From 714c55485d96300c1485458d2de7e474d3d3e306 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 29 Oct 2020 16:30:16 +0900 Subject: [PATCH 01/16] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=EB=A1=9C=20?= =?UTF-8?q?=EB=A1=9C=EA=B7=B8=EC=9D=B8=EC=8B=9C=20data=20=ED=8F=B4?= =?UTF-8?q?=EB=8D=94=EC=97=90=20=EC=93=B0=EA=B8=B0=EA=B6=8C=ED=95=9C=20?= =?UTF-8?q?=EB=98=90=EB=8A=94=20=EC=9B=B9=ED=95=98=EB=93=9C=20=EC=9A=A9?= =?UTF-8?q?=EB=9F=89=EC=9D=B4=20=EC=9E=88=EB=8A=94=EC=A7=80=20=EC=B2=B4?= =?UTF-8?q?=ED=81=AC=EA=B3=BC=EC=A0=95=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/login_check.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/bbs/login_check.php b/bbs/login_check.php index 983b25020..8c46900f5 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -127,5 +127,22 @@ if(function_exists('social_login_success_after')){ run_event('member_login_check', $mb, $link, $is_social_login); +// 관리자로 로그인시 DATA 폴더의 쓰기 권한이 있는지 체크합니다. 쓰기 권한이 없으면 로그인을 못합니다. +if( is_admin($mb['mb_id']) && is_dir(G5_DATA_PATH.'/tmp/') ){ + $tmp_data_file = G5_DATA_PATH.'/tmp/tmp-write-test-'.time(); + $tmp_data_check = @fopen($tmp_data_file, 'w'); + if($tmp_data_check){ + if(! @fwrite($tmp_data_check, G5_URL)){ + $tmp_data_check = false; + } + } + @fclose($tmp_data_check); + @unlink($tmp_data_file); + + if(! $tmp_data_check){ + alert("data 폴더에 쓰기권한이 없거나 또는 웹하드 용량이 없는 경우\\n로그인을 못할수도 있으니, 용량 체크 및 쓰기 권한을 확인해 주세요.", $link); + } +} + goto_url($link); ?> From c0a92fdf0f815bcab97487cc8bda178b2fa98312 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 2 Nov 2020 10:58:06 +0900 Subject: [PATCH 02/16] =?UTF-8?q?=EB=B6=88=ED=95=84=EC=9A=94=ED=95=9C=20PH?= =?UTF-8?q?P=EB=B2=84=EC=A0=84=20=ED=99=95=EC=9D=B8=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/config.php b/config.php index a6aea249c..6ff6fbcc9 100644 --- a/config.php +++ b/config.php @@ -10,10 +10,8 @@ define('G5_GNUBOARD_VER', '5.4.3'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); -if (PHP_VERSION >= '5.1.0') { - //if (function_exists("date_default_timezone_set")) date_default_timezone_set("Asia/Seoul"); - date_default_timezone_set("Asia/Seoul"); -} +// 기본 시간대 설정 +date_default_timezone_set("Asia/Seoul"); /******************** 경로 상수 From 26a8d29b38866f7d201c445f02d89046ad05f1a0 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 2 Nov 2020 12:01:10 +0900 Subject: [PATCH 03/16] =?UTF-8?q?=ED=9A=8C=EC=9B=90=20=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=EC=B2=B4=ED=81=AC=20=ED=8E=98=EC=9D=B4=EC=A7=80?= =?UTF-8?q?=EC=97=90=20event=20hook=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/login_check.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bbs/login_check.php b/bbs/login_check.php index 8c46900f5..a99267dc2 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -6,6 +6,8 @@ $g5['title'] = "로그인 검사"; $mb_id = trim($_POST['mb_id']); $mb_password = trim($_POST['mb_password']); +run_event('member_login_check_before', $mb_id); + if (!$mb_id || !$mb_password) alert('회원아이디나 비밀번호가 공백이면 안됩니다.'); From ed1d882091e077c4027cf27e481ad696b3b3d595 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 2 Nov 2020 14:56:31 +0900 Subject: [PATCH 04/16] =?UTF-8?q?sql=5Ffree=5Fresult=20=EC=8B=9C=20mysql?= =?UTF-8?q?=20resource=20=ED=99=95=EC=9D=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/common.lib.php b/lib/common.lib.php index ad1648eaa..ec357e4b0 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1655,6 +1655,8 @@ function sql_fetch_array($result) // 단, 결과 값은 스크립트(script) 실행부가 종료되면서 메모리에서 자동적으로 지워진다. function sql_free_result($result) { + if(!is_resource($result)) return; + if(function_exists('mysqli_free_result') && G5_MYSQLI_USE) return mysqli_free_result($result); else From 5102e876493432b3dbf59cdd46e901f5708c6704 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 5 Nov 2020 14:34:56 +0900 Subject: [PATCH 05/16] =?UTF-8?q?=EC=86=8C=EC=85=9C=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=ED=8E=98=EC=9D=B4=EC=8A=A4=EB=B6=81=20=EC=95=84?= =?UTF-8?q?=EC=9D=B4=EB=94=94=EB=A1=9C=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20=EB=B0=8F=20=ED=8A=B8?= =?UTF-8?q?=EC=9C=84=ED=84=B0=20=EC=95=B1=20=EB=A7=81=ED=81=AC=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 2 +- plugin/social/includes/functions.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index 4a8bdd8e9..223d40471 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1157,7 +1157,7 @@ include_once('_rewrite_config_form.php'); - 앱 등록하기 + 앱 등록하기 diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index 50fb6af81..001373292 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -322,7 +322,7 @@ function social_extends_get_keys($provider){ "keys" => array("id" => $config['cf_facebook_appid'], "secret" => $config['cf_facebook_secret']), "display" => "popup", "redirect_uri" => get_social_callbackurl('facebook'), - "scope" => array('email'), // optional + "scope" => 'email', // optional "trustForwarded" => false ); From dd8e7d8e30706370afa5976b94eae08cf6ae2456 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 6 Nov 2020 12:24:46 +0900 Subject: [PATCH 06/16] =?UTF-8?q?get=5Ffile=20=ED=95=A8=EC=88=98=EC=97=90?= =?UTF-8?q?=20hook=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index ec357e4b0..912467241 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -330,7 +330,7 @@ function get_file($bo_table, $wr_id) $file['count']++; } - return $file; + return run_replace('get_files', $file, $bo_table, $wr_id); } From 0832f72914e8cad18eea1a70b6f7c447fe4e2d3f Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 6 Nov 2020 16:10:47 +0900 Subject: [PATCH 07/16] =?UTF-8?q?=EC=95=84=EC=9D=B4=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=A0=84=EC=86=A1=20=EB=8D=B0=EC=9D=B4=ED=84=B0=EC=99=80=20?= =?UTF-8?q?=EC=A0=84=EC=86=A1=20=EA=B2=B0=EA=B3=BC=EB=A5=BC=20=EC=B4=88?= =?UTF-8?q?=EA=B8=B0=ED=99=94=20=ED=95=98=EB=8A=94=20=EB=B3=80=EC=88=98=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/icode.lms.lib.php | 4 ++-- lib/icode.sms.lib.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/icode.lms.lib.php b/lib/icode.lms.lib.php index 0da41bdb0..4b6b2a1d9 100644 --- a/lib/icode.lms.lib.php +++ b/lib/icode.lms.lib.php @@ -56,8 +56,8 @@ class LMS { } function Init() { - $this->Data = ""; // 발송하기 위한 패킷내용이 배열로 들어간다. - $this->Result = ""; // 발송결과값이 배열로 들어간다. + $this->Data = array(); // 발송하기 위한 패킷내용이 배열로 들어간다. + $this->Result = array(); // 발송결과값이 배열로 들어간다. } function Add($strDest, $strCallBack, $strCaller, $strSubject, $strURL, $strData, $strDate="", $nCount) { diff --git a/lib/icode.sms.lib.php b/lib/icode.sms.lib.php index a2a79a449..679b8b0c5 100644 --- a/lib/icode.sms.lib.php +++ b/lib/icode.sms.lib.php @@ -67,8 +67,8 @@ class SMS { } function Init() { - $this->Data = ""; - $this->Result = ""; + $this->Data = array(); + $this->Result = array(); } function Add($dest, $callBack, $Caller, $msg, $rsvTime="") { From 1cdb1b9397deb5f47ce5a45ca2ac8b6582d08f3d Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 9 Nov 2020 15:06:08 +0900 Subject: [PATCH 08/16] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=99=98?= =?UTF-8?q?=EA=B2=BD=EC=84=A4=EC=A0=95=EC=9D=98=20=EC=A0=91=EA=B7=BC?= =?UTF-8?q?=EC=B0=A8=EB=8B=A8IP=20=EC=A4=91=20=ED=98=84=EC=9E=AC=20?= =?UTF-8?q?=EC=A0=91=EC=86=8D=20IP=EB=A5=BC=20=EC=B0=A8=EB=8B=A8=EB=AA=BB?= =?UTF-8?q?=ED=95=98=EA=B2=8C=20=ED=95=98=EA=B8=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 20 ++++++++++++++++++++ adm/config_form_update.php | 18 ++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/adm/config_form.php b/adm/config_form.php index 223d40471..536d9754b 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1434,6 +1434,26 @@ $(function(){ function fconfigform_submit(f) { + var current_user_ip = ""; + var cf_intercept_ip_val = f.cf_intercept_ip.value; + + if( cf_intercept_ip_val && current_user_ip ){ + var cf_intercept_ips = cf_intercept_ip_val.split("\n"); + + for(var i=0; i < cf_intercept_ips.length; i++){ + if ( cf_intercept_ips[i].trim() ) { + cf_intercept_ips[i] = cf_intercept_ips[i].replace(".", "\."); + cf_intercept_ips[i] = cf_intercept_ips[i].replace("+", "[0-9\.]+"); + + var re = new RegExp(cf_intercept_ips[i]); + if ( re.test(current_user_ip) ){ + alert("현재 접속 IP : "+ current_user_ip +" 가 차단될수 있기 때문에, 다른 IP를 입력해 주세요."); + return false; + } + } + } + } + f.action = "./config_form_update.php"; return true; } diff --git a/adm/config_form_update.php b/adm/config_form_update.php index 250fc9082..f7e51ae24 100644 --- a/adm/config_form_update.php +++ b/adm/config_form_update.php @@ -38,6 +38,24 @@ foreach( $check_keys as $key ){ $_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295'; +if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){ + + $pattern = explode("\n", trim($_POST['cf_intercept_ip'])); + for ($i=0; $i Date: Thu, 19 Nov 2020 11:42:55 +0900 Subject: [PATCH 10/16] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EC=95=84=EC=9D=B4?= =?UTF-8?q?=EC=BD=98=20url=EC=97=90=20=ED=8C=8C=EC=9D=BC=EC=88=98=EC=A0=95?= =?UTF-8?q?=EC=8B=9C=EA=B0=84=20=ED=8C=8C=EB=9D=BC=EB=AF=B8=ED=84=B0=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/member_form.php | 6 +++--- bbs/register_form.php | 6 ++++-- extend/default.config.php | 2 ++ lib/common.lib.php | 6 +++++- skin/member/basic/register_form.skin.php | 4 ++-- skin/member/basic/style.css | 1 + theme/basic/skin/member/basic/register_form.skin.php | 4 ++-- theme/basic/skin/member/basic/style.css | 1 + 8 files changed, 20 insertions(+), 10 deletions(-) diff --git a/adm/member_form.php b/adm/member_form.php index 2b95e6581..a5b249d35 100644 --- a/adm/member_form.php +++ b/adm/member_form.php @@ -243,7 +243,8 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js $icon_file = G5_DATA_PATH.'/member/'.$mb_dir.'/'.get_mb_icon_name($mb['mb_id']).'.gif'; if (file_exists($icon_file)) { $icon_url = str_replace(G5_DATA_PATH, G5_DATA_URL, $icon_file); - echo ''; + $icon_filemtile = (defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME) ? '?'.filemtime($icon_file) : ''; + echo ''; echo '삭제'; } ?> @@ -258,8 +259,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js $mb_dir = substr($mb['mb_id'],0,2); $icon_file = G5_DATA_PATH.'/member_image/'.$mb_dir.'/'.get_mb_icon_name($mb['mb_id']).'.gif'; if (file_exists($icon_file)) { - $icon_url = str_replace(G5_DATA_PATH, G5_DATA_URL, $icon_file); - echo ''; + echo get_member_profile_img($mb['mb_id']); echo '삭제'; } ?> diff --git a/bbs/register_form.php b/bbs/register_form.php index d72804dd2..321e4dea8 100644 --- a/bbs/register_form.php +++ b/bbs/register_form.php @@ -131,11 +131,13 @@ include_once('./_head.php'); // 회원아이콘 경로 $mb_icon_path = G5_DATA_PATH.'/member/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'; -$mb_icon_url = G5_DATA_URL.'/member/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'; +$mb_icon_filemtile = (defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME && file_exists($mb_icon_path)) ? '?'.filemtime($mb_icon_path) : ''; +$mb_icon_url = G5_DATA_URL.'/member/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'.$mb_icon_filemtile; // 회원이미지 경로 $mb_img_path = G5_DATA_PATH.'/member_image/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'; -$mb_img_url = G5_DATA_URL.'/member_image/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'; +$mb_img_filemtile = (defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME && file_exists($mb_img_path)) ? '?'.filemtime($mb_img_path) : ''; +$mb_img_url = G5_DATA_URL.'/member_image/'.substr($member['mb_id'],0,2).'/'.get_mb_icon_name($member['mb_id']).'.gif'.$mb_img_filemtile; $register_action_url = G5_HTTPS_BBS_URL.'/register_form_update.php'; $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) && $member['mb_nick_date'] <= date("Y-m-d", G5_SERVER_TIME - ($config['cf_nick_modify'] * 86400))); diff --git a/extend/default.config.php b/extend/default.config.php index 4a134a7a8..d655b148a 100644 --- a/extend/default.config.php +++ b/extend/default.config.php @@ -4,6 +4,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 // 유저 사이드뷰에서 아이콘 지정 안했을시 기본 no 프로필 이미지 define('G5_NO_PROFILE_IMG', 'no_profile'); +define('G5_USE_MEMBER_IMAGE_FILETIME', TRUE); + // 썸네일 처리 방식, 비율유지 하지 않고 썸네일을 생성하려면 주석을 풀고 값은 false 입력합니다. ( true 또는 주석으로 된 경우에는 비율 유지합니다. ) //define('G5_USE_THUMB_RATIO', false); ?> \ No newline at end of file diff --git a/lib/common.lib.php b/lib/common.lib.php index 77a4fa45f..5a6629d61 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1313,9 +1313,10 @@ function get_sideview($mb_id, $name='', $email='', $homepage='') $icon_file = G5_DATA_PATH.'/member/'.$mb_dir.'/'.get_mb_icon_name($mb_id).'.gif'; if (file_exists($icon_file)) { + $icon_filemtile = (defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME) ? '?'.filemtime($icon_file) : ''; $width = $config['cf_member_icon_width']; $height = $config['cf_member_icon_height']; - $icon_file_url = G5_DATA_URL.'/member/'.$mb_dir.'/'.get_mb_icon_name($mb_id).'.gif'; + $icon_file_url = G5_DATA_URL.'/member/'.$mb_dir.'/'.get_mb_icon_name($mb_id).'.gif'.$icon_filemtile; $tmp_name .= ''; if ($config['cf_use_member_icon'] == 2) // 회원아이콘+이름 @@ -3611,6 +3612,9 @@ function get_member_profile_img($mb_id='', $width='', $height='', $alt='profile_ } else { $member_img = G5_DATA_PATH.'/member_image/'.substr($mb_id,0,2).'/'.get_mb_icon_name($mb_id).'.gif'; if (is_file($member_img)) { + if(defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME) { + $member_img .= '?'.filemtime($member_img); + } $member_cache[$mb_id] = $src = str_replace(G5_DATA_PATH, G5_DATA_URL, $member_img); } } diff --git a/skin/member/basic/register_form.skin.php b/skin/member/basic/register_form.skin.php index 72b2596e6..e2dc5fd5b 100644 --- a/skin/member/basic/register_form.skin.php +++ b/skin/member/basic/register_form.skin.php @@ -189,7 +189,7 @@ gif, jpg, png파일만 가능하며 용량 회원아이콘 - + @@ -208,7 +208,7 @@ gif, jpg, png파일만 가능하며 용량 회원이미지 - + diff --git a/skin/member/basic/style.css b/skin/member/basic/style.css index efc404d34..97c3ff395 100644 --- a/skin/member/basic/style.css +++ b/skin/member/basic/style.css @@ -131,6 +131,7 @@ .register_form_inner {background:#f7f7f7;border:1px solid #dde7e9;border-radius:3px} .register_form_inner ul {padding:20px} .register_form_inner label {display:block;margin-bottom:10px;line-height:24px} +.register_form_inner label.inline {display:inline} #fregisterform #msg_certify {margin:5px 0 0;padding:5px;border:1px solid #dbecff;background:#eaf4ff;text-align:center} #fregisterform .frm_address {margin:5px 0 0} diff --git a/theme/basic/skin/member/basic/register_form.skin.php b/theme/basic/skin/member/basic/register_form.skin.php index cbd17aed0..d60d8c8f7 100644 --- a/theme/basic/skin/member/basic/register_form.skin.php +++ b/theme/basic/skin/member/basic/register_form.skin.php @@ -188,7 +188,7 @@ gif, jpg, png파일만 가능하며 용량 회원아이콘 - + @@ -207,7 +207,7 @@ gif, jpg, png파일만 가능하며 용량 회원이미지 - + diff --git a/theme/basic/skin/member/basic/style.css b/theme/basic/skin/member/basic/style.css index e297c9b96..3574d7009 100644 --- a/theme/basic/skin/member/basic/style.css +++ b/theme/basic/skin/member/basic/style.css @@ -131,6 +131,7 @@ .register_form_inner {background:#f7f7f7;border:1px solid #dde7e9;border-radius:3px} .register_form_inner ul {padding:20px} .register_form_inner label {display:block;margin-bottom:10px;line-height:24px} +.register_form_inner label.inline {display:inline} #fregisterform #msg_certify {margin:5px 0 0;padding:5px;border:1px solid #dbecff;background:#eaf4ff;text-align:center} #fregisterform .frm_address {margin:5px 0 0} From 02b085b4be32584b80ae2e17ff8e34e554bdf9ab Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 20 Nov 2020 13:52:27 +0900 Subject: [PATCH 11/16] =?UTF-8?q?[KVE-2020-0797]=20=EC=98=81=EC=B9=B4?= =?UTF-8?q?=ED=8A=B8=20SQL=20=EC=9D=B8=EC=A0=9D=EC=85=98=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 5a6629d61..29ce6d4b6 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3819,7 +3819,7 @@ function is_include_path_check($path='', $is_input='') if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){ return false; } - if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){ + if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) || (preg_match('/search\.skin\.php/i', $replace_path) ) ){ return false; } if( substr_count($replace_path, './') > 5 ){ From afc8adf73709591c1e3f7bffe570cf23037976a2 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 20 Nov 2020 16:51:02 +0900 Subject: [PATCH 12/16] =?UTF-8?q?[KVE-2020-0785,=200788]=20=ED=83=80=20?= =?UTF-8?q?=EC=95=84=EC=9D=B4=EB=94=94=EA=B0=80=20=EC=97=90=EB=94=94?= =?UTF-8?q?=ED=84=B0=20=EC=97=85=EB=A1=9C=EB=93=9C=20=EB=90=9C=20=EC=9D=B4?= =?UTF-8?q?=EB=AF=B8=EC=A7=80=20=EC=82=AD=EC=A0=9C=20=EA=B0=80=EB=8A=A5=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/editor/cheditor5/imageUpload/config.php | 10 ++++++++-- .../photo_uploader/popup/php/UploadHandler.php | 14 ++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/plugin/editor/cheditor5/imageUpload/config.php b/plugin/editor/cheditor5/imageUpload/config.php index dc5f2ba8b..16787496a 100644 --- a/plugin/editor/cheditor5/imageUpload/config.php +++ b/plugin/editor/cheditor5/imageUpload/config.php @@ -30,8 +30,14 @@ define("SAVE_DIR", $data_dir); define("SAVE_URL", $data_url); function che_get_user_id() { - @session_start(); - return session_id(); + global $member; + + if(session_id() == '') { + @session_start(); + } + + $add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : ''; + return session_id().$add_str; } function che_get_file_passname(){ diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php index 7e72ebafd..4f98bcfd1 100644 --- a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php +++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php @@ -215,14 +215,20 @@ class UploadHandler substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/')); } - protected function get_user_id() { - @session_start(); - return session_id(); + protected function get_user_id($is_add=true) { + global $member; + + if(session_id() == '') { + @session_start(); + } + + $add_str = ($is_add && isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : ''; + return session_id().$add_str; } protected function get_user_path() { if ($this->options['user_dirs']) { - return $this->get_user_id().'/'; + return $this->get_user_id(false).'/'; } return ''; } From 68a3d59a57816b64810a85bde5eb008a24f8b528 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 24 Nov 2020 10:46:21 +0900 Subject: [PATCH 13/16] =?UTF-8?q?=EC=86=8C=EC=85=9C=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=ED=8E=98=EC=9D=B4=EC=BD=94,=20=EA=B5=AC=EA=B8=80?= =?UTF-8?q?=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 2 +- mobile/skin/social/img/sns_gp_s.png | Bin 1562 -> 820 bytes mobile/skin/social/social_login.skin.php | 2 +- mobile/skin/social/social_outlogin.skin.1.php | 2 +- mobile/skin/social/social_register.skin.php | 2 +- mobile/skin/social/style.css | 10 +- plugin/social/Hybrid/Providers/Google.php | 102 ++---------- plugin/social/Hybrid/Providers/Payco.php | 148 ++++++++++-------- plugin/social/Hybrid/Providers/Twitter.php | 10 +- plugin/social/includes/functions.php | 7 +- skin/social/img/sns_gp_s.png | Bin 1562 -> 820 bytes skin/social/social_login.skin.php | 2 +- skin/social/social_outlogin.skin.1.php | 2 +- skin/social/social_register.skin.php | 2 +- skin/social/style.css | 12 +- 15 files changed, 122 insertions(+), 181 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index 536d9754b..6dcf7d90d 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1129,7 +1129,7 @@ include_once('_rewrite_config_form.php');

페이코 CallbackURL

-

+

