From 6b52f0570ddb5ebf88c43aa0e4875f0359a948c3 Mon Sep 17 00:00:00 2001 From: whitedot Date: Wed, 7 Jul 2021 16:34:10 +0900 Subject: [PATCH 01/14] =?UTF-8?q?UI=20:=20=EC=B5=9C=EC=8B=A0=EA=B8=80=20?= =?UTF-8?q?=EC=8A=A4=ED=82=A8=20=EC=8A=A4=ED=83=80=EC=9D=BC=EC=8B=9C?= =?UTF-8?q?=ED=8A=B8=EC=97=90=EC=84=9C=20=EC=A4=91=EB=B3=B5=EB=90=98?= =?UTF-8?q?=EB=8A=94=20=EC=86=8D=EC=84=B1=EA=B0=92=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/latest/basic/style.css | 2 +- theme/basic/skin/latest/basic/style.css | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/skin/latest/basic/style.css b/skin/latest/basic/style.css index 5e7edc809..7abc3fb45 100644 --- a/skin/latest/basic/style.css +++ b/skin/latest/basic/style.css @@ -7,7 +7,7 @@ .lat ul {padding:10px 0} .lat li {position:relative;line-height:18px;border-bottom:1px solid #e5ecee;margin-bottom:10px} -.lat li a {line-height:24px;font-weight:bold;font-size:1.2em;line-height:20px;vertical-align:middle} +.lat li a {font-weight:bold;font-size:1.2em;line-height:20px;vertical-align:middle} .lat li a:hover {color:#3a8afd} .lat li .fa-heart {color:#ff0000} .lat li .fa-lock {display:inline-block;line-height:14px;width:16px;font-size:0.833em;color:#4f818c;background:#cbe3e8;text-align:center;border-radius:2px;font-size:12px;border:1px solid #cbe3e8;vertical-align:middle} diff --git a/theme/basic/skin/latest/basic/style.css b/theme/basic/skin/latest/basic/style.css index 5e7edc809..7abc3fb45 100644 --- a/theme/basic/skin/latest/basic/style.css +++ b/theme/basic/skin/latest/basic/style.css @@ -7,7 +7,7 @@ .lat ul {padding:10px 0} .lat li {position:relative;line-height:18px;border-bottom:1px solid #e5ecee;margin-bottom:10px} -.lat li a {line-height:24px;font-weight:bold;font-size:1.2em;line-height:20px;vertical-align:middle} +.lat li a {font-weight:bold;font-size:1.2em;line-height:20px;vertical-align:middle} .lat li a:hover {color:#3a8afd} .lat li .fa-heart {color:#ff0000} .lat li .fa-lock {display:inline-block;line-height:14px;width:16px;font-size:0.833em;color:#4f818c;background:#cbe3e8;text-align:center;border-radius:2px;font-size:12px;border:1px solid #cbe3e8;vertical-align:middle} From c9fb4ff9d141cd89182189359810c44b479fb311 Mon Sep 17 00:00:00 2001 From: whitedot Date: Wed, 7 Jul 2021 16:46:06 +0900 Subject: [PATCH 02/14] =?UTF-8?q?UI=20:=20=EC=98=B5=EC=85=98=20=EC=97=86?= =?UTF-8?q?=EB=8A=94=20=EC=83=81=ED=92=88=EC=97=90=EC=84=9C=20=EC=88=98?= =?UTF-8?q?=EB=9F=89=20=EB=B3=80=EA=B2=BD=ED=95=A0=20=EB=95=8C=20UI=20?= =?UTF-8?q?=EC=9D=BC=EA=B4=80=EB=90=98=EA=B2=8C=20=ED=91=9C=EC=8B=9C?= =?UTF-8?q?=EB=90=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/shop.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/shop.js b/js/shop.js index f1281f4c3..da9dbba88 100644 --- a/js/shop.js +++ b/js/shop.js @@ -480,7 +480,7 @@ function price_calculate() } }); - $("#sit_tot_price").empty().html("총 금액 : "+number_format(String(total))+"원"); + $("#sit_tot_price").empty().html("총 금액 :"+number_format(String(total))+" 원"); $("#sit_tot_price").trigger("price_calculate", [total]); } From b8223d440931e5f258710be71dda90588daf1de8 Mon Sep 17 00:00:00 2001 From: loves2tu Date: Wed, 19 Jan 2022 06:16:31 +0000 Subject: [PATCH 03/14] =?UTF-8?q?=EA=B5=AC=EA=B8=80=20=ED=8C=90=EB=A7=A4?= =?UTF-8?q?=EC=9E=90=EC=84=BC=ED=84=B0=20=ED=94=BC=EB=93=9C=20=20-=20?= =?UTF-8?q?=EC=83=81=ED=92=88=20adult=20=EA=B4=80=EB=A0=A8=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/price/google_feed.php | 1 + 1 file changed, 1 insertion(+) diff --git a/shop/price/google_feed.php b/shop/price/google_feed.php index 642a97e2a..19b6b7bef 100644 --- a/shop/price/google_feed.php +++ b/shop/price/google_feed.php @@ -78,6 +78,7 @@ for ($i = 0; $row = sql_fetch_array($result); $i++) { $adult = "no"; foreach($cate_array as $key => $var) { + if(empty($var)) continue; if(in_array(1, $category_adult_array[$var])) { $adult = "yes"; } From ff74503bac1807b39cb4a61688bba44ece7c3385 Mon Sep 17 00:00:00 2001 From: seeoya Date: Mon, 24 Jan 2022 14:16:30 +0900 Subject: [PATCH 04/14] =?UTF-8?q?