From fc976f2bedd6c7484844ab6de95236863b228496 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 5 Jan 2018 10:19:47 +0900 Subject: [PATCH 01/24] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=EC=84=A4?= =?UTF-8?q?=EB=AC=B8=EC=A1=B0=EC=82=AC=20=ED=8E=98=EC=9D=B4=EC=A7=80=20?= =?UTF-8?q?=ED=95=84=ED=84=B0=EA=B5=AC=EB=AC=B8=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/poll_form_update.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/adm/poll_form_update.php b/adm/poll_form_update.php index a3cba14ad..2d01fe6dd 100644 --- a/adm/poll_form_update.php +++ b/adm/poll_form_update.php @@ -10,6 +10,40 @@ auth_check($auth[$sub_menu], 'w'); check_admin_token(); +$check_keys = array( +'po_subject', +'po_poll1', +'po_poll2', +'po_poll3', +'po_poll4', +'po_poll5', +'po_poll6', +'po_poll7', +'po_poll8', +'po_poll9', +'po_cnt1', +'po_cnt2', +'po_cnt3', +'po_cnt4', +'po_cnt5', +'po_cnt6', +'po_cnt7', +'po_cnt8', +'po_cnt9', +'po_etc', +'po_level', +'po_point', +'po_id' +); + +foreach( $_POST as $key=>$value ){ + if( empty($value) ) continue; + + if( in_array($key, $check_keys) ) { + $_POST[$key] = strip_tags($value); + } +} + if ($w == '') { $sql = " insert {$g5['poll_table']} From 18749864c094b574c946d97f30c6774bcdbf5a72 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 19 Jan 2018 16:05:33 +0900 Subject: [PATCH 02/24] =?UTF-8?q?=EB=A9=94=EB=AA=A8=EC=97=90=20=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=EC=A7=95=20=EC=A0=81=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo.php | 10 ++++++++-- bbs/memo_view.php | 12 ++++++++++-- mobile/skin/member/basic/memo.skin.php | 3 +++ mobile/skin/member/basic/memo_view.skin.php | 2 +- skin/member/basic/memo.skin.php | 3 +++ skin/member/basic/memo_view.skin.php | 2 +- theme/basic/mobile/skin/member/basic/memo.skin.php | 3 +++ .../mobile/skin/member/basic/memo_view.skin.php | 2 +- theme/basic/skin/member/basic/memo.skin.php | 3 +++ theme/basic/skin/member/basic/memo_view.skin.php | 2 +- 10 files changed, 34 insertions(+), 8 deletions(-) diff --git a/bbs/memo.php b/bbs/memo.php index 56288d93f..5d0de7892 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -22,6 +22,10 @@ $sql = " select count(*) as cnt from {$g5['memo_table']} where me_{$kind}_mb_id $row = sql_fetch($sql); $total_count = number_format($row['cnt']); +$total_page = ceil($total_count / $config['cf_page_rows']); // 전체 페이지 계산 +if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) +$from_record = ((int) $page - 1) * $config['cf_page_rows']; // 시작 열을 구함 + if ($kind == 'recv') { $kind_title = '받은'; @@ -41,7 +45,7 @@ $sql = " select a.*, b.mb_id, b.mb_nick, b.mb_email, b.mb_homepage from {$g5['memo_table']} a left join {$g5['member_table']} b on (a.me_{$unkind}_mb_id = b.mb_id) where a.me_{$kind}_mb_id = '{$member['mb_id']}' - order by a.me_id desc "; + order by a.me_id desc limit $from_record, {$config['cf_page_rows']} "; $result = sql_query($sql); for ($i=0; $row=sql_fetch_array($result); $i++) { @@ -66,10 +70,12 @@ for ($i=0; $row=sql_fetch_array($result); $i++) $list[$i]['name'] = $name; $list[$i]['send_datetime'] = $send_datetime; $list[$i]['read_datetime'] = $read_datetime; - $list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&kind='.$kind; + $list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&kind='.$kind.'&page='.$page; $list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&token='.$token.'&kind='.$kind; } +$write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "./memo.php?kind=$kind".$qstr."&page="); + include_once($member_skin_path.'/memo.skin.php'); include_once(G5_PATH.'/tail.sub.php'); diff --git a/bbs/memo_view.php b/bbs/memo_view.php index 19d021108..e032c9fca 100644 --- a/bbs/memo_view.php +++ b/bbs/memo_view.php @@ -57,14 +57,22 @@ $sql = " select * from {$g5[memo_table]} order by me_id desc limit 1 "; $next = sql_fetch($sql); -if ($next[me_id]) - $next_link = './memo_view.php?kind='.$kind.'&me_id='.$next[me_id]; +if ($next['me_id']) + $next_link = './memo_view.php?kind='.$kind.'&me_id='.$next['me_id']; else //$next_link = 'javascript:alert(\'쪽지의 마지막입니다.\');'; $next_link = ''; $mb = get_member($memo['me_'.$unkind.'_mb_id']); +$list_link = './memo.php?kind='.$kind; + +if(isset($page) && $page){ + $prev_link .= '&page='.(int) $page; + $next_link .= '&page='.(int) $page; + $list_link .= '&page='.(int) $page; +} + include_once($member_skin_path.'/memo_view.skin.php'); include_once(G5_PATH.'/tail.sub.php'); diff --git a/mobile/skin/member/basic/memo.skin.php b/mobile/skin/member/basic/memo.skin.php index fafd275a2..59bf5dbc6 100644 --- a/mobile/skin/member/basic/memo.skin.php +++ b/mobile/skin/member/basic/memo.skin.php @@ -30,6 +30,9 @@ add_stylesheet('', 자료가 없습니다."; } ?> + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/mobile/skin/member/basic/memo_view.skin.php b/mobile/skin/member/basic/memo_view.skin.php index ae87bfacf..0247ca624 100644 --- a/mobile/skin/member/basic/memo_view.skin.php +++ b/mobile/skin/member/basic/memo_view.skin.php @@ -50,7 +50,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 \ No newline at end of file diff --git a/skin/member/basic/memo.skin.php b/skin/member/basic/memo.skin.php index f7477b5bf..e6dbdad84 100644 --- a/skin/member/basic/memo.skin.php +++ b/skin/member/basic/memo.skin.php @@ -42,6 +42,9 @@ add_stylesheet('', + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/skin/member/basic/memo_view.skin.php b/skin/member/basic/memo_view.skin.php index 87f15ce42..be66df47b 100644 --- a/skin/member/basic/memo_view.skin.php +++ b/skin/member/basic/memo_view.skin.php @@ -53,7 +53,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 diff --git a/theme/basic/mobile/skin/member/basic/memo.skin.php b/theme/basic/mobile/skin/member/basic/memo.skin.php index fafd275a2..59bf5dbc6 100644 --- a/theme/basic/mobile/skin/member/basic/memo.skin.php +++ b/theme/basic/mobile/skin/member/basic/memo.skin.php @@ -30,6 +30,9 @@ add_stylesheet('', 자료가 없습니다."; } ?> + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/theme/basic/mobile/skin/member/basic/memo_view.skin.php b/theme/basic/mobile/skin/member/basic/memo_view.skin.php index ae87bfacf..0247ca624 100644 --- a/theme/basic/mobile/skin/member/basic/memo_view.skin.php +++ b/theme/basic/mobile/skin/member/basic/memo_view.skin.php @@ -50,7 +50,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 \ No newline at end of file diff --git a/theme/basic/skin/member/basic/memo.skin.php b/theme/basic/skin/member/basic/memo.skin.php index f7477b5bf..e6dbdad84 100644 --- a/theme/basic/skin/member/basic/memo.skin.php +++ b/theme/basic/skin/member/basic/memo.skin.php @@ -42,6 +42,9 @@ add_stylesheet('', + + +

쪽지 보관일수는 최장 일 입니다.

