XSS 취약점, 새 우편번호, 기타 오류 수정

2015-07-20 11:40:09 +09:00
parent 2ccc407397
commit a52858fc6d
25 changed files with 73 additions and 60 deletions
--- a/adm/member_form.php
+++ b/adm/member_form.php
@ -214,11 +214,9 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
    <tr>
        <th scope="row"><label for="mb_zip1">주소</label></th>
        <td colspan="3" class="td_addr_line">
-            <label for="mb_zip1" class="sound_only">우편번호 앞자리</label>
+            <label for="mb_zip" class="sound_only">우편번호</label>
-            <input type="text" name="mb_zip1" value="<?php echo $mb['mb_zip1'] ?>" id="mb_zip1" class="frm_input readonly" size="3" maxlength="3"> -
+            <input type="text" name="mb_zip" value="<?php echo $mb['mb_zip1'].$mb['mb_zip2']; ?>" id="mb_zip" class="frm_input readonly" size="5" maxlength="6">
-            <label for="mb_zip2" class="sound_only">우편번호 뒷자리</label>
+            <button type="button" class="btn_frmline" onclick="win_zip('fmember', 'mb_zip', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
            <input type="text" name="mb_zip2" value="<?php echo $mb['mb_zip2'] ?>" id="mb_zip2" class="frm_input readonly" size="3" maxlength="3">
            <button type="button" class="btn_frmline" onclick="win_zip('fmember', 'mb_zip1', 'mb_zip2', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
            <input type="text" name="mb_addr1" value="<?php echo $mb['mb_addr1'] ?>" id="mb_addr1" class="frm_input readonly" size="60">
            <label for="mb_addr1">기본주소</label><br>
            <input type="text" name="mb_addr2" value="<?php echo $mb['mb_addr2'] ?>" id="mb_addr2" class="frm_input" size="60">
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@ -29,6 +29,9 @@ if($_POST['mb_certify_case'] && $_POST['mb_certify']) {
    $mb_adult = 0;
 }
 $mb_zip1 = substr($_POST['mb_zip'], 0, 3);
 $mb_zip2 = substr($_POST['mb_zip'], 3);
 $sql_common = "  mb_name = '{$_POST['mb_name']}',
                 mb_nick = '{$_POST['mb_nick']}',
                 mb_email = '{$_POST['mb_email']}',
@ -37,8 +40,8 @@ $sql_common = "  mb_name = '{$_POST['mb_name']}',
                 mb_hp = '{$mb_hp}',
                 mb_certify = '{$mb_certify}',
                 mb_adult = '{$mb_adult}',
-                 mb_zip1 = '{$_POST['mb_zip1']}',
+                 mb_zip1 = '$mb_zip1',
-                 mb_zip2 = '{$_POST['mb_zip2']}',
+                 mb_zip2 = '$mb_zip2',
                 mb_addr1 = '{$_POST['mb_addr1']}',
                 mb_addr2 = '{$_POST['mb_addr2']}',
                 mb_addr3 = '{$_POST['mb_addr3']}',
--- a/bbs/alert.php
+++ b/bbs/alert.php
@ -30,7 +30,8 @@ include_once(G5_PATH.'/head.sub.php');
 $msg2 = str_replace("\\n", "<br>", $msg);
-if (!$url) $url = $_SERVER['HTTP_REFERER'];
+$url = clean_xss_tags($url);
 if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
 // url 체크
 check_url_host($url);
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@ -2,6 +2,10 @@
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
 $url1 = clean_xss_tags($url1);
 $url2 = clean_xss_tags($url2);
 $url3 = clean_xss_tags($url3);
 // url 체크
 check_url_host($url1);
 check_url_host($url2);
--- a/bbs/move.php
+++ b/bbs/move.php
@ -55,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
    <input type="hidden" name="sod" value="<?php echo $sod ?>">
