From 120d42c43188dbd2b44285cff902669e6a2d4f61 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 26 Aug 2019 18:03:57 +0900 Subject: [PATCH 01/10] =?UTF-8?q?=EC=B9=B4=EC=B9=B4=EC=98=A4=20=EC=86=8C?= =?UTF-8?q?=EC=85=9C=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EC=84=A4=EC=A0=95=20?= =?UTF-8?q?=ED=91=9C=EC=8B=9C=EB=AC=B8=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 2 +- plugin/social/includes/functions.php | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index 738e0cdea..716485c85 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1067,7 +1067,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { >
-

카카오 웹 Redirect Path

+

카카오 로그인 Redirect URI

diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index fab949a88..50fb6af81 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -48,10 +48,6 @@ function get_social_callbackurl($provider, $no_domain=false){ $base_url = G5_SOCIAL_LOGIN_BASE_URL; - if( $provider === 'kakao' && $no_domain ){ - $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/'); - } - if ( $provider === 'twitter' ){ return $base_url; } From c2922aaa13fe5d9ffabd5370d67125209d5bb5a8 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 29 Aug 2019 12:23:29 +0900 Subject: [PATCH 02/10] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20XS?= =?UTF-8?q?S=20=EC=B7=A8=EC=95=BD=EC=A0=90(KVE-2019-1235,1236,1238)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/qa_config.php | 2 +- bbs/qawrite.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/adm/qa_config.php b/adm/qa_config.php index 92e9a4632..b73062251 100644 --- a/adm/qa_config.php +++ b/adm/qa_config.php @@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) { - + diff --git a/bbs/qawrite.php b/bbs/qawrite.php index 5a7a47345..484f271b5 100644 --- a/bbs/qawrite.php +++ b/bbs/qawrite.php @@ -67,7 +67,7 @@ if(is_file($skin_file)) { $content = ''; if ($w == '') { - $content = $qaconfig['qa_insert_content']; + $content = html_purifier($qaconfig['qa_insert_content']); } else if($w == 'r') { if($is_dhtml_editor) $content = '



