From 330e656544fd3cd209178a79131995d35858e72d Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Tue, 19 May 2015 13:59:00 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C5.0.34=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95=EB=82=B4=EC=97=AD=20=EC=A0=81=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/boardgroupmember_form.php |  1 -
 adm/boardgroupmember_list.php |  2 --
 adm/mail_list.php             |  1 -
 adm/member_list.php           |  2 --
 adm/poll_list.php             |  1 -
 adm/visit_list.php            |  4 ++--
 adm/visit_search.php          |  4 ++--
 bbs/alert.php                 |  3 +++
 bbs/confirm.php               |  5 +++++
 bbs/login.php                 |  8 ++------
 bbs/login_check.php           |  3 +++
 bbs/visit_insert.inc.php      |  2 +-
 lib/common.lib.php            | 22 ++++++++++++++++++++++
 13 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/adm/boardgroupmember_form.php b/adm/boardgroupmember_form.php
index 70d014c82..74737330e 100644
--- a/adm/boardgroupmember_form.php
+++ b/adm/boardgroupmember_form.php
@@ -76,7 +76,6 @@ $colspan = 4;
     $sql .= " order by a.gr_id desc ";
     $result = sql_query($sql);
     for ($i=0; $row=sql_fetch_array($result); $i++) {
-        $s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
     ?>
     <tr>
         <td class="td_chk">
diff --git a/adm/boardgroupmember_list.php b/adm/boardgroupmember_list.php
index e6eaf01fe..9692b976c 100644
--- a/adm/boardgroupmember_list.php
+++ b/adm/boardgroupmember_list.php
@@ -104,8 +104,6 @@ $colspan = 7;
         if ($row2['cnt'])
             $group = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">'.$row2['cnt'].'</a>';
 
-        //$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
-
         $mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);
 
         $bg = 'bg'.($i%2);
diff --git a/adm/mail_list.php b/adm/mail_list.php
index 727f4cf9c..6dfbd44ef 100644
--- a/adm/mail_list.php
+++ b/adm/mail_list.php
@@ -52,7 +52,6 @@ $colspan = 7;
     <tbody>
     <?php
     for ($i=0; $row=mysql_fetch_array($result); $i++) {
-        //$s_del = '<a href="javascript:post_delete(\'mail_update.php\', '.$row['ma_id'].');">삭제</a>';
         $s_vie = '<a href="./mail_preview.php?ma_id='.$row['ma_id'].'" target="_blank">미리보기</a>';
 
         $num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i);
diff --git a/adm/member_list.php b/adm/member_list.php
index 71758af66..3b773a5f7 100644
--- a/adm/member_list.php
+++ b/adm/member_list.php
@@ -158,10 +158,8 @@ $colspan = 16;
 
         if ($is_admin == 'group') {
             $s_mod = '';
-            $s_del = '';
         } else {
             $s_mod = '<a href="./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
-            //$s_del = '<a href="javascript:post_delete(\'member_delete.php\', \''.$row['mb_id'].'\');">삭제</a>';
         }
         $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';
 
diff --git a/adm/poll_list.php b/adm/poll_list.php
index b07e39166..0408f00ad 100644
--- a/adm/poll_list.php
+++ b/adm/poll_list.php
@@ -106,7 +106,6 @@ $colspan = 7;
         $po_etc = ($row['po_etc']) ? "사용" : "미사용";
 
         $s_mod = '<a href="./poll_form.php?'.$qstr.'&amp;w=u&amp;po_id='.$row['po_id'].'">수정</a>';
-        //$s_del = '<a href="javascript:post_delete(\'poll_form_update.php\', \''.$row['po_id'].'\');">삭제</a>';
 
         $bg = 'bg'.($i%2);
     ?>
diff --git a/adm/visit_list.php b/adm/visit_list.php
index 3b9b9c070..f4934488a 100644
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@@ -75,8 +75,8 @@ $result = sql_query($sql);
         else
             $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);
 
-        if ($brow == '기타') { $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>'; }
-        if ($os == '기타') { $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>'; }
+        if ($brow == '기타') { $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>'; }
+        if ($os == '기타') { $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>'; }
 
         $bg = 'bg'.($i%2);
     ?>
diff --git a/adm/visit_search.php b/adm/visit_search.php
index 636304de2..fb52d05f2 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -92,8 +92,8 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
         else
             $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);
 
-        if ($brow == '기타') $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>';
-        if ($os == '기타') $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>';
+        if ($brow == '기타') $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>';
+        if ($os == '기타') $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>';
 
         $bg = 'bg'.($i%2);
     ?>
diff --git a/bbs/alert.php b/bbs/alert.php
index c56f8d735..d64b6f2fd 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -32,6 +32,9 @@ $msg2 = str_replace("\\n", "<br>", $msg);
 
 if (!$url) $url = $_SERVER['HTTP_REFERER'];
 
+// url 체크
+check_url_host($url);
+
 if($error) {
     $header2 = "다음 항목에 오류가 있습니다.";
 } else {
diff --git a/bbs/confirm.php b/bbs/confirm.php
index cba013226..76e9c7652 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
+
+// url 체크
+check_url_host($url1);
+check_url_host($url2);
+check_url_host($url3);
 ?>
 
 <script>
diff --git a/bbs/login.php b/bbs/login.php
index 738ee1156..a9e343239 100644
--- a/bbs/login.php
+++ b/bbs/login.php
@@ -6,12 +6,8 @@ include_once('./_head.sub.php');
 
 $url = $_GET['url'];
 
-$p = parse_url($url);
-if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
-    //print_r2($p);
-    if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
-        alert('url에 타 도메인을 지정할 수 없습니다.');
-}
+// url 체크
+check_url_host($url);
 
 // 이미 로그인 중이라면
 if ($is_member) {
diff --git a/bbs/login_check.php b/bbs/login_check.php
index 54e4f1247..fd83a67bb 100644
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@@ -65,6 +65,9 @@ if ($auto_login) {
 }
 
 if ($url) {
+    // url 체크
+    check_url_host($url);
+
     $link = urldecode($url);
     // 2003-06-14 추가 (다른 변수들을 넘겨주기 위함)
     if (preg_match("/\?/", $link))
diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index a0ba612ef..538201b53 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -14,7 +14,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
         $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
-    $user_agent  = escape_trim($_SERVER['HTTP_USER_AGENT']);
+    $user_agent  = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
     $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";
 
     $result = sql_query($sql, FALSE);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 483b50ba5..e652637cb 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2844,4 +2844,26 @@ function check_password($pass, $hash)
 
     return ($password === $hash);
 }
+
+// 동일한 host url 인지
+function check_url_host($url, $msg='', $return_url=G5_URL)
+{
+    if(!$msg)
+        $msg = 'url에 타 도메인을 지정할 수 없습니다.';
+
+    $p = parse_url($url);
+    if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
+        if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
+            echo '<script>'.PHP_EOL;
+            echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
+            echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;
+            echo '</script>'.PHP_EOL;
+            echo '<noscript>'.PHP_EOL;
+            echo '<p>'.$msg.'</p>'.PHP_EOL;
+            echo '<p><a href="'.$return_url.'">돌아가기</a></p>'.PHP_EOL;
+            echo '</noscript>'.PHP_EOL;
+            exit;
+        }
+    }
+}
 ?>
\ No newline at end of file