firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

보안패치 및 그누보드 5.0.20 수정사항 적용

Browse Source
This commit is contained in:
chicpro
2014-10-22 13:16:44 +09:00
parent 1355c7ef57
commit 352deb6133
33 changed files with 70 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/board_form.php
View File

@ -842,7 +842,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("bo_content_head", $board['bo_content_head']); ?>
<?php echo editor_html("bo_content_head", get_text($board['bo_content_head'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_head" value="1" id="chk_grp_content_head">
@ -854,7 +854,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("bo_content_tail", $board['bo_content_tail']); ?>
<?php echo editor_html("bo_content_tail", get_text($board['bo_content_tail'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_tail" value="1" id="chk_grp_content_tail">
@ -866,7 +866,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_head", $board['bo_mobile_content_head']); ?>
<?php echo editor_html("bo_mobile_content_head", get_text($board['bo_mobile_content_head'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_head" value="1" id="chk_grp_mobile_content_head">
@ -878,7 +878,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_tail", $board['bo_mobile_content_tail']); ?>
<?php echo editor_html("bo_mobile_content_tail", get_text($board['bo_mobile_content_tail'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_tail" value="1" id="chk_grp_mobile_content_tail">

2
adm/board_list.php
View File

@ -138,7 +138,7 @@ $colspan = 15;
<a href="<?php echo G5_BBS_URL ?>/board.php?bo_table=<?php echo $row['bo_table'] ?>"><?php echo $row['bo_table'] ?></a>
</td>
<td>
<label for="bo_skin_<?php echo $i; ?>" class="sound_only">모바일 스킨</label>
<label for="bo_skin_<?php echo $i; ?>" class="sound_only">스킨</label>
<?php echo get_skin_select('board', 'bo_skin_'.$i, "bo_skin[$i]", $row['bo_skin']); ?>
</td>
<td>

2
adm/boardgroupmember_form.php
View File

@ -20,7 +20,7 @@ $colspan = 4;
<input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
<input type="hidden" name="token" value="<?php echo $token ?>" id="token">
<div class="local_cmd01 local_cmd">
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo $mb['mb_name'] ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo get_text($mb['mb_name']); ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<label for="gr_id">그룹지정</label>
<select name="gr_id" id="gr_id">
<option value="">접근가능 그룹을 선택하세요.</option>

2
adm/boardgroupmember_list.php
View File

@ -117,7 +117,7 @@ $colspan = 7;
</td>
<td class="td_grid"><?php echo $group ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_name sv_use"><?php echo $mb_nick ?></td>
<td class="td_datetime"><?php echo substr($row['mb_today_login'],2,8) ?></td>
<td class="td_datetime"><?php echo $row['gm_datetime'] ?></td>

2
adm/contentform.php
View File

@ -67,7 +67,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">내용</th>
<td><?php echo editor_html('co_content', $co['co_content']); ?></td>
<td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
</tr>
<tr>
<th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>

10
adm/faqform.php
View File

@ -9,7 +9,6 @@ $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
$fm = sql_fetch($sql);
$html_title = 'FAQ '.$fm['fm_subject'];;
$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@ -19,13 +18,12 @@ if ($w == "u")
$sql = " select * from {$g5['faq_table']} where fa_id = '$fa_id' ";
$fa = sql_fetch($sql);
if (!$fa['fa_id']) alert("등록된 자료가 없습니다.");
$fa['fa_subject'] = htmlspecialchars2($fa['fa_subject']);
$fa['fa_content'] = htmlspecialchars2($fa['fa_content']);
}
else
$html_title .= ' 항목 입력';
$g5['title'] = $html_title.' 관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
?>
@ -52,11 +50,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">질문</th>
<td><?php echo editor_html('fa_subject', $fa['fa_subject']); ?></td>
<td><?php echo editor_html('fa_subject', get_text($fa['fa_subject'], 0)); ?></td>
</tr>
<tr>
<th scope="row">답변</th>
<td><?php echo editor_html('fa_content', $fa['fa_content']); ?></td>
<td><?php echo editor_html('fa_content', get_text($fa['fa_content'], 0)); ?></td>
</tr>
</tbody>
</table>

