버전 5.4.2 수정

2020-02-18 15:11:09 +09:00
parent ad7f0d80bc fa9aa8da19
commit 3dbaf66ada
19 changed files with 41 additions and 25 deletions
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@ -80,8 +80,8 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
 $str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);

-$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
-$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
+$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject']));
+$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject']));

 $sql_common = " gr_id               = '{$gr_id}',
                bo_subject          = '{$_POST['bo_subject']}',
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@ -33,7 +33,7 @@ if ($_POST['act_button'] == "선택수정") {
                alert('최고관리자가 아닌 경우 다른 관리자의 게시판('.$board_table[$k].')은 수정이 불가합니다.');
        }

-        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags($_POST['bo_subject'][$k]) : '';
+        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';

        $sql = " update {$g5['board_table']}
                    set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@ -21,7 +21,7 @@ if ($w == "" || $w == "u")
 }

 $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
-$co_subject = strip_tags($co_subject);
+$co_subject = strip_tags(clean_xss_attributes($co_subject));
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
 $co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@ -13,7 +13,7 @@ else

 check_admin_token();

-$nw_subject = isset($_POST['nw_subject']) ? strip_tags($_POST['nw_subject']) : '';
+$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';

 $sql_common = " nw_division = '{$_POST['nw_division']}',
                nw_device = '{$_POST['nw_device']}',
--- a/adm/point_update.php
+++ b/adm/point_update.php
@ -6,9 +6,9 @@ auth_check($auth[$sub_menu], 'w');

 check_admin_token();

-$mb_id = strip_tags($_POST['mb_id']);
-$po_point = strip_tags($_POST['po_point']);
-$po_content = strip_tags($_POST['po_content']);
+$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id']));
+$po_point = strip_tags(clean_xss_attributes($_POST['po_point']));
+$po_content = strip_tags(clean_xss_attributes($_POST['po_content']));
 $expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']);

 $mb = get_member($mb_id);
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");

 $g5['title'] = "이모티콘 ";

+$fg_no = isset($fg_no) ? (int) $fg_no : '';
+
 if ($w == 'u' && is_numeric($fo_no)) {
    $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
    $g5['title'] .= '수정';
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@ -16,6 +16,8 @@ if ($page < 1) $page = 1;
 $bg_no = isset($bg_no) ? (int) $bg_no : 0;
 $st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';

+$sql_korean = $sql_group = $sql_search = $sql_no_hp = '';
+
 if (is_numeric($bg_no))
    $sql_group = " and bg_no='$bg_no' ";
 else
@ -127,9 +129,9 @@ function no_hp_click(val)
 <label for="bg_no" class="sound_only">그룹명</label>
 <select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?bg_no='+this.value;">
    <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
-    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
+    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($no_group['bg_no'], $bg_no); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
    <?php for($i=0; $i<count($group); $i++) {?>
-    <option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($bg_no, $group[$i]['bg_no']);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
+    <option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($group[$i]['bg_no'], $bg_no);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
    <?php } ?>
 </select>
 <input type="checkbox" name="no_hp" id="no_hp" <?php echo $no_hp_checked?> onclick="no_hp_click(this.checked)">
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@ -7,6 +7,8 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);

 $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
 $no_count = $res['cnt'];
+
+$fg_no = isset($fg_no) ? (int) $fg_no : '';
 ?>

 <form name="emo_frm">