diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index b7e56ef8c..8b40bc8d2 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -29,8 +29,8 @@ if ($board && ($board['bo_include_head'] !== $_POST['bo_include_head'] || $board
if ($file = $_POST['bo_include_head']) {
$file_ext = pathinfo($file, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
+ alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
$_POST['bo_include_head'] = $file;
}
@@ -38,8 +38,8 @@ if ($file = $_POST['bo_include_head']) {
if ($file = $_POST['bo_include_tail']) {
$file_ext = pathinfo($file, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
+ alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
$_POST['bo_include_tail'] = $file;
}
diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
index 753c5e4bf..9904425b1 100644
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@@ -41,8 +41,8 @@ if( $co_include_head ){
$file_ext = pathinfo($co_include_head, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $co_include_head) ) {
+ alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
}
@@ -50,8 +50,8 @@ if( $co_include_tail ){
$file_ext = pathinfo($co_include_tail, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $co_include_tail) ) {
+ alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
}
diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php
index a472f7c6c..df9153e9c 100644
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@@ -24,16 +24,16 @@ if ($board && ($qaconfig['qa_include_head'] !== $_POST['qa_include_head'] || $qa
if( $qa_include_head ){
$file_ext = pathinfo($qa_include_head, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $qa_include_head) ) {
+ alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
}
if( $qa_include_tail ){
$file_ext = pathinfo($qa_include_tail, PATHINFO_EXTENSION);
- if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) {
- alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.');
+ if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $qa_include_tail) ) {
+ alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
}
diff --git a/adm/sms_admin/form_list.php b/adm/sms_admin/form_list.php
index 97cb3396f..dca08fb51 100644
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@@ -13,6 +13,8 @@ $g5['title'] = "이모티콘 관리";
if ($page < 1) $page = 1;
+$fg_no = isset($fg_no) ? (int) $fg_no : '';
+
if (is_numeric($fg_no))
$sql_group = " and fg_no='$fg_no' ";
else
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index 14a892bc5..567e05f00 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -14,6 +14,7 @@ $g5['title'] = "휴대폰번호 관리";
if ($page < 1) $page = 1;
$bg_no = isset($bg_no) ? (int) $bg_no : 0;
+$st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';
if (is_numeric($bg_no))
$sql_group = " and bg_no='$bg_no' ";
diff --git a/config.php b/config.php
index d8ddc3a2f..adbae197e 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
********************/
define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.1.3');
+define('G5_GNUBOARD_VER', '5.3.1.4');
define('G5_YOUNGCART_VER', '5.3.1.3');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
diff --git a/css/default.css b/css/default.css
index e64520b9a..59def503f 100644
--- a/css/default.css
+++ b/css/default.css
@@ -76,7 +76,7 @@ border: 1px solid #558ab7 !important;
.hd_sch_wr{position:absolute;top:25px;left:50%;width:430px;margin-left:-215px;}
#hd_sch h3 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#hd_sch{;border:2px solid #556ada;background:#fff;border-radius:5px;overflow:hidden}