diff --git a/theme/basic/skin/member/basic/memo_view.skin.php b/theme/basic/skin/member/basic/memo_view.skin.php index 87f15ce42..be66df47b 100644 --- a/theme/basic/skin/member/basic/memo_view.skin.php +++ b/theme/basic/skin/member/basic/memo_view.skin.php @@ -53,7 +53,7 @@ add_stylesheet('', 다음쪽지 답장 - 목록보기 + 목록보기 From 80d47facff0bd92e63b1dd525716c273b481e800 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 19 Jan 2018 18:23:57 +0900 Subject: [PATCH 03/24] =?UTF-8?q?=EB=AC=B8=EB=B2=95=20=EC=98=A4=EB=A5=98?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/editor/cheditor5/editor.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/editor/cheditor5/editor.lib.php b/plugin/editor/cheditor5/editor.lib.php index 6c0c578d2..1bd4df6a4 100644 --- a/plugin/editor/cheditor5/editor.lib.php +++ b/plugin/editor/cheditor5/editor.lib.php @@ -15,7 +15,7 @@ function editor_html($id, $content, $is_dhtml_editor=true) $width = isset($editor_width) ? $editor_width : "100%"; $height = isset($editor_height) ? $editor_height : "250px"; - if (defined(G5_PUNYCODE)) + if (defined('G5_PUNYCODE')) $editor_url = G5_PUNYCODE.'/'.G5_EDITOR_DIR.'/'.$config['cf_editor']; else $editor_url = G5_EDITOR_URL.'/'.$config['cf_editor']; From f9b82cfbfb737635fa7575e29024cb33d6c114a3 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 5 Feb 2018 17:05:11 +0900 Subject: [PATCH 04/24] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=A3=BC?= =?UTF-8?q?=EC=84=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/board/basic/view.skin.php | 2 +- mobile/skin/board/gallery/view.skin.php | 2 +- skin/board/basic/view.skin.php | 2 +- skin/board/gallery/view.skin.php | 2 +- theme/basic/mobile/skin/board/basic/view.skin.php | 2 +- theme/basic/mobile/skin/board/gallery/view.skin.php | 2 +- theme/basic/skin/board/basic/view.skin.php | 2 +- theme/basic/skin/board/gallery/view.skin.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php index fe4cd096e..daa532271 100644 --- a/mobile/skin/board/basic/view.skin.php +++ b/mobile/skin/board/basic/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/mobile/skin/board/gallery/view.skin.php b/mobile/skin/board/gallery/view.skin.php index ae09a062f..c55789bdd 100644 --- a/mobile/skin/board/gallery/view.skin.php +++ b/mobile/skin/board/gallery/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/skin/board/basic/view.skin.php b/skin/board/basic/view.skin.php index 7670a331c..741c830df 100644 --- a/skin/board/basic/view.skin.php +++ b/skin/board/basic/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/skin/board/gallery/view.skin.php b/skin/board/gallery/view.skin.php index 7670a331c..741c830df 100644 --- a/skin/board/gallery/view.skin.php +++ b/skin/board/gallery/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/theme/basic/mobile/skin/board/basic/view.skin.php b/theme/basic/mobile/skin/board/basic/view.skin.php index e93963c8b..d8f85841d 100644 --- a/theme/basic/mobile/skin/board/basic/view.skin.php +++ b/theme/basic/mobile/skin/board/basic/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/theme/basic/mobile/skin/board/gallery/view.skin.php b/theme/basic/mobile/skin/board/gallery/view.skin.php index 2d629ef51..3aba3abcf 100644 --- a/theme/basic/mobile/skin/board/gallery/view.skin.php +++ b/theme/basic/mobile/skin/board/gallery/view.skin.php @@ -141,7 +141,7 @@ add_stylesheet('', 0 ?>
- +

diff --git a/theme/basic/skin/board/basic/view.skin.php b/theme/basic/skin/board/basic/view.skin.php index 7f53d70d7..82225527e 100644 --- a/theme/basic/skin/board/basic/view.skin.php +++ b/theme/basic/skin/board/basic/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

diff --git a/theme/basic/skin/board/gallery/view.skin.php b/theme/basic/skin/board/gallery/view.skin.php index 7f53d70d7..82225527e 100644 --- a/theme/basic/skin/board/gallery/view.skin.php +++ b/theme/basic/skin/board/gallery/view.skin.php @@ -149,7 +149,7 @@ add_stylesheet('', 0
- +

From 58aaef82614772868f02444f2cef1a281fa912b7 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 14 Feb 2018 11:50:40 +0900 Subject: [PATCH 05/24] =?UTF-8?q?TEXTAREA=20=EB=A1=9C=20=EC=9E=91=EC=84=B1?= =?UTF-8?q?=EB=90=9C=20=EA=B8=80=EC=9D=84=20=EC=97=90=EB=94=94=ED=84=B0?= =?UTF-8?q?=EB=A1=9C=20=EA=B8=80=20=EC=88=98=EC=A0=95=EC=8B=9C=20=EC=83=9D?= =?UTF-8?q?=EA=B8=B0=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/editor/cheditor5/editor.lib.php | 10 ++++++++-- plugin/editor/smarteditor2/editor.lib.php | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/plugin/editor/cheditor5/editor.lib.php b/plugin/editor/cheditor5/editor.lib.php index 1bd4df6a4..bb91e300b 100644 --- a/plugin/editor/cheditor5/editor.lib.php +++ b/plugin/editor/cheditor5/editor.lib.php @@ -3,11 +3,17 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 function editor_html($id, $content, $is_dhtml_editor=true) { - global $config, $w, $board; + global $config, $w, $board, $write; global $editor_width, $editor_height; static $js = true; - if( $is_dhtml_editor && $content && !$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']) ) ){ //글쓰기 기본 내용 처리 + if( + $is_dhtml_editor && $content && + ( + (!$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']))) + || ($w == 'u' && isset($write['wr_option']) && strpos($write['wr_option'], 'html') === false ) + ) + ){ //글쓰기 기본 내용 처리 if( preg_match('/\r|\n/', $content) && $content === strip_tags($content, '') ) { //textarea로 작성되고, html 내용이 없다면 $content = nl2br($content); } diff --git a/plugin/editor/smarteditor2/editor.lib.php b/plugin/editor/smarteditor2/editor.lib.php index d77d75a39..ef11fd9e1 100644 --- a/plugin/editor/smarteditor2/editor.lib.php +++ b/plugin/editor/smarteditor2/editor.lib.php @@ -3,10 +3,16 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 function editor_html($id, $content, $is_dhtml_editor=true) { - global $g5, $config, $w, $board; + global $g5, $config, $w, $board, $write; static $js = true; - if( $is_dhtml_editor && $content && !$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']) ) ){ //글쓰기 기본 내용 처리 + if( + $is_dhtml_editor && $content && + ( + (!$w && (isset($board['bo_insert_content']) && !empty($board['bo_insert_content']))) + || ($w == 'u' && isset($write['wr_option']) && strpos($write['wr_option'], 'html') === false ) + ) + ){ //글쓰기 기본 내용 처리 if( preg_match('/\r|\n/', $content) && $content === strip_tags($content, '') ) { //textarea로 작성되고, html 내용이 없다면 $content = nl2br($content); } From f50b4d419f6c3c7573931cd2d6574f066c49f6fc Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 20 Feb 2018 18:36:00 +0900 Subject: [PATCH 06/24] =?UTF-8?q?=EC=8A=A4=ED=81=AC=EB=9E=A9=20=EB=8C=93?= =?UTF-8?q?=EA=B8=80=20=EC=82=AD=EC=A0=9C=EC=8B=9C=20=ED=8F=AC=EC=9D=B8?= =?UTF-8?q?=ED=8A=B8=EB=82=B4=EC=97=AD=EC=9D=B4=20=EC=82=AC=EB=9D=BC?= =?UTF-8?q?=EC=A7=80=EC=A7=80=20=EC=95=8A=EB=8A=94=20=EC=98=A4=EB=A5=98=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/scrap_popin_update.