5.5버전 브랜치와 충돌수정

2024-06-07 12:43:34 +09:00
parent a301d3e1f0 62c0803cf5
commit 80846ac637
13 changed files with 59 additions and 18 deletions
--- a/adm/member_form.php
+++ b/adm/member_form.php
@ -205,7 +205,7 @@ if (isset($mb_id) && $mb_id) {
 if ($mb['mb_intercept_date']) {
    $g5['title'] = "차단된 ";
 } else {
-    $g5['title'] .= "";
+    $g5['title'] = "";
 }
 $g5['title'] .= '회원 ' . $html_title;
 require_once './admin.head.php';
--- a/adm/shop_admin/itemstocklist.php
+++ b/adm/shop_admin/itemstocklist.php
@ -35,7 +35,7 @@ $sql_common .= $sql_search;
 // 테이블의 전체 레코드수만 얻음
 $sql = " select count(*) as cnt " . $sql_common;
 $row = sql_fetch($sql);
-$total_count = $row['cnt'];
+$total_count = isset($row['cnt']) ? $row['cnt'] : 0;

 $rows = $config['cf_page_rows'];
 $total_page  = ceil($total_count / $rows);  // 전체 페이지 계산
@ -171,7 +171,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
            <?php echo $row['it_id']; ?>
        </td>
        <td class="td_left"><a href="<?php echo $href; ?>"><?php echo get_it_image($row['it_id'], 50, 50); ?> <?php echo cut_str(stripslashes($row['it_name']), 60, "&#133"); ?></a></td>
-        <td class="td_num<?php echo $it_stock_qty_st; ?>"><?php echo (int)$it_stock_qty; ?></td>
+        <td class="td_num<?php echo $it_stock_qty_st; ?>"><?php echo get_text($it_stock_qty); ?></td>
        <td class="td_num"><?php echo number_format((float)$wait_qty); ?></td>
        <td class="td_num"><?php echo number_format((float)$temporary_qty); ?></td>
        <td class="td_num">
--- a/bbs/ajax.autosave.php
+++ b/bbs/ajax.autosave.php
@ -4,8 +4,8 @@ include_once('./_common.php');
 if (!$is_member) die('0');

 $uid     = isset($_REQUEST['uid']) ? preg_replace('/[^0-9]/', '', $_REQUEST['uid']) : 0;
-$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
-$content = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : '';
+$subject = isset($_REQUEST['subject']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['subject']),0,255)) : '';
+$content = isset($_REQUEST['content']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['content']),0,65536)) : '';

 if ($subject && $content) {
    $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@ -147,8 +147,16 @@ if(function_exists('set_cart_id')){
    cart_item_clean();
    set_cart_id('');
    $s_cart_id = get_session('ss_cart_id');
+
+    $add_cart_where = '';
+
+    // 장바구니에서 주문하기를 하는 경우
+    if (strpos($link, 'orderform.php') !== false) {
+        $add_cart_where = " and ct_select_time < '".date('Y-m-d H:i:s', strtotime('-1 hour', G5_SERVER_TIME))."' ";
+    }
+
    // 선택필드 초기화
-    $sql = " update {$g5['g5_shop_cart_table']} set ct_select = '0' where od_id = '$s_cart_id' ";
+    $sql = " update {$g5['g5_shop_cart_table']} set ct_select = '0' where od_id = '$s_cart_id' $add_cart_where ";
    sql_query($sql);
 }

--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -31,6 +31,10 @@ if($url){
    if( preg_match('#^/{3,}#', $url) ){
        $url = preg_replace('#^/{3,}#', '/', $url);
    }
+
+    if (function_exists('safe_filter_url_host')) {
+        $url = safe_filter_url_host($url);
+    }
 }

