firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'g5'

Browse Source
This commit is contained in:
chicpro
2016-02-11 10:56:11 +09:00
parent 3dad98c975 1a142e5250
commit 96f6252d7b
15 changed files with 34 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/alert.php
View File

@ -33,6 +33,8 @@ $msg2 = str_replace("\\n", "<br>", $msg);
$url = clean_xss_tags($url); $url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']); if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
// url 체크 // url 체크
check_url_host($url); check_url_host($url);

6
bbs/formmail.php
View File

@ -28,6 +28,12 @@ if ($sendmail_count > 3)
$g5['title'] = '메일 쓰기'; $g5['title'] = '메일 쓰기';
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
$email = get_email_address(base64_decode($email));
if(!$email)
alert_close('이메일이 올바르지 않습니다.');
$email = base64_encode($email);
if (!$name) if (!$name)
$name = base64_decode($email); $name = base64_decode($email);
else else

2
bbs/member_confirm.php
View File

@ -19,6 +19,8 @@ $url = clean_xss_tags($_GET['url']);
// url 체크 // url 체크
check_url_host($url); check_url_host($url);
$url = get_text($url);
include_once($member_skin_path.'/member_confirm.skin.php'); include_once($member_skin_path.'/member_confirm.skin.php');
include_once('./_tail.sub.php'); include_once('./_tail.sub.php');

4
mobile/skin/board/basic/view_comment.skin.php
View File

@ -53,8 +53,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

4
mobile/skin/board/gallery/view_comment.skin.php
View File

@ -53,8 +53,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

1
mobile/skin/member/basic/formmail.skin.php
View File

@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;"> <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
<input type="hidden" name="to" value="<?php echo $email ?>"> <input type="hidden" name="to" value="<?php echo $email ?>">
<input type="hidden" name="attach" value="2"> <input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?> <?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>"> <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>"> <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">

4
skin/board/basic/view_comment.skin.php
View File

@ -59,8 +59,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

4
skin/board/gallery/view_comment.skin.php
View File

@ -59,8 +59,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

1
skin/member/basic/formmail.skin.php
View File

@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;"> <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
<input type="hidden" name="to" value="<?php echo $email ?>"> <input type="hidden" name="to" value="<?php echo $email ?>">
<input type="hidden" name="attach" value="2"> <input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?> <?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>"> <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>"> <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">

4
theme/basic/mobile/skin/board/basic/view_comment.skin.php
View File

@ -53,8 +53,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

4
theme/basic/mobile/skin/board/gallery/view_comment.skin.php
View File

@ -53,8 +53,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

1
theme/basic/mobile/skin/member/basic/formmail.skin.php
View File

@ -11,7 +11,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;"> <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
<input type="hidden" name="to" value="<?php echo $email ?>"> <input type="hidden" name="to" value="<?php echo $email ?>">
<input type="hidden" name="attach" value="2"> <input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?> <?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>"> <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']); ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>"> <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">

4
theme/basic/skin/board/basic/view_comment.skin.php
View File

@ -59,8 +59,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

4
theme/basic/skin/board/gallery/view_comment.skin.php
View File

@ -59,8 +59,10 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']); $query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') { if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' "; $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql); $cmt = sql_fetch($sql);
if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
$cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content']; $c_wr_content = $cmt['wr_content'];
} }

1
theme/basic/skin/member/basic/formmail.skin.php
View File

@ -12,7 +12,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;"> <form name="fformmail" action="./formmail_send.php" onsubmit="return fformmail_submit(this);" method="post" enctype="multipart/form-data" style="margin:0px;">
<input type="hidden" name="to" value="<?php echo $email ?>"> <input type="hidden" name="to" value="<?php echo $email ?>">
<input type="hidden" name="attach" value="2"> <input type="hidden" name="attach" value="2">
<input type="hidden" name="token" value="<?php echo $token ?>">
<?php if ($is_member) { // 회원이면 ?> <?php if ($is_member) { // 회원이면 ?>
<input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>"> <input type="hidden" name="fnick" value="<?php echo get_text($member['mb_nick']) ?>">
<input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>"> <input type="hidden" name="fmail" value="<?php echo $member['mb_email'] ?>">