diff --git a/mobile/skin/social/img/sns_gp_s.png b/mobile/skin/social/img/sns_gp_s.png index aa08845949aef9ab9ddf6857be1dd6864530cf32..0bf8c73e95fe6f83d0359c7b8d82e0c36c73836e 100644 GIT binary patch literal 820 zcmeAS@N?(olHy`uVBq!ia0vp^av;pX3?zBp#Z6#fV9XBi32_B-8UFugXlVHF;9xv6 z?SH7Y!~BH%4i1*9LLXaN{@=`Cyejmai?Qy~s3*>5FP+UDy1tk%336-sX0bfLY*pw> z7gNWMFP4)Ix-@@z?PBKC^4YQV^PfFzCd-4&=QlXFeSPh0V!SfgspYHjir|;drY6gS zUpbpNwR|yN8T1;+T^aPs*%Yh{C>8S31!#pS(2!RyCdSJ{fXaRYjam^5B!S9+44`%( z2{iNf9u}b0zjw0$#er;~pi}E-Als?+3y=-83up_F3u3sK0ZEWvkf7c6_K`Z?=1@+=o0BpcL4sFAxSq%kMp`5C&WjsQ0y}(dRuJKylNh@n#E4?D~(} zuk>^1d;pXRU+sE-rvOm#+X&sCt9X8GX9t?_|NsBf0n#Udp`BF{cbr|7+pKn4bXH)@9Hq|F z-bPQCsvdQ-sLhFwixWH99Bj2<&z?Jihjbd4D|eJA1>6#ejbeAbB@=s#W&guh1(~-$ zeL7Q+XAsQ9GR5K2B@a1mtusb$7FPu{X6rR@OzYUQW{pXtM7R!{#@ntZ#(Q-XJgz1& zZk+k#kVBfcqG$1r<|mt*bV8?|-Lt9a6F1i!$%)KvNA$TlQ=YSNFJzmuL3&e7heg$a yO)p&!t4vc-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}#MrL(D% zvw^FLvx%#@p`oLTk(;Zbg^7Wip__rRkul5+YKL?fq0y6ST@{2R_ z3lyA#%@j1kGxJjN%ZoKZ(F5_VOKMSOS!#+~QGTuhIDD-#vDj~DVqs!vZeZ+Yfy>_z zy(#2`nLf}l`k=&tlvrRwz!V5#!jnFb1J69EdB7Y~1k4&;o!_Dv7?`{~T^vIyZYAw` zo2q)^z<~>#N4`0nIph%ifxV-gxsdh5B3FkuhaKz}upRm1<8Y|E@t*=mis5C3h%=@F z)0z&hIC}VgQWGniGPgGK{N4P_>zk#SXD{LkXy|-+eQ`BUJm34|A3I8I5C5NUe`3=N z!HA;2$6snC2C}U@CfCs#aiD+pb%}XXmKYoS`R#5i-&~^=d7pLrm*;n*dE))$7^4rR z=A1jAw*JV6v~MbFrWt+yXl$^l*x*m)-$^CiKW+X>+?aaxz#IP8;RbtVTDLYnv{xy( zr#t`r0VORqlOLjCdz}nd^4v)aWqouzKiz);%kq-r zB5Z1Taw1#z$J?b>%n&)G5O?p$f!r)s@$jgf%s%%&Zd0=j6=wbSk2P4{e0}PVsz)3K zTVf<{h)j{Zr#Hi~D&YT~;_gOgXX!Z;4mfgu{d&1ehC^Or%B0d*9v!DcJp1R{xwY__ zSVgEVk+6Gv!=sAv)6WBb24~fj&nrxt!n=**&4TLfjeWaL9$2`Jcbf>yzIj$ni@x9f z8T`P;FU*cDRek2an-h+(@HNh!@P@@F<;|-oo;zyO5{@@K`W~3ZbCQ+QmG#7Z{`Zpe zOs5$9*;CuROI3W)i7%-SN{iUVq)zel(tDnm{ Hr-UW|{lY%= diff --git a/mobile/skin/social/social_login.skin.php b/mobile/skin/social/social_login.skin.php index 0e2871875..b014cd92a 100644 --- a/mobile/skin/social/social_login.skin.php +++ b/mobile/skin/social/social_login.skin.php @@ -41,7 +41,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+ 로그인 + Sign in with Google diff --git a/mobile/skin/social/social_outlogin.skin.1.php b/mobile/skin/social/social_outlogin.skin.1.php index 039fee2a0..98a2552b0 100644 --- a/mobile/skin/social/social_outlogin.skin.1.php +++ b/mobile/skin/social/social_outlogin.skin.1.php @@ -41,7 +41,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+ 로그인 + Sign in with Google diff --git a/mobile/skin/social/social_register.skin.php b/mobile/skin/social/social_register.skin.php index 5d8048038..e41bc6c07 100644 --- a/mobile/skin/social/social_register.skin.php +++ b/mobile/skin/social/social_register.skin.php @@ -42,7 +42,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+ 로그인 + Sign in with Google diff --git a/mobile/skin/social/style.css b/mobile/skin/social/style.css index 8897d25bd..86cebdda5 100644 --- a/mobile/skin/social/style.css +++ b/mobile/skin/social/style.css @@ -65,12 +65,13 @@ /*로그인 */ #sns_login {border:0;margin-top:15px;padding:0; border-top:1px solid #edeaea} #sns_login h3 {padding:0;font-weight:bold;color:#888;text-align:center} -#sns_login .sns-icon {display:block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px} +#sns_login .sns-icon {position:relative;display:block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px} #sns_login .sns-naver {background-color:#1fc800;background-position:5px 5px;border-bottom:1px solid #1ea505} #sns_login .sns-kakao {background-color:#ffeb00;background-position:5px 5px;border-bottom:1px solid #e2c10a} #sns_login .sns-kakao {color:#3c1e1e} #sns_login .sns-facebook {background-color:#3b579d;background-position:5px 5px;border-bottom:1px solid #28458f} -#sns_login .sns-google {background-color:#db4a3a;background-position:5px 5px;border-bottom:1px solid #c03121} +#sns_login .sns-google {background-color:#4285F4;background-position:5px 5px;border-bottom:1px solid #3567c6} +#sns_login .sns-google .ico {position:absolute;top:3px;left:3px;width:33px;height:33px;background:url('./img/sns_gp_s.png') no-repeat center center;background-color:#fff;background-size:28px 28px!important;border-radius:2px} #sns_login .sns-twitter {background-color:#1ea1f2;background-position:5px 5px;border-bottom:1px solid #1e82c0} #sns_login .sns-payco {background-color:#df0b00;background-position:5px 5px;border-bottom:1px solid #9d0800} #sns_login .txt {text-align:left;padding-left:10px;border-left:1px solid rgba(0,0,0,0.1);display:block;font-weight:bold} @@ -80,13 +81,14 @@ #sns_register h2 {font-size:1.167em;text-align:left;padding:15px 20px;border-bottom:1px solid #dbdbdb} #sns_register .sns-wrap:after {display:block;visibility:hidden;clear:both;content:""} #sns_register .sns-wrap {display:inline-block;padding:20px;vertical-align:top;margin:0} -#sns_register .sns-icon {display:inline-block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px;float:left} +#sns_register .sns-icon {position:relative;display:inline-block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px;float:left} #sns_register .sns-icon:nth-child(3n+1) {clear:both} #sns_register .sns-naver {background-color:#1fc800;background-position:5px 5px;border-bottom:1px solid #1ea505} #sns_register .sns-kakao {background-color:#ffeb00;background-position:5px 5px;border-bottom:1px solid #e2c10a} #sns_register .sns-kakao {color:#3c1e1e} #sns_register .sns-facebook {background-color:#3b579d;background-position:5px 5px;border-bottom:1px solid #28458f} -#sns_register .sns-google {background-color:#db4a3a;background-position:5px 5px;border-bottom:1px solid #c03121} +#sns_register .sns-google {background-color:#4285F4;background-position:5px 5px;border-bottom:1px solid #3567c6} +#sns_register .sns-google .ico {position:absolute;top:3px;left:3px;width:33px;height:33px;background:url('./img/sns_gp_s.png') no-repeat center center;background-color:#fff;background-size:28px 28px!important;border-radius:2px} #sns_register .sns-twitter {background-color:#1ea1f2;background-position:5px 5px;border-bottom:1px solid #1e82c0} #sns_register .sns-payco {background-color:#df0b00;background-position:5px 5px;border-bottom:1px solid #9d0800} #sns_register .txt {display:block;padding-left:10px;border-left:1px solid rgba(0,0,0,0.1);font-weight:bold} diff --git a/plugin/social/Hybrid/Providers/Google.php b/plugin/social/Hybrid/Providers/Google.php index adb2d5a22..f7e9ac457 100644 --- a/plugin/social/Hybrid/Providers/Google.php +++ b/plugin/social/Hybrid/Providers/Google.php @@ -19,7 +19,7 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { * default permissions * {@inheritdoc} */ - public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.profile.emails.read https://www.google.com/m8/feeds/"; + public $scope = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.google.com/m8/feeds/"; /** * {@inheritdoc} @@ -72,35 +72,22 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { // refresh tokens if needed $this->refreshToken(); - // ask google api for user infos - if (strpos($this->scope, '/auth/plus.profile.emails.read') !