From e9e1f9713f0f121a5a03b1c37b516c4297dd12d0 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Fri, 21 Mar 2014 09:52:41 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=20=ED=8E=98?=
 =?UTF-8?q?=EC=9D=B4=EC=A7=80=EB=8B=B9=20=EB=9D=BC=EC=9D=B8=20=EC=88=98=20?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/config_form.php        | 18 ++++++++++++++----
 adm/config_form_update.php |  1 +
 bbs/faq.php                |  2 +-
 install/gnuboard5.sql      |  1 +
 install/install_db.php     |  1 +
 5 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/adm/config_form.php b/adm/config_form.php
index b53870be1..5f9ff4d5b 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -134,6 +134,11 @@ if(!isset($config['cf_sms_use'])) {
                     ADD `cf_icode_server_port` varchar(255) NOT NULL DEFAULT '' AFTER `cf_icode_server_ip` ", true);
 }
 
+if(!isset($config['cf_mobile_page_rows'])) {
+    sql_query(" ALTER TABLE `{$g5['config_table']}`
+                    ADD `cf_mobile_page_rows` int(11) NOT NULL DEFAULT '0' AFTER `cf_page_rows` ", true);
+}
+
 if(!isset($config['cf_faq_skin'])) {
     sql_query(" ALTER TABLE `{$g5['config_table']}`
                     ADD `cf_faq_skin` varchar(255) NOT NULL DEFAULT '' AFTER `cf_connect_skin`,
@@ -268,10 +273,15 @@ if ($config['cf_icode_id'] && $config['cf_icode_pw']) {
         </tr>
         <tr>
             <th scope="row"><label for="cf_login_minutes">현재 접속자</label></th>
-            <td colspan="3">
+            <td>
                 <?php echo help('설정값 이내의 접속자를 현재 접속자로 인정') ?>
                 <input type="text" name="cf_login_minutes" value="<?php echo $config['cf_login_minutes'] ?>" id="cf_login_minutes" class="frm_input" size="2"> 분
             </td>
+            <th scope="row"><label for="cf_new_rows">최근게시물 라인수</label></th>
+            <td>
+                <?php echo help('목록 한페이지당 라인수') ?>
+                <input type="text" name="cf_new_rows" value="<?php echo $config['cf_new_rows'] ?>" id="cf_new_rows" class="frm_input" size="2"> 라인
+            </td>
         </tr>
         <tr>
             <th scope="row"><label for="cf_page_rows">한페이지당 라인수</label></th>
@@ -279,10 +289,10 @@ if ($config['cf_icode_id'] && $config['cf_icode_pw']) {
                 <?php echo help('목록(리스트) 한페이지당 라인수') ?>
                 <input type="text" name="cf_page_rows" value="<?php echo $config['cf_page_rows'] ?>" id="cf_page_rows" class="frm_input" size="2"> 라인
             </td>
-            <th scope="row"><label for="cf_new_rows">최근게시물 라인수</label></th>
+            <th scope="row"><label for="cf_mobile_page_rows">모바일 한페이지당 라인수</label></th>
             <td>
-                <?php echo help('목록 한페이지당 라인수') ?>
-                <input type="text" name="cf_new_rows" value="<?php echo $config['cf_new_rows'] ?>" id="cf_new_rows" class="frm_input" size="2"> 라인
+                <?php echo help('모바일 목록 한페이지당 라인수') ?>
+                <input type="text" name="cf_mobile_page_rows" value="<?php echo $config['cf_mobile_page_rows'] ?>" id="cf_mobile_page_rows" class="frm_input" size="2"> 라인
             </td>
         </tr>
         <tr>
diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index 75dbbeb58..58fbfec9e 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -101,6 +101,7 @@ $sql = " update {$g5['config_table']}
                 cf_movie_extension = '{$_POST['cf_movie_extension']}',
                 cf_formmail_is_member = '{$_POST['cf_formmail_is_member']}',
                 cf_page_rows = '{$_POST['cf_page_rows']}',
+                cf_mobile_page_rows = '{$_POST['cf_mobile_page_rows']}',
                 cf_stipulation = '{$_POST['cf_stipulation']}',
                 cf_privacy = '{$_POST['cf_privacy']}',
                 cf_open_modify = '{$_POST['cf_open_modify']}',
diff --git a/bbs/faq.php b/bbs/faq.php
index 35906477d..d3fe9406e 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -73,7 +73,7 @@ if(is_file($skin_file)) {
 
     if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
 
-    $page_rows = G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'];
+    $page_rows = G5_IS_MOBILE ? $config['cf_mobile_page_rows'] : $config['cf_page_rows'];
 
