From 129da34249c9b6a4e9549d2c797bd4117c6c8c7d Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 26 Dec 2018 12:15:48 +0900 Subject: [PATCH 1/5] =?UTF-8?q?iframe=20=ED=97=88=EC=9A=A9=20=EC=A3=BC?= =?UTF-8?q?=EC=86=8C=EC=97=90=20=EC=B9=B4=EC=B9=B4=EC=98=A4=20tv=20?= =?UTF-8?q?=EC=A3=BC=EC=86=8C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/htmlpurifier/safeiframe.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugin/htmlpurifier/safeiframe.txt b/plugin/htmlpurifier/safeiframe.txt index 48c676d4f..ab6d6444f 100644 --- a/plugin/htmlpurifier/safeiframe.txt +++ b/plugin/htmlpurifier/safeiframe.txt @@ -11,4 +11,5 @@ www.microsoft.com/showcase/video.aspx/ w.soundcloud.com/ www.facebook.com/ kakaotv.daum.net/ -v.afree.ca/ \ No newline at end of file +v.afree.ca/ +play-tv.kakao.com/ \ No newline at end of file From 3efa500b022748681dacde4f25e4560124b7a920 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 26 Dec 2018 15:48:23 +0900 Subject: [PATCH 2/5] =?UTF-8?q?=EC=8D=B8=EB=84=A4=EC=9D=BC=20=EB=9D=BC?= =?UTF-8?q?=EC=9D=B4=EB=B8=8C=EB=9F=AC=EB=A6=AC=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/thumbnail.lib.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php index 1665d207a..557384762 100644 --- a/lib/thumbnail.lib.php +++ b/lib/thumbnail.lib.php @@ -25,29 +25,31 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_ $matches = get_editor_image($write['wr_content'], false); $edt = true; - for($i=0; $i Date: Thu, 27 Dec 2018 18:20:02 +0900 Subject: [PATCH 3/5] =?UTF-8?q?=EB=82=B4=EC=9A=A9=EA=B4=80=EB=A6=AC=20?= =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=EC=A1=B0=EC=A0=88=20css=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/content/basic/style.css | 1 + skin/content/basic/style.css | 2 +- theme/basic/mobile/skin/content/basic/style.css | 1 + theme/basic/skin/content/basic/style.css | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/mobile/skin/content/basic/style.css b/mobile/skin/content/basic/style.css index 638229597..09a64624c 100644 --- a/mobile/skin/content/basic/style.css +++ b/mobile/skin/content/basic/style.css @@ -4,5 +4,6 @@ #ctt {margin:10px 0;padding:10px;border-top:1px solid #e9e9e9;border-bottom:1px solid #e9e9e9} .ctt_admin {margin:0 5px;text-align:right} #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden} +#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto} #ctt_con {padding:10px 0} .ctt_img {text-align:center} \ No newline at end of file diff --git a/skin/content/basic/style.css b/skin/content/basic/style.css index 806aee24a..225b60f1a 100644 --- a/skin/content/basic/style.css +++ b/skin/content/basic/style.css @@ -5,5 +5,5 @@ .ctt_admin {text-align:right} #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden} #ctt_con {padding:10px 0;line-height:1.6em} -#ctt_con img{max-width:100%;height:auto} +#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto} .ctt_img {text-align:center} \ No newline at end of file diff --git a/theme/basic/mobile/skin/content/basic/style.css b/theme/basic/mobile/skin/content/basic/style.css index 638229597..09a64624c 100644 --- a/theme/basic/mobile/skin/content/basic/style.css +++ b/theme/basic/mobile/skin/content/basic/style.css @@ -4,5 +4,6 @@ #ctt {margin:10px 0;padding:10px;border-top:1px solid #e9e9e9;border-bottom:1px solid #e9e9e9} .ctt_admin {margin:0 5px;text-align:right} #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden} +#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto} #ctt_con {padding:10px 0} .ctt_img {text-align:center} \ No newline at end of file diff --git a/theme/basic/skin/content/basic/style.css b/theme/basic/skin/content/basic/style.css index 