firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

php8.0 버전 호환 코드 적용 및 PHP 끝 태그 삭제 일괄적용

Browse Source
This commit is contained in:
thisgun
2021-01-04 15:33:29 +09:00
parent 10d377de7d
commit 582d1a01f4
852 changed files with 120617 additions and 6307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bbs/_common.php
View File

@ -1,3 +1,2 @@
<?php
include_once('../common.php');
?>
include_once('../common.php');

3
bbs/_head.php
View File

@ -1,4 +1,3 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/_head.php');
?>
include_once(G5_PATH.'/_head.php');

3
bbs/_head.sub.php
View File

@ -1,4 +1,3 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/head.sub.php');
?>
include_once(G5_PATH.'/head.sub.php');

3
bbs/_tail.php
View File

@ -1,4 +1,3 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/_tail.php');
?>
include_once(G5_PATH.'/_tail.php');

3
bbs/_tail.sub.php
View File

@ -1,4 +1,3 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

9
bbs/ajax.autosave.php
View File

@ -3,9 +3,9 @@ include_once('./_common.php');
if (!$is_member) die('0');
$uid = trim($_REQUEST['uid']);
$subject = trim($_REQUEST['subject']);
$content = trim($_REQUEST['content']);
$uid = isset($_REQUEST['uid']) ? preg_replace('/[^0-9]/', '', $_REQUEST['uid']) : 0;
$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$content = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : '';
if ($subject && $content) {
$sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";
@ -16,5 +16,4 @@ if ($subject && $content) {
echo autosave_count($member['mb_id']);
}
}
?>
}

5
bbs/ajax.autosavedel.php
View File

@ -3,7 +3,7 @@ include_once("./_common.php");
if (!$is_member) die("0");
$as_id = (int)$_REQUEST['as_id'];
$as_id = isset($_REQUEST['as_id']) ? (int)$_REQUEST['as_id'] : 0;
$sql = " delete from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_id = {$as_id} ";
$result = sql_query($sql);
@ -11,5 +11,4 @@ if (!$result) {
echo "-1";
}
echo autosave_count($member['mb_id']);
?>
echo autosave_count($member['mb_id']);

3
bbs/ajax.autosavelist.php
View File

@ -17,5 +17,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
echo "<datetime>{$datetime}</datetime>\n";
echo "</item>\n";
}
echo "</list>";
?>
echo "</list>";

5
bbs/ajax.autosaveload.php
View File

@ -3,7 +3,7 @@ include_once('./_common.php');
if (!$is_member) die('');
$as_id = (int)$_REQUEST['as_id'];
$as_id = isset($_REQUEST['as_id']) ? (int) $_REQUEST['as_id'] : 0;
$sql = " select as_subject, as_content from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_id = {$as_id} ";
$row = sql_fetch($sql);
@ -14,5 +14,4 @@ echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<item>\n";
echo "<subject><![CDATA[{$subject}]]></subject>\n";
echo "<content><![CDATA[{$content}]]></content>\n";
echo "</item>\n";
?>
echo "</item>\n";

3
bbs/ajax.comment_token.php
View File

@ -10,5 +10,4 @@ $token = _token();
set_session($ss_name, $token);
die(json_encode(array('token'=>$token)));
?>
die(json_encode(array('token'=>$token)));

7
bbs/ajax.filter.php
View File

@ -1,8 +1,8 @@
<?php
include_once('./_common.php');
$subject = strip_tags($_POST['subject']);
$content = strip_tags($_POST['content']);
$subject = isset($_POST['subject']) ? strip_tags($_POST['subject']) : '';
$content = isset($_POST['content']) ? strip_tags($_POST['content']) : '';
//$filter = explode(",", strtolower(trim($config['cf_filter'])));
// strtolower 에 의한 한글 변형으로 아래 코드로 대체 (곱슬최씨님이 알려 주셨습니다.)
@ -27,5 +27,4 @@ for ($i=0; $i<count($filter); $i++) {
}
}
die("{\"subject\":\"$subj\",\"content\":\"$cont\"}");
?>
die("{\"subject\":\"$subj\",\"content\":\"$cont\"}");

7
bbs/ajax.mb_email.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_email = trim($_POST['reg_mb_email']);
$mb_id = trim($_POST['reg_mb_id']);
$mb_email = isset($_POST['reg_mb_email']) ? trim($_POST['reg_mb_email']) : '';
$mb_id = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
set_session('ss_check_mb_email', '');
@ -12,5 +12,4 @@ if ($msg = valid_mb_email($mb_email)) die($msg);
if ($msg = prohibit_mb_email($mb_email)) die($msg);
if ($msg = exist_mb_email($mb_email, $mb_id)) die($msg);
set_session('ss_check_mb_email', $mb_email);
?>
set_session('ss_check_mb_email', $mb_email);

7
bbs/ajax.mb_hp.php
View File

@ -2,9 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_hp = trim($_POST['reg_mb_hp']);
$mb_id = trim($_POST['reg_mb_id']);
$mb_hp = isset($_POST['reg_mb_hp']) ? trim($_POST['reg_mb_hp']) : '';
$mb_id = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
if ($msg = valid_mb_hp($mb_hp)) die($msg);
//if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg);
?>
//if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg);

5
bbs/ajax.mb_id.php
View File

@ -2,7 +2,7 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_id = trim($_POST['reg_mb_id']);
$mb_id = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
set_session('ss_check_mb_id', '');
@ -12,5 +12,4 @@ if ($msg = count_mb_id($mb_id)) die($msg);
if ($msg = exist_mb_id($mb_id)) die($msg);
if ($msg = reserve_mb_id($mb_id)) die($msg);
set_session('ss_check_mb_id', $mb_id);
?>
set_session('ss_check_mb_id', $mb_id);

7
bbs/ajax.mb_nick.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_nick = trim($_POST['reg_mb_nick']);
$mb_id = trim($_POST['reg_mb_id']);
$mb_nick = isset($_POST['reg_mb_nick']) ? trim($_POST['reg_mb_nick']) : '';
$mb_id = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
set_session('ss_check_mb_nick', '');
@ -13,5 +13,4 @@ if ($msg = count_mb_nick($mb_nick)) die($msg);
if ($msg = exist_mb_nick($mb_nick, $mb_id)) die($msg);
if ($msg = reserve_mb_nick($mb_nick)) die($msg);
set_session('ss_check_mb_nick', $mb_nick);
?>
set_session('ss_check_mb_nick', $mb_nick);

5
bbs/ajax.mb_recommend.php
View File

@ -2,12 +2,11 @@
include_once("./_common.php");
include_once(G5_LIB_PATH."/register.lib.php");
$mb_recommend = trim($_POST["reg_mb_recommend"]);
$mb_recommend = isset($_POST["reg_mb_recommend"]) ? trim($_POST["reg_mb_recommend"]) : '';
if ($msg = valid_mb_id($mb_recommend)) {
die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요.");
}
if (!($msg = exist_mb_id($mb_recommend))) {
die("입력하신 추천인은 존재하지 않는 아이디 입니다.");
}
?>
}

7
bbs/alert.php
View File

@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg = isset($msg) ? strip_tags($msg) : '';
$msg2 = str_replace("\\n", "<br>", $msg);
$url = clean_xss_tags($url, 1);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
$url = isset($url) ? clean_xss_tags($url, 1) : '';
if (!$url) $url = isset($_SERVER['HTTP_REFERER']) ? clean_xss_tags($_SERVER['HTTP_REFERER'], 1) : '';
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
$url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
@ -113,5 +113,4 @@ history.back();
</noscript>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/alert_close.php
View File

@ -59,5 +59,4 @@ window.close();
</noscript>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/board.php
View File

@ -176,6 +176,8 @@ if ((isset($wr_id) && $wr_id) || (isset($wr_seo_title) && $wr_seo_title)) {
$g5['title'] = $g5['board_title'].' '.$page.' 페이지';
}
$is_auth = $is_admin ? true : false;
include_once(G5_PATH.'/head.sub.php');
$width = $board['bo_table_width'];
@ -240,5 +242,4 @@ include_once(G5_BBS_PATH.'/board_tail.php');
echo "\n<!-- 사용스킨 : ".(G5_IS_MOBILE ? $board['bo_mobile_skin'] : $board['bo_skin'])." -->\n";
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/board_head.php
View File

@ -13,5 +13,4 @@ if (G5_IS_MOBILE) {
include_once(G5_BBS_PATH.'/_head.php');
}
echo html_purifier(stripslashes($board['bo_content_head']));
}
?>
}

14
bbs/board_list_update.php
View File

@ -1,21 +1,21 @@
<?php
include_once('./_common.php');
$count = count($_POST['chk_wr_id']);
$count = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? count($_POST['chk_wr_id']) : 0;
$post_btn_submit = isset($_POST['btn_submit']) ? clean_xss_tags($_POST['btn_submit'], 1, 1) : '';
if(!$count) {
alert($_POST['btn_submit'].' 하실 항목을 하나 이상 선택하세요.');
alert(addcslashes($post_btn_submit, '"\\/').' 하실 항목을 하나 이상 선택하세요.');
}
if($_POST['btn_submit'] == '선택삭제') {
if($post_btn_submit === '선택삭제') {
include './delete_all.php';
} else if($_POST['btn_submit'] == '선택복사') {
} else if($post_btn_submit === '선택복사') {
$sw = 'copy';
include './move.php';
} else if($_POST['btn_submit'] == '선택이동') {
} else if($post_btn_submit === '선택이동') {
$sw = 'move';
include './move.php';
} else {
alert('올바른 방법으로 이용해 주세요.');
}
?>
}

3
bbs/board_tail.php
View File

@ -13,5 +13,4 @@ if (G5_IS_MOBILE) {
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴
include_once(G5_BBS_PATH.'/_tail.php');
}
}
?>
}