+#hd_sch{border:2px solid #556ada;background:#fff;border-radius:5px;overflow:hidden}
#hd_sch #sch_stx {padding-left:10px;height:40px;width:376px;border:0;border-right:0;float:left;font-size:1.25em}
#hd_sch #sch_submit {height:40px;border:0;background:#fff;color:#253dbe;width:50px;float:left;cursor:pointer;font-size:18px}
@@ -91,7 +91,7 @@ border: 1px solid #558ab7 !important;
#tnb a:focus, #tnb a:hover {color:#253dbe;background:#fafafa}
#tnb .tnb_admin a{color:#ff0000;}
#tnb .tnb_left{float:left}
-#tnb .tnb_left a{;padding:0 14px}
+#tnb .tnb_left a{padding:0 14px}
#tnb .tnb_cart{border-right:1px solid #ddd;}
#tnb .tnb_community{border-right:1px solid #ddd}
#tnb .tnb_community i{font-size:15px}
@@ -189,7 +189,7 @@ box-shadow: 0 2px 5px rgba(0,0,0,0.2);}
#ft h1 {position:absolute;font-size:0;line-height:0;overflow:hidden}
#ft_wr {margin:0 auto;position:relative;}
#ft_link{padding:15px 0;border-bottom:1px solid #eee}
-#ft_link a{;display:inline-block;padding:0 8px;line-height:1.083em;font-weight:bold}
+#ft_link a{display:inline-block;padding:0 8px;line-height:1.083em;font-weight:bold}
#ft_catch{margin:20px 0 10px}
#ft_copy{color:#555;font-size:0.92em}
#top_btn {position:fixed;bottom:20px;right:20px;width:50px;height:50px;line-height:46px;border:2px solid #333;color:#333;text-align:center;font-size:15px;z-index:90;background:rgba(255,255,255,0.5)}
@@ -216,8 +216,8 @@ box-shadow: 0 2px 5px rgba(0,0,0,0.2);}
/* 캡챠 자동등록(입력)방지 기본 -pc */
#captcha {display:inline-block;position:relative}
#captcha legend {position:absolute;margin:0;padding:0;font-size:0;line-height:0;text-indent:-9999em;overflow:hidden;}
-#captcha #captcha_img {;height:40px;border:1px solid #898989;vertical-align:top;padding:0;margin:0}
-#captcha #captcha_mp3 {;margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;background:url('../img/captcha2.png') no-repeat;text-indent:-999px;border-radius:3px}
+#captcha #captcha_img {height:40px;border:1px solid #898989;vertical-align:top;padding:0;margin:0}
+#captcha #captcha_mp3 {margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;background:url('../img/captcha2.png') no-repeat;text-indent:-999px;border-radius:3px}
#captcha #captcha_reload {margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;background:url('../img/captcha2.png') no-repeat 0 -40px;text-indent:-999px;border-radius:3px}
#captcha #captcha_key {margin:0 0 0 3px;padding:0 5px;width:90px;height:40px;border:1px solid #ccc;background:#fff;font-size:1.333em;font-weight:bold;text-align:center;border-radius:3px;vertical-align:top}
#captcha #captcha_info {display:block;margin:5px 0 0;font-size:0.95em;letter-spacing:-0.1em}
diff --git a/css/mobile.css b/css/mobile.css
index b0b9a4df3..f10c9140d 100644
--- a/css/mobile.css
+++ b/css/mobile.css
@@ -43,8 +43,8 @@ ul,li,dl,dt,dd{list-style:none;padding:0;margin:0}
#logo img{vertical-align:middle;max-height:100%;width:auto}
#gnb_open {position:absolute;top:10px;left:10px;padding:0 10px;height:30px;width:30px;border:0;background-size:70%;color:#fff;background:none; font-size: 16px;}
#gnb {display:none;background:#262626;position:fixed;top:0;left:0;z-index:99999;height:100%;overflow-y:auto;width:300px;
--webkit-box-shadow:0 0 5px rgba(55,55,5,0.4));
--moz-box-shadow:0 0 5px rgba(55,55,5,0.4));
+-webkit-box-shadow:0 0 5px rgba(55,55,5,0.4);
+-moz-box-shadow:0 0 5px rgba(55,55,5,0.4);
box-shadow: 0 0 5px rgba(55,55,5,0.4);}
#gnb a {display:block;color:#efefef}
@@ -68,8 +68,8 @@ box-shadow: 0 0 5px rgba(55,55,5,0.4);}
