firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/g5

Browse Source
This commit is contained in:
thisgun
2020-02-13 13:49:16 +09:00
parent a47162dffa 120d8cf564
commit 43ce9d376b
18 changed files with 32 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/boardgroup_form_update.php
View File

@ -16,7 +16,7 @@ if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
if (!$gr_subject) alert('그룹 제목을 입력하세요.');
$gr_subject = isset($_POST['gr_subject']) ? strip_tags($_POST['gr_subject']) : '';
$gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : '';
$sql_common = " gr_subject = '{$gr_subject}',
gr_device = '{$_POST['gr_device']}',

6
adm/boardgroup_list.php
View File

@ -124,7 +124,7 @@ $colspan = 10;
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<input type="hidden" name="group_id[<?php echo $i ?>]" value="<?php echo $row['gr_id'] ?>">
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $row['gr_subject'] ?> 그룹</label>
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['gr_subject']); ?> 그룹</label>
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td class="td_left"><a href="<?php echo G5_BBS_URL ?>/group.php?gr_id=<?php echo $row['gr_id'] ?>"><?php echo $row['gr_id'] ?></a></td>
@ -135,9 +135,9 @@ $colspan = 10;
<td class="td_mng td_input">
<?php if ($is_admin == 'super'){ ?>
<label for="gr_admin_<?php echo $i; ?>" class="sound_only">그룹관리자</label>
<input type="text" name="gr_admin[<?php echo $i ?>]" value="<?php echo $row['gr_admin'] ?>" id="gr_admin_<?php echo $i ?>" class="tbl_input" size="10" maxlength="20">
<input type="text" name="gr_admin[<?php echo $i ?>]" value="<?php echo get_sanitize_input($row['gr_admin']); ?>" id="gr_admin_<?php echo $i ?>" class="tbl_input" size="10" maxlength="20">
<?php }else{ ?>
<input type="hidden" name="gr_admin[<?php echo $i ?>]" value="<?php echo $row['gr_admin'] ?>"><?php echo $row['gr_admin'] ?>
<input type="hidden" name="gr_admin[<?php echo $i ?>]" value="<?php echo get_sanitize_input($row['gr_admin']); ?>"><?php echo get_text($row['gr_admin']); ?>
<?php } ?>
</td>
<td class="td_num"><a href="./board_list.php?sfl=a.gr_id&amp;stx=<?php echo $row['gr_id'] ?>"><?php echo $row2['cnt'] ?></a></td>

4
adm/boardgroup_list_update.php
View File

@ -19,8 +19,8 @@ for ($i=0; $i<$count; $i++)
{
$k = $_POST['chk'][$i];
$gr_id = preg_replace('/[^a-z0-9_]/i', '', $_POST['group_id'][$k]);
$gr_subject = is_array($_POST['gr_subject']) ? strip_tags($_POST['gr_subject'][$k]) : '';
$gr_admin = is_array($_POST['gr_admin']) ? strip_tags($_POST['gr_admin'][$k]) : '';
$gr_subject = is_array($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
$gr_admin = is_array($_POST['gr_admin']) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
if($_POST['act_button'] == '선택수정') {
$sql = " update {$g5['group_table']}

2
adm/config_form.php
View File

@ -321,7 +321,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<tbody>
<tr>
<th scope="row"><label for="cf_title">홈페이지 제목<strong class="sound_only">필수</strong></label></th>
<td colspan="3"><input type="text" name="cf_title" value="<?php echo $config['cf_title'] ?>" id="cf_title" required class="required frm_input" size="40"></td>
<td colspan="3"><input type="text" name="cf_title" value="<?php echo get_sanitize_input($config['cf_title']); ?>" id="cf_title" required class="required frm_input" size="40"></td>
</tr>
<tr>
<th scope="row"><label for="cf_admin">최고관리자<strong class="sound_only">필수</strong></label></th>

2
adm/config_form_update.php
View File

@ -26,7 +26,7 @@ if(!$_POST['cf_cert_use']) {
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$_POST['cf_title'] = strip_tags(clean_xss_attributes($_POST['cf_title']));
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');

2
adm/faqmasterformupdate.php
View File

@ -18,7 +18,7 @@ check_admin_token();
if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
$fm_subject = strip_tags($fm_subject);
$fm_subject = strip_tags(clean_xss_attributes($fm_subject));
$sql_common = " set fm_subject = '$fm_subject',
fm_head_html = '$fm_head_html',

2
adm/mail_form.php
View File

@ -42,7 +42,7 @@ include_once('./admin.head.php');
<tbody>
<tr>
<th scope="row"><label for="ma_subject">메일 제목<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="ma_subject" value="<?php echo $ma['ma_subject'] ?>" id="ma_subject" required class="required frm_input" size="100"></td>
<td><input type="text" name="ma_subject" value="<?php echo get_sanitize_input($ma['ma_subject']); ?>" id="ma_subject" required class="required frm_input" size="100"></td>
</tr>
<tr>
<th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>

