diff --git a/.gitignore b/.gitignore index 8b781d5d7..df481935e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ test.php *.key *.sh cheditor5/ +ckeditor43/ diff --git a/adm/admin.head.php b/adm/admin.head.php index 07d9fe27d..7aef36884 100644 --- a/adm/admin.head.php +++ b/adm/admin.head.php @@ -119,7 +119,9 @@ $menu_key = substr($sub_menu, 0, 3); $nl = ''; foreach($menu['menu'.$menu_key] as $key=>$value) { if($key > 0) { - if ($menu_key == substr($menu['menu'.$key][0][0], 0, 2)) echo 1; + if ($is_admin != 'super' && (!array_key_exists($value[0],$auth) || !strstr($auth[$value[0]], 'r'))) + continue; + echo $nl.'
  • '.$value[1].'
    • '; $nl = PHP_EOL; } diff --git a/adm/admin.js b/adm/admin.js index e5c2a3e04..a3f4c7d64 100644 --- a/adm/admin.js +++ b/adm/admin.js @@ -63,4 +63,12 @@ function delete_confirm() return true; else return false; +} + +function delete_confirm2(msg) +{ + if(confirm(msg)) + return true; + else + return false; } \ No newline at end of file diff --git a/adm/admin.menu100.php b/adm/admin.menu100.php index 4d657b4c1..217dfe9c3 100644 --- a/adm/admin.menu100.php +++ b/adm/admin.menu100.php @@ -4,7 +4,7 @@ $menu['menu100'] = array ( array('', '기본환경설정', G5_ADMIN_URL.'/config_form.php', 'cf_basic'), array('', '관리권한설정', G5_ADMIN_URL.'/auth_list.php', 'cf_auth'), array('100300', '메일 테스트', G5_ADMIN_URL.'/sendmail_test.php', 'cf_mailtest'), - array('100310', '팝업레이어관리', G5_ADMIN_URL.'/newwinlist.php', 'scf_poplayer', 1), + array('100310', '팝업레이어관리', G5_ADMIN_URL.'/newwinlist.php', 'scf_poplayer'), //array('100400', '버전정보', G5_ADMIN_URL.'/version.php', 'cf_version'), array('100800', '세션파일 일괄삭제',G5_ADMIN_URL.'/session_file_delete.php', 'cf_session', 1), array('100900', '캐시파일 일괄삭제',G5_ADMIN_URL.'/cache_file_delete.php', 'cf_cache', 1), diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index e89c4468b..5636b1cae 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -4,8 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'w'); -$target_table = escape_trim($_POST['target_table']); -$target_subject = escape_trim($_POST['target_subject']); +$target_table = trim($_POST['target_table']); +$target_subject = trim($_POST['target_subject']); if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); @@ -61,7 +61,7 @@ $sql = " insert into {$g5['board_table']} bo_use_nogood = '{$board[bo_use_nogood]}', bo_use_signature = '{$board[bo_use_signature]}', bo_use_ip_view = '{$board[bo_use_ip_view]}', - bo_use_list_view = '{$board['o_use_list_view']}', + bo_use_list_view = '{$board['bo_use_list_view']}', bo_use_list_content = '{$board[bo_use_list_content]}', bo_table_width = '{$board[bo_table_width]}', bo_subject_len = '{$board[bo_subject_len]}', diff --git a/adm/board_form.php b/adm/board_form.php index 86497f74d..6e9d2a54c 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -159,7 +159,9 @@ $frm_submit = '
    목록'.PHP_EOL; if ($w == 'u') $frm_submit .= ' 게시판복사 - 게시판 바로가기'.PHP_EOL; + 게시판 바로가기 + 게시판 썸네일 삭제 + '.PHP_EOL; $frm_submit .= '
    '; ?> diff --git a/adm/board_list_update.php b/adm/board_list_update.php index 5754db411..0cf509bd7 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") { $k = $_POST['chk'][$i]; // include 전에 $bo_table 값을 반드시 넘겨야 함 - $tmp_bo_table = escape_trim($_POST['board_table'][$k]); + $tmp_bo_table = trim($_POST['board_table'][$k]); include ('./board_delete.inc.php'); } diff --git a/adm/board_thumbnail_delete.php b/adm/board_thumbnail_delete.php new file mode 100644 index 000000000..720cad4f9 --- /dev/null +++ b/adm/board_thumbnail_delete.php @@ -0,0 +1,52 @@ + + +
    +

    + 완료 메세지가 나오기 전에 프로그램의 실행을 중지하지 마십시오. +

    +
    + +'; + $files = glob($dir.'/thumb-*'); + if (is_array($files)) { + foreach($files as $thumbnail) { + $cnt++; + @unlink($thumbnail); + + echo '
  • '.$thumbnail.'
