firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/g5

Browse Source
This commit is contained in:
thisgun
2019-06-13 16:33:42 +09:00
parent 50c7f26b3d 17238808b5
commit aa9edb872b
18 changed files with 60 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adm/board_form.php
View File

@ -869,7 +869,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("bo_content_head", get_text($board['bo_content_head'], 0)); ?>
<?php echo editor_html("bo_content_head", get_text(html_purifier($board['bo_content_head']), 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_head" value="1" id="chk_grp_content_head">
@ -881,7 +881,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("bo_content_tail", get_text($board['bo_content_tail'], 0)); ?>
<?php echo editor_html("bo_content_tail", get_text(html_purifier($board['bo_content_tail']), 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_content_tail" value="1" id="chk_grp_content_tail">
@ -893,7 +893,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_head", get_text($board['bo_mobile_content_head'], 0)); ?>
<?php echo editor_html("bo_mobile_content_head", get_text(html_purifier($board['bo_mobile_content_head']), 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_head" value="1" id="chk_grp_mobile_content_head">
@ -905,7 +905,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("bo_mobile_content_tail", get_text($board['bo_mobile_content_tail'], 0)); ?>
<?php echo editor_html("bo_mobile_content_tail", get_text(html_purifier($board['bo_mobile_content_tail']), 0)); ?>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_mobile_content_tail" value="1" id="chk_grp_mobile_content_tail">

4
adm/board_list_update.php
View File

@ -29,9 +29,11 @@ if ($_POST['act_button'] == "선택수정") {
alert('최고관리자가 아닌 경우 다른 관리자의 게시판('.$board_table[$k].')은 수정이 불가합니다.');
}
$p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags($_POST['bo_subject'][$k]) : '';
$sql = " update {$g5['board_table']}
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
bo_subject = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
bo_subject = '".$p_bo_subject."',
bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',

5
adm/boardgroup_list_update.php
View File

@ -19,7 +19,8 @@ for ($i=0; $i<$count; $i++)
{
$k = $_POST['chk'][$i];
$gr_id = preg_replace('/[^a-z0-9_]/i', '', $_POST['group_id'][$k]);
$gr_subject = sql_real_escape_string(strip_tags($_POST['gr_subject'][$k]));
$gr_subject = is_array($_POST['gr_subject']) ? strip_tags($_POST['gr_subject'][$k]) : '';
$gr_admin = is_array($_POST['gr_admin']) ? strip_tags($_POST['gr_admin'][$k]) : '';
if($_POST['act_button'] == '선택수정') {
$sql = " update {$g5['group_table']}
@ -30,7 +31,7 @@ for ($i=0; $i<$count; $i++)
gr_order = '".sql_real_escape_string($_POST['gr_order'][$k])."'
where gr_id = '{$gr_id}' ";
if ($is_admin != 'super')
$sql .= " and gr_admin = '{$_POST['gr_admin'][$k]}' ";
$sql .= " and gr_admin = '{$gr_admin}' ";
sql_query($sql);
} else if($_POST['act_button'] == '선택삭제') {
$row = sql_fetch(" select count(*) as cnt from {$g5['board_table']} where gr_id = '$gr_id' ");

1
adm/contentform.php
View File

@ -35,6 +35,7 @@ if(!sql_query(" select co_skin from {$g5['content_table']} limit 1 ", false)) {
$html_title = "내용";
$g5['title'] = $html_title.' 관리';
$readonly = '';
if ($w == "u")
{

4
adm/faqform.php
View File

@ -54,11 +54,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">질문</th>
<td><?php echo editor_html('fa_subject', get_text($fa['fa_subject'], 0)); ?></td>
<td><?php echo editor_html('fa_subject', get_text(html_purifier($fa['fa_subject']), 0)); ?></td>
</tr>
<tr>
<th scope="row">답변</th>
<td><?php echo editor_html('fa_content', get_text($fa['fa_content'], 0)); ?></td>
<td><?php echo editor_html('fa_content', get_text(html_purifier($fa['fa_content']), 0)); ?></td>
</tr>
</tbody>
</table>

