firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

보안패치 및 그누보드 5.0.20 수정사항 적용

Browse Source
This commit is contained in:
chicpro
2014-10-22 13:16:44 +09:00
parent 1355c7ef57
commit 352deb6133
33 changed files with 70 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/board_form.php
View File

@ -842,7 +842,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("bo_content_head", $board['bo_content_head']); ?>
<?php echo editor_html("bo_content_head", get_text($board['bo_content_head'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_head" value="1" id="chk_grp_content_head">
@ -854,7 +854,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("bo_content_tail", $board['bo_content_tail']); ?>
<?php echo editor_html("bo_content_tail", get_text($board['bo_content_tail'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_tail" value="1" id="chk_grp_content_tail">
@ -866,7 +866,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_head", $board['bo_mobile_content_head']); ?>
<?php echo editor_html("bo_mobile_content_head", get_text($board['bo_mobile_content_head'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_head" value="1" id="chk_grp_mobile_content_head">
@ -878,7 +878,7 @@ $frm_submit .= '</div>';
<tr>
<th scope="row"><label for="bo_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_tail", $board['bo_mobile_content_tail']); ?>
<?php echo editor_html("bo_mobile_content_tail", get_text($board['bo_mobile_content_tail'], 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_tail" value="1" id="chk_grp_mobile_content_tail">

2
adm/board_list.php
View File

@ -138,7 +138,7 @@ $colspan = 15;
<a href="<?php echo G5_BBS_URL ?>/board.php?bo_table=<?php echo $row['bo_table'] ?>"><?php echo $row['bo_table'] ?></a>
</td>
<td>
<label for="bo_skin_<?php echo $i; ?>" class="sound_only">모바일 스킨</label>
<label for="bo_skin_<?php echo $i; ?>" class="sound_only">스킨</label>
<?php echo get_skin_select('board', 'bo_skin_'.$i, "bo_skin[$i]", $row['bo_skin']); ?>
</td>
<td>

2
adm/boardgroupmember_form.php
View File

@ -20,7 +20,7 @@ $colspan = 4;
<input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
<input type="hidden" name="token" value="<?php echo $token ?>" id="token">
<div class="local_cmd01 local_cmd">
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo $mb['mb_name'] ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo get_text($mb['mb_name']); ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<label for="gr_id">그룹지정</label>
<select name="gr_id" id="gr_id">
<option value="">접근가능 그룹을 선택하세요.</option>

2
adm/boardgroupmember_list.php
View File

@ -117,7 +117,7 @@ $colspan = 7;
</td>
<td class="td_grid"><?php echo $group ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_name sv_use"><?php echo $mb_nick ?></td>
<td class="td_datetime"><?php echo substr($row['mb_today_login'],2,8) ?></td>
<td class="td_datetime"><?php echo $row['gm_datetime'] ?></td>

2
adm/contentform.php
View File

@ -67,7 +67,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">내용</th>
<td><?php echo editor_html('co_content', $co['co_content']); ?></td>
<td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
</tr>
<tr>
<th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>

10
adm/faqform.php
View File

@ -9,7 +9,6 @@ $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
$fm = sql_fetch($sql);
$html_title = 'FAQ '.$fm['fm_subject'];;
$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@ -19,13 +18,12 @@ if ($w == "u")
$sql = " select * from {$g5['faq_table']} where fa_id = '$fa_id' ";
$fa = sql_fetch($sql);
if (!$fa['fa_id']) alert("등록된 자료가 없습니다.");
$fa['fa_subject'] = htmlspecialchars2($fa['fa_subject']);
$fa['fa_content'] = htmlspecialchars2($fa['fa_content']);
}
else
$html_title .= ' 항목 입력';
$g5['title'] = $html_title.' 관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
?>
@ -52,11 +50,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">질문</th>
<td><?php echo editor_html('fa_subject', $fa['fa_subject']); ?></td>
<td><?php echo editor_html('fa_subject', get_text($fa['fa_subject'], 0)); ?></td>
</tr>
<tr>
<th scope="row">답변</th>
<td><?php echo editor_html('fa_content', $fa['fa_content']); ?></td>
<td><?php echo editor_html('fa_content', get_text($fa['fa_content'], 0)); ?></td>
</tr>
</tbody>
</table>

