common.php 에서 install 폴더 체크 주석처리

2013-03-14 09:39:49 +09:00
parent cc5063d012
commit 8ba59fe9b0
7 changed files with 65 additions and 63 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 data
 dbconfig.php
--- a/common.php
+++ b/common.php
@ -102,48 +102,48 @@ if ($_GET['g4_path'] || $_POST['g4_path'] || $_COOKIE['g4_path']) {
 //==========================================================================================================================
 // XSS(Cross Site Scripting) 공격에 의한 데이터 검증 및 차단
 //--------------------------------------------------------------------------------------------------------------------------
-function xss_clean($data) 
+function xss_clean($data)
-{ 
+{
-    // If its empty there is no point cleaning it :\ 
+    // If its empty there is no point cleaning it :\
-    if(empty($data)) 
+    if(empty($data))
-        return $data; 
+        return $data;
-         
+
-    // Recursive loop for arrays 
+    // Recursive loop for arrays
-    if(is_array($data)) 
+    if(is_array($data))
-    { 
+    {
-        foreach($data as $key => $value) 
+        foreach($data as $key => $value)
-        { 
+        {
-            $data[$key] = xss_clean($value); 
+            $data[$key] = xss_clean($value);
-        } 
+        }
-         
+
-        return $data; 
+        return $data;
-    } 
+    }
-     
+
-    // http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php 
+    // http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
-    // +----------------------------------------------------------------------+ 
+    // +----------------------------------------------------------------------+
-    // | Copyright (c) 2001-2006 Bitflux GmbH                                 | 
+    // | Copyright (c) 2001-2006 Bitflux GmbH                                 |
-    // +----------------------------------------------------------------------+ 
+    // +----------------------------------------------------------------------+
-    // | Licensed under the Apache License, Version 2.0 (the "License");      | 
+    // | Licensed under the Apache License, Version 2.0 (the "License");      |
-    // | you may not use this file except in compliance with the License.     | 
+    // | you may not use this file except in compliance with the License.     |
-    // | You may obtain a copy of the License at                              | 
+    // | You may obtain a copy of the License at                              |
-    // | http://www.apache.org/licenses/LICENSE-2.0                           | 
+    // | http://www.apache.org/licenses/LICENSE-2.0                           |
-    // | Unless required by applicable law or agreed to in writing, software  | 
+    // | Unless required by applicable law or agreed to in writing, software  |
-    // | distributed under the License is distributed on an "AS IS" BASIS,    | 
+    // | distributed under the License is distributed on an "AS IS" BASIS,    |
-    // | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or      | 
+    // | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or      |
-    // | implied. See the License for the specific language governing         | 
+    // | implied. See the License for the specific language governing         |
-    // | permissions and limitations under the License.                       | 
+    // | permissions and limitations under the License.                       |
-    // +----------------------------------------------------------------------+ 
+    // +----------------------------------------------------------------------+
-    // | Author: Christian Stocker <chregu@bitflux.ch>                        | 
+    // | Author: Christian Stocker <chregu@bitflux.ch>                        |
-    // +----------------------------------------------------------------------+ 
+    // +----------------------------------------------------------------------+
-     
+
-    // Fix &entity\n; 
+    // Fix &entity\n;
-    $data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data); 
+    $data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data);
-    $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/', '$1;', $data); 
+    $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/', '$1;', $data);
-    $data = preg_replace('/(&#x*[0-9A-F]+);*/i', '$1;', $data); 
+    $data = preg_replace('/(&#x*[0-9A-F]+);*/i', '$1;', $data);
    if (function_exists("html_entity_decode"))
    {
-        $data = html_entity_decode($data); 
+        $data = html_entity_decode($data);
    }
    else
    {
@ -152,32 +152,32 @@ function xss_clean($data)
        $data = strtr($data, $trans_tbl);
    }
-    // Remove any attribute starting with "on" or xmlns 
+    // Remove any attribute starting with "on" or xmlns
-    $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#i', '$1>', $data); 
+    $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#i', '$1>', $data);
-    // Remove javascript: and vbscript: protocols 
+    // Remove javascript: and vbscript: protocols
-    $data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2nojavascript...', $data); 
+    $data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2nojavascript...', $data);
-    $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2novbscript...', $data); 
+    $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#i', '$1=$2novbscript...', $data);
-    $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#', '$1=$2nomozbinding...', $data); 
+    $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#', '$1=$2nomozbinding...', $data);
-    // Only works in IE: <span style="width: expression(alert('Ping!'));"></span> 
+    // Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
-    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data); 
+    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
-    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data); 
+    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
-    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#i', '$1>', $data); 
+    $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#i', '$1>', $data);
-    // Remove namespaced elements (we do not need them) 
+    // Remove namespaced elements (we do not need them)
-    $data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data); 
+    $data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);
-    do 
+    do
-    { 
+    {
-        // Remove really unwanted tags 
+        // Remove really unwanted tags
-        $old_data = $data; 
+        $old_data = $data;
-        $data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data); 
+        $data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
-    } 
+    }
-    while ($old_data !== $data); 
+    while ($old_data !== $data);
-     
+
-    return $data; 
+    return $data;
-} 
+}
 $_GET = xss_clean($_GET);
 //==========================================================================================================================
@ -226,7 +226,7 @@ include_once("$g4[path]/lib/constant.php");  // 상수 정의
 include_once("$g4[path]/config.php");  // 설정 파일
 include_once("$g4[path]/lib/common.lib.php"); // 공통 라이브러리
-//header("Content-Type: text/html; charset={$g4['charset']}"); 
+//header("Content-Type: text/html; charset={$g4['charset']}");
 // config.php 가 있는곳의 웹경로
 if (!$g4['url'])
@ -252,7 +252,7 @@ $dirname = dirname(__FILE__).'/';
 $dbconfig_file = "dbconfig.php";
 if (file_exists("$g4[path]/$dbconfig_file"))
 {
-    if (is_dir("$g4[path]/install")) die("<meta http-equiv='content-type' content='text/html; charset=$g4[charset]'><script type='text/javascript'> alert('install 디렉토리를 삭제하여야 정상 실행됩니다.'); </script>");
+    //if (is_dir("$g4[path]/install")) die("<meta http-equiv='content-type' content='text/html; charset=$g4[charset]'><script type='text/javascript'> alert('install 디렉토리를 삭제하여야 정상 실행됩니다.'); </script>");
    include_once("$g4[path]/$dbconfig_file");
    $connect_db = sql_connect($mysql_host, $mysql_user, $mysql_password);
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN