From b65315fccaeaeeb3725a2c4e914c67d82bb61f2d Mon Sep 17 00:00:00 2001
From: gnuboard <kagla@naver.com>
Date: Wed, 26 Dec 2012 11:53:02 +0900
Subject: [PATCH 1/2] =?UTF-8?q?notice=20=EC=98=A4=EB=A5=98=20=ED=95=B4?=
 =?UTF-8?q?=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php                        | 41 ++++++++++++++-----------------
 head.php                          |  4 +--
 head.sub.php                      |  4 +--
 lib/common.lib.php                | 19 ++++++++++----
 lib/outlogin.lib.php              | 14 +++++++----
 skin/connect/neo/connect.skin.php |  2 +-
 skin/latest/neo/latest.skin.php   | 10 ++++----
 skin/poll/neo/poll.skin.php       |  2 +-
 skin/popular/neo/popular.skin.php |  2 +-
 test.php                          |  7 ++++--
 10 files changed, 59 insertions(+), 46 deletions(-)

diff --git a/common.php b/common.php
index 203690d96..9d51ba0c9 100644
--- a/common.php
+++ b/common.php
@@ -2,8 +2,8 @@
 /*******************************************************************************
 ** 공통 변수, 상수, 코드
 *******************************************************************************/
-//error_reporting(E_ALL);
-error_reporting(E_ALL ^ E_NOTICE);
+error_reporting(E_ALL);
+//error_reporting(E_ALL ^ E_NOTICE);
 
 // 보안설정이나 프레임이 달라도 쿠키가 통하도록 설정
 header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"');
@@ -92,11 +92,11 @@ if( !get_magic_quotes_gpc() )
 	}
 }
 
-if ($_GET['g4_path'] || $_POST['g4_path'] || $_COOKIE['g4_path']) {
+if (isset($_GET['g4_path']) || isset($_POST['g4_path']) || isset($_COOKIE['g4_path'])) {
     unset($_GET['g4_path']);
     unset($_POST['g4_path']);
     unset($_COOKIE['g4_path']);
-    unset($g4_path);
+    if (isset($g4_path)) unset($g4_path);
 }
 
 
@@ -311,7 +311,7 @@ if (strpos($_SERVER[PHP_SELF], $g4['admin']) === false)
 */
 
 // 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다.
-if ($_REQUEST['PHPSESSID'] && $_REQUEST['PHPSESSID'] != session_id())
+if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id())
     goto_url($g4['bbs_path'].'/logout.php');
 
 // QUERY_STRING
@@ -361,11 +361,11 @@ if (isset($page)) { // 리스트 페이지
     $qstr .= '&amp;page=' . urlencode($page);
 }
 
-if ($wr_id) {
+if (isset($wr_id)) {
     $wr_id = (int)$wr_id;
 }
 
-if ($bo_table) {
+if (isset($bo_table)) {
     $bo_table = preg_match("/^[a-zA-Z0-9_]+$/", $bo_table) ? $bo_table : '';
 }
 
@@ -382,7 +382,7 @@ else {
 
 
 // 자동로그인 부분에서 첫로그인에 포인트 부여하던것을 로그인중일때로 변경하면서 코드도 대폭 수정하였습니다.
-if ($_SESSION['ss_mb_id']) // 로그인중이라면
+if (array_key_exists('ss_mb_id', $_SESSION)) // 로그인중이라면
 {
     $member = get_member($_SESSION['ss_mb_id']);
 
@@ -440,11 +440,18 @@ else
 if (!get_cookie('ck_first_call'))     set_cookie('ck_first_call', $g4['server_time'], 86400 * 365);
 if (!get_cookie('ck_first_referer'))  set_cookie('ck_first_referer', $_SERVER['HTTP_REFERER'], 86400 * 365);
 