#155=20=EB=B2=84=ED=8A=BC=20=EC=8A=A4?= =?UTF-8?q?=ED=83=80=EC=9D=BC=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/default.css | 2 +- css/default_shop.css | 2 +- theme/basic/css/default.css | 2 +- theme/basic/css/default_shop.css | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/css/default.css b/css/default.css index 23aac5b1b..b32a453e0 100644 --- a/css/default.css +++ b/css/default.css @@ -272,7 +272,7 @@ a.btn_close {text-align:center;line-height:50px} a.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} button.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} .btn_cancel:hover {background:#aaa} -a.btn_frmline, button.btn_frmline {display:inline-block;padding:0 25px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ +a.btn_frmline, button.btn_frmline {display:inline-block;width:128px;padding:0 5px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ a.btn_frmline {} button.btn_frmline {font-size:1em} diff --git a/css/default_shop.css b/css/default_shop.css index a06fefcf4..1324ab663 100644 --- a/css/default_shop.css +++ b/css/default_shop.css @@ -329,7 +329,7 @@ a.btn_close {text-align:center;line-height:50px} a.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} button.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} .btn_cancel:hover {background:#aaa} -a.btn_frmline, button.btn_frmline {display:inline-block;padding:0 25px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ +a.btn_frmline, button.btn_frmline {display:inline-block;width:128px;padding:0 5px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ a.btn_frmline {} button.btn_frmline {font-size:1em} a.btn_frmline {line-height:24px} diff --git a/theme/basic/css/default.css b/theme/basic/css/default.css index ea1ff09d6..334b0b3c0 100644 --- a/theme/basic/css/default.css +++ b/theme/basic/css/default.css @@ -273,7 +273,7 @@ a.btn_close {text-align:center;line-height:50px} a.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} button.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} .btn_cancel:hover {background:#aaa} -a.btn_frmline, button.btn_frmline {display:inline-block;padding:0 25px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ +a.btn_frmline, button.btn_frmline {display:inline-block;width:128px;padding:0 5px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ a.btn_frmline {} button.btn_frmline {font-size:1em} diff --git a/theme/basic/css/default_shop.css b/theme/basic/css/default_shop.css index 3a2ada3ef..c29301c5e 100644 --- a/theme/basic/css/default_shop.css +++ b/theme/basic/css/default_shop.css @@ -329,7 +329,7 @@ a.btn_close {text-align:center;line-height:50px} a.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} button.btn_cancel {display:inline-block;background:#969696;color:#fff;text-decoration:none;vertical-align:middle} .btn_cancel:hover {background:#aaa} -a.btn_frmline, button.btn_frmline {display:inline-block;padding:0 25px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ +a.btn_frmline, button.btn_frmline {display:inline-block;width:128px;padding:0 5px;height:40px;border:0;background:#434a54;border-radius:3px;color:#fff;text-decoration:none;vertical-align:top} /* 우편번호검색버튼 등 */ a.btn_frmline {} button.btn_frmline {font-size:1em} a.btn_frmline {line-height:24px} From 967b7cca18cff9fbc857c171dd58fe919deab447 Mon Sep 17 00:00:00 2001 From: 39hn Date: Fri, 28 Jan 2022 09:50:00 +0900 Subject: [PATCH 05/14] =?UTF-8?q?