From 541cb5244d2d1d2bdd3a36e444eefae4df9a0b92 Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 14 Oct 2014 09:02:38 +0900 Subject: [PATCH 01/11] =?UTF-8?q?get=5Feditor=5Fimage=20=ED=95=A8=EC=88=98?= =?UTF-8?q?=EC=97=90=EC=84=9C=20=EB=8C=80=EC=86=8C=EB=AC=B8=EC=9E=90=20?= =?UTF-8?q?=EA=B5=AC=EB=B6=84=ED=95=98=EC=A7=80=20=EC=95=8A=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 4bd59b75e..f14f81dae 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2045,7 +2045,7 @@ function get_editor_image($contents, $view=true) if ($view) $pattern = "/]*)>/iS"; else - $pattern = "/]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/"; + $pattern = "/]*src=[\'\"]?([^>\'\"]+[^>\'\"]+)[\'\"]?[^>]*>/i"; preg_match_all($pattern, $contents, $matchs); return $matchs; From acbd99f2edc9ba2fb0bdfd4d4fbd55d9ac3c11e8 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 15 Oct 2014 10:20:49 +0900 Subject: [PATCH 02/11] =?UTF-8?q?=EB=82=B4=EC=9A=A9=EA=B4=80=EB=A6=AC=20?= =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=EC=93=B0=EA=B8=B0=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/contentform.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/contentform.php b/adm/contentform.php index 730d3072b..8f00030ff 100644 --- a/adm/contentform.php +++ b/adm/contentform.php @@ -67,7 +67,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); 내용 - + From 6fb06a056437aa5265ed2410758d380bc940b119 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 15 Oct 2014 16:03:57 +0900 Subject: [PATCH 03/11] =?UTF-8?q?=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/board_list.php b/adm/board_list.php index 47be2d2a3..1c51da1d2 100644 --- a/adm/board_list.php +++ b/adm/board_list.php @@ -138,7 +138,7 @@ $colspan = 15; - + From f65540dd19b44dba9c0160f5f0f02ee295aa449f Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 15 Oct 2014 17:00:07 +0900 Subject: [PATCH 04/11] =?UTF-8?q?FAQ=20=EA=B4=80=EB=A6=AC=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/faqform.php | 3 ++- adm/faqmasterform.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/adm/faqform.php b/adm/faqform.php index b3852c07e..c9514b4c2 100644 --- a/adm/faqform.php +++ b/adm/faqform.php @@ -9,7 +9,6 @@ $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' "; $fm = sql_fetch($sql); $html_title = 'FAQ '.$fm['fm_subject'];; -$g5['title'] = $html_title.' 관리'; if ($w == "u") { @@ -26,6 +25,8 @@ if ($w == "u") else $html_title .= ' 항목 입력'; +$g5['title'] = $html_title.' 관리'; + include_once (G5_ADMIN_PATH.'/admin.head.php'); ?> diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php index 54a5f67ad..84100dcbc 100644 --- a/adm/faqmasterform.php +++ b/adm/faqmasterform.php @@ -6,7 +6,6 @@ include_once(G5_EDITOR_LIB); auth_check($auth[$sub_menu], "w"); $html_title = 'FAQ'; -$g5['title'] = $html_title.' 관리'; if ($w == "u") { @@ -22,6 +21,8 @@ else $html_title .= ' 입력'; } +$g5['title'] = $html_title.' 관리'; + // 모바일 상하단 내용 필드추가 if(!sql_query(" select fm_mobile_head_html from {$g5['faq_master_table']} limit 1 ", false)) { sql_query(" ALTER TABLE `{$g5['faq_master_table']}` From f3b6f583442f082e9ab5d34ebcc3dd312f36d25c Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 17 Oct 2014 09:57:10 +0900 Subject: [PATCH 05/11] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=EA=B8=80=20=EB=B0=8F?= =?UTF-8?q?=20=EB=8C=93=EA=B8=80=20=EC=9E=91=EC=84=B1=EC=8B=9C=20=EC=98=AC?= =?UTF-8?q?=EB=B0=94=EB=A5=B4=EC=A7=80=20=EC=95=8A=EC=9D=80=20=EC=9D=B4?= =?UTF-8?q?=EB=A6=84=EC=9E=85=EB=A0=A5=EC=9C=BC=EB=A1=9C=20=EC=9D=B8?= =?UTF-8?q?=ED=95=9C=20new=20=ED=8E=98=EC=9D=B4=EC=A7=80=20=EC=98=A4?= =?UTF-8?q?=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/new.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/new.php b/bbs/new.php index 5c9919e1e..f8fc7ecc4 100644 --- a/bbs/new.php +++ b/bbs/new.php @@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' "); $list[$i] = $row2; - $name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']); + $name = get_sideview($row2['mb_id'], get_text(cut_str($row2['wr_name'], $config['cf_cut_name'])), $row2['wr_email'], $row2['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row2['wr_datetime'],0,10); $datetime2 = $row2['wr_datetime']; @@ -79,7 +79,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) { $list[$i]['wr_email'] = $row3['wr_email']; $list[$i]['wr_homepage'] = $row3['wr_homepage']; - $name = get_sideview($row3['mb_id'], cut_str($row3['wr_name'], $config['cf_cut_name']), $row3['wr_email'], $row3['wr_homepage']); + $name = get_sideview($row3['mb_id'], get_text(cut_str($row3['wr_name'], $config['cf_cut_name'])), $row3['wr_email'], $row3['wr_homepage']); // 당일인 경우 시간으로 표시함 $datetime = substr($row3['wr_datetime'],0,10); $datetime2 = $row3['wr_datetime']; From be8c7e3ee5f4c059feb003b6b6131bd99685db1e Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 17 Oct 2014 10:03:03 +0900 Subject: [PATCH 06/11] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EA=B0=80=EC=9E=85?= =?UTF-8?q?=EC=8B=9C=20=EC=98=AC=EB=B0=94=EB=A5=B4=EC=A7=80=20=EC=95=8A?= =?UTF-8?q?=EC=9D=80=20=EC=9D=B4=EB=A6=84=EC=9E=85=EB=A0=A5=EC=9C=BC?= =?UTF-8?q?=EB=A1=9C=20=EC=9D=B8=ED=95=9C=20=EA=B0=80=EC=9E=85=EC=99=84?= =?UTF-8?q?=EB=A3=8C=20=ED=8E=98=EC=9D=B4=EC=A7=80=20=EC=98=A4=EB=A5=98=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/member/basic/register_result.skin.php | 2 +- skin/member/basic/register_result.skin.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mobile/skin/member/basic/register_result.skin.php b/mobile/skin/member/basic/register_result.skin.php index 73517f159..44ebe9dd4 100644 --- a/mobile/skin/member/basic/register_result.skin.php +++ b/mobile/skin/member/basic/register_result.skin.php @@ -8,7 +8,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.