    <input type="hidden" name="page" value="<?php echo $page ?>">
    <input type="hidden" name="act" value="<?php echo $act ?>">
-    <input type="hidden" name="url" value="<?php echo $_SERVER['HTTP_REFERER'] ?>">
+    <input type="hidden" name="url" value="<?php echo clean_xss_tags($_SERVER['HTTP_REFERER']); ?>">
    <div class="tbl_head01 tbl_wrap">
        <table>
--- a/bbs/new.php
+++ b/bbs/new.php
@ -17,6 +17,8 @@ if ($view == "w")
    $sql_common .= " and a.wr_id = a.wr_parent ";
 else if ($view == "c")
    $sql_common .= " and a.wr_id <> a.wr_parent ";
 else
    $view = '';
 $mb_id = isset($_GET['mb_id']) ? ($_GET['mb_id']) : '';
 $mb_id = substr(preg_replace('#[^a-z0-9_]#i', '', $mb_id), 0, 20);
--- a/bbs/newwin.inc.php
+++ b/bbs/newwin.inc.php
@ -13,14 +13,11 @@ $result = sql_query($sql, false);
    <h2>팝업레이어 알림</h2>
 <?php
-for ($i=0; $row_nw=sql_fetch_array($result); $i++)
+for ($i=0; $nw=sql_fetch_array($result); $i++)
 {
    // 이미 체크 되었다면 Continue
-    if ($_COOKIE["hd_pops_{$row_nw['nw_id']}"])
+    if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
        continue;
    $sql = " select * from {$g5['new_win_table']} where nw_id = '{$row_nw['nw_id']}' ";
    $nw = sql_fetch($sql);
 ?>
    <div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px">
--- a/bbs/register_email.php
+++ b/bbs/register_email.php
@ -2,27 +2,28 @@
 include_once('./_common.php');
 include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 $g5['title'] = '메일인증 메일주소 변경';
 include_once('./_head.php');
 $mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20);
 $sql = " select mb_email, mb_datetime, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' ";
 $mb = sql_fetch($sql);
 if (substr($mb['mb_email_certify'],0,1)!=0) {
    alert("이미 메일인증 하신 회원입니다.", G5_URL);
 }
 $g5['title'] = '메일인증 메일주소 변경';
 include_once('./_head.php');
 ?>
-<p>메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.</p>
+<p class="rg_em_p">메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.</p>
 <form method="post" name="fregister_email" action="<?php echo G5_HTTPS_BBS_URL.'/register_email_update.php'; ?>" onsubmit="return fregister_email_submit(this);">
 <input type="hidden" name="mb_id" value="<?php echo $mb_id; ?>">
-<div class="tbl_frm01 tbl_frm">
+<div class="tbl_frm01 tbl_frm rg_em">
    <table>
    <caption>사이트 이용정보 입력</caption>
    <tr>
        <th scope="row"><label for="reg_mb_email">E-mail<strong class="sound_only">필수</strong></label></th>
-        <td><input type="text" name="mb_email" id="reg_mb_email" required class="frm_input email required" size="50" maxlength="100" value="<?php echo $mb['mb_email']; ?>"></td>
+        <td><input type="text" name="mb_email" id="reg_mb_email" required class="frm_input email required" size="30" maxlength="100" value="<?php echo $mb['mb_email']; ?>"></td>
    </tr>
    <tr>
        <th scope="row">자동등록방지</th>
--- a/bbs/register_email_update.php
+++ b/bbs/register_email_update.php
@ -8,7 +8,7 @@ $mb_email = trim($_POST['mb_email']);
 $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' ";
 $mb = sql_fetch($sql);
-if (!$mb) {
+if ($mb) {
    alert("이미 메일인증 하신 회원입니다.", G5_URL);
 }
--- a/bbs/register_form.php
+++ b/bbs/register_form.php
@ -115,6 +115,9 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) &
