From 537c1d35d2ab16664ab9f88279ed39161cb5f12d Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 22 Oct 2014 22:20:23 +0900 Subject: [PATCH 01/23] =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=9B=84=EA=B8=B0=20?= =?UTF-8?q?=EB=B0=8F=20=EC=83=81=ED=92=88=EB=AC=B8=EC=9D=98=20=EB=82=B4?= =?UTF-8?q?=EC=9A=A9=20=EC=9D=B4=EB=AF=B8=EC=A7=80=20=EC=9E=98=EB=A6=AC?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/mobile_shop.css | 4 ++-- skin/shop/basic/style.css | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/css/mobile_shop.css b/css/mobile_shop.css index 94df2ef9d..af7291df9 100644 --- a/css/mobile_shop.css +++ b/css/mobile_shop.css @@ -136,7 +136,7 @@ a.sanchor_on {background:#626870;color:#fff !important;text-decoration:none} #sps dd img {position:relative;top:-2px} .sps_section {float:right;width:75%} -.sps_section p {padding:0;width:100%;height:1.8em;overflow:hidden} +.sps_section p {padding:0;width:100%} .sps_con_full {padding:0;height:auto !important} .sps_con_btn {margin:5px 0 0;text-align:right} .sps_con_btn button {margin:0;padding:5px;border:0;background:#565e60;color:#fff} @@ -162,7 +162,7 @@ a.sanchor_on {background:#626870;color:#fff !important;text-decoration:none} .sqa_section {float:right;width:75%} .sqa_section .sqa_con {padding:10px;background:#f2f5f9;line-height:1.7em} -.sqa_section p {padding:0;width:100%;height:1.8em;overflow:hidden} +.sqa_section p {padding:0;width:100%} .sqa_con_full {padding:0;height:auto !important} .sqa_con_btn {margin:5px 0 0;text-align:right} .sqa_con_btn button {margin:0;padding:5px;border:0;background:#565e60;color:#fff} diff --git a/skin/shop/basic/style.css b/skin/shop/basic/style.css index c3025c4f7..edffcfbd1 100644 --- a/skin/shop/basic/style.css +++ b/skin/shop/basic/style.css @@ -516,7 +516,7 @@ #sps dd img {position:relative;top:-2px} .sps_section {float:left;width:630px} -.sps_section p {padding:0;width:100%;height:20px;overflow:hidden} +.sps_section p {padding:0;width:100%} .sps_con_full {padding:0;height:auto !important} .sps_con_btn {margin:5px 0 0;text-align:right} .sps_con_btn button {margin:0;padding:5px;border:0;background:#565e60;color:#fff} @@ -542,7 +542,7 @@ .sqa_section {float:left;width:630px} .sqa_section .sqa_con {padding:10px;background:#f2f5f9;line-height:1.7em} -.sqa_section p {padding:0;width:100%;height:20px;overflow:hidden} +.sqa_section p {padding:0;width:100%} .sqa_con_full {padding:0;height:auto !important} .sqa_con_btn {margin:5px 0 0;text-align:right} .sqa_con_btn button {margin:0;padding:5px;border:0;background:#565e60;color:#fff} \ No newline at end of file From 36e6d53374dc0dacb314d1bb42503bd547c32716 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 23 Oct 2014 09:21:59 +0900 Subject: [PATCH 02/23] =?UTF-8?q?=ED=9A=8C=EC=9B=90=20=ED=99=88=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=EB=A5=BC=20=EC=9D=B4=EC=9A=A9=ED=95=9C=20SQL?= =?UTF-8?q?