== false) { - $verified = $this->api->api("https://www.googleapis.com/plus/v1/people/me"); - - if (!isset($verified->id) || isset($verified->error)) - $verified = new stdClass(); - } else { - $verified = $this->api->api("https://www.googleapis.com/plus/v1/people/me/openIdConnect"); - - if (!isset($verified->sub) || isset($verified->error)) - $verified = new stdClass(); - } - - $response = $this->api->api("https://www.googleapis.com/plus/v1/people/me"); - if (!isset($response->id) || isset($response->error)) { + $response = $this->api->api("https://www.googleapis.com/oauth2/v3/userinfo"); + if (!isset($response->sub) || isset($response->error)) { throw new Exception("User profile request failed! {$this->providerId} returned an invalid response:" . Hybrid_Logger::dumpData( $response ), 6); } - $this->user->profile->identifier = (property_exists($verified, 'id')) ? $verified->id : ((property_exists($response, 'id')) ? $response->id : ""); - $this->user->profile->firstName = (property_exists($response, 'name')) ? $response->name->givenName : ""; - $this->user->profile->lastName = (property_exists($response, 'name')) ? $response->name->familyName : ""; - $this->user->profile->displayName = (property_exists($response, 'displayName')) ? $response->displayName : ""; - $this->user->profile->photoURL = (property_exists($response, 'image')) ? ((property_exists($response->image, 'url')) ? substr($response->image->url, 0, -2) . "200" : '') : ''; - $this->user->profile->profileURL = (property_exists($response, 'url')) ? $response->url : ""; - $this->user->profile->description = (property_exists($response, 'aboutMe')) ? $response->aboutMe : ""; + $this->user->profile->identifier = (property_exists($response, 'sub')) ? $response->sub : ""; + $this->user->profile->firstName = (property_exists($response, 'given_name')) ? $response->given_name : ""; + $this->user->profile->lastName = (property_exists($response, 'family_name')) ? $response->family_name : ""; + $this->user->profile->displayName = (property_exists($response, 'name')) ? $response->name : ""; + $this->user->profile->photoURL = (property_exists($response, 'picture')) ? $response->picture : ""; + $this->user->profile->profileURL = (property_exists($response, 'profile')) ? $response->profile : ""; $this->user->profile->gender = (property_exists($response, 'gender')) ? $response->gender : ""; - $this->user->profile->language = (property_exists($response, 'locale')) ? $response->locale : ((property_exists($verified, 'locale')) ? $verified->locale : ""); - $this->user->profile->email = (property_exists($response, 'email')) ? $response->email : ((property_exists($verified, 'email')) ? $verified->email : ""); - $this->user->profile->emailVerified = (property_exists($verified, 'email')) ? $verified->email : ""; + $this->user->profile->language = (property_exists($response, 'locale')) ? $response->locale : ""; + $this->user->profile->email = (property_exists($response, 'email')) ? $response->email : ""; + $this->user->profile->emailVerified = (property_exists($response, 'email_verified')) ? ($response->email_verified === true || $response->email_verified === 1 ? $response->email : "") : ""; + if (property_exists($response, 'emails')) { if (count($response->emails) == 1) { $this->user->profile->email = $response->emails[0]->value; @@ -125,69 +112,6 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { } } } - $this->user->profile->phone = (property_exists($response, 'phone')) ? $response->phone : ""; - $this->user->profile->country = (property_exists($response, 'country')) ? $response->country : ""; - $this->user->profile->region = (property_exists($response, 'region')) ? $response->region : ""; - $this->user->profile->zip = (property_exists($response, 'zip')) ? $response->zip : ""; - if (property_exists($response, 'placesLived')) { - $this->user->profile->city = ""; - $this->user->profile->address = ""; - foreach ($response->placesLived as $c) { - if (property_exists($c, 'primary')) { - if ($c->primary == true) { - $this->user->profile->address = $c->value; - $this->user->profile->city = $c->value; - break; - } - } else { - if (property_exists($c, 'value')) { - $this->user->profile->address = $c->value; - $this->user->profile->city = $c->value; - } - } - } - } - - // google API returns multiple urls, but a "website" only if it is verified - // see http://support.google.com/plus/answer/1713826?hl=en - if (property_exists($response, 'urls')) { - foreach ($response->urls as $u) { - if (property_exists($u, 'primary') && $u->primary == true) - $this->user->profile->webSiteURL = $u->value; - } - } else { - $this->user->profile->webSiteURL = ''; - } - // google API returns age ranges min and/or max as of https://developers.google.com/+/web/api/rest/latest/people#resource - if (property_exists($response, 'ageRange')) { - if (property_exists($response->ageRange, 'min') && property_exists($response->ageRange, 'max')) { - $this->user->profile->age = $response->ageRange->min . ' - ' . $response->ageRange->max; - } else { - if (property_exists($response->ageRange, 'min')) { - $this->user->profile->age = '>= ' . $response->ageRange->min; - } else { - if (property_exists($response->ageRange, 'max')) { - $this->user->profile->age = '<= ' . $response->ageRange->max; - } else { - $this->user->profile->age = ''; - } - } - } - } else { - $this->user->profile->age = ''; - } - // google API returns birthdays only if a user set 'show in my account' - if (property_exists($response, 'birthday')) { - list($birthday_year, $birthday_month, $birthday_day) = explode('-', $response->birthday); - - $this->user->profile->birthDay = (int) $birthday_day; - $this->user->profile->birthMonth = (int) $birthday_month; - $this->user->profile->birthYear = (int) $birthday_year; - } else { - $this->user->profile->birthDay = 0; - $this->user->profile->birthMonth = 0; - $this->user->profile->birthYear = 0; - } $this->user->profile->sid = get_social_convert_id( $this->user->profile->identifier, $this->providerId ); diff --git a/plugin/social/Hybrid/Providers/Payco.php b/plugin/social/Hybrid/Providers/Payco.php index c0bb45480..ffa03301a 100644 --- a/plugin/social/Hybrid/Providers/Payco.php +++ b/plugin/social/Hybrid/Providers/Payco.php @@ -13,35 +13,35 @@ */ class Hybrid_Providers_Payco extends Hybrid_Provider_Model_OAuth2 { - private $idNo; + private $idNo; - /** - * {@inheritdoc} - */ - function initialize() { + /** + * {@inheritdoc} + */ + function initialize() { parent::initialize(); - // Provider API end-points + // Provider API end-points $this->api->api_base_url = 'https://id.payco.com/oauth2.0/'; $this->api->authorize_url = 'https://id.payco.com/oauth2.0/authorize'; $this->api->token_url = 'https://id.payco.com/oauth2.0/token'; $this->api->token_info = 'https://apis3.krp.toastoven.net/payco/friends/getIdNoByFriendsToken.json'; - $this->api->profile_url = 'https://apis3.krp.toastoven.net/payco/friends/getMemberProfileByFriendsToken.json'; + $this->api->profile_url = 