diff --git a/adm/boardgroupmember_form.php b/adm/boardgroupmember_form.php index 01df7dcfa..70d014c82 100644 --- a/adm/boardgroupmember_form.php +++ b/adm/boardgroupmember_form.php @@ -20,7 +20,7 @@ $colspan = 4;
-

아이디 , 이름 , 닉네임

+

아이디 , 이름 , 닉네임

- + - + > diff --git a/adm/point_list.php b/adm/point_list.php index 8d127e1aa..08f44d5b1 100644 --- a/adm/point_list.php +++ b/adm/point_list.php @@ -163,7 +163,7 @@ function point_clear() - +
diff --git a/adm/shop_admin/couponformupdate.php b/adm/shop_admin/couponformupdate.php index 6d907567f..de5daaf83 100644 --- a/adm/shop_admin/couponformupdate.php +++ b/adm/shop_admin/couponformupdate.php @@ -150,7 +150,7 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) { // SMS if($config['cf_sms_use'] == 'icode' && $_POST['cp_sms_send'] && $arr_send_list[$i]['mb_hp'] && $arr_send_list[$i]['mb_sms']) { - $sms_contents = $cp_subject.' 쿠폰이 '.$arr_send_list[$i]['mb_name'].'님께 발행됐습니다. 쿠폰만료 : '.$cp_end.' '.str_replace('http://', '', G5_URL); + $sms_contents = $cp_subject.' 쿠폰이 '.get_text($arr_send_list[$i]['mb_name']).'님께 발행됐습니다. 쿠폰만료 : '.$cp_end.' '.str_replace('http://', '', G5_URL); $sms_contents = iconv_euckr($sms_contents); if($sms_contents) { @@ -166,7 +166,7 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) { // E-MAIL if($config['cf_email_use'] && $_POST['cp_email_send'] && $arr_send_list[$i]['mb_email'] && $arr_send_list[$i]['mb_mailling']) { - $mb_name = $arr_send_list[$i]['mb_name']; + $mb_name = get_text($arr_send_list[$i]['mb_name']); switch($cp_method) { case 2: $coupon_method = '결제금액할인'; diff --git a/adm/shop_admin/couponmember.php b/adm/shop_admin/couponmember.php index 37f1e8002..65a7082f9 100644 --- a/adm/shop_admin/couponmember.php +++ b/adm/shop_admin/couponmember.php @@ -59,7 +59,7 @@ $qstr1 = 'mb_name='.$_GET['mb_name']; for($i=0; $row=sql_fetch_array($result); $i++) { ?> - + diff --git a/adm/shop_admin/itemqaform.php b/adm/shop_admin/itemqaform.php index 17310d9eb..e94b4381f 100644 --- a/adm/shop_admin/itemqaform.php +++ b/adm/shop_admin/itemqaform.php @@ -12,7 +12,7 @@ $sql = " select * $iq = sql_fetch($sql); if (!$iq['iq_id']) alert('등록된 자료가 없습니다.'); -$name = get_sideview($is['mb_id'], $iq['iq_name'], $is['mb_email'], $is['mb_homepage']); +$name = get_sideview($is['mb_id'], get_text($iq['iq_name']), $is['mb_email'], $is['mb_homepage']); $g5['title'] = '상품문의'; include_once (G5_ADMIN_PATH.'/admin.head.php'); diff --git a/adm/shop_admin/itemqalist.php b/adm/shop_admin/itemqalist.php index a02e21f9f..ee2024e9b 100644 --- a/adm/shop_admin/itemqalist.php +++ b/adm/shop_admin/itemqalist.php @@ -120,7 +120,7 @@ $listall = '전체목록 0) $s_receipt_way .= $s_br."포인트"; - $mb_nick = get_sideview($row['mb_id'], $row['od_name'], $row['od_email'], ''); + $mb_nick = get_sideview($row['mb_id'], get_text($row['od_name']), $row['od_email'], ''); $od_cnt = 0; if ($row['mb_id']) diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php index 686f4a8fa..d30820d19 100644 --- a/adm/sms_admin/ajax.sms_write_person.php +++ b/adm/sms_admin/ajax.sms_write_person.php @@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res); ?> - + - + - + diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php index 41467cd53..94efc229c 100644 --- a/adm/sms_admin/member_update_run.php +++ b/adm/sms_admin/member_update_run.php @@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry)) if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms']; - $field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'"; + $field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'"; $res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'"); if ($res2) // 기존에 등록되어 있을 경우 업데이트 diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php index 0a7422410..1e31e18b5 100644 --- a/adm/sms_admin/num_book.php +++ b/adm/sms_admin/num_book.php @@ -181,12 +181,12 @@ function no_hp_click(val) ?> - + - + 수신' : '거부'?> diff --git a/bbs/new.php b/bbs/new.php index 5c9919e1e..f8fc7ecc4 100644 --- a/bbs/new.php +++ b/bbs/new.php @@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' "); $list[$i] = $row2; - $name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']); + $name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row2['wr_datetime'],0,10); $datetime2 = $row2['wr_datetime']; @@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $list[$i]['wr_email'] = $row3['wr_email']; $list[$i]['wr_homepage'] = $row3['wr_homepage']; - $name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']); + $name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row3['wr_datetime'],0,10); $datetime2 = $row3['wr_datetime']; diff --git a/bbs/profile.php b/bbs/profile.php index 8169ddae0..158f32ead 100644 --- a/bbs/profile.php +++ b/bbs/profile.php @@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}') $row = sql_fetch($sql); $mb_reg_after = $row['days']; -$mb_homepage = set_http($mb['mb_homepage']); +$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage'])); $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.'; include_once($member_skin_path.'/profile.skin.php'); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 663349912..6359a5fdd 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') { if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true); } +$mb_name = clean_xss_tags($mb_name); +$mb_email = get_email_address($mb_email); +$mb_homepage = clean_xss_tags($mb_homepage); $mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1); $mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2); $mb_addr1 = clean_xss_tags($mb_addr1); diff --git a/bbs/write_update.php b/bbs/write_update.php index cdb140102..1124b849c 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') { if ($member['mb_id']) { $mb_id = $member['mb_id']; - $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = trim($_POST['wr_name']); + $wr_name = clean_xss_tags(trim($_POST['wr_name'])); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); $wr_email = get_email_address(trim($_POST['wr_email'])); + $wr_homepage = clean_xss_tags($wr_homepage); } if ($w == 'r') { diff --git a/lib/common.lib.php b/lib/common.lib.php index b22069f57..509e7dfa0 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='') global $bo_table, $sca, $is_admin, $member; $email = base64_encode($email); - $homepage = set_http($homepage); + $homepage = set_http(clean_xss_tags($homepage)); $name = preg_replace("/\'/", "", $name); $name = preg_replace("/\'/", "", $name); diff --git a/mobile/skin/member/basic/register_result.skin.php b/mobile/skin/member/basic/register_result.skin.php index a9b5ce1a4..288b1ba4e 100644 --- a/mobile/skin/member/basic/register_result.skin.php +++ b/mobile/skin/member/basic/register_result.skin.php @@ -8,7 +8,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.

diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index f524ed02c..b4d1dc7f9 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -12,7 +12,7 @@ $iq_answer = trim($_POST['iq_answer']); $hash = trim($_REQUEST['hash']); if ($w == "" || $w == "u") { - $iq_name = $member['mb_name']; + $iq_name = addslashes($member['mb_name']); $iq_password = $member['mb_password']; if (!$iq_subject) alert("제목을 입력하여 주십시오."); diff --git a/shop/itemrecommendmail.php b/shop/itemrecommendmail.php index 2be39e147..b3504754b 100644 --- a/shop/itemrecommendmail.php +++ b/shop/itemrecommendmail.php @@ -36,7 +36,7 @@ if (!$it['it_id']) $subject = stripslashes($subject); $content = nl2br(stripslashes($content)); -$from_name = $member['mb_name']; +$from_name = get_text($member['mb_name']); $from_email = $member['mb_email']; $it_id = $it['it_id']; $it_name = $it['it_name']; diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 642330d2a..45ddb11c2 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -16,7 +16,7 @@ $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score']; check_itemuse_write($it_id, $member['mb_id']); if ($w == "" || $w == "u") { - $is_name = $member['mb_name']; + $is_name = addslashes($member['mb_name']); $is_password = $member['mb_password']; if (!$is_subject) alert("제목을 입력하여 주십시오."); diff --git a/skin/member/basic/register_result.skin.php b/skin/member/basic/register_result.skin.php index 095e6951d..87003203f 100644 --- a/skin/member/basic/register_result.skin.php +++ b/skin/member/basic/register_result.skin.php @@ -9,7 +9,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.