12
bbs/confirm.php
View File

@ -5,13 +5,16 @@ include_once(G5_PATH.'/head.sub.php');
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
$url1 = isset($url1) ? preg_replace($pattern1, "", clean_xss_tags($url1, 1)) : '';
$url1 = preg_replace($pattern2, "", $url1);
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
$url2 = isset($url2) ? preg_replace($pattern1, "", clean_xss_tags($url2, 1)) : '';
$url2 = preg_replace($pattern2, "", $url2);
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
$url3 = isset($url3) ? preg_replace($pattern1, "", clean_xss_tags($url3, 1)) : '';
$url3 = preg_replace($pattern2, "", $url3);
$msg = isset($msg) ? $msg : '';
$header = isset($header) ? $msg : '';
// url 체크
check_url_host($url1);
check_url_host($url2);
@ -46,5 +49,4 @@ if (confirm(conf)) {
</noscript>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

59
bbs/content.php
View File

@ -1,7 +1,7 @@
<?php
include_once('./_common.php');
$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
$co_id = isset($_GET['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_GET['co_id']) : 0;
//dbconfig파일에 $g5['content_table'] 배열변수가 있는지 체크
if( !isset($g5['content_table']) ){
@ -40,35 +40,35 @@ $co['co_tag_filter_use'] = 1;
$str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']);
// $src 를 $dst 로 변환
unset($src);
unset($dst);
$src = $dst = array();
$src[] = "/{{쇼핑몰명}}|{{홈페이지제목}}/";
$dst[] = $config['cf_title'];
$src[] = "/{{회사명}}|{{상호}}/";
$dst[] = $default['de_admin_company_name'];
$src[] = "/{{대표자명}}/";
$dst[] = $default['de_admin_company_owner'];
$src[] = "/{{사업자등록번호}}/";
$dst[] = $default['de_admin_company_saupja_no'];
$src[] = "/{{대표전화번호}}/";
$dst[] = $default['de_admin_company_tel'];
$src[] = "/{{팩스번호}}/";
$dst[] = $default['de_admin_company_fax'];
$src[] = "/{{통신판매업신고번호}}/";
$dst[] = $default['de_admin_company_tongsin_no'];
$src[] = "/{{사업장우편번호}}/";
$dst[] = $default['de_admin_company_zip'];
$src[] = "/{{사업장주소}}/";
$dst[] = $default['de_admin_company_addr'];
$src[] = "/{{운영자명}}|{{관리자명}}/";
$dst[] = $default['de_admin_name'];
$src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
$dst[] = $default['de_admin_email'];
$src[] = "/{{정보관리책임자명}}/";
$dst[] = $default['de_admin_info_name'];
$src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
$dst[] = $default['de_admin_info_email'];
if(isset($default) && isset($default['de_admin_company_name'])){
$src[] = "/{{회사명}}|{{상호}}/";
$dst[] = $default['de_admin_company_name'];
$src[] = "/{{대표자명}}/";
$dst[] = $default['de_admin_company_owner'];
$src[] = "/{{사업자등록번호}}/";
$dst[] = $default['de_admin_company_saupja_no'];
$src[] = "/{{대표전화번호}}/";
$dst[] = $default['de_admin_company_tel'];
$src[] = "/{{팩스번호}}/";
$dst[] = $default['de_admin_company_fax'];
$src[] = "/{{통신판매업신고번호}}/";
$dst[] = $default['de_admin_company_tongsin_no'];
$src[] = "/{{사업장우편번호}}/";
$dst[] = $default['de_admin_company_zip'];
$src[] = "/{{사업장주소}}/";
$dst[] = $default['de_admin_company_addr'];
$src[] = "/{{운영자명}}|{{관리자명}}/";
$dst[] = $default['de_admin_name'];
$src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
$dst[] = $default['de_admin_email'];
$src[] = "/{{정보관리책임자명}}/";
$dst[] = $default['de_admin_info_name'];
$src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
$dst[] = $default['de_admin_info_email'];
}
$str = preg_replace($src, $dst, $str);
// 스킨경로
@ -101,5 +101,4 @@ if(is_file($skin_file)) {
if ($co['co_include_tail'] && is_include_path_check($co['co_include_tail']))
@include_once($co['co_include_tail']);
else
include_once('./_tail.php');
?>
include_once('./_tail.php');

3
bbs/current_connect.php
View File

@ -29,5 +29,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
include_once($connect_skin_path.'/current_connect.skin.php');
include_once('./_tail.php');
?>
include_once('./_tail.php');

3
bbs/db_table.optimize.php
View File

@ -65,5 +65,4 @@ if($captcha_mp3 && is_array($captcha_mp3)) {
// 실행일 기록
if(isset($config['cf_optimize_date'])) {
sql_query(" update {$g5['config_table']} set cf_optimize_date = '".G5_TIME_YMD."' ");
}
?>
}

3
bbs/delete.php
View File

@ -140,5 +140,4 @@ delete_cache_latest($bo_table);
run_event('bbs_delete', $write, $board);
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
?>
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));

5
bbs/delete_all.php
View File

@ -14,7 +14,7 @@ $tmp_array = array();
if ($wr_id) // 건별삭제
$tmp_array[0] = $wr_id;
else // 일괄삭제
$tmp_array = $_POST['chk_wr_id'];
$tmp_array = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? $_POST['chk_wr_id'] : array();
$chk_count = count($tmp_array);
@ -161,5 +161,4 @@ delete_cache_latest($bo_table);
run_event('bbs_delete_all', $tmp_array, $board);
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
?>
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));

5
bbs/delete_comment.php
View File

@ -2,7 +2,7 @@
// 코멘트 삭제
include_once('./_common.php');
$comment_id = (int) $comment_id;
$comment_id = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0;
$delete_comment_token = get_session('ss_delete_comment_'.$comment_id.'_token');
set_session('ss_delete_comment_'.$comment_id.'_token', '');
@ -88,5 +88,4 @@ delete_cache_latest($bo_table);
run_event('bbs_delete_comment', $comment_id, $board);
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr));
?>
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr));

7
bbs/download.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
// clean the output buffer
ob_end_clean();
$no = (int)$no;
$no = isset($_REQUEST['no']) ? (int) $_REQUEST['no'] : 0;
@include_once($board_skin_path.'/download.head.skin.php');
@ -26,7 +26,7 @@ if (!$file['bf_file'])
if($js != 'on' && $board['bo_download_point'] < 0) {
$msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
$url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';
$url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);
$url2 = isset($_SERVER['HTTP_REFERER']) ? clean_xss_tags($_SERVER['HTTP_REFERER']) : '';
if( $url2 && stripos($url2, $_SERVER['REQUEST_URI']) !== false ){
$url2 = G5_BBS_URL.'/board.php?'.clean_query_string($_SERVER['QUERY_STRING'], false);
@ -150,5 +150,4 @@ while(!feof($fp)) {
usleep(1000);
}
fclose ($fp);
flush();
?>
flush();

7
bbs/email_certify.php
View File

@ -4,8 +4,8 @@ include_once('./_common.php');
// 봇의 메일 링크 크롤링을 방지합니다.
if(function_exists('check_mail_bot')){ check_mail_bot($_SERVER['REMOTE_ADDR']); }
$mb_id = trim($_GET['mb_id']);
$mb_md5 = trim($_GET['mb_md5']);
$mb_id = isset($_GET['mb_id']) ? trim($_GET['mb_id']) : '';
$mb_md5 = isset($_GET['mb_md5']) ? trim($_GET['mb_md5']) : '';
$sql = " select mb_id, mb_email_certify2, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$row = sql_fetch($sql);
@ -33,5 +33,4 @@ if ($mb_md5)
}
}
alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
?>
alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);

5
bbs/email_stop.php
View File

@ -1,6 +1,8 @@
<?php
include_once('./_common.php');
$mb_id = isset($_REQUEST['mb_id']) ? clean_xss_tags($_REQUEST['mb_id'], 1, 1) : '';
$sql = " select mb_id, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$row = sql_fetch($sql);
if (!$row['mb_id'])
@ -15,5 +17,4 @@ if ($mb_md5) {
}
}
alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
?>
alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);

7
bbs/faq.php
View File

@ -13,11 +13,11 @@ $result = sql_query($sql);
while ($row=sql_fetch_array($result))
{
$key = $row['fm_id'];
if (!$fm_id) $fm_id = $key;
if (!isset($fm_id)) $fm_id = $key;
$faq_master_list[$key] = $row;
}
if ($fm_id){
if (isset($fm_id) && $fm_id){
$qstr .= '&amp;fm_id=' . $fm_id; // 마스터faq key_id
}
@ -94,5 +94,4 @@ if(is_file($skin_file)) {
echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
}
include_once('./_tail.php');
?>
include_once('./_tail.php');

3
bbs/formmail.php
View File

@ -52,5 +52,4 @@ $type_checked[$type] = 'checked';
include_once($member_skin_path.'/formmail.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/formmail_send.php
View File

@ -55,5 +55,4 @@ include_once(G5_PATH.'/head.sub.php');
alert_close('메일을 정상적으로 발송하였습니다.');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/good.php
View File

@ -159,5 +159,4 @@ if(isset($_POST['js']) && $_POST['js'] === "on") {
run_event('bbs_good_after', $bo_table, $wr_id, $good);
@include_once($board_skin_path.'/good.tail.skin.php');
?>
@include_once($board_skin_path.'/good.tail.skin.php');

3
bbs/group.php
View File

@ -55,5 +55,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
<!-- 메인화면 최신글 끝 -->
</div>
<?php
include_once('./_tail.php');
?>
include_once('./_tail.php');

5
bbs/link.php
View File

@ -3,6 +3,8 @@ include_once('./_common.php');
$html_title = '링크 &gt; '.conv_subject($write['wr_subject'], 255);
$no = isset($_REQUEST['no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['no']) : '';
if (!($bo_table && $wr_id && $no))
alert_close('값이 제대로 넘어오지 않았습니다.');
@ -23,5 +25,4 @@ if (empty($_SESSION[$ss_name]))
set_session($ss_name, true);
}
goto_url(set_http($write['wr_link'.$no]));
?>
goto_url(set_http($write['wr_link'.$no]));

