From a52858fc6d91e3fed92323fc94b21dab24c043d0 Mon Sep 17 00:00:00 2001 From: chicpro Date: Mon, 20 Jul 2015 11:40:09 +0900 Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90,=20=EC=83=88?= =?UTF-8?q?=20=EC=9A=B0=ED=8E=B8=EB=B2=88=ED=98=B8,=20=EA=B8=B0=ED=83=80?= =?UTF-8?q?=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/member_form.php | 8 +++----- adm/member_form_update.php | 7 +++++-- bbs/alert.php | 3 ++- bbs/confirm.php | 4 ++++ bbs/move.php | 2 +- bbs/new.php | 2 ++ bbs/newwin.inc.php | 7 ++----- bbs/register_email.php | 13 +++++++------ bbs/register_email_update.php | 2 +- bbs/register_form.php | 3 +++ bbs/register_form_update.php | 4 ++-- bbs/search.php | 2 +- css/default.css | 6 +++++- css/mobile.css | 8 +++++++- js/common.js | 11 +++++------ lib/common.lib.php | 7 ++++++- mobile/newwin.inc.php | 7 ++----- mobile/skin/board/basic/view.skin.php | 4 ++-- mobile/skin/board/gallery/list.skin.php | 2 +- mobile/skin/board/gallery/view.skin.php | 4 ++-- mobile/skin/member/basic/register_form.skin.php | 9 +++------ skin/board/basic/view.skin.php | 4 ++-- skin/board/gallery/view.skin.php | 4 ++-- skin/member/basic/register_form.skin.php | 9 +++------ skin/new/basic/new.skin.php | 1 - 25 files changed, 73 insertions(+), 60 deletions(-) diff --git a/adm/member_form.php b/adm/member_form.php index e47771fcd..ddcdfbe47 100644 --- a/adm/member_form.php +++ b/adm/member_form.php @@ -214,11 +214,9 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js - - - - - -
+ + +

diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 333b18728..310e5e8d1 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -29,6 +29,9 @@ if($_POST['mb_certify_case'] && $_POST['mb_certify']) { $mb_adult = 0; } +$mb_zip1 = substr($_POST['mb_zip'], 0, 3); +$mb_zip2 = substr($_POST['mb_zip'], 3); + $sql_common = " mb_name = '{$_POST['mb_name']}', mb_nick = '{$_POST['mb_nick']}', mb_email = '{$_POST['mb_email']}', @@ -37,8 +40,8 @@ $sql_common = " mb_name = '{$_POST['mb_name']}', mb_hp = '{$mb_hp}', mb_certify = '{$mb_certify}', mb_adult = '{$mb_adult}', - mb_zip1 = '{$_POST['mb_zip1']}', - mb_zip2 = '{$_POST['mb_zip2']}', + mb_zip1 = '$mb_zip1', + mb_zip2 = '$mb_zip2', mb_addr1 = '{$_POST['mb_addr1']}', mb_addr2 = '{$_POST['mb_addr2']}', mb_addr3 = '{$_POST['mb_addr3']}', diff --git a/bbs/alert.php b/bbs/alert.php index d64b6f2fd..6b1ab26a7 100644 --- a/bbs/alert.php +++ b/bbs/alert.php @@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php'); $msg2 = str_replace("\\n", "
", $msg); -if (!$url) $url = $_SERVER['HTTP_REFERER']; +$url = clean_xss_tags($url); +if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']); // url 체크 check_url_host($url); diff --git a/bbs/confirm.php b/bbs/confirm.php index 76e9c7652..fcf94e0e9 100644 --- a/bbs/confirm.php +++ b/bbs/confirm.php @@ -2,6 +2,10 @@ include_once('./_common.php'); include_once(G5_PATH.'/head.sub.php'); +$url1 = clean_xss_tags($url1); +$url2 = clean_xss_tags($url2); +$url3 = clean_xss_tags($url3); + // url 체크 check_url_host($url1); check_url_host($url2); diff --git a/bbs/move.php b/bbs/move.php index e3a7d86f2..a4631addf 100644 --- a/bbs/move.php +++ b/bbs/move.php @@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) - +
diff --git a/bbs/new.php b/bbs/new.php index bbf9ccf96..9e008e861 100644 --- a/bbs/new.php +++ b/bbs/new.php @@ -17,6 +17,8 @@ if ($view == "w") $sql_common .= " and a.wr_id = a.wr_parent "; else if ($view == "c") $sql_common .= " and a.wr_id <> a.wr_parent "; +else + $view = ''; $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : ''; $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20); diff --git a/bbs/newwin.inc.php b/bbs/newwin.inc.php index 3c3c8c127..e3f8aed55 100644 --- a/bbs/newwin.inc.php +++ b/bbs/newwin.inc.php @@ -13,14 +13,11 @@ $result = sql_query($sql, false);