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bbs/scrap_popin_update.php b/bbs/scrap_popin_update.php index 5c94f90b6..48513ea8b 100644 --- a/bbs/scrap_popin_update.php +++ b/bbs/scrap_popin_update.php @@ -45,6 +45,14 @@ if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level'])) // 원글이 존재한다면 if ($wr['wr_id']) { + + // 세션의 시간 검사 + // 4.00.15 - 댓글 수정시 연속 게시물 등록 메시지로 인한 오류 수정 + if ($w == 'c' && $_SESSION['ss_datetime'] >= (G5_SERVER_TIME - $config['cf_delay_sec']) && !$is_admin) + alert('너무 빠른 시간내에 게시물을 연속해서 올릴 수 없습니다.'); + + set_session('ss_datetime', G5_SERVER_TIME); + $mb_id = $member['mb_id']; $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; @@ -86,7 +94,7 @@ if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level'])) sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment + 1 where bo_table = '$bo_table' "); // 포인트 부여 - insert_point($member['mb_id'], $board['bo_comment_point'], "{$board['bo_subject']} {$wr_id}-{$comment_id} 코멘트쓰기", $bo_table, $comment_id, '코멘트'); + insert_point($member['mb_id'], $board['bo_comment_point'], "{$board['bo_subject']} {$wr_id}-{$comment_id} 댓글쓰기(스크랩)", $bo_table, $comment_id, '댓글'); } } From 9e8f75e8fa91498a75bb3cf95b0bf97922584a0e Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 26 Feb 2018 09:04:15 +0900 Subject: [PATCH 07/24] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EC=9D=B4=20=EC=93=B4?= =?UTF-8?q?=20=EA=B3=B5=EC=A7=80=EA=B8=80=EC=9D=84=20=EC=88=98=EC=A0=95?= =?UTF-8?q?=ED=95=A0=20=EA=B2=BD=EC=9A=B0=20=EA=B3=B5=EC=A7=80=EA=B0=80=20?= =?UTF-8?q?=ED=92=80=EB=A6=AC=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index 2b37dbd23..5b2b6f945 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -129,6 +129,16 @@ for ($i=1; $i<=10; $i++) { if ($w == '' || $w == 'u') { + // 외부에서 글을 등록할 수 있는 버그가 존재하므로 공지는 관리자만 등록이 가능해야 함 + if (!$is_admin && $notice) { + alert('관리자만 공지할 수 있습니다.'); + } + + //회원 자신이 쓴글을 수정할 경우 공지가 풀리는 경우가 있음 + if($w =='u' && $board['bo_notice'] && in_array($wr['wr_id'], $notice_array)){ + $notice = 1; + } + // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 if($w =='u' && $member['mb_id'] && $wr['mb_id'] == $member['mb_id']) { ; @@ -136,11 +146,6 @@ if ($w == '' || $w == 'u') { alert('글을 쓸 권한이 없습니다.'); } - // 외부에서 글을 등록할 수 있는 버그가 존재하므로 공지는 관리자만 등록이 가능해야 함 - if (!$is_admin && $notice) { - alert('관리자만 공지할 수 있습니다.'); - } - } else if ($w == 'r') { if (in_array((int)$wr_id, $notice_array)) { From 5b9b29fdfeee72799948c0bca492d2ba9c361540 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 26 Feb 2018 11:50:17 +0900 Subject: [PATCH 08/24] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EA=B2=80?= =?UTF-8?q?=EC=83=89=EC=8B=9C=200=20=EB=AC=B8=EC=9E=90=EC=97=B4=EB=A1=9C?= =?UTF-8?q?=20=EA=B2=80=EC=83=89=ED=95=A0=EC=88=98=20=EC=9E=88=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/list.php | 14 +++++++++----- bbs/view.php | 2 +- common.php | 2 +- lib/common.lib.php | 4 ++-- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/bbs/list.php b/bbs/list.php index 1bb0e4cd0..4752a316c 100644 --- a/bbs/list.php +++ b/bbs/list.php @@ -33,7 +33,11 @@ if ($sop != 'and' && $sop != 'or') // 분류 선택 또는 검색어가 있다면 $stx = trim($stx); -if ($sca || $stx) { +//검색인지 아닌지 구분하는 변수 초기화 +$is_search_bbs = false; + +if ($sca || $stx || $stx === '0') { //검색이면 + $is_search_bbs = true; //검색구분변수 true 지정 $sql_search = get_sql_search($sca, $sfl, $stx, $sop); // 가장 작은 번호를 얻어서 변수에 저장 (하단의 페이징에서 사용) @@ -80,7 +84,7 @@ $notice_count = 0; $notice_array = array(); // 공지 처리 -if (!$sca && !$stx) { +if (!$is_search_bbs) { $arr_notice = explode(',', trim($board['bo_notice'])); $from_notice_idx = ($page - 1) * $page_rows; if($from_notice_idx < 0) @@ -162,7 +166,7 @@ if ($sst) { $sql_order = " order by {$sst} {$sod} "; } -if ($sca || $stx) { +if ($is_search_bbs) { $sql = " select distinct wr_parent from {$write_table} where {$sql_search} {$sql_order} limit {$from_record}, $page_rows "; } else { $sql = " select * from {$write_table} where wr_is_comment = 0 "; @@ -180,7 +184,7 @@ if($page_rows > 0) { while ($row = sql_fetch_array($result)) { // 검색일 경우 wr_id만 얻었으므로 다시 한행을 얻는다 - if ($sca || $stx) + if ($is_search_bbs) $row = sql_fetch(" select * from {$write_table} where wr_id = '{$row['wr_parent']}' "); $list[$i] = get_list($row, $board, $board_skin_url, G5_IS_MOBILE ? $board['bo_mobile_subject_len'] : $board['bo_subject_len']); @@ -201,7 +205,7 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c $list_href = ''; $prev_part_href = ''; $next_part_href = ''; -if ($sca || $stx) { +if ($is_search_bbs) { $list_href = './board.php?bo_table='.$bo_table; $patterns = array('#&page=[0-9]*#', '#&spt=[0-9\-]*#'); diff --git a/bbs/view.php b/bbs/view.php index 1031da62c..1cfe55f67 100644 --- a/bbs/view.php +++ b/bbs/view.php @@ -10,7 +10,7 @@ if ($sop != 'and' && $sop != 'or') $sql_search = ""; // 검색이면 -if ($sca || $stx) { +if ($sca || $stx || $stx === '0') { // where 문을 얻음 $sql_search = get_sql_search($sca, $sfl, $stx, $sop); $search_href = './board.php?bo_table='.$bo_table.'&page='.$page.$qstr; diff --git a/common.php b/common.php index acf9a345a..68970c9c7 100644 --- a/common.php +++ b/common.php @@ -250,7 +250,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) $stx = get_search_string(trim($_REQUEST['stx'])); - if ($stx) + if ($stx || $stx === '0') $qstr .= '&stx=' . urlencode(cut_str($stx, 20, '')); } else { $stx = ''; diff --git a/lib/common.lib.php b/lib/common.lib.php index b194ffeeb..23f0db8ff 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -458,7 +458,7 @@ function search_font($stx, $str) $src = array('/', '|'); $dst = array('\/', '\|'); - if (!trim($stx)) return $str; + if (!trim($stx) && $stx !== '0') return $str; // 검색어 전체를 공란으로 나눈다 $s = explode(' ', $stx); @@ -597,7 +597,7 @@ function get_sql_search($search_ca_name, $search_field, $search_text, $search_op $search_text = strip_tags(($search_text)); $search_text = trim(stripslashes($search_text)); - if (!$search_text) { + if (!$search_text && $search_text !== '0') { if ($search_ca_name) { return $str; } else { From c032ed6647404eed7e6ff622faafda0262e47cbe Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 26 Feb 2018 16:37:05 +0900 Subject: [PATCH 09/24] =?UTF-8?q?=EC=B2=A8=EB=B6=80=ED=8C=8C=EC=9D=BC?= =?UTF-8?q?=EB=AA=85=EC=9D=B4=20=EC=99=B8=EA=B5=AD=EC=96=B4=EC=9D=BC?= =?UTF-8?q?=EC=8B=9C=20=20=EB=8B=A4=EC=9A=B4=EB=A1=9C=EB=93=9C=20=EC=9D=B4?= =?UTF-8?q?=EC=8A=88=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/download.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bbs/download.php b/bbs/download.php index 977f17674..ba4c8b0d7 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -76,8 +76,12 @@ if (!get_session($ss_name)) $g5['title'] = '다운로드 > '.conv_subject($write['wr_subject'], 255); -//$original = urlencode($file['bf_source']); -$original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 +//파일명에 한글이 있는 경우 +if(preg_match("/[\xA1-\xFE][\xA1-\xFE]/", $file['bf_source'])){ + $original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 +} else { + $original = urlencode($file['bf_source']); +} @include_once($board_skin_path.'