firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

PHP81버전 대응 충돌수정

Browse Source
This commit is contained in:
thisgun
2022-06-13 14:32:14 +09:00
parent bdb1ab852d c5395a7f44
commit 9dd53a4efa
19 changed files with 170 additions and 3690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/login_check.php
View File

@ -64,6 +64,8 @@ run_event('login_session_before', $mb, $is_social_login);
set_session('ss_mb_id', $mb['mb_id']); set_session('ss_mb_id', $mb['mb_id']);
// FLASH XSS 공격에 대응하기 위하여 회원의 고유키를 생성해 놓는다. 관리자에서 검사함 - 110106 // FLASH XSS 공격에 대응하기 위하여 회원의 고유키를 생성해 놓는다. 관리자에서 검사함 - 110106
set_session('ss_mb_key', md5($mb['mb_datetime'] . get_real_client_ip() . $_SERVER['HTTP_USER_AGENT'])); set_session('ss_mb_key', md5($mb['mb_datetime'] . get_real_client_ip() . $_SERVER['HTTP_USER_AGENT']));
// 회원의 토큰키를 세션에 저장한다. /common.php 에서 해당 회원의 토큰값을 검사한다.
if(function_exists('update_auth_session_token')) update_auth_session_token($mb['mb_datetime']);
// 포인트 체크 // 포인트 체크
if($config['cf_use_point']) { if($config['cf_use_point']) {

4
bbs/register_form_update.php
View File

@ -304,8 +304,10 @@ if ($w == '') {
} }
// 메일인증 사용하지 않는 경우에만 로그인 // 메일인증 사용하지 않는 경우에만 로그인
if (!$config['cf_use_email_certify']) if (!$config['cf_use_email_certify']) {
set_session('ss_mb_id', $mb_id); set_session('ss_mb_id', $mb_id);
if(function_exists('update_auth_session_token')) update_auth_session_token(G5_TIME_YMDHIS);
}
set_session('ss_mb_reg', $mb_id); set_session('ss_mb_reg', $mb_id);

2
bbs/write_update.php
View File

@ -222,7 +222,7 @@ if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject']))
$wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id); $wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id);
$options = array($html,$secret,$mail); $options = array($html,$secret,$mail);
$wr_option = implode(',', array_filter($options, function($v) { return trim($v); })); $wr_option = implode(',', array_filter(array_map('trim', $options)));
if ($w == '' || $w == 'r') { if ($w == '' || $w == 'r') {

