diff --git a/adm/admin.lib.php b/adm/admin.lib.php index 8bd8b95c5..e764db307 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -355,6 +355,17 @@ function get_admin_token() return $token; } +//input value 에서 xss 공격 filter 역할을 함 ( 반드시 input value='' 타입에만 사용할것 ) +function get_sanitize_input($s, $is_html=false){ + + if(!$is_html){ + $s = strip_tags($s); + } + + $s = htmlspecialchars($s, ENT_QUOTES, 'utf-8'); + + return $s; +} // POST로 넘어온 토큰과 세션에 저장된 토큰 비교 function check_admin_token() diff --git a/adm/auth_list_delete.php b/adm/auth_list_delete.php index 46acecce6..0327c1889 100644 --- a/adm/auth_list_delete.php +++ b/adm/auth_list_delete.php @@ -9,17 +9,24 @@ if ($is_admin != 'super') check_admin_token(); -$count = count($_POST['chk']); +$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0; if (!$count) alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); +if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['au_menu']) && ! is_array($_POST['au_menu'])) ){ + alert("잘못된 요청입니다."); +} + for ($i=0; $i<$count; $i++) { // 실제 번호를 넘김 $k = $chk[$i]; + + $mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]); + $au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]); - $sql = " delete from {$g5['auth_table']} where mb_id = '{$_POST['mb_id'][$k]}' and au_menu = '{$_POST['au_menu'][$k]}' "; + $sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' "; sql_query($sql); } diff --git a/adm/board_form.php b/adm/board_form.php index 6855e3cb6..0eb655d1b 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -233,7 +233,7 @@ $frm_submit .= ''; - + > @@ -815,6 +815,7 @@ $frm_submit .= ''; + @@ -887,6 +888,7 @@ $frm_submit .= ''; + diff --git a/adm/board_form_update.php b/adm/board_form_update.php index d2cb9e76e..20eae3035 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -18,29 +18,29 @@ $_POST['bo_include_head'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_incl $_POST['bo_include_tail'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_include_tail'], 0, 255)); if ($file = $_POST['bo_include_head']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_head'] = $file; } if ($file = $_POST['bo_include_tail']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_tail'] = $file; } if(!is_include_path_check($_POST['bo_include_head'], 1)) { - alert('/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.'); + alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } if(!is_include_path_check($_POST['bo_include_tail'], 1)) { - alert('/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.'); + alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } $board_path = G5_DATA_PATH.'/file/'.$bo_table; @@ -60,6 +60,8 @@ $f = @fopen($file, 'w'); $src_char = array('&', '='); $dst_char = array('&', '〓'); $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list); +//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 +$str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : ''; $sql_common = " gr_id = '{$_POST['gr_id']}', bo_subject = '{$_POST['bo_subject']}', @@ -82,7 +84,7 @@ $sql_common = " gr_id = '{$_POST['gr_id']}', bo_comment_point = '{$_POST['bo_comment_point']}', bo_download_point = '{$_POST['bo_download_point']}', bo_use_category = '{$_POST['bo_use_category']}', - bo_category_list = '{$_POST['bo_category_list']}', + bo_category_list = '{$str_bo_category_list}', bo_use_sideview = '{$_POST['bo_use_sideview']}', bo_use_file_content = '{$_POST['bo_use_file_content']}', bo_use_secret = '{$_POST['bo_use_secret']}', @@ -109,13 +111,20 @@ $sql_common = " gr_id = '{$_POST['gr_id']}', bo_image_width = '{$_POST['bo_image_width']}', bo_skin = '{$_POST['bo_skin']}', bo_mobile_skin = '{$_POST['bo_mobile_skin']}', - bo_include_head = '{$_POST['bo_include_head']}', + "; + +// 최고 관리자인 경우에만 수정가능 +if ($is_admin === 'super'){ +$sql_common .= " bo_include_head = '{$_POST['bo_include_head']}', bo_include_tail = '{$_POST['bo_include_tail']}', bo_content_head = '{$_POST['bo_content_head']}', bo_content_tail = '{$_POST['bo_content_tail']}', bo_mobile_content_head = '{$_POST['bo_mobile_content_head']}', bo_mobile_content_tail = '{$_POST['bo_mobile_content_tail']}', - bo_insert_content = '{$_POST['bo_insert_content']}', + "; +} + +$sql_common .= " bo_insert_content = '{$_POST['bo_insert_content']}', bo_gallery_cols = '{$_POST['bo_gallery_cols']}', bo_gallery_width = '{$_POST['bo_gallery_width']}', bo_gallery_height = '{$_POST['bo_gallery_height']}', @@ -299,12 +308,17 @@ if (is_checked('chk_grp_comment_min')) $grp_fields .= " , bo_comment_mi if (is_checked('chk_grp_comment_max')) $grp_fields .= " , bo_comment_max = '{$bo_comment_max}' "; if (is_checked('chk_grp_upload_count')) $grp_fields .= " , bo_upload_count = '{$bo_upload_count}' "; if (is_checked('chk_grp_upload_size')) $grp_fields .= " , bo_upload_size = '{$bo_upload_size}' "; -if (is_checked('chk_grp_include_head')) $grp_fields .= " , bo_include_head = '{$bo_include_head}' "; -if (is_checked('chk_grp_include_tail')) $grp_fields .= " , bo_include_tail = '{$bo_include_tail}' "; -if (is_checked('chk_grp_content_head')) $grp_fields .= " , bo_content_head = '{$bo_content_head}' "; -if (is_checked('chk_grp_content_tail')) $grp_fields .