diff --git a/bbs/board.php b/bbs/board.php
index 1cea54ef4..7c60a5255 100644
--- a/bbs/board.php
+++ b/bbs/board.php
@@ -1,8 +1,6 @@
';
+if ($board['bo_image_tail']) {
+ echo '
';
+}
// 게시판 관리의 하단 파일 경로
-if ($board[bo_include_tail])
- @include ($board[bo_include_tail]);
+if ($board['bo_include_tail']) {
+ @include ($board['bo_include_tail']);
+}
?>
\ No newline at end of file
diff --git a/bbs/write.php b/bbs/write.php
index dc4c489c0..3262671fd 100644
--- a/bbs/write.php
+++ b/bbs/write.php
@@ -1,62 +1,67 @@
0) ? $member[mb_point] : 0;
- if ($tmp_point + $board[bo_write_point] < 0 && !$is_admin)
- alert('보유하신 포인트('.number_format($member[mb_point]).')가 없거나 모자라서 글쓰기('.number_format($board[bo_write_point]).')가 불가합니다.'.PHP_EOL.PHP_EOL.'포인트를 적립하신 후 다시 글쓰기 해 주십시오.');
+ if ($is_member) {
+ $tmp_point = ($member['mb_point'] > 0) ? $member['mb_point'] : 0;
+ if ($tmp_point + $board['bo_write_point'] < 0 && !$is_admin) {
+ alert('보유하신 포인트('.number_format($member['mb_point']).')가 없거나 모자라서 글쓰기('.number_format($board['bo_write_point']).')가 불가합니다.'.PHP_EOL.PHP_EOL.'포인트를 적립하신 후 다시 글쓰기 해 주십시오.');
+ }
+ }
$title_msg = '글쓰기';
-}
-else if ($w == 'u')
-{
+} else if ($w == 'u') {
// 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함
//if ($member[mb_level] < $board[bo_write_level]) {
- if($member['mb_id'] && $write['mb_id'] == $member['mb_id'])
+ if($member['mb_id'] && $write['mb_id'] == $member['mb_id']) {
;
- else if ($member[mb_level] < $board[bo_write_level]) {
- if ($member[mb_id])
+ } else if ($member['mb_level'] < $board['bo_write_level']) {
+ if ($member['mb_id']) {
alert('글을 수정할 권한이 없습니다.');
- else
+ } else {
alert('글을 수정할 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&url='.urlencode($_SERVER[PHP_SELF].'?bo_table='.$bo_table));
+ }
}
$len = strlen($write[wr_reply]);
@@ -83,9 +88,7 @@ else if ($w == 'u')
alert('이 글과 관련된 코멘트가 존재하므로 수정 할 수 없습니다.'.PHP_EOL.PHP_EOL.'코멘트가 '.$board[bo_count_modify].'건 이상 달린 원글은 수정할 수 없습니다.');
$title_msg = '글수정';
-}
-else if ($w == 'r')
-{
+} else if ($w == 'r') {
if ($member[mb_level] < $board[bo_reply_level]) {
if ($member[mb_id])
alert('글을 답변할 권한이 없습니다.');
@@ -158,84 +161,70 @@ else if ($w == 'r')
$reply = $reply_array[wr_reply] . $reply_char;
$title_msg = '글답변';
-} else
- alert('w 값이 제대로 넘어오지 않았습니다.');
-
+}
// 그룹접근 가능
-if ($group[gr_use_access])
-{
- if (!$member[mb_id])
- alert('접근 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&url='.urlencode($_SERVER[PHP_SELF].'?bo_table='.$bo_table));
+if ($group['gr_use_access']) {
+ if ($is_guest) {
+ alert('접근 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+ }
- if ($is_admin == 'super' || $group[gr_admin] == $member[mb_id] || $board[bo_admin] == $member[mb_id])
+ if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) {
; // 통과
- else {
+ } else {
// 그룹접근
$sql = " select gr_id from {$g4[group_member_table]} where gr_id = '{$board[gr_id]}' and mb_id = '{$member[mb_id]}' ";
$row = sql_fetch($sql);
- if (!$row[gr_id])
+ if (!$row['gr_id'])
alert('접근 권한이 없으므로 글쓰기가 불가합니다.'.PHP_EOL.PHP_EOL.'궁금하신 사항은 관리자에게 문의 바랍니다.');
}
}
-$g4['title'] = $title_msg.' > '.$board[bo_subject];
