diff --git a/adm/board_form_update.php b/adm/board_form_update.php index 8b40bc8d2..912887760 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -14,11 +14,11 @@ if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); } if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); } if (!$_POST['bo_subject']) { alert('게시판 제목을 입력하세요.'); } -$_POST['bo_include_head'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_include_head'], 0, 255)); -$_POST['bo_include_tail'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_include_tail'], 0, 255)); +$bo_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_head, 0, 255)); +$bo_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_tail, 0, 255)); // 관리자가 자동등록방지를 사용해야 할 경우 -if ($board && ($board['bo_include_head'] !== $_POST['bo_include_head'] || $board['bo_include_tail'] !== $_POST['bo_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ +if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); if (!chk_captcha()) { @@ -26,7 +26,7 @@ if ($board && ($board['bo_include_head'] !== $_POST['bo_include_head'] || $board } } -if ($file = $_POST['bo_include_head']) { +if ($file = $bo_include_head) { $file_ext = pathinfo($file, PATHINFO_EXTENSION); if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) { @@ -35,7 +35,7 @@ if ($file = $_POST['bo_include_head']) { $_POST['bo_include_head'] = $file; } -if ($file = $_POST['bo_include_tail']) { +if ($file = $bo_include_tail) { $file_ext = pathinfo($file, PATHINFO_EXTENSION); if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) { @@ -44,11 +44,11 @@ if ($file = $_POST['bo_include_tail']) { $_POST['bo_include_tail'] = $file; } -if(!is_include_path_check($_POST['bo_include_head'], 1)) { +if(!is_include_path_check($bo_include_head, 1)) { alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } -if(!is_include_path_check($_POST['bo_include_tail'], 1)) { +if(!is_include_path_check($bo_include_tail, 1)) { alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } @@ -125,8 +125,8 @@ $sql_common = " gr_id = '{$_POST['gr_id']}', // 최고 관리자인 경우에만 수정가능 if ($is_admin === 'super'){ -$sql_common .= " bo_include_head = '{$_POST['bo_include_head']}', - bo_include_tail = '{$_POST['bo_include_tail']}', +$sql_common .= " bo_include_head = '".$bo_include_head."', + bo_include_tail = '".$bo_include_tail."', bo_content_head = '{$_POST['bo_content_head']}', bo_content_tail = '{$_POST['bo_content_tail']}', bo_mobile_content_head = '{$_POST['bo_mobile_content_head']}', diff --git a/adm/boardgroup_form.php b/adm/boardgroup_form.php index df2b9b2c1..73e162d98 100644 --- a/adm/boardgroup_form.php +++ b/adm/boardgroup_form.php @@ -12,7 +12,7 @@ $sound_only = ''; if ($w == '') { $gr_id_attr = 'required'; $sound_only = ' 필수'; - $gr['gr_use_access'] = 0; + $gr = array('gr_use_access' => 0); $html_title .= ' 생성'; } else if ($w == 'u') { $gr_id_attr = 'readonly'; diff --git a/adm/boardgroup_form_update.php b/adm/boardgroup_form_update.php index c29558fdd..7ce694a8e 100644 --- a/adm/boardgroup_form_update.php +++ b/adm/boardgroup_form_update.php @@ -16,7 +16,9 @@ if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id'])) if (!$gr_subject) alert('그룹 제목을 입력하세요.'); -$sql_common = " gr_subject = '{$_POST['gr_subject']}', +$gr_subject = isset($_POST['gr_subject']) ? strip_tags($_POST['gr_subject']) : ''; + +$sql_common = " gr_subject = '{$gr_subject}', gr_device = '{$_POST['gr_device']}', gr_admin = '{$_POST['gr_admin']}', gr_1_subj = '{$_POST['gr_1_subj']}', diff --git a/adm/boardgroup_list_update.php b/adm/boardgroup_list_update.php index c10cd247f..fbf9e2f1a 100644 --- a/adm/boardgroup_list_update.php +++ b/adm/boardgroup_list_update.php @@ -19,10 +19,11 @@ for ($i=0; $i<$count; $i++) { $k = $_POST['chk'][$i]; $gr_id = $_POST['group_id'][$k]; + $gr_subject = strip_tags($_POST['gr_subject'][$k]); if($_POST['act_button'] == '선택수정') { $sql = " update {$g5['group_table']} - set gr_subject = '{$_POST['gr_subject'][$k]}', + set gr_subject = '{$gr_subject}', gr_device = '{$_POST['gr_device'][$k]}', gr_admin = '{$_POST['gr_admin'][$k]}', gr_use_access = '{$_POST['gr_use_access'][$k]}', diff --git a/adm/contentform.php b/adm/contentform.php index 024a17615..7ebe8bf01 100644 --- a/adm/contentform.php +++ b/adm/contentform.php @@ -49,9 +49,11 @@ if ($w == "u") else { $html_title .