= " , bo_content_tail = '{$bo_content_tail}' "; -if (is_checked('chk_grp_mobile_content_head')) $grp_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; -if (is_checked('chk_grp_mobile_content_tail')) $grp_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; + +//최고관리자만 수정가능 +if ($is_admin === 'super'){ + if (is_checked('chk_grp_include_head')) $grp_fields .= " , bo_include_head = '{$bo_include_head}' "; + if (is_checked('chk_grp_include_tail')) $grp_fields .= " , bo_include_tail = '{$bo_include_tail}' "; + if (is_checked('chk_grp_content_head')) $grp_fields .= " , bo_content_head = '{$bo_content_head}' "; + if (is_checked('chk_grp_content_tail')) $grp_fields .= " , bo_content_tail = '{$bo_content_tail}' "; + if (is_checked('chk_grp_mobile_content_head')) $grp_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; + if (is_checked('chk_grp_mobile_content_tail')) $grp_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; +} + if (is_checked('chk_grp_insert_content')) $grp_fields .= " , bo_insert_content = '{$bo_insert_content}' "; if (is_checked('chk_grp_use_search')) $grp_fields .= " , bo_use_search = '{$bo_use_search}' "; if (is_checked('chk_grp_order')) $grp_fields .= " , bo_order = '{$bo_order}' "; @@ -382,12 +396,17 @@ if (is_checked('chk_all_comment_min')) $all_fields .= " , bo_comment_mi if (is_checked('chk_all_comment_max')) $all_fields .= " , bo_comment_max = '{$bo_comment_max}' "; if (is_checked('chk_all_upload_count')) $all_fields .= " , bo_upload_count = '{$bo_upload_count}' "; if (is_checked('chk_all_upload_size')) $all_fields .= " , bo_upload_size = '{$bo_upload_size}' "; -if (is_checked('chk_all_include_head')) $all_fields .= " , bo_include_head = '{$bo_include_head}' "; -if (is_checked('chk_all_include_tail')) $all_fields .= " , bo_include_tail = '{$bo_include_tail}' "; -if (is_checked('chk_all_content_head')) $all_fields .= " , bo_content_head = '{$bo_content_head}' "; -if (is_checked('chk_all_content_tail')) $all_fields .= " , bo_content_tail = '{$bo_content_tail}' "; -if (is_checked('chk_all_mobile_content_head')) $all_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; -if (is_checked('chk_all_mobile_content_tail')) $all_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; + +//최고관리자만 수정가능 +if ($is_admin === 'super'){ + if (is_checked('chk_all_include_head')) $all_fields .= " , bo_include_head = '{$bo_include_head}' "; + if (is_checked('chk_all_include_tail')) $all_fields .= " , bo_include_tail = '{$bo_include_tail}' "; + if (is_checked('chk_all_content_head')) $all_fields .= " , bo_content_head = '{$bo_content_head}' "; + if (is_checked('chk_all_content_tail')) $all_fields .= " , bo_content_tail = '{$bo_content_tail}' "; + if (is_checked('chk_all_mobile_content_head')) $all_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; + if (is_checked('chk_all_mobile_content_tail')) $all_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; +} + if (is_checked('chk_all_insert_content')) $all_fields .= " , bo_insert_content = '{$bo_insert_content}' "; if (is_checked('chk_all_use_search')) $all_fields .= " , bo_use_search = '{$bo_use_search}' "; if (is_checked('chk_all_order')) $all_fields .= " , bo_order = '{$bo_order}' "; diff --git a/adm/board_list_update.php b/adm/board_list_update.php index a26e521d6..90a1c5d33 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -8,6 +8,8 @@ if (!count($_POST['chk'])) { alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); } +check_admin_token(); + if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'w'); @@ -19,7 +21,7 @@ if ($_POST['act_button'] == "선택수정") { if ($is_admin != 'super') { $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b - where a.gr_id = '{$_POST['gr_id'][$k]}' + where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."' and a.gr_id = b.gr_id and b.gr_admin = '{$member['mb_id']}' "; $row = sql_fetch($sql); @@ -28,19 +30,20 @@ if ($_POST['act_button'] == "선택수정") { } $sql = " update {$g5['board_table']} - set gr_id = '{$_POST['gr_id'][$k]}', - bo_subject = '{$_POST['bo_subject'][$k]}', - bo_device = '{$_POST['bo_device'][$k]}', - bo_skin = '{$_POST['bo_skin'][$k]}', - bo_mobile_skin = '{$_POST['bo_mobile_skin'][$k]}', - bo_read_point = '{$_POST['bo_read_point'][$k]}', - bo_write_point = '{$_POST['bo_write_point'][$k]}', - bo_comment_point = '{$_POST['bo_comment_point'][$k]}', - bo_download_point = '{$_POST['bo_download_point'][$k]}', - bo_use_search = '{$_POST['bo_use_search'][$k]}', - bo_use_sns = '{$_POST['bo_use_sns'][$k]}', - bo_order = '{$_POST['bo_order'][$k]}' - where bo_table = '{$_POST['board_table'][$k]}' "; + set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."', + bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."', + bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."', + bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."', + bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."', + bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."', + bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."', + bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."', + bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."', + bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."', + bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."', + bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."' + where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' "; + sql_query($sql); } @@ -51,8 +54,6 @@ if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'd'); - check_admin_token(); - // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함 define('_BOARD_DELETE_', true); diff --git a/adm/faqformupdate.php b/adm/faqformupdate.php index fa9562ce2..35b8dcb30 100644 --- a/adm/faqformupdate.php +++ b/adm/faqformupdate.php @@ -5,7 +5,7 @@ include_once('./_common.php'); if ($w == "u" || $w == "d") check_demo(); -if ($W == 'd') +if ($w == 'd') auth_check($auth[$sub_menu], "d"); else auth_check($auth[$sub_menu], "w"); diff --git a/adm/poll_form_update.php b/adm/poll_form_update.php index a3cba14ad..2d01fe6dd 100644 --- a/adm/poll_form_update.php +++ b/adm/poll_form_update.php @@ -10,6 +10,40 @@ auth_check($auth[$sub_menu], 'w'); check_admin_token(); +$check_keys = array( +'po_subject', +'po_poll1', +'po_poll2', +'po_poll3', +'po_poll4', +'po_poll5', +'po_poll6', +'po_poll7', +'po_poll8', +'po_poll9', +'po_cnt1', +'po_cnt2', +'po_cnt3', +'po_cnt4', +'po_cnt5', +'po_cnt6', +'po_cnt7', +'po_cnt8', +'po_cnt9', +'po_etc', +'po_level', +'po_point', +'po_id' +); + +foreach( $_POST as $key=>$value ){ + if( empty($value) ) continue; + + if( in_array($key, $check_keys) ) { + $_POST[$key] = strip_tags($value); + } +} + if ($w == '') { $sql = " insert {$g5['poll_table']} diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 47adc9b88..b56dc1f47 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -11,17 +11,17 @@ check_admin_token(); $error_msg = ''; if( $qa_include_head ){ - $purl = parse_url($qa_include_head); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_head, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } if( $qa_include_tail ){ - $purl = parse_url($qa_include_tail); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_tail, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php index 592e273ce..075c7b4a4 100644 --- a/adm/sms_admin/emoticon_move.php +++ b/adm/sms_admin/emoticon_move.php @@ -11,7 +11,8 @@ auth_check($auth[$sub_menu], "r"); $g5['title'] = '이모티콘그룹 이동'; include_once(G5_PATH.'/head.sub.php'); -$fo_no_list = implode(',', $_POST['fo_no']); +$list = array(); //배열 변수 초기화 +$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : ''; $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no "; $result = sql_query($sql); @@ -27,7 +28,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
- +
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php index 7986d00c2..c745b7058 100644 --- a/adm/sms_admin/history_view.php +++ b/adm/sms_admin/history_view.php @@ -5,6 +5,9 @@ include_once("./_common.php"); $spage_size = 20; $colspan = 10; +$st = isset($st) ? strip_tags($st) : ''; +$ssv = isset($ssv) ? strip_tags($ssv) : ''; + auth_check($auth[$sub_menu], "r"); $g5['title'] = "문자전송 상세내역"; @@ -64,18 +67,18 @@ function all_send() - - - - - + + + + + - + diff --git a/adm/sms_admin/num_book_move.php b/adm/sms_admin/num_book_move.php index 1a68adece..9d660228a 100644 --- a/adm/sms_admin/num_book_move.php +++ b/adm/sms_admin/num_book_move.php @@ -33,7 +33,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) - +
diff --git a/bbs/alert_close.php b/bbs/alert_close.php index 830b3c61f..10a9acd37 100644 --- a/bbs/alert_close.php +++ b/bbs/alert_close.php @@ -2,6 +2,8 @@ include_once('./_common.php'); include_once(G5_PATH.'/head.sub.php'); +//$msg = isset($msg) ? strip_tags($msg) : ''; + $msg2 = str_replace("\\n", "
", $msg); if($error) { diff --git a/bbs/board.php b/bbs/board.php index 4d734128c..ab37ff8b1 100644 --- a/bbs/board.php +++ b/bbs/board.php @@ -77,7 +77,7 @@ if (isset($wr_id) && $wr_id) { } // 자신의 글이거나 관리자라면 통과 - if (($write['mb_id'] && $write['mb_id'] == $member['mb_id']) || $is_admin) { + if (($write['mb_id'] && $write['mb_id'] === $member['mb_id']) || $is_admin) { ; } else { // 비밀글이라면 @@ -93,7 +93,7 @@ if (isset($wr_id) && $wr_id) { and wr_reply = '' and wr_is_comment = 0 "; $row = sql_fetch($sql); - if ($row['mb_id'] == $member['mb_id']) + if ($row['mb_id'] === $member['mb_id']) $is_owner = true; } @@ -120,7 +120,7 @@ if (isset($wr_id) && $wr_id) { sql_query(" update {$write_table} set wr_hit = wr_hit + 1 where wr_id = '{$wr_id}' "); // 자신의 글이면 통과 - if ($write['mb_id'] && $write['mb_id'] == $member['mb_id']) { + if ($write['mb_id'] && $write['mb_id'] === $member['mb_id']) { ; } else if ($is_guest && $board['bo_read_level'] == 1 && $write['wr_ip'] == $_SERVER['REMOTE_ADDR']) { // 비회원이면서 읽기레벨이 1이고 등록된 아이피가 같다면 자신의 글이므로 통과 @@ -219,7 +219,7 @@ if ($board['bo_use_nogood']) $admin_href = ""; // 최고관리자 또는 그룹관리자라면 -if ($member['mb_id'] && ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'])) +if ($member['mb_id'] && ($is_admin === 'super' || $group['gr_admin'] === $member['mb_id'])) $admin_href = G5_ADMIN_URL.'/board_form.php?w=u&bo_table='.$bo_table; include_once(G5_BBS_PATH.'/board_head.php'); diff --git a/bbs/delete.php b/bbs/delete.php index aafa8e889..8f3cc9bcd 100644 --- a/bbs/delete.php +++ b/bbs/delete.php @@ -26,7 +26,7 @@ else if ($is_admin == 'group') { // 그룹관리자 else if ($member['mb_level'] < $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 alert('자신의 권한보다 높은 권한의 회원이 작성한 글은 삭제할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $write['mb_id']) + if ($member['mb_id'] !