diff --git a/adm/board_form.php b/adm/board_form.php
index 1cc440d6e..1bf23223c 100644
--- a/adm/board_form.php
+++ b/adm/board_form.php
@@ -842,7 +842,7 @@ $frm_submit .= '';
|
-
+
|
@@ -854,7 +854,7 @@ $frm_submit .= '';
|
|
-
+
|
@@ -866,7 +866,7 @@ $frm_submit .= '';
|
|
-
+
|
@@ -878,7 +878,7 @@ $frm_submit .= '';
|
|
-
+
|
diff --git a/adm/board_list.php b/adm/board_list.php
index 47be2d2a3..1c51da1d2 100644
--- a/adm/board_list.php
+++ b/adm/board_list.php
@@ -138,7 +138,7 @@ $colspan = 15;
|
-
+
|
diff --git a/adm/boardgroupmember_form.php b/adm/boardgroupmember_form.php
index 01df7dcfa..70d014c82 100644
--- a/adm/boardgroupmember_form.php
+++ b/adm/boardgroupmember_form.php
@@ -20,7 +20,7 @@ $colspan = 4;
- 아이디 , 이름 , 닉네임
+ 아이디 , 이름 , 닉네임
|
|
|
- |
+ |
|
|
|
diff --git a/adm/contentform.php b/adm/contentform.php
index 730d3072b..8f00030ff 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -67,7 +67,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
| 내용 |
- |
+ |
|
diff --git a/adm/faqform.php b/adm/faqform.php
index b3852c07e..19ed0894d 100644
--- a/adm/faqform.php
+++ b/adm/faqform.php
@@ -9,7 +9,6 @@ $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
$fm = sql_fetch($sql);
$html_title = 'FAQ '.$fm['fm_subject'];;
-$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@@ -19,13 +18,12 @@ if ($w == "u")
$sql = " select * from {$g5['faq_table']} where fa_id = '$fa_id' ";
$fa = sql_fetch($sql);
if (!$fa['fa_id']) alert("등록된 자료가 없습니다.");
-
- $fa['fa_subject'] = htmlspecialchars2($fa['fa_subject']);
- $fa['fa_content'] = htmlspecialchars2($fa['fa_content']);
}
else
$html_title .= ' 항목 입력';
+$g5['title'] = $html_title.' 관리';
+
include_once (G5_ADMIN_PATH.'/admin.head.php');
?>
@@ -52,11 +50,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
| 질문 |
- |
+ |
| 답변 |
- |
+ |
diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php
index 54a5f67ad..eb7f105a8 100644
--- a/adm/faqmasterform.php
+++ b/adm/faqmasterform.php
@@ -6,7 +6,6 @@ include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
$html_title = 'FAQ';
-$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@@ -22,6 +21,8 @@ else
$html_title .= ' 입력';
}
+$g5['title'] = $html_title.' 관리';
+
// 모바일 상하단 내용 필드추가
if(!sql_query(" select fm_mobile_head_html from {$g5['faq_master_table']} limit 1 ", false)) {
sql_query(" ALTER TABLE `{$g5['faq_master_table']}`
@@ -112,25 +113,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
| 상단 내용 |
-
+
|
| 하단 내용 |
-
+
|
| 모바일상단 내용 |
-
+
|
| 모바일하단 내용 |
-
+
|
diff --git a/adm/index.php b/adm/index.php
index da3d7d8a6..f5a1b2f79 100644
--- a/adm/index.php
+++ b/adm/index.php
@@ -102,7 +102,7 @@ $colspan = 12;
?>
|
- |
+ |
|
|
|
@@ -284,7 +284,7 @@ $colspan = 7;
|
- |
+ |
|
|
|
diff --git a/adm/mail_form.php b/adm/mail_form.php
index f743b7fb4..579c46bf6 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -46,7 +46,7 @@ include_once('./admin.head.php');
|
- |
+ |
@@ -74,7 +74,7 @@ function fmailform_check(f)
-
+
return true;
}
diff --git a/adm/mail_preview.php b/adm/mail_preview.php
index 110d3bae2..16abd479d 100644
--- a/adm/mail_preview.php
+++ b/adm/mail_preview.php
@@ -8,7 +8,7 @@ auth_check($auth[$sub_menu], 'r');
$se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");
$subject = $se['ma_subject'];
-$content = $se['ma_content'] . "
▶ 더 이상 정보 수신을 원치 않으시면 [수신거부] 해 주십시오.