=20Injection=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/scrap_popin_update.php | 6 +++--- bbs/write_comment_update.php | 8 ++++---- bbs/write_update.php | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bbs/scrap_popin_update.php b/bbs/scrap_popin_update.php index 49fe298ad..ffb6e8137 100644 --- a/bbs/scrap_popin_update.php +++ b/bbs/scrap_popin_update.php @@ -40,10 +40,10 @@ if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level'])) if ($wr['wr_id']) { $mb_id = $member['mb_id']; - $wr_name = $member['mb_nick']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); $sql = " select max(wr_comment) as max_comment from $write_table where wr_parent = '$wr_id' and wr_is_comment = '1' "; diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index 667e5131e..ceb54a5ee 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -15,7 +15,7 @@ $w = $_POST["w"]; $wr_name = trim($_POST['wr_name']); $wr_email = ''; if (!empty($_POST['wr_email'])) - $wr_email = trim($_POST['wr_email']); + $wr_email = get_email_address(trim($_POST['wr_email'])); // 비회원의 경우 이름이 누락되는 경우가 있음 if ($is_guest) { @@ -52,10 +52,10 @@ if ($is_member) { $mb_id = $member['mb_id']; // 4.00.13 - 실명 사용일때 댓글에 닉네임으로 입력되던 오류를 수정 - $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { diff --git a/bbs/write_update.php b/bbs/write_update.php index 1124b849c..857889f90 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -407,9 +407,9 @@ if ($w == '' || $w == 'r') { // 자신의 글이라면 if ($member['mb_id'] == $wr['mb_id']) { $mb_id = $member['mb_id']; - $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $mb_id = $wr['mb_id']; $wr_name = $wr['wr_name']; From 50c42776e76e8d4ab3cdabbf441f4bfb034b1957 Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 24 Oct 2014 11:01:34 +0900 Subject: [PATCH 03/23] =?UTF-8?q?SQL=20Injection=20=EB=B0=8F=20=EA=B4=80?= =?UTF-8?q?=EB=A6=AC=EC=9E=90=EA=B0=80=20=EA=B2=8C=EC=8B=9C=EA=B8=80=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=EB=95=8C=20=EC=A0=95=EB=B3=B4=20=EB=B0=98?= =?UTF-8?q?=EC=98=81=EB=90=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write.php | 10 +++++----- bbs/write_update.php | 18 ++++++++++++++---- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/bbs/write.php b/bbs/write.php index 4a8e9672f..6235a4adc 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -294,10 +294,10 @@ $homepage = ""; if ($w == "" || $w == "r") { if ($is_member) { if (isset($write['wr_name'])) { - $name = get_text(cut_str($write['wr_name'],20)); + $name = get_text(cut_str(stripslashes($write['wr_name']),20)); } - $email = $member['mb_email']; - $homepage = get_text($member['mb_homepage']); + $email = get_email_address($member['mb_email']); + $homepage = get_text(stripslashes($member['mb_homepage'])); } } @@ -318,9 +318,9 @@ if ($w == '') { } } - $name = get_text(cut_str($write['wr_name'],20)); + $name = get_text(cut_str(stripslashes($write['wr_name']),20)); $email = get_email_address($write['wr_email']); - $homepage = get_text($write['wr_homepage']); + $homepage = get_text(stripslashes($write['wr_homepage'])); for ($i=1; $i<=G5_LINK_COUNT; $i++) { $write['wr_link'.$i] = get_text($write['wr_link'.$i]); diff --git a/bbs/write_update.php b/bbs/write_update.php index 857889f90..b6abef8c3 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -412,14 +412,24 @@ if ($w == '' || $w == 'r') { $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $mb_id = $wr['mb_id']; - $wr_name = $wr['wr_name']; - $wr_email = $wr['wr_email']; - $wr_homepage = $wr['wr_homepage']; + if(isset($_POST['wr_name']) && $_POST['wr_name']) + $wr_name = clean_xss_tags(trim($_POST['wr_name'])); + else + $wr_name = addslashes(clean_xss_tags($wr['wr_name'])); + if(isset($_POST['wr_email']) && $_POST['wr_email']) + $wr_email = get_email_address(trim($_POST['wr_email'])); + else + $wr_email = addslashes($wr['wr_email']); + if(isset($_POST['wr_homepage']) && $_POST['wr_homepage']) + $wr_homepage = addslashes(clean_xss_tags($_POST['wr_homepage'])); + else + $wr_homepage = addslashes(clean_xss_tags($wr['wr_homepage'])); } } else { $mb_id = ""; // 비회원의 경우 이름이 누락되는 경우가 있음 - //if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다."); + if (!trim($wr_name)) alert("이름은 필히 입력하셔야 합니다."); + $wr_name = clean_xss_tags(trim($_POST['wr_name'])); $wr_email = get_email_address(trim($_POST['wr_email'])); } From 8fc6f81f8d22d74a9f0fbd08d47474db5574f8ed Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 09:47:49 +0900 Subject: [PATCH 04/23] =?UTF-8?q?this.ref=EB=A5=BC=20this.href=EB=A1=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/common.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/js/common.js b/js/common.js index 57061e771..9bf51de92 100644 --- a/js/common.js +++ b/js/common.js @@ -468,7 +468,7 @@ $(function(){ }); $(".win_email").click(function() { - win_email(this.ref); + win_email(this.href); return false; }); @@ -478,12 +478,12 @@ $(function(){ }); $(".win_profile").click(function() { - win_profile(this.ref); + win_profile(this.href); return false; }); $(".win_homepage").click(function() { - win_homepage(this.ref); + win_homepage(this.href); return false; }); From 9ac6bdbeaaba19541011a72f73834464e024935e Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 09:52:45 +0900 Subject: [PATCH 05/23] =?UTF-8?q?class=20=EC=A7=80=EC=A0=95=20=EC=98=A4?= =?UTF-8?q?=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/popular_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/popular_list.php b/adm/popular_list.php index cc16fae58..725039337 100644 --- a/adm/popular_list.php +++ b/adm/popular_list.php @@ -57,7 +57,7 @@ $sql = " select * limit {$from_record}, {$rows} "; $result = sql_query($sql); -$listall = '전체목록'; +$listall = '전체목록'; $g5['title'] = '인기검색어관리'; include_once('./admin.head.php'); From 4ae4cc216934660f9b7f644b7c1e8d0e66d2fee6 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 10:00:15 +0900 Subject: [PATCH 06/23] =?UTF-8?q?wr=5Flink=20=EA=B0=92=EC=97=90=20substr?= =?UTF-8?q?=20=EC=A0=81=EC=9A=A9=20=EB=AC=B4=EC=8B=9C=EB=90=98=EB=8A=94=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index b6abef8c3..966f85a6a 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -53,8 +53,8 @@ if (empty($_POST)) { } $w = $_POST['w']; -$wr_link1 = trim(strip_tags($_POST['wr_link1'])); -$wr_link2 = trim(strip_tags($_POST['wr_link2'])); +$wr_link1 = trim(strip_tags($wr_link1)); +$wr_link2 = trim(strip_tags($wr_link2)); $notice_array = explode(",", $board['bo_notice']); From d98c8242af50f91a265ff19463b4abaad8bc7260 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 10:08:00 +0900 Subject: [PATCH 07/23] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EA=B8=80?= =?UTF-8?q?=EC=82=AD=EC=A0=9C=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qadelete.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bbs/qadelete.php b/bbs/qadelete.php index efa1b050e..07373f40d 100644 --- a/bbs/qadelete.php +++ b/bbs/qadelete.php @@ -17,7 +17,7 @@ if(!