== $write['mb_id']) alert('자신의 글이 아니므로 삭제할 수 없습니다.'); } else { if ($write['mb_id']) @@ -80,7 +80,7 @@ while ($row = sql_fetch_array($result)) $sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' "; $result2 = sql_query($sql2); while ($row2 = sql_fetch_array($result2)) { - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row2['bf_file'])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) { delete_board_thumbnail($bo_table, $row2['bf_file']); diff --git a/bbs/delete_all.php b/bbs/delete_all.php index f7c6179bf..943045b19 100644 --- a/bbs/delete_all.php +++ b/bbs/delete_all.php @@ -98,7 +98,7 @@ for ($i=$chk_count-1; $i>=0; $i--) $result2 = sql_query($sql2); while ($row2 = sql_fetch_array($result2)) { // 파일삭제 - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '',$row2['bf_file'])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) { diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php index 24c482c1e..326ef71e5 100644 --- a/bbs/delete_comment.php +++ b/bbs/delete_comment.php @@ -20,16 +20,16 @@ if ($is_admin == 'super') // 최고관리자 통과 ; else if ($is_admin == 'group') { // 그룹관리자 $mb = get_member($write['mb_id']); - if ($member['mb_id'] == $group['gr_admin']) { // 자신이 관리하는 그룹인가? + if ($member['mb_id'] === $group['gr_admin']) { // 자신이 관리하는 그룹인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else alert('그룹관리자의 권한보다 높은 회원의 코멘트이므로 삭제할 수 없습니다.'); } else alert('자신이 관리하는 그룹의 게시판이 아니므로 코멘트를 삭제할 수 없습니다.'); -} else if ($is_admin == 'board') { // 게시판관리자이면 +} else if ($is_admin === 'board') { // 게시판관리자이면 $mb = get_member($write['mb_id']); - if ($member['mb_id'] == $board['bo_admin']) { // 자신이 관리하는 게시판인가? + if ($member['mb_id'] === $board['bo_admin']) { // 자신이 관리하는 게시판인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -37,7 +37,7 @@ else if ($is_admin == 'group') { // 그룹관리자 } else alert('자신이 관리하는 게시판이 아니므로 코멘트를 삭제할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $write['mb_id']) + if ($member['mb_id'] !== $write['mb_id']) alert('자신의 글이 아니므로 삭제할 수 없습니다.'); } else { if (!check_password($wr_password, $write['wr_password'])) diff --git a/bbs/download.php b/bbs/download.php index 977f17674..ba4c8b0d7 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -76,8 +76,12 @@ if (!get_session($ss_name)) $g5['title'] = '다운로드 > '.conv_subject($write['wr_subject'], 255); -//$original = urlencode($file['bf_source']); -$original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 +//파일명에 한글이 있는 경우 +if(preg_match("/[\xA1-\xFE][\xA1-\xFE]/", $file['bf_source'])){ + $original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 +} else { + $original = urlencode($file['bf_source']); +} @include_once($board_skin_path.'/download.tail.skin.php'); @@ -86,6 +90,11 @@ if(preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_ header("content-length: ".filesize("$filepath")); header("content-disposition: attachment; filename=\"$original\""); header("content-transfer-encoding: binary"); +} else if (preg_match("/Firefox/i", $_SERVER['HTTP_USER_AGENT'])){ + header("content-type: file/unknown"); + header("content-length: ".filesize("$filepath")); + header("content-disposition: attachment; filename=\"".basename($file['bf_source'])."\""); + header("content-description: php generated data"); } else { header("content-type: file/unknown"); header("content-length: ".filesize("$filepath")); diff --git a/bbs/list.php b/bbs/list.php index 1bb0e4cd0..4752a316c 100644 --- a/bbs/list.php +++ b/bbs/list.php @@ -33,7 +33,11 @@ if ($sop != 'and' && $sop != 'or') // 분류 선택 또는 검색어가 있다면 $stx = trim($stx); -if ($sca || $stx) { +//검색인지 아닌지 구분하는 변수 초기화 +$is_search_bbs = false; + +if ($sca || $stx || $stx === '0') { //검색이면 + $is_search_bbs = true; //검색구분변수 true 지정 $sql_search = get_sql_search($sca, $sfl, $stx, $sop); // 가장 작은 번호를 얻어서 변수에 저장 (하단의 페이징에서 사용) @@ -80,7 +84,7 @@ $notice_count = 0; $notice_array = array(); // 공지 처리 -if (!$sca && !$stx) { +if (!$is_search_bbs) { $arr_notice = explode(',', trim($board['bo_notice'])); $from_notice_idx = ($page - 1) * $page_rows; if($from_notice_idx < 0) @@ -162,7 +166,7 @@ if ($sst) { $sql_order = " order by {$sst} {$sod} "; } -if ($sca || $stx) { +if ($is_search_bbs) { $sql = " select distinct wr_parent from {$write_table} where {$sql_search} {$sql_order} limit {$from_record}, $page_rows "; } else { $sql = " select * from {$write_table} where wr_is_comment = 0 "; @@ -180,7 +184,7 @@ if($page_rows > 0) { while ($row = sql_fetch_array($result)) { // 검색일 경우 wr_id만 얻었으므로 다시 한행을 얻는다 - if ($sca || $stx) + if ($is_search_bbs) $row = sql_fetch(" select * from {$write_table} where wr_id = '{$row['wr_parent']}' "); $list[$i] = get_list($row, $board, $board_skin_url, G5_IS_MOBILE ? $board['bo_mobile_subject_len'] : $board['bo_subject_len']); @@ -201,7 +205,7 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c $list_href = ''; $prev_part_href = ''; $next_part_href = ''; -if ($sca || $stx) { +if ($is_search_bbs) { $list_href = './board.php?bo_table='.