-// 회원이 아니라면 권한을 방문객 권한으로 함
-if (!($member['mb_id']))
-    $member['mb_level'] = 1;
-else
+// 회원, 비회원 구분
+$is_member = $is_guest = false;
+$is_admin = "";
+if (array_key_exists('mb_id', $member)) {
+    $is_member = true;
+    $is_admin = is_admin($member['mb_id']);
     $member['mb_dir'] = substr($member['mb_id'],0,2);
+} else {
+    $is_guest = true;
+    $member['mb_id'] = "";
+    $member['mb_level'] = 1; // 비회원의 경우 회원레벨을 가장 낮게 설정
+}
 
 //$member['mb_level_title'] = $g4['member_level'][$member['mb_level']]; // 권한명
 
@@ -463,16 +470,6 @@ if (isset($bo_table)) {
 if (isset($gr_id))
     $group = sql_fetch(" select * from {$g4['group_table']} where gr_id = '$gr_id' ");
 
-
-// 회원, 비회원 구분
-$is_member = $is_guest = false;
-if ($member['mb_id'])
-    $is_member = true;
-else
-    $is_guest = true;
-
-
-$is_admin = is_admin($member['mb_id']);
 if ($is_admin != 'super') {
     // 접근가능 IP
     $cf_possible_ip = trim($config['cf_possible_ip']);
diff --git a/head.php b/head.php
index 29382a114..9388c339b 100644
--- a/head.php
+++ b/head.php
@@ -18,7 +18,7 @@ include_once($g4['path'].'/lib/popular.lib.php');
     <div id="logo"><a href="<?=$g4['path']?>/">초기화면</a></div>
 
     <ul>
-        <? if ($member['mb_id']) { ?>
+        <? if ($is_member) { ?>
         <li><a href="<?=$g4['bbs_path']?>/logout.php">로그아웃</a></li>
         <li><a href="<?=$g4['bbs_path']?>/member_confirm.php?url=register_form.php">정보수정</a></li>
         <? if ($is_admin) { ?><li><a href="<?=$g4['path']?>/adm">관리자</a></li><? } ?>
@@ -39,7 +39,7 @@ include_once($g4['path'].'/lib/popular.lib.php');
         <input type="submit" value="검색">
     </fieldset>
     </form>
-    <? if (!$bo_table) {?><h1><?=$g4['title']?></h1><? } ?>
+    <? if (!isset($bo_table)) {?><h1><?=$g4['title']?></h1><? } ?>
 </header>
 
 <div>
diff --git a/head.sub.php b/head.sub.php
index 5f475a931..622de5b26 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -8,7 +8,7 @@ if (!$g4['title'])
     $g4['title'] = $config['cf_title'];
 
 // 쪽지를 받았나?
-if ($member['mb_memo_call']) {
+if (isset($member['mb_memo_call']) && $member['mb_memo_call']) {
     $mb = get_member($member['mb_memo_call'], "mb_nick");
     sql_query(" update {$g4['member_table']} set mb_memo_call = '' where mb_id = '{$member['mb_id']}' ");
 
@@ -48,7 +48,7 @@ header("Pragma: no-cache"); // HTTP/1.0
 <head>
 <meta charset="<?=$g4['charset']?>">
 <title><?=$g4['title']?></title>
-<? if ($administrator) { ?>
+<? if (isset($administrator)) { ?>
 <link rel="stylesheet" href="<?=$g4['path']?>/css/adm.css?=<?=date("md")?>">
 <? } else { ?>
 <link rel="stylesheet" href="<?=$g4['path']?>/css/def.css?=<?=date("md")?>">
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 50cc5e083..84f655d95 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -100,7 +100,11 @@ function set_cookie($cookie_name, $value, $expire)
 // 쿠키변수값 얻음
 function get_cookie($cookie_name)
 {
-    return base64_decode($_COOKIE[md5($cookie_name)]);
+    $cookie = md5($cookie_name);
+    if (array_key_exists($cookie, $_COOKIE)) 
+        return base64_decode($_COOKIE[md5($cookie_name)]);
+    else 
+        return "";
 }
 