11
adm/faqmasterform.php
View File

@ -6,7 +6,6 @@ include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
$html_title = 'FAQ';
$g5['title'] = $html_title.' 관리';
if ($w == "u")
{
@ -22,6 +21,8 @@ else
$html_title .= ' 입력';
}
$g5['title'] = $html_title.' 관리';
// 모바일 상하단 내용 필드추가
if(!sql_query(" select fm_mobile_head_html from {$g5['faq_master_table']} limit 1 ", false)) {
sql_query(" ALTER TABLE `{$g5['faq_master_table']}`
@ -112,25 +113,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<tr>
<th scope="row">상단 내용</th>
<td>
<?php echo editor_html('fm_head_html', $fm['fm_head_html']); ?>
<?php echo editor_html('fm_head_html', get_text($fm['fm_head_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">하단 내용</th>
<td>
<?php echo editor_html('fm_tail_html', $fm['fm_tail_html']); ?>
<?php echo editor_html('fm_tail_html', get_text($fm['fm_tail_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일상단 내용</th>
<td>
<?php echo editor_html('fm_mobile_head_html', $fm['fm_mobile_head_html']); ?>
<?php echo editor_html('fm_mobile_head_html', get_text($fm['fm_mobile_head_html'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일하단 내용</th>
<td>
<?php echo editor_html('fm_mobile_tail_html', $fm['fm_mobile_tail_html']); ?>
<?php echo editor_html('fm_mobile_tail_html', get_text($fm['fm_mobile_tail_html'], 0)); ?>
</td>
</tr>
</tbody>

4
adm/index.php
View File

@ -102,7 +102,7 @@ $colspan = 12;
?>
<tr>
<td class="td_mbid"><?php echo $mb_id ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_num"><?php echo $row['mb_level'] ?></td>
<td><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo number_format($row['mb_point']) ?></a></td>
@ -284,7 +284,7 @@ $colspan = 7;
<tr>
<td class="td_mbid"><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_datetime"><?php echo $row['po_datetime'] ?></td>
<td><?php echo $link1.$row['po_content'].$link2 ?></td>

4
adm/mail_form.php
View File

@ -46,7 +46,7 @@ include_once('./admin.head.php');
</tr>
<tr>
<th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>
<td><?php echo editor_html("ma_content", $ma['ma_content']); ?></td>
<td><?php echo editor_html("ma_content", get_text($ma['ma_content'], 0)); ?></td>
</tr>
</tbody>
</table>
@ -74,7 +74,7 @@ function fmailform_check(f)
<?php echo get_editor_js("ma_content"); ?>
<?php echo chk_editor_js("ma_content"); ?>
return true;
}

6
adm/mail_preview.php
View File

@ -8,7 +8,7 @@ auth_check($auth[$sub_menu], 'r');
$se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");
$subject = $se['ma_subject'];
$content = $se['ma_content'] . "<hr size=0><p><span style='font-size:9pt; font-family:굴림'>▶ 더 이상 정보 수신을 원치 않으시면 [<a href='".G5_BBS_URL."/email_stop.php?mb_id=***&amp;mb_md5=***' target='_blank'>수신거부</a>] 해 주십시오.</span></p>";
$content = conv_content($se['ma_content'], 1) . "<hr size=0><p><span style='font-size:9pt; font-family:굴림'>▶ 더 이상 정보 수신을 원치 않으시면 [<a href='".G5_BBS_URL."/email_stop.php?mb_id=***&amp;mb_md5=***' target='_blank'>수신거부</a>] 해 주십시오.</span></p>";
?>
<!doctype html>
@ -20,10 +20,10 @@ $content = $se['ma_content'] . "<hr size=0><p><span style='font-size:9pt; font-f
<body>
<h1><?php echo $subject ?></h1>
<h1><?php echo $subject; ?></h1>
<p>
<?php echo $se['ma_content'] ?>
<?php echo $content; ?>
</p>
<p>

4
adm/mail_select_list.php
View File

@ -93,7 +93,7 @@ include_once('./admin.head.php');
$cr = "";
while ($row=sql_fetch_array($result)) {
$i++;
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . get_text($row['mb_name']) . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$cr = "\n";
$bg = 'bg'.($i%2);
@ -101,7 +101,7 @@ include_once('./admin.head.php');
<tr class="<?php echo $bg; ?>">
<td class="td_num"><?php echo $i ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname"><?php echo $row['mb_nick'] ?></td>
<td><?php echo $row['mb_email'] ?></td>
</tr>