#user_btn {position:absolute;top:10px;right:10px;padding:0 10px;height:30px;width:30px;border:0;;color:#fff;font-size:16px;background:none;letter-spacing:-0.1em}
#user_menu{display:none;position:fixed;top:0;right:0;height:100%;;overflow-y:auto;width:320px;z-index:9999;background:#fff;text-align:center;
--webkit-box-shadow:0 0 5px rgba(55,55,5,0.4));
--moz-box-shadow:0 0 5px rgba(55,55,5,0.4));
+-webkit-box-shadow:0 0 5px rgba(55,55,5,0.4);
+-moz-box-shadow:0 0 5px rgba(55,55,5,0.4);
box-shadow: 0 0 5px rgba(55,55,5,0.4);}
#user_close {display:block;margin:0;height:50px;width:100%;border:0;background:url(../img/mobile/btn_close.png) no-repeat right 50%
#222;background-size:25px;color:#fff;text-indent:-999999999px;overflow:hidden}
@@ -102,8 +102,8 @@ box-shadow: 0 0 5px rgba(100,100,100,0.2);}
#container {position:relative;min-height:300px}
#container:after {display:block;visibility:hidden;clear:both;content:""}
#container_title {font-size:1.2em;font-weight:bold;height:50px;padding:10px;line-height:30px;background:#fff;color:#333;
- -webkit-box-shadow: 0 0 5px rgba(55,55,5,0.4));
- -moz-box-shadow: 0 0 5px rgba(55,55,5,0.4));
+ -webkit-box-shadow: 0 0 5px rgba(55,55,5,0.4);
+ -moz-box-shadow: 0 0 5px rgba(55,55,5,0.4);
box-shadow: 0 0 5px rgba(55,55,5,0.4);
}
.top{position:relative}
@@ -150,8 +150,8 @@ box-shadow: 0 0 5px rgba(100,100,100,0.2);}
/* 캡챠 자동등록(입력)방지 기본 -pc */
#captcha {position:relative}
#captcha legend {position:absolute;margin:0;padding:0;font-size:0;line-height:0;text-indent:-9999em;overflow:hidden;}
-#captcha #captcha_img {;height:40px;border:1px solid #898989;;vertical-align:top;padding:0;margin:0}
-#captcha #captcha_mp3 {;margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;width:40px;height:40px;background:url('../img/captcha2.png') no-repeat;text-indent:-999px;;border-radius:3px}
+#captcha #captcha_img {height:40px;border:1px solid #898989;;vertical-align:top;padding:0;margin:0}
+#captcha #captcha_mp3 {margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;width:40px;height:40px;background:url('../img/captcha2.png') no-repeat;text-indent:-999px;;border-radius:3px}
#captcha #captcha_reload {margin:0;padding:0;width:40px;height:40px;border:0;background:transparent;vertical-align:middle;overflow:hidden;cursor:pointer;background:url('../img/captcha2.png') no-repeat 0 -40px;text-indent:-999px;border-radius:3px}
#captcha #captcha_key {margin:0 0 0 3px;padding:0 5px;width:90px;height:40px;border:1px solid #ccc;background:#fff;font-size:1.333em;font-weight:bold;text-align:center;border-radius:3px;vertical-align:top}
#captcha #captcha_info {display:block;margin:3px 0 5px ;font-size:0.95em;letter-spacing:-0.1em}
@@ -185,7 +185,7 @@ button.btn02 {display:inline-block;margin:0;padding:7px;border:1px solid #3b3c3f
.btn_confirm {text-align:center} /* 서식단계 진행 */
-.btn_submit {;border:0;background:#ff506a;color:#fff;cursor:pointer;border-radius:3px}
+.btn_submit {border:0;background:#ff506a;color:#fff;cursor:pointer;border-radius:3px}
fieldset .btn_submit {}
a.btn_cancel {display:inline-block;background:#ddd;color:#444;text-decoration:none;vertical-align:middle}
diff --git a/js/common.js b/js/common.js
index 6a1bd75a1..d69064d4f 100644
--- a/js/common.js
+++ b/js/common.js
@@ -343,6 +343,18 @@ var win_memo = function(href) {
new_win.focus();
}
+/**
+ * 쪽지 창
+ **/
+var check_goto_new = function(href, event) {
+ if( !(typeof g5_is_mobile != "undefined" && g5_is_mobile) ){
+ if (window.opener && window.opener.document && window.opener.document.getElementById) {