/download.tail.skin.php'); @@ -86,6 +90,11 @@ if(preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_ header("content-length: ".filesize("$filepath")); header("content-disposition: attachment; filename=\"$original\""); header("content-transfer-encoding: binary"); +} else if (preg_match("/Firefox/i", $_SERVER['HTTP_USER_AGENT'])){ + header("content-type: file/unknown"); + header("content-length: ".filesize("$filepath")); + header("content-disposition: attachment; filename=\"".basename($file['bf_source'])."\""); + header("content-description: php generated data"); } else { header("content-type: file/unknown"); header("content-length: ".filesize("$filepath")); From a4c3a4b5e97f9d11a4d2bd7f3944b73a7cdc037e Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 9 Mar 2018 10:56:30 +0900 Subject: [PATCH 10/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20UR?= =?UTF-8?q?L=20Redirect=20=EC=B7=A8=EC=95=BD=EC=A0=90(KVE-2017-1052)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/common.lib.php b/lib/common.lib.php index 23f0db8ff..e1a65c8cd 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3016,6 +3016,22 @@ function check_url_host($url, $msg='', $return_url=G5_URL) $p = @parse_url($url); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $is_host_check = false; + + // url을 urlencode 를 2번이상하면 parse_url 에서 scheme와 host 값을 가져올수 없는 취약점이 존재함 + if ( !isset($p['host']) && urldecode($url) != $url ){ + $i = 0; + while($i <= 3){ + $url = urldecode($url); + if( urldecode($url) == $url ) break; + $i++; + } + + if( urldecode($url) == $url ){ + $p = @parse_url($url); + } else { + $is_host_check = true; + } + } if(stripos($url, 'http:') !== false) { if(!isset($p['scheme']) || !$p['scheme'] || !isset($p['host']) || !$p['host']) From 4aeae4915a548460c3b3c7ab6970384b0c7de7b2 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 12 Mar 2018 09:17:05 +0900 Subject: [PATCH 11/24] =?UTF-8?q?=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/faqformupdate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/faqformupdate.php b/adm/faqformupdate.php index fa9562ce2..35b8dcb30 100644 --- a/adm/faqformupdate.php +++ b/adm/faqformupdate.php @@ -5,7 +5,7 @@ include_once('./_common.php'); if ($w == "u" || $w == "d") check_demo(); -if ($W == 'd') +if ($w == 'd') auth_check($auth[$sub_menu], "d"); else auth_check($auth[$sub_menu], "w"); From 81b39b59c39cf650d7315091425765c1aaceb518 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 12 Mar 2018 15:00:58 +0900 Subject: [PATCH 12/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20Re?= =?UTF-8?q?flected=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(KVE-2018-0086)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/num_book_move.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/sms_admin/num_book_move.php b/adm/sms_admin/num_book_move.php index 1a68adece..9d660228a 100644 --- a/adm/sms_admin/num_book_move.php +++ b/adm/sms_admin/num_book_move.php @@ -33,7 +33,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) - +
From d7b5c9a4bda20d0f6af5a35d37fc8244c326f1ae Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 12 Mar 2018 18:14:19 +0900 Subject: [PATCH 13/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C,=20?= =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20(18-062,=20092,=20101,=20102)=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form_update.php | 12 ++++++------ adm/board_list_update.php | 33 +++++++++++++++++---------------- adm/qa_config_update.php | 12 ++++++------ adm/sms_admin/emoticon_move.php | 5 +++-- 4 files changed, 32 insertions(+), 30 deletions(-) diff --git a/adm/board_form_update.php b/adm/board_form_update.php index d2cb9e76e..71341fbbe 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -18,18 +18,18 @@ $_POST['bo_include_head'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_incl $_POST['bo_include_tail'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_include_tail'], 0, 255)); if ($file = $_POST['bo_include_head']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_head'] = $file; } if ($file = $_POST['bo_include_tail']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_tail'] = $file; diff --git a/adm/board_list_update.php b/adm/board_list_update.php index a26e521d6..90a1c5d33 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -8,6 +8,8 @@ if (!count($_POST['chk'])) { alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); } +check_admin_token(); + if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'w'); @@ -19,7 +21,7 @@ if ($_POST['act_button'] == "선택수정") { if ($is_admin != 'super') { $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b - where a.gr_id = '{$_POST['gr_id'][$k]}' + where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."' and a.gr_id = b.gr_id and b.gr_admin = '{$member['mb_id']}' "; $row = sql_fetch($sql); @@ -28,19 +30,20 @@ if ($_POST['act_button'] == "선택수정") { } $sql = " update {$g5['board_table']} - set gr_id = '{$_POST['gr_id'][$k]}', - bo_subject = '{$_POST['bo_subject'][$k]}', - bo_device = '{$_POST['bo_device'][$k]}', - bo_skin = '{$_POST['bo_skin'][$k]}', - bo_mobile_skin = '{$_POST['bo_mobile_skin'][$k]}', - bo_read_point = '{$_POST['bo_read_point'][$k]}', - bo_write_point = '{$_POST['bo_write_point'][$k]}', - bo_comment_point = '{$_POST['bo_comment_point'][$k]}', - bo_download_point = '{$_POST['bo_download_point'][$k]}', - bo_use_search = '{$_POST['bo_use_search'][$k]}', - bo_use_sns = '{$_POST['bo_use_sns'][$k]}', - bo_order = '{$_POST['bo_order'][$k]}' - where bo_table = '{$_POST['board_table'][$k]}' "; + set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."', + bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."', + bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."', + bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."', + bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."', + bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."', + bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."', + bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."', + bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."', + bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."', + bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."', + bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."' + where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' "; + sql_query($sql); } @@ -51,8 +54,6 @@ if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'd'); - check_admin_token(); - // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함 define('_BOARD_DELETE_', true); diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 47adc9b88..b56dc1f47 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -11,17 +11,17 @@ check_admin_token(); $error_msg = ''; if( $qa_include_head ){ - $purl = parse_url($qa_include_head); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_head, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } if( $qa_include_tail ){ - $purl = parse_url($qa_include_tail); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_tail, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php index 592e273ce..075c7b4a4 100644 --- a/adm/sms_admin/emoticon_move.php +++ b/adm/sms_admin/emoticon_move.php @@ -11,7 +11,8 @@ auth_check($auth[$sub_menu], "r"); $g5['title'] = '이모티콘그룹 이동'; include_once(G5_PATH.'/head.sub.php'); -$fo_no_list = implode(',', $_POST['fo_no']); +$list = array(); //배열 변수 초기화 +$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : ''; $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no "; $result = sql_query($sql); @@ -27,7 +28,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