 $url = get_text($url);
--- a/bbs/memo_form_update.php
+++ b/bbs/memo_form_update.php
@ -14,24 +14,28 @@ $str_nick_list = '';
 $msg = '';
 $error_list  = array();
 $member_list = array('id'=>array(), 'nick'=>array());
+$me_memo = isset($_POST['me_memo']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['me_memo']),0,65536)) : '';

 run_event('memo_form_update_before', $recv_list);

 for ($i=0; $i<count($recv_list); $i++) {
-    $row = sql_fetch(" select mb_id, mb_nick, mb_open, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$recv_list[$i]}' ");
+
+    $recv_list_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $recv_list[$i]), 0, 20);
+
+    $row = sql_fetch(" select mb_id, mb_nick, mb_open, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$recv_list_id}' ");
    if ($row) {
        if ($is_admin || ($row['mb_open'] && (!$row['mb_leave_date'] && !$row['mb_intercept_date']))) {
            $member_list['id'][]   = $row['mb_id'];
            $member_list['nick'][] = $row['mb_nick'];
        } else {
-            $error_list[]   = $recv_list[$i];
+            $error_list[]   = $recv_list_id;
        }
    }
    /*
    // 관리자가 아니면서
    // 가입된 회원이 아니거나 정보공개를 하지 않았거나 탈퇴한 회원이거나 차단된 회원에게 쪽지를 보내는것은 에러
    if ((!$row['mb_id'] || !$row['mb_open'] || $row['mb_leave_date'] || $row['mb_intercept_date']) && !$is_admin) {
-        $error_list[]   = $recv_list[$i];
+        $error_list[]   = $recv_list_id;
    } else {
        $member_list['id'][]   = $row['mb_id'];
        $member_list['nick'][] = $row['mb_nick'];
@ -67,14 +71,14 @@ for ($i=0; $i<count($member_list['id']); $i++) {
    $recv_mb_nick = get_text($member_list['nick'][$i]);

    // 받는 회원 쪽지 INSERT
-    $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_type, me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}', '0000-00-00 00:00:00' , 'recv', '{$_SERVER['REMOTE_ADDR']}' ) ";
+    $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_type, me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$me_memo}', '0000-00-00 00:00:00' , 'recv', '{$_SERVER['REMOTE_ADDR']}' ) ";

    sql_query($sql);

    if( $me_id = sql_insert_id() ){

        // 보내는 회원 쪽지 INSERT
-        $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_send_id, me_type , me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}', '0000-00-00 00:00:00', '$me_id', 'send', '{$_SERVER['REMOTE_ADDR']}' ) ";
+        $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_send_id, me_type , me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$me_memo}', '0000-00-00 00:00:00', '$me_id', 'send', '{$_SERVER['REMOTE_ADDR']}' ) ";
        sql_query($sql);
 		
 		$member_list['me_id'][$i] = $me_id;
--- a/bbs/move_update.php
+++ b/bbs/move_update.php
@ -80,7 +80,7 @@ while ($row = sql_fetch_array($result))
            }

            $sql = " insert into $move_write_table
-                        set wr_num = " . ($next_wr_num ? "'$next_wr_num'" : "(SELECT IFNULL(MIN(wr_num) - 1, -1) FROM $move_write_table sq) ") . ",
+                        set wr_num = " . ($next_wr_num ? "'$next_wr_num'" : "(SELECT IFNULL(MIN(wr_num) - 1, -1) FROM $move_write_table as sq) ") . ",
                             wr_reply = '{$row2['wr_reply']}',
                             wr_is_comment = '{$row2['wr_is_comment']}',
                             wr_comment = '{$row2['wr_comment']}',
--- a/bbs/poll_update.php
+++ b/bbs/poll_update.php
@ -3,7 +3,7 @@ include_once('./_common.php');

 $po_id = isset($_POST['po_id']) ? preg_replace('/[^0-9]/', '', $_POST['po_id']) : 0;

-$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$_POST['po_id']}' ");
+$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '$po_id' ");
 if (! (isset($po['po_id']) && $po['po_id']))
    alert('po_id 값이 제대로 넘어오지 않았습니다.');

--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -102,6 +102,10 @@ function goto_url($url)
 {
    run_event('goto_url', $url);

+    if (function_exists('safe_filter_url_host')) {
+        $url = safe_filter_url_host($url);
+    }
+
    $url = str_replace("&amp;", "&", $url);
    //echo "<script> location.replace('$url'); </script>";

