diff --git a/adm/index.php b/adm/index.php
index 7dd5ef93a..da3d7d8a6 100644
--- a/adm/index.php
+++ b/adm/index.php
@@ -176,7 +176,7 @@ $colspan = 5;
$comment_link = "";
$row2 = sql_fetch(" select * from $tmp_write_table where wr_id = '{$row['wr_id']}' ");
- $name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);
+ $name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row2['wr_datetime'],0,10);
$datetime2 = $row2['wr_datetime'];
@@ -193,7 +193,7 @@ $colspan = 5;
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_parent']}' ");
$row3 = sql_fetch(" select mb_id, wr_name, wr_email, wr_homepage, wr_datetime from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
- $name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']);
+ $name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']);
// 당일인 경우 시간으로 표시함
$datetime = substr($row3['wr_datetime'],0,10);
$datetime2 = $row3['wr_datetime'];
diff --git a/bbs/poll_update.php b/bbs/poll_update.php
index 154753af0..292e3ae7b 100644
--- a/bbs/poll_update.php
+++ b/bbs/poll_update.php
@@ -8,6 +8,7 @@ if (!$po['po_id'])
if ($member['mb_level'] < $po['po_level'])
alert_close('권한 '.$po['po_level'].' 이상 회원만 투표에 참여하실 수 있습니다.');
+$gb_poll = preg_replace('/[^0-9]/', '', $gb_poll);
if(!$gb_poll)
alert_close('항목을 선택하세요.');
diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index b4ec7d3d5..232678ab4 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -28,6 +28,7 @@ if(isset($_POST['qa_email']) && $qa_email) {
$qa_subject = '';
if (isset($_POST['qa_subject'])) {
$qa_subject = substr(trim($_POST['qa_subject']),0,255);
+ $qa_subject = preg_replace("#[\\\]+$#", "", $qa_subject);
}
if ($qa_subject == '') {
$msg[] = '제목을 입력하세요.';
@@ -36,6 +37,7 @@ if ($qa_subject == '') {
$qa_content = '';
if (isset($_POST['qa_content'])) {
$qa_content = substr(trim($_POST['qa_content']),0,65536);
+ $qa_content = preg_replace("#[\\\]+$#", "", $qa_content);
}
if ($qa_content == '') {
$msg[] = '내용을 입력하세요.';
@@ -132,7 +134,7 @@ for ($i=1; $i<=count($_FILES['bf_file']['name']); $i++) {
$tmp_file = $_FILES['bf_file']['tmp_name'][$i];
$filesize = $_FILES['bf_file']['size'][$i];
$filename = $_FILES['bf_file']['name'][$i];
- $filename = preg_replace('/(<|>|=)/', '', $filename);
+ $filename = get_safe_filename($filename);
// 서버에 설정된 값보다 큰파일을 업로드 한다면
if ($filename) {
diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php
index a7b1e5196..c19f2c091 100644
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@@ -56,6 +56,8 @@ $mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10'])
if ($w == '' || $w == 'u') {
if ($msg = empty_mb_id($mb_id)) alert($msg, "", true, true); // alert($msg, $url, $error, $post);
+ if ($msg = valid_mb_id($mb_id)) alert($msg, "", true, true);
+ if ($msg = count_mb_id($mb_id)) alert($msg, "", true, true);
if ($w == '' && !$mb_password)
alert('비밀번호가 넘어오지 않았습니다.');
diff --git a/bbs/write.php b/bbs/write.php
index e03fe4996..97ef6b81a 100644
--- a/bbs/write.php
+++ b/bbs/write.php
@@ -319,7 +319,7 @@ if ($w == '') {
}
$name = get_text(cut_str($write['wr_name'],20));
- $email = $write['wr_email'];
+ $email = get_email_address($write['wr_email']);
$homepage = get_text($write['wr_homepage']);
for ($i=1; $i<=G5_LINK_COUNT; $i++) {
diff --git a/bbs/write_update.php b/bbs/write_update.php
index 507f15e54..cdb140102 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -19,6 +19,7 @@ if ($wr_subject == '') {
$wr_content = '';
if (isset($_POST['wr_content'])) {
$wr_content = substr(trim($_POST['wr_content']),0,65536);
+ $wr_content = preg_replace("#[\\\]+$#", "", $wr_content);
}
if ($wr_content == '') {
$msg[] = '내용을 입력하세요.';
@@ -211,7 +212,7 @@ for ($i=0; $i|=)/', '', $filename);
+ $filename = get_safe_filename($filename);
// 서버에 설정된 값보다 큰파일을 업로드 한다면
if ($filename) {
@@ -297,6 +298,7 @@ if ($w == '' || $w == 'r') {
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);
+ $wr_email = get_email_address(trim($_POST['wr_email']));
}
if ($w == 'r') {
@@ -417,6 +419,7 @@ if ($w == '' || $w == 'r') {
$mb_id = "";
// 비회원의 경우 이름이 누락되는 경우가 있음
//if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다.");
+ $wr_email = get_email_address(trim($_POST['wr_email']));
}
$sql_password = $wr_password ? " , wr_password = '".sql_password($wr_password)."' " : "";
diff --git a/common.php b/common.php
index 5e528a392..66eef1ed5 100644
--- a/common.php
+++ b/common.php
@@ -20,8 +20,9 @@ $ext_arr = array ('PHP_SELF', '_ENV', '_GET', '_POST', '_FILES', '_SERVER', '_CO
'HTTP_COOKIE_VARS', 'HTTP_SESSION_VARS', 'GLOBALS');
$ext_cnt = count($ext_arr);
for ($i=0; $i<$ext_cnt; $i++) {
- // GET 으로 선언된 전역변수가 있다면 unset() 시킴
- if (isset($_GET[$ext_arr[$i]])) unset($_GET[$ext_arr[$i]]);
+ // POST, GET 으로 선언된 전역변수가 있다면 unset() 시킴
+ if (isset($_GET[$ext_arr[$i]])) unset($_GET[$ext_arr[$i]]);
+ if (isset($_POST[$ext_arr[$i]])) unset($_POST[$ext_arr[$i]]);
}
//==========================================================================================================================
@@ -381,7 +382,7 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면
$tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
// 최고관리자는 자동로그인 금지
- if ($tmp_mb_id != $config['cf_admin']) {
+ if (strtolower($tmp_mb_id) != strtolower($config['cf_admin'])) {
$sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
$row = sql_fetch($sql);
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 7c8b9f833..d45ba208f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2688,4 +2688,13 @@ function get_email_address($email)
return $matches[0];
}
+
+// 파일명에서 특수문자 제거
+function get_safe_filename($name)
+{
+ $pattern = '/["\'<>=#&!%\\\\(\)\*\+\?]/';
+ $name = preg_replace($pattern, '', $name);
+
+ return $name;
+}
?>
\ No newline at end of file