From c77a0013556f6073808825d9410de459d998bdcb Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 5 Jan 2021 14:12:04 +0900 Subject: [PATCH 1/3] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20<=20=EB=82=B4?= =?UTF-8?q?=EC=9A=A9=EA=B4=80=EB=A6=AC=20=EC=82=AD=EC=A0=9C=EA=B0=80=20?= =?UTF-8?q?=EC=95=88=EB=90=98=EB=8A=94=20=EC=98=A4=EB=A5=98=EC=88=98?= =?UTF-8?q?=EC=A0=95=20=EB=B0=8F=20PHP8=20=EA=B2=BD=EA=B3=A0=EB=A9=94?= =?UTF-8?q?=EC=8B=9C=EC=A7=80=20=EB=9C=A8=EB=8A=94=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/contentformupdate.php | 4 ++-- bbs/content.php | 27 ++++++++++++++------------- head.sub.php | 4 ++-- lib/common.lib.php | 2 ++ mobile/content.php | 24 ++++++++++++------------ theme/basic/head.sub.php | 4 ++-- 6 files changed, 34 insertions(+), 31 deletions(-) diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php index ac1be285d..1f55ce84e 100644 --- a/adm/contentformupdate.php +++ b/adm/contentformupdate.php @@ -14,13 +14,13 @@ check_admin_token(); if ($w == "" || $w == "u") { - if(isset($_POST['co_id']) && preg_match("/[^a-z0-9_]/i", $_POST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다."); + if(isset($_REQUEST['co_id']) && preg_match("/[^a-z0-9_]/i", $_REQUEST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다."); $sql = " select * from {$g5['content_table']} where co_id = '$co_id' "; $co_row = sql_fetch($sql); } -$co_id = isset($_POST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['co_id']) : ''; +$co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : ''; $co_subject = strip_tags(clean_xss_attributes($co_subject)); $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255)); $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255)); diff --git a/bbs/content.php b/bbs/content.php index d0a20c332..b74670150 100644 --- a/bbs/content.php +++ b/bbs/content.php @@ -2,6 +2,7 @@ include_once('./_common.php'); $co_id = isset($_GET['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_GET['co_id']) : 0; +$co_seo_title = isset($_GET['co_seo_title']) ? clean_xss_tags($_GET['co_seo_title'], 1, 1) : ''; //dbconfig파일에 $g5['content_table'] 배열변수가 있는지 체크 if( !isset($g5['content_table']) ){ @@ -25,7 +26,7 @@ if (G5_IS_MOBILE) { return; } -if (!$co['co_id']) +if (! (isset($co['co_id']) && $co['co_id'])) alert('등록된 내용이 없습니다.'); $g5['title'] = $co['co_subject']; @@ -45,29 +46,29 @@ $src[] = "/{{쇼핑몰명}}|{{홈페이지제목}}/"; $dst[] = $config['cf_title']; if(isset($default) && isset($default['de_admin_company_name'])){ $src[] = "/{{회사명}}|{{상호}}/"; - $dst[] = $default['de_admin_company_name']; + $dst[] = isset($default['de_admin_company_name']) ? $default['de_admin_company_name'] : ''; $src[] = "/{{대표자명}}/"; - $dst[] = $default['de_admin_company_owner']; + $dst[] = isset($default['de_admin_company_owner']) ? $default['de_admin_company_owner'] : ''; $src[] = "/{{사업자등록번호}}/"; - $dst[] = $default['de_admin_company_saupja_no']; + $dst[] = isset($default['de_admin_company_saupja_no']) ? $default['de_admin_company_saupja_no'] : ''; $src[] = "/{{대표전화번호}}/"; - $dst[] = $default['de_admin_company_tel']; + $dst[] = isset($default['de_admin_company_tel']) ? $default['de_admin_company_tel'] : ''; $src[] = "/{{팩스번호}}/"; - $dst[] = $default['de_admin_company_fax']; + $dst[] = isset($default['de_admin_company_fax']) ? $default['de_admin_company_fax'] : ''; $src[] = "/{{통신판매업신고번호}}/"; - $dst[] = $default['de_admin_company_tongsin_no']; + $dst[] = isset($default['de_admin_company_tongsin_no']) ? $default['de_admin_company_tongsin_no'] : ''; $src[] = "/{{사업장우편번호}}/"; - $dst[] = $default['de_admin_company_zip']; + $dst[] = isset($default['de_admin_company_zip']) ? $default['de_admin_company_zip'] : ''; $src[] = "/{{사업장주소}}/"; - $dst[] = $default['de_admin_company_addr']; + $dst[] = isset($default['de_admin_company_addr']) ? $default['de_admin_company_addr'] : ''; $src[] = "/{{운영자명}}|{{관리자명}}/"; - $dst[] = $default['de_admin_name']; + $dst[] = isset($default['de_admin_name']) ? $default['de_admin_name'] : ''; $src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i"; - $dst[] = $default['de_admin_email']; + $dst[] = isset($default['de_admin_email']) ? $default['de_admin_email'] : ''; $src[] = "/{{정보관리책임자명}}/"; - $dst[] = $default['de_admin_info_name']; + $dst[] = isset($default['de_admin_info_name']) ? $default['de_admin_info_name'] : ''; $src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i"; - $dst[] = $default['de_admin_info_email']; + $dst[] = isset($default['de_admin_info_email']) ? $default['de_admin_info_email'] : ''; } $str = preg_replace($src, $dst, $str); diff --git a/head.sub.php b/head.sub.php index 908754524..25b449fd5 100644 --- a/head.sub.php +++ b/head.sub.php @@ -15,8 +15,8 @@ if (!isset($g5['title'])) { $g5_head_title = $g5['title']; } else { - $g5_head_title = $g5['title']; // 상태바에 표시될 제목 - $g5_head_title .= " | ".$config['cf_title']; + // 상태바에 표시될 제목 + $g5_head_title = implode(' | ', array_filter(array('', $config['cf_title']))); } $g5['title'] = strip_tags($g5['title']); diff --git a/lib/common.lib.php b/lib/common.lib.php index 67321ecfd..6e5ac242a 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1644,6 +1644,8 @@ function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null) // 결과값에서 한행 연관배열(이름으로)로 얻는다. function sql_fetch_array($result) { + if( ! $result) return array(); + if(function_exists('mysqli_fetch_assoc') && G5_MYSQLI_USE) $row = @mysqli_fetch_assoc($result); else diff --git a/mobile/content.php b/mobile/content.php index 701ca3e60..21f7f0132 100644 --- a/mobile/content.php +++ b/mobile/content.php @@ -16,29 +16,29 @@ $src[] = "/{{쇼핑몰명}}|{{홈페이지제목}}/"; $dst[] = $config['cf_title']; if(isset($default) && isset($default['de_admin_company_name'])){ $src[] = "/{{회사명}}|{{상호}}/"; - $dst[] = $default['de_admin_company_name']; + $dst[] = isset($default['de_admin_company_name']) ? $default['de_admin_company_name'] : ''; $src[] = "/{{대표자명}}/"; - $dst[] = $default['de_admin_company_owner']; + $dst[] = isset($default['de_admin_company_owner']) ? $default['de_admin_company_owner'] : ''; $src[] = "/{{사업자등록번호}}/"; - $dst[] = $default['de_admin_company_saupja_no']; + $dst[] = isset($default['de_admin_company_saupja_no']) ? $default['de_admin_company_saupja_no'] : ''; $src[] = "/{{대표전화번호}}/"; - $dst[] = $default['de_admin_company_tel']; + $dst[] = isset($default['de_admin_company_tel']) ? $default['de_admin_company_tel'] : ''; $src[] = "/{{팩스번호}}/"; - $dst[] = $default['de_admin_company_fax']; + $dst[] = isset($default['de_admin_company_fax']) ? $default['de_admin_company_fax'] : ''; $src[] = "/{{통신판매업신고번호}}/"; - $dst[] = $default['de_admin_company_tongsin_no']; + $dst[] = isset($default['de_admin_company_tongsin_no']) ? $default['de_admin_company_tongsin_no'] : ''; $src[] = "/{{사업장우편번호}}/"; - $dst[] = $default['de_admin_company_zip']; + $dst[] = isset($default['de_admin_company_zip']) ? $default['de_admin_company_zip'] : ''; $src[] = "/{{사업장주소}}/"; - $dst[] = $default['de_admin_company_addr']; + $dst[] = isset($default['de_admin_company_addr']) ? $default['de_admin_company_addr'] : ''; $src[] = "/{{운영자명}}|{{관리자명}}/"; - $dst[] = $default['de_admin_name']; + $dst[] = isset($default['de_admin_name']) ? $default['de_admin_name'] : ''; $src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i"; - $dst[] = $default['de_admin_email']; + $dst[] = isset($default['de_admin_email']) ? $default['de_admin_email'] : ''; $src[] = "/{{정보관리책임자명}}/"; - $dst[] = $default['de_admin_info_name']; + $dst[] = isset($default['de_admin_info_name']) ? $default['de_admin_info_name'] : ''; $src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i"; - $dst[] = $default['de_admin_info_email']; + $dst[] = isset($default['de_admin_info_email']) ? $default['de_admin_info_email'] : ''; } $str = preg_replace($src, $dst, $str); diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php index e020fff3b..27b45fc86 100644 --- a/theme/basic/head.sub.php +++ b/theme/basic/head.sub.php @@ -9,8 +9,8 @@ if (!isset($g5['title'])) { $g5_head_title = $g5['title']; } else { - $g5_head_title = $g5['title']; // 상태바에 표시될 제목 - $g5_head_title .