5
bbs/list.php
View File

@ -104,7 +104,7 @@ if (!$is_search_bbs) {
$list[$i] = get_list($row, $board, $board_skin_url, G5_IS_MOBILE ? $board['bo_mobile_subject_len'] : $board['bo_subject_len']);
$list[$i]['is_notice'] = true;
$list[$i]['num'] = 0;
$i++;
$notice_count++;
@ -252,5 +252,4 @@ if ($board['bo_use_rss_view']) {
}
$stx = get_text(stripslashes($stx));
include_once($board_skin_path.'/list.skin.php');
?>
include_once($board_skin_path.'/list.skin.php');

5
bbs/login.php
View File

@ -8,7 +8,7 @@ if( function_exists('social_check_login_before') ){
$g5['title'] = '로그인';
include_once('./_head.sub.php');
$url = strip_tags($_GET['url']);
$url = isset($_GET['url']) ? strip_tags($_GET['url']) : '';
// url 체크
check_url_host($url);
@ -33,5 +33,4 @@ include_once($member_skin_path.'/login.skin.php');
run_event('member_login_tail', $login_url, $login_action_url, $member_skin_path, $url);
include_once('./_tail.sub.php');
?>
include_once('./_tail.sub.php');

11
bbs/login_check.php
View File

@ -3,8 +3,8 @@ include_once('./_common.php');
$g5['title'] = "로그인 검사";
$mb_id = trim($_POST['mb_id']);
$mb_password = trim($_POST['mb_password']);
$mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
$mb_password = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
run_event('member_login_check_before', $mb_id);
@ -31,7 +31,7 @@ if(function_exists('social_is_login_check')){
// 가입된 회원이 아니다. 비밀번호가 틀리다. 라는 메세지를 따로 보여주지 않는 이유는
// 회원아이디를 입력해 보고 맞으면 또 비밀번호를 입력해보는 경우를 방지하기 위해서입니다.
// 불법사용자의 경우 회원아이디가 틀린지, 비밀번호가 틀린지를 알기까지는 많은 시간이 소요되기 때문입니다.
if (!$is_social_password_check && (!$mb['mb_id'] || !login_password_check($mb, $mb_password, $mb['mb_password'])) ) {
if (!$is_social_password_check && (! (isset($mb['mb_id']) && $mb['mb_id']) || !login_password_check($mb, $mb_password, $mb['mb_password'])) ) {
run_event('password_is_wrong', 'login', $mb);
@ -75,7 +75,7 @@ if($config['cf_use_point']) {
// 3.26
// 아이디 쿠키에 한달간 저장
if ($auto_login) {
if (isset($auto_login) && $auto_login) {
// 3.27
// 자동로그인 ---------------------------
// 쿠키 한달간 저장
@ -146,5 +146,4 @@ if( is_admin($mb['mb_id']) && is_dir(G5_DATA_PATH.'/tmp/') ){
}
}
goto_url($link);
?>
goto_url($link);

3
bbs/logout.php
View File

@ -36,5 +36,4 @@ if ($url) {
run_event('member_logout', $link);
goto_url($link);
?>
goto_url($link);

5
bbs/member_confirm.php
View File

@ -11,7 +11,7 @@ else
$urlencode = urlencode($_SERVER[REQUEST_URI]);
*/
$url = clean_xss_tags($_GET['url']);
$url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
//소셜 로그인 한 경우
if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){
@ -37,5 +37,4 @@ $url = get_text($url);
include_once($member_skin_path.'/member_confirm.skin.php');
include_once('./_tail.sub.php');
?>
include_once('./_tail.sub.php');

7
bbs/member_leave.php
View File

@ -7,7 +7,9 @@ if (!$member['mb_id'])
if ($is_admin == 'super')
alert('최고 관리자는 탈퇴할 수 없습니다');
if (!($_POST['mb_password'] && check_password($_POST['mb_password'], $member['mb_password'])))
$post_mb_password = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
if (!($post_mb_password && check_password($post_mb_password, $member['mb_password'])))
alert('비밀번호가 틀립니다.');
// 회원탈퇴일을 저장
@ -26,5 +28,4 @@ if(function_exists('social_member_link_delete')){
social_member_link_delete($member['mb_id']);
}
alert(''.$member['mb_nick'].'님께서는 '. date("Y년 m월 d일") .'에 회원에서 탈퇴 하셨습니다.', $url);
?>
alert(''.$member['mb_nick'].'님께서는 '. date("Y년 m월 d일") .'에 회원에서 탈퇴 하셨습니다.', $url);

5
bbs/memo.php
View File

@ -9,7 +9,7 @@ set_session('ss_memo_delete_token', $token = uniqid(time()));
$g5['title'] = '내 쪽지함';
include_once(G5_PATH.'/head.sub.php');
$kind = $kind ? clean_xss_tags(strip_tags($kind)) : 'recv';
$kind = isset($_GET['kind']) ? clean_xss_tags($_GET['kind'], 0, 1) : 'recv';
if ($kind == 'recv')
$unkind = 'send';
@ -83,5 +83,4 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c
include_once($member_skin_path.'/memo.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/memo_delete.php
View File

@ -10,7 +10,7 @@ set_session('ss_memo_delete_token', '');
if (!($token && $delete_token == $token))
alert('토큰 에러로 삭제 불가합니다.');
$me_id = (int)$_REQUEST['me_id'];
$me_id = isset($_REQUEST['me_id']) ? (int) $_REQUEST['me_id'] : 0;
$sql = " select * from {$g5['memo_table']} where me_id = '{$me_id}' ";
$row = sql_fetch($sql);
@ -34,5 +34,4 @@ if (!$row['me_read_datetime'][0]) // 메모 받기전이면
run_event('memo_delete', $me_id, $row);
goto_url('./memo.php?kind='.$kind);
?>
goto_url('./memo.php?kind='.$kind);

5
bbs/memo_form.php
View File

@ -9,6 +9,8 @@ if (!$member['mb_open'] && $is_admin != 'super' && $member['mb_id'] != $mb_id)
alert_close("자신의 정보를 공개하지 않으면 다른분에게 쪽지를 보낼 수 없습니다. 정보공개 설정은 회원정보수정에서 하실 수 있습니다.");
$content = "";
$me_recv_mb_id = isset($_GET['me_recv_mb_id']) ? clean_xss_tags($_GET['me_recv_mb_id'], 1, 1) : '';
// 탈퇴한 회원에게 쪽지 보낼 수 없음
if ($me_recv_mb_id)
{
@ -38,5 +40,4 @@ include_once(G5_PATH.'/head.sub.php');
$memo_action_url = G5_HTTPS_BBS_URL."/memo_form_update.php";
include_once($member_skin_path.'/memo_form.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/memo_form_update.php
View File

@ -9,7 +9,7 @@ if (!chk_captcha()) {
alert('자동등록방지 숫자가 틀렸습니다.');
}
$recv_list = explode(',', trim($_POST['me_recv_mb_id']));
$recv_list = isset($_POST['me_recv_mb_id']) ? explode(',', trim($_POST['me_recv_mb_id'])) : array();
$str_nick_list = '';
$msg = '';
$error_list = array();
@ -104,5 +104,4 @@ if ($member_list) {
run_event('memo_form_update_failed', $member_list, $redirect_url, $_POST['me_memo']);
alert("회원아이디 오류 같습니다.", $redirect_url, false);
}
?>
}

9
bbs/memo_view.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
if (!$is_member)
alert('회원만 이용하실 수 있습니다.');
$me_id = (int)$_REQUEST['me_id'];
$me_id = isset($_REQUEST['me_id']) ? (int) $_REQUEST['me_id'] : 0;
if ($kind == 'recv')
{
@ -46,7 +46,7 @@ include_once(G5_PATH.'/head.sub.php');
$sql = " select me.*, a.rownum from `{$g5['memo_table']}` as me inner join ( select me_id , (@rownum:=@rownum+1) as rownum from `{$g5['memo_table']}` as memo, (select @rownum:=0) tmp where me_{$kind}_mb_id = '{$member['mb_id']}' and memo.me_type = '$kind' order by me_id desc ) as a on a.me_id = me.me_id where me.me_id < '$me_id' and me.me_{$kind}_mb_id = '{$member['mb_id']}' and me.me_type = '$kind' order by me.me_id desc limit 1 ";
$prev = sql_fetch($sql);
if ($prev['me_id']) {
if (isset($prev['me_id']) && $prev['me_id']) {
$prev_link = './memo_view.php?kind='.$kind.'&amp;me_id='.$prev['me_id'];
$prev['page'] = ceil( (int)$prev['rownum'] / $config['cf_page_rows']); // 이동할 페이지 계산
if( (int)$prev['page'] > 0 ) $prev_link .= "&amp;page=".$prev['page'];
@ -58,7 +58,7 @@ if ($prev['me_id']) {
$sql = " select me.*, a.rownum from `{$g5['memo_table']}` as me inner join ( select me_id , (@rownum:=@rownum+1) as rownum from `{$g5['memo_table']}` as memo, (select @rownum:=0) tmp where me_{$kind}_mb_id = '{$member['mb_id']}' and memo.me_type = '$kind' order by me_id asc ) as a on a.me_id = me.me_id where me.me_id > '$me_id' and me.me_{$kind}_mb_id = '{$member['mb_id']}' and me.me_type = '$kind' order by me.me_id asc limit 1 ";
$next = sql_fetch($sql);
if ($next['me_id']) {
if (isset($next['me_id']) && $next['me_id']) {
$next_link = './memo_view.php?kind='.$kind.'&amp;me_id='.$next['me_id'];
$next['page'] = ceil( (int)$next['rownum'] / $config['cf_page_rows']); // 이동할 페이지 계산
if( (int)$next['page'] > 0 ) $next_link .= "&amp;page=".$next['page'];
@ -78,5 +78,4 @@ if(isset($page) && $page){
include_once($member_skin_path.'/memo_view.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