'https://apis-payco.krp.toastoven.net/payco/friends/find_member_v2.json'; - if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) { - throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); - } + if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) { + throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); + } - // redirect uri mismatches when authenticating with Payco. - if (isset($this->config['redirect_uri']) && !empty($this->config['redirect_uri'])) { - $this->api->redirect_uri = $this->config['redirect_uri']; - } - } - /** - * {@inheritdoc} - */ - function loginBegin() { + // redirect uri mismatches when authenticating with Payco. + if (isset($this->config['redirect_uri']) && !empty($this->config['redirect_uri'])) { + $this->api->redirect_uri = $this->config['redirect_uri']; + } + } + /** + * {@inheritdoc} + */ + function loginBegin() { $token = md5(uniqid(mt_rand(), true)); Hybrid_Auth::storage()->set('payco_auth_token', $token); @@ -59,16 +59,16 @@ class Hybrid_Providers_Payco extends Hybrid_Provider_Model_OAuth2 { exit; - } - /** - * {@inheritdoc} - */ - function loginFinish() { + } + /** + * {@inheritdoc} + */ + function loginFinish() { - // in case we get error_reason=user_denied&error=access_denied - if (isset($_REQUEST['error']) && $_REQUEST['error'] == "access_denied") { - throw new Exception("Authentication failed! The user denied your request.", 5); - } + // in case we get error_reason=user_denied&error=access_denied + if (isset($_REQUEST['error']) && $_REQUEST['error'] == "access_denied") { + throw new Exception("Authentication failed! The user denied your request.", 5); + } // try to authenicate user $code = (array_key_exists('code', $_REQUEST)) ? $_REQUEST['code'] : ""; @@ -91,7 +91,7 @@ class Hybrid_Providers_Payco extends Hybrid_Provider_Model_OAuth2 { $this->setUserConnected(); - } + } function check_valid_access_token(){ @@ -121,33 +121,33 @@ class Hybrid_Providers_Payco extends Hybrid_Provider_Model_OAuth2 { return false; } - /** - * {@inheritdoc} - */ - function logout() { - parent::logout(); - } - /** - * {@inheritdoc} - */ + /** + * {@inheritdoc} + */ + function logout() { + parent::logout(); + } + /** + * {@inheritdoc} + */ /** * set propper headers */ - function getUserProfile() { + function getUserProfile() { $data = null; - // request user profile - try { - + // request user profile + try { + if( $this->check_valid_access_token() ){ $params = array( 'body' => array( - 'client_id'=>$this->api->client_id, - 'access_token'=>$this->api->access_token, - 'MemberProfile'=>'idNo,id,name', - 'idNo'=>$this->idNo, + 'client_id'=>$this->api->client_id, + 'access_token'=>$this->api->access_token, + 'MemberProfile'=>'idNo,id,name', + 'idNo'=>$this->idNo, ), ); @@ -161,52 +161,62 @@ class Hybrid_Providers_Payco extends Hybrid_Provider_Model_OAuth2 { $response = $this->api->api( $this->api->profile_url, 'POST', $params ); } - } catch (Exception $e) { - throw new Exception("User profile request failed! {$this->providerId} returned an error: {$e->getMessage()}", 6, $e); - } - + } catch (Exception $e) { + throw new Exception("User profile request failed! {$this->providerId} returned an error: {$e->getMessage()}", 6, $e); + } + if( ! is_object($response) || property_exists($response, 'error_code') ){ $this->logout(); throw new Exception( "Authentication failed! {$this->providerId} returned an invalid access token.", 5 ); } + $data = array(); + if( is_object($response) ){ $result = json_decode(json_encode($response), true); - $data = $result['memberProfile']; + + // 성공이면 + if(isset($result['header']) && isset($result['header']['isSuccessful']) && $result['header']['isSuccessful']){ + $data = $result['data']['member']; + } } - // if the provider identifier is not received, we assume the auth has failed - if (!isset($data["id"])) { + // if the provider identifier is not received, we assume the auth has failed + if (!isset($data["idNo"])) { $this->logout(); - throw new Exception("User profile request failed! {$this->providerId} api returned an invalid response: " . Hybrid_Logger::dumpData( $data ), 6); - } + throw new Exception("User profile request failed! {$this->providerId} api returned an invalid response: " . Hybrid_Logger::dumpData( $data ), 6); + } - # store the user profile. - $this->user->profile->identifier = (array_key_exists('idNo', $data)) ? $data['idNo'] : ""; - $this->user->profile->username = (array_key_exists('name', $data)) ? $data['name'] : ""; - $this->user->profile->displayName = (array_key_exists('name', $data)) ? $data['name'] : ""; + # store the user profile. + $this->user->profile->identifier = (array_key_exists('idNo', $data)) ? $data['idNo'] : ""; + $this->user->profile->username = (array_key_exists('name', $data)) ? $data['name'] : ""; + $this->user->profile->displayName = (array_key_exists('name', $data)) ? $data['name'] : ""; $this->user->profile->age = (array_key_exists('ageGroup', $data)) ? $data['ageGroup'] : ""; + $this->user->profile->hp = (array_key_exists('mobile', $data)) ? $data['mobile'] : ""; include_once(G5_LIB_PATH.'/register.lib.php'); $payco_no = substr(base_convert($this->user->profile->identifier, 16, 36), 0, 16); - $email = (array_key_exists('id', $data)) ? $data['id'] : ""; + //$email = (array_key_exists('id', $data)) ? $data['id'] : ""; - $this->user->profile->gender = (array_key_exists('sexCode', $data)) ? $data['sexCode'] : ""; + $email = (array_key_exists('email', $data)) ? $data['email'] : ""; - $this->user->profile->email = ! valid_mb_email($email) ? $email : ""; - $this->user->profile->emailVerified = ! valid_mb_email($email) ? $email : ""; + //$this->user->profile->gender = (array_key_exists('sexCode', $data)) ? $data['sexCode'] : ""; + + $this->user->profile->gender = (array_key_exists('genderCode', $data)) ? strtolower($data['genderCode']) : ""; + $this->user->profile->email = ! valid_mb_email($email) ? $email : ""; + $this->user->profile->emailVerified = ! valid_mb_email($email) ? $email : ""; - if (array_key_exists('birthdayMMdd', $data)) { - $this->user->profile->birthMonth = substr($data['birthdayMMdd'], 0, 2); - $this->user->profile->birthDay = substr($data['birthdayMMdd'], 2, 4); - } + if (array_key_exists('birthdayMMdd', $data)) { + $this->user->profile->birthMonth = substr($data['birthdayMMdd'], 0, 2); + $this->user->profile->birthDay = substr($data['birthdayMMdd'], 2, 4); + } $this->user->profile->sid = get_social_convert_id( $this->user->profile->identifier, $this->providerId ); - return $this->user->profile; - } //end function getUserProfile + return $this->user->profile; + } //end function getUserProfile } \ No newline at end of file diff --git a/plugin/social/Hybrid/Providers/Twitter.php b/plugin/social/Hybrid/Providers/Twitter.php