2
adm/mail_update.php
View File

@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w');
check_admin_token();
$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
$ma_subject = isset($_POST['ma_subject']) ? strip_tags($_POST['ma_subject']) : '';
$ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : '';
if ($w == '')
{

4
adm/menu_list_update.php
View File

@ -21,11 +21,11 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags(clean_xss_attributes($_POST['me_link'][$i]));
if(!$code || !$me_name || !$me_link)
continue;

2
adm/poll_form.php
View File

@ -37,7 +37,7 @@ include_once('./admin.head.php');
<tbody>
<tr>
<th scope="row"><label for="po_subject">투표 제목<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="po_subject" value="<?php echo $po['po_subject'] ?>" id="po_subject" required class="required frm_input" size="80" maxlength="125"></td>
<td><input type="text" name="po_subject" value="<?php echo get_sanitize_input($po['po_subject']); ?>" id="po_subject" required class="required frm_input" size="80" maxlength="125"></td>
</tr>
<?php

2
adm/poll_form_update.php
View File

@ -40,7 +40,7 @@ foreach( $_POST as $key=>$value ){
if( empty($value) ) continue;
if( in_array($key, $check_keys) ) {
$_POST[$key] = strip_tags($value);
$_POST[$key] = strip_tags(clean_xss_attributes($value));
}
}

10
adm/qa_config.php
View File

@ -133,7 +133,7 @@ if(!isset($qaconfig['qa_include_head'])) {
<tr>
<th scope="row"><label for="qa_title">타이틀<strong class="sound_only">필수</strong></label></th>
<td>
<input type="text" name="qa_title" value="<?php echo $qaconfig['qa_title'] ?>" id="qa_title" required class="required frm_input" size="40">
<input type="text" name="qa_title" value="<?php echo get_sanitize_input($qaconfig['qa_title']); ?>" id="qa_title" required class="required frm_input" size="40">
<a href="<?php echo G5_BBS_URL; ?>/qalist.php" class="btn_frmline">1:1문의 바로가기</a>
</td>
</tr>
@ -141,7 +141,7 @@ if(!isset($qaconfig['qa_include_head'])) {
<th scope="row"><label for="qa_category">분류<strong class="sound_only">필수</strong></label></th>
<td>
<?php echo help('분류와 분류 사이는 | 로 구분하세요. (예: 질문|답변) 첫자로 #은 입력하지 마세요. (예: #질문|#답변 [X])') ?>
<input type="text" name="qa_category" value="<?php echo $qaconfig['qa_category'] ?>" id="qa_category" required class="required frm_input" size="70">
<input type="text" name="qa_category" value="<?php echo get_sanitize_input($qaconfig['qa_category']); ?>" id="qa_category" required class="required frm_input" size="70">
</td>
</tr>
<tr>
@ -184,21 +184,21 @@ if(!isset($qaconfig['qa_include_head'])) {
<th scope="row"><label for="qa_send_number">SMS 발신번호</label></th>
<td>
<?php echo help('SMS 알림 전송시 발신번호로 사용됩니다.'); ?>
<input type="text" name="qa_send_number" value="<?php echo $qaconfig['qa_send_number'] ?>" id="qa_send_number" class="frm_input" size="30">
<input type="text" name="qa_send_number" value="<?php echo get_sanitize_input($qaconfig['qa_send_number']); ?>" id="qa_send_number" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="qa_admin_hp">관리자 휴대폰번호</label></th>
<td>
<?php echo help('관리자 휴대폰번호를 입력하시면 문의글 등록시 등록하신 번호로 SMS 알림이 전송됩니다.<br>SMS 알림을 사용하지 않으시면 알림이 전송되지 않습니다.'); ?>
<input type="text" name="qa_admin_hp" value="<?php echo $qaconfig['qa_admin_hp'] ?>" id="qa_admin_hp" class="frm_input" size="30">
<input type="text" name="qa_admin_hp" value="<?php echo get_sanitize_input($qaconfig['qa_admin_hp']); ?>" id="qa_admin_hp" class="frm_input" size="30">
</td>
</tr>
<tr>
<th scope="row"><label for="qa_admin_email">관리자 이메일</label></th>
<td>
<?php echo help('관리자 이메일을 입력하시면 문의글 등록시 등록하신 이메일로 알림이 전송됩니다.'); ?>
<input type="text" name="qa_admin_email" value="<?php echo $qaconfig['qa_admin_email'] ?>" id="qa_admin_email" class="frm_input" size="50">
<input type="text" name="qa_admin_email" value="<?php echo get_sanitize_input($qaconfig['qa_admin_email']); ?>" id="qa_admin_email" class="frm_input" size="50">
</td>
</tr>
<tr>

2
adm/qa_config_update.php
View File

@ -15,7 +15,7 @@ $qaconfig = get_qa_config();
$check_keys = array('qa_title', 'qa_category', 'qa_skin', 'qa_mobile_skin', 'qa_use_email', 'qa_req_email', 'qa_use_hp', 'qa_req_hp', 'qa_use_sms', 'qa_send_number', 'qa_admin_hp', 'qa_admin_email', 'qa_subject_len', 'qa_mobile_subject_len', 'qa_page_rows', 'qa_mobile_page_rows', 'qa_image_width', 'qa_upload_size');
foreach($check_keys as $key){
$$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags($_POST[$key]) : '';
$$key = $_POST[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
}
$qa_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($qa_include_head, 0, 255));

