firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드5.0.34 수정내역 적용

Browse Source
This commit is contained in:
chicpro
2015-05-19 13:59:00 +09:00
parent 18fc8ec6d1
commit 330e656544
13 changed files with 40 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
adm/boardgroupmember_form.php
View File

@ -76,7 +76,6 @@ $colspan = 4;
$sql .= " order by a.gr_id desc "; $sql .= " order by a.gr_id desc ";
$result = sql_query($sql); $result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) { for ($i=0; $row=sql_fetch_array($result); $i++) {
$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
?> ?>
<tr> <tr>
<td class="td_chk"> <td class="td_chk">

2
adm/boardgroupmember_list.php
View File

@ -104,8 +104,6 @@ $colspan = 7;
if ($row2['cnt']) if ($row2['cnt'])
$group = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">'.$row2['cnt'].'</a>'; $group = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">'.$row2['cnt'].'</a>';
//$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
$mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']); $mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);
$bg = 'bg'.($i%2); $bg = 'bg'.($i%2);

1
adm/mail_list.php
View File

@ -52,7 +52,6 @@ $colspan = 7;
<tbody> <tbody>
<?php <?php
for ($i=0; $row=mysql_fetch_array($result); $i++) { for ($i=0; $row=mysql_fetch_array($result); $i++) {
//$s_del = '<a href="javascript:post_delete(\'mail_update.php\', '.$row['ma_id'].');">삭제</a>';
$s_vie = '<a href="./mail_preview.php?ma_id='.$row['ma_id'].'" target="_blank">미리보기</a>'; $s_vie = '<a href="./mail_preview.php?ma_id='.$row['ma_id'].'" target="_blank">미리보기</a>';
$num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i); $num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i);

2
adm/member_list.php
View File

@ -158,10 +158,8 @@ $colspan = 16;
if ($is_admin == 'group') { if ($is_admin == 'group') {
$s_mod = ''; $s_mod = '';
$s_del = '';
} else { } else {
$s_mod = '<a href="./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>'; $s_mod = '<a href="./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
//$s_del = '<a href="javascript:post_delete(\'member_delete.php\', \''.$row['mb_id'].'\');">삭제</a>';
} }
$s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>'; $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

1
adm/poll_list.php
View File

@ -106,7 +106,6 @@ $colspan = 7;
$po_etc = ($row['po_etc']) ? "사용" : "미사용"; $po_etc = ($row['po_etc']) ? "사용" : "미사용";
$s_mod = '<a href="./poll_form.php?'.$qstr.'&amp;w=u&amp;po_id='.$row['po_id'].'">수정</a>'; $s_mod = '<a href="./poll_form.php?'.$qstr.'&amp;w=u&amp;po_id='.$row['po_id'].'">수정</a>';
//$s_del = '<a href="javascript:post_delete(\'poll_form_update.php\', \''.$row['po_id'].'\');">삭제</a>';
$bg = 'bg'.($i%2); $bg = 'bg'.($i%2);
?> ?>

4
adm/visit_list.php
View File

@ -75,8 +75,8 @@ $result = sql_query($sql);
else else
$ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']); $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);
if ($brow == '기타') { $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>'; } if ($brow == '기타') { $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>'; }
if ($os == '기타') { $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>'; } if ($os == '기타') { $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>'; }
$bg = 'bg'.($i%2); $bg = 'bg'.($i%2);
?> ?>

4
adm/visit_search.php
View File

@ -92,8 +92,8 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
else else
$ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']); $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);
if ($brow == '기타') $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>'; if ($brow == '기타') $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>';
if ($os == '기타') $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>'; if ($os == '기타') $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>';
$bg = 'bg'.($i%2); $bg = 'bg'.($i%2);
?> ?>

3
bbs/alert.php
View File

@ -32,6 +32,9 @@ $msg2 = str_replace("\\n", "<br>", $msg);
if (!$url) $url = $_SERVER['HTTP_REFERER']; if (!$url) $url = $_SERVER['HTTP_REFERER'];
// url 체크
check_url_host($url);
if($error) { if($error) {
$header2 = "다음 항목에 오류가 있습니다."; $header2 = "다음 항목에 오류가 있습니다.";
} else { } else {

5
bbs/confirm.php
View File

@ -1,6 +1,11 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
// url 체크
check_url_host($url1);
check_url_host($url2);
check_url_host($url3);
?> ?>
<script> <script>

8
bbs/login.php
View File

@ -6,12 +6,8 @@ include_once('./_head.sub.php');
$url = $_GET['url']; $url = $_GET['url'];
$p = parse_url($url); // url 체크
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) { check_url_host($url);
//print_r2($p);
if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
alert('url에 타 도메인을 지정할 수 없습니다.');
}
// 이미 로그인 중이라면 // 이미 로그인 중이라면
if ($is_member) { if ($is_member) {

3
bbs/login_check.php
View File

@ -65,6 +65,9 @@ if ($auto_login) {
} }
if ($url) { if ($url) {
// url 체크
check_url_host($url);
$link = urldecode($url); $link = urldecode($url);
// 2003-06-14 추가 (다른 변수들을 넘겨주기 위함) // 2003-06-14 추가 (다른 변수들을 넘겨주기 위함)
if (preg_match("/\?/", $link)) if (preg_match("/\?/", $link))

2
bbs/visit_insert.inc.php
View File

@ -14,7 +14,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
$referer = ""; $referer = "";
if (isset($_SERVER['HTTP_REFERER'])) if (isset($_SERVER['HTTP_REFERER']))
$referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER'])); $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
$user_agent = escape_trim($_SERVER['HTTP_USER_AGENT']); $user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
$sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) "; $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";
$result = sql_query($sql, FALSE); $result = sql_query($sql, FALSE);

22
lib/common.lib.php
View File

@ -2844,4 +2844,26 @@ function check_password($pass, $hash)
return ($password === $hash); return ($password === $hash);
} }
// 동일한 host url 인지
function check_url_host($url, $msg='', $return_url=G5_URL)
{
if(!$msg)
$msg = 'url에 타 도메인을 지정할 수 없습니다.';
$p = parse_url($url);
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
echo '<script>'.PHP_EOL;
echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;
echo '</script>'.PHP_EOL;
echo '<noscript>'.PHP_EOL;
echo '<p>'.$msg.'</p>'.PHP_EOL;
echo '<p><a href="'.$return_url.'">돌아가기</a></p>'.PHP_EOL;
echo '</noscript>'.PHP_EOL;
exit;
}
}
}
?> ?>