    • '.PHP_EOL; + + flush(); + + if ($cnt%10==0) + echo PHP_EOL; + } + } + + echo '
  • 완료됨
    • '.PHP_EOL; + echo '

    썸네일 '.$cnt.'건의 삭제 완료됐습니다.

    '.PHP_EOL; +} else { + echo '

    첨부파일 디렉토리가 존재하지 않습니다.

    '; +} +?> + +
    게시판 수정으로 돌아가기
    + + \ No newline at end of file diff --git a/adm/img/logo.jpg b/adm/img/logo.jpg index a186c2c16..a3d9b91a4 100644 Binary files a/adm/img/logo.jpg and b/adm/img/logo.jpg differ diff --git a/adm/mail_select_list.php b/adm/mail_select_list.php index db05cca50..d43d6c200 100644 --- a/adm/mail_select_list.php +++ b/adm/mail_select_list.php @@ -94,7 +94,7 @@ include_once('./admin.head.php'); while ($row=sql_fetch_array($result)) { $i++; $ma_list .= $cr . $row['mb_email'] . "||" . $row['mb_id'] . "||" . $row['mb_name'] . "||" . $row['mb_nick'] . "||" . $row['mb_datetime']; - $cr = "\n"; + $cr = chr(30); $bg = 'bg'.($i%2); ?> diff --git a/adm/mail_select_update.php b/adm/mail_select_update.php index 3bec09bae..5b0f5874e 100644 --- a/adm/mail_select_update.php +++ b/adm/mail_select_update.php @@ -33,10 +33,10 @@ flush(); ob_flush(); $ma_id = trim($_POST['ma_id']); -$select_member_list = addslashes(trim($_POST['ma_list'])); +$select_member_list = trim($_POST['ma_list']); //print_r2($_POST); EXIT; -$member_list = explode("\n", $select_member_list); +$member_list = explode(chr(30), $select_member_list); // 메일내용 가져오기 $sql = "select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '$ma_id' "; diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 18a40b548..50543e0d7 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w'); check_token(); -$mb_id = escape_trim($_POST['mb_id']); +$mb_id = trim($_POST['mb_id']); // 휴대폰번호 체크 $mb_hp = $_POST['mb_hp']; diff --git a/adm/visit_search.php b/adm/visit_search.php index 1750956e2..fa01682f4 100644 --- a/adm/visit_search.php +++ b/adm/visit_search.php @@ -9,8 +9,8 @@ $g5['title'] = '접속자검색'; include_once('./admin.head.php'); include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php'); -$search_word = escape_trim($_GET['search_word']); -$search_sort = escape_trim($_GET['search_sort']); +$search_word = trim($_GET['search_word']); +$search_sort = trim($_GET['search_sort']); $colspan = 5; $qstr = 'search_word='.$search_word.'&search_sort='.$search_sort; //페이징 처리관련 변수 diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php index 2073c1f86..2222a86b3 100644 --- a/bbs/ajax.autosave.php +++ b/bbs/ajax.autosave.php @@ -3,9 +3,9 @@ include_once('./_common.php'); if (!$is_member) die('0'); -$uid = escape_trim($_REQUEST['uid']); -$subject = escape_trim(stripslashes($_REQUEST['subject'])); -$content = escape_trim(stripslashes($_REQUEST['content'])); +$uid = trim($_REQUEST['uid']); +$subject = trim(stripslashes($_REQUEST['subject'])); +$content = trim(stripslashes($_REQUEST['content'])); if ($subject && $content) { $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' "; diff --git a/bbs/ajax.mb_email.php b/bbs/ajax.mb_email.php index b6673ee51..6c50300cc 100644 --- a/bbs/ajax.mb_email.php +++ b/bbs/ajax.mb_email.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_email = escape_trim($_POST['reg_mb_email']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_email = trim($_POST['reg_mb_email']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_email($mb_email)) die($msg); if ($msg = valid_mb_email($mb_email)) die($msg); diff --git a/bbs/ajax.mb_hp.php b/bbs/ajax.mb_hp.php index 635bef022..5f4c9ffb6 100644 --- a/bbs/ajax.mb_hp.php +++ b/bbs/ajax.mb_hp.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_hp = escape_trim($_POST['reg_mb_hp']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_hp = trim($_POST['reg_mb_hp']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = valid_mb_hp($mb_hp)) die($msg); if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg); diff --git a/bbs/ajax.mb_id.php b/bbs/ajax.mb_id.php index 3e4025dbf..6b0badd06 100644 --- a/bbs/ajax.mb_id.php +++ b/bbs/ajax.mb_id.