그누보드 5.0.32 수정내역 적용

2015-04-09 09:16:36 +09:00
parent a6a2183c7d
commit 9fd14cfc17
7 changed files with 30 additions and 16 deletions
--- a/adm/board_form.php
+++ b/adm/board_form.php
@ -1099,12 +1099,12 @@ $frm_submit .= '</div>';
                    <option value="wr_good desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_good desc, wr_num, wr_reply"); ?>>wr_good desc : 추천수 높은것 부터</option>
                    <option value="wr_nogood asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_nogood asc, wr_num, wr_reply"); ?>>wr_nogood asc : 비추천수 낮은것 부터</option>
                    <option value="wr_nogood desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_nogood desc, wr_num, wr_reply"); ?>>wr_nogood desc : 비추천수 높은것 부터</option>
-                    <option value="wr_subject asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject asc, wr_num, wr_reply"); ?>>wr_subject asc : 제목 내림차순</option>
-                    <option value="wr_subject desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject desc, wr_num, wr_reply"); ?>>wr_subject desc : 제목 오름차순</option>
-                    <option value="wr_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name asc, wr_num, wr_reply"); ?>>wr_name asc : 글쓴이 내림차순</option>
-                    <option value="wr_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name desc, wr_num, wr_reply"); ?>>wr_name desc : 글쓴이 오름차순</option>
-                    <option value="ca_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name asc, wr_num, wr_reply"); ?>>ca_name asc : 분류명 내림차순</option>
-                    <option value="ca_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name desc, wr_num, wr_reply"); ?>>ca_name desc : 분류명 오름차순</option>
+                    <option value="wr_subject asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject asc, wr_num, wr_reply"); ?>>wr_subject asc : 제목 오름차순</option>
+                    <option value="wr_subject desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject desc, wr_num, wr_reply"); ?>>wr_subject desc : 제목 내림차순</option>
+                    <option value="wr_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name asc, wr_num, wr_reply"); ?>>wr_name asc : 글쓴이 오름차순</option>
+                    <option value="wr_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name desc, wr_num, wr_reply"); ?>>wr_name desc : 글쓴이 내림차순</option>
+                    <option value="ca_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name asc, wr_num, wr_reply"); ?>>ca_name asc : 분류명 오름차순</option>
+                    <option value="ca_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name desc, wr_num, wr_reply"); ?>>ca_name desc : 분류명 내림차순</option>
                </select>
            </td>
            <td class="td_grpset">
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@ -67,7 +67,7 @@ if ($result)

    if ($result) //SMS 서버에 접속했습니다.
    {
-        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='{$write['wr_reply']}', wr_message='{$write['wr_message']}', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");
+        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='".addslashes($write['wr_reply'])."', wr_message='".addslashes($write['wr_message'])."', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");

        $wr_success = 0;
        $wr_failure = 0;
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@ -238,6 +238,8 @@ function sms5_chk_send(f)
        var hp_list = document.getElementById('hp_list');
        var wr_message = document.getElementById('wr_message');
        var hp_number = document.getElementById('hp_number');
+        var wr_reply = document.getElementById('wr_reply');
+        var wr_reply_regExp = /^[0-9\-]+$/;
        var list = '';

        if (!wr_message.value) {
@ -246,7 +248,12 @@ function sms5_chk_send(f)
            is_sms5_submitted = false;
            return false;
        }
-
+        if( !wr_reply_regExp.test(wr_reply.value) ){
+            alert('회신번호 형식이 잘못 되었습니다.');
+            wr_reply.focus();
+            is_sms5_submitted = false;
+            return false;
+        }
        if (hp_list.length < 1) {
            alert('받는 사람을 입력해주세요.');
            hp_number.focus();
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@ -6,10 +6,13 @@ auth_check($auth[$sub_menu], "w");

 $g5['title'] = "문자전송중";

-if (!trim($wr_reply))
-    win_close_alert('회신 번호를 입력해주세요.');
+$wr_reply   = preg_replace('#[^0-9\-]#', '', trim($wr_reply));
+$wr_message = clean_xss_tags(trim($wr_message));

-if (!trim($wr_message))
+if (!$wr_reply)
+    win_close_alert('회신 번호를 숫자, - 로 입력해주세요.');
+
+if (!$wr_message)
    win_close_alert('메세지를 입력해주세요.');

 if (!trim($send_list))
--- a/js/common.js
+++ b/js/common.js
@ -577,8 +577,8 @@ $(function(){
    });

    $("textarea#wr_content[maxlength]").live("keyup change", function() {
-        var str = $(this).val()
-        var mx = parseInt($(this).attr("maxlength"))
+        var str = $(this).val();
+        var mx = parseInt($(this).attr("maxlength"));
        if (str.length > mx) {
            $(this).val(str.substr(0, mx));
            return false;
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -1448,7 +1448,8 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
    // Blind SQL Injection 취약점 해결
    $sql = trim($sql);
    // union의 사용을 허락하지 않습니다.
-    $sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+    //$sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+    $sql = preg_replace("#^select.*from.*[\s\(]+union[\s\)]+.*#i ", "select 1", $sql);
    // `information_schema` DB로의 접근을 허락하지 않습니다.
    $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);

--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@ -15,10 +15,13 @@ if (!$is_member)
 if ($member['mb_level'] < $sms5['cf_level'])
    alert("회원 {$sms5['cf_level']}레벨 이상만 문자전송이 가능합니다.");

-if (!trim($mh_reply))
+$mh_reply   = preg_replace('#[^0-9\-]#', '', trim($mh_reply));
+$mh_message = clean_xss_tags(trim($mh_message));
+
+if (!$mh_reply)
    alert('보내는 번호를 입력해주세요.');

-if (!trim($mh_message))
+if (!$mh_message)
    alert('메세지를 입력해주세요.');

 if ($is_admin != 'super')