- +
From 06ad4e534af2790e5071470604dd208c8ab33e01 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 13 Mar 2018 16:11:52 +0900 Subject: [PATCH 14/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20?= =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90(17-1029,=2017-1047)=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.lib.php | 11 +++++++++++ adm/board_form_update.php | 4 ++-- adm/sms_admin/history_view.php | 15 +++++++++------ bbs/board.php | 8 ++++---- bbs/delete.php | 2 +- bbs/delete_comment.php | 8 ++++---- bbs/view.php | 2 +- bbs/view_comment.php | 6 +++--- bbs/write.php | 10 +++++----- bbs/write_comment_update.php | 6 +++--- bbs/write_update.php | 4 ++-- lib/common.lib.php | 5 +++++ 12 files changed, 50 insertions(+), 31 deletions(-) diff --git a/adm/admin.lib.php b/adm/admin.lib.php index 3a26820ad..deb752fca 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -355,6 +355,17 @@ function get_admin_token() return $token; } +//input value 에서 xss 공격 filter 역할을 함 ( 반드시 input value='' 타입에만 사용할것 ) +function get_sanitize_input($s, $is_html=false){ + + if(!$is_html){ + $s = strip_tags($s); + } + + $s = htmlspecialchars($s, ENT_QUOTES, 'utf-8'); + + return $s; +} // POST로 넘어온 토큰과 세션에 저장된 토큰 비교 function check_admin_token() diff --git a/adm/board_form_update.php b/adm/board_form_update.php index 71341fbbe..dd49120ba 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -36,11 +36,11 @@ if ($file = $_POST['bo_include_tail']) { } if(!is_include_path_check($_POST['bo_include_head'], 1)) { - alert('/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.'); + alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } if(!is_include_path_check($_POST['bo_include_tail'], 1)) { - alert('/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.'); + alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.'); } $board_path = G5_DATA_PATH.'/file/'.$bo_table; diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php index 7986d00c2..c745b7058 100644 --- a/adm/sms_admin/history_view.php +++ b/adm/sms_admin/history_view.php @@ -5,6 +5,9 @@ include_once("./_common.php"); $spage_size = 20; $colspan = 10; +$st = isset($st) ? strip_tags($st) : ''; +$ssv = isset($ssv) ? strip_tags($ssv) : ''; + auth_check($auth[$sub_menu], "r"); $g5['title'] = "문자전송 상세내역"; @@ -64,18 +67,18 @@ function all_send() - - - - - + + + + + - + diff --git a/bbs/board.php b/bbs/board.php index 4d734128c..ab37ff8b1 100644 --- a/bbs/board.php +++ b/bbs/board.php @@ -77,7 +77,7 @@ if (isset($wr_id) && $wr_id) { } // 자신의 글이거나 관리자라면 통과 - if (($write['mb_id'] && $write['mb_id'] == $member['mb_id']) || $is_admin) { + if (($write['mb_id'] && $write['mb_id'] === $member['mb_id']) || $is_admin) { ; } else { // 비밀글이라면 @@ -93,7 +93,7 @@ if (isset($wr_id) && $wr_id) { and wr_reply = '' and wr_is_comment = 0 "; $row = sql_fetch($sql); - if ($row['mb_id'] == $member['mb_id']) + if ($row['mb_id'] === $member['mb_id']) $is_owner = true; } @@ -120,7 +120,7 @@ if (isset($wr_id) && $wr_id) { sql_query(" update {$write_table} set wr_hit = wr_hit + 1 where wr_id = '{$wr_id}' "); // 자신의 글이면 통과 - if ($write['mb_id'] && $write['mb_id'] == $member['mb_id']) { + if ($write['mb_id'] && $write['mb_id'] === $member['mb_id']) { ; } else if ($is_guest && $board['bo_read_level'] == 1 && $write['wr_ip'] == $_SERVER['REMOTE_ADDR']) { // 비회원이면서 읽기레벨이 1이고 등록된 아이피가 같다면 자신의 글이므로 통과 @@ -219,7 +219,7 @@ if ($board['bo_use_nogood']) $admin_href = ""; // 최고관리자 또는 그룹관리자라면 -if ($member['mb_id'] && ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'])) +if ($member['mb_id'] && ($is_admin === 'super' || $group['gr_admin'] === $member['mb_id'])) $admin_href = G5_ADMIN_URL.'/board_form.php?w=u&bo_table='.$bo_table; include_once(G5_BBS_PATH.'/board_head.php'); diff --git a/bbs/delete.php b/bbs/delete.php index aafa8e889..09639a194 100644 --- a/bbs/delete.php +++ b/bbs/delete.php @@ -26,7 +26,7 @@ else if ($is_admin == 'group') { // 그룹관리자 else if ($member['mb_level'] < $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 alert('자신의 권한보다 높은 권한의 회원이 작성한 글은 삭제할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $write['mb_id']) + if ($member['mb_id'] !== $write['mb_id']) alert('자신의 글이 아니므로 삭제할 수 없습니다.'); } else { if ($write['mb_id']) diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php index 24c482c1e..326ef71e5 100644 --- a/bbs/delete_comment.php +++ b/bbs/delete_comment.php @@ -20,16 +20,16 @@ if ($is_admin == 'super') // 최고관리자 통과 ; else if ($is_admin == 'group') { // 그룹관리자 $mb = get_member($write['mb_id']); - if ($member['mb_id'] == $group['gr_admin']) { // 자신이 관리하는 그룹인가? + if ($member['mb_id'] === $group['gr_admin']) { // 자신이 관리하는 그룹인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else alert('그룹관리자의 권한보다 높은 회원의 코멘트이므로 삭제할 수 없습니다.'); } else alert('자신이 관리하는 그룹의 게시판이 아니므로 코멘트를 삭제할 수 없습니다.'); -} else if ($is_admin == 'board') { // 게시판관리자이면 +} else if ($is_admin === 'board') { // 게시판관리자이면 $mb = get_member($write['mb_id']); - if ($member['mb_id'] == $board['bo_admin']) { // 자신이 관리하는 게시판인가? + if ($member['mb_id'] === $board['bo_admin']) { // 자신이 관리하는 게시판인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -37,7 +37,7 @@ else if ($is_admin == 'group') { // 그룹관리자 } else alert('자신이 관리하는 게시판이 아니므로 코멘트를 삭제할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $write['mb_id']) + if ($member['mb_id'] !== $write['mb_id']) alert('자신의 글이 아니므로 삭제할 수 없습니다.'); } else { if (!check_password($wr_password, $write['wr_password'])) diff --git a/bbs/view.php b/bbs/view.php index 1cfe55f67..8f0c40acc 100644 --- a/bbs/view.php +++ b/bbs/view.php @@ -70,7 +70,7 @@ if ($member['mb_level'] >= $board['bo_reply_level']) // 수정, 삭제 링크 $update_href = $delete_href = ''; // 로그인중이고 자신의 글이라면 또는 관리자라면 비밀번호를 묻지 않고 바로 수정, 삭제 가능 -if (($member['mb_id'] && ($member['mb_id'] == $write['mb_id'])) || $is_admin) { +if (($member['mb_id'] && ($member['mb_id'] === $write['mb_id'])) || $is_admin) { $update_href = './write.php?w=u&bo_table='.$bo_table.'&wr_id='.$wr_id.'&page='.$page.$qstr; set_session('ss_delete_token', $token = uniqid(time())); $delete_href ='./delete.php?bo_table='.$bo_table.'&wr_id='.$wr_id.'&token='.$token.'&page='.$page.urldecode($qstr); diff --git a/bbs/view_comment.php b/bbs/view_comment.php index 472333d07..32c87e219 100644 --- a/bbs/view_comment.php +++ b/bbs/view_comment.php @@ -39,8 +39,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++) $list[$i]['content'] = $list[$i]['content1']= '비밀글 입니다.'; if (!strstr($row['wr_option'], 'secret') || $is_admin || - ($write['mb_id']==$member['mb_id'] && $member['mb_id']) || - ($row['mb_id']==$member['mb_id'] && $member['mb_id'])) { + ($write['mb_id']===$member['mb_id'] && $member['mb_id']) || + ($row['mb_id']===$member['mb_id'] && $member['mb_id'])) { $list[$i]['content1'] = $row['wr_content']; $list[$i]['content'] = conv_content($row['wr_content'], 0, 'wr_content'); $list[$i]['content'] = search_font($stx, $list[$i]['content']); @@ -71,7 +71,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) if ($member['mb_id']) { - if ($row['mb_id'] == $member['mb_id'] || $is_admin) + if ($row['mb_id'] === $member['mb_id'] || $is_admin) { set_session('ss_delete_comment_'.