php8.0 버전 호환 코드 적용 및 PHP 끝 태그 삭제 일괄적용

2021-01-04 15:33:29 +09:00
parent 10d377de7d
commit 582d1a01f4
852 changed files with 120617 additions and 6307 deletions
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@ -4,28 +4,42 @@ include_once('./_common.php');

 check_demo();

-if (!count($_POST['chk'])) {
-    alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
+$post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
+$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
+$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
+
+if (! $post_count_chk) {
+    alert($act_button." 하실 항목을 하나 이상 체크하세요.");
 }

 check_admin_token();

-$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
-$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
-$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
+if ($act_button === "선택수정") {

-if ($_POST['act_button'] == "선택수정") {
+    auth_check_menu($auth, $sub_menu, 'w');

-    auth_check($auth[$sub_menu], 'w');
-
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$post_count_chk; $i++) {

        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+
+        $post_gr_id = isset($_POST['gr_id'][$k]) ? clean_xss_tags($_POST['gr_id'][$k], 1, 1) : '';
+        $post_bo_device = isset($_POST['bo_device'][$k]) ? clean_xss_tags($_POST['bo_device'][$k], 1, 1) : '';
+        $post_bo_skin = isset($_POST['bo_skin'][$k]) ? clean_xss_tags($_POST['bo_skin'][$k], 1, 1) : '';
+        $post_bo_mobile_skin = isset($_POST['bo_mobile_skin'][$k]) ? clean_xss_tags($_POST['bo_mobile_skin'][$k], 1, 1) : '';
+        $post_bo_read_point = isset($_POST['bo_read_point'][$k]) ? clean_xss_tags($_POST['bo_read_point'][$k], 1, 1) : '';
+        $post_bo_write_point = isset($_POST['bo_write_point'][$k]) ? clean_xss_tags($_POST['bo_write_point'][$k], 1, 1) : '';
+        $post_bo_comment_point = isset($_POST['bo_comment_point'][$k]) ? clean_xss_tags($_POST['bo_comment_point'][$k], 1, 1) : '';
+        $post_bo_download_point = isset($_POST['bo_download_point'][$k]) ? clean_xss_tags($_POST['bo_download_point'][$k], 1, 1) : '';
+        $post_bo_use_search = isset($_POST['bo_use_search'][$k]) ? clean_xss_tags($_POST['bo_use_search'][$k], 1, 1) : '';
+        $post_bo_use_sns = isset($_POST['bo_use_sns'][$k]) ? clean_xss_tags($_POST['bo_use_sns'][$k], 1, 1) : '';
+        $post_bo_order = isset($_POST['bo_order'][$k]) ? clean_xss_tags($_POST['bo_order'][$k], 1, 1) : '';
+        $post_board_table = isset($_POST['board_table'][$k]) ? clean_xss_tags($_POST['board_table'][$k], 1, 1) : '';

        if ($is_admin != 'super') {
            $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b
-                      where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."'
+                      where a.gr_id = '".sql_real_escape_string($post_gr_id)."'
                        and a.gr_id = b.gr_id
                        and b.gr_admin = '{$member['mb_id']}' ";
            $row = sql_fetch($sql);
@ -36,39 +50,39 @@ if ($_POST['act_button'] == "선택수정") {
        $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';

        $sql = " update {$g5['board_table']}
-                    set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
+                    set gr_id               = '".sql_real_escape_string($post_gr_id)."',
                        bo_subject          = '".$p_bo_subject."',
-                        bo_device           = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
-                        bo_skin             = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
-                        bo_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
-                        bo_read_point       = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
-                        bo_write_point      = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
-                        bo_comment_point    = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
-                        bo_download_point   = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
-                        bo_use_search       = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
-                        bo_use_sns          = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
-                        bo_order            = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
-                  where bo_table            = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
+                        bo_device           = '".sql_real_escape_string($post_bo_device)."',
+                        bo_skin             = '".sql_real_escape_string($post_bo_skin)."',
+                        bo_mobile_skin      = '".sql_real_escape_string($post_bo_mobile_skin)."',
+                        bo_read_point       = '".sql_real_escape_string($post_bo_read_point)."',
+                        bo_write_point      = '".sql_real_escape_string($post_bo_write_point)."',
+                        bo_comment_point    = '".sql_real_escape_string($post_bo_comment_point)."',
+                        bo_download_point   = '".sql_real_escape_string($post_bo_download_point)."',
+                        bo_use_search       = '".sql_real_escape_string($post_bo_use_search)."',
+                        bo_use_sns          = '".sql_real_escape_string($post_bo_use_sns)."',
+                        bo_order            = '".sql_real_escape_string($post_bo_order)."'
+                  where bo_table            = '".sql_real_escape_string($post_board_table)."' ";

        sql_query($sql);
    }

-} else if ($_POST['act_button'] == "선택삭제") {
+} else if ($act_button === "선택삭제") {

    if ($is_admin != 'super')
        alert('게시판 삭제는 최고관리자만 가능합니다.');

-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');

    // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함
    define('_BOARD_DELETE_', true);

-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$post_count_chk; $i++) {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;

        // include 전에 $bo_table 값을 반드시 넘겨야 함
-        $tmp_bo_table = trim($_POST['board_table'][$k]);
+        $tmp_bo_table = isset($_POST['board_table'][$k]) ? trim(clean_xss_tags($_POST['board_table'][$k], 1, 1)) : '';

        if( preg_match("/^[A-Za-z0-9_]+$/", $tmp_bo_table) ){
            include ('./board_delete.inc.php');
@ -80,5 +94,4 @@ if ($_POST['act_button'] == "선택수정") {

 run_event('admin_board_list_update', $act_button, $chk, $board_table, $qstr);

-goto_url('./board_list.php?'.$qstr);
-?>
+goto_url('./board_list.php?'.$qstr);