그누보드 5.0.25 보안패치 및 수정내역 적용

adm/board_copy_update.php

@@ -58,6 +58,7 @@ $sql = " insert into {$g5['board_table']}
                 bo_use_rss_view = '{$board[bo_use_rss_view]}',
                 bo_use_good = '{$board[bo_use_good]}',
                 bo_use_nogood = '{$board[bo_use_nogood]}',
+                bo_use_name = '{$board[bo_use_name]}',
                 bo_use_signature = '{$board[bo_use_signature]}',
                 bo_use_ip_view = '{$board[bo_use_ip_view]}',
                 bo_use_list_view = '{$board['bo_use_list_view']}',
@@ -179,10 +180,10 @@ if (count($file_copy)) {
                     set bo_table = '$target_table',
                          wr_id = '{$file_copy[$i]['wr_id']}',
                          bf_no = '{$file_copy[$i]['bf_no']}',
-                         bf_source = '{$file_copy[$i]['bf_source']}',
+                         bf_source = '".addslashes($file_copy[$i]['bf_source'])."',
                          bf_file = '{$file_copy[$i]['bf_file']}',
                          bf_download = '{$file_copy[$i]['bf_download']}',
-                         bf_content = '{$file_copy[$i]['bf_content']}',
+                         bf_content = '".addslashes($file_copy[$i]['bf_content'])."',
                          bf_filesize = '{$file_copy[$i]['bf_filesize']}',
                          bf_width = '{$file_copy[$i]['bf_width']}',
                          bf_height = '{$file_copy[$i]['bf_height']}',

bbs/move_update.php

@@ -121,7 +121,7 @@ while ($row = sql_fetch_array($result))
                                 set bo_table = '$move_bo_table',
                                      wr_id = '$insert_id',
                                      bf_no = '{$row3['bf_no']}',
-                                     bf_source = '{$row3['bf_source']}',
+                                     bf_source = '".addslashes($row3['bf_source'])."',
                                      bf_file = '{$row3['bf_file']}',
                                      bf_download = '{$row3['bf_download']}',
                                      bf_content = '".addslashes($row3['bf_content'])."',

common.php

@@ -266,7 +266,6 @@ $_SESSION['ss_is_mobile'] = $is_mobile;
 define('G5_IS_MOBILE', $is_mobile);
 define('G5_DEVICE_BUTTON_DISPLAY', $set_device);
 if (G5_IS_MOBILE) {
-    include_once(G5_LIB_PATH.'/mobile.lib.php'); // 모바일 전용 라이브러리
     $g5['mobile_path'] = G5_PATH.'/'.$g5['mobile_dir'];
 }
 //==============================================================================

head.sub.php

@@ -17,8 +17,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = $_SERVER['REQUEST_URI'];
-$g5['lo_url'] = $_SERVER['REQUEST_URI'];
+    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
+$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';
 
 /*

lib/register.lib.php

@@ -115,7 +115,7 @@ function prohibit_mb_email($reg_mb_email)
     list($id, $domain) = explode("@", $reg_mb_email);
     $email_domains = explode("\n", trim($config['cf_prohibit_email']));
     for ($i=0; $i<count($email_domains); $i++) {
-        if (strtolower($domain) == strtolower($email_domains[$i]))
+        if (strtolower(settype($domain, "string")) == strtolower(settype($email_domains[$i], "string")))
             return "$domain 메일은 사용할 수 없습니다.";
     }
     return "";