Merge branch 'master' of github.com:gnuboard/g5

adm/config_form.php

@@ -1067,7 +1067,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                     <input type="checkbox" name="cf_social_servicelist[]" id="check_social_kakao" value="kakao" <?php echo option_array_checked('kakao', $config['cf_social_servicelist']); ?> >
                     <label for="check_social_kakao">카카오 로그인을 사용합니다</label>
                     <div>
-                    <h3>카카오 웹 Redirect Path</h3>
+                    <h3>카카오 로그인 Redirect URI</h3>
                     <p><?php echo get_social_callbackurl('kakao', true); ?></p>
                     </div>
                 </div>

adm/qa_config.php

@@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) {
         <tr>
             <th scope="row"><label for="qa_insert_content">글쓰기 기본 내용</label></th>
             <td>
-                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo $qaconfig['qa_insert_content'] ?></textarea>
+                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo html_purifier($qaconfig['qa_insert_content']); ?></textarea>
             </td>
         </tr>
         <?php for ($i=1; $i<=5; $i++) { ?>

adm/qa_config_update.php

@@ -50,6 +50,8 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){
     $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
 }
 
+$_POST['qa_title'] = strip_tags($_POST['qa_title']);
+
 $sql = " update {$g5['qa_config_table']}
             set qa_title                = '{$_POST['qa_title']}',
                 qa_category             = '{$_POST['qa_category']}',

adm/sms_admin/ajax.sms_write_form.php

@@ -74,10 +74,13 @@ while($res = sql_fetch_array($qry))
     ";
 }
 
-$arr_ajax_msg['error'] = "";
-$arr_ajax_msg['list_text'] = $list_text;
-$arr_ajax_msg['page'] = $page;
-$arr_ajax_msg['total_count'] = $total_count;
-$arr_ajax_msg['total_page'] = $total_page;
+$arr_ajax_msg = array(
+'error'=>'',
+'list_text'=>$list_text,
+'page'=>$page,
+'total_count'=>$total_count,
+'total_page'=>$total_page
+);
+
 die( json_encode($arr_ajax_msg) );
 ?>

adm/sms_admin/history_view.php

@@ -12,6 +12,10 @@ if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
     $st = '';
 }
 
+if( $sst && !in_array($sst, array('mb_id', 'bk_no', 'hs_name', 'hs_hp', 'hs_datetime', 'hs_flag', 'hs_code', 'hs_memo', 'hs_log')) ){
+    $sst = '';
+}
+
 auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = "문자전송 상세내역";
@@ -22,7 +26,7 @@ if (!is_numeric($wr_no))
 if ($spage < 1) $spage = 1;
 
 if ($sst && trim($ssv))
-    $sql_search = " and $sst like '%$ssv%' ";
+    $sql_search = " and $sst like '%".sql_real_escape_string($ssv)."%' ";
 else
     $sql_search = "";
 

bbs/password_lost2.php

@@ -21,9 +21,9 @@ $row = sql_fetch($sql);
 if ($row['cnt'] > 1)
     alert('동일한 메일주소가 2개 이상 존재합니다.\\n\\n관리자에게 문의하여 주십시오.');
 
-$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime from {$g5['member_table']} where mb_email = '$email' ";
+$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime, mb_leave_date from {$g5['member_table']} where mb_email = '$email' ";
 $mb = sql_fetch($sql);
-if (!$mb['mb_id'])
+if (!$mb['mb_id'] || $mb['mb_leave_date'])
     alert('존재하지 않는 회원입니다.');
 else if (is_admin($mb['mb_id']))
     alert('관리자 아이디는 접근 불가합니다.');

bbs/qawrite.php

@@ -67,7 +67,7 @@ if(is_file($skin_file)) {
 
     $content = '';
     if ($w == '') {
-        $content = $qaconfig['qa_insert_content'];
+        $content = html_purifier($qaconfig['qa_insert_content']);
     } else if($w == 'r') {
         if($is_dhtml_editor)
             $content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>';

config.php

@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.3.2');
+define('G5_GNUBOARD_VER', '5.3.3.3');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

lib/common.lib.php

@@ -3561,12 +3561,15 @@ function is_include_path_check($path='', $is_input='')
             if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
                 return false;
             }
-            if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
+            if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){
                 return false;
             }
             if( substr_count($replace_path, './') > 5 ){
                 return false;
             }
+            if( defined('G5_SHOP_DIR') && preg_match('/'.G5_SHOP_DIR.'\//i', $replace_path) && preg_match('/kcp\//i', $replace_path) ){
+                return false;
+            }
         }
 
         $extension = pathinfo($path, PATHINFO_EXTENSION);

plugin/sms5/ajax.sms_emoticon.php

@@ -18,6 +18,8 @@ if (is_numeric($fg_no))
 else
     $sql_group = "";
 