11
adm/faqmasterform.php
View File

@ -6,7 +6,6 @@ include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
$html_title = 'FAQ';
$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@ -22,6 +21,8 @@ else
$html_title .= ' 입력';
}
$g5['title'] = $html_title.' 관리';
// 모바일 상하단 내용 필드추가
if(!sql_query(" select fm_mobile_head_html from {$g5['faq_master_table']} limit 1 ", false)) {
sql_query(" ALTER TABLE `{$g5['faq_master_table']}`
@ -112,25 +113,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<tr>
<th scope="row">상단 내용</th>
<td>
<?php echo editor_html('fm_head_html', $fm['fm_head_html']); ?>
<?php echo editor_html('fm_head_html', get_text($fm['fm_head_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">하단 내용</th>
<td>
<?php echo editor_html('fm_tail_html', $fm['fm_tail_html']); ?>
<?php echo editor_html('fm_tail_html', get_text($fm['fm_tail_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일상단 내용</th>
<td>
<?php echo editor_html('fm_mobile_head_html', $fm['fm_mobile_head_html']); ?>
<?php echo editor_html('fm_mobile_head_html', get_text($fm['fm_mobile_head_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일하단 내용</th>
<td>
<?php echo editor_html('fm_mobile_tail_html', $fm['fm_mobile_tail_html']); ?>
<?php echo editor_html('fm_mobile_tail_html', get_text($fm['fm_mobile_tail_html'], 0)); ?>
</td>
</tr>
</tbody>

4
adm/index.php
View File

@ -102,7 +102,7 @@ $colspan = 12;
?>
<tr>
<td class="td_mbid"><?php echo $mb_id ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_num"><?php echo $row['mb_level'] ?></td>
<td><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo number_format($row['mb_point']) ?></a></td>
@ -284,7 +284,7 @@ $colspan = 7;
<tr>
<td class="td_mbid"><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_datetime"><?php echo $row['po_datetime'] ?></td>
<td><?php echo $link1.$row['po_content'].$link2 ?></td>

4
adm/mail_form.php
View File

@ -46,7 +46,7 @@ include_once('./admin.head.php');
</tr>
<tr>
<th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>
<td><?php echo editor_html("ma_content", $ma['ma_content']); ?></td>
<td><?php echo editor_html("ma_content", get_text($ma['ma_content'], 0)); ?></td>
</tr>
</tbody>
</table>
@ -74,7 +74,7 @@ function fmailform_check(f)
<?php echo get_editor_js("ma_content"); ?>
<?php echo chk_editor_js("ma_content"); ?>
return true;
}

6
adm/mail_preview.php
View File

@ -8,7 +8,7 @@ auth_check($auth[$sub_menu], 'r');
$se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");
$subject = $se['ma_subject'];
$content = $se['ma_content'] . "<hr size=0><p><span style='font-size:9pt; font-family:굴림'>▶ 더 이상 정보 수신을 원치 않으시면 [<a href='".G5_BBS_URL."/email_stop.php?mb_id=***&amp;mb_md5=***' target='_blank'>수신거부</a>] 해 주십시오.</span></p>";
$content = conv_content($se['ma_content'], 1) . "<hr size=0><p><span style='font-size:9pt; font-family:굴림'>▶ 더 이상 정보 수신을 원치 않으시면 [<a href='".G5_BBS_URL."/email_stop.php?mb_id=***&amp;mb_md5=***' target='_blank'>수신거부</a>] 해 주십시오.</span></p>";
?>
<!doctype html>
@ -20,10 +20,10 @@ $content = $se['ma_content'] . "<hr size=0><p><span style='font-size:9pt; font-f
<body>
<h1><?php echo $subject ?></h1>
<h1><?php echo $subject; ?></h1>
<p>
<?php echo $se['ma_content'] ?>
<?php echo $content; ?>
</p>
<p>