41
common.php
View File

@ -208,7 +208,8 @@ if (file_exists($dbconfig_file)) {
@ini_set("session.use_trans_sid", 0); // PHPSESSID를 자동으로 넘기지 않음 @ini_set("session.use_trans_sid", 0); // PHPSESSID를 자동으로 넘기지 않음
@ini_set("url_rewriter.tags",""); // 링크에 PHPSESSID가 따라다니는것을 무력화함 (해뜰녘님께서 알려주셨습니다.) @ini_set("url_rewriter.tags",""); // 링크에 PHPSESSID가 따라다니는것을 무력화함 (해뜰녘님께서 알려주셨습니다.)
session_save_path(G5_SESSION_PATH); // 세션파일 저장 디렉토리를 지정할 경우
// session_save_path(G5_SESSION_PATH);
if (isset($SESSION_CACHE_LIMITER)) if (isset($SESSION_CACHE_LIMITER))
@session_cache_limiter($SESSION_CACHE_LIMITER); @session_cache_limiter($SESSION_CACHE_LIMITER);
@ -232,8 +233,15 @@ function chrome_domain_session_name(){
'.maru.net', // 마루호스팅 '.maru.net', // 마루호스팅
); );
if(isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){ // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다. $add_str = '';
if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5PHPSESSID'); $document_root_path = str_replace('\\', '/', realpath($_SERVER['DOCUMENT_ROOT']));
if( G5_PATH !== $document_root_path ){
$add_str = substr_count(G5_PATH, '/').basename(dirname(__FILE__));
}
if($add_str || (isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])) ){ // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다.
if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5'.$add_str.'PHPSESSID');
@session_name(G5_SESSION_NAME); @session_name(G5_SESSION_NAME);
} }
} }
@ -243,8 +251,18 @@ chrome_domain_session_name();
if( ! class_exists('XenoPostToForm') ){ if( ! class_exists('XenoPostToForm') ){
class XenoPostToForm class XenoPostToForm
{ {
public static function g5_session_name(){
return (defined('G5_SESSION_NAME') && G5_SESSION_NAME) ? G5_SESSION_NAME : 'PHPSESSID';
}
public static function php52_request_check(){
$cookie_session_name = self::g5_session_name();
if (isset($_REQUEST[$cookie_session_name]) && $_REQUEST[$cookie_session_name] != session_id())
goto_url(G5_BBS_URL.'/logout.php');
}
public static function check() { public static function check() {
$cookie_session_name = (defined('G5_SESSION_NAME') && G5_SESSION_NAME) ? G5_SESSION_NAME : 'PHPSESSID'; $cookie_session_name = self::g5_session_name();
return !isset($_COOKIE[$cookie_session_name]) && count($_POST) && ((isset($_SERVER['HTTP_REFERER']) && !preg_match('~^https://'.preg_quote($_SERVER['HTTP_HOST'], '~').'/~', $_SERVER['HTTP_REFERER']) || ! isset($_SERVER['HTTP_REFERER']) )); return !isset($_COOKIE[$cookie_session_name]) && count($_POST) && ((isset($_SERVER['HTTP_REFERER']) && !preg_match('~^https://'.preg_quote($_SERVER['HTTP_HOST'], '~').'/~', $_SERVER['HTTP_REFERER']) || ! isset($_SERVER['HTTP_REFERER']) ));
} }
@ -351,8 +369,9 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)
$headers = headers_list(); $headers = headers_list();
krsort($headers); krsort($headers);
$cookie_session_name = method_exists('XenoPostToForm', 'g5_session_name') ? XenoPostToForm::g5_session_name() : 'PHPSESSID';
foreach ($headers as $header) { foreach ($headers as $header) {
if (!preg_match('~^Set-Cookie: PHPSESSID=~', $header)) continue; if (!preg_match('~^Set-Cookie: '.$cookie_session_name.'=~', $header)) continue;
$header = preg_replace('~; secure(; HttpOnly)?$~', '', $header) . '; secure; SameSite=None'; $header = preg_replace('~; secure(; HttpOnly)?$~', '', $header) . '; secure; SameSite=None';
header($header, false); header($header, false);
$g5['session_cookie_samesite'] = 'none'; $g5['session_cookie_samesite'] = 'none';
@ -375,9 +394,8 @@ define('G5_CAPTCHA_DIR', !empty($config['cf_captcha']) ? $config['cf_captcha'
define('G5_CAPTCHA_URL', G5_PLUGIN_URL.'/'.G5_CAPTCHA_DIR); define('G5_CAPTCHA_URL', G5_PLUGIN_URL.'/'.G5_CAPTCHA_DIR);
define('G5_CAPTCHA_PATH', G5_PLUGIN_PATH.'/'.G5_CAPTCHA_DIR); define('G5_CAPTCHA_PATH', G5_PLUGIN_PATH.'/'.G5_CAPTCHA_DIR);
// 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다. // 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다. php5.2 버전 이하에서만 해당되는 코드이며, 오히려 무한리다이렉트 오류가 일어날수 있으므로 주석처리합니다.
if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) // if( method_exists('XenoPostToForm', 'php52_request_check') ) XenoPostToForm::php52_request_check();
goto_url(G5_BBS_URL.'/logout.php');
// QUERY_STRING // QUERY_STRING
$qstr = ''; $qstr = '';
@ -497,8 +515,8 @@ if (isset($_REQUEST['gr_id'])) {
if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이라면 if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이라면
$member = get_member($_SESSION['ss_mb_id']); $member = get_member($_SESSION['ss_mb_id']);
// 차단된 회원이면 ss_mb_id 초기화 // 차단된 회원이면 ss_mb_id 초기화, 또는 세션에 저장된 회원 토큰값을 비교하여 틀리면 초기화
if($member['mb_intercept_date'] && $member['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) { if( ($member['mb_intercept_date'] && $member['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) || (function_exists('check_auth_session_token') && !check_auth_session_token($member['mb_datetime'])) ) {
set_session('ss_mb_id', ''); set_session('ss_mb_id', '');
$member = array(); $member = array();
} else { } else {
@ -521,7 +539,7 @@ if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이
$tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20); $tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
// 최고관리자는 자동로그인 금지 // 최고관리자는 자동로그인 금지
if (strtolower($tmp_mb_id) !== strtolower($config['cf_admin'])) { if (strtolower($tmp_mb_id) !== strtolower($config['cf_admin'])) {
$sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' "; $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify, mb_datetime from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if($row['mb_password']){ if($row['mb_password']){
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['SERVER_SOFTWARE'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']); $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['SERVER_SOFTWARE'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
@ -534,6 +552,7 @@ if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이
(!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) { (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) {
// 세션에 회원아이디를 저장하여 로그인으로 간주 // 세션에 회원아이디를 저장하여 로그인으로 간주
set_session('ss_mb_id', $tmp_mb_id); set_session('ss_mb_id', $tmp_mb_id);
if(function_exists('update_auth_session_token')) update_auth_session_token($row['mb_datetime']);
// 페이지를 재실행 // 페이지를 재실행
echo "<script type='text/javascript'> window.location.reload(); </script>"; echo "<script type='text/javascript'> window.location.reload(); </script>";

