firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

기타 추적되지 않는 파일들..

Browse Source
This commit is contained in:
KWON
2025-07-02 14:16:37 +09:00
parent 2d7bbdca89
commit b6080d2e47
74 changed files with 14184 additions and 2028 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bbs/db_table.optimize.php
View File

@ -29,11 +29,7 @@ if($config['cf_popular_del'] > 0) {
if($config['cf_new_del'] > 0) {
$sql = " delete from {$g5['board_new_table']} where (TO_DAYS('".G5_TIME_YMDHIS."') - TO_DAYS(bn_datetime)) > '{$config['cf_new_del']}' ";
sql_query($sql);
// 데이터가 많으면 처리시간 때문에 브라우저 응답이 늦을수 있음
if (defined('G5_USE_OPTIMIZE_DBTABLE') && G5_USE_OPTIMIZE_DBTABLE) {
sql_query(" OPTIMIZE TABLE `{$g5['board_new_table']}` ");
}
sql_query(" OPTIMIZE TABLE `{$g5['board_new_table']}` ");
}
// 설정일이 지난 쪽지 삭제

2
bbs/good.php
View File

@ -1,8 +1,6 @@
<?php
include_once('./_common.php');
$good = isset($_REQUEST['good']) ? preg_replace('/[^a-z0-9]/i', '', $_REQUEST['good']) : '';
run_event('bbs_good_before', $bo_table, $wr_id, $good);
@include_once($board_skin_path.'/good.head.skin.php');

10
bbs/link.php
View File

@ -1,11 +1,7 @@
<?php
include_once('./_common.php');
$html_title = '링크';
if (isset($write['wr_subject']) && $write['wr_subject']) {
$html_title .= ' &gt; '.conv_subject($write['wr_subject'], 255);
}
$html_title = '링크 &gt; '.conv_subject($write['wr_subject'], 255);
$no = isset($_REQUEST['no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['no']) : '';
@ -14,10 +10,10 @@ if (!($bo_table && $wr_id && $no))
// SQL Injection 예방
$row = sql_fetch(" select count(*) as cnt from {$g5['write_prefix']}{$bo_table} ", FALSE);
if (!(isset($row['cnt']) && $row['cnt']))
if (!$row['cnt'])
alert_close('존재하는 게시판이 아닙니다.');
if (!(isset($write['wr_link'.$no]) && $write['wr_link'.$no]))
if (!$write['wr_link'.$no])
alert_close('링크가 없습니다.');
$ss_name = 'ss_link_'.$bo_table.'_'.$wr_id.'_'.$no;

7
bbs/memo_view.php
View File

@ -36,6 +36,13 @@ $sql = " select * from {$g5['memo_table']}
and me_{$kind}_mb_id = '{$member['mb_id']}' ";
$memo = sql_fetch($sql);
$c = sql_fetch (" select COUNT(*) as cnt from {$g5['memo_table']} where me_id = '$me_id' and me_recv_mb_id = '{$member['mb_id']}' ");
if($c['cnt'] < 1) {
alert('삭제 되었거나 존재하지 않는 쪽지 입니다.');
}
set_session('ss_memo_delete_token', $token = uniqid(time()));
$del_link = 'memo_delete.php?me_id='.$memo['me_id'].'&amp;token='.$token.'&amp;kind='.$kind;

7
bbs/move.php
View File

@ -71,8 +71,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
<thead>
<tr>
<th scope="col">
<label for="chkall" class="sound_only">현재 페이지 게시판 전체</label>
<input type="checkbox" id="chkall" onclick="if (this.checked) all_checked(true); else all_checked(false);">
<label for="chkall"></label>
</th>
<th scope="col">게시판</th>
</tr>
@ -87,9 +87,10 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
}
?>
<tr class="<?php echo $atc_bg; ?>">
<td class="td_chk">
<label for="chk<?php echo $i ?>" class="sound_only"><?php echo $list[$i]['bo_table'] ?></label>
<td class="text-center">
<input type="checkbox" value="<?php echo $list[$i]['bo_table'] ?>" id="chk<?php echo $i ?>" name="chk_bo_table[]">
<label for="chk<?php echo $i ?>"></label>
</td>
<td>
<label for="chk<?php echo $i ?>">