17
bbs/move.php
View File

@ -1,9 +1,11 @@
<?php
include_once('./_common.php');
if ($sw == 'move')
$sw = isset($_REQUEST['sw']) ? clean_xss_tags($_REQUEST['sw'], 1, 1) : '';
if ($sw === 'move')
$act = '이동';
else if ($sw == 'copy')
else if ($sw === 'copy')
$act = '복사';
else
alert('sw 값이 제대로 넘어오지 않았습니다.');
@ -20,8 +22,12 @@ if ($wr_id)
$wr_id_list = $wr_id;
else {
$comma = '';
for ($i=0; $i<count($_POST['chk_wr_id']); $i++) {
$wr_id_list .= $comma . $_POST['chk_wr_id'][$i];
$count_chk_wr_id = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? count($_POST['chk_wr_id']) : 0;
for ($i=0; $i<count($count_chk_wr_id); $i++) {
$wr_id_val = isset($_POST['chk_wr_id'][$i]) ? preg_replace('/[^0-9]/', '', $_POST['chk_wr_id'][$i]) : 0;
$wr_id_list .= $comma . $wr_id_val;
$comma = ',';
}
}
@ -157,5 +163,4 @@ function fboardmoveall_submit(f)
<?php
run_event('move_html_footer');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

12
bbs/move_update.php
View File

@ -2,6 +2,7 @@
include_once('./_common.php');
$act = isset($act) ? strip_tags($act) : '';
$count_chk_bo_table = (isset($_POST['chk_bo_table']) && is_array($_POST['chk_bo_table'])) ? count($_POST['chk_bo_table']) : 0;
// 게시판 관리자 이상 복사, 이동 가능
if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
@ -10,7 +11,7 @@ if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
if ($sw != 'move' && $sw != 'copy')
alert('sw 값이 제대로 넘어오지 않았습니다.');
if(!count($_POST['chk_bo_table']))
if(! $count_chk_bo_table)
alert('게시물을 '.$act.'할 게시판을 한개 이상 선택해 주십시오.', $url);
// 원본 파일 디렉토리
@ -21,7 +22,7 @@ $save_count_write = 0;
$save_count_comment = 0;
$cnt = 0;
$wr_id_list = preg_replace('/[^0-9\,]/', '', $_POST['wr_id_list']);
$wr_id_list = isset($_POST['wr_id_list']) ? preg_replace('/[^0-9\,]/', '', $_POST['wr_id_list']) : '';
$sql = " select distinct wr_num from $write_table where wr_id in ({$wr_id_list}) order by wr_id ";
$result = sql_query($sql);
@ -30,9 +31,9 @@ while ($row = sql_fetch_array($result))
$save[$cnt]['wr_contents'] = array();
$wr_num = $row['wr_num'];
for ($i=0; $i<count($_POST['chk_bo_table']); $i++)
for ($i=0; $i<$count_chk_bo_table; $i++)
{
$move_bo_table = preg_replace('/[^a-z0-9_]/i', '', $_POST['chk_bo_table'][$i]);
$move_bo_table = isset($_POST['chk_bo_table'][$i]) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['chk_bo_table'][$i]) : '';
// 취약점 18-0075 참고
$sql = "select * from {$g5['board_table']} where bo_table = '".sql_real_escape_string($move_bo_table)."' ";
@ -255,5 +256,4 @@ window.close();
</p>
<a href="$opener_href">돌아가기</a>
</noscript>
HEREDOC;
?>
HEREDOC;

3
bbs/new.php
View File

@ -112,5 +112,4 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c
include_once($new_skin_path.'/new.skin.php');
include_once('./_tail.php');
?>
include_once('./_tail.php');

11
bbs/new_delete.php
View File

@ -6,14 +6,16 @@ include_once('./_common.php');
if ($is_admin != 'super')
alert("최고관리자만 접근이 가능합니다.");
$board = array();
$board = array('bo_table'=>'');
$save_bo_table = array();
$save_wr_id = array();
$count_chk_bn_id = (isset($_POST['chk_bn_id']) && is_array($_POST['chk_bn_id'])) ? count($_POST['chk_bn_id']) : 0;
$count_write = 0;
for($i=0;$i<count($_POST['chk_bn_id']);$i++)
for($i=0;$i<$count_chk_bn_id;$i++)
{
// 실제 번호를 넘김
$k = $_POST['chk_bn_id'][$i];
$k = isset($_POST['chk_bn_id'][$i]) ? (int) $_POST['chk_bn_id'][$i] : 0;
$bo_table = isset($_POST['bo_table'][$k]) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['bo_table'][$k]) : '';
$wr_id = isset($_POST['wr_id'][$k]) ? preg_replace('/[^0-9]/i', '', $_POST['wr_id'][$k]) : 0;
@ -145,5 +147,4 @@ foreach ($save_bo_table as $key=>$value) {
run_event('bbs_new_delete', $chk_bn_id, $save_bo_table, $save_wr_id);
goto_url("new.php?sfl=$sfl&stx=$stx&page=$page");
?>
goto_url("new.php?sfl=$sfl&stx=$stx&page=$page");

2
bbs/newwin.inc.php
View File

@ -16,7 +16,7 @@ $result = sql_query($sql, false);
for ($i=0; $nw=sql_fetch_array($result); $i++)
{
// 이미 체크 되었다면 Continue
if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
if (isset($_COOKIE["hd_pops_{$nw['nw_id']}"]) && $_COOKIE["hd_pops_{$nw['nw_id']}"])
continue;
?>

7
bbs/password.php
View File

@ -3,9 +3,7 @@ include_once('./_common.php');
$g5['title'] = '비밀번호 입력';
if( isset($comment_id) ){
$comment_id = (int) $comment_id;
}
$comment_id = isset($_REQUEST['comment_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['comment_id']) : 0;
switch ($w) {
case 'u' :
@ -64,5 +62,4 @@ include_once($member_skin_path.'/password.skin.php');
//if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); }
//if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); }
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/password_check.php
View File

@ -47,5 +47,4 @@ if ($w == 's') {
} else
alert('w 값이 제대로 넘어오지 않았습니다.');
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?'.$qstr));
?>
goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?'.$qstr));

3
bbs/password_lost.php
View File

@ -12,5 +12,4 @@ include_once(G5_PATH.'/head.sub.php');
$action_url = G5_HTTPS_BBS_URL."/password_lost2.php";
include_once($member_skin_path.'/password_lost.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/password_lost2.php
View File

@ -73,5 +73,4 @@ mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb['mb_email'
run_event('password_lost2_after', $mb, $mb_nonce, $mb_lost_certify);
alert_close($email.' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.');
?>
alert_close($email.' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.');

7
bbs/password_lost_certify.php
View File

@ -8,8 +8,8 @@ run_event('password_lost_certify_before');
// 오류시 공히 Error 라고 처리하는 것은 회원정보가 있는지? 비밀번호가 틀린지? 를 알아보려는 해킹에 대비한것
$mb_no = preg_replace('#[^0-9]#', '', trim($_GET['mb_no']));
$mb_nonce = trim($_GET['mb_nonce']);
$mb_no = isset($_GET['mb_no']) ? preg_replace('#[^0-9]#', '', trim($_GET['mb_no'])) : 0;
$mb_nonce = isset($_GET['mb_nonce']) ? trim($_GET['mb_nonce']) : '';
// 회원아이디가 아닌 회원고유번호로 회원정보를 구한다.
$sql = " select mb_id, mb_lost_certify from {$g5['member_table']} where mb_no = '$mb_no' ";
@ -31,5 +31,4 @@ if ($mb_nonce === substr($mb['mb_lost_certify'], 0, 32)) {
}
else {
die("Error");
}
?>
}

3
bbs/point.php
View File

@ -23,5 +23,4 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
include_once($member_skin_path.'/point.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

9
bbs/poll_etc_update.php
View File

@ -4,9 +4,9 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
if ($w == '')
{
$po_id = $_POST['po_id'];
$pc_name = $_POST['pc_name'];
$pc_idea = $_POST['pc_idea'];
$po_id = isset($_POST['po_id']) ? (int) $_POST['po_id'] : '';
$pc_name = isset($_POST['pc_name']) ? clean_xss_tags($_POST['pc_name'], 1, 1) : '';
$pc_idea = isset($_POST['pc_idea']) ? clean_xss_tags($_POST['pc_idea'], 1, 1) : '';
$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
if (!$po['po_id'])
@ -55,5 +55,4 @@ else if ($w == 'd')
}
}
goto_url('./poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);
?>
goto_url('./poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);

17
bbs/poll_result.php
View File

@ -2,6 +2,8 @@
include_once('./_common.php');
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
$po_id = isset($_REQUEST['po_id']) ? (int) $_REQUEST['po_id'] : '';
$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
if (!$po['po_id'])
alert('설문조사 정보가 없습니다.');
@ -15,9 +17,11 @@ $po_subject = $po['po_subject'];
$max = 1;
$total_po_cnt = 0;
for ($i=1; $i<=9; $i++) {
$poll_max_count = 9;
for ($i=1; $i<=$poll_max_count; $i++) {
$poll = $po['po_poll'.$i];
if ($poll == '') break;
if (! $poll) break;
$count = $po['po_cnt'.$i];
$total_po_cnt += $count;
@ -29,12 +33,14 @@ $nf_total_po_cnt = number_format($total_po_cnt);
$list = array();
for ($i=1; $i<=9; $i++) {
for ($i=1; $i<=$poll_max_count; $i++) {
$poll = $po['po_poll'.$i];
if ($poll == '') { break; }
if (! $poll) { break; }
$list[$i]['content'] = $poll;
$list[$i]['cnt'] = $po['po_cnt'.$i];
$list[$i]['rate'] = 0;
if ($total_po_cnt > 0)
$list[$i]['rate'] = ($list[$i]['cnt'] / $total_po_cnt) * 100;
@ -111,5 +117,4 @@ include_once(G5_PATH.'/head.sub.php');
if (!file_exists($poll_skin_path.'/poll_result.skin.php')) die('skin error');
include_once ($poll_skin_path.'/poll_result.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