4
adm/mail_select_list.php
View File

@ -93,7 +93,7 @@ include_once('./admin.head.php');
$cr = "";
while ($row=sql_fetch_array($result)) {
$i++;
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . get_text($row['mb_name']) . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$cr = "\n";
$bg = 'bg'.($i%2);
@ -101,7 +101,7 @@ include_once('./admin.head.php');
<tr class="<?php echo $bg; ?>">
<td class="td_num"><?php echo $i ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname"><?php echo $row['mb_nick'] ?></td>
<td><?php echo $row['mb_email'] ?></td>
</tr>

2
adm/mail_test.php
View File

@ -13,7 +13,7 @@ check_demo();
$g5['title'] = '회원메일 테스트';
$name = $member['mb_name'];
$name = get_text($member['mb_name']);
$nick = $member['mb_nick'];
$mb_id = $member['mb_id'];
$email = $member['mb_email'];

4
adm/member_list.php
View File

@ -213,11 +213,11 @@ $colspan = 16;
<tr class="<?php echo $bg; ?>">
<td headers="mb_list_chk" class="td_chk" rowspan="2">
<input type="hidden" name="mb_id[<?php echo $i ?>]" value="<?php echo $row['mb_id'] ?>" id="mb_id_<?php echo $i ?>">
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $row['mb_name']; ?> <?php echo $row['mb_nick']; ?>님</label>
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['mb_name']); ?> <?php echo $row['mb_nick']; ?>님</label>
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td headers="mb_list_id" rowspan="2" class="td_name sv_use"><?php echo $mb_id ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo $row['mb_name']; ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td headers="mb_list_cert" colspan="6" class="td_mbcert">
<input type="radio" name="mb_certify[<?php echo $i; ?>]" value="ipin" id="mb_certify_ipin_<?php echo $i; ?>" <?php echo $row['mb_certify']=='ipin'?'checked':''; ?>>
<label for="mb_certify_ipin_<?php echo $i; ?>">아이핀</label>

2
adm/newwinform.php
View File

@ -111,7 +111,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row"><label for="nw_content">내용</label></th>
<td><?php echo editor_html('nw_content', $nw['nw_content']); ?></td>
<td><?php echo editor_html('nw_content', get_text($nw['nw_content'], 0)); ?></td>
</tr>
</tbody>
</table>

2
adm/point_list.php
View File

@ -163,7 +163,7 @@ function point_clear()
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td class="td_mbid"><a href="?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_pt_log"><?php echo $link1 ?><?php echo $row['po_content'] ?><?php echo $link2 ?></td>
<td class="td_num td_pt"><?php echo number_format($row['po_point']) ?></td>

8
adm/qa_config.php
View File

@ -268,25 +268,25 @@ if(!isset($qaconfig['qa_include_head'])) {
<tr>
<th scope="row"><label for="qa_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("qa_content_head", $qaconfig['qa_content_head']); ?>
<?php echo editor_html("qa_content_head", get_text($qaconfig['qa_content_head'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("qa_content_tail", $qaconfig['qa_content_tail']); ?>
<?php echo editor_html("qa_content_tail", get_text($qaconfig['qa_content_tail'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_head", $qaconfig['qa_mobile_content_head']); ?>
<?php echo editor_html("qa_mobile_content_head", get_text($qaconfig['qa_mobile_content_head'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_tail", $qaconfig['qa_mobile_content_tail']); ?>
<?php echo editor_html("qa_mobile_content_tail", get_text($qaconfig['qa_mobile_content_tail'], 0)); ?>
</td>
</tr>
<tr>

6
adm/sms_admin/ajax.sms_write_person.php
View File

@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $res['bk_no']; ?>">
</td>
<!-- <td class="td_name"><?php echo $group_name?></td> -->
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td><?php echo $res['bk_hp']?></td>
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '수신' : '거부'?></td> -->
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '예' : ''?></td> -->
<td class="td_boolean"><?php echo $res['mb_id'] ? '회원' : '비회원'?></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo $res['bk_name']?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo get_text($res['bk_name']) ?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
</tr>
<?php } ?>
</tbody>