-
-if (($w == 'u' || $w == 'r') && !$write[wr_id])
- alert('글이 존재하지 않습니다.'.PHP_EOL.PHP_EOL.'삭제되었거나 이동된 경우입니다.', $g4['path']);
+$g4['title'] = $title_msg.' > '.$board['bo_subject'];
$is_notice = false;
-if ($is_admin && $w != 'r')
-{
+$notice_checked = '';
+if ($is_admin && $w != 'r') {
$is_notice = true;
- if ($w == 'u')
- {
+ if ($w == 'u') {
// 답변 수정시 공지 체크 없음
- if ($write[wr_reply])
+ if ($write['wr_reply']) {
$is_notice = false;
- else
- {
- $notice_checked = '';
- //if (preg_match("/^".$wr_id."/m", trim($board[bo_notice])))
- //if (preg_match("/[^0-9]{0,1}{$wr_id}[\r]{0,1}/",$board[bo_notice]))
- if (in_array((int)$wr_id, $notice_array))
+ } else {
+ if (in_array((int)$wr_id, $notice_array)) {
$notice_checked = 'checked';
+ }
}
}
}
$is_html = false;
-if ($member[mb_level] >= $board[bo_html_level])
+if ($member['mb_level'] >= $board['bo_html_level'])
$is_html = true;
-/*
-// 에서 무조건 비밀글 사용으로 인한 코드 수정 : 061021
-$is_secret = false;
-if ($board[bo_use_secret])
- $is_secret = true;
-*/
-$is_secret = $board[bo_use_secret];
+$is_secret = $board['bo_use_secret'];
// DHTML 에디터 사용 선택 가능하게 수정 : 061021
//$is_dhtml_editor = $board[bo_use_dhtml_editor];
// 090713
-if ($board[bo_use_dhtml_editor] && $member[mb_level] >= $board[bo_html_level])
+if ($board['bo_use_dhtml_editor'] && $member['mb_level'] >= $board['bo_html_level'])
$is_dhtml_editor = true;
else
$is_dhtml_editor = false;
$is_mail = false;
-if ($config[cf_email_use] && $board[bo_use_email])
+if ($config['cf_email_use'] && $board['bo_use_email'])
$is_mail = true;
$recv_email_checked = '';
-if ($w == '' || strstr($write[wr_option], 'mail'))
+if ($w == '' || strstr($write['wr_option'], 'mail'))
$recv_email_checked = 'checked';
-$is_name = false;
+$is_name = false;
$is_password = false;
-$is_email = false;
-if (!$member[mb_id] || ($is_admin && $w == 'u' && $member[mb_id] != $write[mb_id])) {
+$is_email = false;
+$is_homepage = false;
+if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] != $write['mb_id'])) {
$is_name = true;
$is_password = true;
$is_email = true;
@@ -243,117 +232,135 @@ if (!$member[mb_id] || ($is_admin && $w == 'u' && $member[mb_id] != $write[mb_id
}
$is_category = false;
-if ($board[bo_use_category]) {
- $ca_name = $write[ca_name];
+if ($board['bo_use_category']) {
+ $ca_name = "";
+ if (isset($write['ca_name']))
+ $ca_name = $write['ca_name'];
$category_option = get_category_option($bo_table);
$is_category = true;
}
$is_link = false;
-if ($member[mb_level] >= $board[bo_link_level])
+if ($member['mb_level'] >= $board['bo_link_level']) {
$is_link = true;
+}
$is_file = false;
-if ($member[mb_level] >= $board[bo_upload_level])
+if ($member['mb_level'] >= $board['bo_upload_level']) {
$is_file = true;
+}
$is_file_content = false;
-if ($board[bo_use_file_content])
+if ($board['bo_use_file_content']) {
$is_file_content = true;
+}
// 트랙백
$is_trackback = false;
-if ($board[bo_use_trackback] && $member[mb_level] >= $board[bo_trackback_level])
+if ($board['bo_use_trackback'] && $member['mb_level'] >= $board['bo_trackback_level']) {
$is_trackback = true;
+}