diff --git a/skin/member/basic/register_result.skin.php b/skin/member/basic/register_result.skin.php index d1e8cf51f..1267d20ee 100644 --- a/skin/member/basic/register_result.skin.php +++ b/skin/member/basic/register_result.skin.php @@ -9,7 +9,7 @@ add_stylesheet('',

- 님의 회원가입을 진심으로 축하합니다.
+ 님의 회원가입을 진심으로 축하합니다.

From 12f9a05106b73b4c5f887eaa594b5ba988d3d60c Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 17 Oct 2014 11:15:36 +0900 Subject: [PATCH 07/11] =?UTF-8?q?XSS=20=EB=B0=8F=20SQL=20Injection=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/profile.php | 2 +- bbs/register_form_update.php | 3 +++ bbs/write_update.php | 9 +++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/bbs/profile.php b/bbs/profile.php index 8169ddae0..158f32ead 100644 --- a/bbs/profile.php +++ b/bbs/profile.php @@ -24,7 +24,7 @@ $sql = " select (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS('{$mb['mb_datetime']}') $row = sql_fetch($sql); $mb_reg_after = $row['days']; -$mb_homepage = set_http($mb['mb_homepage']); +$mb_homepage = set_http(clean_xss_tags($mb['mb_homepage'])); $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 내용이 없습니다.'; include_once($member_skin_path.'/profile.skin.php'); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 1dbf061f2..62da0224a 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -110,6 +110,9 @@ if ($w == '' || $w == 'u') { if ($msg = exist_mb_email($mb_email, $mb_id)) alert($msg, "", true, true); } +$mb_name = clean_xss_tags($mb_name); +$mb_email = get_email_address($mb_email); +$mb_homepage = clean_xss_tags($mb_homepage); $mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1); $mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2); $mb_addr1 = clean_xss_tags($mb_addr1); diff --git a/bbs/write_update.php b/bbs/write_update.php index cdb140102..1124b849c 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -287,18 +287,19 @@ if ($w == '' || $w == 'r') { if ($member['mb_id']) { $mb_id = $member['mb_id']; - $wr_name = $board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick']; + $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; - $wr_email = $member['mb_email']; - $wr_homepage = $member['mb_homepage']; + $wr_email = addslashes($member['mb_email']); + $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = trim($_POST['wr_name']); + $wr_name = clean_xss_tags(trim($_POST['wr_name'])); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); $wr_email = get_email_address(trim($_POST['wr_email'])); + $wr_homepage = clean_xss_tags($wr_homepage); } if ($w == 'r') { From 9691405fd43dad6d70d3570f34500ffb1f9c6365 Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 17 Oct 2014 13:22:26 +0900 Subject: [PATCH 08/11] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20XSS=20?= =?UTF-8?q?=EB=8C=80=EC=9D=91=20=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/boardgroupmember_form.php | 2 +- adm/boardgroupmember_list.php | 2 +- adm/index.php | 4 ++-- adm/mail_select_list.php | 4 ++-- adm/mail_test.php | 2 +- adm/member_list.php | 4 ++-- adm/point_list.php | 2 +- lib/common.lib.php | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/adm/boardgroupmember_form.php b/adm/boardgroupmember_form.php index 01df7dcfa..70d014c82 100644 --- a/adm/boardgroupmember_form.php +++ b/adm/boardgroupmember_form.php @@ -20,7 +20,7 @@ $colspan = 4;
-