     $sql = " select count(*) as cnt
                 from {$g5['faq_table']}
diff --git a/install/gnuboard5.sql b/install/gnuboard5.sql
index 7b9012ea5..580696a2b 100644
--- a/install/gnuboard5.sql
+++ b/install/gnuboard5.sql
@@ -269,6 +269,7 @@ CREATE TABLE IF NOT EXISTS `g5_config` (
   `cf_movie_extension` varchar(255) NOT NULL DEFAULT '',
   `cf_formmail_is_member` tinyint(4) NOT NULL DEFAULT '0',
   `cf_page_rows` int(11) NOT NULL DEFAULT '0',
+  `cf_mobile_page_rows` int(11) NOT NULL DEFAULT '0',
   `cf_visit` varchar(255) NOT NULL DEFAULT '',
   `cf_max_po_id` int(11) NOT NULL DEFAULT '0',
   `cf_stipulation` text NOT NULL,
diff --git a/install/install_db.php b/install/install_db.php
index fb491c127..dbadfa2f3 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -146,6 +146,7 @@ $sql = " insert into `{$table_prefix}config`
                 cf_movie_extension = 'asx|asf|wmv|wma|mpg|mpeg|mov|avi|mp3',
                 cf_formmail_is_member = '1',
                 cf_page_rows = '15',
+                cf_mobile_page_rows = '15',
                 cf_cert_limit = '2',
                 cf_stipulation = '해당 홈페이지에 맞는 회원가입약관을 입력합니다.',
                 cf_privacy = '해당 홈페이지에 맞는 개인정보처리방침을 입력합니다.'

From 1e84bc6f1ddd90a1cac806f17aeb2f7f35415b1d Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Fri, 21 Mar 2014 10:18:47 +0900
Subject: [PATCH 2/2] =?UTF-8?q?blind=20sql=20injection=20=EB=8C=80?=
 =?UTF-8?q?=EC=9D=91=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php         | 8 ++++----
 lib/common.lib.php | 8 +++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/common.php b/common.php
index abd7fc1d5..823f4f00c 100644
--- a/common.php
+++ b/common.php
@@ -80,10 +80,10 @@ if (file_exists($dbconfig_file)) {
     }
 
     // sql_escape_string 적용
-    $_POST    = array_map_deep('sql_escape_string', $_POST);
-    $_GET     = array_map_deep('sql_escape_string', $_GET);
-    $_COOKIE  = array_map_deep('sql_escape_string', $_COOKIE);
-    $_REQUEST = array_map_deep('sql_escape_string', $_REQUEST);
+    $_POST    = array_map_deep(G5_ESCAPE_FUNCTION,  $_POST);
+    $_GET     = array_map_deep(G5_ESCAPE_FUNCTION,  $_GET);
+    $_COOKIE  = array_map_deep(G5_ESCAPE_FUNCTION,  $_COOKIE);
+    $_REQUEST = array_map_deep(G5_ESCAPE_FUNCTION,  $_REQUEST);
     //==============================================================================
 
     // PHP 4.1.0 부터 지원됨
diff --git a/lib/common.lib.php b/lib/common.lib.php
index b884704cd..422d43ddc 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1451,8 +1451,14 @@ function sql_select_db($db, $connect)
 // mysql_query 와 mysql_error 를 한꺼번에 처리
 function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
 {
+    // Blind SQL Injection 취약점 해결
+    $sql = trim($sql);
+    // union의 사용을 허락하지 않습니다.
+    $sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+    // `information_schema` DB로의 접근을 허락하지 않습니다.
+    $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);
     if ($error)
-        $result = @mysql_query($sql) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['PHP_SELF']}");
+        $result = @mysql_query($sql) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER[PHP_SELF]");
     else
         $result = @mysql_query($sql);
     return $result;