firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'g5'

Browse Source
This commit is contained in:
chicpro
2015-07-14 13:59:26 +09:00
parent 9a44ca14b5 b2bfe11743
commit 5c9ff655a2
10 changed files with 23 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bbs/alert.php
View File

@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg2 = str_replace("\\n", "<br>", $msg); $msg2 = str_replace("\\n", "<br>", $msg);
if (!$url) $url = $_SERVER['HTTP_REFERER']; $url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
// url 체크 // url 체크
check_url_host($url); check_url_host($url);

4
bbs/confirm.php
View File

@ -2,6 +2,10 @@
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
$url1 = clean_xss_tags($url1);
$url2 = clean_xss_tags($url2);
$url3 = clean_xss_tags($url3);
// url 체크 // url 체크
check_url_host($url1); check_url_host($url1);
check_url_host($url2); check_url_host($url2);

2
bbs/move.php
View File

@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
<input type="hidden" name="sod" value="<?php echo $sod ?>"> <input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="act" value="<?php echo $act ?>"> <input type="hidden" name="act" value="<?php echo $act ?>">
<input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>"> <input type="hidden" name="url" value="<?php echo clean_xss_tags($_SERVER['HTTP_REFERER']); ?>">
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
<table> <table>

2
bbs/new.php
View File

@ -17,6 +17,8 @@ if ($view == "w")
$sql_common .= " and a.wr_id = a.wr_parent "; $sql_common .= " and a.wr_id = a.wr_parent ";
else if ($view == "c") else if ($view == "c")
$sql_common .= " and a.wr_id <> a.wr_parent "; $sql_common .= " and a.wr_id <> a.wr_parent ";
else
$view = '';
$mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : ''; $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
$mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20); $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);

7
bbs/newwin.inc.php
View File

@ -19,14 +19,11 @@ $result = sql_query($sql, false);
<h2>팝업레이어 알림</h2> <h2>팝업레이어 알림</h2>
<?php <?php
for ($i=0; $row_nw=sql_fetch_array($result); $i++) for ($i=0; $nw=sql_fetch_array($result); $i++)
{ {
// 이미 체크 되었다면 Continue // 이미 체크 되었다면 Continue
if ($_COOKIE["hd_pops_{$row_nw['nw_id']}"]) if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
continue; continue;
$sql = " select * from {$g5['new_win_table']} where nw_id = '{$row_nw['nw_id']}' ";
$nw = sql_fetch($sql);
?> ?>
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px"> <div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px">

3
bbs/register_form.php
View File

@ -115,6 +115,9 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) &
$required = ($w=='') ? 'required' : ''; $required = ($w=='') ? 'required' : '';
$readonly = ($w=='u') ? 'readonly' : ''; $readonly = ($w=='u') ? 'readonly' : '';
$agree = preg_replace('#[^0-9]#', '', $agree);
$agree2 = preg_replace('#[^0-9]#', '', $agree2);
// add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨 // add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
if ($config['cf_use_addr']) if ($config['cf_use_addr'])
add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js

2
bbs/search.php
View File

@ -17,7 +17,7 @@ if ($stx) {
$stx = preg_replace('/\//', '\/', trim($stx)); $stx = preg_replace('/\//', '\/', trim($stx));
$sop = strtolower($sop); $sop = strtolower($sop);
if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or
$srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수 if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수
$g5_search['tables'] = Array(); $g5_search['tables'] = Array();

7
lib/common.lib.php
View File

@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg); alert($msg);
} }
if (!$url3) $url3 = $_SERVER['HTTP_REFERER']; if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']);
$msg = str_replace("\\n", "<br>", $msg); $msg = str_replace("\\n", "<br>", $msg);
@ -2738,6 +2738,11 @@ function clean_xss_tags($str)
{ {
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str); $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
$search = array('"', "'");
$replace = array('&#34;', '&#39;');
$str = str_replace($search, $replace, $str);
return $str; return $str;
} }

7
mobile/newwin.inc.php
View File

@ -19,14 +19,11 @@ $result = sql_query($sql, false);
<h2>팝업레이어 알림</h2> <h2>팝업레이어 알림</h2>
<?php <?php
for ($i=0; $row_nw=sql_fetch_array($result); $i++) for ($i=0; $nw=sql_fetch_array($result); $i++)
{ {
// 이미 체크 되었다면 Continue // 이미 체크 되었다면 Continue
if ($_COOKIE["hd_pops_{$row_nw['nw_id']}"]) if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
continue; continue;
$sql = " select * from {$g5['new_win_table']} where nw_id = '{$row_nw['nw_id']}' ";
$nw = sql_fetch($sql);
?> ?>
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;"> <div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;">

1
skin/new/basic/new.skin.php
View File

@ -45,7 +45,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$new_skin_url.'/style.css">', 0);
<input type="hidden" name="view" value="<?php echo $view; ?>"> <input type="hidden" name="view" value="<?php echo $view; ?>">
<input type="hidden" name="sfl" value="<?php echo $sfl; ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl; ?>">
<input type="hidden" name="stx" value="<?php echo $stx; ?>"> <input type="hidden" name="stx" value="<?php echo $stx; ?>">
<input type="hidden" name="srows" value="<?php echo $srows; ?>">
<input type="hidden" name="bo_table" value="<?php echo $bo_table; ?>"> <input type="hidden" name="bo_table" value="<?php echo $bo_table; ?>">
<input type="hidden" name="page" value="<?php echo $page; ?>"> <input type="hidden" name="page" value="<?php echo $page; ?>">
<input type="hidden" name="pressed" value=""> <input type="hidden" name="pressed" value="">