2
install/install_db.php
View File

@ -570,6 +570,7 @@ fwrite($f, "define('G5_MYSQL_PASSWORD', '".addcslashes($mysql_pass, "\\'")."');\
fwrite($f, "define('G5_MYSQL_DB', '".addcslashes($mysql_db, "\\'")."');\n"); fwrite($f, "define('G5_MYSQL_DB', '".addcslashes($mysql_db, "\\'")."');\n");
fwrite($f, "define('G5_MYSQL_SET_MODE', {$mysql_set_mode});\n\n"); fwrite($f, "define('G5_MYSQL_SET_MODE', {$mysql_set_mode});\n\n");
fwrite($f, "define('G5_TABLE_PREFIX', '{$table_prefix}');\n\n"); fwrite($f, "define('G5_TABLE_PREFIX', '{$table_prefix}');\n\n");
fwrite($f, "define('G5_TOKEN_ENCRYPTION_KEY', '".get_random_token_string(16)."'); // 토큰 암호화에 사용할 키\n\n");
fwrite($f, "\$g5['write_prefix'] = G5_TABLE_PREFIX.'write_'; // 게시판 테이블명 접두사\n\n"); fwrite($f, "\$g5['write_prefix'] = G5_TABLE_PREFIX.'write_'; // 게시판 테이블명 접두사\n\n");
fwrite($f, "\$g5['auth_table'] = G5_TABLE_PREFIX.'auth'; // 관리권한 설정 테이블\n"); fwrite($f, "\$g5['auth_table'] = G5_TABLE_PREFIX.'auth'; // 관리권한 설정 테이블\n");
fwrite($f, "\$g5['config_table'] = G5_TABLE_PREFIX.'config'; // 기본환경 설정 테이블\n"); fwrite($f, "\$g5['config_table'] = G5_TABLE_PREFIX.'config'; // 기본환경 설정 테이블\n");
@ -649,6 +650,7 @@ $str = <<<EOD
Order allow,deny Order allow,deny
Deny from all Deny from all
</FilesMatch> </FilesMatch>
RedirectMatch 403 /session/.*
EOD; EOD;
fwrite($f, $str); fwrite($f, $str);
fclose($f); fclose($f);