+$sv = isset($sv) ? get_search_string($sv) : '';
+
 if ($st == 'all') {
     $sql_search = "and (fo_name like '%{$sv}%' or fo_content like '%{$sv}%')";
 } else if ($st == 'name') {
@@ -61,10 +63,13 @@ for($k=0;$res = sql_fetch_array($qry);$k++)
     $list_text[$k]['fo_name'] = cut_str($res['fo_name'],20);
 }
 
-$arr_ajax_msg['error'] = "";
-$arr_ajax_msg['list_text'] = $list_text;
-$arr_ajax_msg['page'] = $page;
-$arr_ajax_msg['total_count'] = $total_count;
-$arr_ajax_msg['total_page'] = $total_page;
+$arr_ajax_msg = array(
+'error'=>'',
+'list_text'=>$list_text,
+'page'=>$page,
+'total_count'=>$total_count,
+'total_page'=>$total_page
+);
+
 die( json_encode($arr_ajax_msg) );
 ?>

plugin/sns/view.sns.skin.php

@@ -24,11 +24,38 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : '';
 ?>
 
 <?php if($config['cf_kakao_js_apikey']) { ?>
-<script src="//developers.kakao.com/sdk/js/kakao.min.js"></script>
-<script src="<?php echo G5_JS_URL; ?>/kakaolink.js"></script>
-<script>
-    // 사용할 앱의 Javascript 키를 설정해 주세요.
-    Kakao.init("<?php echo $config['cf_kakao_js_apikey']; ?>");
+<script src="//developers.kakao.com/sdk/js/kakao.min.js" charset="utf-8"></script>
+<script src="<?php echo G5_JS_URL; ?>/kakaolink.js" charset="utf-8"></script>
+<script type='text/javascript'>
+    //<![CDATA[
+        // 사용할 앱의 Javascript 키를 설정해 주세요.
+        Kakao.init("<?php echo $config['cf_kakao_js_apikey']; ?>");
+
+        function Kakao_sendLink() {
+            var webUrl = location.protocol+"<?php echo '//'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?>",
+                imageUrl = $("#bo_v_img").find("img").attr("src") || $(".view_image").find("img").attr("src") || '';
+
+            Kakao.Link.sendDefault({
+                objectType: 'feed',
+                content: {
+                    title: "<?php echo str_replace(array('%27', '&#034;' , '\"'), '', strip_tags($view['subject'])); ?>",
+                    description: "<?php echo preg_replace('/\r\n|\r|\n/','', strip_tags(get_text(cut_str(strip_tags($view['wr_content']), 200), 1))); ?>",
+                    imageUrl: imageUrl,
+                    link: {
+                        mobileWebUrl: webUrl,
+                        webUrl: webUrl
+                    }
+                },
+                buttons: [{
+                    title: '자세히 보기',
+                    link: {
+                        mobileWebUrl: webUrl,
+                        webUrl: webUrl
+                    }
+                }]
+            });
+        }
+    //]]>
 </script>
 <?php } ?>
 <div class="bo_v_snswr">
@@ -39,7 +66,7 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : '';
     <li><a href="<?php echo $facebook_url; ?>" target="_blank" class="sns_f"><img src="<?php echo G5_SNS_URL; ?>/icon/facebook.png" alt="페이스북으로 보내기" width="20"></a></li>
     <li><a href="<?php echo $gplus_url; ?>" target="_blank" class="sns_g"><img src="<?php echo G5_SNS_URL; ?>/icon/gplus.png" alt="구글플러스로 보내기" width="20"></a></li>
     <?php if($config['cf_kakao_js_apikey']) { ?>
-    <li><a href="javascript:kakaolink_send('<?php echo str_replace(array('%27', '\''), '', $sns_msg); ?>', '<?php echo urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); ?>');" class="sns_k" ><img src="<?php echo G5_SNS_URL; ?>/icon/kakaotalk.png" alt="카카오톡으로 보내기" width="20"></a></li>
+    <li><a href="javascript:Kakao_sendLink();" class="sns_k" ><img src="<?php echo G5_SNS_URL; ?>/icon/kakaotalk.png" alt="카카오톡으로 보내기" width="20"></a></li>
     <?php } ?>
 </ul>
 </div>

plugin/social/includes/functions.php

@@ -48,10 +48,6 @@ function get_social_callbackurl($provider, $no_domain=false){
 
     $base_url = G5_SOCIAL_LOGIN_BASE_URL;
 
-    if( $provider === 'kakao' && $no_domain ){
-        $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/');
-    }
-
     if ( $provider === 'twitter' ){
         return $base_url;
     }

plugin/social/register_member_update.php

@@ -44,6 +44,7 @@ if( ! $mb_nick || ! $mb_name ){
     $tmp = explode('@', $mb_email);
     $mb_nick = $mb_nick ? $mb_nick : $tmp[0];
     $mb_name = $mb_name ? $mb_name : $tmp[0];
+    $mb_nick = exist_mb_nick_recursive($mb_nick, '');
 }
 
 if( ! isset($mb_password) || ! $mb_password ){