= ' 입력'; - $co['co_html'] = 2; - $co['co_skin'] = 'basic'; - $co['co_mobile_skin'] = 'basic'; + $co = array( + 'co_html' => 2, + 'co_skin' => 'basic', + 'co_mobile_skin' => 'basic' + ); } include_once (G5_ADMIN_PATH.'/admin.head.php'); diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php index 9904425b1..dff780a39 100644 --- a/adm/contentformupdate.php +++ b/adm/contentformupdate.php @@ -20,8 +20,12 @@ if ($w == "" || $w == "u") $co_row = sql_fetch($sql); } +$co_subject = strip_tags($co_subject); +$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255)); +$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255)); + // 관리자가 자동등록방지를 사용해야 할 경우 -if (($co_row['co_include_head'] !== $_POST['co_include_head'] || $co_row['co_include_tail'] !== $_POST['co_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ +if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); if (!chk_captcha()) { diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php index df87fec03..d48f69e49 100644 --- a/adm/faqmasterform.php +++ b/adm/faqmasterform.php @@ -21,6 +21,7 @@ if ($w == "u") else { $html_title .= ' 입력'; + $fm = array(); } $g5['title'] = $html_title.' 관리'; diff --git a/adm/faqmasterformupdate.php b/adm/faqmasterformupdate.php index fed67d644..f753683e3 100644 --- a/adm/faqmasterformupdate.php +++ b/adm/faqmasterformupdate.php @@ -18,6 +18,8 @@ check_admin_token(); if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h"); if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t"); +$fm_subject = strip_tags($fm_subject); + $sql_common = " set fm_subject = '$fm_subject', fm_head_html = '$fm_head_html', fm_tail_html = '$fm_tail_html', diff --git a/adm/newwinform.php b/adm/newwinform.php index 9ae1bc557..4b3d3be2d 100644 --- a/adm/newwinform.php +++ b/adm/newwinform.php @@ -125,7 +125,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); - + diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php index 44d60e014..fc2314800 100644 --- a/adm/newwinformupdate.php +++ b/adm/newwinformupdate.php @@ -13,7 +13,8 @@ else check_admin_token(); - +$nw_subject = isset($_POST['nw_subject']) ? strip_tags($_POST['nw_subject']) : ''; + $sql_common = " nw_division = '{$_POST['nw_division']}', nw_device = '{$_POST['nw_device']}', nw_begin_time = '{$_POST['nw_begin_time']}', @@ -23,7 +24,7 @@ $sql_common = " nw_division = '{$_POST['nw_division']}', nw_top = '{$_POST['nw_top']}', nw_height = '{$_POST['nw_height']}', nw_width = '{$_POST['nw_width']}', - nw_subject = '{$_POST['nw_subject']}', + nw_subject = '{$nw_subject}', nw_content = '{$_POST['nw_content']}', nw_content_html = '{$_POST['nw_content_html']}' "; diff --git a/adm/point_update.php b/adm/point_update.php index 2240e6022..571a1dfa6 100644 --- a/adm/point_update.php +++ b/adm/point_update.php @@ -6,9 +6,9 @@ auth_check($auth[$sub_menu], 'w'); check_admin_token(); -$mb_id = $_POST['mb_id']; -$po_point = $_POST['po_point']; -$po_content = $_POST['po_content']; +$mb_id = strip_tags($_POST['mb_id']); +$po_point = strip_tags($_POST['po_point']); +$po_content = strip_tags($_POST['po_content']); $expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']); $mb = get_member($mb_id); diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index df9153e9c..1072b765f 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -12,8 +12,11 @@ $error_msg = ''; $qaconfig = get_qa_config(); +$qa_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($qa_include_head, 0, 255)); +$qa_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($qa_include_tail, 0, 255)); + // 관리자가 자동등록방지를 사용해야 할 경우 -if ($board && ($qaconfig['qa_include_head'] !== $_POST['qa_include_head'] || $qaconfig['qa_include_tail'] !== $_POST['qa_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ +if ($board && ($qaconfig['qa_include_head'] !== $qa_include_head || $qaconfig['qa_include_tail'] !== $qa_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); if (!chk_captcha()) { diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php index 78af3f36e..530cfcdcd 100644 --- a/adm/sms_admin/history_num.php +++ b/adm/sms_admin/history_num.php @@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size); include_once(G5_ADMIN_PATH.'/admin.head.php'); ?> -
+ - - + + + - +
@@ -74,7 +74,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php"); - + @@ -187,14 +187,12 @@ function book_submit(){ if($check_msg.size()> 0) $check_msg.remove(); -// $("#exist_msg").text(""); is_submit = true; } else { if($check_msg.size() < 1) $("input#bk_hp").after("