16
lib/Cache/obj.class.php
View File

@ -6,7 +6,7 @@ Class G5_object_cache {
public $contents = array(); public $contents = array();
public $etcs = array(); public $etcs = array();
function get($type, $key, $group ='default') { function get($type, $key, $group ='default') {
switch ($type) { switch ($type) {
case 'bbs': case 'bbs':
@ -28,10 +28,10 @@ Class G5_object_cache {
} }
return false; return false;
} }
function exists($type, $key, $group = 'default' ) {
function exists($type, $key, $group = 'default' ) {
$return_data = ''; $return_data = '';
switch ($type) { switch ($type) {
@ -47,9 +47,9 @@ Class G5_object_cache {
} }
return isset($datas[$group]) && ( isset($datas[$group][$key]) || array_key_exists($key, $datas[$group]) ); return isset($datas[$group]) && ( isset($datas[$group][$key]) || array_key_exists($key, $datas[$group]) );
} }
function set($type, $key, $data=array(), $group='default') { function set($type, $key, $data=array(), $group='default') {
if ( is_object( $data ) ) if ( is_object( $data ) )
$data = clone $data; $data = clone $data;
@ -65,10 +65,10 @@ Class G5_object_cache {
break; break;
} }
} }
function delete($key, $group='default') { function delete($key, $group='default') {
switch ($type) { switch ($key) {
case 'bbs': case 'bbs':
$datas = $this->writes; $datas = $this->writes;
break; break;

32
lib/common.lib.php
View File

@ -3924,6 +3924,38 @@ function is_include_path_check($path='', $is_input='')
return true; return true;
} }
function check_auth_session_token($str=''){
if (get_session('ss_mb_token_key') === get_token_encryption_key($str)) {
return true;
}
return false;
}
function update_auth_session_token($str=''){
set_session('ss_mb_token_key', get_token_encryption_key($str));
}
function get_token_encryption_key($str=''){
$token = G5_TABLE_PREFIX.(defined('G5_SHOP_TABLE_PREFIX') ? G5_SHOP_TABLE_PREFIX : '').(defined('G5_TOKEN_ENCRYPTION_KEY') ? G5_TOKEN_ENCRYPTION_KEY : '').$str;
return md5($token);
}
function get_random_token_string($length=6)
{
if(function_exists('random_bytes')){
return bin2hex(random_bytes($length));
}
$characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$characters_length = strlen($characters);
$output = '';
for ($i = 0; $i < $length; $i++)
$output .= $characters[rand(0, $characters_length - 1)];
return bin2hex($output);
}
function filter_input_include_path($path){ function filter_input_include_path($path){
return str_replace('//', '/', $path); return str_replace('//', '/', $path);
} }

61
plugin/PHPMailer/composer.json
View File

@ -1,61 +0,0 @@
{
"name": "phpmailer/phpmailer",
"type": "library",
"description": "PHPMailer is a full-featured email creation and transfer class for PHP",
"authors": [
{
"name": "Marcus Bointon",
"email": "phpmailer@synchromedia.co.uk"
},
{
"name": "Jim Jagielski",
"email": "jimjag@gmail.com"
},
{
"name": "Andy Prevost",
"email": "codeworxtech@users.sourceforge.net"
},
{
"name": "Brent R. Matzelle"
}
],
"require": {
"ext-ctype": "*",
"php": ">=5.0.0"
},
"require-dev": {
"doctrine/annotations": "1.2.*",
"jms/serializer": "0.16.*",
"phpdocumentor/phpdocumentor": "2.*",
"phpunit/phpunit": "4.8.*",
"symfony/debug": "2.8.*",
"symfony/filesystem": "2.8.*",
"symfony/translation": "2.8.*",
"symfony/yaml": "2.8.*",
"zendframework/zend-cache": "2.5.1",
"zendframework/zend-config": "2.5.1",
"zendframework/zend-eventmanager": "2.5.1",
"zendframework/zend-filter": "2.5.1",
"zendframework/zend-i18n": "2.5.1",
"zendframework/zend-json": "2.5.1",
"zendframework/zend-math": "2.5.1",
"zendframework/zend-serializer": "2.5.*",
"zendframework/zend-servicemanager": "2.5.*",
"zendframework/zend-stdlib": "2.5.1"
},
"suggest": {
"league/oauth2-google": "Needed for Google XOAUTH2 authentication"
},
"autoload": {
"classmap": [
"class.phpmailer.php",
"class.phpmaileroauth.php",
"class.phpmaileroauthgoogle.php",
"class.smtp.php",
"class.pop3.php",
"extras/EasyPeasyICS.php",
"extras/ntlm_sasl_client.php"
]
},
"license": "LGPL-2.1"
}