팝업레이어 알림

diff --git a/bbs/register_email.php b/bbs/register_email.php index 4345d4eea..e7fc92537 100644 --- a/bbs/register_email.php +++ b/bbs/register_email.php @@ -2,27 +2,28 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); +$g5['title'] = '메일인증 메일주소 변경'; +include_once('./_head.php'); + +$mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20); $sql = " select mb_email, mb_datetime, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; $mb = sql_fetch($sql); if (substr($mb['mb_email_certify'],0,1)!=0) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } - -$g5['title'] = '메일인증 메일주소 변경'; -include_once('./_head.php'); ?> -

메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.

+

메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.

-
+
- + diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 3ae7b006f..36fe66f8f 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -8,7 +8,7 @@ $mb_email = trim($_POST['mb_email']); $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; $mb = sql_fetch($sql); -if (!$mb) { +if ($mb) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } diff --git a/bbs/register_form.php b/bbs/register_form.php index cb6fd2517..4729c7692 100644 --- a/bbs/register_form.php +++ b/bbs/register_form.php @@ -115,6 +115,9 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) & $required = ($w=='') ? 'required' : ''; $readonly = ($w=='u') ? 'readonly' : ''; +$agree = preg_replace('#[^0-9]#', '', $agree); +$agree2 = preg_replace('#[^0-9]#', '', $agree2); + // add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨 if ($config['cf_use_addr']) add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 05e90788c..83144fecc 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -40,8 +40,8 @@ $mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) $mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : ""; $mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : ""; $mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : ""; -$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : ""; -$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : ""; +$mb_zip1 = isset($_POST['mb_zip']) ? substr(trim($_POST['mb_zip']), 0, 3) : ""; +$mb_zip2 = isset($_POST['mb_zip']) ? substr(trim($_POST['mb_zip']), 3) : ""; $mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : ""; $mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : ""; $mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : ""; diff --git a/bbs/search.php b/bbs/search.php index 4f4df3f19..0f3fe803b 100644 --- a/bbs/search.php +++ b/bbs/search.php @@ -17,7 +17,7 @@ if ($stx) { $stx = preg_replace('/\//', '\/', trim($stx)); $sop = strtolower($sop); if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or - $srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; + $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10; if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수 $g5_search['tables'] = Array(); diff --git a/css/default.css b/css/default.css index 9a9e4288c..731c6b84d 100644 --- a/css/default.css +++ b/css/default.css @@ -279,4 +279,8 @@ a.btn_admin:focus, a.btn_admin:hover {text-decoration:none} .pg_current {display:inline-block;margin:0 4px 0 0;background:#333;color:#fff;font-weight:normal} /* Mobile화면으로 */ -#device_change {display:block;margin:0.3em;padding:0.5em 0;border:1px solid #eee;border-radius:2em;background:#fff;color:#000;font-size:2em;text-decoration:none;text-align:center} \ No newline at end of file +#device_change {display:block;margin:0.3em;padding:0.5em 0;border:1px solid #eee;border-radius:2em;background:#fff;color:#000;font-size:2em;text-decoration:none;text-align:center} + +/*메일인증*/ +.rg_em{margin-top:5px} +.rg_em caption{padding:0;font-size:0;line-height:0;overflow:hidden} \ No newline at end of file diff --git a/css/mobile.css b/css/mobile.css index feb6f507f..6316c221e 100644 --- a/css/mobile.css +++ b/css/mobile.css @@ -247,4 +247,10 @@ a.btn_admin:focus, a.btn_admin:hover {text-decoration:none} .pg_current {display:inline-block;margin:0 4px 0 0;background:#333;color:#fff;font-weight:normal} /* PC화면으로 */ -#device_change {display:block;margin:5px;padding:5px 0;border:1px solid #eee;border-radius:2em;color:#000;font-size:1em;text-decoration:none;text-align:center} \ No newline at end of file +#device_change {display:block;margin:5px;padding:5px 0;border:1px solid #eee;border-radius:2em;color:#000;font-size:1em;text-decoration:none;text-align:center} + +/*메일인증*/ +.rg_em_p{padding:0 5px} +.rg_em{margin:5px 5px 10px;} +.rg_em table{width:100%;border-collapse:collapse} +.rg_em caption{padding:0;font-size:0;line-height:0;overflow:hidden} \ No newline at end of file diff --git a/js/common.js b/js/common.js index 8802f1c09..b964cd782 100644 --- a/js/common.js +++ b/js/common.js @@ -376,7 +376,7 @@ var win_homepage = function(href) { /** * 우편번호 창 **/ -var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_addr3, frm_jibeon) { +var win_zip = function(frm_name, frm_zip, frm_addr1, frm_addr2, frm_addr3, frm_jibeon) { if(typeof daum === 'undefined'){ alert("다음 우편번호 postcode.v2.js 파일이 로드되지 않았습니다."); return false; @@ -386,7 +386,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a var complete_fn = function(data){ // 팝업에서 검색결과 항목을 클릭했을때 실행할 코드를 작성하는 부분. - + // 각 주소의 노출 규칙에 따라 주소를 조합한다. // 내려오는 변수가 값이 없는 경우엔 공백('')값을 가지므로, 이를 참고하여 분기 한다. var fullAddr = ''; // 최종 주소 변수 @@ -417,8 +417,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a // 우편번호와 주소 정보를 해당 필드에 넣고, 커서를 상세주소 필드로 이동한다. var of = document[frm_name]; - of[frm_zip1].value = data.postcode1; - of[frm_zip2].value = data.postcode2; + of[frm_zip].value = data.zonecode; of[frm_addr1].value = fullAddr; of[frm_addr3].value = extraAddr; @@ -432,7 +431,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a switch(zip_case) { case 1 : //iframe을 이용하여 페이지에 끼워 넣기 - var daum_pape_id = 'daum_juso_page'+frm_zip1, + var daum_pape_id = 'daum_juso_page'+frm_zip, element_wrap = document.getElementById(daum_pape_id), currentScroll = Math.max(document.body.scrollTop, document.documentElement.scrollTop); if (element_wrap == null) { @@ -475,7 +474,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a }).open(); break; default : //iframe을 이용하여 레이어 띄우기 - var rayer_id = 'daum_juso_rayer'+frm_zip1, + var rayer_id = 'daum_juso_rayer'+frm_zip, element_layer = document.getElementById(rayer_id); if (element_layer == null) { element_layer = document.createElement("div"); diff --git a/lib/common.lib.php b/lib/common.lib.php index b2d62cd9d..9ffc825b1 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='') alert($msg); } - if (!$url3) $url3 = $_SERVER['HTTP_REFERER']; + if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']); $msg = str_replace("\\n", "
", $msg); @@ -2723,6 +2723,11 @@ function clean_xss_tags($str) { $str = preg_replace('#]*+>#i', '', $str); + $search = array('"', "'"); + $replace = array('"', '''); + + $str = str_replace($search, $replace, $str); + return $str; } diff --git a/mobile/newwin.inc.php b/mobile/newwin.inc.php index 14ad49127..bfd3eadfc 100644 --- a/mobile/newwin.inc.php +++ b/mobile/newwin.inc.php @@ -13,14 +13,11 @@ $result = sql_query($sql, false);