 $required = ($w=='') ? 'required' : '';
 $readonly = ($w=='u') ? 'readonly' : '';
 $agree  = preg_replace('#[^0-9]#', '', $agree);
 $agree2 = preg_replace('#[^0-9]#', '', $agree2);
 // add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 if ($config['cf_use_addr'])
    add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@ -40,8 +40,8 @@ $mb_birth       = isset($_POST['mb_birth'])         ? trim($_POST['mb_birth'])
 $mb_homepage    = isset($_POST['mb_homepage'])      ? trim($_POST['mb_homepage'])    : "";
 $mb_tel         = isset($_POST['mb_tel'])           ? trim($_POST['mb_tel'])         : "";
 $mb_hp          = isset($_POST['mb_hp'])            ? trim($_POST['mb_hp'])          : "";
-$mb_zip1        = isset($_POST['mb_zip1'])          ? trim($_POST['mb_zip1'])        : "";
+$mb_zip1        = isset($_POST['mb_zip'])           ? substr(trim($_POST['mb_zip']), 0, 3) : "";
-$mb_zip2        = isset($_POST['mb_zip2'])          ? trim($_POST['mb_zip2'])        : "";
+$mb_zip2        = isset($_POST['mb_zip'])           ? substr(trim($_POST['mb_zip']), 3)    : "";
 $mb_addr1       = isset($_POST['mb_addr1'])         ? trim($_POST['mb_addr1'])       : "";
 $mb_addr2       = isset($_POST['mb_addr2'])         ? trim($_POST['mb_addr2'])       : "";
 $mb_addr3       = isset($_POST['mb_addr3'])         ? trim($_POST['mb_addr3'])       : "";
--- a/bbs/search.php
+++ b/bbs/search.php
@ -17,7 +17,7 @@ if ($stx) {
    $stx = preg_replace('/\//', '\/', trim($stx));
    $sop = strtolower($sop);
    if (!$sop || !($sop == 'and' || $sop == 'or')) $sop = 'and'; // 연산자 and , or
-    $srows = isset($_GET['srows']) ? preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
+    $srows = isset($_GET['srows']) ? (int)preg_replace('#[^0-9]#', '', $_GET['srows']) : 10;
    if (!$srows) $srows = 10; // 한페이지에 출력하는 검색 행수
    $g5_search['tables'] = Array();
--- a/css/default.css
+++ b/css/default.css
@ -280,3 +280,7 @@ a.btn_admin:focus, a.btn_admin:hover {text-decoration:none}
 /* Mobile화면으로 */
 #device_change {display:block;margin:0.3em;padding:0.5em 0;border:1px solid #eee;border-radius:2em;background:#fff;color:#000;font-size:2em;text-decoration:none;text-align:center}
 /*메일인증*/
 .rg_em{margin-top:5px}
 .rg_em caption{padding:0;font-size:0;line-height:0;overflow:hidden}
--- a/css/mobile.css
+++ b/css/mobile.css
@ -248,3 +248,9 @@ a.btn_admin:focus, a.btn_admin:hover {text-decoration:none}
 /* PC화면으로 */
 #device_change {display:block;margin:5px;padding:5px 0;border:1px solid #eee;border-radius:2em;color:#000;font-size:1em;text-decoration:none;text-align:center}
 /*메일인증*/
 .rg_em_p{padding:0 5px}
 .rg_em{margin:5px 5px 10px;}
 .rg_em table{width:100%;border-collapse:collapse}
 .rg_em caption{padding:0;font-size:0;line-height:0;overflow:hidden}
--- a/js/common.js
+++ b/js/common.js
@ -376,7 +376,7 @@ var win_homepage = function(href) {
 /**
 * 우편번호 창
 **/
-var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_addr3, frm_jibeon) {
+var win_zip = function(frm_name, frm_zip, frm_addr1, frm_addr2, frm_addr3, frm_jibeon) {
    if(typeof daum === 'undefined'){
        alert("다음 우편번호 postcode.v2.js 파일이 로드되지 않았습니다.");
        return false;
@ -417,8 +417,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a
        // 우편번호와 주소 정보를 해당 필드에 넣고, 커서를 상세주소 필드로 이동한다.