3593
plugin/PHPMailer/composer.lock generated
View File

File diff suppressed because it is too large Load Diff

12
plugin/kcaptcha/kcaptcha.lib.php
View File

@ -274,9 +274,15 @@ function chk_captcha()
return false; return false;
} }
if (!isset($_POST['captcha_key'])) return false; $post_captcha_key = (isset($_POST['captcha_key']) && $_POST['captcha_key']) ? trim($_POST['captcha_key']) : '';
if (!trim($_POST['captcha_key'])) return false; if (!trim($post_captcha_key)) return false;
if ($_POST['captcha_key'] != get_session('ss_captcha_key')) {
if( $post_captcha_key && function_exists('get_string_encrypt') ){
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$post_captcha_key = get_string_encrypt($ip.$post_captcha_key);
}
if ($post_captcha_key != get_session('ss_captcha_key')) {
$_SESSION['ss_captcha_count'] = $captcha_count + 1; $_SESSION['ss_captcha_count'] = $captcha_count + 1;
return false; return false;
} }

7
plugin/kcaptcha/kcaptcha_image.php
View File

@ -3,6 +3,11 @@ include_once("_common.php");
include_once('captcha.lib.php'); include_once('captcha.lib.php');
$captcha = new KCAPTCHA(); $captcha = new KCAPTCHA();
$captcha->setKeyString(get_session("ss_captcha_key")); $ss_captcha_key = get_session("ss_captcha_key");
if( $ss_captcha_key && !preg_match('/^[0-9]/', $ss_captcha_key) && function_exists('get_string_decrypt') ){
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$ss_captcha_key = str_replace($ip, '', get_string_decrypt($ss_captcha_key));
}
$captcha->setKeyString($ss_captcha_key);
$captcha->getKeyString(); $captcha->getKeyString();
$captcha->image(); $captcha->image();

8
plugin/kcaptcha/kcaptcha_mp3.php
View File

@ -8,6 +8,10 @@ function make_mp3()
$number = get_session("ss_captcha_key"); $number = get_session("ss_captcha_key");
if ($number == "") return; if ($number == "") return;
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
if( $number && function_exists('get_string_decrypt') ){
$number = str_replace($ip, '', get_string_decrypt($number));
}
if ($number == get_session("ss_captcha_save")) return; if ($number == get_session("ss_captcha_save")) return;
$mp3s = array(); $mp3s = array();
@ -16,7 +20,6 @@ function make_mp3()
$mp3s[] = $file; $mp3s[] = $file;
} }
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$mp3_file = 'cache/kcaptcha-'.$ip.'_'.G5_SERVER_TIME.'.mp3'; $mp3_file = 'cache/kcaptcha-'.$ip.'_'.G5_SERVER_TIME.'.mp3';
$contents = ''; $contents = '';
@ -35,6 +38,9 @@ function make_mp3()
} }
} }
if( $number && function_exists('get_string_encrypt') ){
$number = get_string_encrypt($ip.$number);
}
set_session("ss_captcha_save", $number); set_session("ss_captcha_save", $number);
return G5_DATA_URL.'/'.$mp3_file; return G5_DATA_URL.'/'.$mp3_file;