";
+$content = conv_content($se['ma_content'], 1) . "
▶ 더 이상 정보 수신을 원치 않으시면 [수신거부] 해 주십시오.
";
?>
@@ -20,10 +20,10 @@ $content = $se['ma_content'] . "
+
diff --git a/adm/mail_select_list.php b/adm/mail_select_list.php
index db05cca50..c05622971 100644
--- a/adm/mail_select_list.php
+++ b/adm/mail_select_list.php
@@ -93,7 +93,7 @@ include_once('./admin.head.php');
$cr = "";
while ($row=sql_fetch_array($result)) {
$i++;
- $ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
+ $ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . get_text($row['mb_name']) . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$cr = "\n";
$bg = 'bg'.($i%2);
@@ -101,7 +101,7 @@ include_once('./admin.head.php');
|
|
- |
+ |
|
|
diff --git a/adm/mail_test.php b/adm/mail_test.php
index 61b3aee56..bc321f545 100644
--- a/adm/mail_test.php
+++ b/adm/mail_test.php
@@ -13,7 +13,7 @@ check_demo();
$g5['title'] = '회원메일 테스트';
-$name = $member['mb_name'];
+$name = get_text($member['mb_name']);
$nick = $member['mb_nick'];
$mb_id = $member['mb_id'];
$email = $member['mb_email'];
diff --git a/adm/member_list.php b/adm/member_list.php
index 9e23e76c1..5b94d03b5 100644
--- a/adm/member_list.php
+++ b/adm/member_list.php
@@ -213,11 +213,11 @@ $colspan = 16;
|
-
+
|
|
- |
+ |
>
diff --git a/adm/newwinform.php b/adm/newwinform.php
index 9fb2452db..ac83b261c 100644
--- a/adm/newwinform.php
+++ b/adm/newwinform.php
@@ -111,7 +111,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
|
|
- |
+ |
diff --git a/adm/point_list.php b/adm/point_list.php
index 8d127e1aa..08f44d5b1 100644
--- a/adm/point_list.php
+++ b/adm/point_list.php
@@ -163,7 +163,7 @@ function point_clear()
|
- |
+ |
|
|
|
diff --git a/adm/qa_config.php b/adm/qa_config.php
index c7921d1e1..4357e0240 100644
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@@ -268,25 +268,25 @@ if(!isset($qaconfig['qa_include_head'])) {
|
-
+
|
|
-
+
|
|
-
+
|
|
-
+
|
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index 686f4a8fa..d30820d19 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
?>
|
-
+
|
- |
+ |
|
|
- |
+ |
diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php
index 41467cd53..94efc229c 100644
--- a/adm/sms_admin/member_update_run.php
+++ b/adm/sms_admin/member_update_run.php
@@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry))
if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms'];
- $field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
+ $field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'");
if ($res2) // 기존에 등록되어 있을 경우 업데이트
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index 0a7422410..1e31e18b5 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -181,12 +181,12 @@ function no_hp_click(val)
?>
|
-
+
|
|
|
- |
+ |
|
수신' : '거부'?> |
|
diff --git a/bbs/faq.php b/bbs/faq.php
index eaa3b491a..381c7b2eb 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -84,8 +84,8 @@ if(is_file($skin_file)) {
for ($i=0;$row=sql_fetch_array($result);$i++){
$faq_list[] = $row;
if($stx) {
- $faq_list[$i]['fa_subject'] = search_font($stx, $faq_list[$i]['fa_subject']);
- $faq_list[$i]['fa_content'] = search_font($stx, $faq_list[$i]['fa_content']);
+ $faq_list[$i]['fa_subject'] = search_font($stx, conv_content($faq_list[$i]['fa_subject'], 1));