$row['wr_id'].'_token', $token = uniqid(time())); $list[$i]['del_link'] = './delete_comment.php?bo_table='.$bo_table.'&comment_id='.$row['wr_id'].'&token='.$token.'&page='.$page.$qstr; diff --git a/bbs/write.php b/bbs/write.php index 4282142de..dde0608da 100644 --- a/bbs/write.php +++ b/bbs/write.php @@ -56,7 +56,7 @@ if ($w == '') { } else if ($w == 'u') { // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 //if ($member['mb_level'] < $board['bo_write_level']) { - if($member['mb_id'] && $write['mb_id'] == $member['mb_id']) { + if($member['mb_id'] && $write['mb_id'] === $member['mb_id']) { ; } else if ($member['mb_level'] < $board['bo_write_level']) { if ($member['mb_id']) { @@ -116,7 +116,7 @@ if ($w == '') { if (strstr($write['wr_option'], 'secret')) { if ($write['mb_id']) { // 회원의 경우는 해당 글쓴 회원 및 관리자 - if (!($write['mb_id'] == $member['mb_id'] || $is_admin)) + if (!($write['mb_id'] === $member['mb_id'] || $is_admin)) alert('비밀글에는 자신 또는 관리자만 답변이 가능합니다.'); } else { // 비회원의 경우는 비밀글에 답변이 불가함 @@ -168,7 +168,7 @@ if (!empty($group['gr_use_access'])) { alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table)); } - if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) { + if ($is_admin == 'super' || $group['gr_admin'] === $member['mb_id'] || $board['bo_admin'] === $member['mb_id']) { ; // 통과 } else { // 그룹접근 @@ -251,7 +251,7 @@ $is_name = false; $is_password = false; $is_email = false; $is_homepage = false; -if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] != $write['mb_id'])) { +if ($is_guest || ($is_admin && $w == 'u' && $member['mb_id'] !== $write['mb_id'])) { $is_name = true; $is_password = true; $is_email = true; @@ -308,7 +308,7 @@ if ($w == '') { $password_required = ''; if (!$is_admin) { - if (!($is_member && $member['mb_id'] == $write['mb_id'])) { + if (!($is_member && $member['mb_id'] === $write['mb_id'])) { if (!check_password($wr_password, $write['wr_password'])) { alert('비밀번호가 틀립니다.'); } diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index 129721d28..f7fdd3ea3 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -269,7 +269,7 @@ else if ($w == 'cu') // 댓글 수정 ; else if ($is_admin == 'group') { // 그룹관리자 $mb = get_member($comment['mb_id']); - if ($member['mb_id'] == $group['gr_admin']) { // 자신이 관리하는 그룹인가? + if ($member['mb_id'] === $group['gr_admin']) { // 자신이 관리하는 그룹인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -278,7 +278,7 @@ else if ($w == 'cu') // 댓글 수정 alert('자신이 관리하는 그룹의 게시판이 아니므로 댓글을 수정할 수 없습니다.'); } else if ($is_admin == 'board') { // 게시판관리자이면 $mb = get_member($comment['mb_id']); - if ($member['mb_id'] == $board['bo_admin']) { // 자신이 관리하는 게시판인가? + if ($member['mb_id'] === $board['bo_admin']) { // 자신이 관리하는 게시판인가? if ($member['mb_level'] >= $mb['mb_level']) // 자신의 레벨이 크거나 같다면 통과 ; else @@ -286,7 +286,7 @@ else if ($w == 'cu') // 댓글 수정 } else alert('자신이 관리하는 게시판이 아니므로 댓글을 수정할 수 없습니다.'); } else if ($member['mb_id']) { - if ($member['mb_id'] != $comment['mb_id']) + if ($member['mb_id'] !== $comment['mb_id']) alert('자신의 글이 아니므로 수정할 수 없습니다.'); } else { if($comment['wr_password'] != $wr_password) diff --git a/bbs/write_update.php b/bbs/write_update.php index 5b2b6f945..8788ff705 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -140,7 +140,7 @@ if ($w == '' || $w == 'u') { } // 김선용 1.00 : 글쓰기 권한과 수정은 별도로 처리되어야 함 - if($w =='u' && $member['mb_id'] && $wr['mb_id'] == $member['mb_id']) { + if($w =='u' && $member['mb_id'] && $wr['mb_id'] === $member['mb_id']) { ; } else if ($member['mb_level'] < $board['bo_write_level']) { alert('글을 쓸 권한이 없습니다.'); @@ -331,7 +331,7 @@ if ($w == '' || $w == 'r') { if ($member['mb_id']) { // 자신의 글이라면 - if ($member['mb_id'] == $wr['mb_id']) { + if ($member['mb_id'] === $wr['mb_id']) { $mb_id = $member['mb_id']; $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_email = addslashes($member['mb_email']); diff --git a/lib/common.lib.php b/lib/common.lib.php index e1a65c8cd..8c4b1de70 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3346,6 +3346,11 @@ function is_include_path_check($path='', $is_input='') { if( $path ){ if ($is_input){ + + if( strpos($path, 'php://') !== false || strpos($path, 'zlib://') !== false || strpos($path, 'bzip2://') !== false || strpos($path, 'zip://') !== false ){ + return false; + } + try { // whether $path is unix or not $unipath = strlen($path)==0 || $path{0}!='/'; From b79a46b857231a3f655be780131413637935a10e Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 14 Mar 2018 17:57:22 +0900 Subject: [PATCH 15/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C5=20O?= =?UTF-8?q?pen=20Redirect+Password=20Hijack=20=EC=B7=A8=EC=95=BD=EC=A0=90(?= =?UTF-8?q?2018-0109)=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 8c4b1de70..03473b27a 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3039,7 +3039,8 @@ function check_url_host($url, $msg='', $return_url=G5_URL) } //php 5.6.29 이하 버전에서는 parse_url 버그가 존재함 - if ( (isset($p['host']) && $p['host']) && version_compare(PHP_VERSION, '5.6.29') < 0) { + //php 7.0.1 ~ 7.0.5 버전에서는 parse_url 버그가 존재함 + if ( (isset($p['host']) && $p['host']) ) { $bool_ch = false; foreach( array('user','host') as $key) { if ( isset( $p[ $key ] ) && strpbrk( $p[ $key ], ':/?#@' ) ) { From b95db6a4a7071a09a5ce807139c74e879c5b8945 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 15 Mar 2018 15:41:20 +0900 Subject: [PATCH 16/24] =?UTF-8?q?=EB=AF=B8=EA=B0=80=EC=9E=85=20=EA=B3=84?= =?UTF-8?q?=EC=A0=95=20=EC=84=B8=EC=85=98=20=ED=9A=8D=EB=93=9D=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20(18-0013)=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/common.php b/common.php index 68970c9c7..35cd039c5 100644 --- a/common.php +++ b/common.php @@ -369,20 +369,22 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면 if (strtolower($tmp_mb_id) != strtolower($config['cf_admin'])) { $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' "; $row = sql_fetch($sql); - $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']); - // 쿠키에 저장된 키와 같다면 - $tmp_key = get_cookie('ck_auto'); - if ($tmp_key === $key && $tmp_key) { - // 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면 - if ($row['mb_intercept_date'] == '' && - $row['mb_leave_date'] == '' && - (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) { - // 세션에 회원아이디를 저장하여 로그인으로 간주 - set_session('ss_mb_id', $tmp_mb_id); + if($row['mb_password']){ + $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']); + // 쿠키에 저장된 키와 같다면 + $tmp_key = get_cookie('ck_auto'); + if ($tmp_key === $key && $tmp_key) { + // 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면 + if ($row['mb_intercept_date'] == '' && + $row['mb_leave_date'] == '' && + (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) { + // 세션에 회원아이디를 저장하여 로그인으로 간주 + set_session('ss_mb_id', $tmp_mb_id); - // 페이지를 재실행 - echo ""; - exit; + // 페이지를 재실행 + echo ""; + exit; + } } } // $row 배열변수 해제 From 108651c46da35c54d57c000a9b76be1a6ee9bf6e Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 16 Mar 2018 12:17:00 +0900 Subject: [PATCH 17/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20Re?= =?UTF-8?q?flected=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90(18-0085,=200132)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/alert_close.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bbs/alert_close.php b/bbs/alert_close.php index 830b3c61f..10a9acd37 100644 --- a/bbs/alert_close.php +++ b/bbs/alert_close.php @@ -2,6 +2,8 @@ include_once('./_common.php'); include_once(G5_PATH.'/head.sub.php'); +//$msg = isset($msg) ? strip_tags($msg) : ''; + $msg2 = str_replace("\\n", "