=EC=9D=BC=EB=B6=80=20=EB=AA=A8=EB=B0=94?= =?UTF-8?q?=EC=9D=BC=20=ED=8E=98=EC=9D=B4=EC=A7=80=EC=97=90=EC=84=9C=20?= =?UTF-8?q?=ED=85=8C=EB=A7=88=20=ED=8C=8C=EC=9D=BC=20=EC=B2=B4=ED=81=AC=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/mypage.php | 2 +- mobile/shop/orderinquiry.sub.php | 2 +- mobile/shop/orderinquiryview.php | 2 +- mobile/shop/wishlist.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mobile/shop/mypage.php b/mobile/shop/mypage.php index e91dd1165..982950a51 100644 --- a/mobile/shop/mypage.php +++ b/mobile/shop/mypage.php @@ -2,7 +2,7 @@ include_once('./_common.php'); // 테마에 mypage.php 있으면 include -if(defined('G5_THEME_SHOP_PATH')) { +if(defined('G5_THEME_MSHOP_PATH')) { $theme_mypage_file = G5_THEME_MSHOP_PATH.'/mypage.php'; if(is_file($theme_mypage_file)) { include_once($theme_mypage_file); diff --git a/mobile/shop/orderinquiry.sub.php b/mobile/shop/orderinquiry.sub.php index 61a02f1ca..600dd04d5 100644 --- a/mobile/shop/orderinquiry.sub.php +++ b/mobile/shop/orderinquiry.sub.php @@ -4,7 +4,7 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가 if (!defined("_ORDERINQUIRY_")) exit; // 개별 페이지 접근 불가 // 테마에 orderinquiry.sub.php 있으면 include -if(defined('G5_THEME_SHOP_PATH')) { +if(defined('G5_THEME_MSHOP_PATH')) { $theme_inquiry_file = G5_THEME_MSHOP_PATH.'/orderinquiry.sub.php'; if(is_file($theme_inquiry_file)) { include_once($theme_inquiry_file); diff --git a/mobile/shop/orderinquiryview.php b/mobile/shop/orderinquiryview.php index 2ac0cab53..63c54028a 100644 --- a/mobile/shop/orderinquiryview.php +++ b/mobile/shop/orderinquiryview.php @@ -2,7 +2,7 @@ include_once('./_common.php'); // 테마에 orderinquiryview.php 있으면 include -if(defined('G5_THEME_SHOP_PATH')) { +if(defined('G5_THEME_MSHOP_PATH')) { $theme_inquiryview_file = G5_THEME_MSHOP_PATH.'/orderinquiryview.php'; if(is_file($theme_inquiryview_file)) { include_once($theme_inquiryview_file); diff --git a/mobile/shop/wishlist.php b/mobile/shop/wishlist.php index 0847d6108..9d92fc7ae 100644 --- a/mobile/shop/wishlist.php +++ b/mobile/shop/wishlist.php @@ -2,7 +2,7 @@ include_once('./_common.php'); // 테마에 wishlist.php 있으면 include -if(defined('G5_THEME_SHOP_PATH')) { +if(defined('G5_THEME_MSHOP_PATH')) { $theme_wishlist_file = G5_THEME_MSHOP_PATH.'/wishlist.php'; if(is_file($theme_wishlist_file)) { include_once($theme_wishlist_file); From cb61fa30459820564b9f8c5483934e9a47a64ff5 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 11 Mar 2022 11:01:15 +0900 Subject: [PATCH 06/14] =?UTF-8?q?#167=20Security=20Report=20:=20Cross-Site?= =?UTF-8?q?=20Scripting=20=EC=98=A4=EB=A5=98=20=ED=95=B4=EA=B2=B0=20(P0cas?= =?UTF-8?q?=EB=8B=98,220311)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bbs/memo.php b/bbs/memo.php index 86ffb7930..f7cd044e7 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -16,8 +16,7 @@ if ($kind == 'recv') else if ($kind == 'send') $unkind = 'recv'; else { - $kind = clean_xss_tags(trim($kind)); - alert(''.$kind .'값을 넘겨주세요.'); + alert("kind 변수 값이 올바르지 않습니다."); } if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) From 30a24811455ab51f91d7be331747741f80d877c5 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 11 Mar 2022 11:08:13 +0900 Subject: [PATCH 07/14] =?UTF-8?q?Cross-site=20Scripting=20(XSS)=20?= =?UTF-8?q?=ED=95=B4=EA=B2=B0=20(SeungHyunKim=EB=8B=98,220311)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/lg/mispwapurl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mobile/shop/lg/mispwapurl.php b/mobile/shop/lg/mispwapurl.php index 83fc1de52..79e1f1360 100644 --- a/mobile/shop/lg/mispwapurl.php +++ b/mobile/shop/lg/mispwapurl.php @@ -2,7 +2,7 @@ // 해당 페이지는 사용자가 ISP{국민/BC) 카드 결제를 성공하였을 때, 사용자에게 보여지는 페이지입니다. include_once('./_common.php'); -$LGD_OID = $_GET['LGD_OID']; +$LGD_OID = clean_xss_tags($_GET['LGD_OID']); echo "LGD_OID = ".