+ $faq_list[$i]['fa_content'] = search_font($stx, conv_content($faq_list[$i]['fa_content'], 1));
}
}
include_once($skin_file);
diff --git a/bbs/new.php b/bbs/new.php
index 5c9919e1e..f8fc7ecc4 100644
--- a/bbs/new.php
+++ b/bbs/new.php
@@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
$list[$i] = $row2;
- $name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
+ $name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row2['wr_datetime'],0,10);
$datetime2 = $row2['wr_datetime'];
@@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$list[$i]['wr_email'] = $row3['wr_email'];
$list[$i]['wr_homepage'] = $row3['wr_homepage'];
- $name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
+ $name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row3['wr_datetime'],0,10);
$datetime2 = $row3['wr_datetime'];
diff --git a/bbs/poll_etc_update.php b/bbs/poll_etc_update.php
index 9828bdc35..35df2dbd4 100644
--- a/bbs/poll_etc_update.php
+++ b/bbs/poll_etc_update.php
@@ -18,7 +18,7 @@ if ($w == '')
$pc_idea = stripslashes($pc_idea);
- $name = cut_str($pc_name, $config['cf_cut_name']);
+ $name = get_text(cut_str($pc_name, $config['cf_cut_name']));
$mb_id = '';
if ($member['mb_id'])
$mb_id = '('.$member['mb_id'].')';
diff --git a/bbs/poll_result.php b/bbs/poll_result.php
index 7e549abcc..0866439a8 100644
--- a/bbs/poll_result.php
+++ b/bbs/poll_result.php
@@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open
where po_id = '{$po_id}' order by pc_id desc ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
- $list2[$i]['pc_name'] = $row['pc_name'];
- $list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']);
+ $list2[$i]['pc_name'] = get_text($row['pc_name']);
+ $list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']);
$list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255));
$list2[$i]['datetime'] = $row['pc_datetime'];
diff --git a/bbs/profile.php b/bbs/profile.php
index 8169ddae0..158f32ead 100644
--- a/bbs/profile.php
+++ b/bbs/profile.php
@@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
$row = sql_fetch($sql);
$mb_reg_after = $row['days'];
-$mb_homepage = set_http($mb['mb_homepage']);
+$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
$mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
include_once($member_skin_path.'/profile.skin.php');
diff --git a/bbs/qahead.php b/bbs/qahead.php
index 24cf0e564..387a51385 100644
--- a/bbs/qahead.php
+++ b/bbs/qahead.php
@@ -7,12 +7,12 @@ $qa_skin_url = (G5_IS_MOBILE ? G5_MOBILE_URL : G5_URL).'/'.G5_SKIN_DIR.'/qa/'.$q
if (G5_IS_MOBILE) {
// 모바일의 경우 설정을 따르지 않는다.
include_once('./_head.php');
- echo stripslashes($qaconfig['qa_mobile_content_head']);
+ echo conv_content($qaconfig['qa_mobile_content_head'], 1);
} else {
if($qaconfig['qa_include_head'])
@include ($qaconfig['qa_include_head']);
else
include ('./_head.php');
- echo stripslashes($qaconfig['qa_content_head']);
+ echo conv_content($qaconfig['qa_content_head'], 1);
}
?>
\ No newline at end of file
diff --git a/bbs/qatail.php b/bbs/qatail.php
index 3e5e6dead..b8b667307 100644
--- a/bbs/qatail.php
+++ b/bbs/qatail.php
@@ -2,11 +2,11 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
if (G5_IS_MOBILE) {
- echo stripslashes($qaconfig['qa_mobile_content_tail']);
+ echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
// 모바일의 경우 설정을 따르지 않는다.
