firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

버전 5.4.2 수정

Browse Source
This commit is contained in:
thisgun
2020-02-18 15:11:09 +09:00
parent ad7f0d80bc fa9aa8da19
commit 3dbaf66ada
19 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/board_form_update.php
View File

@ -80,8 +80,8 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);
$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject']));
$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject']));
$sql_common = " gr_id = '{$gr_id}',
bo_subject = '{$_POST['bo_subject']}',

2
adm/board_list_update.php
View File

@ -33,7 +33,7 @@ if ($_POST['act_button'] == "선택수정") {
alert('최고관리자가 아닌 경우 다른 관리자의 게시판('.$board_table[$k].')은 수정이 불가합니다.');
}
$p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags($_POST['bo_subject'][$k]) : '';
$p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';
$sql = " update {$g5['board_table']}
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',

2
adm/contentformupdate.php
View File

@ -21,7 +21,7 @@ if ($w == "" || $w == "u")
}
$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
$co_subject = strip_tags($co_subject);
$co_subject = strip_tags(clean_xss_attributes($co_subject));
$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;

2
adm/newwinformupdate.php
View File

@ -13,7 +13,7 @@ else
check_admin_token();
$nw_subject = isset($_POST['nw_subject']) ? strip_tags($_POST['nw_subject']) : '';
$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';
$sql_common = " nw_division = '{$_POST['nw_division']}',
nw_device = '{$_POST['nw_device']}',

6
adm/point_update.php
View File

@ -6,9 +6,9 @@ auth_check($auth[$sub_menu], 'w');
check_admin_token();
$mb_id = strip_tags($_POST['mb_id']);
$po_point = strip_tags($_POST['po_point']);
$po_content = strip_tags($_POST['po_content']);
$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id']));
$po_point = strip_tags(clean_xss_attributes($_POST['po_point']));
$po_content = strip_tags(clean_xss_attributes($_POST['po_content']));
$expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']);
$mb = get_member($mb_id);

2
adm/sms_admin/form_write.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");
$g5['title'] = "이모티콘 ";
$fg_no = isset($fg_no) ? (int) $fg_no : '';
if ($w == 'u' && is_numeric($fo_no)) {
$write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
$g5['title'] .= '수정';

6
adm/sms_admin/num_book.php
View File

@ -16,6 +16,8 @@ if ($page < 1) $page = 1;
$bg_no = isset($bg_no) ? (int) $bg_no : 0;
$st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';
$sql_korean = $sql_group = $sql_search = $sql_no_hp = '';
if (is_numeric($bg_no))
$sql_group = " and bg_no='$bg_no' ";
else
@ -127,9 +129,9 @@ function no_hp_click(val)
<label for="bg_no" class="sound_only">그룹명</label>
<select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?bg_no='+this.value;">
<option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
<option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
<option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($no_group['bg_no'], $bg_no); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
<?php for($i=0; $i<count($group); $i++) {?>
<option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($bg_no, $group[$i]['bg_no']);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
<option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($group[$i]['bg_no'], $bg_no);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
<?php } ?>
</select>
<input type="checkbox" name="no_hp" id="no_hp" <?php echo $no_hp_checked?> onclick="no_hp_click(this.checked)">

2
adm/sms_admin/sms_write_form.php
View File

@ -7,6 +7,8 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
$res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
$no_count = $res['cnt'];
$fg_no = isset($fg_no) ? (int) $fg_no : '';
?>
<form name="emo_frm">

9
bbs/memo_view.php
View File

@ -31,14 +31,17 @@ else
alert($kind.' 값을 넘겨주세요.');
}
$g5['title'] = $t.' 쪽지 보기';
include_once(G5_PATH.'/head.sub.php');
$sql = " select * from {$g5['memo_table']}
where me_id = '$me_id'
and me_{$kind}_mb_id = '{$member['mb_id']}' ";
$memo = sql_fetch($sql);
set_session('ss_memo_delete_token', $token = uniqid(time()));
$del_link = 'memo_delete.php?me_id='.$memo['me_id'].'&amp;token='.$token.'&amp;kind='.$kind;
$g5['title'] = $t.' 쪽지 보기';
include_once(G5_PATH.'/head.sub.php');
// 이전 쪽지
$sql = " select me.*, a.rownum from `{$g5['memo_table']}` as me inner join ( select me_id , (@rownum:=@rownum+1) as rownum from `{$g5['memo_table']}` as memo, (select @rownum:=0) tmp where me_{$kind}_mb_id = '{$member['mb_id']}' and memo.me_type = '$kind' order by me_id desc ) as a on a.me_id = me.me_id where me.me_id < '$me_id' and me.me_{$kind}_mb_id = '{$member['mb_id']}' and me.me_type = '$kind' order by me.me_id desc limit 1 ";

11
common.php
View File

@ -306,12 +306,14 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)
if(!function_exists('session_start_samesite')) {
function session_start_samesite($options = array())
{
global $g5;
$res = @session_start($options);
// IE 브라우저 또는 엣지브라우저 일때는 secure; SameSite=None 설정하지 않습니다.
if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) ){
return $res;
}
// IE 브라우저 또는 엣지브라우저 일때는 secure; SameSite=None, http 환경에서는 설정하지 않습니다.
if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){
return $res;
}
$headers = headers_list();
krsort($headers);
@ -319,6 +321,7 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)
if (!preg_match('~^Set-Cookie: PHPSESSID=~', $header)) continue;
$header = preg_replace('~; secure(; HttpOnly)?$~', '', $header) . '; secure; SameSite=None';
header($header, false);
$g5['session_cookie_samesite'] = 'none';
break;
}
return $res;