        var of = document[frm_name];
-        of[frm_zip1].value = data.postcode1;
+        of[frm_zip].value = data.zonecode;
        of[frm_zip2].value = data.postcode2;
        of[frm_addr1].value = fullAddr;
        of[frm_addr3].value = extraAddr;
@ -432,7 +431,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a
    switch(zip_case) {
        case 1 :    //iframe을 이용하여 페이지에 끼워 넣기
-            var daum_pape_id = 'daum_juso_page'+frm_zip1,
+            var daum_pape_id = 'daum_juso_page'+frm_zip,
                element_wrap = document.getElementById(daum_pape_id),
                currentScroll = Math.max(document.body.scrollTop, document.documentElement.scrollTop);
            if (element_wrap == null) {
@ -475,7 +474,7 @@ var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_a
            }).open();
            break;
        default :   //iframe을 이용하여 레이어 띄우기
-            var rayer_id = 'daum_juso_rayer'+frm_zip1,
+            var rayer_id = 'daum_juso_rayer'+frm_zip,
                element_layer = document.getElementById(rayer_id);
            if (element_layer == null) {
                element_layer = document.createElement("div");
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -192,7 +192,7 @@ function confirm($msg, $url1='', $url2='', $url3='')
        alert($msg);
    }
-    if (!$url3) $url3 = $_SERVER['HTTP_REFERER'];
+    if (!$url3) $url3 = clean_xss_tags($_SERVER['HTTP_REFERER']);
    $msg = str_replace("\\n", "<br>", $msg);
@ -2723,6 +2723,11 @@ function clean_xss_tags($str)
 {
    $str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
    $search  = array('"', "'");
    $replace = array('&#34;', '&#39;');
    $str = str_replace($search, $replace, $str);
    return $str;
 }
--- a/mobile/newwin.inc.php
+++ b/mobile/newwin.inc.php
@ -13,14 +13,11 @@ $result = sql_query($sql, false);
    <h2>팝업레이어 알림</h2>
 <?php
-for ($i=0; $row_nw=sql_fetch_array($result); $i++)
+for ($i=0; $nw=sql_fetch_array($result); $i++)
 {
    // 이미 체크 되었다면 Continue
-    if ($_COOKIE["hd_pops_{$row_nw['nw_id']}"])
+    if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
        continue;
    $sql = " select * from {$g5['new_win_table']} where nw_id = '{$row_nw['nw_id']}' ";
    $nw = sql_fetch($sql);
 ?>
    <div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;">
--- a/mobile/skin/board/basic/view.skin.php
+++ b/mobile/skin/board/basic/view.skin.php
@ -65,8 +65,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
    <?php } ?>
    <?php
-    if (implode('', $view['link'])) {
+    if ($view['link']) {
-     ?>
+    ?>
    <section id="bo_v_link">
        <h2>관련링크</h2>
        <ul>
--- a/mobile/skin/board/gallery/list.skin.php
+++ b/mobile/skin/board/gallery/list.skin.php
@ -180,7 +180,7 @@ $(window).on("load", function() {
        <option value="wr_name,1"<?php echo get_selected($sfl, "wr_name,1"); ?>>글쓴이</option>
        <option value="wr_name,0"<?php echo get_selected($sfl, "wr_name,0"); ?>>글쓴이(코)</option>
    </select>
-    <input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required" size="15" maxlength="20">
+    <input name="stx" value="<?php echo stripslashes($stx) ?>" placeholder="검색어(필수)" required id="stx" class="required frm_input" size="15" maxlength="20">
    <input type="submit" value="검색">
    </form>
 </fieldset>
--- a/mobile/skin/board/gallery/view.skin.php
+++ b/mobile/skin/board/gallery/view.skin.php
@ -65,8 +65,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
    <?php } ?>
    <?php
-    if (implode('', $view['link'])) {
+    if ($view['link']) {
-     ?>
+    ?>
    <section id="bo_v_link">
        <h2>관련링크</h2>
        <ul>
--- a/mobile/skin/member/basic/register_form.skin.php
+++ b/mobile/skin/member/basic/register_form.skin.php
@ -141,12 +141,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                <?php if ($config['cf_req_addr']) { ?><strong class="sound_only">필수</strong><?php } ?>
            </th>
            <td>
-                <label for="reg_mb_zip1" class="sound_only">우편번호 앞자리<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
+                <label for="reg_mb_zip" class="sound_only">우편번호<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
-                <input type="text" name="mb_zip1" value="<?php echo $member['mb_zip1'] ?>" id="reg_mb_zip1" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="3" maxlength="3">
+                <input type="text" name="mb_zip" value="<?php echo $member['mb_zip1'].$member['mb_zip2']; ?>" id="reg_mb_zip" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="5" maxlength="6">