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_id($mb_id)) die($msg); if ($msg = valid_mb_id($mb_id)) die($msg); diff --git a/bbs/ajax.mb_nick.php b/bbs/ajax.mb_nick.php index b3757dfac..50a90f037 100644 --- a/bbs/ajax.mb_nick.php +++ b/bbs/ajax.mb_nick.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_nick = escape_trim($_POST['reg_mb_nick']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_nick = trim($_POST['reg_mb_nick']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_nick($mb_nick)) die($msg); if ($msg = valid_mb_nick($mb_nick)) die($msg); diff --git a/bbs/ajax.mb_recommend.php b/bbs/ajax.mb_recommend.php index f7e1062e4..c19470fa0 100644 --- a/bbs/ajax.mb_recommend.php +++ b/bbs/ajax.mb_recommend.php @@ -2,7 +2,7 @@ include_once("./_common.php"); include_once(G5_LIB_PATH."/register.lib.php"); -$mb_recommend = escape_trim($_POST["reg_mb_recommend"]); +$mb_recommend = trim($_POST["reg_mb_recommend"]); if ($msg = valid_mb_id($mb_recommend)) { die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요."); diff --git a/bbs/list.php b/bbs/list.php index 90c946368..c0301b410 100644 --- a/bbs/list.php +++ b/bbs/list.php @@ -61,10 +61,47 @@ if(G5_IS_MOBILE) { $page_rows = $board['bo_page_rows']; } +if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) + +// 년도 2자리 +$today2 = G5_TIME_YMD; + +$list = array(); +$i = 0; +$notice_count = 0; +$notice_array = array(); + +// 공지 처리 +if (!$sca && !$stx) { + $arr_notice = explode(',', trim($board['bo_notice'])); + for ($k=0; $k 1 && $notice_count) + $from_record -= $notice_count; + +if($page == 1 && $notice_count) + $page_rows -= $notice_count; + // 관리자라면 CheckBox 보임 $is_checkbox = false; if ($is_member && ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id'])) @@ -85,7 +122,7 @@ if (!$sst) { $sst = $board['bo_sort_field']; } else { $sst = "wr_num, wr_reply"; - $sod = ""; + $sod = ""; } } else { // 게시물 리스트의 정렬 대상 필드가 아니라면 공백으로 (nasca 님 09.06.16) @@ -101,39 +138,17 @@ if ($sst) { if ($sca || $stx) { $sql = " select distinct wr_parent from {$write_table} where {$sql_search} {$sql_order} limit {$from_record}, $page_rows "; } else { - $sql = " select * from {$write_table} where wr_is_comment = 0 {$sql_order} limit {$from_record}, $page_rows "; + $sql = " select * from {$write_table} where wr_is_comment = 0 "; + if($notice_count && !empty($notice_array)) + $sql .= " and wr_id not in (".implode(', ', $notice_array).") "; + $sql .= " {$sql_order} limit {$from_record}, $page_rows "; } $result = sql_query($sql); -// 년도 2자리 -$today2 = G5_TIME_YMD; - -$list = array(); -$i = 0; - -if (!$sca && !$stx) { - $arr_notice = explode(',', trim($board['bo_notice'])); - for ($k=0; $k -
    -
    +
    +
    diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index f56927427..074e2bfd7 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -11,7 +11,7 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$email = escape_trim($_POST['mb_email']); +$email = trim($_POST['mb_email']); if (!$email) alert_close('메일주소 오류입니다.'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index c6fde25d5..c7fa45225 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -52,7 +52,7 @@ for ($i=1; $i<=5; $i++) { $var = "qa_$i"; $$var = ""; if (isset($_POST['qa_'.$i]) && $_POST['qa_'.$i]) { - $$var = escape_trim($_POST['qa_'.$i]); + $$var = trim($_POST['qa_'.