diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 75dbbeb58..58fbfec9e 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -101,6 +101,7 @@ $sql = " update {$g5['config_table']}
cf_movie_extension = '{$_POST['cf_movie_extension']}',
cf_formmail_is_member = '{$_POST['cf_formmail_is_member']}',
cf_page_rows = '{$_POST['cf_page_rows']}',
+ cf_mobile_page_rows = '{$_POST['cf_mobile_page_rows']}',
cf_stipulation = '{$_POST['cf_stipulation']}',
cf_privacy = '{$_POST['cf_privacy']}',
cf_open_modify = '{$_POST['cf_open_modify']}',
diff --git a/bbs/faq.php b/bbs/faq.php
index 35906477d..d3fe9406e 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -73,7 +73,7 @@ if(is_file($skin_file)) {
if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
- $page_rows = G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'];
+ $page_rows = G5_IS_MOBILE ? $config['cf_mobile_page_rows'] : $config['cf_page_rows'];
$sql = " select count(*) as cnt
from {$g5['faq_table']}
diff --git a/common.php b/common.php
index abd7fc1d5..823f4f00c 100644
--- a/common.php
+++ b/common.php
@@ -80,10 +80,10 @@ if (file_exists($dbconfig_file)) {
}
// sql_escape_string 적용
- $_POST = array_map_deep('sql_escape_string', $_POST);
- $_GET = array_map_deep('sql_escape_string', $_GET);
- $_COOKIE = array_map_deep('sql_escape_string', $_COOKIE);
- $_REQUEST = array_map_deep('sql_escape_string', $_REQUEST);
+ $_POST = array_map_deep(G5_ESCAPE_FUNCTION, $_POST);
+ $_GET = array_map_deep(G5_ESCAPE_FUNCTION, $_GET);
+ $_COOKIE = array_map_deep(G5_ESCAPE_FUNCTION, $_COOKIE);
+ $_REQUEST = array_map_deep(G5_ESCAPE_FUNCTION, $_REQUEST);
//==============================================================================
// PHP 4.1.0 부터 지원됨
diff --git a/install/gnuboard5.sql b/install/gnuboard5.sql
index 8a79450fa..c2f159ef8 100644
--- a/install/gnuboard5.sql
+++ b/install/gnuboard5.sql
@@ -269,6 +269,7 @@ CREATE TABLE IF NOT EXISTS `g5_config` (
`cf_movie_extension` varchar(255) NOT NULL DEFAULT '',
`cf_formmail_is_member` tinyint(4) NOT NULL DEFAULT '0',
`cf_page_rows` int(11) NOT NULL DEFAULT '0',
+ `cf_mobile_page_rows` int(11) NOT NULL DEFAULT '0',
`cf_visit` varchar(255) NOT NULL DEFAULT '',
`cf_max_po_id` int(11) NOT NULL DEFAULT '0',
`cf_stipulation` text NOT NULL,
diff --git a/install/install_db.php b/install/install_db.php
index 294931c07..e88493be4 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -170,6 +170,7 @@ if($g5_install || !$result) {
cf_movie_extension = 'asx|asf|wmv|wma|mpg|mpeg|mov|avi|mp3',
cf_formmail_is_member = '1',
cf_page_rows = '15',
+ cf_page_rows = '15',
cf_cert_limit = '2',
cf_stipulation = '해당 홈페이지에 맞는 회원가입약관을 입력합니다.',
cf_privacy = '해당 홈페이지에 맞는 개인정보처리방침을 입력합니다.'
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 87839e139..240c0866a 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1451,8 +1451,14 @@ function sql_select_db($db, $connect)
// mysql_query 와 mysql_error 를 한꺼번에 처리
function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
{
+ // Blind SQL Injection 취약점 해결
+ $sql = trim($sql);
+ // union의 사용을 허락하지 않습니다.
+ $sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+ // `information_schema` DB로의 접근을 허락하지 않습니다.
+ $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);
if ($error)
- $result = @mysql_query($sql) or die("$sql
" . mysql_errno() . " : " . mysql_error() . "
error file : {$_SERVER['PHP_SELF']}");
+ $result = @mysql_query($sql) or die("
$sql
" . mysql_errno() . " : " . mysql_error() . "
error file : $_SERVER[PHP_SELF]");
else
$result = @mysql_query($sql);
return $result;