firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/yc5

Browse Source
This commit is contained in:
SIR
2014-10-17 17:07:51 +09:00
parent 61c3ea12ba d1bdec2796
commit 512be0df53
25 changed files with 39 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/boardgroupmember_form.php
View File

@ -20,7 +20,7 @@ $colspan = 4;
<input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
<input type="hidden" name="token" value="<?php echo $token ?>" id="token">
<div class="local_cmd01 local_cmd">
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo $mb['mb_name'] ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<p>아이디 <b><?php echo $mb['mb_id'] ?></b>, 이름 <b><?php echo get_text($mb['mb_name']); ?></b>, 닉네임 <b><?php echo $mb['mb_nick'] ?></b></p>
<label for="gr_id">그룹지정</label>
<select name="gr_id" id="gr_id">
<option value="">접근가능 그룹을 선택하세요.</option>

2
adm/boardgroupmember_list.php
View File

@ -117,7 +117,7 @@ $colspan = 7;
</td>
<td class="td_grid"><?php echo $group ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_name sv_use"><?php echo $mb_nick ?></td>
<td class="td_datetime"><?php echo substr($row['mb_today_login'],2,8) ?></td>
<td class="td_datetime"><?php echo $row['gm_datetime'] ?></td>

4
adm/index.php
View File

@ -102,7 +102,7 @@ $colspan = 12;
?>
<tr>
<td class="td_mbid"><?php echo $mb_id ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_num"><?php echo $row['mb_level'] ?></td>
<td><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo number_format($row['mb_point']) ?></a></td>
@ -284,7 +284,7 @@ $colspan = 7;
<tr>
<td class="td_mbid"><a href="./point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_datetime"><?php echo $row['po_datetime'] ?></td>
<td><?php echo $link1.$row['po_content'].$link2 ?></td>

4
adm/mail_select_list.php
View File

@ -93,7 +93,7 @@ include_once('./admin.head.php');
$cr = "";
while ($row=sql_fetch_array($result)) {
$i++;
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . get_text($row['mb_name']) . "||" . $row['mb_nick'] . "||" . $row['mb_datetime'];
$cr = "\n";
$bg = 'bg'.($i%2);
@ -101,7 +101,7 @@ include_once('./admin.head.php');
<tr class="<?php echo $bg; ?>">
<td class="td_num"><?php echo $i ?></td>
<td class="td_mbid"><?php echo $row['mb_id'] ?></td>
<td class="td_mbname"><?php echo $row['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td class="td_mbname"><?php echo $row['mb_nick'] ?></td>
<td><?php echo $row['mb_email'] ?></td>
</tr>

2
adm/mail_test.php
View File

@ -13,7 +13,7 @@ check_demo();
$g5['title'] = '회원메일 테스트';
$name = $member['mb_name'];
$name = get_text($member['mb_name']);
$nick = $member['mb_nick'];
$mb_id = $member['mb_id'];
$email = $member['mb_email'];

4
adm/member_list.php
View File

@ -213,11 +213,11 @@ $colspan = 16;
<tr class="<?php echo $bg; ?>">
<td headers="mb_list_chk" class="td_chk" rowspan="2">
<input type="hidden" name="mb_id[<?php echo $i ?>]" value="<?php echo $row['mb_id'] ?>" id="mb_id_<?php echo $i ?>">
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $row['mb_name']; ?> <?php echo $row['mb_nick']; ?>님</label>
<label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo get_text($row['mb_name']); ?> <?php echo $row['mb_nick']; ?>님</label>
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td headers="mb_list_id" rowspan="2" class="td_name sv_use"><?php echo $mb_id ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo $row['mb_name']; ?></td>
<td headers="mb_list_name" class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td headers="mb_list_cert" colspan="6" class="td_mbcert">
<input type="radio" name="mb_certify[<?php echo $i; ?>]" value="ipin" id="mb_certify_ipin_<?php echo $i; ?>" <?php echo $row['mb_certify']=='ipin'?'checked':''; ?>>
<label for="mb_certify_ipin_<?php echo $i; ?>">아이핀</label>

2
adm/point_list.php
View File

@ -163,7 +163,7 @@ function point_clear()
<input type="checkbox" name="chk[]" value="<?php echo $i ?>" id="chk_<?php echo $i ?>">
</td>
<td class="td_mbid"><a href="?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo $row['mb_id'] ?></a></td>
<td class="td_mbname"><?php echo $row2['mb_name'] ?></td>
<td class="td_mbname"><?php echo get_text($row2['mb_name']); ?></td>
<td class="td_name sv_use"><div><?php echo $mb_nick ?></div></td>
<td class="td_pt_log"><?php echo $link1 ?><?php echo $row['po_content'] ?><?php echo $link2 ?></td>
<td class="td_num td_pt"><?php echo number_format($row['po_point']) ?></td>