= " | ".$config['cf_title']; + // 상태바에 표시될 제목 + $g5_head_title = implode(' | ', array_filter(array($g5['title'], $config['cf_title']))); } $g5['title'] = strip_tags($g5['title']); From 12c836104ab0e22f5526e0258953134b33c23e5d Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 5 Jan 2021 14:13:05 +0900 Subject: [PATCH 2/3] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.4.1=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 32a137600..70f972f65 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.4'); +define('G5_GNUBOARD_VER', '5.4.4.1'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); From 6368a5b638ac9856df12078348b37db9449ac70d Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 5 Jan 2021 15:37:00 +0900 Subject: [PATCH 3/3] =?UTF-8?q?PHP8=20=EB=B2=84=EC=A0=84=EC=97=90=EC=84=9C?= =?UTF-8?q?=20=EA=B2=BD=EA=B3=A0=EB=AC=B8=EC=9D=B4=20=EB=82=98=EC=98=A4?= =?UTF-8?q?=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/contentformupdate.php | 17 ++++++++++++----- extend/debugbar.extend.php | 2 +- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php index 1f55ce84e..0c7f75e57 100644 --- a/adm/contentformupdate.php +++ b/adm/contentformupdate.php @@ -12,6 +12,8 @@ else check_admin_token(); +$co_row = array('co_id'=>'', 'co_include_head'=>'', 'co_include_tail'=>''); + if ($w == "" || $w == "u") { if(isset($_REQUEST['co_id']) && preg_match("/[^a-z0-9_]/i", $_REQUEST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다."); @@ -21,15 +23,20 @@ if ($w == "" || $w == "u") } $co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : ''; -$co_subject = strip_tags(clean_xss_attributes($co_subject)); -$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255)); -$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255)); +$co_subject = isset($_POST['co_subject']) ? strip_tags(clean_xss_attributes($_POST['co_subject'])) : ''; +$co_include_head = isset($_POST['co_include_head']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['co_include_head'], 0, 255)) : ''; +$co_include_tail = isset($_POST['co_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['co_include_tail'], 0, 255)) : ''; $co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1; $co_himg_del = (isset($_POST['co_himg_del']) && $_POST['co_himg_del']) ? 1 : 0; $co_timg_del = (isset($_POST['co_timg_del']) && $_POST['co_timg_del']) ? 1 : 0; +$co_html = isset($_POST['co_html']) ? (int) $_POST['co_html'] : 0; +$co_content = isset($_POST['co_content']) ? $_POST['co_content'] : ''; +$co_mobile_content = isset($_POST['co_mobile_content']) ? $_POST['co_mobile_content'] : ''; +$co_skin = isset($_POST['co_skin']) ? clean_xss_tags($_POST['co_skin'], 1, 1) : ''; +$co_mobile_skin = isset($_POST['co_mobile_skin']) ? clean_xss_tags($_POST['co_mobile_skin'], 1, 1) : ''; // 관리자가 자동등록방지를 사용해야 할 경우 -if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ +if ((( isset($co_row['co_include_head']) && $co_row['co_include_head'] !== $co_include_head ) || ( isset($co_row['co_include_tail']) && $co_row['co_include_tail'] !== $co_include_tail )) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); if (!chk_captcha()) { @@ -94,7 +101,7 @@ $sql_common = " co_include_head = '$co_include_head', if ($w == "") { $row = $co_row; - if ($row['co_id']) + if (isset($row['co_id']) && $row['co_id']) alert("이미 같은 ID로 등록된 내용이 있습니다."); $sql = " insert {$g5['content_table']} diff --git a/extend/debugbar.extend.php b/extend/debugbar.extend.php index 2d49596ed..e1a51637a 100644 --- a/extend/debugbar.extend.php +++ b/extend/debugbar.extend.php @@ -14,7 +14,7 @@ function show_debug_bar() { } $memory_usage = function_exists( 'memory_get_peak_usage' ) ? memory_get_peak_usage() : memory_get_usage(); - $php_run_time = get_microtime()-$g5_debug['php']['begin_time']; + $php_run_time = (isset($g5_debug['php']) && isset($g5_debug['php']['begin_time'])) ? ( get_microtime() - $g5_debug['php']['begin_time'] ) : 0; include_once( G5_PLUGIN_PATH.'/debugbar/debugbar.php' ); } \ No newline at end of file