$i]); } } diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 240fd0a26..7f59541e9 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,8 +3,8 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = escape_trim($_POST['mb_id']); -$mb_email = escape_trim($_POST['mb_email']); +$mb_id = trim($_POST['mb_id']); +$mb_email = trim($_POST['mb_email']); $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; $mb = sql_fetch($sql); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 31bda65a0..b593792cc 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -20,38 +20,38 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); -$mb_password_re = escape_trim($_POST['mb_password_re']); -$mb_name = escape_trim($_POST['mb_name']); -$mb_nick = escape_trim($_POST['mb_nick']); -$mb_email = escape_trim($_POST['mb_email']); -$mb_sex = isset($_POST['mb_sex']) ? escape_trim($_POST['mb_sex']) : ""; -$mb_birth = isset($_POST['mb_birth']) ? escape_trim($_POST['mb_birth']) : ""; -$mb_homepage = isset($_POST['mb_homepage']) ? escape_trim($_POST['mb_homepage']) : ""; -$mb_tel = isset($_POST['mb_tel']) ? escape_trim($_POST['mb_tel']) : ""; -$mb_hp = isset($_POST['mb_hp']) ? escape_trim($_POST['mb_hp']) : ""; -$mb_zip1 = isset($_POST['mb_zip1']) ? escape_trim($_POST['mb_zip1']) : ""; -$mb_zip2 = isset($_POST['mb_zip2']) ? escape_trim($_POST['mb_zip2']) : ""; -$mb_addr1 = isset($_POST['mb_addr1']) ? escape_trim($_POST['mb_addr1']) : ""; -$mb_addr2 = isset($_POST['mb_addr2']) ? escape_trim($_POST['mb_addr2']) : ""; -$mb_addr3 = isset($_POST['mb_addr3']) ? escape_trim($_POST['mb_addr3']) : ""; -$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? escape_trim($_POST['mb_addr_jibeon']) : ""; -$mb_signature = isset($_POST['mb_signature']) ? escape_trim($_POST['mb_signature']) : ""; -$mb_profile = isset($_POST['mb_profile']) ? escape_trim($_POST['mb_profile']) : ""; -$mb_recommend = isset($_POST['mb_recommend']) ? escape_trim($_POST['mb_recommend']) : ""; -$mb_mailling = isset($_POST['mb_mailling']) ? escape_trim($_POST['mb_mailling']) : ""; -$mb_sms = isset($_POST['mb_sms']) ? escape_trim($_POST['mb_sms']) : ""; -$mb_1 = isset($_POST['mb_1']) ? escape_trim($_POST['mb_1']) : ""; -$mb_2 = isset($_POST['mb_2']) ? escape_trim($_POST['mb_2']) : ""; -$mb_3 = isset($_POST['mb_3']) ? escape_trim($_POST['mb_3']) : ""; -$mb_4 = isset($_POST['mb_4']) ? escape_trim($_POST['mb_4']) : ""; -$mb_5 = isset($_POST['mb_5']) ? escape_trim($_POST['mb_5']) : ""; -$mb_6 = isset($_POST['mb_6']) ? escape_trim($_POST['mb_6']) : ""; -$mb_7 = isset($_POST['mb_7']) ? escape_trim($_POST['mb_7']) : ""; -$mb_8 = isset($_POST['mb_8']) ? escape_trim($_POST['mb_8']) : ""; -$mb_9 = isset($_POST['mb_9']) ? escape_trim($_POST['mb_9']) : ""; -$mb_10 = isset($_POST['mb_10']) ? escape_trim($_POST['mb_10']) : ""; +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); +$mb_password_re = trim($_POST['mb_password_re']); +$mb_name = trim($_POST['mb_name']); +$mb_nick = trim($_POST['mb_nick']); +$mb_email = trim($_POST['mb_email']); +$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : ""; +$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : ""; +$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : ""; +$mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : ""; +$mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : ""; +$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : ""; +$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : ""; +$mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : ""; +$mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : ""; +$mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : ""; +$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? trim($_POST['mb_addr_jibeon']) : ""; +$mb_signature = isset($_POST['mb_signature']) ? trim($_POST['mb_signature']) : ""; +$mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) : ""; +$mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : ""; +$mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : ""; +$mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : ""; +$mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : ""; +$mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : ""; +$mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : ""; +$mb_4 = isset($_POST['mb_4']) ? trim($_POST['mb_4']) : ""; +$mb_5 = isset($_POST['mb_5']) ? trim($_POST['mb_5']) : ""; +$mb_6 = isset($_POST['mb_6']) ? trim($_POST['mb_6']) : ""; +$mb_7 = isset($_POST['mb_7']) ? trim($_POST['mb_7']) : ""; +$mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8']) : ""; +$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : ""; +$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : ""; if ($w == '' || $w == 'u') { diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index e0698f75c..dccd1326f 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -1,8 +1,8 @@ 50) { @include_once($board_skin_path.'