From f675c38441633bbe12797fa0b6debb44dfdab2e6 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 19 Jul 2019 19:58:12 +0900 Subject: [PATCH 1/3] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=EB=A9=94=EC=9D=BC=EB=B0=9C=EC=86=A1=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=20xss=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/mail_form.php | 2 ++ adm/mail_update.php | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/adm/mail_form.php b/adm/mail_form.php index 547beadf0..a95035be2 100644 --- a/adm/mail_form.php +++ b/adm/mail_form.php @@ -10,6 +10,8 @@ $html_title = '회원메일'; if ($w == 'u') { $html_title .= '수정'; $readonly = ' readonly'; + + $ma_id = (int) $ma_id; $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' "; $ma = sql_fetch($sql); diff --git a/adm/mail_update.php b/adm/mail_update.php index ff539cd55..68c85ae71 100644 --- a/adm/mail_update.php +++ b/adm/mail_update.php @@ -9,11 +9,13 @@ auth_check($auth[$sub_menu], 'w'); check_admin_token(); +$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0; +$ma_subject = isset($_POST['ma_subject']) ? strip_tags($_POST['ma_subject']) : ''; + if ($w == '') { $sql = " insert {$g5['mail_table']} - set ma_id = '{$_POST['ma_id']}', - ma_subject = '{$_POST['ma_subject']}', + set ma_subject = '{$ma_subject}', ma_content = '{$_POST['ma_content']}', ma_time = '".G5_TIME_YMDHIS."', ma_ip = '{$_SERVER['REMOTE_ADDR']}' "; @@ -22,16 +24,16 @@ if ($w == '') else if ($w == 'u') { $sql = " update {$g5['mail_table']} - set ma_subject = '{$_POST['ma_subject']}', + set ma_subject = '{$ma_subject}', ma_content = '{$_POST['ma_content']}', ma_time = '".G5_TIME_YMDHIS."', ma_ip = '{$_SERVER['REMOTE_ADDR']}' - where ma_id = '{$_POST['ma_id']}' "; + where ma_id = '{$ma_id}' "; sql_query($sql); } else if ($w == 'd') { - $sql = " delete from {$g5['mail_table']} where ma_id = '{$_POST['ma_id']}' "; + $sql = " delete from {$g5['mail_table']} where ma_id = '{$ma_id}' "; sql_query($sql); } From a1633aec96bf04383bcd511bef6d53654ae533b8 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 29 Jul 2019 11:42:07 +0900 Subject: [PATCH 2/3] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20php=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo_view.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/memo_view.php b/bbs/memo_view.php index 9b5f72a12..edfa4e53b 100644 --- a/bbs/memo_view.php +++ b/bbs/memo_view.php @@ -51,9 +51,9 @@ else // 다음 쪽지 -$sql = " select * from {$g5[memo_table]} +$sql = " select * from {$g5['memo_table']} where me_id < '{$me_id}' - and me_{$kind}_mb_id = '{$member[mb_id]}' + and me_{$kind}_mb_id = '{$member['mb_id']}' order by me_id desc limit 1 "; $next = sql_fetch($sql); From 067bcd2046b00055b93133162999bbc50a66554f Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 12 Aug 2019 10:22:09 +0900 Subject: [PATCH 3/3] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.3.3.2=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 7a5a4b80b..51854fc9e 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.3.1'); +define('G5_GNUBOARD_VER', '5.3.3.2'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);