8
adm/faqmasterform.php
View File

@ -117,25 +117,25 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<tr>
<th scope="row">상단 내용</th>
<td>
<?php echo editor_html('fm_head_html', get_text($fm['fm_head_html'], 0)); ?>
<?php echo editor_html('fm_head_html', get_text(html_purifier($fm['fm_head_html']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row">하단 내용</th>
<td>
<?php echo editor_html('fm_tail_html', get_text($fm['fm_tail_html'], 0)); ?>
<?php echo editor_html('fm_tail_html', get_text(html_purifier($fm['fm_tail_html']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일상단 내용</th>
<td>
<?php echo editor_html('fm_mobile_head_html', get_text($fm['fm_mobile_head_html'], 0)); ?>
<?php echo editor_html('fm_mobile_head_html', get_text(html_purifier($fm['fm_mobile_head_html']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row">모바일하단 내용</th>
<td>
<?php echo editor_html('fm_mobile_tail_html', get_text($fm['fm_mobile_tail_html'], 0)); ?>
<?php echo editor_html('fm_mobile_tail_html', get_text(html_purifier($fm['fm_mobile_tail_html']), 0)); ?>
</td>
</tr>
</tbody>

2
adm/mail_form.php
View File

@ -44,7 +44,7 @@ include_once('./admin.head.php');
</tr>
<tr>
<th scope="row"><label for="ma_content">메일 내용<strong class="sound_only">필수</strong></label></th>
<td><?php echo editor_html("ma_content", get_text($ma['ma_content'], 0)); ?></td>
<td><?php echo editor_html("ma_content", get_text(html_purifier($ma['ma_content']), 0)); ?></td>
</tr>
</tbody>
</table>

12
adm/menu_list_update.php
View File

@ -20,9 +20,11 @@ $count = count($_POST['code']);
for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
$code = strip_tags($_POST['code'][$i]);
$me_name = strip_tags($_POST['me_name'][$i]);
$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
@ -56,9 +58,9 @@ for ($i=0; $i<$count; $i++)
// 메뉴 등록
$sql = " insert into {$g5['menu_table']}
set me_code = '$me_code',
me_name = '$me_name',
me_link = '$me_link',
set me_code = '".$me_code."',
me_name = '".$me_name."',
me_link = '".$me_link."',
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',

2
adm/newwinform.php
View File

@ -130,7 +130,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row"><label for="nw_content">내용</label></th>
<td><?php echo editor_html('nw_content', get_text($nw['nw_content'], 0)); ?></td>
<td><?php echo editor_html('nw_content', get_text(html_purifier($nw['nw_content']), 0)); ?></td>
</tr>
</tbody>
</table>

8
adm/qa_config.php
View File

@ -282,25 +282,25 @@ if(!isset($qaconfig['qa_include_head'])) {
<tr>
<th scope="row"><label for="qa_content_head">상단 내용</label></th>
<td>
<?php echo editor_html("qa_content_head", get_text($qaconfig['qa_content_head'], 0)); ?>
<?php echo editor_html("qa_content_head", get_text(html_purifier($qaconfig['qa_content_head']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_content_tail">하단 내용</label></th>
<td>
<?php echo editor_html("qa_content_tail", get_text($qaconfig['qa_content_tail'], 0)); ?>
<?php echo editor_html("qa_content_tail", get_text(html_purifier($qaconfig['qa_content_tail']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_head">모바일 상단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_head", get_text($qaconfig['qa_mobile_content_head'], 0)); ?>
<?php echo editor_html("qa_mobile_content_head", get_text(html_purifier($qaconfig['qa_mobile_content_head']), 0)); ?>
</td>
</tr>
<tr>
<th scope="row"><label for="qa_mobile_content_tail">모바일 하단 내용</label></th>
<td>
<?php echo editor_html("qa_mobile_content_tail", get_text($qaconfig['qa_mobile_content_tail'], 0)); ?>
<?php echo editor_html("qa_mobile_content_tail", get_text(html_purifier($qaconfig['qa_mobile_content_tail']), 0)); ?>
</td>
</tr>
<tr>

2
adm/visit_list.php
View File

@ -73,7 +73,7 @@ $result = sql_query($sql);
}
$title = str_replace(array('<', '>', '&'), array("&lt;", "&gt;", "&amp;"), $referer);
$link = '<a href="'.$row['vi_referer'].'" target="_blank">';
$link = '<a href="'.get_text($row['vi_referer']).'" target="_blank">';
$link = str_replace('&', "&amp;", $link);
$link2 = '</a>';
}