아이디 , 이름 , 닉네임

+

아이디 , 이름 , 닉네임

- + - + > diff --git a/adm/point_list.php b/adm/point_list.php index 8d127e1aa..08f44d5b1 100644 --- a/adm/point_list.php +++ b/adm/point_list.php @@ -163,7 +163,7 @@ function point_clear() - +
diff --git a/lib/common.lib.php b/lib/common.lib.php index f14f81dae..4d9660b77 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1199,7 +1199,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='') global $bo_table, $sca, $is_admin, $member; $email = base64_encode($email); - $homepage = set_http($homepage); + $homepage = set_http(clean_xss_tags($homepage)); $name = preg_replace("/\'/", "", $name); $name = preg_replace("/\'/", "", $name); From 743c206bc79713d57ea1c83929971bcd718daae8 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 17 Oct 2014 13:49:04 +0900 Subject: [PATCH 09/11] =?UTF-8?q?=EC=98=AC=EB=B0=94=EB=A5=B4=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EC=9D=80=20=EC=9D=B4=EB=A6=84=EC=9E=85=EB=A0=A5?= =?UTF-8?q?=EC=9C=BC=EB=A1=9C=20=EC=9D=B8=ED=95=9C=20sms5=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=80=20=EC=98=A4=EB=A5=98=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/ajax.sms_write_person.php | 6 +++--- adm/sms_admin/member_update_run.php | 2 +- adm/sms_admin/num_book.php | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php index 686f4a8fa..d30820d19 100644 --- a/adm/sms_admin/ajax.sms_write_person.php +++ b/adm/sms_admin/ajax.sms_write_person.php @@ -106,16 +106,16 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res); ?> - + - + - + diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php index 41467cd53..94efc229c 100644 --- a/adm/sms_admin/member_update_run.php +++ b/adm/sms_admin/member_update_run.php @@ -48,7 +48,7 @@ while ($res = sql_fetch_array($qry)) if ($hp == '') $bk_receipt = 0; else $bk_receipt = $res['mb_sms']; - $field = "mb_id='{$res['mb_id']}', bk_name='{$res['mb_name']}', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'"; + $field = "mb_id='{$res['mb_id']}', bk_name='".addslashes($res['mb_name'])."', bk_hp='{$hp}', bk_receipt='{$bk_receipt}', bk_datetime='".G5_TIME_YMDHIS."'"; $res2 = sql_fetch("select * from {$g5['sms5_book_table']} where mb_id='{$res['mb_id']}'"); if ($res2) // 기존에 등록되어 있을 경우 업데이트 diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php index 0a7422410..1e31e18b5 100644 --- a/adm/sms_admin/num_book.php +++ b/adm/sms_admin/num_book.php @@ -181,12 +181,12 @@ function no_hp_click(val) ?> - + - + 수신' : '거부'?> From 7863d42834ba27d35ff3c4b6baf32f3b0154c1ab Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 20 Oct 2014 09:42:08 +0900 Subject: [PATCH 10/11] =?UTF-8?q?=EC=84=A4=EB=AC=B8=EC=A1=B0=EC=82=AC=20?= =?UTF-8?q?=EA=B8=B0=ED=83=80=EC=9D=98=EA=B2=AC=20XSS=20=EA=B3=B5=EA=B2=A9?= =?UTF-8?q?=20=EB=8C=80=EC=9D=91=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/poll_etc_update.php | 2 +- bbs/poll_result.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bbs/poll_etc_update.php b/bbs/poll_etc_update.php index 9828bdc35..35df2dbd4 100644 --- a/bbs/poll_etc_update.php +++ b/bbs/poll_etc_update.php @@ -18,7 +18,7 @@ if ($w == '') $pc_idea = stripslashes($pc_idea); - $name = cut_str($pc_name, $config['cf_cut_name']); + $name = get_text(cut_str($pc_name, $config['cf_cut_name'])); $mb_id = ''; if ($member['mb_id']) $mb_id = '('.