====== 이전 답변내용 =======
'; From 3c55c4d60d6dcb5ead47d283dd06fe57aac7e73e Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 29 Aug 2019 14:44:47 +0900 Subject: [PATCH 03/10] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20St?= =?UTF-8?q?ored=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(KVE-2019-1198)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/qa_config_update.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 1072b765f..a269c45ee 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -50,6 +50,8 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){ $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.'; } +$_POST['qa_title'] = strip_tags($_POST['qa_title']); + $sql = " update {$g5['qa_config_table']} set qa_title = '{$_POST['qa_title']}', qa_category = '{$_POST['qa_category']}', From d33753014c91f8a1916656952c8294128fca3462 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 6 Sep 2019 12:28:27 +0900 Subject: [PATCH 04/10] =?UTF-8?q?[KVE-2019-1162]=EC=9E=84=EC=9D=98=20?= =?UTF-8?q?=EB=AA=85=EB=A0=B9=EC=96=B4=20=EC=8B=A4=ED=96=89=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 6f9d0e906..3546358ef 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3561,12 +3561,15 @@ function is_include_path_check($path='', $is_input='') if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){ return false; } - if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){ + if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){ return false; } if( substr_count($replace_path, './') > 5 ){ return false; } + if( defined('G5_SHOP_DIR') && preg_match('/'.G5_SHOP_DIR.'\//i', $replace_path) && preg_match('/kcp\//i', $replace_path) ){ + return false; + } } $extension = pathinfo($path, PATHINFO_EXTENSION); From f0e176033fc5b781ac9bf83de3ac9ccbef393a11 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 6 Sep 2019 17:48:35 +0900 Subject: [PATCH 05/10] =?UTF-8?q?=EC=B9=B4=EC=B9=B4=EC=98=A4=20=EB=A7=81?= =?UTF-8?q?=ED=81=AC=20v2=20=EB=B2=84=EC=A0=84=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/sns/view.sns.skin.php | 39 ++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/plugin/sns/view.sns.skin.php b/plugin/sns/view.sns.skin.php index 5a45b6392..97bb0523b 100644 --- a/plugin/sns/view.sns.skin.php +++ b/plugin/sns/view.sns.skin.php @@ -24,11 +24,38 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : ''; ?> - - - + +
@@ -39,7 +66,7 @@ $bo_v_sns_class = $config['cf_kakao_js_apikey'] ? 'show_kakao' : '';
  • 페이스북으로 보내기
  • 구글플러스로 보내기
    • -
  • 카카오톡으로 보내기
    • +
  • 카카오톡으로 보내기
    • From 7ad199ccd557f0f2736f3e52a5b9a5eb51454175 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 9 Sep 2019 11:30:44 +0900 Subject: [PATCH 06/10] =?UTF-8?q?=EC=86=8C=EC=85=9C=20=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=EA=B0=80=EC=9E=85=EC=8B=9C=20=EB=8B=89=EB=84=A4?= =?UTF-8?q?=EC=9E=84=20=EC=A4=91=EB=B3=B5=20=EC=B2=B4=ED=81=AC=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/social/register_member_update.php | 1 + 1 file changed, 1 insertion(+) diff --git a/plugin/social/register_member_update.php b/plugin/social/register_member_update.php index 2fbec2f98..748a82281 100644 --- a/plugin/social/register_member_update.php +++ b/plugin/social/register_member_update.php @@ -44,6 +44,7 @@ if( ! $mb_nick || ! $mb_name ){ $tmp = explode('@', $mb_email); $mb_nick = $mb_nick ? $mb_nick : $tmp[0]; $mb_name = $mb_name ? $mb_name : $tmp[0]; + $mb_nick = exist_mb_nick_recursive($mb_nick, ''); } if( ! isset($mb_password) || ! $mb_password ){ From b4604fca6781e8302e240d5f4c6e2ae3f455909a Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 9 Sep 2019 12:27:14 +0900 Subject: [PATCH 07/10] =?UTF-8?q?[KVE-2019-1318]=20SQL=20Injection=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/history_view.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php index 43e144fa4..a62558385 100644 --- a/adm/sms_admin/history_view.php +++ b/adm/sms_admin/history_view.php @@ -12,6 +12,10 @@ if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){ $st = ''; } +if( $sst && !in_array($sst, array('mb_id', 'bk_no', 'hs_name', 'hs_hp', 'hs_datetime', 'hs_flag', 'hs_code', 'hs_memo', 'hs_log')) ){ + $sst = ''; +} + auth_check($auth[$sub_menu], "r"); $g5['title'] = "문자전송 상세내역"; @@ -22,7 +26,7 @@ if (!is_numeric($wr_no)) if ($spage < 1) $spage = 1; if ($sst && trim($ssv)) - $sql_search = " and $sst like '%$ssv%' "; + $sql_search = " and $sst like '%".sql_real_escape_string($ssv)."%' "; else $sql_search = ""; From 8182cac90d2ee2f9da06469ecba759170e782ee3 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 16 Sep 2019 10:36:10 +0900 Subject: [PATCH 08/10] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/ajax.sms_write_form.php | 13 ++++++++----- plugin/sms5/ajax.sms_emoticon.php | 15 ++++++++++----- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php index e82a01cef..82a02b22a 100644 --- a/adm/sms_admin/ajax.sms_write_form.php +++ b/adm/sms_admin/ajax.sms_write_form.php @@ -74,10 +74,13 @@ while($res = sql_fetch_array($qry)) "; } -$arr_ajax_msg['error'] = ""; -$arr_ajax_msg['list_text'] = $list_text; -$arr_ajax_msg['page'] = $page; -$arr_ajax_msg['total_count'] = $total_count; -$arr_ajax_msg['total_page'] = $total_page; +$arr_ajax_msg = array( +'error'=>'', +'list_text'=>$list_text, +'page'=>$page, +'total_count'=>$total_count, +'total_page'=>$total_page +); + die( json_encode($arr_ajax_msg) ); ?> \ No newline at end of file diff --git a/plugin/sms5/ajax.sms_emoticon.php b/plugin/sms5/ajax.sms_emoticon.php index 7299bc157..12d6431e8 100644 --- a/plugin/sms5/ajax.sms_emoticon.php +++ b/plugin/sms5/ajax.sms_emoticon.php @@ -18,6 +18,8 @@ if (is_numeric($fg_no)) else $sql_group = ""; +$sv = isset($sv) ? get_search_string($sv) : ''; + if ($st == 'all') { $sql_search = "and (fo_name like '%{$sv}%' or fo_content like '%{$sv}%')"; } else if ($st == 'name') { @@ -61,10 +63,13 @@ for($k=0;$res = sql_fetch_array($qry);$k++) $list_text[$k]['fo_name'] = cut_str($res['fo_name'],20); } -$arr_ajax_msg['error'] = ""; -$arr_ajax_msg['list_text'] = $list_text; -$arr_ajax_msg['page'] = $page; -$arr_ajax_msg['total_count'] = $total_count; -$arr_ajax_msg['total_page'] = $total_page; +$arr_ajax_msg = array( +'error'=>'', +'list_text'=>$list_text, +'page'=>$page, +'total_count'=>$total_count, +'total_page'=>$total_page +); + die( json_encode($arr_ajax_msg) ); ?> \ No newline at end of file From 47bee3d294929505bb0ef23003aabd52ab10f664 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 16 Sep 2019 11:15:18 +0900 Subject: [PATCH 09/10] =?UTF-8?q?=ED=83=88=ED=87=B4=ED=95=9C=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=EC=9D=B4=20=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8?= =?UTF-8?q?=EB=A5=BC=20=EC=B0=BE=EA=B8=B0=20=ED=95=A0=EC=88=98=20=EC=9E=88?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/password_lost2.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index fade9a22f..9e7bfd437 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -21,9 +21,9 @@ $row = sql_fetch($sql); if ($row['cnt'] > 1) alert('동일한 메일주소가 2개 이상 존재합니다.\\n\\n관리자에게 문의하여 주십시오.'); -$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime from {$g5['member_table']} where mb_email = '$email' "; +$sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime, mb_leave_date from {$g5['member_table']} where mb_email = '$email' "; $mb = sql_fetch($sql); -if (!$mb['mb_id']) +if (!$mb['mb_id'] || $mb['mb_leave_date']) alert('존재하지 않는 회원입니다.'); else if (is_admin($mb['mb_id'])) alert('관리자 아이디는 접근 불가합니다.'); From d72a3b5a73f097511f24941a2ec6dac42338ff29 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 16 Sep 2019 11:39:25 +0900 Subject: [PATCH 10/10] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.3.3.3=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 51854fc9e..c228aa5d1 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.3.2'); +define('G5_GNUBOARD_VER', '5.3.3.3'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);