$bo_table; $patterns = array('#&page=[0-9]*#', '#&spt=[0-9\-]*#'); diff --git a/bbs/memo.php b/bbs/memo.php index 56288d93f..5d0de7892 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -22,6 +22,10 @@ $sql = " select count(*) as cnt from {$g5['memo_table']} where me_{$kind}_mb_id $row = sql_fetch($sql); $total_count = number_format($row['cnt']); +$total_page = ceil($total_count / $config['cf_page_rows']); // 전체 페이지 계산 +if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) +$from_record = ((int) $page - 1) * $config['cf_page_rows']; // 시작 열을 구함 + if ($kind == 'recv') { $kind_title = '받은'; @@ -41,7 +45,7 @@ $sql = " select a.*, b.mb_id, b.mb_nick, b.mb_email, b.mb_homepage from {$g5['memo_table']} a left join {$g5['member_table']} b on (a.me_{$unkind}_mb_id = b.mb_id) where a.me_{$kind}_mb_id = '{$member['mb_id']}' - order by a.me_id desc "; + order by a.me_id desc limit $from_record, {$config['cf_page_rows']} "; $result = sql_query($sql); for ($i=0; $row=sql_fetch_array($result); $i++) { @@ -66,10 +70,12 @@ for ($i=0; $row=sql_fetch_array($result); $i++) $list[$i]['name'] = $name; $list[$i]['send_datetime'] = $send_datetime; $list[$i]['read_datetime'] = $read_datetime; - $list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&kind='.$kind; + $list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&kind='.$kind.'&page='.$page; $list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&token='.$token.'&kind='.$kind; } +$write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "./memo.php?kind=$kind".$qstr."&page="); + include_once($member_skin_path.'/memo.skin.php'); include_once(G5_PATH.'/tail.sub.php'); diff --git a/bbs/memo_view.php b/bbs/memo_view.php index 19d021108..e032c9fca 100644 --- a/bbs/memo_view.php +++ b/bbs/memo_view.php @@ -57,14 +57,22 @@ $sql = " select * from {$g5[memo_table]} order by me_id desc limit 1 "; $next = sql_fetch($sql); -if ($next[me_id]) - $next_link = './memo_view.php?kind='.$kind.'&me_id='.$next[me_id]; +if ($next['me_id']) + $next_link = './memo_view.php?kind='.$kind.'&me_id='.$next['me_id']; else //$next_link = 'javascript:alert(\'쪽지의 마지막입니다.\');'; $next_link = ''; $mb = get_member($memo['me_'.$unkind.'_mb_id']); +$list_link = './memo.php?kind='.$kind; + +if(isset($page) && $page){ + $prev_link .= '&page='.(int) $page; + $next_link .= '&page='.(int) $page; + $list_link .= '&page='.(int) $page; +} + include_once($member_skin_path.'/memo_view.skin.php'); include_once(G5_PATH.'/tail.sub.php'); diff --git a/bbs/move_update.php b/bbs/move_update.php index 78abbd8cd..fd48087fe 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -28,7 +28,14 @@ while ($row = sql_fetch_array($result)) $wr_num = $row['wr_num']; for ($i=0; $i= $board['bo_reply_level']) // 수정, 삭제 링크 $update_href = $delete_href = ''; // 로그인중이고 자신의 글이라면 또는 관리자라면 비밀번호를 묻지 않고 바로 수정, 삭제 가능 -if (($member['mb_id'] && ($member['mb_id'] == $write['mb_id'])) || $is_admin) { +if (($member['mb_id'] && ($member['mb_id'] === $write['mb_id'])) || $is_admin) { $update_href = './write.php?w=u&bo_table='.$bo_table.'&wr_id='.$wr_id.'&page='.$page.$qstr; set_session('ss_delete_token', $token = uniqid(time())); $delete_href ='./delete.php?bo_table='.$bo_table.'&wr_id='.$wr_id.'&token='.$token.'&page='.$page.urldecode($qstr); diff --git a/bbs/view_comment.php b/bbs/view_comment.php index 472333d07..32c87e219 100644 --- a/bbs/view_comment.php +++ b/bbs/view_comment.php @@ -39,8 +39,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++) $list[$i]['content'] = $list[$i]['content1']= '비밀글 입니다.'; if (!strstr($row['wr_option'], 'secret') || $is_admin || - ($write['mb_id']==$member['mb_id'] && $member['mb_id']) || - ($row['mb_id']==$member['mb_id'] && $member['mb_id'])) { + ($write['mb_id']===$member['mb_id'] && $member['mb_id']) || + ($row['mb_id']===$member['mb_id'] && $member['mb_id'])) { $list[$i]['content1'] = $row['wr_content']; $list[$i]['content'] = conv_content($row['wr_content'], 0, 'wr_content'); $list[$i]['content'] = search_font($stx, $list[$i]['content']); @@ -71,7 +71,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) if ($member['mb_id']) { - if ($row['mb_id'] == $member['mb_id'] || $is_admin) + if ($row['mb_id'] === $member['mb_id'] || $is_admin) { set_session('ss_delete_comment_'.$row['wr_id'].'_token', $token = uniqid(time())); $list[$i]['del_link'] = './delete_comment.php?bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&token='.$token.'&page='.$page.$qstr; diff --git a/bbs/write.php b/bbs/write.php index 4282142de..dde0608da 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -56,7 +56,7 @@ if ($w == '') { } else if ($w == 'u') { // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 //if ($member['mb_level'] < $board['bo_write_level']) { - if($member['mb_id'] && $write['mb_id'] == $member['mb_id']) { + if($member['mb_id'] && $write['mb_id'] === $member['mb_id']) { ; } else if ($member['mb_level'] < $board['bo_write_level']) { if ($member['mb_id']) { @@ -116,7 +116,7 @@ if ($w == '') { if (strstr($write['wr_option'], 'secret')) { if ($write['mb_id']) { // 회원의 경우는 해당 글쓴 회원 및 관리자 - if (!($write['mb_id'] == $member['mb_id'] || $is_admin)) + if (!($write['mb_id'] === $member['mb_id'] || $is_admin)) alert('비밀글에는 자신 또는 관리자만 답변이 가능합니다.'); } else { // 비회원의 경우는 비밀글에 답변이 불가함 @@ -168,7 +168,7 @@ if (!empty($group['gr_use_access'])) { alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table)); } - if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) { + if ($is_admin == 'super' || $group['gr_admin'] === $member['mb_id'] || $board['bo_admin'] === $member['mb_id']) { ; // 통과 } else { // 그룹접근 @@ -251,7 +251,7 @@ $is_name = false; $is_password = false; $is_email = false; $is_homepage = false; -if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] != $write['mb_id'])) { +if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] !