$LGD_OID; From bdcf17dfc253871a459fbcab47c5ad8d7a8df389 Mon Sep 17 00:00:00 2001 From: kagla Date: Tue, 15 Mar 2022 15:19:59 +0900 Subject: [PATCH 08/14] =?UTF-8?q?Warning:=20Trying=20to=20access=20array?= =?UTF-8?q?=20offset=20on=20value=20of=20type=20null=20=EC=98=A4=EB=A5=98?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/settle_lg_common.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shop/settle_lg_common.php b/shop/settle_lg_common.php index cc2365782..21d6662c3 100644 --- a/shop/settle_lg_common.php +++ b/shop/settle_lg_common.php @@ -80,7 +80,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면 $result = false; - if($row['pp_id']) { + if(isset($row['pp_id']) && $row['pp_id']) { // 개인결제 UPDATE $sql = " update {$g5['g5_shop_personalpay_table']} set pp_receipt_price = '$LGD_AMOUNT', @@ -113,7 +113,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면 } if($result) { - if($row['od_id']) + if(isset($row['od_id']) && $row['od_id']) $od_id = $row['od_id']; else $od_id = $LGD_OID; From af3b1b69d3dbc5553aa76fe27ec14cb1bde9ad74 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:04:56 +0900 Subject: [PATCH 09/14] =?UTF-8?q?Proxy=20=EC=84=9C=EB=B2=84=EB=82=98=20?= =?UTF-8?q?=EB=A1=9C=EB=93=9C=EB=B0=B8=EB=9F=B0=EC=84=9C=20=EB=93=B1?= =?UTF-8?q?=EC=97=90=EC=84=9C=EB=8A=94=20=EC=82=AC=EC=9A=A9=EC=9E=90?= =?UTF-8?q?=EC=9D=98=20IP=EA=B0=80=20REMOTE=5FADDR=20=EC=9D=B4=20=EC=95=84?= =?UTF-8?q?=EB=8B=8C=20HTTP=5FX=5FFORWARDED=5FFOR=20=EC=97=90=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=EB=90=9C=20=EA=B2=BD=EC=9A=B0=EA=B0=80=20=EC=9E=88?= =?UTF-8?q?=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/settle_inicis_common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shop/settle_inicis_common.php b/shop/settle_inicis_common.php index f885e7bf7..b3c63871e 100644 --- a/shop/settle_inicis_common.php +++ b/shop/settle_inicis_common.php @@ -14,7 +14,7 @@ $INIpayLog = false; // 로그를 기록하려면 true 로 수 //********************************************************************************** -$PG_IP = $_SERVER['REMOTE_ADDR']; +$PG_IP = get_real_client_ip(); if( $PG_IP == "203.238.37.3" || $PG_IP == "203.238.37.15" || $PG_IP == "203.238.37.16" || $PG_IP == "203.238.37.25" || $PG_IP == "39.115.212.9" ) //PG에서 보냈는지 IP로 체크 { From d79c3be7baa108816899214d888669b3fe95bbbd Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:07:13 +0900 Subject: [PATCH 10/14] =?UTF-8?q?SQL=20=EA=B5=AC=EB=AC=B8=20=EC=98=A4?= =?UTF-8?q?=EB=A5=98=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index f36c60add..32c87cd66 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -221,6 +221,9 @@ if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject'])) $wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id); +$options = array($html,$secret,$mail); +$wr_option = implode(',', array_filter($options, function($v) { return trim($v); })); + if ($w == '' || $w == 'r') { if ($member['mb_id']) { @@ -258,7 +261,7 @@ if ($w == '' || $w == 'r') { wr_reply = '$wr_reply', wr_comment = 0, ca_name = '$ca_name', - wr_option = '$html,$secret,$mail', + wr_option = '$wr_option', wr_subject = '$wr_subject', wr_content = '$wr_content', wr_seo_title = '$wr_seo_title', @@ -380,7 +383,7 @@ if ($w == '' || $w == 'r') { $sql = " update {$write_table} set ca_name = '{$ca_name}', - wr_option = '{$html},{$secret},{$mail}', + wr_option = '{$wr_option}', wr_subject = '{$wr_subject}', wr_content = '{$wr_content}', wr_seo_title = '$wr_seo_title', From 8021ebadf9f7435b47a2c04a18e2008c3c667bd9 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:39:14 +0900 Subject: [PATCH 11/14] =?UTF-8?q?Proxy=20=EC=84=9C=EB=B2=84=EB=82=98=20?