이 번호를 쓰는 회원 정보

    "); $("#hp_check_el").find("ul").html( list_text ); -// $("#exist_msg").html(""); if(confirm("회원 정보에 중복 휴대폰 번호가 있습니다.수정하실 경우 회원정보에 반영되지 않습니다.\n수정하시겠습니까?")) is_submit = true; diff --git a/bbs/formmail_send.php b/bbs/formmail_send.php index 090209479..b36feed06 100644 --- a/bbs/formmail_send.php +++ b/bbs/formmail_send.php @@ -12,14 +12,13 @@ if (!$is_member && $config['cf_formmail_is_member']) $email_enc = new str_encrypt(); $to = $email_enc->decrypt($to); -if (substr_count($to, "@") > 1) - alert_close('한번에 한사람에게만 메일을 발송할 수 있습니다.'); - - if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } +if (!preg_match("/([0-9a-zA-Z_-]+)@([0-9a-zA-Z_-]+)\.([0-9a-zA-Z_-]+)/", $to)){ + alert_close('E-mail 주소가 형식에 맞지 않아서, 메일을 보낼수 없습니다.'); +} $file = array(); for ($i=1; $i<=$attach; $i++) { diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index 8dfa76b28..685dec86c 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -24,6 +24,10 @@ $url = clean_xss_tags($_GET['url']); // url 체크 check_url_host($url, '', G5_URL, true); +if( preg_match('#^/{3,}#', $url) ){ + $url = preg_replace('#^/{3,}#', '/', $url); +} + $url = get_text($url); include_once($member_skin_path.'/member_confirm.skin.php'); diff --git a/common.php b/common.php index c86a24e81..a4ca21717 100644 --- a/common.php +++ b/common.php @@ -626,6 +626,7 @@ if(!empty($extend_file) && is_array($extend_file)) { foreach($extend_file as $file) { include_once(G5_EXTEND_PATH.'/'.$file); } + unset($file); } unset($extend_file); diff --git a/js/kakaolink.js b/js/kakaolink.js index 8ac822a0b..b7c0cc83f 100644 --- a/js/kakaolink.js +++ b/js/kakaolink.js @@ -1,10 +1,20 @@ -function kakaolink_send(text, url) +function kakaolink_send(text, url, image) { + if( image === undefined ){ + image = ''; + } + // 카카오톡 링크 버튼을 생성합니다. 처음 한번만 호출하면 됩니다. - Kakao.Link.sendTalkLink({ - webLink : { - text: String(text), - url: url // 앱 설정의 웹 플랫폼에 등록한 도메인의 URL이어야 합니다. - } + Kakao.Link.sendDefault({ + objectType: 'feed', + content: { + title: String(text), + description: url, + imageUrl: image, + link: { + mobileWebUrl: url, + webUrl: url // 앱 설정의 웹 플랫폼에 등록한 도메인의 URL이어야 합니다. + } + } }); } \ No newline at end of file diff --git a/lib/common.lib.php b/lib/common.lib.php index 317092553..04ff241d5 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3284,7 +3284,7 @@ class str_encrypt function __construct($salt='') { if(!$salt) - $this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), G5_MYSQL_PASSWORD)); + $this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), $_SERVER['SERVER_SOFTWARE'].$_SERVER['DOCUMENT_ROOT'])); else $this->salt = $salt; @@ -3303,12 +3303,12 @@ class str_encrypt $result .= $char; } - return base64_encode($result); + return strtr(base64_encode($result) , '+/=', '._-'); } function decrypt($str) { $result = ''; - $str = base64_decode($str); + $str = base64_decode(strtr($str, '._-', '+/=')); $length = strlen($str); for($i=0; $i<$length; $i++) { @@ -3453,7 +3453,7 @@ function is_include_path_check($path='', $is_input='') if( $path ){ if ($is_input){ - if( stripos($path, 'php://') !== false || stripos($path, 'zlib://') !== false || stripos($path, 'bzip2://') !== false || stripos($path, 'zip://') !== false || stripos($path, 'data:text/') !== false || stripos($path, 'data://') !== false ){ + if( stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){ return false; } @@ -3493,7 +3493,7 @@ function is_include_path_check($path='', $is_input='') return false; } - if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $path) ){ + if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', str_replace('\\', '/', $path)) ){ return false; } } diff --git a/mobile/skin/board/basic/list.skin.php b/mobile/skin/board/basic/list.skin.php index 421c19592..149d1f22a 100644 --- a/mobile/skin/board/basic/list.skin.php +++ b/mobile/skin/board/basic/list.skin.php @@ -76,7 +76,6 @@ add_stylesheet('', 0 공지'; } if (isset($list[$i]['icon_new'])) echo $list[$i]['icon_new']; diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php index 344610c3a..70c42e1ba 100644 --- a/mobile/skin/board/basic/view.skin.php +++ b/mobile/skin/board/basic/view.skin.php @@ -153,7 +153,7 @@ add_stylesheet('', 0 - + - +