/write_comment_update.head.skin.php'); $w = $_POST["w"]; -$wr_name = escape_trim($_POST['wr_name']); +$wr_name = trim($_POST['wr_name']); $wr_email = ''; if (!empty($_POST['wr_email'])) - $wr_email = escape_trim($_POST['wr_email']); + $wr_email = trim($_POST['wr_email']); // 비회원의 경우 이름이 누락되는 경우가 있음 if ($is_guest) { diff --git a/bbs/write_update.php b/bbs/write_update.php index 0b71d3306..2caae2308 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -50,8 +50,8 @@ if (empty($_POST)) { } $w = $_POST['w']; -$wr_link1 = escape_trim(strip_tags($_POST['wr_link1'])); -$wr_link2 = escape_trim(strip_tags($_POST['wr_link2'])); +$wr_link1 = trim(strip_tags($_POST['wr_link1'])); +$wr_link2 = trim(strip_tags($_POST['wr_link2'])); $notice_array = explode(",", $board['bo_notice']); @@ -91,7 +91,7 @@ for ($i=1; $i<=10; $i++) { $var = "wr_$i"; $$var = ""; if (isset($_POST['wr_'.$i]) && $_POST['wr_'.$i]) { - $$var = escape_trim($_POST['wr_'.$i]); + $$var = trim($_POST['wr_'.$i]); } } @@ -291,7 +291,7 @@ if ($w == '' || $w == 'r') { } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = escape_trim($_POST['wr_name']); + $wr_name = trim($_POST['wr_name']); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); diff --git a/common.php b/common.php index 82847dfc6..d12c2f05f 100644 --- a/common.php +++ b/common.php @@ -11,30 +11,6 @@ if (!defined('G5_SET_TIME_LIMIT')) define('G5_SET_TIME_LIMIT', 0); @set_time_limit(G5_SET_TIME_LIMIT); -//============================================================================== -// php.ini 의 magic_quotes_gpc 값이 Off 인 경우 addslashes() 적용 -// SQL Injection 등으로 부터 보호 -// http://kr.php.net/manual/en/function.get-magic-quotes-gpc.php#97783 -//------------------------------------------------------------------------------ -if (!get_magic_quotes_gpc()) { - $escape_function = 'addslashes($value)'; - $addslashes_deep = create_function('&$value, $fn', ' - if (is_string($value)) { - $value = ' . $escape_function . '; - } else if (is_array($value)) { - foreach ($value as &$v) $fn($v, $fn); - } - '); - - // Escape data - $addslashes_deep($_POST, $addslashes_deep); - $addslashes_deep($_GET, $addslashes_deep); - $addslashes_deep($_COOKIE, $addslashes_deep); - $addslashes_deep($_REQUEST, $addslashes_deep); -} -//============================================================================== - - //========================================================================================================================== // extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음 // 081029 : letsgolee 님께서 도움 주셨습니다. @@ -49,12 +25,6 @@ for ($i=0; $i<$ext_cnt; $i++) { } //========================================================================================================================== -// PHP 4.1.0 부터 지원됨 -// php.ini 의 register_globals=off 일 경우 -@extract($_GET); -@extract($_POST); -@extract($_SERVER); - // 완두콩님이 알려주신 보안관련 오류 수정 // $member 에 값을 직접 넘길 수 있음 $config = array(); @@ -97,6 +67,30 @@ if (file_exists($dbconfig_file)) { @mysql_query(" set names utf8 "); if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) @mysql_query("SET SESSION sql_mode = ''"); if (defined(G5_TIMEZONE)) @mysql_query(" set time_zone = '".G5_TIMEZONE."'"); + + //============================================================================== + // SQL Injection 등으로 부터 보호를 위해 mysql_real_escape_string() 적용 + //------------------------------------------------------------------------------ + // magic_quotes_gpc 에 의한 backslashes 제거 + if (get_magic_quotes_gpc()) { + $_POST = array_map_deep('stripslashes', $_POST); + $_GET = array_map_deep('stripslashes', $_GET); + $_COOKIE = array_map_deep('stripslashes', $_COOKIE); + $_REQUEST = array_map_deep('stripslashes', $_REQUEST); + } + + // mysql_real_escape_string 적용 + $_POST = array_map_deep(G5_ESCAPE_FUNCTION, $_POST); + $_GET = array_map_deep(G5_ESCAPE_FUNCTION, $_GET); + $_COOKIE = array_map_deep(G5_ESCAPE_FUNCTION, $_COOKIE); + $_REQUEST = array_map_deep(G5_ESCAPE_FUNCTION, $_REQUEST); + //============================================================================== + + // PHP 4.1.0 부터 지원됨 + // php.ini 의 register_globals=off 일 경우 + @extract($_GET); + @extract($_POST); + @extract($_SERVER); } else { ?> @@ -211,7 +205,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) $qstr = ''; if (isset($_REQUEST['sca'])) { - $sca = escape_trim($_REQUEST['sca']); + $sca = trim($_REQUEST['sca']); if ($sca) $qstr .= '&sca=' . urlencode($sca); } else { @@ -219,7 +213,7 @@ if (isset($_REQUEST['sca'])) { } if (isset($_REQUEST['sfl'])) { - $sfl = escape_trim($_REQUEST['sfl']); + $sfl = trim($_REQUEST['sfl']); $sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl); if ($sfl) $qstr .= '&sfl=' . urlencode($sfl); // search field (검색 필드) @@ -229,7 +223,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) - $stx = escape_trim($_REQUEST['stx']); + $stx = trim($_REQUEST['stx']); if ($stx) $qstr .= '&stx=' . urlencode($stx); } else { @@ -237,7 +231,7 @@ if (isset($_REQUEST['stx'])) { // search text (검색어) } if (isset($_REQUEST['sst'])) { - $sst = escape_trim($_REQUEST['sst']); + $sst = trim($_REQUEST['sst']); if ($sst) $qstr .= '&sst=' . urlencode($sst); // search sort (검색 정렬 필드) } else { @@ -289,7 +283,7 @@ if (isset($_REQUEST['wr_id'])) { } if (isset($_REQUEST['bo_table'])) { - $bo_table = escape_trim($_REQUEST['bo_table']); + $bo_table = trim($_REQUEST['bo_table']); $bo_table = substr($bo_table, 0, 20); } else { $bo_table = ''; @@ -297,7 +291,7 @@ if (isset($_REQUEST['bo_table'])) { // URL ENCODING if (isset($_REQUEST['url'])) { - $url = escape_trim($_REQUEST['url']); + $url = trim($_REQUEST['url']); $urlencode = urlencode($url); } else { $url = ''; @@ -309,7 +303,7 @@ if (isset($_REQUEST['url'])) { } if (isset($_REQUEST['gr_id'])) { - $gr_id = escape_trim($_REQUEST['gr_id']); + $gr_id = trim($_REQUEST['gr_id']); } else { $gr_id = ''; } @@ -489,4 +483,6 @@ header('Last-Modified: ' . $gmnow); header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 header('Pragma: no-cache'); // HTTP/1.0 + +$html_process = new html_process(); ?> \ No newline at end of file diff --git a/config.php b/config.php index 4739baf1c..8782b3820 100644 --- a/config.php +++ b/config.php @@ -153,6 +153,10 @@ define('G5_SMTP', '127.0.0.1'); 기타 상수 ********************/ +// escape string 처리 함수 지정 +// POST 등에서 한글이 깨질 경우 addslashes 로 변경 +define('G5_ESCAPE_FUNCTION', 'mysql_real_escape_string'); + // 게시판에서 링크의 기본개수를 말합니다. // 필드를 추가하면 이 숫자를 필드수에 맞게 늘려주십시오. define('G5_LINK_COUNT', 2); diff --git a/css/admin.css b/css/admin.css index ede367374..3b42d12a9 100644 --- a/css/admin.css +++ b/css/admin.css @@ -135,7 +135,8 @@ h2.h2_frm {padding-top:15px} .btn_submit {background:#ff3061;cursor:pointer} .btn_confirm .btn_submit {padding:0 15px;border:0;height:30px;color:#fff} -.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none;line-height:2.5em;vertical-align:middle} +.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none} +a.btn_cancel {line-height:2.5em;vertical-align:middle} .btn_frmline {display:inline-block;padding:0 7px;height:24px;border:0;background:#444;color:#fff !important;letter-spacing:-0.1em;text-decoration:none;vertical-align:middle;line-height:2em} /* 우편번호검색버튼 등 */ .btn_frmline:focus, .btn_frmline:hover, .btn_frmline:active {text-decoration:none} diff --git a/css/default.css b/css/default.css index 6966da198..ce56fe879 100644 --- a/css/default.css +++ b/css/default.css @@ -22,6 +22,14 @@ pre {overflow-x:scroll;font-size:1.1em} a:link, a:visited {color:#000;text-decoration:none} a:hover, a:focus, a:active {color:#000;text-decoration:underline} +/* 팝업레이어 */ +#hd_pop {z-index:1000;position:relative;margin:0 auto;width:1000px;height:0} +#hd_pop h2 {position:absolute;font-size:0;line-height:0;overflow:hidden} +.hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} +.hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} + /* 상단 레이아웃 */ #hd {z-index:10;position:relative;min-width:970px;background:#fff} #hd_h1 {position:absolute;font-size:0;line-height:0;overflow:hidden} @@ -57,29 +65,21 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #tnb a:focus, #tnb a:hover, #tnb a:active {text-decoration:none} #tnb img {margin-right:3px} -/* gnb js off */ +/* 메인메뉴 */ #gnb {position:relative;margin:-1px 0 0;border-top:1px dotted #dde4e9;border-bottom:1px solid #dde4e9;background:#ecf0f7} #gnb h2 {position:absolute;font-size:0;line-height:0;overflow:hidden} #gnb #gnb_1dul {margin:0 auto !important;padding:0;width:970px;zoom:1} #gnb #gnb_1dul:after {display:block;visibility:hidden;clear:both;content:""} -.gnb_1dli {z-index:10;clear:both;zoom:1} +.gnb_1dli {z-index:10;position:relative;float:left;zoom:1} .gnb_1dli:after {display:block;visibility:hidden;clear:both;content:""} -.gnb_1da {display:block;float:left;width:80px;height:35px;font-weight:bold;line-height:2.95em;text-decoration:none} -.gnb_1da:focus, .gnb_1da:hover {text-decoration:none} -.gnb_2dul {float:left;width:auto} -.gnb_2dli {float:left} -.gnb_2da {display:block;float:left;width:80px;height:35px;line-height:2.95em;text-decoration:none} +.gnb_1da {display:block;float:left;padding:0 10px;width:80px;height:35px;background:url('../img/gnb_bg00.gif') center right no-repeat;font-weight:bold;line-height:2.95em;text-decoration:none} +.gnb_1da:focus, .gnb_1da:hover {background:url('../img/gnb_bg00.gif') #333 center right no-repeat;text-decoration:none} +.gnb_1dli_air a {background-color:#333;color:#fff} +.gnb_1dli_on a {background-color:#333;color:#fff} +.gnb_2dul {display:none;position:absolute;top:35px} +.gnb_2da {display:block;width:80px;} +.gnb_2da {display:inline-block;padding:0 10px;width:161px;height:35px;text-align:left;text-decoration:none;line-height:2.95em} .gnb_2da:focus, .gnb_2da:hover {text-decoration:none} -/* gnb js on */ -.gnb_js {} -.gnb_js #gnb_1dul {zoom:1} -.gnb_js #gnb_1dul:after {display:block;visibility:hidden;clear:both;content:""} -.gnb_js .gnb_1dli {clear:none;position:relative;float:left} -.gnb_js .gnb_1da {text-align:center} -.gnb_js .gnb_1dli_air a {float:none;background:#333;color:#fff} -.gnb_js .gnb_1dli_on a {float:none;background:#333;color:#fff} -.gnb_js .gnb_2dul {display:none;position:absolute;top:35px} -.gnb_js .gnb_2da {display:inline-block;float:none !important;padding:0 10px;width:161px;text-align:left} .gnb_1dli_over .gnb_2dul {display:block;left:0;width:180px;background:#fff} .gnb_1dli_over2 .gnb_2dul {display:block;right:1px;width:180px;background:#fff} @@ -249,7 +249,7 @@ a.btn_admin:focus, a.btn_admin:hover {text-decoration:none} .new_win .win_ul:after {display:block;visibility:hidden;clear:both;content:""} .new_win .win_ul li {float:left;margin-left:-1px} .new_win .win_ul a {display:block;padding:10px 10px 8px;border-right:1px solid #455255;border-left:1px solid #455255;color:#fff;font-family:dotum;font-weight:bold;text-decoration:none} -.new_win .win_desc {margin:0 20px} +.new_win .win_desc {padding:20px} .new_win .win_btn {clear:both;padding:20px;text-align:center} /* 새창용 */ .new_win .win_btn button {display:inline-block;padding:0 10px;height:30px;border:0;background:#4b545e;color:#fff;line-height:2em;cursor:pointer} diff --git a/css/mobile.css b/css/mobile.css index 1019c216b..30045c4de 100644 --- a/css/mobile.css +++ b/css/mobile.css @@ -22,23 +22,13 @@ pre {overflow-x:scroll;font-size:1.1em} a:link, a:visited {color:#000;text-decoration:none} a:hover, a:focus, a:active {color:#000;text-decoration:underline} -/* 