= =?UTF-8?q?=EB=A1=9C=EB=93=9C=EB=B0=B8=EB=9F=B0=EC=84=9C=20=EB=93=B1?= =?UTF-8?q?=EC=97=90=EC=84=9C=EB=8A=94=20HTTPS=20=EC=A0=91=EC=86=8D?= =?UTF-8?q?=EC=8B=9C=20HTTP=5FX=5FFORWARDED=5FPROTO=20=EB=A1=9C=20?= =?UTF-8?q?=EC=B2=B4=ED=81=AC=ED=95=B4=EC=95=BC=20=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EA=B2=BD=EC=9A=B0=EA=B0=80=20=EC=9E=88=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config.php b/config.php index 9c67d04f2..d8d72a5c3 100644 --- a/config.php +++ b/config.php @@ -229,7 +229,8 @@ define('G5_VISIT_BROWSCAP_USE', false); */ define('G5_IP_DISPLAY', '\\1.♡.\\3.\\4'); -if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') { //https 통신일때 daum 주소 js +if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || + (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']==='https')) { //https 통신일때 daum 주소 js define('G5_POSTCODE_JS', ''); } else { //http 통신일때 daum 주소 js define('G5_POSTCODE_JS', ''); From ae6190116ffc8afaa7ac1497498196c3abaff58c Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 17:20:31 +0900 Subject: [PATCH 12/14] =?UTF-8?q?height=20=EC=A4=91=EB=B3=B5=EC=84=A0?= =?UTF-8?q?=EC=96=B8=20=ED=95=B4=EA=B2=B0=20(=EB=83=A0=EB=83=A0=EC=9D=B4?= =?UTF-8?q?=EB=8B=98,220316)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- theme/basic/css/default.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/theme/basic/css/default.css b/theme/basic/css/default.css index 334b0b3c0..9efda9dce 100644 --- a/theme/basic/css/default.css +++ b/theme/basic/css/default.css @@ -169,7 +169,7 @@ box-shadow:0 2px 5px rgba(0,0,0,0.2)} #container_wr {margin:0 auto;zoom:1} #aside {float:right;width:235px;padding:0;height:100%;margin:20px 0 20px 20px} -#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;height:500px;font-size:1em;width:930px;zoom:1} +#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;font-size:1em;width:930px;zoom:1} #container:after {display:block;visibility:hidden;clear:both;content:""} #container_title {font-size:1.333em;margin:0 auto;font-weight:bold} #container_title span {margin:0 auto 10px;display:block;line-height:30px} From 84a065c31b264611897d577338340dd87fb68ef6 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 17 Mar 2022 11:17:22 +0900 Subject: [PATCH 13/14] =?UTF-8?q?host=20=EA=B0=80=20inicis.com=20=EC=9D=98?= =?UTF-8?q?=20=EC=A3=BC=EC=86=8C=EA=B0=80=20=EC=95=84=EB=8B=88=EB=9D=BC?= =?UTF-8?q?=EB=A9=B4=20false=20=EB=B0=98=ED=99=98,=20XSS=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0=20(03sunf=EB=8B=98,2203?= =?UTF-8?q?17)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/inicis/libs/HttpClient.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/shop/inicis/libs/HttpClient.php b/shop/inicis/libs/HttpClient.php index 2799437cf..2179eb82e 100644 --- a/shop/inicis/libs/HttpClient.php +++ b/shop/inicis/libs/HttpClient.php @@ -32,6 +32,12 @@ class HttpClient { $data = substr($data, 1); // remove leading "&" $url_data = parse_url($url); + // host 가 inicis.com 의 주소가 아니라면 false 반환 + // [scheme] => https, [host] => fcstdpay.inicis.com, [path] => /api/payAuth + if (preg_match("#inicis\.com$#", $url_data["host"]) == false) { + // error_log(print_r($url_data, 1)); + return false; + } if ($url_data["scheme"] == "https") { $this->ssl = "ssl://"; From 05035d6f6cb3a0175cd4f30abc62f1f6cf965cec Mon Sep 17 00:00:00 2001 From: kagla Date: Mon, 21 Mar 2022 10:43:23 +0900 Subject: [PATCH 14/14] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.5.4=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index f6d40802b..3f7cf1dea 100644 --- a/version.php +++ b/version.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.5.3.1'); +define('G5_GNUBOARD_VER', '5.5.4'); // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.