5
plugin/kcaptcha/kcaptcha_result.php
View File

@ -9,5 +9,10 @@ if ($count >= 5) { // 설정값 이상이면 자동등록방지 입력 문자가
echo false; echo false;
} else { } else {
set_session("ss_captcha_count", $count + 1); set_session("ss_captcha_count", $count + 1);
if( $captcha_key && function_exists('get_string_encrypt') ){
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$captcha_key = get_string_encrypt($ip.$captcha_key);
}
echo (get_session("ss_captcha_key") === $captcha_key) ? true : false; echo (get_session("ss_captcha_key") === $captcha_key) ? true : false;
} }

5
plugin/kcaptcha/kcaptcha_session.php
View File

@ -11,6 +11,11 @@ while(true){
if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) break; if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) break;
} }
if( $keystring && function_exists('get_string_encrypt') ){
$ip = md5(sha1($_SERVER['REMOTE_ADDR']));
$keystring = get_string_encrypt($ip.$keystring);
}
set_session("ss_captcha_count", 0); set_session("ss_captcha_count", 0);
set_session("ss_captcha_key", $keystring); set_session("ss_captcha_key", $keystring);
$captcha = new KCAPTCHA(); $captcha = new KCAPTCHA();

25
plugin/social/Hybrid/Storage.php
View File

@ -11,6 +11,7 @@ require_once realpath(dirname(__FILE__)) . "/StorageInterface.php";
* HybridAuth storage manager * HybridAuth storage manager
*/ */
class Hybrid_Storage implements Hybrid_Storage_Interface { class Hybrid_Storage implements Hybrid_Storage_Interface {
public static $stores = array();
/** /**
* Constructor * Constructor
@ -37,11 +38,21 @@ class Hybrid_Storage implements Hybrid_Storage_Interface {
$key = strtolower($key); $key = strtolower($key);
if ($value) { if ($value) {
$_SESSION["HA::CONFIG"][$key] = serialize($value); $serialize_value = function_exists('get_string_encrypt') ? get_string_encrypt(serialize($value)) : serialize($value);
if( in_array($key, array('php_session_id', 'config')) ){
$this->stores[$key] = $serialize_value;
} else {
$_SESSION["HA::CONFIG"][$key] = $serialize_value;
}
} elseif (isset($this->stores[$key])) {
$unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($this->stores[$key])) : unserialize($this->stores[$key]);
return $unserialize_value;
} elseif (isset($_SESSION["HA::CONFIG"][$key])) { } elseif (isset($_SESSION["HA::CONFIG"][$key])) {
return unserialize($_SESSION["HA::CONFIG"][$key]); $unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($_SESSION["HA::CONFIG"][$key])) : unserialize($_SESSION["HA::CONFIG"][$key]);
return $unserialize_value;
} }
return null; return null;
} }
@ -55,7 +66,8 @@ class Hybrid_Storage implements Hybrid_Storage_Interface {
$key = strtolower($key); $key = strtolower($key);
if (isset($_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key])) { if (isset($_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key])) {
return unserialize($_SESSION["HA::STORE"][$key]); $unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($_SESSION["HA::STORE"][$key])) : unserialize($_SESSION["HA::STORE"][$key]);
return $unserialize_value;
} }
return null; return null;
@ -70,7 +82,8 @@ class Hybrid_Storage implements Hybrid_Storage_Interface {
*/ */
public function set($key, $value) { public function set($key, $value) {
$key = strtolower($key); $key = strtolower($key);
$_SESSION["HA::STORE"][$key] = serialize($value); $serialize_value = function_exists('get_string_encrypt') ? get_string_encrypt(serialize($value)) : serialize($value);
$_SESSION["HA::STORE"][$key] = $serialize_value;
} }
/** /**
@ -138,4 +151,4 @@ class Hybrid_Storage implements Hybrid_Storage_Interface {
$_SESSION["HA::STORE"] = unserialize($sessiondata); $_SESSION["HA::STORE"] = unserialize($sessiondata);
} }
} }