2
adm/mail_test.php
View File

@ -13,7 +13,7 @@ check_demo();
$g5['title'] = '회원메일 테스트';
$name = $member['mb_name'];
$name = get_text($member['mb_name']);
$nick = $member['mb_nick'];
$mb_id = $member['mb_id'];
$email = $member['mb_email'];

4
adm/member_list.php
View File

@ -213,11 +213,11 @@ $colspan = 16;
<tr class="<?php echo $bg; ?>">
<td headers="mb_list_chk" class="td_chk" rowspan="2">
<input type="hidden" name="mb_id[<?php echo $i ?>]" value="<?php echo $row['mb_id'] ?>" id="mb_id_<?php echo $i ?>">
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $row['mb_name']; ?> <?php echo $row['mb_nick']; ?>님</label>
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['mb_name']); ?> <?php echo $row['mb_nick']; ?>님</label>
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td headers="mb_list_id" rowspan="2" class="td_name sv_use"><?php echo $mb_id ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo $row['mb_name']; ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td headers="mb_list_cert" colspan="6" class="td_mbcert">
<input type="radio" name="mb_certify[<?php echo $i; ?>]" value="ipin" id="mb_certify_ipin_<?php echo $i; ?>" <?php echo $row['mb_certify']=='ipin'?'checked':''; ?>>
<label for="mb_certify_ipin_<?php echo $i; ?>">아이핀</label>

2
adm/newwinform.php
View File

@ -111,7 +111,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row"><label for="nw_content">내용</label></th>
<td><?php echo editor_html('nw_content', $nw['nw_content']); ?></td>
<td><?php echo editor_html('nw_content', get_text($nw['nw_content'], 0)); ?></td>
</tr>
</tbody>
</table>

2
adm/point_list.php
View File

@ -163,7 +163,7 @@ function point_clear()
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td class="td_mbid"><a href="?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_pt_log"><?php echo $link1 ?><?php echo $row['po_content'] ?><?php echo $link2 ?></td>
<td class="td_num td_pt"><?php echo number_format($row['po_point']) ?></td>

8
adm/qa_config.php
View File

@ -268,25 +268,25 @@ if(!isset($qaconfig['qa_include_head'])) {
<tr>
<th scope="row"><label for="qa_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("qa_content_head", $qaconfig['qa_content_head']); ?>
<?php echo editor_html("qa_content_head", get_text($qaconfig['qa_content_head'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("qa_content_tail", $qaconfig['qa_content_tail']); ?>
<?php echo editor_html("qa_content_tail", get_text($qaconfig['qa_content_tail'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_head", $qaconfig['qa_mobile_content_head']); ?>
<?php echo editor_html("qa_mobile_content_head", get_text($qaconfig['qa_mobile_content_head'], 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_tail", $qaconfig['qa_mobile_content_tail']); ?>
<?php echo editor_html("qa_mobile_content_tail", get_text($qaconfig['qa_mobile_content_tail'], 0)); ?>
</td>
</tr>
<tr>

6
adm/sms_admin/ajax.sms_write_person.php
View File

@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $res['bk_no']; ?>">
</td>
<!-- <td class="td_name"><?php echo $group_name?></td> -->
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td><?php echo $res['bk_hp']?></td>
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '수신' : '거부'?></td> -->
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '예' : ''?></td> -->
<td class="td_boolean"><?php echo $res['mb_id'] ? '회원' : '비회원'?></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo $res['bk_name']?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo get_text($res['bk_name']) ?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
</tr>
<?php } ?>
</tbody>

2
adm/sms_admin/member_update_run.php
View File

@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry))
if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms'];
$field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'");
if ($res2) // 기존에 등록되어 있을 경우 업데이트

4
adm/sms_admin/num_book.php
View File

@ -181,12 +181,12 @@ function no_hp_click(val)
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no[]" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $i; ?>">
</td>
<td class="td_num"><?php echo number_format($vnum--)?></td>
<td><?php echo $group_name?></td>
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td class="td_numbig"><?php echo $res['bk_hp']?></td>
<td class="td_boolean"><?php echo $res['bk_receipt'] ? '<font color=blue>수신</font>' : '<font color=red>거부</font>'?></td>
<td class="td_mbid"><?php echo $res['mb_id'] ? $res['mb_id'] : '비회원'?></td>