14
bbs/poll_update.php
View File

@ -1,14 +1,16 @@
<?php
include_once('./_common.php');
$po_id = isset($_POST['po_id']) ? preg_replace('/[^0-9]/', '', $_POST['po_id']) : 0;
$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$_POST['po_id']}' ");
if (!$po['po_id'])
if (! (isset($po['po_id']) && $po['po_id']))
alert('po_id 값이 제대로 넘어오지 않았습니다.');
if ($member['mb_level'] < $po['po_level'])
alert_close('권한 '.$po['po_level'].' 이상 회원만 투표에 참여하실 수 있습니다.');
$gb_poll = preg_replace('/[^0-9]/', '', $gb_poll);
$gb_poll = isset($_POST['gb_poll']) ? preg_replace('/[^0-9]/', '', $_POST['gb_poll']) : 0;
if(!$gb_poll)
alert_close('항목을 선택하세요.');
@ -35,7 +37,8 @@ if($is_member) {
}
}
$result_url = G5_BBS_URL."/poll_result.php?po_id=$po_id&skin_dir={$_POST['skin_dir']}";
$post_skin_dir = isset($_POST['skin_dir']) ? clean_xss_tags($_POST['skin_dir'], 1, 1) : '';
$result_url = G5_BBS_URL."/poll_result.php?po_id=$po_id&skin_dir={$post_skin_dir}";
// 없다면 선택한 투표항목을 1증가 시키고 ip, id를 저장
if (!($search_ip || $search_mb_id)) {
@ -50,12 +53,11 @@ if (!($search_ip || $search_mb_id)) {
sql_query($sql);
} else {
alert($po['po_subject'].'에 이미 참여하셨습니다.', $result_url);
alert(addcslashes($po['po_subject'], '"\\/').'에 이미 참여하셨습니다.', $result_url);
}
if (!$search_mb_id)
insert_point($member['mb_id'], $po['po_point'], $po['po_id'] . '. ' . cut_str($po['po_subject'],20) . ' 투표 참여 ', '@poll', $po['po_id'], '투표');
//goto_url($g5['bbs_url'].'/poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);
goto_url($result_url);
?>
goto_url($result_url);

3
bbs/profile.php
View File

@ -32,5 +32,4 @@ $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개
include_once($member_skin_path.'/profile.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/qadelete.php
View File

@ -15,7 +15,7 @@ $tmp_array = array();
if ($qa_id) // 건별삭제
$tmp_array[0] = $qa_id;
else // 일괄삭제
$tmp_array = $_POST['chk_qa_id'];
$tmp_array = (isset($_POST['chk_qa_id']) && is_array($_POST['chk_qa_id'])) ? $_POST['chk_qa_id'] : array();
$count = count($tmp_array);
if(!$count)
@ -79,5 +79,4 @@ for($i=0; $i<$count; $i++) {
sql_query(" delete from {$g5['qa_content_table']} where qa_id = '$qa_id' ");
}
goto_url(G5_BBS_URL.'/qalist.php'.preg_replace('/^&amp;/', '?', $qstr));
?>
goto_url(G5_BBS_URL.'/qalist.php'.preg_replace('/^&amp;/', '?', $qstr));

5
bbs/qadownload.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
// clean the output buffer
ob_end_clean();
$no = (int)$no;
$no = isset($_REQUEST['no']) ? (int) $_REQUEST['no'] : 0;
// 쿠키에 저장된 ID값과 넘어온 ID값을 비교하여 같지 않을 경우 오류 발생
// 다른곳에서 링크 거는것을 방지하기 위한 코드
@ -71,5 +71,4 @@ while(!feof($fp)) {
usleep(1000);
}
fclose ($fp);
flush();
?>
flush();

3
bbs/qahead.php
View File

@ -14,5 +14,4 @@ if (G5_IS_MOBILE) {
else
include ('./_head.php');
echo conv_content($qaconfig['qa_content_head'], 1);
}
?>
}

4
bbs/qalist.php
View File

@ -10,6 +10,7 @@ $g5['title'] = $qaconfig['qa_title'];
include_once('./qahead.php');
$skin_file = $qa_skin_path.'/list.skin.php';
$is_auth = $is_admin ? true : false;
$category_option = '';
if ($qaconfig['qa_category']) {
@ -120,5 +121,4 @@ if(is_file($skin_file)) {
echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
}
include_once('./qatail.php');
?>
include_once('./qatail.php');

3
bbs/qatail.php
View File

@ -11,5 +11,4 @@ if (G5_IS_MOBILE) {
@include ($qaconfig['qa_include_tail']);
else
include ('./_tail.php');
}
?>
}

18
bbs/qaview.php
View File

@ -2,10 +2,13 @@
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
$qa_id = isset($_REQUEST['qa_id']) ? (int) $_REQUEST['qa_id'] : 0;
if($is_guest)
alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qaview.php?qa_id='.$qa_id));
$qaconfig = get_qa_config();
$content = '';
$g5['title'] = $qaconfig['qa_title'];
include_once('./qahead.php');
@ -20,7 +23,7 @@ if(is_file($skin_file)) {
$view = sql_fetch($sql);
if(!$view['qa_id'])
if(!(isset($view['qa_id']) && $view['qa_id']))
alert('게시글이 존재하지 않습니다.\\n삭제되었거나 자신의 글이 아닌 경우입니다.');
$subject_len = G5_IS_MOBILE ? $qaconfig['qa_mobile_subject_len'] : $qaconfig['qa_subject_len'];
@ -168,10 +171,19 @@ if(is_file($skin_file)) {
}
}
$html_value = '';
$html_checked = '';
if (isset($view['qa_html']) && $view['qa_html']) {
$html_checked = 'checked';
$html_value = $view['qa_html'];
if($view['qa_html'] == 1 && !$is_dhtml_editor)
$html_value = 2;
}
include_once($skin_file);
} else {
echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
}
include_once('./qatail.php');
?>
include_once('./qatail.php');

8
bbs/qawrite.php
View File

@ -6,6 +6,9 @@ if($w != '' && $w != 'u' && $w != 'r') {
alert('올바른 방법으로 이용해 주십시오.');
}
$qa_id = isset($_REQUEST['qa_id']) ? (int) $_REQUEST['qa_id'] : 0;
$write = array('qa_email_recv'=>'', 'qa_subject'=>'', 'qa_category'=>'');
if($is_guest)
alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qalist.php'));
@ -90,7 +93,7 @@ if(is_file($skin_file)) {
$upload_max_filesize = number_format($qaconfig['qa_upload_size']) . ' 바이트';
$html_value = '';
if ($write['qa_html']) {
if (isset($write['qa_html']) && $write['qa_html']) {
$html_checked = 'checked';
$html_value = $write['qa_html'];
@ -137,5 +140,4 @@ if(is_file($skin_file)) {
echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
}
include_once('./qatail.php');
?>
include_once('./qatail.php');

32
bbs/qawrite_update.php
View File

@ -14,7 +14,7 @@ $msg = array();
// 1:1문의 설정값
$qaconfig = get_qa_config();
$qa_id = isset($qa_id) ? (int) $qa_id : 0;
$qa_id = isset($_POST['qa_id']) ? (int) $_POST['qa_id'] : 0;
if(trim($qaconfig['qa_category'])) {
if($w != 'a') {
@ -57,8 +57,7 @@ if (!empty($msg)) {
alert($msg);
}
if($qa_hp)
$qa_hp = preg_replace('/[^0-9\-]/', '', strip_tags($qa_hp));
$qa_hp = isset($_POST['qa_hp']) ? preg_replace('/[^0-9\-]/', '', $_POST['qa_hp']) : '';
// 090710
if (substr_count($qa_content, '&#') > 50) {
@ -72,6 +71,13 @@ if (empty($_POST)) {
alert("파일 또는 글내용의 크기가 서버에서 설정한 값을 넘어 오류가 발생하였습니다.\\npost_max_size=".ini_get('post_max_size')." , upload_max_filesize=".$upload_max_filesize."\\n게시판관리자 또는 서버관리자에게 문의 바랍니다.");
}
$qa_type = 0;
$qa_parent = 0;
$qa_related = 0;
$qa_email_recv = (isset($_POST['qa_email_recv']) && $_POST['qa_email_recv']) ? 1 : 0;
$qa_sms_recv = (isset($_POST['qa_sms_recv']) && $_POST['qa_sms_recv']) ? 1 : 0;
$qa_status = 0;
for ($i=1; $i<=5; $i++) {
$var = "qa_$i";
$$var = "";
@ -115,7 +121,7 @@ if($w == 'u' || $w == 'a' || $w == 'r') {
// 파일개수 체크
$file_count = 0;
$upload_count = count($_FILES['bf_file']['name']);
$upload_count = isset($_FILES['bf_file']['name']) ? count($_FILES['bf_file']['name']) : 0;
for ($i=1; $i<=$upload_count; $i++) {
if($_FILES['bf_file']['name'][$i] && is_uploaded_file($_FILES['bf_file']['tmp_name'][$i]))
@ -134,7 +140,7 @@ $chars_array = array_merge(range(0,9), range('a','z'), range('A','Z'));
// 가변 파일 업로드
$file_upload_msg = '';
$upload = array();
for ($i=1; $i<=count($_FILES['bf_file']['name']); $i++) {
for ($i=1; $i<=$upload_count; $i++) {
$upload[$i]['file'] = '';
$upload[$i]['source'] = '';
$upload[$i]['del_check'] = false;
@ -234,6 +240,11 @@ if($w == '' || $w == 'a' || $w == 'r') {
$qa_status = 1;
}
$insert_qa_file1 = isset($upload[1]['file']) ? $upload[1]['file'] : '';
$insert_qa_source1 = isset($upload[1]['source']) ? $upload[1]['source'] : '';
$insert_qa_file2 = isset($upload[2]['file']) ? $upload[2]['file'] : '';
$insert_qa_source2 = isset($upload[2]['source']) ? $upload[2]['source'] : '';
$sql = " insert into {$g5['qa_content_table']}
set qa_num = '$qa_num',
mb_id = '{$member['mb_id']}',
@ -250,10 +261,10 @@ if($w == '' || $w == 'a' || $w == 'r') {
qa_subject = '$qa_subject',
qa_content = '$qa_content',
qa_status = '$qa_status',
qa_file1 = '{$upload[1]['file']}',
qa_source1 = '{$upload[1]['source']}',
qa_file2 = '{$upload[2]['file']}',
qa_source2 = '{$upload[2]['source']}',
qa_file1 = '{$insert_qa_file1}',
qa_source1 = '{$insert_qa_source1}',
qa_file2 = '{$insert_qa_file2}',
qa_source2 = '{$insert_qa_source2}',
qa_ip = '{$_SERVER['REMOTE_ADDR']}',
qa_datetime = '".G5_TIME_YMDHIS."',
qa_1 = '$qa_1',
@ -450,5 +461,4 @@ else
if ($file_upload_msg)
alert($file_upload_msg, $result_url);
else
goto_url($result_url);
?>
goto_url($result_url);

