From 38308f887b3916bb427cb29d92861e26d8eb1025 Mon Sep 17 00:00:00 2001 From: kagla Date: Mon, 23 Aug 2021 07:24:24 +0000 Subject: [PATCH 01/11] =?UTF-8?q?=ED=8A=B8=EC=9C=84=ED=84=B0=20=EC=86=8C?= =?UTF-8?q?=EC=85=9C=20=EB=8C=93=EA=B8=80=20=EC=82=AC=EC=9A=A9=EC=8B=9C=20?= =?UTF-8?q?Could=20not=20connect=20to=20Twitter.=20Refresh=20the=20page=20?= =?UTF-8?q?or=20try=20again=20later.=20=EC=9D=B4=EC=A0=84=EC=97=90=20?= =?UTF-8?q?=EB=82=98=EC=98=A4=EB=8A=94=20Warning:=20Undefined=20array=20ke?= =?UTF-8?q?y=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/sns/twitter/redirect.php | 4 ++-- plugin/sns/twitter/twitteroauth/twitteroauth.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin/sns/twitter/redirect.php b/plugin/sns/twitter/redirect.php index 4bc1586aa..505b3e047 100644 --- a/plugin/sns/twitter/redirect.php +++ b/plugin/sns/twitter/redirect.php @@ -13,8 +13,8 @@ $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET); $request_token = $connection->getRequestToken(OAUTH_CALLBACK); /* Save temporary credentials to session. */ -$_SESSION['oauth_token'] = $token = $request_token['oauth_token']; -$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret']; +$_SESSION['oauth_token'] = $token = @$request_token['oauth_token']; +$_SESSION['oauth_token_secret'] = @$request_token['oauth_token_secret']; //print_r2($_SESSION); exit; diff --git a/plugin/sns/twitter/twitteroauth/twitteroauth.php b/plugin/sns/twitter/twitteroauth/twitteroauth.php index af8712229..49bee1457 100644 --- a/plugin/sns/twitter/twitteroauth/twitteroauth.php +++ b/plugin/sns/twitter/twitteroauth/twitteroauth.php @@ -77,7 +77,7 @@ class TwitterOAuth { $parameters['oauth_callback'] = $oauth_callback; $request = $this->oAuthRequest($this->requestTokenURL(), 'GET', $parameters); $token = OAuthUtil::parse_parameters($request); - $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']); + $this->token = new OAuthConsumer(@$token['oauth_token'], @$token['oauth_token_secret']); return $token; } From ebf00b6834d729b55f4702c903ac262a7e2f7408 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 9 Sep 2021 03:24:40 +0000 Subject: [PATCH 02/11] =?UTF-8?q?=EB=B0=B0=EB=84=88=EC=9D=98=20=EB=A7=81?= =?UTF-8?q?=ED=81=AC=EB=A5=BC=20=EC=9E=85=EB=A0=A5=ED=95=98=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EC=9C=BC=EB=A9=B4=20PHP8=EC=97=90=EC=84=9C=20Warning:?= =?UTF-8?q?=20Uninitialized=20string=20offset=200=20in=20...=20=EC=99=80?= =?UTF-8?q?=20=EA=B0=99=EC=9D=80=20=EC=98=A4=EB=A5=98=EA=B0=80=20=EB=82=98?= =?UTF-8?q?=EB=8A=94=EA=B2=83=EC=9D=84=20=EC=88=98=EC=A0=95=20(=EB=8B=A4?= =?UTF-8?q?=EC=98=A8=ED=85=8C=EB=A7=88=EB=8B=98,210908)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/shop/basic/boxbanner.skin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/skin/shop/basic/boxbanner.skin.php b/skin/shop/basic/boxbanner.skin.php index d6bd9fd3e..03be8e7ac 100644 --- a/skin/shop/basic/boxbanner.skin.php +++ b/skin/shop/basic/boxbanner.skin.php @@ -23,7 +23,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) $banner = ''; $size = getimagesize($bimg); echo '
  • '.PHP_EOL; - if ($row['bn_url'][0] == '#') + if (preg_match("/^#/", $row['bn_url'])) $banner .= ''; else if ($row['bn_url'] && $row['bn_url'] != 'http://') { $banner .= ''; From 7dea8e686691b7f57ec2d32bdaf89dd4b98ce304 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 15 Sep 2021 01:14:45 +0000 Subject: [PATCH 03/11] =?UTF-8?q?PHP8=20=EC=97=90=EC=84=9C=20=EB=B0=9C?= =?UTF-8?q?=EC=83=9D=ED=95=98=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 8 +++++--- lib/common.lib.php | 6 ++++-- skin/member/basic/login.skin.php | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index ac32277e6..dbda388ef 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -658,7 +658,7 @@ for ($i=(int)$row['max_bf_no']; $i>=0; $i--) $row2 = sql_fetch(" select bf_file from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' "); // 정보가 있다면 빠집니다. - if ($row2['bf_file']) break; + if (isset($row2['bf_file']) && $row2['bf_file']) break; // 그렇지 않다면 정보를 삭제합니다. sql_query(" delete from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' "); @@ -725,8 +725,10 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai } // 옵션에 메일받기가 체크되어 있고, 게시자의 메일이 있다면 - if (strstr($wr['wr_option'], 'mail') && $wr['wr_email']) - $array_email[] = $wr['wr_email']; + if (isset($wr['wr_option']) && isset($wr['wr_email'])) { + if (strstr($wr['wr_option'], 'mail') && $wr['wr_email']) + $array_email[] = $wr['wr_email']; + } // 중복된 메일 주소는 제거 $unique_email = array_unique($array_email); diff --git a/lib/common.lib.php b/lib/common.lib.php index d84af1501..b7493f18d 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -850,12 +850,14 @@ function get_admin($admin='super', $fields='*') $is = true; } - if (($is && !