From 6660a4adc155d8dc3e0e79aef6d4bbcbcaa82cd5 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Fri, 8 Apr 2022 10:31:50 +0900
Subject: [PATCH 1/5] =?UTF-8?q?admin=5Fcommon=20=EA=B8=B0=EB=B3=B8=20?=
 =?UTF-8?q?=ED=9B=85=20=EC=B6=94=EA=B0=80=20(220408,=ED=8B=B0=EB=A1=9C?=
 =?UTF-8?q?=EA=B7=B8=EB=8B=98)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/_common.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/adm/shop_admin/_common.php b/adm/shop_admin/_common.php
index cd6d90222..74beddfec 100644
--- a/adm/shop_admin/_common.php
+++ b/adm/shop_admin/_common.php
@@ -9,4 +9,6 @@ if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
 include_once('./admin.shop.lib.php');
 
+run_event('admin_common');
+
 check_order_inicis_tmps();
\ No newline at end of file

From 258f94e597aba89b0a5923295c1e46d4c0f83abb Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Fri, 8 Apr 2022 11:05:23 +0900
Subject: [PATCH 2/5] =?UTF-8?q?Reflected=20XSS=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=ED=95=B4=EA=B2=B0,=20Fixed=20Reflected=20XSS=20vul?=
 =?UTF-8?q?nerability=20(220408,hunter.dev/9o3)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 6a6a6980f..ad6ceda74 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3076,6 +3076,9 @@ function get_search_string($stx)
 // XSS 관련 태그 제거
 function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0)
 {
+    // space, tab('\t'), formfeed('\f'), vertical tab('\v'), newline('\n'), carriage return('\r') 를 제거한다.
+    $str = preg_replace('#[[:space:]]#', '', $str);
+
     if( $is_remove_tags ){
         $str = strip_tags($str);
     }

From 2457055514cb57324e13f73391b9672c02742bd2 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Fri, 15 Apr 2022 10:00:13 +0900
Subject: [PATCH 3/5] =?UTF-8?q?$url=20=ED=8C=8C=EB=9D=BC=EB=AF=B8=ED=84=B0?=
 =?UTF-8?q?=EC=97=90=20HTML=20Entity=20Number=20=ED=98=95=EC=8B=9D?=
 =?UTF-8?q?=EC=9C=BC=EB=A1=9C=20=EA=B0=92=EC=9D=B4=20=EB=84=98=EC=96=B4?=
 =?UTF-8?q?=EC=98=A4=EB=8A=94=20=EA=B2=BD=EC=9A=B0=EC=9D=98=20XSS=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0=20(woonge?=
 =?UTF-8?q?=EB=8B=98,220415)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/member_confirm.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index 4c2f104a1..c2c07af1c 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -4,15 +4,14 @@ include_once('./_common.php');
 if ($is_guest)
     alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL.'/login.php');
 
-/*
-if ($url)
-    $urlencode = urlencode($url);
-else
-    $urlencode = urlencode($_SERVER[REQUEST_URI]);
-*/
-
 $url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
 
+while (1) {
+    $tmp = preg_replace('/&#[^;]+;/', '', $url);
+    if ($tmp == $url) break;
+    $url = $tmp;
+}
+
 //소셜 로그인 한 경우
 if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){    
     social_member_comfirm_redirect();

From 13bc72def74246f1daeb0b4c6f702437a0e5f33d Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Mon, 18 Apr 2022 11:47:22 +0900
Subject: [PATCH 4/5] =?UTF-8?q?ip2long=EC=9C=BC=EB=A1=9C=20=EB=B3=80?=
 =?UTF-8?q?=ED=99=98=EB=90=9C=20REMOTE=5FADDR=EC=9D=84=20=EC=9C=A0?=
 =?UTF-8?q?=EC=B6=94=ED=95=A0=EC=88=98=20=EC=97=86=EB=8F=84=EB=A1=9D=20md5?=
 =?UTF-8?q?(sha1(REMOTE=5FADDR))=EB=A1=9C=20=EC=B2=98=EB=A6=AC=ED=95=A8=20?=
 =?UTF-8?q?(kjsman=EB=8B=98,220418)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/qawrite_update.php           | 2 +-
 bbs/write_update.php             | 2 +-
 plugin/kcaptcha/kcaptcha_mp3.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index bf74ef3c7..d973e3c8e 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -223,7 +223,7 @@ for ($i=1; $i<=$upload_count; $i++) {
         $shuffle = implode('', $chars_array);
 
         // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925)
-        $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename);
+        $upload[$i]['file'] = md5(sha1($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename);
 
         $dest_file = G5_DATA_PATH.'/qa/'.$upload[$i]['file'];
 
diff --git a/bbs/write_update.php b/bbs/write_update.php
index 32c87cd66..08a568193 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -570,7 +570,7 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) {
             $shuffle = implode('', $chars_array);
 
             // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925)
-            $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename);
+            $upload[$i]['file'] = md5(sha1($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.replace_filename($filename);
 
             $dest_file = G5_DATA_PATH.'/file/'.$bo_table.'/'.$upload[$i]['file'];
 
diff --git a/plugin/kcaptcha/kcaptcha_mp3.php b/plugin/kcaptcha/kcaptcha_mp3.php
index 67fa5c114..5672320a3 100644
--- a/plugin/kcaptcha/kcaptcha_mp3.php
+++ b/plugin/kcaptcha/kcaptcha_mp3.php
@@ -16,7 +16,7 @@ function make_mp3()
         $mp3s[] = $file;
     }
 
-    $ip = sprintf("%u", ip2long($_SERVER['REMOTE_ADDR']));
+    $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
     $mp3_file = 'cache/kcaptcha-'.$ip.'_'.G5_SERVER_TIME.'.mp3';
 
     $contents = '';

From fdd2d30f4e83119419e9f5d9065ca13a93632422 Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Mon, 18 Apr 2022 12:04:00 +0900
Subject: [PATCH 5/5] =?UTF-8?q?$desc=5Fname,=20$desc=5Fphone=20Undefined?=
 =?UTF-8?q?=20variable=20=EB=AC=B8=EC=A0=9C=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/skin/member/basic/register_form.skin.php             | 2 ++
 skin/member/basic/register_form.skin.php                    | 2 ++
 theme/basic/mobile/skin/member/basic/register_form.skin.php | 2 ++
 theme/basic/skin/member/basic/register_form.skin.php        | 4 +++-
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/mobile/skin/member/basic/register_form.skin.php b/mobile/skin/member/basic/register_form.skin.php
index 85d13accb..90f33137b 100644
--- a/mobile/skin/member/basic/register_form.skin.php
+++ b/mobile/skin/member/basic/register_form.skin.php
@@ -47,6 +47,8 @@ if ($config['cf_cert_use'] && ($config['cf_cert_simple'] || $config['cf_cert_ipi
         <ul>
             <li>
                 <?php 
+                $desc_name = '';
+                $desc_phone = '';
 	            if ($config['cf_cert_use']) {
                     $desc_name = ' - 본인확인 시 자동입력';
                     $desc_phone = ' - 본인확인 시 자동입력';
diff --git a/skin/member/basic/register_form.skin.php b/skin/member/basic/register_form.skin.php
index 0e252688d..f8f73b6d3 100644
--- a/skin/member/basic/register_form.skin.php
+++ b/skin/member/basic/register_form.skin.php
@@ -53,6 +53,8 @@ if ($config['cf_cert_use'] && ($config['cf_cert_simple'] || $config['cf_cert_ipi
 	        <ul>
 				<li>
                     <?php 
+					$desc_name = '';
+					$desc_phone = '';
 	                if ($config['cf_cert_use']) {
                         $desc_name = '<span class="cert_desc"> 본인확인 시 자동입력</span>';
                         $desc_phone = '<span class="cert_desc"> 본인확인 시 자동입력</span>';
diff --git a/theme/basic/mobile/skin/member/basic/register_form.skin.php b/theme/basic/mobile/skin/member/basic/register_form.skin.php
index ed02a5999..534a63933 100644
--- a/theme/basic/mobile/skin/member/basic/register_form.skin.php
+++ b/theme/basic/mobile/skin/member/basic/register_form.skin.php
@@ -47,6 +47,8 @@ if ($config['cf_cert_use'] && ($config['cf_cert_simple'] || $config['cf_cert_ipi
         <ul>
             <li>
                 <?php 
+                $desc_name = '';
+                $desc_phone = '';
 	            if ($config['cf_cert_use']) {
                     $desc_name = ' - 본인확인 시 자동입력';
                     $desc_phone = ' - 본인확인 시 자동입력';
diff --git a/theme/basic/skin/member/basic/register_form.skin.php b/theme/basic/skin/member/basic/register_form.skin.php
index d7af6bce4..7b79c61f4 100644
--- a/theme/basic/skin/member/basic/register_form.skin.php
+++ b/theme/basic/skin/member/basic/register_form.skin.php
@@ -53,7 +53,9 @@ if ($config['cf_cert_use'] && ($config['cf_cert_simple'] || $config['cf_cert_ipi
 	        <ul>
 				<li>
                     <?php 
-	                if ($config['cf_cert_use']) {
+					$desc_name = '';
+					$desc_phone = '';
+					if ($config['cf_cert_use']) {
                         $desc_name = '<span class="cert_desc"> 본인확인 시 자동입력</span>';
                         $desc_phone = '<span class="cert_desc"> 본인확인 시 자동입력</span>';