-if ($w == '' || $w == 'r') {
- if ($member[mb_id]) {
- $name = get_text(cut_str($write[wr_name],20));
- $email = $member[mb_email];
- $homepage = get_text($member[mb_homepage]);
+$name = "";
+$email = "";
+$homepage = "";
+if ($w == "" || $w == "r") {
+ if ($is_member) {
+ if (isset($write['wr_name'])) {
+ $name = get_text(cut_str($write['wr_name'],20));
+ }
+ $email = $member['mb_email'];
+ $homepage = get_text($member['mb_homepage']);
}
}
-if ($w == '')
+$html_checked = "";
+$html_value = "";
+$secret_checked = "";
+$trackback = "";
+
+if ($w == '') {
$password_required = 'required';
-else if ($w == 'u') {
+} else if ($w == 'u') {
$password_required = '';
if (!$is_admin) {
- if (!($member[mb_id] && $member[mb_id] == $write[mb_id]))
- if (sql_password($wr_password) != $write[wr_password])
+ if (!($is_member && $member['mb_id'] == $write['mb_id'])) {
+ if (sql_password($wr_password) != $write['wr_password']) {
alert('패스워드가 틀립니다.');
+ }
+ }
}
- $name = get_text(cut_str($write[wr_name],20));
- $email = $write[wr_email];
- $homepage = get_text($write[wr_homepage]);
+ $name = get_text(cut_str($write['wr_name'],20));
+ $email = $write['wr_email'];
+ $homepage = get_text($write['wr_homepage']);
- for ($i=1; $i<=$g4[link_count]; $i++) {
+ for ($i=1; $i<=$g4['link_count']; $i++) {
$write['wr_link'.$i] = get_text($write['wr_link'.$i]);
$link[$i] = $write['wr_link'.$i];
}
- $trackback = $write[wr_trackback];
+ $trackback = $write['wr_trackback'];
- if (strstr($write[wr_option], 'html1')) {
+ if (strstr($write['wr_option'], 'html1')) {
$html_checked = 'checked';
$html_value = 'html1';
- } else if (strstr($write[wr_option], 'html2')) {
+ } else if (strstr($write['wr_option'], 'html2')) {
$html_checked = 'checked';
$html_value = 'html2';
- } else
- $html_value = '';
+ }
- if (strstr($write[wr_option], 'secret'))
+ if (strstr($write['wr_option'], 'secret')) {
$secret_checked = 'checked';
+ }
$file = get_file($bo_table, $wr_id);
} else if ($w == 'r') {
- if (strstr($write[wr_option], 'secret')) {
+ if (strstr($write['wr_option'], 'secret')) {
$is_secret = true;
$secret_checked = 'checked';
}
$password_required = "required";
- for ($i=1; $i<=$g4[link_count]; $i++) {
+ for ($i=1; $i<=$g4['link_count']; $i++) {
$write['wr_link'.$i] = get_text($write['wr_link'.$i]);
}
}
-$subject = preg_replace("/\"/", """, get_text(cut_str($write[wr_subject], 255), 0));
-if ($w == '')
- $content = $board[bo_insert_content];
-else if ($w == 'r') {
- //if (!$write[wr_html]) {
- if (!strstr($write[wr_option], 'html')) {
+$subject = "";
+if (isset($write['wr_subject'])) {
+ $subject = preg_replace("/\"/", """, get_text(cut_str($write['wr_subject'], 255), 0));
+}
+
+if ($w == '') {
+ $content = $board['bo_insert_content'];
+} else if ($w == 'r') {
+ if (!strstr($write['wr_option'], 'html')) {
$content = PHP_EOL.PHP_EOL.PHP_EOL.' > '
- //. "\n> $write[wr_datetime], \"$write[wr_name]\"님이 쓰신 글입니다. ↓"
.PHP_EOL.' > '
- .PHP_EOL.' > '.preg_replace("/\n/", "\n> ", get_text($write[wr_content], 0))
+ .PHP_EOL.' > '.preg_replace("/\n/", "\n> ", get_text($write['wr_content'], 0))