$mb['mb_id']) || $admin == 'group') { + // if (($is && !$mb['mb_id']) || $admin == 'group') { + if (($is && !isset($mb['mb_id'])) || $admin == 'group') { $mb = sql_fetch("select {$fields} from {$g5['member_table']} where mb_id in ('{$group['gr_admin']}') limit 1 "); $is = true; } - if (($is && !$mb['mb_id']) || $admin == 'super') { + // if (($is && !$mb['mb_id']) || $admin == 'super') { + if (($is && !isset($mb['mb_id'])) || $admin == 'super') { $mb = sql_fetch("select {$fields} from {$g5['member_table']} where mb_id in ('{$config['cf_admin']}') limit 1 "); } diff --git a/skin/member/basic/login.skin.php b/skin/member/basic/login.skin.php index 15f94e3a7..d282aeba2 100644 --- a/skin/member/basic/login.skin.php +++ b/skin/member/basic/login.skin.php @@ -39,7 +39,7 @@ add_stylesheet('', - + From a3e8c97ef56ac178482ce9c657a8390f50d839a9 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 15 Sep 2021 02:30:19 +0000 Subject: [PATCH 04/11] =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=97=85=EB=A1=9C=EB=93=9C=20=EA=B8=B0=EB=8A=A5?= =?UTF-8?q?=EC=9D=84=20=EC=9D=B4=EC=9A=A9=ED=95=9C=20=EC=9B=B9=EB=B3=80?= =?UTF-8?q?=EC=A1=B0=20=EB=B0=A9=EC=A7=80=20=EC=BD=94=EB=93=9C=20=EC=A0=81?= =?UTF-8?q?=EC=9A=A9=20(=EB=82=98=EC=B0=BD=ED=98=B8=EB=8B=98,=EB=A0=88?= =?UTF-8?q?=EC=9D=B4=EB=94=98=EB=8B=98,210915)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/editor/cheditor5/imageUpload/upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin/editor/cheditor5/imageUpload/upload.php b/plugin/editor/cheditor5/imageUpload/upload.php index 9594f8c7a..f305b65d3 100644 --- a/plugin/editor/cheditor5/imageUpload/upload.php +++ b/plugin/editor/cheditor5/imageUpload/upload.php @@ -77,7 +77,7 @@ run_event('cheditor_photo_upload', $data_dir, $data_url); // $tempfile = $_FILES['file']['tmp_name']; $filename = $_FILES['file']['name']; - +$filename_len = strrpos($filename, "."); $type = substr($filename, strrpos($filename, ".")+1); $found = false; switch ($type) { @@ -89,7 +89,7 @@ switch ($type) { $found = true; } -if ($found != true) { +if ($found != true || $filename_len != 23) { exit; } From 688440eb18e354a0348f9e40e21f145bdb90c75d Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 02:09:09 +0000 Subject: [PATCH 05/11] =?UTF-8?q?JavaScript=20=EB=B6=88=EA=B0=80=EC=9D=BC?= =?UTF-8?q?=20=EB=95=8C=20Undefined=20variable=20$js=20=EC=98=A4=EB=A5=98?= =?UTF-8?q?=20=EB=82=98=EC=98=A4=EC=A7=80=20=EC=95=8A=EB=8F=84=EB=A1=9D=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=20(=EC=A1=B0=EC=95=88=EB=8B=98,210916)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/download.php | 1 + 1 file changed, 1 insertion(+) diff --git a/bbs/download.php b/bbs/download.php index 504595b74..f0f70afb7 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -23,6 +23,7 @@ if (!$file['bf_file']) alert_close('파일 정보가 존재하지 않습니다.'); // JavaScript 불가일 때 +$js = (isset($_GET['js'])) ? $_GET['js'] : ''; if($js != 'on' && $board['bo_download_point'] < 0) { $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?'; $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on'; From 63217a6a6726dc051528116e6eb79bb47d523334 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 04:54:33 +0000 Subject: [PATCH 06/11] =?UTF-8?q?['HTTP=5FHOST']=20=EA=B0=80=20=EC=84=A0?= =?UTF-8?q?=EC=96=B8=EB=90=98=EC=A7=80=20=EC=95=8A=EC=95=84=20PHP8=20?= =?UTF-8?q?