diff --git a/adm/member_form.php b/adm/member_form.php
index 16694b3fd..a249b2184 100644
--- a/adm/member_form.php
+++ b/adm/member_form.php
@@ -205,7 +205,7 @@ if (isset($mb_id) && $mb_id) {
if ($mb['mb_intercept_date']) {
$g5['title'] = "차단된 ";
} else {
- $g5['title'] .= "";
+ $g5['title'] = "";
}
$g5['title'] .= '회원 ' . $html_title;
require_once './admin.head.php';
diff --git a/adm/shop_admin/itemstocklist.php b/adm/shop_admin/itemstocklist.php
index 314192d85..93fe0f6e6 100644
--- a/adm/shop_admin/itemstocklist.php
+++ b/adm/shop_admin/itemstocklist.php
@@ -35,7 +35,7 @@ $sql_common .= $sql_search;
// 테이블의 전체 레코드수만 얻음
$sql = " select count(*) as cnt " . $sql_common;
$row = sql_fetch($sql);
-$total_count = $row['cnt'];
+$total_count = isset($row['cnt']) ? $row['cnt'] : 0;
$rows = $config['cf_page_rows'];
$total_page = ceil($total_count / $rows); // 전체 페이지 계산
@@ -171,7 +171,7 @@ $listall = '전체목
| |
- |
+ |
|
|
diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php
index 1e01c798a..3eddb39ca 100644
--- a/bbs/ajax.autosave.php
+++ b/bbs/ajax.autosave.php
@@ -4,8 +4,8 @@ include_once('./_common.php');
if (!$is_member) die('0');
$uid = isset($_REQUEST['uid']) ? preg_replace('/[^0-9]/', '', $_REQUEST['uid']) : 0;
-$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
-$content = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : '';
+$subject = isset($_REQUEST['subject']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['subject']),0,255)) : '';
+$content = isset($_REQUEST['content']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['content']),0,65536)) : '';
if ($subject && $content) {
$sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";
diff --git a/bbs/login_check.php b/bbs/login_check.php
index 3882f38c0..c34c44ce2 100644
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@@ -147,8 +147,16 @@ if(function_exists('set_cart_id')){
cart_item_clean();
set_cart_id('');
$s_cart_id = get_session('ss_cart_id');
+
+ $add_cart_where = '';
+
+ // 장바구니에서 주문하기를 하는 경우
+ if (strpos($link, 'orderform.php') !== false) {
+ $add_cart_where = " and ct_select_time < '".date('Y-m-d H:i:s', strtotime('-1 hour', G5_SERVER_TIME))."' ";
+ }
+
// 선택필드 초기화
- $sql = " update {$g5['g5_shop_cart_table']} set ct_select = '0' where od_id = '$s_cart_id' ";
+ $sql = " update {$g5['g5_shop_cart_table']} set ct_select = '0' where od_id = '$s_cart_id' $add_cart_where ";
sql_query($sql);
}
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index c46121e05..e3041527e 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -31,6 +31,10 @@ if($url){
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
}
+
+ if (function_exists('safe_filter_url_host')) {
+ $url = safe_filter_url_host($url);
+ }
}
$url = get_text($url);
diff --git a/bbs/memo_form_update.php b/bbs/memo_form_update.php
index 42263fce5..4397e4503 100644
--- a/bbs/memo_form_update.php
+++ b/bbs/memo_form_update.php
@@ -14,24 +14,28 @@ $str_nick_list = '';
$msg = '';
$error_list = array();
$member_list = array('id'=>array(), 'nick'=>array());
+$me_memo = isset($_POST['me_memo']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['me_memo']),0,65536)) : '';
run_event('memo_form_update_before', $recv_list);
for ($i=0; $i location.replace('$url'); ";
@@ -182,6 +186,10 @@ function alert($msg='', $url='', $error=true, $post=false)
run_event('alert', $msg, $url, $error, $post);
+ if (function_exists('safe_filter_url_host')) {
+ $url = safe_filter_url_host($url);
+ }
+
$msg = $msg ? strip_tags($msg, '
') : '올바른 방법으로 이용해 주십시오.';
$header = '';
@@ -220,6 +228,12 @@ function confirm($msg, $url1='', $url2='', $url3='')
alert($msg);
}
+ if (function_exists('safe_filter_url_host')) {
