From 57abd4ac0f9ad8e0eca972d0eb9f6dc9e4ff0493 Mon Sep 17 00:00:00 2001 From: gnuboard Date: Wed, 26 Dec 2012 17:45:48 +0900 Subject: [PATCH] =?UTF-8?q?notice=20=EC=98=A4=EB=A5=98=20=ED=95=B4?= =?UTF-8?q?=EA=B2=B0=EC=A4=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/board.php | 10 +- bbs/board_tail.php | 15 ++- bbs/write.php | 246 ++++++++++++++++++---------------- common.php | 26 +++- head.sub.php | 3 +- index.php | 2 +- js/wrest.js | 51 ++++--- skin/board/neo/list.skin.php | 10 +- skin/board/neo/write.skin.php | 12 +- tail.sub.php | 17 +-- 10 files changed, 205 insertions(+), 187 deletions(-) diff --git a/bbs/board.php b/bbs/board.php index 1cea54ef4..7c60a5255 100644 --- a/bbs/board.php +++ b/bbs/board.php @@ -1,8 +1,6 @@ '; +if ($board['bo_image_tail']) { + echo ''; +} // 게시판 관리의 하단 파일 경로 -if ($board[bo_include_tail]) - @include ($board[bo_include_tail]); +if ($board['bo_include_tail']) { + @include ($board['bo_include_tail']); +} ?> \ No newline at end of file diff --git a/bbs/write.php b/bbs/write.php index dc4c489c0..3262671fd 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -1,62 +1,67 @@ 0) ? $member[mb_point] : 0; - if ($tmp_point + $board[bo_write_point] < 0 && !$is_admin) - alert('보유하신 포인트('.number_format($member[mb_point]).')가 없거나 모자라서 글쓰기('.number_format($board[bo_write_point]).')가 불가합니다.'.PHP_EOL.PHP_EOL.'포인트를 적립하신 후 다시 글쓰기 해 주십시오.'); + if ($is_member) { + $tmp_point = ($member['mb_point'] > 0) ? $member['mb_point'] : 0; + if ($tmp_point + $board['bo_write_point'] < 0 && !$is_admin) { + alert('보유하신 포인트('.number_format($member['mb_point']).')가 없거나 모자라서 글쓰기('.number_format($board['bo_write_point']).')가 불가합니다.'.PHP_EOL.PHP_EOL.'포인트를 적립하신 후 다시 글쓰기 해 주십시오.'); + } + } $title_msg = '글쓰기'; -} -else if ($w == 'u') -{ +} else if ($w == 'u') { // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 //if ($member[mb_level] < $board[bo_write_level]) { - if($member['mb_id'] && $write['mb_id'] == $member['mb_id']) + if($member['mb_id'] && $write['mb_id'] == $member['mb_id']) { ; - else if ($member[mb_level] < $board[bo_write_level]) { - if ($member[mb_id]) + } else if ($member['mb_level'] < $board['bo_write_level']) { + if ($member['mb_id']) { alert('글을 수정할 권한이 없습니다.'); - else + } else { alert('글을 수정할 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&url='.urlencode($_SERVER[PHP_SELF].'?bo_table='.$bo_table)); + } } $len = strlen($write[wr_reply]); @@ -83,9 +88,7 @@ else if ($w == 'u') alert('이 글과 관련된 코멘트가 존재하므로 수정 할 수 없습니다.'.PHP_EOL.PHP_EOL.'코멘트가 '.$board[bo_count_modify].'건 이상 달린 원글은 수정할 수 없습니다.'); $title_msg = '글수정'; -} -else if ($w == 'r') -{ +} else if ($w == 'r') { if ($member[mb_level] < $board[bo_reply_level]) { if ($member[mb_id]) alert('글을 답변할 권한이 없습니다.'); @@ -158,84 +161,70 @@ else if ($w == 'r') $reply = $reply_array[wr_reply] . $reply_char; $title_msg = '글답변'; -} else - alert('w 값이 제대로 넘어오지 않았습니다.'); - +} // 그룹접근 가능 -if ($group[gr_use_access]) -{ - if (!$member[mb_id]) - alert('접근 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&url='.urlencode($_SERVER[PHP_SELF].'?bo_table='.$bo_table)); +if ($group['gr_use_access']) { + if ($is_guest) { + alert('접근 권한이 없습니다.'.PHP_EOL.PHP_EOL.'회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table)); + } - if ($is_admin == 'super' || $group[gr_admin] == $member[mb_id] || $board[bo_admin] == $member[mb_id]) + if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) { ; // 통과 - else { + } else { // 그룹접근 $sql = " select gr_id from {$g4[group_member_table]} where gr_id = '{$board[gr_id]}' and mb_id = '{$member[mb_id]}' "; $row = sql_fetch($sql); - if (!