2
adm/sms_admin/member_update_run.php
View File

@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry))
if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms'];
$field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'");
if ($res2) // 기존에 등록되어 있을 경우 업데이트

4
adm/sms_admin/num_book.php
View File

@ -181,12 +181,12 @@ function no_hp_click(val)
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no[]" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $i; ?>">
</td>
<td class="td_num"><?php echo number_format($vnum--)?></td>
<td><?php echo $group_name?></td>
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td class="td_numbig"><?php echo $res['bk_hp']?></td>
<td class="td_boolean"><?php echo $res['bk_receipt'] ? '<font color=blue>수신</font>' : '<font color=red>거부</font>'?></td>
<td class="td_mbid"><?php echo $res['mb_id'] ? $res['mb_id'] : '비회원'?></td>

4
bbs/faq.php
View File

@ -84,8 +84,8 @@ if(is_file($skin_file)) {
for ($i=0;$row=sql_fetch_array($result);$i++){
$faq_list[] = $row;
if($stx) {
$faq_list[$i]['fa_subject'] = search_font($stx, $faq_list[$i]['fa_subject']);
$faq_list[$i]['fa_content'] = search_font($stx, $faq_list[$i]['fa_content']);
$faq_list[$i]['fa_subject'] = search_font($stx, conv_content($faq_list[$i]['fa_subject'], 1));
$faq_list[$i]['fa_content'] = search_font($stx, conv_content($faq_list[$i]['fa_content'], 1));
}
}
include_once($skin_file);

4
bbs/new.php
View File

@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
$list[$i] = $row2;
$name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
$name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row2['wr_datetime'],0,10);
$datetime2 = $row2['wr_datetime'];
@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$list[$i]['wr_email'] = $row3['wr_email'];
$list[$i]['wr_homepage'] = $row3['wr_homepage'];
$name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
$name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row3['wr_datetime'],0,10);
$datetime2 = $row3['wr_datetime'];

2
bbs/poll_etc_update.php
View File

@ -18,7 +18,7 @@ if ($w == '')
$pc_idea = stripslashes($pc_idea);
$name = cut_str($pc_name, $config['cf_cut_name']);
$name = get_text(cut_str($pc_name, $config['cf_cut_name']));
$mb_id = '';
if ($member['mb_id'])
$mb_id = '('.$member['mb_id'].')';

4
bbs/poll_result.php
View File

@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open
where po_id = '{$po_id}' order by pc_id desc ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$list2[$i]['pc_name'] = $row['pc_name'];
$list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']);
$list2[$i]['pc_name'] = get_text($row['pc_name']);
$list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']);
$list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255));
$list2[$i]['datetime'] = $row['pc_datetime'];

2
bbs/profile.php
View File

@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
$row = sql_fetch($sql);
$mb_reg_after = $row['days'];
$mb_homepage = set_http($mb['mb_homepage']);
$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
$mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
include_once($member_skin_path.'/profile.skin.php');

4
bbs/qahead.php
View File

@ -7,12 +7,12 @@ $qa_skin_url = (G5_IS_MOBILE ? G5_MOBILE_URL : G5_URL).'/'.G5_SKIN_DIR.'/qa/'.$q
if (G5_IS_MOBILE) {
// 모바일의 경우 설정을 따르지 않는다.
include_once('./_head.php');
echo stripslashes($qaconfig['qa_mobile_content_head']);
echo conv_content($qaconfig['qa_mobile_content_head'], 1);
} else {
if($qaconfig['qa_include_head'])
@include ($qaconfig['qa_include_head']);
else
include ('./_head.php');
echo stripslashes($qaconfig['qa_content_head']);
echo conv_content($qaconfig['qa_content_head'], 1);
}
?>

4
bbs/qatail.php
View File

@ -2,11 +2,11 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
if (G5_IS_MOBILE) {
echo stripslashes($qaconfig['qa_mobile_content_tail']);
echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
// 모바일의 경우 설정을 따르지 않는다.
include_once('./_tail.php');
} else {
echo stripslashes($qaconfig['qa_mobile_content_tail']);
echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
if($qaconfig['qa_include_tail'])
@include ($qaconfig['qa_include_tail']);
else

