From 445da5447dc9bef5a6661d27770e7d7bd0a11261 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Thu, 5 Feb 2015 09:43:58 +0900
Subject: [PATCH 1/2] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/visit_insert.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index dccd1326f..a0ba612ef 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -13,7 +13,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
     $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
-        $referer = escape_trim($_SERVER['HTTP_REFERER']);
+        $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
     $user_agent  = escape_trim($_SERVER['HTTP_USER_AGENT']);
     $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";
 

From 846c4500f758b6aa9a2960b968bac3106e521d5c Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Thu, 5 Feb 2015 09:51:03 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=EA=B2=80=EC=83=89=20=EB=95=8C=20=EA=B2=8C?=
 =?UTF-8?q?=EC=8B=9C=EA=B8=80=20=EC=B9=B4=EC=9A=B4=ED=8A=B8=20=EC=86=8D?=
 =?UTF-8?q?=EB=8F=84=20=EA=B0=9C=EC=84=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/list.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bbs/list.php b/bbs/list.php
index f964d33ed..b756bb03c 100644
--- a/bbs/list.php
+++ b/bbs/list.php
@@ -46,9 +46,15 @@ if ($sca || $stx) {
     $sql_search .= " and (wr_num between {$spt} and ({$spt} + {$config['cf_search_part']})) ";
 
     // 원글만 얻는다. (코멘트의 내용도 검색하기 위함)
+    // 라엘님 제안 코드로 대체 http://sir.co.kr/bbs/board.php?bo_table=g5_bug&wr_id=2922
+    $sql = " SELECT COUNT(DISTINCT `wr_parent`) AS `cnt` FROM {$write_table} WHERE {$sql_search} ";
+    $row = sql_fetch($sql);
+    $total_count = $row['cnt'];
+    /*
     $sql = " select distinct wr_parent from {$write_table} where {$sql_search} ";
     $result = sql_query($sql);
     $total_count = mysql_num_rows($result);
+    */
 } else {
     $sql_search = "";