=EC=97=90=EC=84=9C=20=EB=B0=9C=EC=83=9D=ED=95=98=EB=8D=98=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index 8fbde6e96..0a3930ab9 100644 --- a/common.php +++ b/common.php @@ -232,7 +232,7 @@ function chrome_domain_session_name(){ '.maru.net', // 마루호스팅 ); - if(preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){ // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다. + if(isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){ // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다. if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5PHPSESSID'); @session_name(G5_SESSION_NAME); } From 50612db75af9df81a44773817516ec3de06b4570 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 04:55:11 +0000 Subject: [PATCH 07/11] =?UTF-8?q?=EA=B2=BD=EB=A1=9C=EA=B0=80=20=EC=9E=98?= =?UTF-8?q?=EB=AA=BB=20=EB=B0=98=ED=99=98=EB=90=98=EC=96=B4=20thumb-?= =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=ED=8C=8C=EC=9D=BC=EC=9D=B4=20?= =?UTF-8?q?=EC=82=AD=EC=A0=9C=EB=90=98=EC=A7=80=20=EC=95=8A=EB=8D=98=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index b7493f18d..742cdcac5 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2346,7 +2346,8 @@ function delete_editor_thumbnail($contents) for($i=0; $i Date: Thu, 16 Sep 2021 04:56:06 +0000 Subject: [PATCH 08/11] =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=ED=99=95?= =?UTF-8?q?=EC=9E=A5=EC=9E=90=EC=97=90=20.webp=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 742cdcac5..18562a637 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2348,7 +2348,7 @@ function delete_editor_thumbnail($contents) $imgurl = @parse_url($matchs[1][$i]); // $srcfile = dirname(G5_PATH).$imgurl['path']; $srcfile = (G5_PATH).$imgurl['path']; - if(! preg_match('/(\.jpe?g|\.gif|\.png)$/i', $srcfile)) continue; + if(!preg_match('/(\.jpe?g|\.gif|\.png|\.webp)$/i', $srcfile)) continue; $filename = preg_replace("/\.[^\.]+$/i", "", basename($srcfile)); $filepath = dirname($srcfile); $files = glob($filepath.'/thumb-'.$filename.'*'); From abe801a7ac314bbd36b70f0bff5b0ce538b92d08 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 06:05:07 +0000 Subject: [PATCH 09/11] =?UTF-8?q?PHP8=EC=97=90=EC=84=9C=20=EB=82=98?= =?UTF-8?q?=EC=98=A4=EB=8A=94=20PHP=20Warning:=20=20Undefined=20array=20ke?= =?UTF-8?q?y=20"HTTP=5FUSER=5FAGENT"=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/visit_insert.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index 4aa235bd3..28232b330 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -14,7 +14,9 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) $referer = ""; if (isset($_SERVER['HTTP_REFERER'])) $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER']))); - $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT']))); + $user_agent = ''; + if (isset($_SERVER['HTTP_USER_AGENT'])) + $user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT']))); $vi_browser = ''; $vi_os = ''; $vi_device = ''; From 469e1ff890829ed31a533afffec57c311f9220da Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 06:05:59 +0000 Subject: [PATCH 10/11] =?UTF-8?q?PHP8=EC=97=90=EC=84=9C=20=EB=82=98?= =?UTF-8?q?=EC=98=A4=EB=8A=94=20PHP=20Warning:=20=20Undefined=20array=20ke?= =?UTF-8?q?y=20"HTTP=5FUSER=5FAGENT"=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/common.php b/common.php index 0a3930ab9..3accb2512 100644 --- a/common.php +++ b/common.php @@ -339,8 +339,10 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER) $res = @session_start($options); // IE 브라우저 또는 엣지브라우저 또는 IOS 모바일과 http환경에서는 secure; SameSite=None을 설정하지 않습니다. - if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){ - return $res; + if (isset($_SERVER['HTTP_USER_AGENT'])) { + if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){ + return $res; + } } $headers = headers_list(); From b2041758f4479f4a600dcdf8ebf3c89189978ddb Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 16 Sep 2021 06:07:41 +0000 Subject: [PATCH 11/11] =?UTF-8?q?PHP8=EC=97=90=EC=84=9C=20=EB=82=98?= =?UTF-8?q?=EC=98=A4=EB=8A=94=20Undefined=20array=20key=20"HTTP=5FUSER=5FA?= =?UTF-8?q?GENT"=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 18562a637..b6bb9837c 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2219,7 +2219,10 @@ function get_checked($field, $value) function is_mobile() { - return preg_match('/'.G5_MOBILE_AGENT.'/i', $_SERVER['HTTP_USER_AGENT']); + if (isset($_SERVER['HTTP_USER_AGENT'])) + return preg_match('/'.G5_MOBILE_AGENT.'/i', $_SERVER['HTTP_USER_AGENT']); + else + return ''; }