806aee24a..225b60f1a 100644 --- a/theme/basic/skin/content/basic/style.css +++ b/theme/basic/skin/content/basic/style.css @@ -5,5 +5,5 @@ .ctt_admin {text-align:right} #ctt header h1 {position:absolute;font-size:0;line-height:0;overflow:hidden} #ctt_con {padding:10px 0;line-height:1.6em} -#ctt_con img{max-width:100%;height:auto} +#ctt_himg img, #ctt_timg img, #ctt_con img {max-width:100%;height:auto} .ctt_img {text-align:center} \ No newline at end of file From 4366d204100768772c2639725f7aeae2b746d5e3 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 28 Dec 2018 10:45:22 +0900 Subject: [PATCH 4/5] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.lib.php | 2 +- adm/board_copy_update.php | 96 +++++++++++++++++++-------------------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/adm/admin.lib.php b/adm/admin.lib.php index d454f00d4..1200bb0fc 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -435,7 +435,7 @@ function admin_check_xss_params($params){ if ( empty($value) ) continue; if( is_array($value) ){ - admin_check_xss_params($params); + admin_check_xss_params($value); } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){ alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); die(); diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index fede12b88..19ca6729e 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -38,43 +38,43 @@ $sql = " insert into {$g5['board_table']} bo_subject = '$target_subject', bo_device = '{$board['bo_device']}', bo_admin = '{$board['bo_admin']}', - bo_list_level = '{$board[bo_list_level]}', - bo_read_level = '{$board[bo_read_level]}', - bo_write_level = '{$board[bo_write_level]}', - bo_reply_level = '{$board[bo_reply_level]}', - bo_comment_level = '{$board[bo_comment_level]}', - bo_upload_level = '{$board[bo_upload_level]}', - bo_download_level = '{$board[bo_download_level]}', - bo_html_level = '{$board[bo_html_level]}', - bo_link_level = '{$board[bo_link_level]}', - bo_count_modify = '{$board[bo_count_modify]}', - bo_count_delete = '{$board[bo_count_delete]}', - bo_read_point = '{$board[bo_read_point]}', - bo_write_point = '{$board[bo_write_point]}', - bo_comment_point = '{$board[bo_comment_point]}', - bo_download_point = '{$board[bo_download_point]}', - bo_use_category = '{$board[bo_use_category]}', + bo_list_level = '{$board['bo_list_level']}', + bo_read_level = '{$board['bo_read_level']}', + bo_write_level = '{$board['bo_write_level']}', + bo_reply_level = '{$board['bo_reply_level']}', + bo_comment_level = '{$board['bo_comment_level']}', + bo_upload_level = '{$board['bo_upload_level']}', + bo_download_level = '{$board['bo_download_level']}', + bo_html_level = '{$board['bo_html_level']}', + bo_link_level = '{$board['bo_link_level']}', + bo_count_modify = '{$board['bo_count_modify']}', + bo_count_delete = '{$board['bo_count_delete']}', + bo_read_point = '{$board['bo_read_point']}', + bo_write_point = '{$board['bo_write_point']}', + bo_comment_point = '{$board['bo_comment_point']}', + bo_download_point = '{$board['bo_download_point']}', + bo_use_category = '{$board['bo_use_category']}', bo_category_list = '{$board['bo_category_list']}', - bo_use_sideview = '{$board[bo_use_sideview]}', - bo_use_file_content = '{$board[bo_use_file_content]}', - bo_use_secret = '{$board[bo_use_secret]}', - bo_use_dhtml_editor = '{$board[bo_use_dhtml_editor]}', - bo_use_rss_view = '{$board[bo_use_rss_view]}', - bo_use_good = '{$board[bo_use_good]}', - bo_use_nogood = '{$board[bo_use_nogood]}', - bo_use_name = '{$board[bo_use_name]}', - bo_use_signature = '{$board[bo_use_signature]}', - bo_use_ip_view = '{$board[bo_use_ip_view]}', + bo_use_sideview = '{$board['bo_use_sideview']}', + bo_use_file_content = '{$board['bo_use_file_content']}', + bo_use_secret = '{$board['bo_use_secret']}', + bo_use_dhtml_editor = '{$board['bo_use_dhtml_editor']}', + bo_use_rss_view = '{$board['bo_use_rss_view']}', + bo_use_good = '{$board['bo_use_good']}', + bo_use_nogood = '{$board['bo_use_nogood']}', + bo_use_name = '{$board['bo_use_name']}', + bo_use_signature = '{$board['bo_use_signature']}', + bo_use_ip_view = '{$board['bo_use_ip_view']}', bo_use_list_view = '{$board['bo_use_list_view']}', - bo_use_list_content = '{$board[bo_use_list_content]}', - bo_table_width = '{$board[bo_table_width]}', - bo_subject_len = '{$board[bo_subject_len]}', - bo_mobile_subject_len = '{$board[bo_mobile_subject_len]}', - bo_page_rows = '{$board[bo_page_rows]}', - bo_mobile_page_rows = '{$board[bo_mobile_page_rows]}', - bo_new = '{$board[bo_new]}', - bo_hot = '{$board[bo_hot]}', - bo_image_width = '{$board[bo_image_width]}', + bo_use_list_content = '{$board['bo_use_list_content']}', + bo_table_width = '{$board['bo_table_width']}', + bo_subject_len = '{$board['bo_subject_len']}', + bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}', + bo_page_rows = '{$board['bo_page_rows']}', + bo_mobile_page_rows = '{$board['bo_mobile_page_rows']}', + bo_new = '{$board['bo_new']}', + bo_hot = '{$board['bo_hot']}', + bo_image_width = '{$board['bo_image_width']}', bo_skin = '{$board['bo_skin']}', bo_mobile_skin = '{$board['bo_mobile_skin']}', bo_include_head = '{$board['bo_include_head']}', @@ -84,20 +84,20 @@ $sql = " insert into {$g5['board_table']} bo_mobile_content_head = '".addslashes($board['bo_mobile_content_head'])."', bo_mobile_content_tail = '".addslashes($board['bo_mobile_content_tail'])."', bo_insert_content = '".addslashes($board['bo_insert_content'])."', - bo_gallery_cols = '{$board[bo_gallery_cols]}', - bo_gallery_width = '{$board[bo_gallery_width]}', - bo_gallery_height = '{$board[bo_gallery_height]}', - bo_mobile_gallery_width = '{$board[bo_mobile_gallery_width]}', - bo_mobile_gallery_height = '{$board[bo_mobile_gallery_height]}', - bo_upload_size = '{$board[bo_upload_size]}', - bo_reply_order = '{$board[bo_reply_order]}', - bo_use_search = '{$board[bo_use_search]}', - bo_order = '{$board[bo_order]}', + bo_gallery_cols = '{$board['bo_gallery_cols']}', + bo_gallery_width = '{$board['bo_gallery_width']}', + bo_gallery_height = '{$board['bo_gallery_height']}', + bo_mobile_gallery_width = '{$board['bo_mobile_gallery_width']}', + bo_mobile_gallery_height = '{$board['bo_mobile_gallery_height']}', + bo_upload_size = '{$board['bo_upload_size']}', + bo_reply_order = '{$board['bo_reply_order']}', + bo_use_search = '{$board['bo_use_search']}', + bo_order = '{$board['bo_order']}', bo_notice = '{$board['bo_notice']}', - bo_upload_count = '{$board[bo_upload_count]}', - bo_use_email = '{$board[bo_use_email]}', - bo_use_cert = '{$board[bo_use_cert]}', - bo_use_sns = '{$board[bo_use_sns]}', + bo_upload_count = '{$board['bo_upload_count']}', + bo_use_email = '{$board['bo_use_email']}', + bo_use_cert = '{$board['bo_use_cert']}', + bo_use_sns = '{$board['bo_use_sns']}', bo_sort_field = '{$board['bo_sort_field']}', bo_1_subj = '".addslashes($board['bo_1_subj'])."', bo_2_subj = '".addslashes($board['bo_2_subj'])."', From 1d0f0bf50b77bde4922378045955891fb38f54a4 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 28 Dec 2018 11:01:27 +0900 Subject: [PATCH 5/5] =?UTF-8?q?5.3.2.3=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index e417624fd..c8b4d94db 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.2.2'); +define('G5_GNUBOARD_VER', '5.3.2.3'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);