== $write['mb_id'])) { $is_name = true; $is_password = true; $is_email = true; @@ -308,7 +308,7 @@ if ($w == '') { $password_required = ''; if (!$is_admin) { - if (!($is_member && $member['mb_id'] == $write['mb_id'])) { + if (!($is_member && $member['mb_id'] === $write['mb_id'])) { if (!check_password($wr_password, $write['wr_password'])) { alert('비밀번호가 틀립니다.'); } diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index 129721d28..f7fdd3ea3 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -269,7 +269,7 @@ else if ($w == 'cu') // 댓글 수정 ; else if ($is_admin == 'group') { // 그룹관리자 $mb = get_member($comment['mb_id']); - if ($member['mb_id'] == $group['gr_admin']) { // 자신이 관리하는 그룹인가? + if ($member['mb_id'] === $group['gr_admin']) { // 자신이 관리하는 그룹인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -278,7 +278,7 @@ else if ($w == 'cu') // 댓글 수정 alert('자신이 관리하는 그룹의 게시판이 아니므로 댓글을 수정할 수 없습니다.'); } else if ($is_admin == 'board') { // 게시판관리자이면 $mb = get_member($comment['mb_id']); - if ($member['mb_id'] == $board['bo_admin']) { // 자신이 관리하는 게시판인가? + if ($member['mb_id'] === $board['bo_admin']) { // 자신이 관리하는 게시판인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -286,7 +286,7 @@ else if ($w == 'cu') // 댓글 수정 } else alert('자신이 관리하는 게시판이 아니므로 댓글을 수정할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $comment['mb_id']) + if ($member['mb_id'] !== $comment['mb_id']) alert('자신의 글이 아니므로 수정할 수 없습니다.'); } else { if($comment['wr_password'] != $wr_password) diff --git a/bbs/write_update.php b/bbs/write_update.php index 2b37dbd23..8788ff705 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -129,18 +129,23 @@ for ($i=1; $i<=10; $i++) { if ($w == '' || $w == 'u') { + // 외부에서 글을 등록할 수 있는 버그가 존재하므로 공지는 관리자만 등록이 가능해야 함 + if (!$is_admin && $notice) { + alert('관리자만 공지할 수 있습니다.'); + } + + //회원 자신이 쓴글을 수정할 경우 공지가 풀리는 경우가 있음 + if($w =='u' && $board['bo_notice'] && in_array($wr['wr_id'], $notice_array)){ + $notice = 1; + } + // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 - if($w =='u' && $member['mb_id'] && $wr['mb_id'] == $member['mb_id']) { + if($w =='u' && $member['mb_id'] && $wr['mb_id'] === $member['mb_id']) { ; } else if ($member['mb_level'] < $board['bo_write_level']) { alert('글을 쓸 권한이 없습니다.'); } - // 외부에서 글을 등록할 수 있는 버그가 존재하므로 공지는 관리자만 등록이 가능해야 함 - if (!$is_admin && $notice) { - alert('관리자만 공지할 수 있습니다.'); - } - } else if ($w == 'r') { if (in_array((int)$wr_id, $notice_array)) { @@ -326,7 +331,7 @@ if ($w == '' || $w == 'r') { if ($member['mb_id']) { // 자신의 글이라면 - if ($member['mb_id'] == $wr['mb_id']) { + if ($member['mb_id'] === $wr['mb_id']) { $mb_id = $member['mb_id']; $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_email = addslashes($member['mb_email']); diff --git a/common.php b/common.php index a036c38b5..424ea52b8 100644 --- a/common.php +++ b/common.php @@ -250,7 +250,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) $stx = get_search_string(trim($_REQUEST['stx'])); - if ($stx) + if ($stx || $stx === '0') $qstr .= '&stx=' . urlencode(cut_str($stx, 20, '')); } else { $stx = ''; @@ -369,20 +369,22 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면 if (strtolower($tmp_mb_id) != strtolower($config['cf_admin'])) { $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' "; $row = sql_fetch($sql); - $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']); - // 쿠키에 저장된 키와 같다면 - $tmp_key = get_cookie('ck_auto'); - if ($tmp_key === $key && $tmp_key) { - // 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면 - if ($row['mb_intercept_date'] == '' && - $row['mb_leave_date'] == '' && - (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) { - // 세션에 회원아이디를 저장하여 로그인으로 간주 - set_session('ss_mb_id', $tmp_mb_id); + if($row['mb_password']){ + $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']); + // 쿠키에 저장된 키와 같다면 + $tmp_key = get_cookie('ck_auto'); + if ($tmp_key === $key && $tmp_key) { + // 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면 + if ($row['mb_intercept_date'] == '' && + $row['mb_leave_date'] == '' && + (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) { + // 세션에 회원아이디를 저장하여 로그인으로 간주 + set_session('ss_mb_id', $tmp_mb_id); - // 페이지를 재실행 - echo ""; - exit; + // 페이지를 재실행 + echo ""; + exit; + } } } // $row 배열변수 해제 diff --git a/config.php b/config.php index a10abd6eb..385c7f58f 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.2.9.8.1'); +define('G5_GNUBOARD_VER', '5.2.9.8.3'); define('G5_YOUNGCART_VER', '5.2.9.8.2'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 diff --git a/install/install_config.php b/install/install_config.php index fbd2d0eb9..2f2639bc5 100644 --- a/install/install_config.php +++ b/install/install_config.php @@ -159,7 +159,7 @@ function frm_install_submit(f) alert('최고관리자 E-mail 을 입력하십시오.'); f.admin_email.focus(); return false; } - var reg = /^\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)/gi; + var reg = /\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink|include|include_once|require|require_once)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)/gi; var reg_msg = " 에 유효하지 않는 문자가 있습니다. 