$count) for($i=0; $i<$count; $i++) { $qa_id = $tmp_array[$i]; - $sql = " select qa_id, qa_type, qa_status, qa_parent, qa_content, qa_file1, qa_file2 + $sql = " select qa_id, mb_id, qa_type, qa_status, qa_parent, qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_id = '$qa_id' "; $row = sql_fetch($sql); @@ -25,6 +25,10 @@ for($i=0; $i<$count; $i++) { if(!$row['qa_id']) continue; + // 자신의 글이 아니면 건너뜀 + if($is_admin != 'super' && $row['mb_id'] != $member['mb_id']) + continue; + // 첨부파일 삭제 for($k=1; $k<=2; $k++) { @unlink(G5_DATA_PATH.'/qa/'.$row['qa_file'.$k]); From 78fa0cb41bf2273b675f5fdeb30b32be6934d8d6 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 10:43:46 +0900 Subject: [PATCH 08/23] =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=97=85=EB=A1=9C?= =?UTF-8?q?=EB=93=9C=20=EB=B3=B4=EC=95=88=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write.php | 6 +- bbs/write_update.php | 212 +++++++++++++++++++++---------------------- 2 files changed, 108 insertions(+), 110 deletions(-) diff --git a/bbs/write.php b/bbs/write.php index 6235a4adc..da62a1917 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -3,9 +3,6 @@ include_once('./_common.php'); include_once(G5_EDITOR_LIB); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); -set_session('ss_bo_table', $_REQUEST['bo_table']); -set_session('ss_wr_id', $_REQUEST['wr_id']); - if (!$board['bo_table']) { alert('존재하지 않는 게시판입니다.', G5_URL); } @@ -353,6 +350,9 @@ if ($w == '') { } } +set_session('ss_bo_table', $_REQUEST['bo_table']); +set_session('ss_wr_id', $_REQUEST['wr_id']); + $subject = ""; if (isset($write['wr_subject'])) { $subject = str_replace("\"", """, get_text(cut_str($write['wr_subject'], 255), 0)); diff --git a/bbs/write_update.php b/bbs/write_update.php index 966f85a6a..7adaed4fe 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -177,112 +177,6 @@ if ($w == '' || $w == 'r') { if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject'])) alert('제목을 입력하여 주십시오.'); -// 디렉토리가 없다면 생성합니다. (퍼미션도 변경하구요.) -@mkdir(G5_DATA_PATH.'/file/'.$bo_table, G5_DIR_PERMISSION); -@chmod(G5_DATA_PATH.'/file/'.$bo_table, G5_DIR_PERMISSION); - -$chars_array = array_merge(range(0,9), range('a','z'), range('A','Z')); - -// 가변 파일 업로드 -$file_upload_msg = ''; -$upload = array(); -for ($i=0; $i $board['bo_upload_size']) { - $file_upload_msg .= '\"'.$filename.'\" 파일의 용량('.number_format($filesize).' 바이트)이 게시판에 설정('.number_format($board['bo_upload_size']).' 바이트)된 값보다 크므로 업로드 하지 않습니다.\\n'; - continue; - } - - //=================================================================\ - // 090714 - // 이미지나 플래시 파일에 악성코드를 심어 업로드 하는 경우를 방지 - // 에러메세지는 출력하지 않는다. - //----------------------------------------------------------------- - $timg = @getimagesize($tmp_file); - // image type - if ( preg_match("/\.({$config['cf_image_extension']})$/i", $filename) || - preg_match("/\.({$config['cf_flash_extension']})$/i", $filename) ) { - if ($timg['2'] < 1 || $timg['2'] > 16) - continue; - } - //================================================================= - - $upload[$i]['image'] = $timg; - - // 4.00.11 - 글답변에서 파일 업로드시 원글의 파일이 삭제되는 오류를 수정 - if ($w == 'u') { - // 존재하는 파일이 있다면 삭제합니다. - $row = sql_fetch(" select bf_file from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' "); - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']); - // 이미지파일이면 썸네일삭제 - if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) { - delete_board_thumbnail($bo_table, $row['bf_file']); - } - } - - // 프로그램 원래 파일명 - $upload[$i]['source'] = $filename; - $upload[$i]['filesize'] = $filesize; - - // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); - - shuffle($chars_array); - $shuffle = implode('', $chars_array); - - // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925) - $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.str_replace('%', '', urlencode(str_replace(' ', '_', $filename))); - - $dest_file = G5_DATA_PATH.'/file/'.$bo_table.'/'.$upload[$i]['file']; - - // 업로드가 안된다면 에러메세지 출력하고 죽어버립니다. - $error_code = move_uploaded_file($tmp_file, $dest_file) or die($_FILES['bf_file']['error'][$i]); - - // 올라간 파일의 퍼미션을 변경합니다. - chmod($dest_file, G5_FILE_PERMISSION); - } -} - if ($w == '' || $w == 'r') { if ($member['mb_id']) { @@ -497,8 +391,112 @@ if (!$group['gr_use_access'] && $board['bo_read_level'] < 2 && !$secret) { naver_syndi_ping($bo_table, $wr_id); } -//------------------------------------------------------------------------------ +// 디렉토리가 없다면 생성합니다. (퍼미션도 변경하구요.) +@mkdir(G5_DATA_PATH.'/file/'.$bo_table, G5_DIR_PERMISSION); +@chmod(G5_DATA_PATH.'/file/'.$bo_table, G5_DIR_PERMISSION); + +$chars_array = array_merge(range(0,9), range('a','z'), range('A','Z')); + // 가변 파일 업로드 +$file_upload_msg = ''; +$upload = array(); +for ($i=0; $i $board['bo_upload_size']) { + $file_upload_msg .= '\"'.$filename.'\" 파일의 용량('.number_format($filesize).' 바이트)이 게시판에 설정('.number_format($board['bo_upload_size']).' 바이트)된 값보다 크므로 업로드 하지 않습니다.\\n'; + continue; + } + + //=================================================================\ + // 090714 + // 이미지나 플래시 파일에 악성코드를 심어 업로드 하는 경우를 방지 + // 에러메세지는 출력하지 않는다. + //----------------------------------------------------------------- + $timg = @getimagesize($tmp_file); + // image type + if ( preg_match("/\.({$config['cf_image_extension']})$/i", $filename) || + preg_match("/\.({$config['cf_flash_extension']})$/i", $filename) ) { + if ($timg['2'] < 1 || $timg['2'] > 16) + continue; + } + //================================================================= + + $upload[$i]['image'] = $timg; + + // 4.00.11 - 글답변에서 파일 업로드시 원글의 파일이 삭제되는 오류를 수정 + if ($w == 'u') { + // 존재하는 파일이 있다면 삭제합니다. + $row = sql_fetch(" select bf_file from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' "); + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']); + // 이미지파일이면 썸네일삭제 + if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) { + delete_board_thumbnail($bo_table, $row['bf_file']); + } + } + + // 프로그램 원래 파일명 + $upload[$i]['source'] = $filename; + $upload[$i]['filesize'] = $filesize; + + // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 + $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + + shuffle($chars_array); + $shuffle = implode('', $chars_array); + + // 첨부파일 첨부시 첨부파일명에 공백이 포함되어 있으면 일부 PC에서 보이지 않거나 다운로드 되지 않는 현상이 있습니다. (길상여의 님 090925) + $upload[$i]['file'] = abs(ip2long($_SERVER['REMOTE_ADDR'])).'_'.substr($shuffle,0,8).'_'.str_replace('%', '', urlencode(str_replace(' ', '_', $filename))); + + $dest_file = G5_DATA_PATH.'/file/'.$bo_table.'/'.