 
@@ -1000,10 +1004,15 @@ function cut_str($str, $len, $suffix="…")
     global $g4;
 
     if (strtoupper($g4['charset']) == 'UTF-8') {
-        $c = substr(str_pad(decbin(ord($str{$len})),8,'0',STR_PAD_LEFT),0,2);
-        if ($c == '10')
-            for (;$c != '11' && $c{0} == 1;$c = substr(str_pad(decbin(ord($str{--$len})),8,'0',STR_PAD_LEFT),0,2));
-        return substr($str,0,$len) . (strlen($str)-strlen($suffix) >= $len ? $suffix : '');
+        if (strlen($str) >= $len) {
+            //echo $str,', ',strlen($str),', ',$len;
+            $c = substr(str_pad(decbin(ord($str[$len-1])),8,'0',STR_PAD_LEFT),0,2);
+            if ($c == '10')
+                for (;$c != '11' && $c{0} == 1;$c = substr(str_pad(decbin(ord($str{--$len})),8,'0',STR_PAD_LEFT),0,2));
+            return substr($str,0,$len) . (strlen($str)-strlen($suffix) >= $len ? $suffix : '');
+        } else {
+            return $str;
+        }
     } else {
         $s = substr($str, 0, $len);
         $cnt = 0;
diff --git a/lib/outlogin.lib.php b/lib/outlogin.lib.php
index 6b2659e47..9fd969a1e 100644
--- a/lib/outlogin.lib.php
+++ b/lib/outlogin.lib.php
@@ -4,15 +4,19 @@ if (!defined('_GNUBOARD_')) exit;
 // 외부로그인
 function outlogin($skin_dir='basic')
 {
-    global $config, $member, $g4, $urlencode, $is_admin;
+    global $config, $member, $g4, $urlencode, $is_admin, $is_member;
 
-    $nick  = cut_str($member['mb_nick'], $config['cf_cut_name']);
-    $point = number_format($member['mb_point']);
+    if (array_key_exists('mb_nick', $member)) {
+        $nick  = cut_str($member['mb_nick'], $config['cf_cut_name']);
+    }
+    if (array_key_exists('mb_point', $member)) {
+        $point = number_format($member['mb_point']);
+    }
 
     $outlogin_skin_path = $g4['path'].'/skin/outlogin/'.$skin_dir;
 
     // 읽지 않은 쪽지가 있다면
-    if ($member['mb_id']) {
+    if ($is_member) {
         $sql = " select count(*) as cnt from {$g4['memo_table']} where me_recv_mb_id = '{$member['mb_id']}' and me_read_datetime = '0000-00-00 00:00:00' ";
         $row = sql_fetch($sql);
         $memo_not_read = $row['cnt'];
@@ -25,7 +29,7 @@ function outlogin($skin_dir='basic')
     }
 
     ob_start();
-    if ($member['mb_id'])
+    if ($is_member)
         include_once ($outlogin_skin_path.'/outlogin.skin.2.php');
     else // 로그인 전이라면
         include_once ($outlogin_skin_path.'/outlogin.skin.1.php');
diff --git a/skin/connect/neo/connect.skin.php b/skin/connect/neo/connect.skin.php
index f6a64e2f4..69bce0453 100644
--- a/skin/connect/neo/connect.skin.php
+++ b/skin/connect/neo/connect.skin.php
@@ -2,4 +2,4 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 ?>
 
-<div><a href="<?=$g4['bbs_path']?>/current_connect.php">현재접속자 <?=$row[total_cnt]?> 중 회원 <?=$row[mb_cnt]?></a></div>
+<div><a href="<?=$g4['bbs_path']?>/current_connect.php">현재접속자 <?=$row['total_cnt']?> 중 회원 <?=$row['mb_cnt']?></a></div>
diff --git a/skin/latest/neo/latest.skin.php b/skin/latest/neo/latest.skin.php
index cd00c59a0..0a2a37de4 100644
--- a/skin/latest/neo/latest.skin.php
+++ b/skin/latest/neo/latest.skin.php
@@ -22,11 +22,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
             // if ($list[$i]['link']['count']) { echo "[{$list[$i]['link']['count']}]"; }
             // if ($list[$i]['file']['count']) { echo "<{$list[$i]['file']['count']}>"; }
 