4
adm/sms_admin/form_update.php
View File

@ -4,8 +4,8 @@ include_once("./_common.php");
auth_check($auth[$sub_menu], "w");
$fo_name = isset($fo_name) ? strip_tags($fo_name) : '';
$fo_content = isset($fo_content) ? strip_tags($fo_content) : '';
$fo_name = isset($fo_name) ? strip_tags(clean_xss_attributes($fo_name)) : '';
$fo_content = isset($fo_content) ? strip_tags(clean_xss_attributes($fo_content)) : '';
$g5['title'] = "이모티콘 업데이트";

2
adm/sms_admin/form_write.php
View File

@ -48,7 +48,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row"><label for="fo_name">제목<strong class="sound_only"> 필수</strong></label></th>
<td><input type="text" name="fo_name" id="fo_name" required value="<?php echo $write['fo_name']?>" class="frm_input required" size="70"></td>
<td><input type="text" name="fo_name" id="fo_name" required value="<?php echo get_sanitize_input($write['fo_name']); ?>" class="frm_input required" size="70"></td>
</tr>
<tr>
<th scope="row">메세지</th>

4
adm/sms_admin/num_group.php
View File

@ -129,7 +129,7 @@ function num_group_submit(f)
<select name="select_bg_no_999" id="select_bg_no_999" onchange="move(<?php echo $no_group['bg_no']?>, '<?php echo $no_group['bg_name']?>', this);" >
<option value=""></option>
<?php for ($i=0; $i<count($group); $i++) { ?>
<option value="<?php echo $group[$i]['bg_no']?>"> <?php echo $group[$i]['bg_name']?> </option>
<option value="<?php echo $group[$i]['bg_no']?>"> <?php echo get_sanitize_input($group[$i]['bg_name']); ?> </option>
<?php } ?>
</select>
</td>
@ -150,7 +150,7 @@ function num_group_submit(f)
</td>
<td>
<label for="bg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
<input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['bg_name']?>" id="bg_name_<?php echo $i; ?>" class="frm_input">
<input type="text" name="bg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['bg_name']); ?>" id="bg_name_<?php echo $i; ?>" class="frm_input">
</td>
<td class="td_num"><?php echo number_format($group[$i]['bg_count'])?></td>
<td class="td_num"><?php echo number_format($group[$i]['bg_member'])?></td>

10
adm/sms_admin/num_group_update.php
View File

@ -11,7 +11,7 @@ if ($w == 'u') // 업데이트
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$bg_no = (int) $_POST['bg_no'][$k];
$bg_name = strip_tags($_POST['bg_name'][$k]);
$bg_name = strip_tags(clean_xss_attributes($_POST['bg_name'][$k]));
if (!is_numeric($bg_no))
alert('그룹 고유번호가 없습니다.');
@ -23,11 +23,11 @@ if ($w == 'u') // 업데이트
if (!strlen(trim($bg_name)))
alert('그룹명을 입력해주세요');
$res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='$bg_name'");
$res = sql_fetch("select bg_name from {$g5['sms5_book_group_table']} where bg_no<>'$bg_no' and bg_name='".sql_real_escape_string($bg_name)."'");
if ($res)
alert('같은 그룹명이 존재합니다.');
sql_query("update {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."' where bg_no='$bg_no'");
sql_query("update {$g5['sms5_book_group_table']} set bg_name='".sql_real_escape_string($bg_name)."' where bg_no='$bg_no'");
}
}
else if ($w == 'de') // 그룹삭제
@ -63,7 +63,7 @@ else if ($w == 'em') // 비우기
}
else // 등록
{
$bg_name = strip_tags($bg_name);
$bg_name = strip_tags(clean_xss_attributes($bg_name));
if (!strlen(trim($bg_name)))
alert('그룹명을 입력해주세요');
@ -72,7 +72,7 @@ else // 등록
if ($res)
alert('같은 그룹명이 존재합니다.');
sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."'");
sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
}
goto_url('./num_group.php');

2
lib/common.lib.php
View File

@ -3574,7 +3574,7 @@ function get_member_profile_img($mb_id='', $width='', $height='', $alt='profile_
// 프로필 이미지가 없을때 기본 이미지
$no_profile_img = (defined('G5_THEME_NO_PROFILE_IMG') && G5_THEME_NO_PROFILE_IMG) ? G5_THEME_NO_PROFILE_IMG : G5_NO_PROFILE_IMG;
$tmp = array();
preg_match( '/src="([^"]*)"/i', $foo, $tmp );
preg_match( '/src="([^"]*)"/i', $no_profile_img, $tmp );
$no_profile_cache = $src = isset($tmp[1]) ? $tmp[1] : G5_IMG_URL.'/no_profile.gif';
}
}