$row[gr_id]) + if (!$row['gr_id']) alert('접근 권한이 없으므로 글쓰기가 불가합니다.'.PHP_EOL.PHP_EOL.'궁금하신 사항은 관리자에게 문의 바랍니다.'); } } -$g4['title'] = $title_msg.' > '.$board[bo_subject]; - -if (($w == 'u' || $w == 'r') && !$write[wr_id]) - alert('글이 존재하지 않습니다.'.PHP_EOL.PHP_EOL.'삭제되었거나 이동된 경우입니다.', $g4['path']); +$g4['title'] = $title_msg.' > '.$board['bo_subject']; $is_notice = false; -if ($is_admin && $w != 'r') -{ +$notice_checked = ''; +if ($is_admin && $w != 'r') { $is_notice = true; - if ($w == 'u') - { + if ($w == 'u') { // 답변 수정시 공지 체크 없음 - if ($write[wr_reply]) + if ($write['wr_reply']) { $is_notice = false; - else - { - $notice_checked = ''; - //if (preg_match("/^".$wr_id."/m", trim($board[bo_notice]))) - //if (preg_match("/[^0-9]{0,1}{$wr_id}[\r]{0,1}/",$board[bo_notice])) - if (in_array((int)$wr_id, $notice_array)) + } else { + if (in_array((int)$wr_id, $notice_array)) { $notice_checked = 'checked'; + } } } } $is_html = false; -if ($member[mb_level] >= $board[bo_html_level]) +if ($member['mb_level'] >= $board['bo_html_level']) $is_html = true; -/* -// 에서 무조건 비밀글 사용으로 인한 코드 수정 : 061021 -$is_secret = false; -if ($board[bo_use_secret]) - $is_secret = true; -*/ -$is_secret = $board[bo_use_secret]; +$is_secret = $board['bo_use_secret']; // DHTML 에디터 사용 선택 가능하게 수정 : 061021 //$is_dhtml_editor = $board[bo_use_dhtml_editor]; // 090713 -if ($board[bo_use_dhtml_editor] && $member[mb_level] >= $board[bo_html_level]) +if ($board['bo_use_dhtml_editor'] && $member['mb_level'] >= $board['bo_html_level']) $is_dhtml_editor = true; else $is_dhtml_editor = false; $is_mail = false; -if ($config[cf_email_use] && $board[bo_use_email]) +if ($config['cf_email_use'] && $board['bo_use_email']) $is_mail = true; $recv_email_checked = ''; -if ($w == '' || strstr($write[wr_option], 'mail')) +if ($w == '' || strstr($write['wr_option'], 'mail')) $recv_email_checked = 'checked'; -$is_name = false; +$is_name = false; $is_password = false; -$is_email = false; -if (!$member[mb_id] || ($is_admin && $w == 'u' && $member[mb_id] != $write[mb_id])) { +$is_email = false; +$is_homepage = false; +if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] != $write['mb_id'])) { $is_name = true; $is_password = true; $is_email = true; @@ -243,117 +232,135 @@ if (!$member[mb_id] || ($is_admin && $w == 'u' && $member[mb_id] != $write[mb_id } $is_category = false; -if ($board[bo_use_category]) { - $ca_name = $write[ca_name]; +if ($board['bo_use_category']) { + $ca_name = ""; + if (isset($write['ca_name'])) + $ca_name = $write['ca_name']; $category_option = get_category_option($bo_table); $is_category = true; } $is_link = false; -if ($member[mb_level] >= $board[bo_link_level]) +if ($member['mb_level'] >= $board['bo_link_level']) { $is_link = true; +} $is_file = false; -if ($member[mb_level] >= $board[bo_upload_level]) +if ($member['mb_level'] >= $board['bo_upload_level']) { $is_file = true; +} $is_file_content = false; -if ($board[bo_use_file_content]) +if ($board['bo_use_file_content']) { $is_file_content = true; +} // 트랙백 $is_trackback = false; -if ($board[bo_use_trackback] && $member[mb_level] >= $board[bo_trackback_level]) +if ($board['bo_use_trackback'] && $member['mb_level'] >= $board['bo_trackback_level']) { $is_trackback = true; +} -if ($w == '' || $w == 'r') { - if ($member[mb_id]) { - $name = get_text(cut_str($write[wr_name],20)); - $email = $member[mb_email]; - $homepage = get_text($member[mb_homepage]); +$name = ""; +$email = ""; +$homepage = ""; +if ($w == "" || $w == "r") { + if ($is_member) { + if (isset($write['wr_name'])) { + $name = get_text(cut_str($write['wr_name'],20)); + } + $email = $member['mb_email']; + $homepage = get_text($member['mb_homepage']); } } -if ($w == '') +$html_checked = ""; +$html_value = ""; +$secret_checked = ""; +$trackback = ""; + +if ($w == '') { $password_required = 'required'; -else if ($w == 'u') { +} else if ($w == 'u') { $password_required = ''; if (!$is_admin) { - if (!($member[mb_id] && $member[mb_id] == $write[mb_id])) - if (sql_password($wr_password) != $write[wr_password]) + if (!($is_member && $member['mb_id'] == $write['mb_id'])) { + if (sql_password($wr_password) != $write['wr_password']) { alert('패스워드가 틀립니다.'); + } + } } - $name = get_text(cut_str($write[wr_name],20)); - $email = $write[wr_email]; - $homepage = get_text($write[wr_homepage]); + $name = get_text(cut_str($write['wr_name'],20)); + $email = $write['wr_email']; + $homepage = get_text($write['wr_homepage']); - for ($i=1; $i<=$g4[link_count]; $i++) { + for ($i=1; $i<=$g4['link_count']; $i++) { $write['wr_link'.$i] = get_text($write['wr_link'.$i]); $link[$i] = $write['wr_link'.$i]; } - $trackback = $write[wr_trackback]; + $trackback = $write['wr_trackback']; - if (strstr($write[wr_option], 'html1')) { + if (strstr($write['wr_option'], 'html1')) { $html_checked = 'checked'; $html_value = 'html1'; - } else if (strstr($write[wr_option], 'html2')) { + } else if (strstr($write['wr_option'], 'html2')) { $html_checked = 'checked'; $html_value = 'html2'; - } else - $html_value = ''; + } - if (strstr($write[wr_option], 'secret')) + if (strstr($write['wr_option'], 'secret')) { $secret_checked = 'checked'; + } $file = get_file($bo_table, $wr_id); } else if ($w == 'r') { - if (strstr($write[wr_option], 'secret')) { + if (strstr($write['wr_option'], 'secret')) { $is_secret = true; $secret_checked = 'checked'; } $password_required = "required"; - for ($i=1; $i<=$g4[link_count]; $i++) { + for ($i=1; $i<=$g4['link_count']; $i++) { $write['wr_link'.$i] = get_text($write['wr_link'.$i]); } } -$subject = preg_replace("/\"/", """, get_text(cut_str($write[wr_subject], 255), 0)); -if ($w == '') - $content = $board[bo_insert_content]; -else if ($w == 'r') { - //if (!$write[wr_html]) { - if (!strstr($write[wr_option], 'html')) { +$subject = ""; +if (isset($write['wr_subject'])) { + $subject = preg_replace("/\"/", """, get_text(cut_str($write['wr_subject'], 255), 0)); +} + +if ($w == '') { + $content = $board['bo_insert_content']; +} else if ($w == 'r') { + if (!strstr($write['wr_option'], 'html')) { $content = PHP_EOL.PHP_EOL.PHP_EOL.' > ' - //. "\n> $write[wr_datetime], \"$write[wr_name]\"님이 쓰신 글입니다. ↓" .PHP_EOL.' > ' - .PHP_EOL.' > '.preg_replace("/\n/", "\n> ", get_text($write[wr_content], 0)) + .PHP_EOL.' > '.preg_replace("/\n/", "\n> ", get_text($write['wr_content'], 0)) .PHP_EOL.' > ' .PHP_EOL.' > '; } -} else - $content = get_text($write[wr_content], 0); +} else { + $content = get_text($write['wr_content'], 0); +} -$upload_max_filesize = number_format($board[bo_upload_size]) . ' 바이트'; +$upload_max_filesize = number_format($board['bo_upload_size']) . ' 바이트'; -$width = $board[bo_table_width]; +$width = $board['bo_table_width']; if ($width <= 100) $width .