62
bbs/move_update.php
View File

@ -282,15 +282,75 @@ $opener_href1 = str_replace('&amp;', '&', $opener_href);
run_event('bbs_move_update', $bo_table, $chk_bo_table, $wr_id_list, $opener_href);
?>
<?php if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == $app['ap_title']) { ?>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no" />
<style>
body,html {background-color: #f9fafb; padding: 0px; margin: 0px;}
ul {padding: 0px; margin: 0px;}
.rb_alert_wrap {
width:100%;
height:100%;
position: relative;
background-color: #f9fafb;
box-sizing: border-box;
}
.rb_alert_wrap .rb_alert_wrap_inner {
width: 100%;
border-radius: 0px;
padding: 50px;
background-color: #f9fafb;
box-sizing: border-box;
position: absolute;
top:50%;
transform: translateY(-50%);
box-sizing: border-box;
}
.rb_alert_wrap .rb_alert_title {
text-align: center;
font-size: 14px;
color: #485172;
line-height: 130%;
word-break: keep-all;
box-sizing: border-box;
text-align: center;
margin-bottom: 40px;
}
.rb_alert_wrap .btn_submit {
width: 100%;
height: 47px;
border-radius: 10px;
font-size: 16px;
background-color: #25282B;
color:#fff;
border:0px;
box-sizing: border-box;
text-align: center;
}
</style>
<div class="rb_alert_wrap">
<div class="rb_alert_wrap_inner">
<ul class="rb_alert_title"><?php echo $msg; ?></ul>
<ul class="rb_alert_btn">
<button type="button" class="btn_submit font-B" onclick="location.href='<?php echo $opener_href; ?>';">돌아가기</button>
</ul>
</div>
</div>
<?php } else { ?>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<script>
alert("<?php echo $msg; ?>");
opener.document.location.href = "<?php echo $opener_href1; ?>";
window.close();
</script>
<noscript>
<p>
<?php echo $msg; ?>
</p>
<a href="<?php echo $opener_href; ?>">돌아가기</a>
</noscript>
</noscript>
<?php } ?>

4
bbs/qawrite.php
View File

@ -75,9 +75,9 @@ if(is_file($skin_file)) {
$content = html_purifier($qaconfig['qa_insert_content']);
} else if($w == 'r') {
if($is_dhtml_editor)
$content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>';
$content = '<div><br><br><br>====== 이전 질문내용 =======<br></div>';
else
$content = "\n\n\n\n====== 이전 답변내용 =======\n";
$content = "\n\n\n\n====== 이전 질문내용 =======\n";
// KISA 취약점 권고사항 Stored XSS (210624)
$content .= get_text(html_purifier($write['qa_content']), 0);

16
bbs/qawrite_update.php
View File

@ -451,6 +451,22 @@ if($config['cf_sms_use'] == 'icode' && $qaconfig['qa_use_sms']) {
}
}
// 문의글등록 쪽지 발송
if($w == '' || $w == 'r') {
//문의 > 관리자에게 발송
memo_auto_send("신규 1:1문의가 등록 되었습니다.", G5_BBS_URL.'/qalist.php', $config['cf_admin'], "system-msg");
}
// 답변 > 문의자에게 발송
if($w == 'a') {
memo_auto_send("1:1문의에 답변이 등록 되었습니다.", G5_BBS_URL.'/qalist.php', $write['mb_id'], "system-msg");
}
// 답변 이메일전송
if($w == 'a' && $write['qa_email_recv'] && trim($write['qa_email'])) {
include_once(G5_LIB_PATH.'/mailer.lib.php');