3
bbs/register.php
View File

@ -15,5 +15,4 @@ include_once('./_head.php');
$register_action_url = G5_BBS_URL.'/register_form.php';
include_once($member_skin_path.'/register.skin.php');
include_once('./_tail.php');
?>
include_once('./_tail.php');

14
bbs/register_email.php
View File

@ -5,14 +5,19 @@ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
$g5['title'] = '메일인증 메일주소 변경';
include_once('./_head.php');
$mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20);
$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$mb_id = isset($_GET['mb_id']) ? substr(clean_xss_tags($_GET['mb_id']), 0, 20) : '';
$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify, mb_id from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$mb = sql_fetch($sql);
if(! (isset($mb['mb_id']) && $mb['mb_id'])){
alert("해당 회원이 존재하지 않습니다.", G5_URL);
}
if (substr($mb['mb_email_certify'],0,1)!=0) {
alert("이미 메일인증 하신 회원입니다.", G5_URL);
}
$ckey = trim($_GET['ckey']);
$ckey = isset($_GET['ckey']) ? trim($_GET['ckey']) : '';
$key = md5($mb['mb_ip'].$mb['mb_datetime']);
if(!$ckey || $ckey != $key)
@ -54,5 +59,4 @@ function fregister_email_submit(f)
}
</script>
<?php
include_once('./_tail.php');
?>
include_once('./_tail.php');

7
bbs/register_email_update.php
View File

@ -3,8 +3,8 @@ include_once('./_common.php');
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
$mb_id = substr(clean_xss_tags($_POST['mb_id']), 0, 20);
$mb_email = get_email_address(trim($_POST['mb_email']));
$mb_id = isset($_POST['mb_id']) ? substr(clean_xss_tags($_POST['mb_id']), 0, 20) : '';
$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
if(!$mb_id || !$mb_email)
alert('올바른 방법으로 이용해 주십시오.', G5_URL);
@ -47,5 +47,4 @@ mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $su
$sql = " update {$g5['member_table']} set mb_email = '$mb_email' where mb_id = '$mb_id' ";
sql_query($sql);
alert("인증메일을 {$mb_email} 메일로 다시 보내 드렸습니다.\\n\\n잠시후 {$mb_email} 메일을 확인하여 주십시오.", G5_URL);
?>
alert("인증메일을 {$mb_email} 메일로 다시 보내 드렸습니다.\\n\\n잠시후 {$mb_email} 메일을 확인하여 주십시오.", G5_URL);

11
bbs/register_form.php
View File

@ -14,7 +14,7 @@ set_session("ss_cert_type", "");
$is_social_login_modify = false;
if( $provider && function_exists('social_nonce_is_valid') ){ //모바일로 소셜 연결을 했다면
if( isset($_REQUEST['provider']) && $_REQUEST['provider'] && function_exists('social_nonce_is_valid') ){ //모바일로 소셜 연결을 했다면
if( social_nonce_is_valid(get_session("social_link_token"), $provider) ){ //토큰값이 유효한지 체크
$w = 'u'; //회원 수정으로 처리
$_POST['mb_id'] = $member['mb_id'];
@ -87,7 +87,7 @@ if ($w == "") {
if (isset($_POST['mb_password'])) {
// 수정된 정보를 업데이트후 되돌아 온것이라면 비밀번호가 암호화 된채로 넘어온것임
if ($_POST['is_update']) {
if (isset($_POST['is_update']) && $_POST['is_update']) {
$tmp_password = $_POST['mb_password'];
$pass_check = ($member['mb_password'] === $tmp_password);
} else {
@ -144,8 +144,8 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) &
$required = ($w=='') ? 'required' : '';
$readonly = ($w=='u') ? 'readonly' : '';
$agree = preg_replace('#[^0-9]#', '', $agree);
$agree2 = preg_replace('#[^0-9]#', '', $agree2);
$agree = isset($_REQUEST['agree']) ? preg_replace('#[^0-9]#', '', $_REQUEST['agree']) : '';
$agree2 = isset($_REQUEST['agree2']) ? preg_replace('#[^0-9]#', '', $_REQUEST['agree2']) : '';
// add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
if ($config['cf_use_addr'])
@ -155,5 +155,4 @@ include_once($member_skin_path.'/register_form.skin.php');
run_event('register_form_after', $w, $agree, $agree2);
include_once('./_tail.php');
?>
include_once('./_tail.php');

48
bbs/register_form_update.php
View File

@ -24,18 +24,18 @@ if (!chk_captcha()) {
if($w == 'u')
$mb_id = isset($_SESSION['ss_mb_id']) ? trim($_SESSION['ss_mb_id']) : '';
else if($w == '')
$mb_id = trim($_POST['mb_id']);
$mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
else
alert('잘못된 접근입니다', G5_URL);
if(!$mb_id)
alert('회원아이디 값이 없습니다. 올바른 방법으로 이용해 주십시오.');
$mb_password = trim($_POST['mb_password']);
$mb_password_re = trim($_POST['mb_password_re']);
$mb_name = trim($_POST['mb_name']);
$mb_nick = trim($_POST['mb_nick']);
$mb_email = trim($_POST['mb_email']);
$mb_password = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
$mb_password_re = isset($_POST['mb_password_re']) ? trim($_POST['mb_password_re']) : '';
$mb_name = isset($_POST['mb_name']) ? trim($_POST['mb_name']) : '';
$mb_nick = isset($_POST['mb_name']) ? trim($_POST['mb_nick']) : '';
$mb_email = isset($_POST['mb_name']) ? trim($_POST['mb_email']) : '';
$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : "";
$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : "";
$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : "";
@ -127,7 +127,8 @@ if ($w == '' || $w == 'u') {
// 본인확인 체크
if($config['cf_cert_use'] && $config['cf_cert_req']) {
if(trim($_POST['cert_no']) != $_SESSION['ss_cert_no'] || !$_SESSION['ss_cert_no'])
$post_cert_no = isset($_POST['cert_no']) ? trim($_POST['cert_no']) : '';
if($post_cert_no !== get_session('ss_cert_no') || ! get_session('ss_cert_no'))
alert("회원가입을 위해서는 본인확인을 해주셔야 합니다.");
}
@ -161,9 +162,9 @@ if ($w == '' || $w == 'u') {
// 본인확인
//---------------------------------------------------------------
$mb_hp = hyphen_hp_number($mb_hp);
if($config['cf_cert_use'] && $_SESSION['ss_cert_type'] && $_SESSION['ss_cert_dupinfo']) {
if($config['cf_cert_use'] && get_session('ss_cert_type') && get_session('ss_cert_dupinfo')) {
// 중복체크
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$_SESSION['ss_cert_dupinfo']}' ";
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
$row = sql_fetch($sql);
if ($row['mb_id']) {
alert("입력하신 본인확인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
@ -171,17 +172,17 @@ if($config['cf_cert_use'] && $_SESSION['ss_cert_type'] && $_SESSION['ss_cert_dup
}
$sql_certify = '';
$md5_cert_no = $_SESSION['ss_cert_no'];
$cert_type = $_SESSION['ss_cert_type'];
$md5_cert_no = get_session('ss_cert_no');
$cert_type = get_session('ss_cert_type');
if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
// 해시값이 같은 경우에만 본인확인 값을 저장한다.
if ($_SESSION['ss_cert_hash'] == md5($mb_name.$cert_type.$_SESSION['ss_cert_birth'].$md5_cert_no)) {
if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '{$_SESSION['ss_cert_adult']}' ";
$sql_certify .= " , mb_birth = '{$_SESSION['ss_cert_birth']}' ";
$sql_certify .= " , mb_sex = '{$_SESSION['ss_cert_sex']}' ";
$sql_certify .= " , mb_dupinfo = '{$_SESSION['ss_cert_dupinfo']}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else {
@ -304,7 +305,7 @@ if ($w == '') {
set_session('ss_mb_reg', $mb_id);
} else if ($w == 'u') {
if (!trim($_SESSION['ss_mb_id']))
if (!trim(get_session('ss_mb_id')))
alert('로그인 되어 있지 않습니다.');
if (trim($_POST['mb_id']) != $mb_id)
@ -508,11 +509,11 @@ if ($config['cf_use_email_certify'] && $old_email != $mb_email) {
// 사용자 코드 실행
@include_once ($member_skin_path.'/register_form_update.tail.skin.php');
unset($_SESSION['ss_cert_type']);
unset($_SESSION['ss_cert_no']);
unset($_SESSION['ss_cert_hash']);
unset($_SESSION['ss_cert_birth']);
unset($_SESSION['ss_cert_adult']);
if(isset($_SESSION['ss_cert_type'])) unset($_SESSION['ss_cert_type']);
if(isset($_SESSION['ss_cert_no'])) unset($_SESSION['ss_cert_no']);
if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_hash']);
if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_birth']);
if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_adult']);
if ($msg)
echo '<script>alert(\''.$msg.'\');</script>';
@ -549,5 +550,4 @@ if ($w == '') {
</body>
</html>';
}
}
?>
}