팝업레이어 알림

diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php index b1775bd1b..1b8ba0c93 100644 --- a/mobile/skin/board/basic/view.skin.php +++ b/mobile/skin/board/basic/view.skin.php @@ -65,8 +65,8 @@ add_stylesheet('', 0 + if ($view['link']) { + ?>
사이트 이용정보 입력
자동등록방지 - - class="frm_input " size="3" maxlength="3"> - - - - class="frm_input " size="3" maxlength="3"> -
+ + class="frm_input " size="5" maxlength="6"> +
class="frm_input frm_address " size="50">
diff --git a/skin/board/basic/view.skin.php b/skin/board/basic/view.skin.php index d49275ec5..22efc3c16 100644 --- a/skin/board/basic/view.skin.php +++ b/skin/board/basic/view.skin.php @@ -68,8 +68,8 @@ add_stylesheet('', 0 + if ($view['link']) { + ?> 		- - class="frm_input " size="3" maxlength="3"> - - - - class="frm_input " size="3" maxlength="3"> -
+ + class="frm_input " size="5" maxlength="6"> +
class="frm_input frm_address " size="50">
diff --git a/skin/new/basic/new.skin.php b/skin/new/basic/new.skin.php index 085eec0e6..2558d8118 100644 --- a/skin/new/basic/new.skin.php +++ b/skin/new/basic/new.skin.php @@ -45,7 +45,6 @@ add_stylesheet('', 0); -