-            echo " " . $list[$i]['icon_new'];
-            echo " " . $list[$i]['icon_file'];
-            echo " " . $list[$i]['icon_link'];
-            echo " " . $list[$i]['icon_hot'];
-            echo " " . $list[$i]['icon_secret'];
+            if (isset($list[$i]['icon_new']))    echo " " . $list[$i]['icon_new'];
+            if (isset($list[$i]['icon_file']))   echo " " . $list[$i]['icon_file'];
+            if (isset($list[$i]['icon_link']))   echo " " . $list[$i]['icon_link'];
+            if (isset($list[$i]['icon_hot']))    echo " " . $list[$i]['icon_hot'];
+            if (isset($list[$i]['icon_secret'])) echo " " . $list[$i]['icon_secret'];
             ?>
         </li>
     <? } ?>
diff --git a/skin/poll/neo/poll.skin.php b/skin/poll/neo/poll.skin.php
index a95518f95..fb3fd3f1e 100644
--- a/skin/poll/neo/poll.skin.php
+++ b/skin/poll/neo/poll.skin.php
@@ -19,7 +19,7 @@ $po = sql_fetch(" select * from $g4[poll_table] where po_id = '$po_id' ");
 <input type="hidden" name="po_id" value="<?=$po_id?>">
 <input type="hidden" name="skin_dir" value="<?=$skin_dir?>">
 <? if ($is_admin == "super") { ?><a href="<?=$g4[admin_path]?>/poll_form.php?w=u&amp;po_id=<?=$po_id?>">설문조사 관리</a><? } ?>
-<?=$po[po_subject]?>
+<?=$po['po_subject']?>
 <ul>
 <? for ($i=1; $i<=9 && $po["po_poll{$i}"]; $i++) { ?>
     <li><input type="radio" name="gb_poll" value="<?=$i?>" id='gb_poll_<?=$i?>'> <label for='gb_poll_<?=$i?>'><?=$po['po_poll'.$i]?></label></li>
diff --git a/skin/popular/neo/popular.skin.php b/skin/popular/neo/popular.skin.php
index 9dbce75f5..2a4659364 100644
--- a/skin/popular/neo/popular.skin.php
+++ b/skin/popular/neo/popular.skin.php
@@ -6,7 +6,7 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
     <h2>사이트 인기검색어</h2>
     <ul>
     <? for ($i=0; $i<count($list); $i++) { ?>
-        <li><a href="<?=$g4[bbs_path]?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?=urlencode($list[$i][pp_word])?>"><?=$list[$i][pp_word]?></a></li>
+        <li><a href="<?=$g4['bbs_path']?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?=urlencode($list[$i]['pp_word'])?>"><?=$list[$i]['pp_word']?></a></li>
     <? } ?>
     </ul>
 </section>
\ No newline at end of file
diff --git a/test.php b/test.php
index 7eaed444f..45b43c3e6 100644
--- a/test.php
+++ b/test.php
@@ -1,2 +1,5 @@
-<table>
-<thead>
+<?
+$str = "xx";
+$len = 2;
+echo ord($str{$len});
+?>
\ No newline at end of file