166
bbs/register_email.php
View File

@ -1,62 +1,106 @@
<?php
include_once('./_common.php');
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
$g5['title'] = '메일인증 메일주소 변경';
include_once('./_head.php');
$mb_id = isset($_GET['mb_id']) ? substr(clean_xss_tags($_GET['mb_id']), 0, 20) : '';
$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify, mb_id from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$mb = sql_fetch($sql);
if(! (isset($mb['mb_id']) && $mb['mb_id'])){
alert("해당 회원이 존재하지 않습니다.", G5_URL);
}
if (substr($mb['mb_email_certify'],0,1)!=0) {
alert("이미 메일인증 하신 회원입니다.", G5_URL);
}
$ckey = isset($_GET['ckey']) ? trim($_GET['ckey']) : '';
$key = md5($mb['mb_ip'].$mb['mb_datetime']);
if(!$ckey || $ckey != $key)
alert('올바른 방법으로 이용해 주십시오.', G5_URL);
?>
<p class="rg_em_p">메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.</p>
<form method="post" name="fregister_email" action="<?php echo G5_HTTPS_BBS_URL.'/register_email_update.php'; ?>" onsubmit="return fregister_email_submit(this);">
<input type="hidden" name="mb_id" value="<?php echo $mb_id; ?>">
<div class="tbl_frm01 tbl_frm rg_em">
<table>
<caption>사이트 이용정보 입력</caption>
<tr>
<th scope="row"><label for="reg_mb_email">E-mail<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="mb_email" id="reg_mb_email" required class="frm_input email required" size="30" maxlength="100" value="<?php echo $mb['mb_email']; ?>"></td>
</tr>
<tr>
<th scope="row">자동등록방지</th>
<td><?php echo captcha_html(); ?></td>
</tr>
</table>
</div>
<div class="btn_confirm">
<input type="submit" id="btn_submit" class="btn_submit" value="인증메일변경">
<a href="<?php echo G5_URL ?>" class="btn_cancel">취소</a>
</div>
</form>
<script>
function fregister_email_submit(f)
{
<?php echo chk_captcha_js(); ?>
return true;
}
</script>
<?php
<?php
include_once('./_common.php');
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">', 0);
$g5['title'] = '메일인증 메일주소 변경';
include_once('./_head.php');
$mb_id = isset($_GET['mb_id']) ? substr(clean_xss_tags($_GET['mb_id']), 0, 20) : '';
$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify, mb_id from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$mb = sql_fetch($sql);
if(! (isset($mb['mb_id']) && $mb['mb_id'])){
alert("해당 회원이 존재하지 않습니다.", G5_URL);
}
if (substr($mb['mb_email_certify'],0,1)!=0) {
alert("이미 메일인증 하신 회원입니다.", G5_URL);
}
$ckey = isset($_GET['ckey']) ? trim($_GET['ckey']) : '';
$key = md5($mb['mb_ip'].$mb['mb_datetime']);
if(!$ckey || $ckey != $key)
alert('올바른 방법으로 이용해 주십시오.', G5_URL);
?>
<style>
body, html {background-color: #f9fafb;}
main {background-color: #f9fafb;}
#container_title {display: none;}
#header {display: none;}
.contents_wrap {padding: 0px !important;}
.sub {padding-top: 0px;}
</style>
<div class="rb_member">
<div class="rb_login rb_reg">
<form method="post" name="fregister_email" action="<?php echo G5_HTTPS_BBS_URL.'/register_email_update.php'; ?>" onsubmit="return fregister_email_submit(this);">
<input type="hidden" name="mb_id" value="<?php echo $mb_id; ?>">
<ul class="rb_login_box">
<?php if (!empty($rb_builder['bu_logo_pc'])) { ?>
<a href="<?php echo G5_URL ?>"><img src="<?php echo G5_URL ?>/data/logos/pc?ver=<?php echo G5_SERVER_TIME ?>" alt="<?php echo $config['cf_title']; ?>" id="logo_img"></a>
<?php } else { ?>
<a href="<?php echo G5_URL ?>"><img src="<?php echo G5_THEME_URL ?>/rb.img/logos/pc.png?ver=<?php echo G5_SERVER_TIME ?>" alt="<?php echo $config['cf_title']; ?>" id="logo_img"></a>
<?php } ?>
<li class="rb_reg_ok_text font-B">인증메일 변경</li>
<li class="rb_reg_sub_title">메일인증을 받지 못한 경우 이메일 주소를<br>변경 할 수 있어요.</li>
<li>
<span>변경할 이메일주소</span>
<input type="text" name="mb_email" id="reg_mb_email" required class="input email required" maxlength="100" value="<?php echo $mb['mb_email']; ?>">
</li>
<li>
<div>
<?php echo captcha_html(); ?>
</div>
</li>
<li>
<div class="btn_confirm">
<button type="submit" class="btn_submit font-B">인증메일 변경</button>
</div>
</li>
<li class="join_links">
<a href="<?php echo G5_URL ?>" class="font-B">변경취소</a>
</li>
</ul>
</form>
</div>
</div>
<script>
function fregister_email_submit(f)
{
<?php echo chk_captcha_js(); ?>
return true;
}
</script>
<?php
include_once('./_tail.php');

12
bbs/register_form_update.php
View File

@ -64,15 +64,15 @@ $mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8'])
$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : "";
$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : "";
$mb_name = clean_xss_tags($mb_name, 1, 1);
$mb_name = clean_xss_tags($mb_name);
$mb_email = get_email_address($mb_email);
$mb_homepage = clean_xss_tags($mb_homepage, 1, 1);
$mb_tel = clean_xss_tags($mb_tel, 1, 1);
$mb_homepage = clean_xss_tags($mb_homepage);
$mb_tel = clean_xss_tags($mb_tel);
$mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1);
$mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2);
$mb_addr1 = clean_xss_tags($mb_addr1, 1, 1);
$mb_addr2 = clean_xss_tags($mb_addr2, 1, 1);
$mb_addr3 = clean_xss_tags($mb_addr3, 1, 1);
$mb_addr1 = clean_xss_tags($mb_addr1);
$mb_addr2 = clean_xss_tags($mb_addr2);
$mb_addr3 = clean_xss_tags($mb_addr3);
$mb_addr_jibeon = preg_match("/^(N|R)$/", $mb_addr_jibeon) ? $mb_addr_jibeon : '';
run_event('register_form_update_before', $mb_id, $w);