", $msg); if($error) { From 6c867f02b4f19cfb1bd6aa484cbee548eb6bf64b Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 16 Mar 2018 16:39:07 +0900 Subject: [PATCH 18/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20SQ?= =?UTF-8?q?L=20Injection=20=EC=B7=A8=EC=95=BD=EC=A0=90=20(18-0075)=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/delete.php | 2 +- bbs/delete_all.php | 2 +- bbs/move_update.php | 9 ++++++++- install/install_config.php | 2 +- install/install_db.php | 12 +++++++++++- 5 files changed, 22 insertions(+), 5 deletions(-) diff --git a/bbs/delete.php b/bbs/delete.php index 09639a194..8f3cc9bcd 100644 --- a/bbs/delete.php +++ b/bbs/delete.php @@ -80,7 +80,7 @@ while ($row = sql_fetch_array($result)) $sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' "; $result2 = sql_query($sql2); while ($row2 = sql_fetch_array($result2)) { - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row2['bf_file'])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) { delete_board_thumbnail($bo_table, $row2['bf_file']); diff --git a/bbs/delete_all.php b/bbs/delete_all.php index f7c6179bf..943045b19 100644 --- a/bbs/delete_all.php +++ b/bbs/delete_all.php @@ -98,7 +98,7 @@ for ($i=$chk_count-1; $i>=0; $i--) $result2 = sql_query($sql2); while ($row2 = sql_fetch_array($result2)) { // 파일삭제 - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '',$row2['bf_file'])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) { diff --git a/bbs/move_update.php b/bbs/move_update.php index 78abbd8cd..fd48087fe 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -28,7 +28,14 @@ while ($row = sql_fetch_array($result)) $wr_num = $row['wr_num']; for ($i=0; $i Date: Fri, 16 Mar 2018 17:10:54 +0900 Subject: [PATCH 19/24] =?UTF-8?q?1:1=20=EB=AC=B8=EC=9D=98=20=EB=A6=AC?= =?UTF-8?q?=EC=8A=A4=ED=8A=B8=EC=97=90=EC=84=9C=20=EC=82=AD=EC=A0=9C=20?= =?UTF-8?q?=ED=86=A0=ED=81=B0=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qadelete.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bbs/qadelete.php b/bbs/qadelete.php index a26fff7e1..09e7b82cc 100644 --- a/bbs/qadelete.php +++ b/bbs/qadelete.php @@ -7,7 +7,8 @@ if($is_guest) $delete_token = get_session('ss_qa_delete_token'); set_session('ss_qa_delete_token', ''); -if (!($token && $delete_token == $token)) +//관리자가 아닌경우에는 토큰을 검사합니다. +if (!$is_admin && !($token && $delete_token == $token)) alert('토큰 에러로 삭제 불가합니다.'); $tmp_array = array(); @@ -21,7 +22,7 @@ if(!$count) alert('삭제할 게시글을 하나이상 선택해 주십시오.'); for($i=0; $i<$count; $i++) { - $qa_id = $tmp_array[$i]; + $qa_id = (int) $tmp_array[$i]; $sql = " select qa_id, mb_id, qa_type, qa_status, qa_parent, qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} @@ -32,7 +33,7 @@ for($i=0; $i<$count; $i++) { continue; // 자신의 글이 아니면 건너뜀 - if($is_admin != 'super' && $row['mb_id'] != $member['mb_id']) + if($is_admin != 'super' && $row['mb_id'] !== $member['mb_id']) continue; // 답변이 달린 글은 삭제못함 From cfc85a327b70b201028312be6caeebb7fa7ad4c2 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 19 Mar 2018 09:40:21 +0900 Subject: [PATCH 20/24] =?UTF-8?q?=EB=B6=84=EB=A5=98=EB=AA=85=20=ED=8C=A8?= =?UTF-8?q?=EC=B9=98=20f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58=20?= =?UTF-8?q?=EC=97=90=20=EB=94=B0=EB=A5=B8=20=EC=B6=94=EA=B0=80=EC=BD=94?= =?UTF-8?q?=EB=93=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form.php | 2 +- adm/board_form_update.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/adm/board_form.php b/adm/board_form.php index 6855e3cb6..651d686db 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -233,7 +233,7 @@ $frm_submit .= ''; + +
- + > diff --git a/adm/board_form_update.php b/adm/board_form_update.php index dd49120ba..dccf74db3 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -60,6 +60,8 @@ $f = @fopen($file, 'w'); $src_char = array('&', '='); $dst_char = array('&', '〓'); $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list); +//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 +$str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : ''; $sql_common = " gr_id = '{$_POST['gr_id']}', bo_subject = '{$_POST['bo_subject']}', @@ -82,7 +84,7 @@ $sql_common = " gr_id = '{$_POST['gr_id']}', bo_comment_point = '{$_POST['bo_comment_point']}', bo_download_point = '{$_POST['bo_download_point']}', bo_use_category = '{$_POST['bo_use_category']}', - bo_category_list = '{$_POST['bo_category_list']}', + bo_category_list = '{$str_bo_category_list}', bo_use_sideview = '{$_POST['bo_use_sideview']}', bo_use_file_content = '{$_POST['bo_use_file_content']}', bo_use_secret = '{$_POST['bo_use_secret']}', From c665cc05574f48c9af6300736d1865ae5afb4529 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 19 Mar 2018 10:24:24 +0900 Subject: [PATCH 21/24] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20?= =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=8E=98=EC=9D=B4=EC=A7=80=20SQL?= =?UTF-8?q?=20Injection=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/auth_list_delete.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/adm/auth_list_delete.php b/adm/auth_list_delete.php index 46acecce6..0327c1889 100644 --- a/adm/auth_list_delete.php +++ b/adm/auth_list_delete.php @@ -9,17 +9,24 @@ if ($is_admin != 'super') check_admin_token(); -$count = count($_POST['chk']); +$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0; if (!$count) alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); +if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['au_menu']) && ! is_array($_POST['au_menu'])) ){ + alert("잘못된 요청입니다."); +} + for ($i=0; $i<$count; $i++) { // 실제 번호를 넘김 $k = $chk[$i]; + + $mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]); + $au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]); - $sql = " delete from {$g5['auth_table']} where mb_id = '{$_POST['mb_id'][$k]}' and au_menu = '{$_POST['au_menu'][$k]}' "; + $sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' "; sql_query($sql); } From 2a70b016f69cf8f309be38030eedc4a23de3b8e0 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 19 Mar 2018 11:03:25 +0900 Subject: [PATCH 22/24] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EC=83=81?= =?UTF-8?q?=EB=8B=A8=20=ED=95=98=EB=8B=A8=20=20=ED=8C=8C=EC=9D=BC=20?= =?UTF-8?q?=EA=B2=BD=EB=A1=9C=20=EB=82=B4=EC=9A=A9=20=EB=93=B1=EC=9D=80=20?= =?UTF-8?q?=EC=8A=88=ED=8D=BC=EA=B4=80=EB=A6=AC=EC=9E=90=EB=A7=8C=20?= =?UTF-8?q?=EC=9E=85=EB=A0=A5=ED=95=A0=EC=88=98=20=EC=9E=88=EA=B2=8C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form.php | 2 ++ adm/board_form_update.php | 45 +++++++++++++++++++++++++++------------ 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/adm/board_form.php b/adm/board_form.php index 651d686db..0eb655d1b 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -815,6 +815,7 @@ $frm_submit .= '';