4
config.php
View File

@ -5,8 +5,8 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.4.1.9');
define('G5_YOUNGCART_VER', '5.4.1.9');
define('G5_GNUBOARD_VER', '5.4.2');
define('G5_YOUNGCART_VER', '5.4.2');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
define('_GNUBOARD_', true);

4
lib/common.lib.php
View File

@ -116,11 +116,13 @@ function goto_url($url)
// 세션변수 생성
function set_session($session_name, $value)
{
global $g5;
static $check_cookie = null;
if( $check_cookie === null ){
$cookie_session_name = session_name();
if( ! ($cookie_session_name && isset($_COOKIE[$cookie_session_name]) && $_COOKIE[$cookie_session_name]) && ! headers_sent() ){
if( ! isset($g5['session_cookie_samesite']) && ! ($cookie_session_name && isset($_COOKIE[$cookie_session_name]) && $_COOKIE[$cookie_session_name]) && ! headers_sent() ){
@session_regenerate_id(false);
}

2
mobile/skin/member/basic/memo_view.skin.php
View File

@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<li class="memo_view_nick"><?php echo $nick ?></li>
<li class="memo_view_date"><span class="sound_only"><?php echo $kind_date ?>시간</span><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $memo['me_send_datetime'] ?></li>
<li class="memo_op_btn list_btn"><a href="<?php echo $list_link ?>" class="btn_b01 btn"><i class="fa fa-list" aria-hidden="true"></i><span class="sound_only">목록</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $list[$i]['del_href'] ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $del_link; ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
</ul>
<div class="memo_btn">
<?php if($prev_link) { ?>

2
skin/member/basic/memo_view.skin.php
View File

@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<li class="memo_view_nick"><?php echo $nick ?></li>
<li class="memo_view_date"><span class="sound_only"><?php echo $kind_date ?>시간</span><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $memo['me_send_datetime'] ?></li>
<li class="memo_op_btn list_btn"><a href="<?php echo $list_link ?>" class="btn_b01 btn"><i class="fa fa-list" aria-hidden="true"></i><span class="sound_only">목록</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $list[$i]['del_href'] ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $del_link; ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
</ul>
<div class="memo_btn">
<?php if($prev_link) { ?>

1
skin/outlogin/basic/style.css
View File

@ -8,6 +8,7 @@
.ol form {padding:20px}
.ol a.btn_admin {display:inline-block;padding:0 10px;height:25px;text-decoration:none;line-height:25px;vertical-align:middle} /* 관리자 전용 버튼 */
.ol a.btn_admin:focus, .ol a.btn_admin:hover {text-decoration:none}
.ol .login-sns{padding-bottom:0px}
#ol_before {}
#ol_before:after {display:block;visibility:hidden;clear:both;content:""}

2
skin/social/style.css
View File

@ -7,7 +7,7 @@
.bg-warning3 {background:#fff8dc;border:1px solid #f1e4b2}
/* SNS LOGIN */
.login-sns {margin-top:5px;border:1px solid #dde7e9;border-bottom:1px solid #dde7e9;clear:both;background:#fff}
.login-sns {padding-bottom:10px;margin-top:5px;border:1px solid #dde7e9;border-bottom:1px solid #dde7e9;clear:both;background:#fff}
.login-sns h3 {padding-top:10px;text-align:center;color:#777;font-weight:normal}
.sns-wrap {margin:10px 0 0;text-align:center}
.sns-icon {display:inline-block;vertical-align:middle;text-decoration:none}

2
theme/basic/mobile/skin/member/basic/memo_view.skin.php
View File

@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<li class="memo_view_nick"><?php echo $nick ?></li>
<li class="memo_view_date"><span class="sound_only"><?php echo $kind_date ?>시간</span><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $memo['me_send_datetime'] ?></li>
<li class="memo_op_btn list_btn"><a href="<?php echo $list_link ?>" class="btn_b01 btn"><i class="fa fa-list" aria-hidden="true"></i><span class="sound_only">목록</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $list[$i]['del_href'] ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $del_link; ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
</ul>
<div class="memo_btn">
<?php if($prev_link) { ?>

2
theme/basic/skin/member/basic/memo_view.skin.php
View File

@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<li class="memo_view_nick"><?php echo $nick ?></li>
<li class="memo_view_date"><span class="sound_only"><?php echo $kind_date ?>시간</span><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $memo['me_send_datetime'] ?></li>
<li class="memo_op_btn list_btn"><a href="<?php echo $list_link ?>" class="btn_b01 btn"><i class="fa fa-list" aria-hidden="true"></i><span class="sound_only">목록</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $list[$i]['del_href'] ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
<li class="memo_op_btn del_btn"><a href="<?php echo $del_link; ?>" onclick="del(this.href); return false;" class="memo_del btn_b01 btn"><i class="fa fa-trash-o" aria-hidden="true"></i> <span class="sound_only">삭제</span></a></li>
</ul>
<div class="memo_btn">
<?php if($prev_link) { ?>

1
theme/basic/skin/outlogin/basic/style.css
View File

@ -8,6 +8,7 @@
.ol form {padding:20px}
.ol a.btn_admin {display:inline-block;padding:0 10px;height:25px;text-decoration:none;line-height:25px;vertical-align:middle} /* 관리자 전용 버튼 */
.ol a.btn_admin:focus, .ol a.btn_admin:hover {text-decoration:none}
.ol .login-sns{padding-bottom:0px}
#ol_before {}
#ol_before:after {display:block;visibility:hidden;clear:both;content:""}