From b28796dd2841f4db0af7ebae2d1b1dd5e40eafe3 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 3 Mar 2020 18:41:45 +0900
Subject: [PATCH 1/3] =?UTF-8?q?[KVE-2020-0115,0120]=EA=B7=B8=EB=88=84?=
 =?UTF-8?q?=EB=B3=B4=EB=93=9CRCE=EB=B0=8FXSS=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/faqlist.php               |  8 +++++---
 lib/Cache/FileCache.class.php | 19 ++++++++++++++-----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/adm/faqlist.php b/adm/faqlist.php
index 80319c82f..6f4849bb0 100644
--- a/adm/faqlist.php
+++ b/adm/faqlist.php
@@ -68,15 +68,17 @@ $result = sql_query($sql);
         $num = $i + 1;
 
         $bg = 'bg'.($i%2);
+
+        $fa_subject = conv_content($row['fa_subject'], 1);
     ?>
 
     <tr class="<?php echo $bg; ?>">
         <td class="td_num"><?php echo $num; ?></td>
-        <td class="td_left"><?php echo stripslashes($row['fa_subject']); ?></td>
+        <td class="td_left"><?php echo $fa_subject; ?></td>
         <td class="td_num"><?php echo $row['fa_order']; ?></td>
         <td class="td_mng td_mng_m">
-            <a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>수정</a>
-            <a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo stripslashes($row['fa_subject']); ?> </span>삭제</a>
+            <a href="./faqform.php?w=u&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" class="btn btn_03"><span class="sound_only"><?php echo $fa_subject; ?> </span>수정</a>
+            <a href="./faqformupdate.php?w=d&amp;fm_id=<?php echo $row['fm_id']; ?>&amp;fa_id=<?php echo $row['fa_id']; ?>" onclick="return delete_confirm(this);" class="btn btn_02"><span class="sound_only"><?php echo $fa_subject; ?> </span>삭제</a>
         </td>
     </tr>
 
diff --git a/lib/Cache/FileCache.class.php b/lib/Cache/FileCache.class.php
index f65948947..529312a5f 100644
--- a/lib/Cache/FileCache.class.php
+++ b/lib/Cache/FileCache.class.php
@@ -67,8 +67,14 @@ class FileCache
 		{
 			return FALSE;
 		}
-
-		$data = unserialize(file_get_contents( $cache_file_path ));
+        
+        try{
+            $file_contents = file_get_contents($cache_file_path);
+            $file_ex = explode("\n\n", $file_contents);
+            $data = unserialize(base64_decode($file_ex[1]));
+        } catch(Exception $e){
+            $data = array('ttl'=>1, 'time'=>time() - 1000);
+        }
 
 		if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl'])
 		{
@@ -135,7 +141,10 @@ class FileCache
 			'data'		=> $data
 		);
 
-		if ($this->write_file($cache_file_path, serialize($contents)))
+        $cache_content = "<?php if (!defined('_GNUBOARD_')) exit; ?>\n\n";
+        $cache_content .= base64_encode(serialize($contents));
+
+		if ($this->write_file($cache_file_path, $cache_content))
 		{
 			chmod($cache_file_path, G5_FILE_PERMISSION);
 			return TRUE;
@@ -167,7 +176,7 @@ class FileCache
         if ($ttl !== null) {
             $expire = time() + $ttl;
         }
-        return serialize(array($data, $expire));
+        return base64_encode(serialize(array($data, $expire)));
     }
 
     /**
@@ -181,7 +190,7 @@ class FileCache
      */
     public function decode($data)
     {
-        return unserialize($data);
+        return unserialize(base64_decode($data));
     }
 }
 ?>
\ No newline at end of file

From a8292a51bdf807304679087b4e054d4ba3e324c3 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 3 Mar 2020 18:46:17 +0900
Subject: [PATCH 2/3] =?UTF-8?q?php=20deprecated=20=EC=82=AC=EC=9A=A9?=
 =?UTF-8?q?=EB=90=98=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=9E=AC=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/board_form_update.php | 2 +-
 g4_import_run.php         | 2 +-
 install/install_db.php    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index b0bbf6889..bea127247 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -204,7 +204,7 @@ if ($w == '') {
     $file = file('./sql_write.sql');
     $file = get_db_create_replace($file);
 
-    $sql = implode($file, "\n");
+    $sql = implode("\n", $file);
 
     $create_table = $g5['write_prefix'] . $bo_table;
 
diff --git a/g4_import_run.php b/g4_import_run.php
index 6681df0e8..a0515bbaa 100644
--- a/g4_import_run.php
+++ b/g4_import_run.php
@@ -337,7 +337,7 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     // 게시판 테이블 생성
     $bo_table = $row['bo_table'];
     $file = file(G5_ADMIN_PATH.'/sql_write.sql');
-    $sql = implode($file, "\n");
+    $sql = implode("\n", $file);
 
     $create_table = $g5['write_prefix'] . $bo_table;
 
diff --git a/install/install_db.php b/install/install_db.php
index bc0207763..89e78a8ec 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -292,7 +292,7 @@ for ($i=0; $i<count($tmp_bo_table); $i++)
     // 게시판 테이블 생성
     $file = file("../".G5_ADMIN_DIR."/sql_write.sql");
     $file = get_db_create_replace($file);
-    $sql = implode('\n', $file);
+    $sql = implode("\n", $file);
 
     $create_table = $table_prefix.'write_' . $tmp_bo_table[$i];
 

From c1adf30b055a696de03eca38b4e65e404e627495 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 3 Mar 2020 18:47:15 +0900
Subject: [PATCH 3/3] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.2.2=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index e81c9ad4a..18985003a 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.4.2.1');
+define('G5_GNUBOARD_VER', '5.4.2.2');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);