From e5c04a60b8f5ac95f384b7b36e880139842071b2 Mon Sep 17 00:00:00 2001
From: gnuboard <kagla@naver.com>
Date: Wed, 26 Dec 2012 12:47:01 +0900
Subject: [PATCH 2/2] =?UTF-8?q?notice=20=EC=98=A4=EB=A5=98=20=ED=95=B4?=
 =?UTF-8?q?=EA=B2=B0=EC=A4=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.head.php                    |  3 ++-
 skin/outlogin/neo/outlogin.skin.1.php |  6 +++---
 skin/poll/neo/poll.skin.php           | 10 +++++-----
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/adm/admin.head.php b/adm/admin.head.php
index f4fd2c10b..1d80efd0c 100644
--- a/adm/admin.head.php
+++ b/adm/admin.head.php
@@ -99,7 +99,8 @@ function textarea_size(fld, size)
                 $href1 = '<a href="'.$menu['menu'.$key][0][2].'">';
                 $href2 = '</a>';
             }
-            if (substr($sub_menu, 0, 2) == substr($menu['menu'.$key][0][0], 0, 2) || $index)
+            $current_class = "";
+            if (isset($sub_menu) && (substr($sub_menu, 0, 2) == substr($menu['menu'.$key][0][0], 0, 2) || $index))
                 $current_class = " gnb_1depth_on";
             echo "<li class=\"gnb_1depth".$current_class."\">";
             echo $href1 . $menu['menu'.$key][0][1] . $href2;
diff --git a/skin/outlogin/neo/outlogin.skin.1.php b/skin/outlogin/neo/outlogin.skin.1.php
index 032ffae82..67f25db35 100644
--- a/skin/outlogin/neo/outlogin.skin.1.php
+++ b/skin/outlogin/neo/outlogin.skin.1.php
@@ -33,12 +33,12 @@ else {
     <label for="mb_id">아이디</label>
     <input type="text" id="mb_id" name="mb_id" maxlength="20" required>
     <label for="mb_password">패스워드</label>
-    <input type="password" id="mb_password" name="mb_password" maxlength="20" onKeyPress="check_capslock(event, 'outlogin_mb_password');">
+    <input type="password" id="mb_password" name="mb_password" maxlength="20">
     <input type="checkbox" id="auto_login" name="auto_login" value="1" onclick="if (this.checked) { if (confirm('자동로그인을 사용하시면 다음부터 회원아이디와 패스워드를 입력하실 필요가 없습니다.\n\n\공공장소에서는 개인정보가 유출될 수 있으니 사용을 자제하여 주십시오.\n\n자동로그인을 사용하시겠습니까?')) { this.checked = true; } else { this.checked = false; } }">
     <label for="auto_login">자동로그인</label>
     <input type="submit" value="로그인">
     <a href="javascript:win_password_lost();">아이디/패스워드 찾기</a>
-    <a href="<?=$g4[bbs_path]?>/register.php">회원가입</a>
+    <a href="<?=$g4['bbs_path']?>/register.php">회원가입</a>
 </fieldset>
 </form>
 
@@ -59,7 +59,7 @@ function fhead_submit(f)
     }
 
     <?
-    if ($g4[https_url])
+    if ($g4['https_url'])
         echo "f.action = '$g4[https_url]/$g4[bbs]/login_check.php';";
     else
         echo "f.action = '$g4[bbs_path]/login_check.php';";
diff --git a/skin/poll/neo/poll.skin.php b/skin/poll/neo/poll.skin.php
index fb3fd3f1e..d9562479f 100644
--- a/skin/poll/neo/poll.skin.php
+++ b/skin/poll/neo/poll.skin.php
@@ -41,8 +41,8 @@ function fpoll_submit(f)
     }
 
     <?
-    if ($member[mb_level] < $po[po_level])
-        echo " alert('권한 <?=$po[po_level]?> 이상의 회원만 투표에 참여하실 수 있습니다.'); return false; ";
+    if ($member['mb_level'] < $po['po_level'])
+        echo " alert('권한 {$po['po_level']} 이상의 회원만 투표에 참여하실 수 있습니다.'); return false; ";
     ?>
 
     if (!chk) {
@@ -57,11 +57,11 @@ function fpoll_submit(f)
 function poll_result(po_id)
 {
     <?
-    if ($member[mb_level] < $po[po_level])
-        echo " alert('권한 <?=$po[po_level]?> 이상의 회원만 결과를 보실 수 있습니다.'); return false; ";
+    if ($member['mb_level'] < $po['po_level'])
+        echo " alert('권한 {$po['po_level']} 이상의 회원만 결과를 보실 수 있습니다.'); return false; ";
     ?>
 
-    win_poll("<?=$g4[bbs_path]?>/poll_result.php?po_id="+po_id+"&amp;skin_dir="+document.fpoll.skin_dir.value);
+    win_poll("<?=$g4['bbs_path']?>/poll_result.php?po_id="+po_id+"&amp;skin_dir="+document.fpoll.skin_dir.value);
 }
 </script>
 </section>
\ No newline at end of file