+ $url1 = safe_filter_url_host($url1);
+ $url2 = safe_filter_url_host($url2);
+ $url3 = safe_filter_url_host($url3);
+ }
+
if(!trim($url1) || !trim($url2)) {
$msg = '$url1 과 $url2 를 지정해 주세요.';
alert($msg);
@@ -3598,6 +3612,13 @@ function login_password_check($mb, $pass, $hash)
return check_password($pass, $hash);
}
+function safe_filter_url_host($url) {
+
+ $regex = run_replace('safe_filter_url_regex', '\\', $url);
+
+ return $regex ? preg_replace('#'. preg_quote($regex, '#') .'#iu', '', $url) : '';
+}
+
// 동일한 host url 인지
function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
{
diff --git a/lib/get_data.lib.php b/lib/get_data.lib.php
index 4e6b8bc49..4de6b353e 100644
--- a/lib/get_data.lib.php
+++ b/lib/get_data.lib.php
@@ -145,6 +145,8 @@ function get_content_by_field($write_table, $type='bbs', $where_field='', $where
{
global $g5, $g5_object;
+ static $cache = array();
+
$order_key = 'wr_id';
if( $type === 'content' ){
diff --git a/plugin/htmlpurifier/extend.video.php b/plugin/htmlpurifier/extend.video.php
index 81b4aea0e..5c8ec59d2 100644
--- a/plugin/htmlpurifier/extend.video.php
+++ b/plugin/htmlpurifier/extend.video.php
@@ -8,7 +8,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
*/
if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
- class HTMLPurifier_Filter_iframevideo extends HTMLPurifier_Filter
+ class HTMLPurifier_Filter_Iframevideo extends HTMLPurifier_Filter
{
public $name = 'Iframevideo';
diff --git a/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php b/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php
index 64c03c87d..8b09187f1 100644
--- a/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php
+++ b/plugin/social/Hybrid/thirdparty/OAuth/OAuth1Client.php
@@ -20,8 +20,8 @@ class OAuth1Client{
public $redirect_uri = "";
public $decode_json = true;
- public $curl_time_out = 30;
- public $curl_connect_time_out = 30;
+ public $curl_time_out = 10;
+ public $curl_connect_time_out = 15;
public $curl_ssl_verifypeer = false;
public $curl_auth_header = true;
public $curl_useragent = "OAuth/1 Simple PHP Client v0.1; HybridAuth http://hybridauth.sourceforge.net/";
@@ -194,6 +194,7 @@ class OAuth1Client{
curl_setopt( $ci, CURLOPT_USERAGENT , $this->curl_useragent );
curl_setopt( $ci, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out );
curl_setopt( $ci, CURLOPT_TIMEOUT , $this->curl_time_out );
+ curl_setopt( $ci, CURLOPT_MAXREDIRS , 10);
curl_setopt( $ci, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ci, CURLOPT_HTTPHEADER , array('Expect:') );
curl_setopt( $ci, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer );
diff --git a/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php b/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php
index 0046d2c58..7c6deee4a 100644
--- a/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php
+++ b/plugin/social/Hybrid/thirdparty/OAuth/OAuth2Client.php
@@ -26,8 +26,8 @@ class OAuth2Client
//--
public $sign_token_name = "access_token";
- public $curl_time_out = 30;
- public $curl_connect_time_out = 30;
+ public $curl_time_out = 10;
+ public $curl_connect_time_out = 15;
public $curl_ssl_verifypeer = false;
public $curl_ssl_verifyhost = false;
public $curl_header = array();
@@ -221,6 +221,7 @@ class OAuth2Client
curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out );
curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent );
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out );
+ curl_setopt($ch, CURLOPT_MAXREDIRS , 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer );
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost );
curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header );
|