$upload[$i]['file']; + + // 업로드가 안된다면 에러메세지 출력하고 죽어버립니다. + $error_code = move_uploaded_file($tmp_file, $dest_file) or die($_FILES['bf_file']['error'][$i]); + + // 올라간 파일의 퍼미션을 변경합니다. + chmod($dest_file, G5_FILE_PERMISSION); + } +} + // 나중에 테이블에 저장하는 이유는 $wr_id 값을 저장해야 하기 때문입니다. for ($i=0; $i Date: Mon, 27 Oct 2014 10:46:57 +0900 Subject: [PATCH 09/23] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20=EC=A4=91=EB=B3=B5=20=ED=98=B8=EC=B6=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite_update.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 232678ab4..1235969f2 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -10,8 +10,6 @@ $w == u : 수정 if($is_guest) alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qalist.php')); -$qaconfig = get_qa_config(); - $msg = array(); // e-mail 체크 From 9ef65f3f251b4edd99325cd315fd3562f8668e5c Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 15:31:25 +0900 Subject: [PATCH 10/23] =?UTF-8?q?=EA=B2=BD=EA=B3=A0=20=EC=95=8C=EB=A6=BC?= =?UTF-8?q?=20=ED=9B=84=20=EC=9D=B4=EB=8F=99=20=EA=B2=BD=EB=A1=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index 7adaed4fe..11a8d185b 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -270,7 +270,7 @@ if ($w == '' || $w == 'r') { } } else if ($w == 'u') { if (get_session('ss_bo_table') != $_POST['bo_table'] || get_session('ss_wr_id') != $_POST['wr_id']) { - alert('올바른 방법으로 수정하여 주십시오.'); + alert('올바른 방법으로 수정하여 주십시오.', G5_BBS_URL.'/board.php?bo_table='.$bo_table); } $return_url = './board.php?bo_table='.$bo_table.'&wr_id='.$wr_id; From 5f12b870e6377fcd70ec4c241340c55c9702030e Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 15:46:28 +0900 Subject: [PATCH 11/23] =?UTF-8?q?=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/sms_write_send.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php index 5265708ce..c59301258 100644 --- a/adm/sms_admin/sms_write_send.php +++ b/adm/sms_admin/sms_write_send.php @@ -181,7 +181,7 @@ if ($result) $hs_memo = "인증 받지 못하였습니다. 계정을 다시 확인해 주세요."; break; default: // "미 확인 오류" - $hs_memo = "알 수 없는 오류로 전송이 실패하었습니다."; + $hs_memo = "알 수 없는 오류로 전송이 실패하였습니다."; break; } $wr_failure++; From e7c1835b1939ab976ce84c2d5632471cc12d5faf Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 27 Oct 2014 18:20:54 +0900 Subject: [PATCH 12/23] =?UTF-8?q?1:1=EB=AC=B8=EC=9D=98=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20=EA=B0=80=EC=A0=B8=EC=98=A4=EB=8A=94=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=9C=84=EC=B9=98=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite_update.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 1235969f2..3671cfcfd 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -12,6 +12,9 @@ if($is_guest) $msg = array(); +// 1:1문의 설정값 +$qaconfig = get_qa_config(); + // e-mail 체크 if(isset($_POST['qa_email']) && $qa_email) { $qa_email = get_email_address(trim($_POST['qa_email'])); @@ -69,9 +72,6 @@ for ($i=1; $i<=5; $i++) { } } -// 1:1문의 설정값 -$qaconfig = get_qa_config(); - if($w == 'u' || $w == 'a' || $w == 'r') { if($w == 'a' && !$is_admin) alert('답변은 관리자만 등록할 수 있습니다.'); From fcf518353c61cd3ce8e394ccec7ff99777202694 Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 28 Oct 2014 10:15:44 +0900 Subject: [PATCH 13/23] =?UTF-8?q?wr=5Flink=EB=A5=BC=20=EC=9D=B4=EC=9A=A9?= =?UTF-8?q?=ED=95=9C=20sql=20injection=20=EB=8C=80=EC=9D=91=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index 11a8d185b..fcc33c999 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -28,11 +28,15 @@ if ($wr_content == '') { $wr_link1 = ''; if (isset($_POST['wr_link1'])) { $wr_link1 = substr($_POST['wr_link1'],0,1000); + $wr_link1 = trim(strip_tags($wr_link1)); + $wr_link1 = preg_replace("#[\\\]+$#", "", $wr_link1); } $wr_link2 = ''; if (isset($_POST['wr_link2'])) { $wr_link2 = substr($_POST['wr_link2'],0,1000); + $wr_link2 = trim(strip_tags($wr_link2)); + $wr_link2 = preg_replace("#[\\\]+$#", "", $wr_link2); } $msg = implode('
