diff --git a/adm/admin.lib.php b/adm/admin.lib.php index 1b21beb16..184dbdb46 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -426,6 +426,25 @@ function admin_referer_check($return=false) } } +function admin_check_xss_params($params){ + + if( ! $params ) return; + + foreach( $params as $key=>$value ){ + + if ( empty($value) ) continue; + + if( is_array($value) ){ + admin_check_xss_params($params); + } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){ + alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); + die(); + } + } + + return; +} + // 접근 권한 검사 if (!$member['mb_id']) { @@ -489,6 +508,12 @@ if (isset($stx)) $arr_query[] = 'stx='.$stx; if (isset($page)) $arr_query[] = 'page='.$page; $qstr = implode("&", $arr_query); +if ( isset($_REQUEST) && $_REQUEST ){ + if( admin_referer_check(true) ){ + admin_check_xss_params($_REQUEST); + } +} + // 관리자에서는 추가 스크립트는 사용하지 않는다. //$config['cf_add_script'] = ''; ?> \ No newline at end of file diff --git a/adm/faqlist.php b/adm/faqlist.php index acfb094e9..80319c82f 100644 --- a/adm/faqlist.php +++ b/adm/faqlist.php @@ -22,7 +22,7 @@ $sql_common = " from {$g5['faq_table']} where fm_id = '$fm_id' "; // 테이블의 전체 레코드수만 얻음 $sql = " select count(*) as cnt " . $sql_common; $row = sql_fetch($sql); -$total_count = $row[cnt]; +$total_count = $row['cnt']; $sql = "select * $sql_common order by fa_order , fa_id "; $result = sql_query($sql); @@ -60,7 +60,7 @@ $result = sql_query($sql); for ($i=0; $row=sql_fetch_array($result); $i++) { $row1 = sql_fetch(" select COUNT(*) as cnt from {$g5['faq_table']} where fm_id = '{$row['fm_id']}' "); - $cnt = $row1[cnt]; + $cnt = $row1['cnt']; $s_mod = icon("수정", ""); $s_del = icon("삭제", ""); diff --git a/adm/member_list_update.php b/adm/member_list_update.php index eb6d8f791..915fdb880 100644 --- a/adm/member_list_update.php +++ b/adm/member_list_update.php @@ -29,19 +29,19 @@ if ($_POST['act_button'] == "선택수정") { $msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n'; } else { if($_POST['mb_certify'][$k]) - $mb_adult = $_POST['mb_adult'][$k]; + $mb_adult = (int) $_POST['mb_adult'][$k]; else $mb_adult = 0; $sql = " update {$g5['member_table']} - set mb_level = '{$_POST['mb_level'][$k]}', - mb_intercept_date = '{$_POST['mb_intercept_date'][$k]}', - mb_mailling = '{$_POST['mb_mailling'][$k]}', - mb_sms = '{$_POST['mb_sms'][$k]}', - mb_open = '{$_POST['mb_open'][$k]}', - mb_certify = '{$_POST['mb_certify'][$k]}', + set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."', + mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."', + mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."', + mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."', + mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."', + mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."', mb_adult = '{$mb_adult}' - where mb_id = '{$_POST['mb_id'][$k]}' "; + where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' "; sql_query($sql); } } diff --git a/bbs/email_certify.php b/bbs/email_certify.php index 80b4bf0b8..2fc735b32 100644 --- a/bbs/email_certify.php +++ b/bbs/email_certify.php @@ -4,11 +4,15 @@ include_once('./_common.php'); $mb_id = trim($_GET['mb_id']); $mb_md5 = trim($_GET['mb_md5']); -$sql = " select mb_id, mb_email_certify2 from {$g5['member_table']} where mb_id = '{$mb_id}' "; +$sql = " select mb_id, mb_email_certify2, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$mb_id}' "; $row = sql_fetch($sql); if (!$row['mb_id']) alert('존재하는 회원이 아닙니다.', G5_URL); +if ( $row['mb_leave_date'] || $row['mb_intercept_date'] ){ + alert('탈퇴 또는 차단된 회원입니다.', G5_URL); +} + // 인증 링크는 한번만 처리가 되게 한다. sql_query(" update {$g5['member_table']} set mb_email_certify2 = '' where mb_id = '$mb_id' "); diff --git a/config.php b/config.php index b1a805772..5b3adbcf6 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.1.7'); +define('G5_GNUBOARD_VER', '5.3.1.8'); define('G5_YOUNGCART_VER', '5.3.1.7'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 diff --git a/lib/common.lib.php b/lib/common.lib.php index 1d7421555..e64434ffa 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -714,6 +714,8 @@ function get_group($gr_id) function get_member($mb_id, $fields='*') { global $g5; + + $mb_id = preg_replace("/[^0-9a-z_]+/i", "", $mb_id); return sql_fetch(" select $fields from {$g5['member_table']} where mb_id = TRIM('$mb_id') "); } @@ -2068,13 +2070,13 @@ function abs_ip2long($ip='') function get_selected($field, $value) { - return ($field==$value) ? ' selected="selected"' : ''; + return ($field===$value) ? ' selected="selected"' : ''; } function get_checked($field, $value) { - return ($field==$value) ? ' checked="checked"' : ''; + return ($field===$value) ? ' checked="checked"' : ''; }