include_once('./_tail.php');
} else {
- echo stripslashes($qaconfig['qa_mobile_content_tail']);
+ echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
if($qaconfig['qa_include_tail'])
@include ($qaconfig['qa_include_tail']);
else
diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php
index 1dbf061f2..62da0224a 100644
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true);
}
+$mb_name = clean_xss_tags($mb_name);
+$mb_email = get_email_address($mb_email);
+$mb_homepage = clean_xss_tags($mb_homepage);
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
$mb_addr1 = clean_xss_tags($mb_addr1);
diff --git a/bbs/write_update.php b/bbs/write_update.php
index cdb140102..1124b849c 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
if ($member['mb_id']) {
$mb_id = $member['mb_id'];
- $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
+ $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password'];
- $wr_email = $member['mb_email'];
- $wr_homepage = $member['mb_homepage'];
+ $wr_email = addslashes($member['mb_email']);
+ $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else {
$mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음
- $wr_name = trim($_POST['wr_name']);
+ $wr_name = clean_xss_tags(trim($_POST['wr_name']));
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email']));
+ $wr_homepage = clean_xss_tags($wr_homepage);
}
if ($w == 'r') {
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 4bd59b75e..4d9660b77 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
global $bo_table, $sca, $is_admin, $member;
$email = base64_encode($email);
- $homepage = set_http($homepage);
+ $homepage = set_http(clean_xss_tags($homepage));
$name = preg_replace("/\'/", "", $name);
$name = preg_replace("/\'/", "", $name);
@@ -2045,7 +2045,7 @@ function get_editor_image($contents, $view=true)
if ($view)
$pattern = "/]*)>/iS";
else
- $pattern = "/]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/";
+ $pattern = "/]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/i";
preg_match_all($pattern, $contents, $matchs);
return $matchs;
diff --git a/mobile/skin/faq/basic/list.skin.php b/mobile/skin/faq/basic/list.skin.php
index d823a9579..d64a533a1 100644
--- a/mobile/skin/faq/basic/list.skin.php
+++ b/mobile/skin/faq/basic/list.skin.php
@@ -8,7 +8,7 @@ add_stylesheet('', 0);
'.stripslashes($fm['fm_mobile_head_html']).'';
+echo ''.conv_content($fm['fm_mobile_head_html'], 1).'
';
?>
'.stripslashes($fm['fm_tail_html']).'';
+echo ''.conv_content($fm['fm_tail_html'], 1).'
';
?>
diff --git a/mobile/skin/member/basic/register_result.skin.php b/mobile/skin/member/basic/register_result.skin.php
index 73517f159..44ebe9dd4 100644
--- a/mobile/skin/member/basic/register_result.skin.php
+++ b/mobile/skin/member/basic/register_result.skin.php
@@ -8,7 +8,7 @@ add_stylesheet('
',
- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.
diff --git a/skin/faq/basic/list.skin.php b/skin/faq/basic/list.skin.php
index bf26708de..5149fd1fe 100644
--- a/skin/faq/basic/list.skin.php
+++ b/skin/faq/basic/list.skin.php
@@ -14,7 +14,7 @@ if ($himg_src)
echo '
';
// 상단 HTML
-echo '
'.stripslashes($fm['fm_head_html']).'
';
+echo '
'.conv_content($fm['fm_head_html'], 1).'
';
?>
'.stripslashes($fm['fm_tail_html']).'
';
+echo '
'.conv_content($fm['fm_tail_html'], 1).'
';
if ($timg_src)
echo '
';
diff --git a/skin/member/basic/register_result.skin.php b/skin/member/basic/register_result.skin.php
index d1e8cf51f..1267d20ee 100644
--- a/skin/member/basic/register_result.skin.php
+++ b/skin/member/basic/register_result.skin.php
@@ -9,7 +9,7 @@ add_stylesheet('
',
- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.
';
// 상단 HTML
-echo '';
+echo '
';
diff --git a/skin/member/basic/register_result.skin.php b/skin/member/basic/register_result.skin.php
index d1e8cf51f..1267d20ee 100644
--- a/skin/member/basic/register_result.skin.php
+++ b/skin/member/basic/register_result.skin.php
@@ -9,7 +9,7 @@ add_stylesheet('',