index cb1c1706b..f98c577b2 100644 --- a/plugin/social/Hybrid/Providers/Twitter.php +++ b/plugin/social/Hybrid/Providers/Twitter.php @@ -2,8 +2,8 @@ /* ! * HybridAuth - * http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth - * (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html + * https://hybridauth.sourceforge.net | https://github.com/hybridauth/hybridauth + * (c) 2009-2012, HybridAuth authors | https://hybridauth.sourceforge.net/licenses.html */ /** @@ -127,7 +127,7 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { $this->user->profile->description = (property_exists($response, 'description')) ? $response->description : ""; $this->user->profile->firstName = (property_exists($response, 'name')) ? $response->name : ""; $this->user->profile->photoURL = (property_exists($response, 'profile_image_url')) ? (str_replace('_normal', '', $response->profile_image_url)) : ""; - $this->user->profile->profileURL = (property_exists($response, 'screen_name')) ? ("http://twitter.com/" . $response->screen_name) : ""; + $this->user->profile->profileURL = (property_exists($response, 'screen_name')) ? ("https://twitter.com/" . $response->screen_name) : ""; $this->user->profile->webSiteURL = (property_exists($response, 'url')) ? $response->url : ""; $this->user->profile->region = (property_exists($response, 'location')) ? $response->location : ""; if($includeEmail) $this->user->profile->email = (property_exists($response, 'email')) ? $response->email : ""; @@ -174,7 +174,7 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { $uc->identifier = (property_exists($item, 'id')) ? $item->id : ""; $uc->displayName = (property_exists($item, 'name')) ? $item->name : ""; - $uc->profileURL = (property_exists($item, 'screen_name')) ? ("http://twitter.com/" . $item->screen_name) : ""; + $uc->profileURL = (property_exists($item, 'screen_name')) ? ("https://twitter.com/" . $item->screen_name) : ""; $uc->photoURL = (property_exists($item, 'profile_image_url')) ? $item->profile_image_url : ""; $uc->description = (property_exists($item, 'description')) ? $item->description : ""; @@ -254,7 +254,7 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { $ua->user->identifier = (property_exists($item->user, 'id')) ? $item->user->id : ""; $ua->user->displayName = (property_exists($item->user, 'name')) ? $item->user->name : ""; - $ua->user->profileURL = (property_exists($item->user, 'screen_name')) ? ("http://twitter.com/" . $item->user->screen_name) : ""; + $ua->user->profileURL = (property_exists($item->user, 'screen_name')) ? ("https://twitter.com/" . $item->user->screen_name) : ""; $ua->user->photoURL = (property_exists($item->user, 'profile_image_url')) ? $item->user->profile_image_url : ""; $activities[] = $ua; diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index 001373292..09ba76af5 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -44,11 +44,11 @@ function get_social_convert_id($identifier, $service) return strtolower($service).'_'.hash('adler32', md5($identifier)); } -function get_social_callbackurl($provider, $no_domain=false){ +function get_social_callbackurl($provider, $no_domain=false, $no_params=false){ $base_url = G5_SOCIAL_LOGIN_BASE_URL; - if ( $provider === 'twitter' ){ + if ( $provider === 'twitter' || ($provider === 'payco' && $no_params) ){ return $base_url; } @@ -332,9 +332,12 @@ function social_extends_get_keys($provider){ "keys" => array("id" => $config['cf_google_clientid'], "secret" => $config['cf_google_secret']), "redirect_uri" => get_social_callbackurl('google'), + "scope" => "https://www.googleapis.com/auth/userinfo.profile "."https://www.googleapis.com/auth/userinfo.email", + /* "scope" => "https://www.googleapis.com/auth/plus.login ". // optional "https://www.googleapis.com/auth/plus.me ". // optional "https://www.googleapis.com/auth/plus.profile.emails.read", // optional + */ //"access_type" => "offline", // optional //"approval_prompt" => "force", // optional ); diff --git a/skin/social/img/sns_gp_s.png b/skin/social/img/sns_gp_s.png index aa08845949aef9ab9ddf6857be1dd6864530cf32..0bf8c73e95fe6f83d0359c7b8d82e0c36c73836e 100644 GIT binary patch literal 820 zcmeAS@N?(olHy`uVBq!ia0vp^av;pX3?zBp#Z6#fV9XBi32_B-8UFugXlVHF;9xv6 z?SH7Y!~BH%4i1*9LLXaN{@=`Cyejmai?Qy~s3*>5FP+UDy1tk%336-sX0bfLY*pw> z7gNWMFP4)Ix-@@z?PBKC^4YQV^PfFzCd-4&=QlXFeSPh0V!SfgspYHjir|;drY6gS zUpbpNwR|yN8T1;+T^aPs*%Yh{C>8S31!#pS(2!RyCdSJ{fXaRYjam^5B!S9+44`%( z2{iNf9u}b0zjw0$#er;~pi}E-Als?+3y=-83up_F3u3sK0ZEWvkf7c6_K`Z?=1@+=o0BpcL4sFAxSq%kMp`5C&WjsQ0y}(dRuJKylNh@n#E4?D~(} zuk>^1d;pXRU+sE-rvOm#+X&sCt9X8GX9t?_|NsBf0n#Udp`BF{cbr|7+pKn4bXH)@9Hq|F z-bPQCsvdQ-sLhFwixWH99Bj2<&z?Jihjbd4D|eJA1>6#ejbeAbB@=s#W&guh1(~-$ zeL7Q+XAsQ9GR5K2B@a1mtusb$7FPu{X6rR@OzYUQW{pXtM7R!{#@ntZ#(Q-XJgz1& zZk+k#kVBfcqG$1r<|mt*bV8?|-Lt9a6F1i!$%)KvNA$TlQ=YSNFJzmuL3&e7heg$a yO)p&!t4vc-mj#PnPRIHZt82`Ti~3Uk?B!Ylp0*+7m{3+ootz+WN)WnQ(*-(AUCxn zQK2F?C$HG5!d3}vt`(3C64qBz04piUwpD^SD#ABF!8yMuRl!uxSU1_g&``n5OwZ87 z)XdCKN5ROz&`93^h|F{iO{`4Ktc=VRpg;*|TTx1yRgjAt)Gi>;Rw<*Tq`*pFzr4I$ zuiRKKzbIYb(9+TpWQLKEE>MMTab;dfVufyAu`kBtHuNWFoz#!AFNG#Ad)HBe}%?0@jth%@)C>7xhtg4GcDhpEegHnt0 zON)|$@sXws(+mtd{1$-}0$pR}Uz7=ql*AmD{N&Qy)VvZ;7h5Huj9yA+ij}#MrL(D% zvw^FLvx%#@p`oLTk(;Zbg^7Wip__rRkul5+YKL?fq0y6ST@{2R_ z3lyA#%@j1kGxJjN%ZoKZ(F5_VOKMSOS!#+~QGTuhIDD-#vDj~DVqs!vZeZ+Yfy>_z zy(#2`nLf}l`k=&tlvrRwz!V5#!jnFb1J69EdB7Y~1k4&;o!_Dv7?`{~T^vIyZYAw` zo2q)^z<~>#N4`0nIph%ifxV-gxsdh5B3FkuhaKz}upRm1<8Y|E@t*=mis5C3h%=@F z)0z&hIC}VgQWGniGPgGK{N4P_>zk#SXD{LkXy|-+eQ`BUJm34|A3I8I5C5NUe`3=N z!HA;2$6snC2C}U@CfCs#aiD+pb%}XXmKYoS`R#5i-&~^=d7pLrm*;n*dE))$7^4rR z=A1jAw*JV6v~MbFrWt+yXl$^l*x*m)-$^CiKW+X>+?aaxz#IP8;RbtVTDLYnv{xy( zr#t`r0VORqlOLjCdz}nd^4v)aWqouzKiz);%kq-r zB5Z1Taw1#z$J?b>%n&)G5O?p$f!r)s@$jgf%s%%&Zd0=j6=wbSk2P4{e0}PVsz)3K zTVf<{h)j{Zr#Hi~D&YT~;_gOgXX!Z;4mfgu{d&1ehC^Or%B0d*9v!DcJp1R{xwY__ zSVgEVk+6Gv!=sAv)6WBb24~fj&nrxt!n=**&4TLfjeWaL9$2`Jcbf>yzIj$ni@x9f z8T`P;FU*cDRek2an-h+(@HNh!