= '%'; // 글자수 제한 설정값 -if ($is_admin) -{ +if ($is_admin) { $write_min = $write_max = 0; -} -else -{ - $write_min = (int)$board[bo_write_min]; - $write_max = (int)$board[bo_write_max]; +} else { + $write_min = (int)$board['bo_write_min']; + $write_max = (int)$board['bo_write_max']; } include_once($g4['path'].'/head.sub.php'); @@ -396,8 +403,9 @@ if ($file_length < 0) include_once ($board_skin_path.'/write.skin.php'); -if (!$member[mb_id]) +if ($is_guest) { echo ''.PHP_EOL; +} // 필터 //echo ''.PHP_EOL; diff --git a/common.php b/common.php index 6326a1164..bcc721169 100644 --- a/common.php +++ b/common.php @@ -363,29 +363,43 @@ if (isset($sop)) { // search operator (검색 or, and 오퍼레이터) if (isset($spt)) { // search part (검색 파트[구간]) $spt = (int)$spt; $qstr .= '&spt=' . urlencode($spt); +} else { + $spt = ""; } if (isset($page)) { // 리스트 페이지 $page = (int)$page; $qstr .= '&page=' . urlencode($page); +} else { + $page = ""; +} + +if (isset($w)) { + $w = substr($w, 0, 2); +} else { + $w = ""; } if (isset($wr_id)) { $wr_id = (int)$wr_id; +} else { + $wr_id = 0; } if (isset($bo_table)) { - $bo_table = preg_match("/^[a-zA-Z0-9_]+$/", $bo_table) ? $bo_table : ''; + $bo_table = substr($bo_table, 0, 20); + $bo_table = mysql_real_escape_string($bo_table); +} else { + $bo_table = ""; } // URL ENCODING if (isset($url)) { + $url = mysql_real_escape_string($url); $urlencode = urlencode($url); -} -else { - // 2008.01.25 Cross Site Scripting 때문에 수정 - //$urlencode = $_SERVER['REQUEST_URI']; - $urlencode = urlencode($_SERVER['REQUEST_URI']); +} else { + $url = ""; + $urlencode = urlencode(mysql_real_escape_string($_SERVER['REQUEST_URI'])); } //=================================== diff --git a/head.sub.php b/head.sub.php index 622de5b26..0ad7e660b 100644 --- a/head.sub.php +++ b/head.sub.php @@ -1,4 +1,4 @@ - + diff --git a/index.php b/index.php index 37f77acdb..070a25d2c 100644 --- a/index.php +++ b/index.php @@ -1,4 +1,4 @@ -'; } - echo $list[$i]['icon_new']; - echo $list[$i]['icon_file']; - echo $list[$i]['icon_link']; - echo $list[$i]['icon_hot']; - echo $list[$i]['icon_secret']; + if (isset($list[$i]['icon_new'])) echo $list[$i]['icon_new']; + if (isset($list[$i]['icon_file'])) echo $list[$i]['icon_file']; + if (isset($list[$i]['icon_link'])) echo $list[$i]['icon_link']; + if (isset($list[$i]['icon_hot'])) echo $list[$i]['icon_hot']; + if (isset($list[$i]['icon_secret'])) echo $list[$i]['icon_secret']; ?>
diff --git a/skin/board/neo/write.skin.php b/skin/board/neo/write.skin.php index 08a5b60b7..80242473e 100644 --- a/skin/board/neo/write.skin.php +++ b/skin/board/neo/write.skin.php @@ -8,8 +8,7 @@ var char_min = parseInt(); // 최소 var char_max = parseInt(); // 최대 -
- + @@ -27,7 +26,7 @@ var char_max = parseInt(); // 최대 - + @@ -120,7 +119,7 @@ if ($option) { - "> + "> @@ -246,8 +245,9 @@ with (document.fwrite) wr_content.focus(); if (typeof(ca_name) != "undefined") - if (w.value == "u") - ca_name.value = ""; + if (w.value == "u") { + ca_name.value = ""; + } } function html_auto_br(obj) diff --git a/tail.sub.php b/tail.sub.php index 11235e007..299c7d2f5 100644 --- a/tail.sub.php +++ b/tail.sub.php @@ -1,4 +1,6 @@ - + @@ -7,23 +9,14 @@ 0) sql_query(" OPTIMIZE TABLE $g4[login_table] "); } -//sql_query(" unlock tables ", false); ?> \ No newline at end of file