보안패치 및 그누보드 5.0.20 수정사항 적용
This commit is contained in:
chicpro
@ -84,8 +84,8 @@ if(is_file($skin_file)) {
|
||||
for ($i=0;$row=sql_fetch_array($result);$i++){
|
||||
$faq_list[] = $row;
|
||||
if($stx) {
|
||||
$faq_list[$i]['fa_subject'] = search_font($stx, $faq_list[$i]['fa_subject']);
|
||||
$faq_list[$i]['fa_content'] = search_font($stx, $faq_list[$i]['fa_content']);
|
||||
$faq_list[$i]['fa_subject'] = search_font($stx, conv_content($faq_list[$i]['fa_subject'], 1));
|
||||
$faq_list[$i]['fa_content'] = search_font($stx, conv_content($faq_list[$i]['fa_content'], 1));
|
||||
}
|
||||
}
|
||||
include_once($skin_file);
|
||||
|
||||
@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
|
||||
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
|
||||
$list[$i] = $row2;
|
||||
|
||||
$name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
|
||||
$name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
|
||||
// 당일인 경우 시간으로 표시함
|
||||
$datetime = substr($row2['wr_datetime'],0,10);
|
||||
$datetime2 = $row2['wr_datetime'];
|
||||
@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
|
||||
$list[$i]['wr_email'] = $row3['wr_email'];
|
||||
$list[$i]['wr_homepage'] = $row3['wr_homepage'];
|
||||
|
||||
$name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
|
||||
$name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
|
||||
// 당일인 경우 시간으로 표시함
|
||||
$datetime = substr($row3['wr_datetime'],0,10);
|
||||
$datetime2 = $row3['wr_datetime'];
|
||||
|
||||
@ -18,7 +18,7 @@ if ($w == '')
|
||||
|
||||
$pc_idea = stripslashes($pc_idea);
|
||||
|
||||
$name = cut_str($pc_name, $config['cf_cut_name']);
|
||||
$name = get_text(cut_str($pc_name, $config['cf_cut_name']));
|
||||
$mb_id = '';
|
||||
if ($member['mb_id'])
|
||||
$mb_id = '('.$member['mb_id'].')';
|
||||
|
||||
@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open
|
||||
where po_id = '{$po_id}' order by pc_id desc ";
|
||||
$result = sql_query($sql);
|
||||
for ($i=0; $row=sql_fetch_array($result); $i++) {
|
||||
$list2[$i]['pc_name'] = $row['pc_name'];
|
||||
$list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']);
|
||||
$list2[$i]['pc_name'] = get_text($row['pc_name']);
|
||||
$list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']);
|
||||
$list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255));
|
||||
$list2[$i]['datetime'] = $row['pc_datetime'];
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
|
||||
$row = sql_fetch($sql);
|
||||
$mb_reg_after = $row['days'];
|
||||
|
||||
$mb_homepage = set_http($mb['mb_homepage']);
|
||||
$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
|
||||
$mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
|
||||
|
||||
include_once($member_skin_path.'/profile.skin.php');
|
||||
|
||||
@ -7,12 +7,12 @@ $qa_skin_url = (G5_IS_MOBILE ? G5_MOBILE_URL : G5_URL).'/'.G5_SKIN_DIR.'/qa/'.$q
|
||||
if (G5_IS_MOBILE) {
|
||||
// 모바일의 경우 설정을 따르지 않는다.
|
||||
include_once('./_head.php');
|
||||
echo stripslashes($qaconfig['qa_mobile_content_head']);
|
||||
echo conv_content($qaconfig['qa_mobile_content_head'], 1);
|
||||
} else {
|
||||
if($qaconfig['qa_include_head'])
|
||||
@include ($qaconfig['qa_include_head']);
|
||||
else
|
||||
include ('./_head.php');
|
||||
echo stripslashes($qaconfig['qa_content_head']);
|
||||
echo conv_content($qaconfig['qa_content_head'], 1);
|
||||
}
|
||||
?>
|
||||
@ -2,11 +2,11 @@
|
||||
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
|
||||
|
||||
if (G5_IS_MOBILE) {
|
||||
echo stripslashes($qaconfig['qa_mobile_content_tail']);
|
||||
echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
|
||||
// 모바일의 경우 설정을 따르지 않는다.
|
||||
include_once('./_tail.php');
|
||||
} else {
|
||||
echo stripslashes($qaconfig['qa_mobile_content_tail']);
|
||||
echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
|
||||
if($qaconfig['qa_include_tail'])
|
||||
@include ($qaconfig['qa_include_tail']);
|
||||
else
|
||||
|
||||
@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
|
||||
if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true);
|
||||
}
|
||||
|
||||
$mb_name = clean_xss_tags($mb_name);
|
||||
$mb_email = get_email_address($mb_email);
|
||||
$mb_homepage = clean_xss_tags($mb_homepage);
|
||||
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
|
||||
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
|
||||
$mb_addr1 = clean_xss_tags($mb_addr1);
|
||||
|
||||
@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
|
||||
|
||||
if ($member['mb_id']) {
|
||||
$mb_id = $member['mb_id'];
|
||||
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
|
||||
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
|
||||
$wr_password = $member['mb_password'];
|
||||
$wr_email = $member['mb_email'];
|
||||
$wr_homepage = $member['mb_homepage'];
|
||||
$wr_email = addslashes($member['mb_email']);
|
||||
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
|
||||
} else {
|
||||
$mb_id = '';
|
||||
// 비회원의 경우 이름이 누락되는 경우가 있음
|
||||
$wr_name = trim($_POST['wr_name']);
|
||||
$wr_name = clean_xss_tags(trim($_POST['wr_name']));
|
||||
if (!$wr_name)
|
||||
alert('이름은 필히 입력하셔야 합니다.');
|
||||
$wr_password = sql_password($wr_password);
|
||||
$wr_email = get_email_address(trim($_POST['wr_email']));
|
||||
$wr_homepage = clean_xss_tags($wr_homepage);
|
||||
}
|
||||
|
||||
if ($w == 'r') {
|
||||
|
||||
Reference in New Issue
Block a user