화면낭독기 사용자용 */ -#hd_login_msg {position:absolute;top:0;left:0;width:0;height:0;overflow:hidden} -.msg_sound_only, .sound_only {display:inline-block;position:absolute;top:0;left:0;margin:0 !important;padding:0 !important;width:1px !important;height:1px !important;font-size:0 !important;line-height:0 !important;overflow:hidden} -/* 본문 바로가기 */ -.to_content a {z-index:100000;position:absolute;top:0;left:0;width:0;height:0;font-size:0;line-height:0;overflow:hidden} - -/* 이미지 등비율 리사이징 */ -.img_fix {width:100%;height:auto} - -/* 캡챠 자동등록(입력)방지 기본 */ -#captcha {display:inline-block;position:relative} -#captcha legend {position:absolute;margin:0;padding:0;font-size:0;line-height:0;text-indent:-9999em;overflow:hidden} -#captcha audio {display:block;margin:0 0 5px;width:187px} -#captcha #captcha_img {width:60px;height:30px;border:1px solid #e9e9e9} -#captcha #captcha_reload {margin:0;padding:0 5px;height:32px;border:0;background:#e4eaec;vertical-align:middle;overflow:hidden;cursor:pointer} -#captcha #captcha_key {margin:0 0 0 4px;padding:0 5px;width:50px;height:30px;border:1px solid #b8c9c2;background:#f7f7f7;font-size:1.333em;font-weight:bold;text-align:center;line-height:2.8em} -#captcha #captcha_info {display:block;margin:5px 0 0;font-size:0.95em;letter-spacing:-0.1em} +/* 팝업레이어 */ +#hd_pop {z-index:1000;position:relative;margin:0 auto;width:100%;height:1px} +#hd_pop h2 {position:absolute;font-size:0;text-indent:-9999em;line-height:0;overflow:hidden} +.hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} +.hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} /* 상단 레이아웃 */ #hd {position:relative;background:#fff} @@ -66,7 +56,7 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #lnb ul:after {display:block;visibility:hidden;clear:both;content:""} #lnb li {float:left;margin-bottom:-1px;width:25%} #lnb a {display:block;padding:10px 0;border-right:1px solid #e7f1ed;border-bottom:1px solid #e7f1ed;color:#000;text-align:center;text-decoration:none} -#lnb li:nth-of-type(5n) a {border-right:0} +#lnb li:nth-of-type(4n) a {border-right:0} /* 중간 레이아웃 */ #wrapper {margin:20px 0} @@ -107,6 +97,24 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} .copymove_current {float:right;color:#ff3061} .copymove_currentbg {background:#f4f4f4} +/* 화면낭독기 사용자용 */ +#hd_login_msg {position:absolute;top:0;left:0;width:0;height:0;overflow:hidden} +.msg_sound_only, .sound_only {display:inline-block;position:absolute;top:0;left:0;margin:0 !important;padding:0 !important;width:1px !important;height:1px !important;font-size:0 !important;line-height:0 !important;overflow:hidden} +/* 본문 바로가기 */ +.to_content a {z-index:100000;position:absolute;top:0;left:0;width:0;height:0;font-size:0;line-height:0;overflow:hidden} + +/* 이미지 등비율 리사이징 */ +.img_fix {width:100%;height:auto} + +/* 캡챠 자동등록(입력)방지 기본 */ +#captcha {display:inline-block;position:relative} +#captcha legend {position:absolute;margin:0;padding:0;font-size:0;line-height:0;text-indent:-9999em;overflow:hidden} +#captcha audio {display:block;margin:0 0 5px;width:187px} +#captcha #captcha_img {width:60px;height:30px;border:1px solid #e9e9e9} +#captcha #captcha_reload {margin:0;padding:0 5px;height:32px;border:0;background:#e4eaec;vertical-align:middle;overflow:hidden;cursor:pointer} +#captcha #captcha_key {margin:0 0 0 4px;padding:0 5px;width:50px;height:30px;border:1px solid #b8c9c2;background:#f7f7f7;font-size:1.333em;font-weight:bold;text-align:center;line-height:2.8em} +#captcha #captcha_info {display:block;margin:5px 0 0;font-size:0.95em;letter-spacing:-0.1em} + /* 버튼 */ a.btn01 {display:inline-block;padding:8px 7px 7px;border:1px solid #ccc;background:#fafafa;color:#000;text-decoration:none;vertical-align:middle} a.btn01:focus, a.btn01:hover {text-decoration:none} diff --git a/g4_import.php b/g4_import.php index 4d57e48cf..a8d9b32c3 100644 --- a/g4_import.php +++ b/g4_import.php @@ -98,7 +98,6 @@ if($is_admin != 'super')