4
adm/shop_admin/couponformupdate.php
View File

@ -150,7 +150,7 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) {
// SMS
if($config['cf_sms_use'] == 'icode' && $_POST['cp_sms_send'] && $arr_send_list[$i]['mb_hp'] && $arr_send_list[$i]['mb_sms']) {
$sms_contents = $cp_subject.' 쿠폰이 '.$arr_send_list[$i]['mb_name'].'님께 발행됐습니다. 쿠폰만료 : '.$cp_end.' '.str_replace('http://', '', G5_URL);
$sms_contents = $cp_subject.' 쿠폰이 '.get_text($arr_send_list[$i]['mb_name']).'님께 발행됐습니다. 쿠폰만료 : '.$cp_end.' '.str_replace('http://', '', G5_URL);
$sms_contents = iconv_euckr($sms_contents);
if($sms_contents) {
@ -166,7 +166,7 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) {
// E-MAIL
if($config['cf_email_use'] && $_POST['cp_email_send'] && $arr_send_list[$i]['mb_email'] && $arr_send_list[$i]['mb_mailling']) {
$mb_name = $arr_send_list[$i]['mb_name'];
$mb_name = get_text($arr_send_list[$i]['mb_name']);
switch($cp_method) {
case 2:
$coupon_method = '결제금액할인';

2
adm/shop_admin/couponmember.php
View File

@ -59,7 +59,7 @@ $qstr1 = 'mb_name='.$_GET['mb_name'];
for($i=0; $row=sql_fetch_array($result); $i++) {
?>
<tr>
<td class="td_mbname"><?php echo $row['mb_name']; ?></td>
<td class="td_mbname"><?php echo get_text($row['mb_name']); ?></td>
<td><?php echo $row['mb_id']; ?></td>
<td class="scp_find_select"><button type="button" class="btn_frmline" onclick="sel_member_id('<?php echo $row['mb_id']; ?>');">선택</button></td>
</tr>

2
adm/shop_admin/itemqaform.php
View File

@ -12,7 +12,7 @@ $sql = " select *
$iq = sql_fetch($sql);
if (!$iq['iq_id']) alert('등록된 자료가 없습니다.');
$name = get_sideview($is['mb_id'], $iq['iq_name'], $is['mb_email'], $is['mb_homepage']);
$name = get_sideview($is['mb_id'], get_text($iq['iq_name']), $is['mb_email'], $is['mb_homepage']);
$g5['title'] = '상품문의';
include_once (G5_ADMIN_PATH.'/admin.head.php');

2
adm/shop_admin/itemqalist.php
View File

@ -120,7 +120,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</
for ($i=0; $row=mysql_fetch_array($result); $i++) {
$row['iq_subject'] = cut_str($row['iq_subject'], 30, "...");
$href = G5_SHOP_URL.'/item.php?it_id='.$row['it_id'];
$name = get_sideview($row['mb_id'], $row['iq_name'], $row['mb_email'], $row['mb_homepage']);
$name = get_sideview($row['mb_id'], get_text($row['iq_name']), $row['mb_email'], $row['mb_homepage']);
$answer = $row['iq_answer'] ? 'Y' : '&nbsp;';
$iq_question = get_view_thumbnail($row['iq_question'], 300);
$iq_answer = $row['iq_answer'] ? get_view_thumbnail($row['iq_answer'], 300) : "답변이 등록되지 않았습니다.";

2
adm/shop_admin/orderlist.php
View File

@ -288,7 +288,7 @@ if(!sql_query(" select mb_id from {$g5['g5_shop_order_delete_table']} limit 1 ",
if ($row['od_receipt_point'] > 0)
$s_receipt_way .= $s_br."포인트";
$mb_nick = get_sideview($row['mb_id'], $row['od_name'], $row['od_email'], '');
$mb_nick = get_sideview($row['mb_id'], get_text($row['od_name']), $row['od_email'], '');
$od_cnt = 0;
if ($row['mb_id'])

6
adm/sms_admin/ajax.sms_write_person.php
View File

@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $res['bk_no']; ?>" class="sound_only"><?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $res['bk_no']; ?>">
</td>
<!-- <td class="td_name"><?php echo $group_name?></td> -->
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td><?php echo $res['bk_hp']?></td>
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '수신' : '거부'?></td> -->
<!-- <td class="td_boolean"><?php echo $res['bk_receipt'] ? '예' : ''?></td> -->
<td class="td_boolean"><?php echo $res['mb_id'] ? '회원' : '비회원'?></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo $res['bk_name']?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
<td class="td_mngsmall"><button type="button" class="btn_frmline" onclick="sms_obj.person_add(<?php echo $res['bk_no']?>, '<?php echo get_text($res['bk_name']) ?>', '<?php echo $res['bk_hp']?>')">추가</button></td>
</tr>
<?php } ?>
</tbody>

2
adm/sms_admin/member_update_run.php
View File

@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry))
if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms'];
$field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'";
$res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'");
if ($res2) // 기존에 등록되어 있을 경우 업데이트

