Merge remote-tracking branch 'origin/master' into inicert

bbs/download.php

@@ -23,6 +23,7 @@ if (!$file['bf_file'])
     alert_close('파일 정보가 존재하지 않습니다.');
 
 // JavaScript 불가일 때
+$js = (isset($_GET['js'])) ? $_GET['js'] : '';
 if($js != 'on' && $board['bo_download_point'] < 0) {
     $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
     $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';

bbs/qalist.php

@@ -58,15 +58,33 @@ if(is_file($skin_file)) {
 
     $stx = trim($stx);
     if($stx) {
-        if (preg_match("/[a-zA-Z]/", $stx))
-            $sql_search .= " and ( INSTR(LOWER(qa_subject), LOWER('$stx')) > 0 or INSTR(LOWER(qa_content), LOWER('$stx')) > 0 )";
-        else
-            $sql_search .= " and ( INSTR(qa_subject, '$stx') > 0 or INSTR(qa_content, '$stx') > 0 ) ";
+        $sfl = trim($sfl);
+        if ($sfl) {
+            switch ($sfl) {
+                case "qa_subject" :
+                case "qa_content" :
+                case "qa_name" :
+                case "mb_id" :
+                    break;
+                default : 
+                    $sfl = "qa_subject";
+            }
+        } else {
+            $sfl = "qa_subject";
+        }
+        $sql_search .= " and (`{$sfl}` like '%{$stx}%') ";
     }
+    // $stx = trim($stx);
+    // if($stx) {
+    //     if (preg_match("/[a-zA-Z]/", $stx))
+    //         $sql_search .= " and ( INSTR(LOWER(qa_subject), LOWER('$stx')) > 0 or INSTR(LOWER(qa_content), LOWER('$stx')) > 0 )";
+    //     else
+    //         $sql_search .= " and ( INSTR(qa_subject, '$stx') > 0 or INSTR(qa_content, '$stx') > 0 ) ";
+    // }
 
     $sql_order = " order by qa_num ";
 
-    $sql = " select count(*) as cnt
+    $sql = " select count(*) as cnt 
                 $sql_common
                 $sql_search ";
     $row = sql_fetch($sql);

bbs/visit_insert.inc.php

@@ -14,7 +14,9 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
         $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
-    $user_agent  = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
+    $user_agent = '';
+    if (isset($_SERVER['HTTP_USER_AGENT']))
+        $user_agent  = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
     $vi_browser = '';
     $vi_os = '';
     $vi_device = '';

bbs/write_update.php

@@ -658,7 +658,7 @@ for ($i=(int)$row['max_bf_no']; $i>=0; $i--)
     $row2 = sql_fetch(" select bf_file from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
 
     // 정보가 있다면 빠집니다.
-    if ($row2['bf_file']) break;
+    if (isset($row2['bf_file']) && $row2['bf_file']) break;
 
     // 그렇지 않다면 정보를 삭제합니다.
     sql_query(" delete from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
@@ -725,8 +725,10 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai
     }
 
     // 옵션에 메일받기가 체크되어 있고, 게시자의 메일이 있다면
-    if (strstr($wr['wr_option'], 'mail') && $wr['wr_email'])
-        $array_email[] = $wr['wr_email'];
+    if (isset($wr['wr_option']) && isset($wr['wr_email'])) {
+        if (strstr($wr['wr_option'], 'mail') && $wr['wr_email'])
+            $array_email[] = $wr['wr_email'];
+    }
 
     // 중복된 메일 주소는 제거
     $unique_email = array_unique($array_email);