@P@@F<;|-oo;zyO5{@@K`W~3ZbCQ+QmG#7Z{`Zpe zOs5$9*;CuROI3W)i7%-SN{iUVq)zel(tDnm{ Hr-UW|{lY%= diff --git a/skin/social/social_login.skin.php b/skin/social/social_login.skin.php index f93fd403f..861e0b1f4 100644 --- a/skin/social/social_login.skin.php +++ b/skin/social/social_login.skin.php @@ -41,7 +41,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+ 로그인 + Sign in with Google diff --git a/skin/social/social_outlogin.skin.1.php b/skin/social/social_outlogin.skin.1.php index a6a55a2d2..20d84bbcd 100644 --- a/skin/social/social_outlogin.skin.1.php +++ b/skin/social/social_outlogin.skin.1.php @@ -41,7 +41,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+ 로그인 + Sign in with Google diff --git a/skin/social/social_register.skin.php b/skin/social/social_register.skin.php index f2beab376..86dfe3dde 100644 --- a/skin/social/social_register.skin.php +++ b/skin/social/social_register.skin.php @@ -43,7 +43,7 @@ add_stylesheet('?provider=google&url=" class="sns-icon social_link sns-google" title="구글"> - 구글+로 회원가입하기 + Sign in with Google diff --git a/skin/social/style.css b/skin/social/style.css index d984ac9b9..75f0951e8 100644 --- a/skin/social/style.css +++ b/skin/social/style.css @@ -27,7 +27,7 @@ .sns-wrap-reg .sns-naver {border-color:#18a400;background:#2db400} .sns-wrap-reg .sns-naver .ico {background-position:-29px 0; } -.sns-wrap-reg .sns-google {border-color:#ca2c19;background:#dd5443} +.sns-wrap-reg .sns-google {border-color:#ca2c19;background:#4285F4} .sns-wrap-reg .sns-google .ico {background-position:-58px 0} .sns-wrap-reg .sns-facebook {border-color:#2e5393;background:#3a5897} .sns-wrap-reg .sns-facebook .ico {background-position:0 0 } @@ -49,7 +49,7 @@ /* SNS by COLOR */ .sns-wrap-over .sns-naver {background:url('./img/sns_naver_s.png') no-repeat} -.sns-wrap-over .sns-google {background:url('./img/sns_gp_s.png') no-repeat} +.sns-wrap-over .sns-google {} .sns-wrap-over .sns-facebook {background:url('./img/sns_fb_s.png') no-repeat} .sns-wrap-over .sns-twitter {background:url('./img/sns_twitter_s.png') no-repeat} .sns-wrap-over .sns-payco {background:url('./img/sns_payco_s.png') no-repeat} @@ -67,12 +67,13 @@ /*로그인 */ #sns_login {border:0;margin-top:15px;border-top:1px solid #edeaea} #sns_login h3 {padding:10px 0 0;text-align:left;font-weight:bold} -#sns_login .sns-icon {display:block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px} +#sns_login .sns-icon {position:relative;display:block;height:40px;line-height:40px;width:100%;margin:0 0 5px;padding-left:40px;text-align:left;color:#fff;border-radius:2px} #sns_login .sns-naver {background-color:#1fc800;background-position:5px 5px;border-bottom:1px solid #1ea505} #sns_login .sns-kakao {background-color:#ffeb00;background-position:5px 5px;border-bottom:1px solid #e2c10a} #sns_login .sns-kakao {color:#3c1e1e} #sns_login .sns-facebook {background-color:#3b579d;background-position:5px 5px;border-bottom:1px solid #28458f} -#sns_login .sns-google {background-color:#db4a3a;background-position:5px 5px;border-bottom:1px solid #c03121} +#sns_login .sns-google {background-color:#4285F4;background-position:5px 5px;border-bottom:1px solid #3567c6;letter-spacing:-0.5px} +#sns_login .sns-google .ico {position:absolute;top:3px;left:3px;width:33px;height:33px;background:url('./img/sns_gp_s.png') no-repeat center center;background-color:#fff;background-size:28px 28px!important;border-radius:2px} #sns_login .sns-twitter {background-color:#1ea1f2;background-position:5px 5px;border-bottom:1px solid #1e82c0} #sns_login .sns-payco {background-color:#df0b00;background-position:5px 5px;border-bottom:1px solid #9d0800} #sns_login .txt {text-align:left;padding-left:10px;border-left:1px solid rgba(0,0,0,0.1);display:block;font-weight:bold} @@ -88,7 +89,8 @@ #sns_register .sns-naver {background-color:#1fc800;background-position:0 0} #sns_register .sns-kakao {background-color:#ffeb00;background-position:0 0} #sns_register .sns-facebook {background-color:#3b579d;background-position:0 0} -#sns_register .sns-google {background-color:#db4a3a;background-position:0 0} +#sns_register .sns-google {background-color:#fff;background-position:0 0;border-radius:2px;border:1px solid #999} +#sns_register .sns-google .ico {background:url('./img/sns_gp_s.png') no-repeat;height:30px} #sns_register .sns-twitter {background-color:#1ea1f2;background-position:0 0} #sns_register .sns-payco {background-color:#df0b00;background-position:0 0} #sns_register .txt {position:absolute;line-height:0;font-size:0;vertical-align:middle;overflow:hidden} From 54e5c1b8384f1fb16f779d808f3d8ad54040e014 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 24 Nov 2020 11:03:17 +0900 Subject: [PATCH 14/16] =?UTF-8?q?get=5Fmagic=5Fquotes=5Fgpc=ED=95=A8?= =?UTF-8?q?=EC=88=98=20DEPRECATED=20=EC=97=90=20=EB=8C=80=ED=95=9C=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index fc22fb036..5ea293e09 100644 --- a/common.php +++ b/common.php @@ -98,7 +98,7 @@ function sql_escape_string($str) // SQL Injection 등으로 부터 보호를 위해 sql_escape_string() 적용 //------------------------------------------------------------------------------ // magic_quotes_gpc 에 의한 backslashes 제거 -if (get_magic_quotes_gpc()) { +if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $_POST = array_map_deep('stripslashes', $_POST); $_GET = array_map_deep('stripslashes', $_GET); $_COOKIE = array_map_deep('stripslashes', $_COOKIE); From 4ae4bea8e5a59be94eda9c8803ee654a23c661ce Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 24 Nov 2020 11:15:20 +0900 Subject: [PATCH 15/16] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.3.1=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 6ff6fbcc9..fd533ab40 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.3'); +define('G5_GNUBOARD_VER', '5.4.3.1'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); From a18cd9d971d2796c73edd5cca2bbc390788090ea Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 24 Nov 2020 11:35:57 +0900 Subject: [PATCH 16/16] =?UTF-8?q?=EA=B0=A4=EB=9F=AC=EB=A6=AC=20=EB=AA=A9?= =?UTF-8?q?=EB=A1=9D=20bo=5Fgallery=5Fheight=20=EC=8A=A4=ED=83=80=EC=9D=BC?= =?UTF-8?q?=20=EC=B6=94=EA=B0=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/board/gallery/list.skin.php | 6 ++++-- theme/basic/skin/board/gallery/list.skin.php | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/skin/board/gallery/list.skin.php b/skin/board/gallery/list.skin.php index f281670c2..a9c0bf444 100644 --- a/skin/board/gallery/list.skin.php +++ b/skin/board/gallery/list.skin.php @@ -84,6 +84,8 @@ add_stylesheet('', 0 if( $wr_id && $wr_id == $list[$i]['wr_id'] ){ $classes[] = 'gall_now'; } + + $line_height_style = ($board['bo_gallery_height'] > 0) ? 'line-height:'.$board['bo_gallery_height'].'px' : ''; ?>
  • @@ -110,14 +112,14 @@ add_stylesheet('', 0 - 공지 + 공지 '; } else { - $img_content = 'no image'; + $img_content = 'no image'; } echo run_replace('thumb_image_tag', $img_content, $thumb); diff --git a/theme/basic/skin/board/gallery/list.skin.php b/theme/basic/skin/board/gallery/list.skin.php index a63df1b6f..a438cb458 100644 --- a/theme/basic/skin/board/gallery/list.skin.php +++ b/theme/basic/skin/board/gallery/list.skin.php @@ -83,6 +83,8 @@ add_stylesheet('', 0 if( $wr_id && $wr_id == $list[$i]['wr_id'] ){ $classes[] = 'gall_now'; } + + $line_height_style = ($board['bo_gallery_height'] > 0) ? 'line-height:'.$board['bo_gallery_height'].'px' : ''; ?>
  • @@ -109,14 +111,14 @@ add_stylesheet('', 0 - 공지 + 공지 '; } else { - $img_content = 'no image'; + $img_content = 'no image'; } echo run_replace('thumb_image_tag', $img_content, $thumb);