ include_once('./_common.php'); if ($is_guest) alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL.'/login.php'); -/* -if ($url) - $urlencode = urlencode($url); -else - $urlencode = urlencode($_SERVER[REQUEST_URI]); -*/ - $url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : ''; +while (1) { + $tmp = preg_replace('/&#[^;]+;/', '', $url); + if ($tmp == $url) break; + $url = $tmp; +} + //소셜 로그인 한 경우 if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){ social_member_comfirm_redirect(); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index bf74ef3c7..d973e3c8e 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -223,7 +223,7 @@ for ($i=1; $i<=$upload_count; $i++) { $shuffle = implode('', $chars_array); // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925) - $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename); + $upload[$i]['file'] = md5(sha1($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename); $dest_file = G5_DATA_PATH.'/qa/'.$upload[$i]['file']; diff --git a/bbs/write_update.php b/bbs/write_update.php index 32c87cd66..08a568193 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -570,7 +570,7 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) { $shuffle = implode('', $chars_array); // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925) - $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename); + $upload[$i]['file'] = md5(sha1($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename); $dest_file = G5_DATA_PATH.'/file/'.$bo_table.'/'.$upload[$i]['file']; diff --git a/lib/common.lib.php b/lib/common.lib.php index 6a6a6980f..ad6ceda74 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3076,6 +3076,9 @@ function get_search_string($stx) // XSS 관련 태그 제거 function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0) { + // space, tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다. + $str = preg_replace('#[[:space:]]#', '', $str); + if( $is_remove_tags ){ $str = strip_tags($str); } diff --git a/mobile/skin/member/basic/register_form.skin.php b/mobile/skin/member/basic/register_form.skin.php index 85d13accb..90f33137b 100644 --- a/mobile/skin/member/basic/register_form.skin.php +++ b/mobile/skin/member/basic/register_form.skin.php @@ -47,6 +47,8 @@ if ($config['cf_cert_use'] && ($config['cf_cert_simple'] || $config['cf_cert_ipi