다른 문자로 대체해 주세요."; if( reg.test(f.mysql_host.value) ){ diff --git a/install/install_db.php b/install/install_db.php index 43da32e98..c08b3cbaa 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -14,7 +14,17 @@ include_once ('../lib/common.lib.php'); if( ! function_exists('safe_install_string_check') ){ function safe_install_string_check( $str ) { - if(preg_match('#^\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink)\s?\(\$_(get|post|request)\s?\[.*?\]\s?\)#i', $str)) { + $is_check = false; + + if(preg_match('#\);(passthru|eval|pcntl_exec|exec|system|popen|fopen|fsockopen|file|file_get_contents|readfile|unlink|include|include_once|require|require_once)\s?#i', $str)) { + $is_check = true; + } + + if(preg_match('#\$_(get|post|request)\s?\[.*?\]\s?\)#i', $str)){ + $is_check = true; + } + + if($is_check){ die("입력한 값에 안전하지 않는 문자가 포함되어 있습니다. 설치를 중단합니다."); } diff --git a/lib/common.lib.php b/lib/common.lib.php index 84d2c14d3..7f4754a3c 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -458,7 +458,7 @@ function search_font($stx, $str) $src = array('/', '|'); $dst = array('\/', '\|'); - if (!trim($stx)) return $str; + if (!trim($stx) && $stx !== '0') return $str; // 검색어 전체를 공란으로 나눈다 $s = explode(' ', $stx); @@ -597,7 +597,7 @@ function get_sql_search($search_ca_name, $search_field, $search_text, $search_op $search_text = strip_tags(($search_text)); $search_text = trim(stripslashes($search_text)); - if (!$search_text) { + if (!$search_text && $search_text !== '0') { if ($search_ca_name) { return $str; } else { @@ -3031,6 +3031,22 @@ function check_url_host($url, $msg='', $return_url=G5_URL) $p = @parse_url($url); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $is_host_check = false; + + // url을 urlencode 를 2번이상하면 parse_url 에서 scheme와 host 값을 가져올수 없는 취약점이 존재함 + if ( !isset($p['host']) && urldecode($url) != $url ){ + $i = 0; + while($i <= 3){ + $url = urldecode($url); + if( urldecode($url) == $url ) break; + $i++; + } + + if( urldecode($url) == $url ){ + $p = @parse_url($url); + } else { + $is_host_check = true; + } + } if(stripos($url, 'http:') !== false) { if(!isset($p['scheme']) || !$p['scheme'] || !isset($p['host']) || !$p['host']) @@ -3038,7 +3054,8 @@ function check_url_host($url, $msg='', $return_url=G5_URL) } //php 5.6.29 이하 버전에서는 parse_url 버그가 존재함 - if ( (isset($p['host']) && $p['host']) && version_compare(PHP_VERSION, '5.6.29') < 0) { + //php 7.0.1 ~ 7.0.5 버전에서는 parse_url 버그가 존재함 + if ( (isset($p['host']) && $p['host']) ) { $bool_ch = false; foreach( array('user','host') as $key) { if ( isset( $p[ $key ] ) && strpbrk( $p[ $key ], ':/?#@' ) ) { @@ -3345,6 +3362,11 @@ function is_include_path_check($path='', $is_input='') { if( $path ){ if ($is_input){ + + if( strpos($path, 'php://') !== false || strpos($path, 'zlib://') !== false || strpos($path, 'bzip2://') !== false || strpos($path, 'zip://') !== false ){ + return false; + } + try { // whether $path is unix or not $unipath = strlen($path)==0 || $path{0}!='/'; diff --git a/lib/latest.lib.php b/lib/latest.lib.php index 55dd826db..a37ba466e 100644 --- a/lib/latest.lib.php +++ b/lib/latest.lib.php @@ -61,6 +61,10 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40, $cache_time= $sql = " select * from {$tmp_write_table} where wr_is_comment = 0 order by wr_num limit 0, {$rows} "; $result = sql_query($sql); for ($i=0; $row = sql_fetch_array($result); $i++) { + try { + unset($row['wr_password']); + } catch (Exception $e) { + } $list[$i] = get_list($row, $board, $latest_skin_url, $subject_len); } diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php index fe4cd096e..daa532271 100644 --- a/mobile/skin/board/basic/view.skin.php +++ b/mobile/skin/board/basic/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/mobile/skin/board/gallery/view.skin.php b/mobile/skin/board/gallery/view.skin.php index ae09a062f..c55789bdd 100644 --- a/mobile/skin/board/gallery/view.skin.php +++ b/mobile/skin/board/gallery/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/mobile/skin/member/basic/memo.skin.php b/mobile/skin/member/basic/memo.skin.php index fafd275a2..59bf5dbc6 100644 --- a/mobile/skin/member/basic/memo.skin.php +++ b/mobile/skin/member/basic/memo.skin.php @@ -30,6 +30,9 @@ add_stylesheet('', 자료가 없습니다."; } ?> + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/mobile/skin/member/basic/memo_view.skin.php b/mobile/skin/member/basic/memo_view.skin.php index ae87bfacf..0247ca624 100644 --- a/mobile/skin/member/basic/memo_view.skin.php +++ b/mobile/skin/member/basic/memo_view.skin.php @@ -50,7 +50,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 \ No newline at end of file diff --git a/plugin/editor/cheditor5/editor.lib.php b/plugin/editor/cheditor5/editor.lib.php index 6c0c578d2..bb91e300b 100644 --- a/plugin/editor/cheditor5/editor.lib.php +++ b/plugin/editor/cheditor5/editor.lib.php @@ -3,11 +3,17 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 function editor_html($id, $content, $is_dhtml_editor=true) { - global $config, $w, $board; + global $config, $w, $board, $write; global $editor_width, $editor_height; static $js = true; - if( $is_dhtml_editor && $content && !