Merge branch 'master' of github.com:gnuboard/g5

2018-10-30 16:03:27 +09:00
parent 0329cc9f9c 26f6edfd0b
commit 3fb9c2c15f
10 changed files with 34 additions and 15 deletions
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@ -72,6 +72,9 @@ $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list);
 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
 $str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : '';

+$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
+$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
+
 $sql_common = " gr_id               = '{$_POST['gr_id']}',
                bo_subject          = '{$_POST['bo_subject']}',
                bo_mobile_subject   = '{$_POST['bo_mobile_subject']}',
--- a/adm/boardgroup_form.php
+++ b/adm/boardgroup_form.php
@ -117,7 +117,7 @@ include_once('./admin.head.php');
            <label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
            <input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
            <label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
-            <input type="text" name="gr_<?php echo $i ?>" value="<?php echo $gr['gr_'.$i] ?>" id="gr_<?php echo $i ?>" class="frm_input">
+            <input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input">
        </td>
    </tr>
    <?php } ?>
--- a/adm/config_form.php
+++ b/adm/config_form.php
@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                <label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
                <input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
                <label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
-                <input type="text" name="cf_<?php echo $i ?>" value="<?php echo $config['cf_'.$i] ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
+                <input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
            </td>
        </tr>
        <?php } ?>
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@ -26,6 +26,8 @@ if(!$_POST['cf_cert_use']) {

 $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';

+$_POST['cf_title'] = strip_tags($_POST['cf_title']);
+
 $sql = " update {$g5['config_table']}
            set cf_title = '{$_POST['cf_title']}',
                cf_admin = '{$_POST['cf_admin']}',
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@ -196,6 +196,20 @@ function base_convert(number, frombase, tobase) {

 function fmenulist_submit(f)
 {
+
+    var me_links = document.getElementsByName('me_link[]');
+    var reg = /^javascript/; 
+
+	for (i=0; i<me_links.length; i++){
+        
+	    if( reg.test(me_links[i].value) ){ 
+        
+            alert('링크에 자바스크립트문을 입력할수 없습니다.');
+            me_links[i].focus();
+            return false;
+        }
+    }
+
    return true;
 }
 </script>
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@ -23,8 +23,8 @@ for ($i=0; $i<$count; $i++)

    $code    = $_POST['code'][$i];
    $me_name = $_POST['me_name'][$i];
-    $me_link = $_POST['me_link'][$i];
-
+    $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    
    if(!$code || !$me_name || !$me_link)
        continue;

--- a/bbs/board_head.php
+++ b/bbs/board_head.php
@ -5,13 +5,13 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 if (G5_IS_MOBILE) {
    // 모바일의 경우 설정을 따르지 않는다.
    include_once(G5_BBS_PATH.'/_head.php');
-    echo stripslashes($board['bo_mobile_content_head']);
+    echo html_purifier(stripslashes($board['bo_mobile_content_head']));
 } else {
    if(is_include_path_check($board['bo_include_head'])) {  //파일경로 체크
        @include ($board['bo_include_head']);
    } else {    //파일경로가 올바르지 않으면 기본파일을 가져옴
        include_once(G5_BBS_PATH.'/_head.php');
    }
-    echo stripslashes($board['bo_content_head']);
+    echo html_purifier(stripslashes($board['bo_content_head']));
 }
 ?>
--- a/bbs/board_tail.php
+++ b/bbs/board_tail.php
@ -3,11 +3,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가

 // 게시판 관리의 하단 파일 경로
 if (G5_IS_MOBILE) {
-    echo stripslashes($board['bo_mobile_content_tail']);
+    echo html_purifier(stripslashes($board['bo_mobile_content_tail']));
    // 모바일의 경우 설정을 따르지 않는다.
    include_once(G5_BBS_PATH.'/_tail.php');
 } else {
-    echo stripslashes($board['bo_content_tail']);
+    echo html_purifier(stripslashes($board['bo_content_tail']));
    if(is_include_path_check($board['bo_include_tail'])) {  //파일경로 체크
        @include ($board['bo_include_tail']);
    } else {    //파일경로가 올바르지 않으면 기본파일을 가져옴
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -11,16 +11,16 @@ else
    $urlencode = urlencode($_SERVER[REQUEST_URI]);
 */

+$url = clean_xss_tags($_GET['url']);
+
 //소셜 로그인 한 경우
-if( function_exists('social_member_comfirm_redirect') ){    
+if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php') ){    
    social_member_comfirm_redirect();
 }

 $g5['title'] = '회원 비밀번호 확인';
 include_once('./_head.sub.php');

-$url = clean_xss_tags($_GET['url']);
-
 // url 체크
 check_url_host($url, '', G5_URL, true);

--- a/bbs/password.php
+++ b/bbs/password.php
@ -43,8 +43,8 @@ switch ($w) {

 include_once(G5_PATH.'/head.sub.php');

-//if ($board['bo_include_head']) { @include ($board['bo_include_head']); }
-//if ($board['bo_content_head']) { echo stripslashes($board['bo_content_head']); }
+//if ($board['bo_include_head'] && is_include_path_check($board['bo_content_head'])) { @include ($board['bo_include_head']); }
+//if ($board['bo_content_head']) { echo html_purifier(stripslashes($board['bo_content_head'])); }

 /* 비밀글의 제목을 가져옴 지운아빠 2013-01-29 */
 $sql = " select wr_subject from {$write_table}
@ -57,8 +57,8 @@ $g5['title'] = get_text($row['wr_subject']);

 include_once($member_skin_path.'/password.skin.php');

-//if ($board['bo_content_tail']) { echo stripslashes($board['bo_content_tail']); }
-//if ($board['bo_include_tail']) { @include ($board['bo_include_tail']); }
+//if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); }
+//if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); }

 include_once(G5_PATH.'/tail.sub.php');
 ?>