4
adm/sms_admin/num_book.php
View File

@ -181,12 +181,12 @@ function no_hp_click(val)
?>
<tr class="<?php echo $bg; ?>">
<td class="td_chk">
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo $res['bk_name']?></label>
<label for="bk_no_<?php echo $i; ?>" class="sound_only"><?php echo $group_name?>의 <?php echo get_text($res['bk_name']) ?></label>
<input type="checkbox" name="bk_no[]" value="<?php echo $res['bk_no']?>" id="bk_no_<?php echo $i; ?>">
</td>
<td class="td_num"><?php echo number_format($vnum--)?></td>
<td><?php echo $group_name?></td>
<td class="td_mbname"><?php echo $res['bk_name']?></td>
<td class="td_mbname"><?php echo get_text($res['bk_name']) ?></td>
<td class="td_numbig"><?php echo $res['bk_hp']?></td>
<td class="td_boolean"><?php echo $res['bk_receipt'] ? '<font color=blue>수신</font>' : '<font color=red>거부</font>'?></td>
<td class="td_mbid"><?php echo $res['mb_id'] ? $res['mb_id'] : '비회원'?></td>

4
bbs/new.php
View File

@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
$list[$i] = $row2;
$name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
$name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row2['wr_datetime'],0,10);
$datetime2 = $row2['wr_datetime'];
@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$list[$i]['wr_email'] = $row3['wr_email'];
$list[$i]['wr_homepage'] = $row3['wr_homepage'];
$name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
$name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row3['wr_datetime'],0,10);
$datetime2 = $row3['wr_datetime'];

2
bbs/profile.php
View File

@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}')
$row = sql_fetch($sql);
$mb_reg_after = $row['days'];
$mb_homepage = set_http($mb['mb_homepage']);
$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage']));
$mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.';
include_once($member_skin_path.'/profile.skin.php');

3
bbs/register_form_update.php
View File

@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') {
if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true);
}
$mb_name = clean_xss_tags($mb_name);
$mb_email = get_email_address($mb_email);
$mb_homepage = clean_xss_tags($mb_homepage);
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
$mb_addr1 = clean_xss_tags($mb_addr1);

9
bbs/write_update.php
View File

@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') {
if ($member['mb_id']) {
$mb_id = $member['mb_id'];
$wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'];
$wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']));
$wr_password = $member['mb_password'];
$wr_email = $member['mb_email'];
$wr_homepage = $member['mb_homepage'];
$wr_email = addslashes($member['mb_email']);
$wr_homepage = addslashes(clean_xss_tags($member['mb_homepage']));
} else {
$mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음
$wr_name = trim($_POST['wr_name']);
$wr_name = clean_xss_tags(trim($_POST['wr_name']));
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email']));
$wr_homepage = clean_xss_tags($wr_homepage);
}
if ($w == 'r') {

2
lib/common.lib.php
View File

@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
global $bo_table, $sca, $is_admin, $member;
$email = base64_encode($email);
$homepage = set_http($homepage);
$homepage = set_http(clean_xss_tags($homepage));
$name = preg_replace("/\&#039;/", "", $name);
$name = preg_replace("/\'/", "", $name);

2
mobile/skin/member/basic/register_result.skin.php
View File

@ -8,7 +8,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<div id="reg_result" class="mbskin">
<p>
<strong><?php echo $mb['mb_name'] ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
<strong><?php echo get_text($mb['mb_name']); ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
</p>
<?php if ($config['cf_use_email_certify']) { ?>

2
shop/itemqaformupdate.php
View File

@ -12,7 +12,7 @@ $iq_answer = trim($_POST['iq_answer']);
$hash = trim($_REQUEST['hash']);
if ($w == "" || $w == "u") {
$iq_name = $member['mb_name'];
$iq_name = addslashes($member['mb_name']);
$iq_password = $member['mb_password'];
if (!$iq_subject) alert("제목을 입력하여 주십시오.");

2
shop/itemrecommendmail.php
View File

@ -36,7 +36,7 @@ if (!$it['it_id'])
$subject = stripslashes($subject);
$content = nl2br(stripslashes($content));
$from_name = $member['mb_name'];
$from_name = get_text($member['mb_name']);
$from_email = $member['mb_email'];
$it_id = $it['it_id'];
$it_name = $it['it_name'];

2
shop/itemuseformupdate.php
View File

@ -16,7 +16,7 @@ $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
check_itemuse_write($it_id, $member['mb_id']);
if ($w == "" || $w == "u") {
$is_name = $member['mb_name'];
$is_name = addslashes($member['mb_name']);
$is_password = $member['mb_password'];
if (!$is_subject) alert("제목을 입력하여 주십시오.");

2
skin/member/basic/register_result.skin.php
View File

@ -9,7 +9,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<div id="reg_result" class="mbskin">
<p>
<strong><?php echo $mb['mb_name'] ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
<strong><?php echo get_text($mb['mb_name']); ?></strong>님의 회원가입을 진심으로 축하합니다.<br>
</p>
<?php if ($config['cf_use_email_certify']) { ?>