$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']) ) ){ //글쓰기 기본 내용 처리 + if( + $is_dhtml_editor && $content && + ( + (!$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']))) + || ($w == 'u' && isset($write['wr_option']) && strpos($write['wr_option'], 'html') === false ) + ) + ){ //글쓰기 기본 내용 처리 if( preg_match('/\r|\n/', $content) && $content === strip_tags($content, '') ) { //textarea로 작성되고, html 내용이 없다면 $content = nl2br($content); } @@ -15,7 +21,7 @@ function editor_html($id, $content, $is_dhtml_editor=true) $width = isset($editor_width) ? $editor_width : "100%"; $height = isset($editor_height) ? $editor_height : "250px"; - if (defined(G5_PUNYCODE)) + if (defined('G5_PUNYCODE')) $editor_url = G5_PUNYCODE.'/'.G5_EDITOR_DIR.'/'.$config['cf_editor']; else $editor_url = G5_EDITOR_URL.'/'.$config['cf_editor']; diff --git a/plugin/editor/smarteditor2/editor.lib.php b/plugin/editor/smarteditor2/editor.lib.php index d77d75a39..ef11fd9e1 100644 --- a/plugin/editor/smarteditor2/editor.lib.php +++ b/plugin/editor/smarteditor2/editor.lib.php @@ -3,10 +3,16 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 function editor_html($id, $content, $is_dhtml_editor=true) { - global $g5, $config, $w, $board; + global $g5, $config, $w, $board, $write; static $js = true; - if( $is_dhtml_editor && $content && !$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']) ) ){ //글쓰기 기본 내용 처리 + if( + $is_dhtml_editor && $content && + ( + (!$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']))) + || ($w == 'u' && isset($write['wr_option']) && strpos($write['wr_option'], 'html') === false ) + ) + ){ //글쓰기 기본 내용 처리 if( preg_match('/\r|\n/', $content) && $content === strip_tags($content, '') ) { //textarea로 작성되고, html 내용이 없다면 $content = nl2br($content); } diff --git a/skin/board/basic/view.skin.php b/skin/board/basic/view.skin.php index 7670a331c..741c830df 100644 --- a/skin/board/basic/view.skin.php +++ b/skin/board/basic/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/skin/board/gallery/view.skin.php b/skin/board/gallery/view.skin.php index 7670a331c..741c830df 100644 --- a/skin/board/gallery/view.skin.php +++ b/skin/board/gallery/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/skin/member/basic/memo.skin.php b/skin/member/basic/memo.skin.php index f7477b5bf..e6dbdad84 100644 --- a/skin/member/basic/memo.skin.php +++ b/skin/member/basic/memo.skin.php @@ -42,6 +42,9 @@ add_stylesheet('',
+ + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/skin/member/basic/memo_view.skin.php b/skin/member/basic/memo_view.skin.php index 87f15ce42..be66df47b 100644 --- a/skin/member/basic/memo_view.skin.php +++ b/skin/member/basic/memo_view.skin.php @@ -53,7 +53,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 diff --git a/theme/basic/mobile/skin/board/basic/view.skin.php b/theme/basic/mobile/skin/board/basic/view.skin.php index e93963c8b..d8f85841d 100644 --- a/theme/basic/mobile/skin/board/basic/view.skin.php +++ b/theme/basic/mobile/skin/board/basic/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/theme/basic/mobile/skin/board/gallery/view.skin.php b/theme/basic/mobile/skin/board/gallery/view.skin.php index 2d629ef51..3aba3abcf 100644 --- a/theme/basic/mobile/skin/board/gallery/view.skin.php +++ b/theme/basic/mobile/skin/board/gallery/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/theme/basic/mobile/skin/member/basic/memo.skin.php b/theme/basic/mobile/skin/member/basic/memo.skin.php index fafd275a2..59bf5dbc6 100644 --- a/theme/basic/mobile/skin/member/basic/memo.skin.php +++ b/theme/basic/mobile/skin/member/basic/memo.skin.php @@ -30,6 +30,9 @@ add_stylesheet('', 자료가 없습니다."; } ?> + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/theme/basic/mobile/skin/member/basic/memo_view.skin.php b/theme/basic/mobile/skin/member/basic/memo_view.skin.php index ae87bfacf..0247ca624 100644 --- a/theme/basic/mobile/skin/member/basic/memo_view.skin.php +++ b/theme/basic/mobile/skin/member/basic/memo_view.skin.php @@ -50,7 +50,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 \ No newline at end of file diff --git a/theme/basic/skin/board/basic/view.skin.php b/theme/basic/skin/board/basic/view.skin.php index 7670a331c..741c830df 100644 --- a/theme/basic/skin/board/basic/view.skin.php +++ b/theme/basic/skin/board/basic/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/theme/basic/skin/board/gallery/view.skin.php b/theme/basic/skin/board/gallery/view.skin.php index 7670a331c..741c830df 100644 --- a/theme/basic/skin/board/gallery/view.skin.php +++ b/theme/basic/skin/board/gallery/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/theme/basic/skin/member/basic/memo.skin.php b/theme/basic/skin/member/basic/memo.skin.php index f7477b5bf..e6dbdad84 100644 --- a/theme/basic/skin/member/basic/memo.skin.php +++ b/theme/basic/skin/member/basic/memo.skin.php @@ -42,6 +42,9 @@ add_stylesheet('', + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/theme/basic/skin/member/basic/memo_view.skin.php b/theme/basic/skin/member/basic/memo_view.skin.php index 87f15ce42..be66df47b 100644 --- a/theme/basic/skin/member/basic/memo_view.skin.php +++ b/theme/basic/skin/member/basic/memo_view.skin.php @@ -53,7 +53,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기