-                -
+                <button type="button" class="btn_frmline" onclick="win_zip('fregisterform', 'mb_zip', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
                <label for="reg_mb_zip2" class="sound_only">우편번호 뒷자리<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
                <input type="text" name="mb_zip2" value="<?php echo $member['mb_zip2'] ?>" id="reg_mb_zip2" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="3" maxlength="3">
                <button type="button" class="btn_frmline" onclick="win_zip('fregisterform', 'mb_zip1', 'mb_zip2', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
                <label for="reg_mb_addr1" class="sound_only">주소<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
                <input type="text" name="mb_addr1" value="<?php echo $member['mb_addr1'] ?>" id="reg_mb_addr1" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input frm_address <?php echo $config['cf_req_addr']?"required":""; ?>" size="50"><br>
                <label for="reg_mb_addr2" class="sound_only">상세주소</label>
--- a/skin/board/basic/view.skin.php
+++ b/skin/board/basic/view.skin.php
@ -68,8 +68,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
    <?php } ?>
    <?php
-    if (implode('', $view['link'])) {
+    if ($view['link']) {
-     ?>
+    ?>
     <!-- 관련링크 시작 { -->
    <section id="bo_v_link">
        <h2>관련링크</h2>
--- a/skin/board/gallery/view.skin.php
+++ b/skin/board/gallery/view.skin.php
@ -68,8 +68,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
    <?php } ?>
    <?php
-    if (implode('', $view['link'])) {
+    if ($view['link']) {
-     ?>
+    ?>
     <!-- 관련링크 시작 { -->
    <section id="bo_v_link">
        <h2>관련링크</h2>
--- a/skin/member/basic/register_form.skin.php
+++ b/skin/member/basic/register_form.skin.php
@ -146,12 +146,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                <?php if ($config['cf_req_addr']) { ?><strong class="sound_only">필수</strong><?php }  ?>
            </th>
            <td>
-                <label for="reg_mb_zip1" class="sound_only">우편번호 앞자리<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
+                <label for="reg_mb_zip" class="sound_only">우편번호<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
-                <input type="text" name="mb_zip1" value="<?php echo $member['mb_zip1'] ?>" id="reg_mb_zip1" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="3" maxlength="3">
+                <input type="text" name="mb_zip" value="<?php echo $member['mb_zip1'].$member['mb_zip2']; ?>" id="reg_mb_zip" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="5" maxlength="6">
-                -
+                <button type="button" class="btn_frmline" onclick="win_zip('fregisterform', 'mb_zip', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
                <label for="reg_mb_zip2" class="sound_only">우편번호 뒷자리<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label>
                <input type="text" name="mb_zip2" value="<?php echo $member['mb_zip2'] ?>" id="reg_mb_zip2" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input <?php echo $config['cf_req_addr']?"required":""; ?>" size="3" maxlength="3">
                <button type="button" class="btn_frmline" onclick="win_zip('fregisterform', 'mb_zip1', 'mb_zip2', 'mb_addr1', 'mb_addr2', 'mb_addr3', 'mb_addr_jibeon');">주소 검색</button><br>
                <input type="text" name="mb_addr1" value="<?php echo $member['mb_addr1'] ?>" id="reg_mb_addr1" <?php echo $config['cf_req_addr']?"required":""; ?> class="frm_input frm_address <?php echo $config['cf_req_addr']?"required":""; ?>" size="50">
                <label for="reg_mb_addr1">기본주소<?php echo $config['cf_req_addr']?'<strong class="sound_only"> 필수</strong>':''; ?></label><br>
                <input type="text" name="mb_addr2" value="<?php echo $member['mb_addr2'] ?>" id="reg_mb_addr2" class="frm_input frm_address" size="50">
--- a/skin/new/basic/new.skin.php
+++ b/skin/new/basic/new.skin.php
@ -45,7 +45,6 @@ add_stylesheet('<link rel="stylesheet" href="'.$new_skin_url.'/style.css">', 0);
 <input type="hidden" name="view"     value="<?php echo $view; ?>">
 <input type="hidden" name="sfl"      value="<?php echo $sfl; ?>">
 <input type="hidden" name="stx"      value="<?php echo $stx; ?>">
 <input type="hidden" name="srows"    value="<?php echo $srows; ?>">
 <input type="hidden" name="bo_table" value="<?php echo $bo_table; ?>">
 <input type="hidden" name="page"     value="<?php echo $page; ?>">
 <input type="hidden" name="pressed"  value="">