$member['mb_id'].')'; diff --git a/bbs/poll_result.php b/bbs/poll_result.php index 7e549abcc..0866439a8 100644 --- a/bbs/poll_result.php +++ b/bbs/poll_result.php @@ -53,8 +53,8 @@ $sql = " select a.*, b.mb_open where po_id = '{$po_id}' order by pc_id desc "; $result = sql_query($sql); for ($i=0; $row=sql_fetch_array($result); $i++) { - $list2[$i]['pc_name'] = $row['pc_name']; - $list2[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['pc_name'],10), '', '', $row['mb_open']); + $list2[$i]['pc_name'] = get_text($row['pc_name']); + $list2[$i]['name'] = get_sideview($row['mb_id'], get_text(cut_str($row['pc_name'],10)), '', '', $row['mb_open']); $list2[$i]['idea'] = get_text(cut_str($row['pc_idea'], 255)); $list2[$i]['datetime'] = $row['pc_datetime']; From 46f484461fee5b328161af3377b3a4217887c381 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 20 Oct 2014 10:33:18 +0900 Subject: [PATCH 11/11] =?UTF-8?q?DHTML=20=EC=97=90=EB=94=94=ED=84=B0=20?= =?UTF-8?q?=EA=B4=80=EB=A0=A8=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form.php | 8 ++++---- adm/faqform.php | 7 ++----- adm/faqmasterform.php | 8 ++++---- adm/mail_form.php | 4 ++-- adm/mail_preview.php | 6 +++--- adm/newwinform.php | 2 +- adm/qa_config.php | 8 ++++---- bbs/faq.php | 4 ++-- bbs/qahead.php | 4 ++-- bbs/qatail.php | 4 ++-- mobile/skin/faq/basic/list.skin.php | 4 ++-- skin/faq/basic/list.skin.php | 4 ++-- 12 files changed, 30 insertions(+), 33 deletions(-) diff --git a/adm/board_form.php b/adm/board_form.php index 1cc440d6e..1bf23223c 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -842,7 +842,7 @@ $frm_submit .= '
'; - + @@ -854,7 +854,7 @@ $frm_submit .= '
'; - + @@ -866,7 +866,7 @@ $frm_submit .= '
'; - + @@ -878,7 +878,7 @@ $frm_submit .= ''; - + diff --git a/adm/faqform.php b/adm/faqform.php index c9514b4c2..19ed0894d 100644 --- a/adm/faqform.php +++ b/adm/faqform.php @@ -18,9 +18,6 @@ if ($w == "u") $sql = " select * from {$g5['faq_table']} where fa_id = '$fa_id' "; $fa = sql_fetch($sql); if (!$fa['fa_id']) alert("등록된 자료가 없습니다."); - - $fa['fa_subject'] = htmlspecialchars2($fa['fa_subject']); - $fa['fa_content'] = htmlspecialchars2($fa['fa_content']); } else $html_title .= ' 항목 입력'; @@ -53,11 +50,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); 질문 - + 답변 - + diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php index 84100dcbc..eb7f105a8 100644 --- a/adm/faqmasterform.php +++ b/adm/faqmasterform.php @@ -113,25 +113,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); 상단 내용 - + 하단 내용 - + 모바일상단 내용 - + 모바일하단 내용 - + diff --git a/adm/mail_form.php b/adm/mail_form.php index f743b7fb4..579c46bf6 100644 --- a/adm/mail_form.php +++ b/adm/mail_form.php @@ -46,7 +46,7 @@ include_once('./admin.head.php'); - + @@ -74,7 +74,7 @@ function fmailform_check(f) - + return true; } diff --git a/adm/mail_preview.php b/adm/mail_preview.php index 110d3bae2..16abd479d 100644 --- a/adm/mail_preview.php +++ b/adm/mail_preview.php @@ -8,7 +8,7 @@ auth_check($auth[$sub_menu], 'r'); $se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' "); $subject = $se['ma_subject']; -$content = $se['ma_content'] . "

▶ 더 이상 정보 수신을 원치 않으시면 [수신거부] 해 주십시오.