+ event.preventDefault ? event.preventDefault() : (event.returnValue = false);
+ window.opener.document.location.href = href;
+ }
+ }
+}
+
/**
* 메일 창
**/
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d73bd5bfb..317092553 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1280,7 +1280,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
$str2 .= "이름으로 검색\n";
}
if($mb_id)
- $str2 .= "전체게시물\n";
+ $str2 .= "전체게시물\n";
if($is_admin == "super" && $mb_id) {
$str2 .= "회원정보변경\n";
$str2 .= "포인트내역\n";
@@ -3493,7 +3493,7 @@ function is_include_path_check($path='', $is_input='')
return false;
}
- if( preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
+ if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $path) ){
return false;
}
}
diff --git a/plugin/social/Hybrid/Providers/Naver.php b/plugin/social/Hybrid/Providers/Naver.php
index 431425b43..4927276f8 100644
--- a/plugin/social/Hybrid/Providers/Naver.php
+++ b/plugin/social/Hybrid/Providers/Naver.php
@@ -118,7 +118,7 @@ class Hybrid_Providers_Naver extends Hybrid_Provider_Model_OAuth2
//$this->user->profile->identifier = (array_key_exists('enc_id',$data))?$data['enc_id']:"";
$this->user->profile->identifier = (array_key_exists('id',$data))?$data['id']:"";
$this->user->profile->age = (array_key_exists('age',$data))?$data['age']:"";
- $this->user->profile->displayName = '';
+ $this->user->profile->username = (array_key_exists('name', $data)) ? $data['name'] : "";
/*
if( array_key_exists('email',$data) ){
$tmp = explode("@", $data['email']);
diff --git a/plugin/social/register_member.php b/plugin/social/register_member.php
index 4451c3b61..60ec6ea8f 100644
--- a/plugin/social/register_member.php
+++ b/plugin/social/register_member.php
@@ -31,6 +31,7 @@ $user_id = $user_profile->sid ? preg_replace("/[^0-9a-z_]+/i", "", $user_profile
$user_id = exist_mb_id_recursive($user_id);
$user_nick = exist_mb_nick_recursive($user_nick, '');
$is_exists_email = $user_email ? exist_mb_email($user_email, '') : false;
+$user_name = isset($user_profile->username) ? $user_profile->username : '';
// 불법접근을 막도록 토큰생성
$token = md5(uniqid(rand(), true));
diff --git a/skin/board/gallery/style.css b/skin/board/gallery/style.css
index 25e1346f2..4da54a855 100644
--- a/skin/board/gallery/style.css
+++ b/skin/board/gallery/style.css
@@ -250,12 +250,12 @@ box-shadow: inset 0 2px 5px rgb(33, 135, 202);}
#bo_v_top {zoom:1}
#bo_v_top:after {display:block;visibility:hidden;clear:both;content:""}
#bo_v_top h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#bo_v_top ul ;padding:0;list-style:none;word-break:break-all}
+#bo_v_top ul {padding:0;list-style:none;word-break:break-all}
#bo_v_bot {zoom:1}
#bo_v_bot:after {display:block;visibility:hidden;clear:both;content:""}
#bo_v_bot h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#bo_v_bot ul {;padding:0;list-style:none}
+#bo_v_bot ul {padding:0;list-style:none}
.bo_v_com {margin:20px 0;float:right}
.bo_v_com li {float:left;margin-left:5px}
diff --git a/skin/new/basic/new.skin.php b/skin/new/basic/new.skin.php
index 9401f2b50..adb023df1 100644
--- a/skin/new/basic/new.skin.php
+++ b/skin/new/basic/new.skin.php
@@ -101,7 +101,7 @@ add_stylesheet('', 0);
-
+
diff --git a/skin/social/social_register_member.skin.php b/skin/social/social_register_member.skin.php
index ccd41f476..13fd8ee27 100644
--- a/skin/social/social_register_member.skin.php
+++ b/skin/social/social_register_member.skin.php
@@ -23,7 +23,7 @@ $email_msg = $is_exists_email ? '등록할 이메일이 중복되었습니다.