diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php index 23e15e5ef..3c53259a8 100644 --- a/adm/sms_admin/_common.php +++ b/adm/sms_admin/_common.php @@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) { } $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : ''; +$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : ''; if( isset($token) ){ $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES); diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php index ee8b1627a..d5257dcea 100644 --- a/adm/sms_admin/form_group_update.php +++ b/adm/sms_admin/form_group_update.php @@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트 // 실제 번호를 넘김 $k = $_POST['chk'][$i]; $fg_no = (int) $_POST['fg_no'][$k]; - $fg_name = strip_tags($_POST['fg_name'][$k]); - $fg_member = strip_tags($_POST['fg_member'][$k]); + $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : ''; + $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : ''; if (!is_numeric($fg_no)) alert('그룹 고유번호가 없습니다.'); @@ -83,7 +83,7 @@ else // 등록 if (!strlen(trim($fg_name))) alert('그룹명을 입력해주세요'); - $fg_name = strip_tags($fg_name); + $fg_name = addslashes(strip_tags($fg_name)); $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'"); if ($res) diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php index f53dfb407..043fdd3f0 100644 --- a/adm/sms_admin/history_num.php +++ b/adm/sms_admin/history_num.php @@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)"; if ($page < 1) $page = 1; +if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){ + $st = ''; +} + if ($st && trim($sv)) $sql_search = " and $st like '%$sv%' "; else $sql_search = ""; -if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){ - $st = ''; -} - $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search"); $total_count = $total_res['cnt']; diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php index 0a13c641f..079c5eae1 100644 --- a/adm/sms_admin/num_book_update.php +++ b/adm/sms_admin/num_book_update.php @@ -12,6 +12,9 @@ $is_hp_exist = false; $bk_hp = get_hp($bk_hp); +$bk_memo = strip_tags($bk_memo); +$bk_name = strip_tags($bk_name); + if ($w=='u') // 업데이트 { if (!$bg_no) $bg_no = 0; @@ -21,8 +24,6 @@ if ($w=='u') // 업데이트 if (!strlen(trim($bk_name))) alert('이름을 입력해주세요'); - $bk_name = strip_tags($bk_name); - if ($bk_hp == '') alert('휴대폰번호만 입력 가능합니다.'); /* @@ -48,7 +49,7 @@ if ($w=='u') // 업데이트 sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'"); } - sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'"); + sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'"); if ($res['mb_id']){ //만약에 mb_id가 있다면... // 휴대폰번호 중복체크 $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' "; diff --git a/adm/sms_admin/num_book_write.php b/adm/sms_admin/num_book_write.php index 06896f81e..665673472 100644 --- a/adm/sms_admin/num_book_write.php +++ b/adm/sms_admin/num_book_write.php @@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php"); - +