22
bbs/view_comment.php
View File

@ -38,7 +38,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
// 공백없이 연속 입력한 문자 자르기 (way 보드 참고. way.co.kr)
//$list[$i]['content'] = eregi_replace("[^ \n<>]{130}", "\\0\n", $row['wr_content']);
/*
$list[$i]['content'] = $list[$i]['content1']= '비밀글 입니다.';
if (!strstr($row['wr_option'], 'secret') ||
$is_admin ||
@ -47,7 +47,25 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
$list[$i]['content1'] = $row['wr_content'];
$list[$i]['content'] = conv_content($row['wr_content'], 0, 'wr_content');
$list[$i]['content'] = search_font($stx, $list[$i]['content']);
} else {
}
*/
// 댓글에 댓글이 비밀댓글인 경우 원댓글 작성자도 볼 수 있도록 처리 2.1.7
$pre_comment_info = substr($row['wr_comment_reply'],0,-1);
$pre_comment = sql_fetch(" select mb_id from {$write_table} where wr_parent = '{$wr_id}' and wr_is_comment = 1 and wr_comment = '{$row['wr_comment']}' and wr_comment_reply = '{$pre_comment_info}' ");
$list[$i]['content'] = $list[$i]['content1']= '비밀글 입니다.';
if (!strstr($row['wr_option'], 'secret') ||
$is_admin ||
($pre_comment['mb_id']==$member['mb_id'] && $member['mb_id']) ||
($write['mb_id']==$member['mb_id'] && $member['mb_id']) ||
($row['mb_id']==$member['mb_id'] && $member['mb_id'])) {
$list[$i]['content1'] = $row['wr_content'];
$list[$i]['content'] = conv_content($row['wr_content'], 0, 'wr_content');
$list[$i]['content'] = search_font($stx, $list[$i]['content']);
}
else {
$ss_name = 'ss_secret_comment_'.$bo_table.'_'.$list[$i]['wr_id'];
if(!get_session($ss_name))

4
bbs/view_image.php
View File

@ -50,6 +50,10 @@ if($file_exists = run_replace('exists_view_image', $file_exists, $filepath, $edi
}
?>
<head>
<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=10>,user-scalable=yes" />
</head>
<div class="bbs-view-image"><?php echo $img ?></div>
<script>

6
bbs/visit_insert.inc.php
View File

@ -6,8 +6,8 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
{
set_cookie('ck_visit_ip', $_SERVER['REMOTE_ADDR'], 86400); // 하루동안 저장
// $tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g5['visit_table']} ");
// $vi_id = $tmp_row['max_vi_id'] + 1;
$tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g5['visit_table']} ");
$vi_id = $tmp_row['max_vi_id'] + 1;
// $_SERVER 배열변수 값의 변조를 이용한 SQL Injection 공격을 막는 코드입니다. 110810
$remote_addr = escape_trim($_SERVER['REMOTE_ADDR']);
@ -23,7 +23,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
if(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE') && G5_BROWSCAP_USE) {
include_once(G5_BBS_PATH.'/visit_browscap.inc.php');
}
$sql = " insert {$g5['visit_table']} ( vi_ip, vi_date, vi_time, vi_referer, vi_agent, vi_browser, vi_os, vi_device ) values ( '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}', '{$vi_browser}', '{$vi_os}', '{$vi_device}' ) ";
$sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent, vi_browser, vi_os, vi_device ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}', '{$vi_browser}', '{$vi_os}', '{$vi_device}' ) ";
$result = sql_query($sql, FALSE);
// 정상으로 INSERT 되었다면 방문자 합계에 반영

2
bbs/write.php
View File

@ -20,7 +20,7 @@ if (!($w == '' || $w == 'u' || $w == 'r')) {
}
if ($w == 'u' || $w == 'r') {
if (isset($write['wr_id']) && $write['wr_id']) {
if ($write['wr_id']) {
// 가변 변수로 $wr_1 .. $wr_10 까지 만든다.
for ($i=1; $i<=10; $i++) {
$vvar = "wr_".$i;