@ -182,6 +186,10 @@ function alert($msg='', $url='', $error=true, $post=false)

    run_event('alert', $msg, $url, $error, $post);

+    if (function_exists('safe_filter_url_host')) {
+        $url = safe_filter_url_host($url);
+    }
+
    $msg = $msg ? strip_tags($msg, '<br>') : '올바른 방법으로 이용해 주십시오.';

    $header = '';
@ -220,6 +228,12 @@ function confirm($msg, $url1='', $url2='', $url3='')
        alert($msg);
    }

+    if (function_exists('safe_filter_url_host')) {
+        $url1 = safe_filter_url_host($url1);
+        $url2 = safe_filter_url_host($url2);
+        $url3 = safe_filter_url_host($url3);
+    }
+
    if(!trim($url1) || !trim($url2)) {
        $msg = '$url1 과 $url2 를 지정해 주세요.';
        alert($msg);
@ -3598,6 +3612,13 @@ function login_password_check($mb, $pass, $hash)
    return check_password($pass, $hash);
 }

+function safe_filter_url_host($url) {
+
+    $regex = run_replace('safe_filter_url_regex', '\\', $url);
+
+    return $regex ? preg_replace('#'. preg_quote($regex, '#') .'#iu', '', $url) : '';
+}
+
 // 동일한 host url 인지
 function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
 {
--- a/lib/get_data.lib.php
+++ b/lib/get_data.lib.php
@ -145,6 +145,8 @@ function get_content_by_field($write_table, $type='bbs', $where_field='', $where
 {
    global $g5, $g5_object;

+    static $cache = array();
+
    $order_key = 'wr_id';

    if( $type === 'content' ){
--- a/plugin/htmlpurifier/extend.video.php
+++ b/plugin/htmlpurifier/extend.video.php
@ -8,7 +8,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 */

 if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
-	class HTMLPurifier_Filter_iframevideo extends HTMLPurifier_Filter
+	class HTMLPurifier_Filter_Iframevideo extends HTMLPurifier_Filter
 	{
 		public $name = 'Iframevideo';

--- a/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php
+++ b/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php
@ -20,8 +20,8 @@ class OAuth1Client{
 	public $redirect_uri          = "";

 	public $decode_json           = true;
-	public $curl_time_out         = 30;
-	public $curl_connect_time_out = 30;
+	public $curl_time_out         = 10;
+	public $curl_connect_time_out = 15;
 	public $curl_ssl_verifypeer   = false;
 	public $curl_auth_header      = true;
 	public $curl_useragent        = "OAuth/1 Simple PHP Client v0.1; HybridAuth http://hybridauth.sourceforge.net/";
@ -194,6 +194,7 @@ class OAuth1Client{
 		curl_setopt( $ci, CURLOPT_USERAGENT     , $this->curl_useragent );
 		curl_setopt( $ci, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out );
 		curl_setopt( $ci, CURLOPT_TIMEOUT       , $this->curl_time_out );
+		curl_setopt( $ci, CURLOPT_MAXREDIRS , 10);
 		curl_setopt( $ci, CURLOPT_RETURNTRANSFER, true );
 		curl_setopt( $ci, CURLOPT_HTTPHEADER    , array('Expect:') );
 		curl_setopt( $ci, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer );
--- a/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php
+++ b/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php
@ -26,8 +26,8 @@ class OAuth2Client
  //--

  public $sign_token_name          = "access_token";
-  public $curl_time_out            = 30;
-  public $curl_connect_time_out    = 30;
+  public $curl_time_out            = 10;
+  public $curl_connect_time_out    = 15;
  public $curl_ssl_verifypeer      = false;
  public $curl_ssl_verifyhost      = false;
  public $curl_header              = array();
@ -221,6 +221,7 @@ class OAuth2Client
    curl_setopt($ch, CURLOPT_TIMEOUT        , $this->curl_time_out );
    curl_setopt($ch, CURLOPT_USERAGENT      , $this->curl_useragent );
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out );
+    curl_setopt($ch, CURLOPT_MAXREDIRS , 10);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer );
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost );
    curl_setopt($ch, CURLOPT_HTTPHEADER     , $this->curl_header );