3
bbs/register_result.php
View File

@ -11,5 +11,4 @@ if (!$mb['mb_id'])
$g5['title'] = '회원가입 완료';
include_once('./_head.php');
include_once($member_skin_path.'/register_result.skin.php');
include_once('./_tail.php');
?>
include_once('./_tail.php');

3
bbs/rss.php
View File

@ -86,5 +86,4 @@ $date = date('r', strtotime($date));
}
echo '</channel>'."\n";
echo '</rss>'."\n";
?>
echo '</rss>'."\n";

3
bbs/scrap.php
View File

@ -56,5 +56,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
include_once($member_skin_path.'/scrap.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/scrap_delete.php
View File

@ -1,6 +1,8 @@
<?php
include_once('./_common.php');
$ms_id = isset($_REQUEST['ms_id']) ? (int) $_REQUEST['ms_id'] : 0;
if (!$is_member)
alert('회원만 이용하실 수 있습니다.');
@ -10,5 +12,4 @@ sql_query($sql);
$sql = " update `{$g5['member_table']}` set mb_scrap_cnt = '".get_scrap_totals($member['mb_id'])."' where mb_id = '{$member['mb_id']}' ";
sql_query($sql);
goto_url('./scrap.php?page='.$page);
?>
goto_url('./scrap.php?page='.$page);

3
bbs/scrap_popin.php
View File

@ -59,5 +59,4 @@ HEREDOC;
include_once($member_skin_path.'/scrap_popin.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
bbs/scrap_popin_update.php
View File

@ -36,7 +36,7 @@ if ($row['cnt'])
exit;
}
$wr_content = trim($_POST['wr_content']);
$wr_content = isset($_POST['wr_content']) ? trim($_POST['wr_content']) : '';
// 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
@ -117,5 +117,4 @@ echo <<<HEREDOC
<p>이 글을 스크랩 하였습니다.</p>
<a href="./scrap.php">스크랩 확인하기</a>
</noscript>
HEREDOC;
?>
HEREDOC;

5
bbs/search.php
View File

@ -228,7 +228,7 @@ $group_select = '<label for="gr_id" class="sound_only">게시판 그룹선택</l
$sql = " select gr_id, gr_subject from {$g5['group_table']} order by gr_id ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++)
$group_select .= "<option value=\"".$row['gr_id']."\"".get_selected($_GET['gr_id'], $row['gr_id']).">".$row['gr_subject']."</option>";
$group_select .= "<option value=\"".$row['gr_id']."\"".get_selected($gr_id, $row['gr_id']).">".$row['gr_subject']."</option>";
$group_select .= '</select>';
if (!$sfl) $sfl = 'wr_subject';
@ -236,5 +236,4 @@ if (!$sop) $sop = 'or';
include_once($search_skin_path.'/search.skin.php');
include_once('./_tail.php');
?>
include_once('./_tail.php');

14
bbs/sns_send.php
View File

@ -1,13 +1,16 @@
<?php
include_once("./_common.php");
$title = urlencode(str_replace('\"', '"',$_REQUEST['title']));
$short_url = googl_short_url($_REQUEST['longurl']);
$title = isset($_REQUEST['title']) ? urlencode(str_replace('\"', '"', $_REQUEST['title'])) : '';
$short_url = isset($_REQUEST['longurl']) ? googl_short_url($_REQUEST['longurl']) : '';
$sns = isset($_REQUEST['sns']) ? $_REQUEST['sns'] : '';
if(!$short_url)
$short_url = urlencode($_REQUEST['longurl']);
$short_url = isset($_REQUEST['longurl']) ? urlencode($_REQUEST['longurl']) : '';
$title_url = $title.' : '.$short_url;
switch($_REQUEST['sns']) {
switch($sns) {
case 'facebook' :
header("Location:http://www.facebook.com/sharer/sharer.php?s=100&u=".$short_url."&p=".$title);
break;
@ -19,5 +22,4 @@ switch($_REQUEST['sns']) {
break;
default :
echo 'Error';
}
?>
}

7
bbs/view.php
View File

@ -28,7 +28,7 @@ if (!$board['bo_use_list_view']) {
$sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num = '{$write['wr_num']}' and wr_reply < '{$write['wr_reply']}' {$sql_search} order by wr_num desc, wr_reply desc limit 1 ";
$prev = sql_fetch($sql);
// 위의 쿼리문으로 값을 얻지 못했다면
if (!$prev['wr_id']) {
if (isset($prev['wr_id']) && !$prev['wr_id']) {
$sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num < '{$write['wr_num']}' {$sql_search} order by wr_num desc, wr_reply desc limit 1 ";
$prev = sql_fetch($sql);
}
@ -37,7 +37,7 @@ if (!$board['bo_use_list_view']) {
$sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num = '{$write['wr_num']}' and wr_reply > '{$write['wr_reply']}' {$sql_search} order by wr_num, wr_reply limit 1 ";
$next = sql_fetch($sql);
// 위의 쿼리문으로 값을 얻지 못했다면
if (!$next['wr_id']) {
if (isset($next['wr_id']) && !$next['wr_id']) {
$sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num > '{$write['wr_num']}' {$sql_search} order by wr_num, wr_reply limit 1 ";
$next = sql_fetch($sql);
}
@ -142,5 +142,4 @@ if ($board['bo_use_signature'] && $view['mb_id']) {
include_once($board_skin_path.'/view.skin.php');
@include_once($board_skin_path.'/view.tail.skin.php');
?>
@include_once($board_skin_path.'/view.tail.skin.php');

6
bbs/view_comment.php
View File

@ -7,6 +7,9 @@ if ($is_guest && $board['bo_comment_level'] < 2) {
$captcha_html = captcha_html('_comment');
}
$c_id = isset($_GET['c_id']) ? clean_xss_tags($_GET['c_id'], 1, 1) : '';
$c_wr_content = '';
@include_once($board_skin_path.'/view_comment.head.skin.php');
$list = array();
@ -126,5 +129,4 @@ include_once($board_skin_path.'/view_comment.skin.php');
if (!$member['mb_id']) // 비회원일 경우에만
echo '<script src="'.G5_JS_URL.'/md5.js"></script>'."\n";
@include_once($board_skin_path.'/view_comment.tail.skin.php');
?>
@include_once($board_skin_path.'/view_comment.tail.skin.php');

5
bbs/view_image.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
$g5['title'] = '이미지 크게보기';
include_once(G5_PATH.'/head.sub.php');
$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']);
$filename = isset($_GET['fn']) ? preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']) : '';
if(function_exists('clean_relative_paths')){
$filename = clean_relative_paths($filename);
@ -145,5 +145,4 @@ $.fn.imgLoad = function(callback) {
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
bbs/visit_browscap.inc.php
View File

@ -17,5 +17,4 @@ if(defined('G5_VISIT_BROWSCAP_USE') && G5_VISIT_BROWSCAP_USE && is_file(G5_DATA_
$vi_browser = $info->Comment;
$vi_os = $info->Platform;
$vi_device = $info->Device_Type;
}
?>
}

11
bbs/visit_insert.inc.php
View File

@ -41,22 +41,22 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
// 오늘
$sql = " select vs_count as cnt from {$g5['visit_sum_table']} where vs_date = '".G5_TIME_YMD."' ";
$row = sql_fetch($sql);
$vi_today = $row['cnt'];
$vi_today = isset($row['cnt']) ? $row['cnt'] : 0;
// 어제
$sql = " select vs_count as cnt from {$g5['visit_sum_table']} where vs_date = DATE_SUB('".G5_TIME_YMD."', INTERVAL 1 DAY) ";
$row = sql_fetch($sql);
$vi_yesterday = $row['cnt'];
$vi_yesterday = isset($row['cnt']) ? $row['cnt'] : 0;
// 최대
$sql = " select max(vs_count) as cnt from {$g5['visit_sum_table']} ";
$row = sql_fetch($sql);
$vi_max = $row['cnt'];
$vi_max = isset($row['cnt']) ? $row['cnt'] : 0;
// 전체
$sql = " select sum(vs_count) as total from {$g5['visit_sum_table']} ";
$row = sql_fetch($sql);
$vi_sum = $row['total'];
$vi_sum = isset($row['total']) ? $row['total'] : 0;
$visit = '오늘:'.$vi_today.',어제:'.$vi_yesterday.',최대:'.$vi_max.',전체:'.$vi_sum;
@ -65,5 +65,4 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
// 쿼리의 수를 상당부분 줄임
sql_query(" update {$g5['config_table']} set cf_visit = '{$visit}' ");
}
}
?>
}

17
bbs/write.php
View File

@ -340,8 +340,16 @@ if ($w == '') {
}
$file = get_file($bo_table, $wr_id);
if($file_count < $file['count'])
if($file_count < $file['count']) {
$file_count = $file['count'];
}
for($i=0;$i<$file_count;$i++){
if(! isset($file[$i])) {
$file[$i] = array('file'=>null, 'source'=>null, 'size'=>null);
}
}
} else if ($w == 'r') {
if (strstr($write['wr_option'], 'secret')) {
$is_secret = true;
@ -355,8 +363,8 @@ if ($w == '') {
}
}
set_session('ss_bo_table', $_REQUEST['bo_table']);
set_session('ss_wr_id', $_REQUEST['wr_id']);
set_session('ss_bo_table', $bo_table);
set_session('ss_wr_id', $wr_id);
$subject = "";
if (isset($write['wr_subject'])) {
@ -433,5 +441,4 @@ include_once ($board_skin_path.'/write.skin.php');
include_once('./board_tail.php');
@include_once ($board_skin_path.'/write.tail.skin.php');
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