@@ -887,6 +888,7 @@ $frm_submit .= '';
diff --git a/adm/board_form_update.php b/adm/board_form_update.php index dccf74db3..20eae3035 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -111,13 +111,20 @@ $sql_common = " gr_id = '{$_POST['gr_id']}', bo_image_width = '{$_POST['bo_image_width']}', bo_skin = '{$_POST['bo_skin']}', bo_mobile_skin = '{$_POST['bo_mobile_skin']}', - bo_include_head = '{$_POST['bo_include_head']}', + "; + +// 최고 관리자인 경우에만 수정가능 +if ($is_admin === 'super'){ +$sql_common .= " bo_include_head = '{$_POST['bo_include_head']}', bo_include_tail = '{$_POST['bo_include_tail']}', bo_content_head = '{$_POST['bo_content_head']}', bo_content_tail = '{$_POST['bo_content_tail']}', bo_mobile_content_head = '{$_POST['bo_mobile_content_head']}', bo_mobile_content_tail = '{$_POST['bo_mobile_content_tail']}', - bo_insert_content = '{$_POST['bo_insert_content']}', + "; +} + +$sql_common .= " bo_insert_content = '{$_POST['bo_insert_content']}', bo_gallery_cols = '{$_POST['bo_gallery_cols']}', bo_gallery_width = '{$_POST['bo_gallery_width']}', bo_gallery_height = '{$_POST['bo_gallery_height']}', @@ -301,12 +308,17 @@ if (is_checked('chk_grp_comment_min')) $grp_fields .= " , bo_comment_mi if (is_checked('chk_grp_comment_max')) $grp_fields .= " , bo_comment_max = '{$bo_comment_max}' "; if (is_checked('chk_grp_upload_count')) $grp_fields .= " , bo_upload_count = '{$bo_upload_count}' "; if (is_checked('chk_grp_upload_size')) $grp_fields .= " , bo_upload_size = '{$bo_upload_size}' "; -if (is_checked('chk_grp_include_head')) $grp_fields .= " , bo_include_head = '{$bo_include_head}' "; -if (is_checked('chk_grp_include_tail')) $grp_fields .= " , bo_include_tail = '{$bo_include_tail}' "; -if (is_checked('chk_grp_content_head')) $grp_fields .= " , bo_content_head = '{$bo_content_head}' "; -if (is_checked('chk_grp_content_tail')) $grp_fields .= " , bo_content_tail = '{$bo_content_tail}' "; -if (is_checked('chk_grp_mobile_content_head')) $grp_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; -if (is_checked('chk_grp_mobile_content_tail')) $grp_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; + +//최고관리자만 수정가능 +if ($is_admin === 'super'){ + if (is_checked('chk_grp_include_head')) $grp_fields .= " , bo_include_head = '{$bo_include_head}' "; + if (is_checked('chk_grp_include_tail')) $grp_fields .= " , bo_include_tail = '{$bo_include_tail}' "; + if (is_checked('chk_grp_content_head')) $grp_fields .= " , bo_content_head = '{$bo_content_head}' "; + if (is_checked('chk_grp_content_tail')) $grp_fields .= " , bo_content_tail = '{$bo_content_tail}' "; + if (is_checked('chk_grp_mobile_content_head')) $grp_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; + if (is_checked('chk_grp_mobile_content_tail')) $grp_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; +} + if (is_checked('chk_grp_insert_content')) $grp_fields .= " , bo_insert_content = '{$bo_insert_content}' "; if (is_checked('chk_grp_use_search')) $grp_fields .= " , bo_use_search = '{$bo_use_search}' "; if (is_checked('chk_grp_order')) $grp_fields .= " , bo_order = '{$bo_order}' "; @@ -384,12 +396,17 @@ if (is_checked('chk_all_comment_min')) $all_fields .= " , bo_comment_mi if (is_checked('chk_all_comment_max')) $all_fields .= " , bo_comment_max = '{$bo_comment_max}' "; if (is_checked('chk_all_upload_count')) $all_fields .= " , bo_upload_count = '{$bo_upload_count}' "; if (is_checked('chk_all_upload_size')) $all_fields .= " , bo_upload_size = '{$bo_upload_size}' "; -if (is_checked('chk_all_include_head')) $all_fields .= " , bo_include_head = '{$bo_include_head}' "; -if (is_checked('chk_all_include_tail')) $all_fields .= " , bo_include_tail = '{$bo_include_tail}' "; -if (is_checked('chk_all_content_head')) $all_fields .= " , bo_content_head = '{$bo_content_head}' "; -if (is_checked('chk_all_content_tail')) $all_fields .= " , bo_content_tail = '{$bo_content_tail}' "; -if (is_checked('chk_all_mobile_content_head')) $all_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; -if (is_checked('chk_all_mobile_content_tail')) $all_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; + +//최고관리자만 수정가능 +if ($is_admin === 'super'){ + if (is_checked('chk_all_include_head')) $all_fields .= " , bo_include_head = '{$bo_include_head}' "; + if (is_checked('chk_all_include_tail')) $all_fields .= " , bo_include_tail = '{$bo_include_tail}' "; + if (is_checked('chk_all_content_head')) $all_fields .= " , bo_content_head = '{$bo_content_head}' "; + if (is_checked('chk_all_content_tail')) $all_fields .= " , bo_content_tail = '{$bo_content_tail}' "; + if (is_checked('chk_all_mobile_content_head')) $all_fields .= " , bo_mobile_content_head = '{$bo_mobile_content_head}' "; + if (is_checked('chk_all_mobile_content_tail')) $all_fields .= " , bo_mobile_content_tail = '{$bo_mobile_content_tail}' "; +} + if (is_checked('chk_all_insert_content')) $all_fields .= " , bo_insert_content = '{$bo_insert_content}' "; if (is_checked('chk_all_use_search')) $all_fields .= " , bo_use_search = '{$bo_use_search}' "; if (is_checked('chk_all_order')) $all_fields .= " , bo_order = '{$bo_order}' "; From 134e504134028bd8ae5fb0d0a1657574b3372113 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 19 Mar 2018 12:30:24 +0900 Subject: [PATCH 23/24] =?UTF-8?q?=EC=B5=9C=EC=8B=A0=EA=B8=80=20=EC=BA=90?= =?UTF-8?q?=EC=8B=9C=20=ED=8C=8C=EC=9D=BC=20=EC=83=9D=EC=84=B1=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/latest.lib.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/latest.lib.php b/lib/latest.lib.php index 55dd826db..a37ba466e 100644 --- a/lib/latest.lib.php +++ b/lib/latest.lib.php @@ -61,6 +61,10 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40, $cache_time= $sql = " select * from {$tmp_write_table} where wr_is_comment = 0 order by wr_num limit 0, {$rows} "; $result = sql_query($sql); for ($i=0; $row = sql_fetch_array($result); $i++) { + try { + unset($row['wr_password']); + } catch (Exception $e) { + } $list[$i] = get_list($row, $board, $latest_skin_url, $subject_len); } From af6d060fa084f1de0ed3bc09e4664b56cdee2473 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 19 Mar 2018 14:16:10 +0900 Subject: [PATCH 24/24] =?UTF-8?q?5.2.9.8.3=20=EB=B2=84=EC=A0=84=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 9e8782482..826b29242 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.2.9.8.1'); +define('G5_GNUBOARD_VER', '5.2.9.8.3'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);