3
bbs/register_form_update.php
View File

@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true);
}
$mb_name = clean_xss_tags($mb_name);
$mb_email = get_email_address($mb_email);
$mb_homepage = clean_xss_tags($mb_homepage);
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
$mb_addr1 = clean_xss_tags($mb_addr1);

9
bbs/write_update.php
View File

@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
if ($member['mb_id']) {
$mb_id = $member['mb_id'];
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password'];
$wr_email = $member['mb_email'];
$wr_homepage = $member['mb_homepage'];
$wr_email = addslashes($member['mb_email']);
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else {
$mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음
$wr_name = trim($_POST['wr_name']);
$wr_name = clean_xss_tags(trim($_POST['wr_name']));
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email']));
$wr_homepage = clean_xss_tags($wr_homepage);
}
if ($w == 'r') {

4
lib/common.lib.php
View File

@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
global $bo_table, $sca, $is_admin, $member;
$email = base64_encode($email);
$homepage = set_http($homepage);
$homepage = set_http(clean_xss_tags($homepage));
$name = preg_replace("/\&#039;/", "", $name);
$name = preg_replace("/\'/", "", $name);
@ -2045,7 +2045,7 @@ function get_editor_image($contents, $view=true)
if ($view)
$pattern = "/<img([^>]*)>/iS";
else
$pattern = "/<img[^>]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/";
$pattern = "/<img[^>]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/i";
preg_match_all($pattern, $contents, $matchs);
return $matchs;

4
mobile/skin/faq/basic/list.skin.php
View File

@ -8,7 +8,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$faq_skin_url.'/style.css">', 0);
<!-- FAQ 시작 { -->
<?php
// 상단 HTML
echo '<div id="faq_hhtml">'.stripslashes($fm['fm_mobile_head_html']).'</div>';
echo '<div id="faq_hhtml">'.conv_content($fm['fm_mobile_head_html'], 1).'</div>';
?>
<?php
@ -77,7 +77,7 @@ if( count($faq_master_list) ){
<?php
// 하단 HTML
echo '<div id="faq_thtml">'.stripslashes($fm['fm_tail_html']).'</div>';
echo '<div id="faq_thtml">'.conv_content($fm['fm_tail_html'], 1).'</div>';
?>
<div id="faq_sch">

2
mobile/skin/member/basic/register_result.skin.php
View File

@ -8,7 +8,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<div id="reg_result" class="mbskin">
<p>
<strong><?php echo $mb['mb_name'] ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
<strong><?php echo get_text($mb['mb_name']); ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
</p>
<?php if ($config['cf_use_email_certify']) { ?>

4
skin/faq/basic/list.skin.php
View File

@ -14,7 +14,7 @@ if ($himg_src)
echo '<div id="faq_himg" class="faq_img"><img src="'.$himg_src.'" alt=""></div>';
// 상단 HTML
echo '<div id="faq_hhtml">'.stripslashes($fm['fm_head_html']).'</div>';
echo '<div id="faq_hhtml">'.conv_content($fm['fm_head_html'], 1).'</div>';
?>
<?php
@ -83,7 +83,7 @@ if( count($faq_master_list) ){
<?php
// 하단 HTML
echo '<div id="faq_thtml">'.stripslashes($fm['fm_tail_html']).'</div>';
echo '<div id="faq_thtml">'.conv_content($fm['fm_tail_html'], 1).'</div>';
if ($timg_src)
echo '<div id="faq_timg" class="faq_img"><img src="'.$timg_src.'" alt=""></div>';

2
skin/member/basic/register_result.skin.php
View File

@ -9,7 +9,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<div id="reg_result" class="mbskin">
<p>
<strong><?php echo $mb['mb_name'] ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
<strong><?php echo get_text($mb['mb_name']); ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
</p>
<?php if ($config['cf_use_email_certify']) { ?>