2
adm/visit_search.php
View File

@ -92,7 +92,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처
}
$title = str_replace(array("<", ">"), array("&lt;", "&gt;"), $referer);
$link = '<a href="'.$row['vi_referer'].'" target="_blank" title="'.$title.'">';
$link = '<a href="'.get_text($row['vi_referer']).'" target="_blank" title="'.$title.'">';
}
if ($is_admin == 'super')

4
bbs/alert.php
View File

@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
$msg = isset($msg) ? strip_tags($msg) : '';
$msg2 = str_replace("\\n", "<br>", $msg);
$url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
$url = clean_xss_tags($url, 1);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
$url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);

10
bbs/confirm.php
View File

@ -5,11 +5,11 @@ include_once(G5_PATH.'/head.sub.php');
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
$url1 = preg_replace($pattern2, "", $url1);
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
$url2 = preg_replace($pattern2, "", $url2);
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
$url3 = preg_replace($pattern2, "", $url3);
// url 체크
@ -31,12 +31,12 @@ if (confirm(conf)) {
<article id="confirm_check">
<header>
<hgroup>
<h1><?php echo $header; ?></h1> <!-- 수행 중이던 작업 내용 -->
<h1><?php echo get_text(strip_tags($header)); ?></h1> <!-- 수행 중이던 작업 내용 -->
<h2>아래 내용을 확인해 주세요.</h2>
</hgroup>
</header>
<p>
<?php echo $msg; ?>
<?php echo get_text(strip_tags($msg)); ?>
</p>
<a href="<?php echo $url1; ?>">확인</a>

4
bbs/visit_insert.inc.php
View File

@ -13,8 +13,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
$referer = "";
if (isset($_SERVER['HTTP_REFERER']))
$referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
$user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
$referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
$user_agent = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
$vi_browser = '';
$vi_os = '';
$vi_device = '';

4
head.sub.php
View File

@ -19,8 +19,8 @@ else {
$g5_head_title .= " | ".$config['cf_title'];
}
$g5['title'] = strip_tags(get_text($g5['title']));
$g5_head_title = strip_tags(get_text($g5_head_title));
$g5['title'] = strip_tags($g5['title']);
$g5_head_title = strip_tags($g5_head_title);
// 현재 접속자
// 게시판 제목에 ' 포함되면 오류 발생

18
lib/common.lib.php
View File

@ -2902,13 +2902,17 @@ function get_search_string($stx)
}
// XSS 관련 태그 제거
function clean_xss_tags($str)
function clean_xss_tags($str, $check_entities=0)
{
$str_len = strlen($str);
$i = 0;
while($i <= $str_len){
$result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
if( $check_entities ){
$result = str_replace(array('&colon;', '&lpar;', '&rpar;', '&NewLine;', '&Tab;'), '', $result);
}
if((string)$result === (string)$str) break;
@ -3436,7 +3440,7 @@ function get_head_title($title){
global $g5;
if( isset($g5['board_title']) && $g5['board_title'] ){
$title = strip_tags(get_text($g5['board_title']));
$title = strip_tags($g5['board_title']);
}
return $title;
@ -3512,6 +3516,11 @@ function get_call_func_cache($func, $args=array()){
function is_include_path_check($path='', $is_input='')
{
if( $path ){
if( strlen($path) > 255 ){
return false;
}
if ($is_input){
// 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
// 보안 목적 : rar wrapper 차단
@ -3570,11 +3579,14 @@ function is_include_path_check($path='', $is_input='')
if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
return false;
}
if( substr_count($replace_path, './') > 5 ){
return false;
}
}
$extension = pathinfo($path, PATHINFO_EXTENSION);
if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf|php\-x)$/i', $extension)) {
return false;
}
}

4
theme/basic/head.sub.php
View File

@ -13,8 +13,8 @@ else {
$g5_head_title .= " | ".$config['cf_title'];
}
$g5['title'] = strip_tags(get_text($g5['title']));
$g5_head_title = strip_tags(get_text($g5_head_title));
$g5['title'] = strip_tags($g5['title']);
$g5_head_title = strip_tags($g5_head_title);
// 현재 접속자
// 게시판 제목에 ' 포함되면 오류 발생