.PHP_EOL.' > '
.PHP_EOL.' > ';
}
-} else
- $content = get_text($write[wr_content], 0);
+} else {
+ $content = get_text($write['wr_content'], 0);
+}
-$upload_max_filesize = number_format($board[bo_upload_size]) . ' 바이트';
+$upload_max_filesize = number_format($board['bo_upload_size']) . ' 바이트';
-$width = $board[bo_table_width];
+$width = $board['bo_table_width'];
if ($width <= 100)
$width .= '%';
// 글자수 제한 설정값
-if ($is_admin)
-{
+if ($is_admin) {
$write_min = $write_max = 0;
-}
-else
-{
- $write_min = (int)$board[bo_write_min];
- $write_max = (int)$board[bo_write_max];
+} else {
+ $write_min = (int)$board['bo_write_min'];
+ $write_max = (int)$board['bo_write_max'];
}
include_once($g4['path'].'/head.sub.php');
@@ -396,8 +403,9 @@ if ($file_length < 0)
include_once ($board_skin_path.'/write.skin.php');
-if (!$member[mb_id])
+if ($is_guest) {
echo ''.PHP_EOL;
+}
// 필터
//echo ''.PHP_EOL;
diff --git a/common.php b/common.php
index 6326a1164..bcc721169 100644
--- a/common.php
+++ b/common.php
@@ -363,29 +363,43 @@ if (isset($sop)) { // search operator (검색 or, and 오퍼레이터)
if (isset($spt)) { // search part (검색 파트[구간])
$spt = (int)$spt;
$qstr .= '&spt=' . urlencode($spt);
+} else {
+ $spt = "";
}
if (isset($page)) { // 리스트 페이지
$page = (int)$page;
$qstr .= '&page=' . urlencode($page);
+} else {
+ $page = "";
+}
+
+if (isset($w)) {
+ $w = substr($w, 0, 2);
+} else {
+ $w = "";
}
if (isset($wr_id)) {
$wr_id = (int)$wr_id;
+} else {
+ $wr_id = 0;
}
if (isset($bo_table)) {
- $bo_table = preg_match("/^[a-zA-Z0-9_]+$/", $bo_table) ? $bo_table : '';
+ $bo_table = substr($bo_table, 0, 20);
+ $bo_table = mysql_real_escape_string($bo_table);
+} else {
+ $bo_table = "";
}
// URL ENCODING
if (isset($url)) {
+ $url = mysql_real_escape_string($url);
$urlencode = urlencode($url);
-}
-else {
- // 2008.01.25 Cross Site Scripting 때문에 수정
- //$urlencode = $_SERVER['REQUEST_URI'];
- $urlencode = urlencode($_SERVER['REQUEST_URI']);
+} else {
+ $url = "";
+ $urlencode = urlencode(mysql_real_escape_string($_SERVER['REQUEST_URI']));
}
//===================================
diff --git a/head.sub.php b/head.sub.php
index 622de5b26..0ad7e660b 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -1,4 +1,4 @@
-
+
diff --git a/index.php b/index.php
index 37f77acdb..070a25d2c 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,4 @@
-'; }
- echo $list[$i]['icon_new'];
- echo $list[$i]['icon_file'];
- echo $list[$i]['icon_link'];
- echo $list[$i]['icon_hot'];
- echo $list[$i]['icon_secret'];
+ if (isset($list[$i]['icon_new'])) echo $list[$i]['icon_new'];
+ if (isset($list[$i]['icon_file'])) echo $list[$i]['icon_file'];
+ if (isset($list[$i]['icon_link'])) echo $list[$i]['icon_link'];
+ if (isset($list[$i]['icon_hot'])) echo $list[$i]['icon_hot'];
+ if (isset($list[$i]['icon_secret'])) echo $list[$i]['icon_secret'];
?>
|
diff --git a/skin/board/neo/write.skin.php b/skin/board/neo/write.skin.php
index 08a5b60b7..80242473e 100644
--- a/skin/board/neo/write.skin.php
+++ b/skin/board/neo/write.skin.php
@@ -8,8 +8,7 @@ var char_min = parseInt(); // 최소
var char_max = parseInt(); // 최대
-