8
plugin/social/includes/functions.php
View File

@ -391,7 +391,8 @@ function social_session_exists_check(){
} }
if( $provider_name && isset($_SESSION['HA::STORE']['hauth_session.'.strtolower($provider_name).'.is_logged_in']) && !empty($_SESSION['sl_userprofile'][$provider_name]) ){ if( $provider_name && isset($_SESSION['HA::STORE']['hauth_session.'.strtolower($provider_name).'.is_logged_in']) && !empty($_SESSION['sl_userprofile'][$provider_name]) ){
return json_decode($_SESSION['sl_userprofile'][$provider_name]); $decode_value = function_exists('get_string_decrypt') ? json_decode(get_string_decrypt($_SESSION['sl_userprofile'][$provider_name])) : json_decode($_SESSION['sl_userprofile'][$provider_name]);
return $decode_value;
} }
return false; return false;
@ -485,8 +486,9 @@ function social_check_login_before($p_service=''){
$_SESSION['sl_userprofile'] = array(); $_SESSION['sl_userprofile'] = array();
} }
if( ! $is_member ){ if( ! $is_member ){
$_SESSION['sl_userprofile'][$provider_name] = json_encode( $user_profile ); $encode_value = function_exists('get_string_encrypt') ? get_string_encrypt(json_encode($user_profile)) : json_encode($user_profile);
$_SESSION['sl_userprofile'][$provider_name] = $encode_value;
} }
} }

34
plugin/social/includes/g5_endpoint_class.php
View File

@ -3,6 +3,40 @@ if (!defined('_GNUBOARD_')) exit;
class G5_Hybrid_Endpoint extends Hybrid_Endpoint class G5_Hybrid_Endpoint extends Hybrid_Endpoint
{ {
protected function authInit() {
if (!$this->initDone) {
$this->initDone = true;
// Init Hybrid_Auth
try {
if (!class_exists("Hybrid_Storage", false)) {
require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Storage.php";
}
if (!class_exists("Hybrid_Exception", false)) {
require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Exception.php";
}
if (!class_exists("Hybrid_Logger", false)) {
require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Logger.php";
}
$storage = new Hybrid_Storage();
$provider_id = ucfirst(trim(strip_tags($this->request["hauth_start"])));
if(!$provider_id) $provider_id = ucfirst(trim(strip_tags($this->request["hauth_done"])));
$storage->config("CONFIG", social_build_provider_config($provider_id));
// Check if Hybrid_Auth session already exist
if (!$storage->config("CONFIG")) {
$this->dieError("CONFIG FAILED: ", "Unable to get config", array());
}
Hybrid_Auth::initialize($storage->config("CONFIG"));
} catch (Exception $e) {
Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage());
$this->dieError("Endpoint Error: ", $e->getMessage(), $e);
}
}
}
protected function processAuthStart(){ protected function processAuthStart(){
try { try {
parent::processAuthStart(); parent::processAuthStart();

1
plugin/social/register_member_update.php
View File

@ -226,6 +226,7 @@ if($result) {
//바로 로그인 처리 //바로 로그인 처리
set_session('ss_mb_id', $mb['mb_id']); set_session('ss_mb_id', $mb['mb_id']);
if(function_exists('update_auth_session_token')) update_auth_session_token(G5_TIME_YMDHIS);
} else { // 메일인증을 사용한다면 } else { // 메일인증을 사용한다면
$subject = '['.$config['cf_title'].'] 인증확인 메일입니다.'; $subject = '['.$config['cf_title'].'] 인증확인 메일입니다.';

2
version.php
View File

@ -2,7 +2,7 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
define('G5_VERSION', '그누보드5'); define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.5.7.2'); define('G5_GNUBOARD_VER', '5.5.7.5');
// 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617)
// G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함
// 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다. // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.