', $msg); @@ -52,10 +56,6 @@ if (empty($_POST)) { alert("파일 또는 글내용의 크기가 서버에서 설정한 값을 넘어 오류가 발생하였습니다.\\npost_max_size=".ini_get('post_max_size')." , upload_max_filesize=".$upload_max_filesize."\\n게시판관리자 또는 서버관리자에게 문의 바랍니다."); } -$w = $_POST['w']; -$wr_link1 = trim(strip_tags($wr_link1)); -$wr_link2 = trim(strip_tags($wr_link2)); - $notice_array = explode(",", $board['bo_notice']); if ($w == 'u' || $w == 'r') { From 4c8349fbb50d3aaf91f3ef11f356076a344a8e2b Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 28 Oct 2014 10:16:34 +0900 Subject: [PATCH 14/23] =?UTF-8?q?=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.head.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/admin.head.php b/adm/admin.head.php index c175f62f3..c8253f8ac 100644 --- a/adm/admin.head.php +++ b/adm/admin.head.php @@ -95,7 +95,7 @@ function imageview(id, w, h) continue; } $current_class = ""; - if (isset($sub_menu) && (substr($sub_menu, 0, 2) == substr($menu['menu'.$key][0][0], 0, 2))) + if (isset($sub_menu) && (substr($sub_menu, 0, 3) == substr($menu['menu'.$key][0][0], 0, 3))) $current_class = " gnb_1dli_air"; $gnb_str .= '
  • '.PHP_EOL; $gnb_str .= $href1 . $menu['menu'.$key][0][1] . $href2; From a2cd8b24a1ba094a0f81303a6f6eec1b4bf4b2bc Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 29 Oct 2014 14:36:29 +0900 Subject: [PATCH 15/23] =?UTF-8?q?=EC=83=81=ED=92=88=EB=AC=B8=EC=9D=98=20?= =?UTF-8?q?=EA=B4=80=EB=A6=AC=20=EC=9D=B4=EB=A6=84=20=EA=B4=80=EB=A0=A8=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/itemqaform.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/shop_admin/itemqaform.php b/adm/shop_admin/itemqaform.php index a1655b722..eafc1964c 100644 --- a/adm/shop_admin/itemqaform.php +++ b/adm/shop_admin/itemqaform.php @@ -12,7 +12,7 @@ $sql = " select * $iq = sql_fetch($sql); if (!$iq['iq_id']) alert('등록된 자료가 없습니다.'); -$name = get_sideview($is['mb_id'], get_text($iq['iq_name']), $is['mb_email'], $is['mb_homepage']); +$name = get_sideview($iq['mb_id'], get_text($iq['iq_name']), $iq['mb_email'], $iq['mb_homepage']); $g5['title'] = '상품문의'; include_once (G5_ADMIN_PATH.'/admin.head.php'); From dc9760c05b2a638224bb27fd9c074797bfe5c4d1 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 29 Oct 2014 15:39:48 +0900 Subject: [PATCH 16/23] =?UTF-8?q?=EB=B0=B0=EB=84=88=20=EC=B6=9C=EB=A0=A5?= =?UTF-8?q?=20=EC=8A=A4=ED=82=A8=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/shop/basic/boxbanner.skin.php | 11 ++++++----- skin/shop/basic/mainbanner.10.skin.php | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/skin/shop/basic/boxbanner.skin.php b/skin/shop/basic/boxbanner.skin.php index da50719a4..940fda89b 100644 --- a/skin/shop/basic/boxbanner.skin.php +++ b/skin/shop/basic/boxbanner.skin.php @@ -12,22 +12,23 @@ for ($i=0; $row=sql_fetch_array($result); $i++) if ($i==0) echo '