36
bbs/write_comment_update.php
View File

@ -6,7 +6,7 @@ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
// 토큰체크
$comment_token = trim(get_session('ss_comment_token'));
set_session('ss_comment_token', '');
if(!trim($_POST['token']) || !$comment_token || $comment_token != $_POST['token'])
if(empty($_POST['token']) || !$comment_token || $comment_token != $_POST['token'])
alert('올바른 방법으로 이용해 주십시오.');
// 090710
@ -15,16 +15,31 @@ if (substr_count($wr_content, "&#") > 50) {
exit;
}
@include_once($board_skin_path.'/write_comment_update.head.skin.php');
$w = $_POST["w"];
$wr_name = trim($_POST['wr_name']);
$wr_email = '';
$w = isset($_POST['w']) ? clean_xss_tags($_POST['w']) : '';
$wr_name = isset($_POST['wr_name']) ? clean_xss_tags(trim($_POST['wr_name'])) : '';
$wr_secret = isset($_POST['wr_secret']) ? clean_xss_tags($_POST['wr_secret']) : '';
$wr_email = $wr_subject = '';
$reply_array = array();
$wr_1 = isset($_POST['wr_1']) ? $_POST['wr_1'] : '';
$wr_2 = isset($_POST['wr_2']) ? $_POST['wr_2'] : '';
$wr_3 = isset($_POST['wr_3']) ? $_POST['wr_3'] : '';
$wr_4 = isset($_POST['wr_4']) ? $_POST['wr_4'] : '';
$wr_5 = isset($_POST['wr_5']) ? $_POST['wr_5'] : '';
$wr_6 = isset($_POST['wr_6']) ? $_POST['wr_6'] : '';
$wr_7 = isset($_POST['wr_7']) ? $_POST['wr_7'] : '';
$wr_8 = isset($_POST['wr_8']) ? $_POST['wr_8'] : '';
$wr_9 = isset($_POST['wr_9']) ? $_POST['wr_9'] : '';
$wr_10 = isset($_POST['wr_10']) ? $_POST['wr_10'] : '';
$wr_facebook_user = isset($_POST['wr_facebook_user']) ? clean_xss_tags($_POST['wr_facebook_user'], 1, 1) : '';
$wr_twitter_user = isset($_POST['wr_twitter_user']) ? clean_xss_tags($_POST['wr_twitter_user'], 1, 1) : '';
$wr_homepage = isset($_POST['wr_homepage']) ? clean_xss_tags($_POST['wr_homepage'], 1, 1) : '';
if (!empty($_POST['wr_email']))
$wr_email = get_email_address(trim($_POST['wr_email']));
@include_once($board_skin_path.'/write_comment_update.head.skin.php');
// 비회원의 경우 이름이 누락되는 경우가 있음
if ($is_guest) {
if ($wr_name == '')
@ -42,7 +57,7 @@ else
// 세션의 시간 검사
// 4.00.15 - 댓글 수정시 연속 게시물 등록 메시지로 인한 오류 수정
if ($w == 'c' && $_SESSION['ss_datetime'] >= (G5_SERVER_TIME - $config['cf_delay_sec']) && !$is_admin)
if ($w == 'c' && !$is_admin && isset($_SESSION['ss_datetime']) && $_SESSION['ss_datetime'] >= (G5_SERVER_TIME - $config['cf_delay_sec']))
alert('너무 빠른 시간내에 게시물을 연속해서 올릴 수 없습니다.');
set_session('ss_datetime', G5_SERVER_TIME);
@ -325,11 +340,11 @@ else if ($w == 'cu') // 댓글 수정
wr_7 = '$wr_7',
wr_8 = '$wr_8',
wr_9 = '$wr_9',
wr_10 = '$wr_10',
wr_option = '$wr_option'
wr_10 = '$wr_10'
$sql_ip
$sql_secret
where wr_id = '$comment_id' ";
sql_query($sql);
}
@ -343,5 +358,4 @@ $redirect_url = short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table
run_event('comment_update_after', $board, $wr_id, $w, $qstr, $redirect_url, $comment_id, $reply_array);
goto_url($redirect_url);
?>
goto_url($redirect_url);

7
bbs/write_comment_update.sns.php
View File

@ -10,7 +10,7 @@ set_cookie('ck_twitter_checked' , false, 86400*31);
// 페이스북
//----------------------------------------------------------------------------
$wr_facebook_user = "";
if ($_POST['facebook_checked']) {
if (! empty($_POST['facebook_checked'])) {
include_once(G5_SNS_PATH."/facebook/src/facebook.php");
$facebook = new Facebook(array(
@ -48,7 +48,7 @@ if ($_POST['facebook_checked']) {
// 트위터
//----------------------------------------------------------------------------
$wr_twitter_user = "";
if ($_POST['twitter_checked']) {
if (! empty($_POST['twitter_checked'])) {
include_once(G5_SNS_PATH."/twitter/twitteroauth/twitteroauth.php");
include_once(G5_SNS_PATH."/twitter/twitterconfig.php");
@ -68,5 +68,4 @@ if ($_POST['twitter_checked']) {
$wr_twitter_user = get_session("ss_twitter_user");
}
//============================================================================
?>
//============================================================================;

3
bbs/write_token.php
View File

@ -9,5 +9,4 @@ set_session('ss_write_'.$bo_table.'_token', '');
$token = get_write_token($bo_table);
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
?>
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));

49
bbs/write_update.php
View File

@ -9,9 +9,10 @@ check_write_token($bo_table);
$g5['title'] = '게시글 저장';
$msg = array();
$uid = isset($_POST['uid']) ? preg_replace('/[^0-9]/', '', $_POST['uid']) : 0;
if($board['bo_use_category']) {
$ca_name = trim($_POST['ca_name']);
$ca_name = isset($_POST['ca_name']) ? trim($_POST['ca_name']) : '';
if(!$ca_name) {
$msg[] = '<strong>분류</strong>를 선택하세요.';
} else {
@ -76,6 +77,11 @@ if (empty($_POST)) {
}
$notice_array = explode(",", $board['bo_notice']);
$wr_password = isset($_POST['wr_password']) ? $_POST['wr_password'] : '';
$bf_content = isset($_POST['bf_content']) ? (array) $_POST['bf_content'] : array();
$_POST['html'] = isset($_POST['html']) ? clean_xss_tags($_POST['html'], 1, 1) : '';
$_POST['secret'] = isset($_POST['secret']) ? clean_xss_tags($_POST['secret'], 1, 1) : '';
$_POST['mail'] = isset($_POST['mail']) ? clean_xss_tags($_POST['mail'], 1, 1) : '';
if ($w == 'u' || $w == 'r') {
$wr = get_write($write_table, $wr_id);
@ -537,14 +543,16 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) {
if ($w == 'u') {
// 존재하는 파일이 있다면 삭제합니다.
$row = sql_fetch(" select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' ");
$delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row['bf_file']), $row);
if( file_exists($delete_file) ){
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']);
}
// 이미지파일이면 썸네일삭제
if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) {
delete_board_thumbnail($bo_table, $row['bf_file']);
if(isset($row['bf_file']) && $row['bf_file']){
$delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row['bf_file']), $row);
if( file_exists($delete_file) ){
@unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']);
}
// 이미지파일이면 썸네일삭제
if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) {
delete_board_thumbnail($bo_table, $row['bf_file']);
}
}
}
@ -578,9 +586,11 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) {
// 나중에 테이블에 저장하는 이유는 $wr_id 값을 저장해야 하기 때문입니다.
for ($i=0; $i<count($upload); $i++)
{
if (!get_magic_quotes_gpc()) {
$upload[$i]['source'] = addslashes($upload[$i]['source']);
}
$upload[$i]['source'] = sql_real_escape_string($upload[$i]['source']);
$bf_content[$i] = isset($bf_content[$i]) ? sql_real_escape_string($bf_content[$i]) : '';
$bf_width = isset($upload[$i]['image'][0]) ? (int) $upload[$i]['image'][0] : 0;
$bf_height = isset($upload[$i]['image'][1]) ? (int) $upload[$i]['image'][1] : 0;
$bf_type = isset($upload[$i]['image'][2]) ? (int) $upload[$i]['image'][2] : 0;
$row = sql_fetch(" select count(*) as cnt from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
if ($row['cnt'])
@ -597,9 +607,9 @@ for ($i=0; $i<count($upload); $i++)
bf_thumburl = '{$upload[$i]['thumburl']}',
bf_storage = '{$upload[$i]['storage']}',
bf_filesize = '".(int)$upload[$i]['filesize']."',
bf_width = '".(int)$upload[$i]['image'][0]."',
bf_height = '".(int)$upload[$i]['image'][1]."',
bf_type = '".(int)$upload[$i]['image'][2]."',
bf_width = '".$bf_width."',
bf_height = '".$bf_height."',
bf_type = '".$bf_type."',
bf_datetime = '".G5_TIME_YMDHIS."'
where bo_table = '{$bo_table}'
and wr_id = '{$wr_id}'
@ -630,9 +640,9 @@ for ($i=0; $i<count($upload); $i++)
bf_storage = '{$upload[$i]['storage']}',
bf_download = 0,
bf_filesize = '".(int)$upload[$i]['filesize']."',
bf_width = '".(int)$upload[$i]['image'][0]."',
bf_height = '".(int)$upload[$i]['image'][1]."',
bf_type = '".(int)$upload[$i]['image'][2]."',
bf_width = '".$bf_width."',
bf_height = '".$bf_height."',
bf_type = '".$bf_type."',
bf_datetime = '".G5_TIME_YMDHIS."' ";
sql_query($sql);
@ -740,5 +750,4 @@ run_event('write_update_after', $board, $wr_id, $w, $qstr, $redirect_url);
if ($file_upload_msg)
alert($file_upload_msg, $redirect_url);
else
goto_url($redirect_url);
?>
goto_url($redirect_url);