"; +$content = conv_content($se['ma_content'], 1) . "

▶ 더 이상 정보 수신을 원치 않으시면 [수신거부] 해 주십시오.

"; ?> @@ -20,10 +20,10 @@ $content = $se['ma_content'] . "

+

diff --git a/adm/newwinform.php b/adm/newwinform.php index 9fb2452db..ac83b261c 100644 --- a/adm/newwinform.php +++ b/adm/newwinform.php @@ -111,7 +111,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); - + diff --git a/adm/qa_config.php b/adm/qa_config.php index c7921d1e1..4357e0240 100644 --- a/adm/qa_config.php +++ b/adm/qa_config.php @@ -268,25 +268,25 @@ if(!isset($qaconfig['qa_include_head'])) { - + - + - + - + diff --git a/bbs/faq.php b/bbs/faq.php index eaa3b491a..381c7b2eb 100644 --- a/bbs/faq.php +++ b/bbs/faq.php @@ -84,8 +84,8 @@ if(is_file($skin_file)) { for ($i=0;$row=sql_fetch_array($result);$i++){ $faq_list[] = $row; if($stx) { - $faq_list[$i]['fa_subject'] = search_font($stx, $faq_list[$i]['fa_subject']); - $faq_list[$i]['fa_content'] = search_font($stx, $faq_list[$i]['fa_content']); + $faq_list[$i]['fa_subject'] = search_font($stx, conv_content($faq_list[$i]['fa_subject'], 1)); + $faq_list[$i]['fa_content'] = search_font($stx, conv_content($faq_list[$i]['fa_content'], 1)); } } include_once($skin_file); diff --git a/bbs/qahead.php b/bbs/qahead.php index 24cf0e564..387a51385 100644 --- a/bbs/qahead.php +++ b/bbs/qahead.php @@ -7,12 +7,12 @@ $qa_skin_url = (G5_IS_MOBILE ? G5_MOBILE_URL : G5_URL).'/'.G5_SKIN_DIR.'/qa/'.$q if (G5_IS_MOBILE) { // 모바일의 경우 설정을 따르지 않는다. include_once('./_head.php'); - echo stripslashes($qaconfig['qa_mobile_content_head']); + echo conv_content($qaconfig['qa_mobile_content_head'], 1); } else { if($qaconfig['qa_include_head']) @include ($qaconfig['qa_include_head']); else include ('./_head.php'); - echo stripslashes($qaconfig['qa_content_head']); + echo conv_content($qaconfig['qa_content_head'], 1); } ?> \ No newline at end of file diff --git a/bbs/qatail.php b/bbs/qatail.php index 3e5e6dead..b8b667307 100644 --- a/bbs/qatail.php +++ b/bbs/qatail.php @@ -2,11 +2,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 if (G5_IS_MOBILE) { - echo stripslashes($qaconfig['qa_mobile_content_tail']); + echo conv_content($qaconfig['qa_mobile_content_tail'], 1); // 모바일의 경우 설정을 따르지 않는다. include_once('./_tail.php'); } else { - echo stripslashes($qaconfig['qa_mobile_content_tail']); + echo conv_content($qaconfig['qa_mobile_content_tail'], 1); if($qaconfig['qa_include_tail']) @include ($qaconfig['qa_include_tail']); else diff --git a/mobile/skin/faq/basic/list.skin.php b/mobile/skin/faq/basic/list.skin.php index d823a9579..d64a533a1 100644 --- a/mobile/skin/faq/basic/list.skin.php +++ b/mobile/skin/faq/basic/list.skin.php @@ -8,7 +8,7 @@ add_stylesheet('', 0); '.stripslashes($fm['fm_mobile_head_html']).''; +echo '

'.conv_content($fm['fm_mobile_head_html'], 1).'
'; ?> '.stripslashes($fm['fm_tail_html']).''; +echo '
'.conv_content($fm['fm_tail_html'], 1).'
'; ?>
diff --git a/skin/faq/basic/list.skin.php b/skin/faq/basic/list.skin.php index bf26708de..5149fd1fe 100644 --- a/skin/faq/basic/list.skin.php +++ b/skin/faq/basic/list.skin.php @@ -14,7 +14,7 @@ if ($himg_src) echo '
'; // 상단 HTML -echo '
'.stripslashes($fm['fm_head_html']).'
'; +echo '
'.conv_content($fm['fm_head_html'], 1).'
'; ?> '.stripslashes($fm['fm_tail_html']).'
'; +echo '
'.conv_content($fm['fm_tail_html'], 1).'
'; if ($timg_src) echo '
';