From d0eb0601adc0344c6e9a361d7dc3d95a5a53df9b Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 7 Feb 2019 16:47:54 +0900 Subject: [PATCH 1/4] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/delete_comment.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php index 6b4929f63..5ec08ae53 100644 --- a/bbs/delete_comment.php +++ b/bbs/delete_comment.php @@ -53,8 +53,8 @@ $comment_reply = substr($write['wr_comment_reply'], 0, $len); $sql = " select count(*) as cnt from {$write_table} where wr_comment_reply like '{$comment_reply}%' and wr_id <> '{$comment_id}' - and wr_parent = '{$write[wr_parent]}' - and wr_comment = '{$write[wr_comment]}' + and wr_parent = '{$write['wr_parent']}' + and wr_comment = '{$write['wr_comment']}' and wr_is_comment = 1 "; $row = sql_fetch($sql); if ($row['cnt'] && !$is_admin) From 9c03cd85b6041539ba9e2a744aa8d529a7bacbda Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 14 Feb 2019 09:56:47 +0900 Subject: [PATCH 2/4] =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EB=B3=B4?= =?UTF-8?q?=EC=95=88=20=EB=B0=8F=20=EC=BD=94=EB=93=9C=20=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/boardgroup_list_update.php | 12 ++++++------ adm/boardgroupmember_update.php | 2 +- adm/member_form_update.php | 17 +++++++++++------ adm/point_list_delete.php | 12 +++++++----- bbs/password_lost2.php | 2 +- 5 files changed, 26 insertions(+), 19 deletions(-) diff --git a/adm/boardgroup_list_update.php b/adm/boardgroup_list_update.php index fbf9e2f1a..53d66c8e9 100644 --- a/adm/boardgroup_list_update.php +++ b/adm/boardgroup_list_update.php @@ -18,16 +18,16 @@ if(!$count) for ($i=0; $i<$count; $i++) { $k = $_POST['chk'][$i]; - $gr_id = $_POST['group_id'][$k]; - $gr_subject = strip_tags($_POST['gr_subject'][$k]); + $gr_id = preg_replace('/[^a-z0-9_]/i', '', $_POST['group_id'][$k]); + $gr_subject = sql_real_escape_string(strip_tags($_POST['gr_subject'][$k])); if($_POST['act_button'] == '선택수정') { $sql = " update {$g5['group_table']} set gr_subject = '{$gr_subject}', - gr_device = '{$_POST['gr_device'][$k]}', - gr_admin = '{$_POST['gr_admin'][$k]}', - gr_use_access = '{$_POST['gr_use_access'][$k]}', - gr_order = '{$_POST['gr_order'][$k]}' + gr_device = '".sql_real_escape_string($_POST['gr_device'][$k])."', + gr_admin = '".sql_real_escape_string($_POST['gr_admin'][$k])."', + gr_use_access = '".sql_real_escape_string($_POST['gr_use_access'][$k])."', + gr_order = '".sql_real_escape_string($_POST['gr_order'][$k])."' where gr_id = '{$gr_id}' "; if ($is_admin != 'super') $sql .= " and gr_admin = '{$_POST['gr_admin'][$k]}' "; diff --git a/adm/boardgroupmember_update.php b/adm/boardgroupmember_update.php index 95f8372b3..56de9c4cc 100644 --- a/adm/boardgroupmember_update.php +++ b/adm/boardgroupmember_update.php @@ -48,7 +48,7 @@ else if ($w == 'd' || $w == 'ld') check_admin_token(); for($i=0; $i<$count; $i++) { - $gm_id = $_POST['chk'][$i]; + $gm_id = (int) $_POST['chk'][$i]; $sql = " select * from {$g5['group_member_table']} where gm_id = '$gm_id' "; $gm = sql_fetch($sql); if (!$gm['gm_id']) { diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 30dd4e7d5..01975c8ec 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -33,9 +33,14 @@ if($_POST['mb_certify_case'] && $_POST['mb_certify']) { $mb_zip1 = substr($_POST['mb_zip'], 0, 3); $mb_zip2 = substr($_POST['mb_zip'], 3); +$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : ''; +$mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : ''; + +if ($msg = valid_mb_nick($mb_nick)) alert($msg, "", true, true); + $sql_common = " mb_name = '{$_POST['mb_name']}', - mb_nick = '{$_POST['mb_nick']}', - mb_email = '{$_POST['mb_email']}', + mb_nick = '{$mb_nick}', + mb_email = '{$mb_email}', mb_homepage = '{$_POST['mb_homepage']}', mb_tel = '{$_POST['mb_tel']}', mb_hp = '{$mb_hp}', @@ -74,13 +79,13 @@ if ($w == '') alert('이미 존재하는 회원아이디입니다.\\nID : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']); // 닉네임중복체크 - $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$_POST['mb_nick']}' "; + $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' "; $row = sql_fetch($sql); if ($row['mb_id']) alert('이미 존재하는 닉네임입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); // 이메일중복체크 - $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$_POST['mb_email']}' "; + $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' "; $row = sql_fetch($sql); if ($row['mb_id']) alert('이미 존재하는 이메일입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); @@ -104,13 +109,13 @@ else if ($w == 'u') alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.'); // 닉네임중복체크 - $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$_POST['mb_nick']}' and mb_id <> '$mb_id' "; + $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' "; $row = sql_fetch($sql); if ($row['mb_id']) alert('이미 존재하는 닉네임입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); // 이메일중복체크 - $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$_POST['mb_email']}' and mb_id <> '$mb_id' "; + $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' "; $row = sql_fetch($sql); if ($row['mb_id']) alert('이미 존재하는 이메일입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); diff --git a/adm/point_list_delete.php b/adm/point_list_delete.php index 5d59e942e..fb064b3bf 100644 --- a/adm/point_list_delete.php +++ b/adm/point_list_delete.php @@ -16,9 +16,11 @@ for ($i=0; $i<$count; $i++) { // 실제 번호를 넘김 $k = $_POST['chk'][$i]; + $po_id = (int) $_POST['po_id'][$k]; + $str_mb_id = sql_real_escape_string($_POST['mb_id'][$k]); // 포인트 내역정보 - $sql = " select * from {$g5['point_table']} where po_id = '{$_POST['po_id'][$k]}' "; + $sql = " select * from {$g5['point_table']} where po_id = '{$po_id}' "; $row = sql_fetch($sql); if(!$row['po_id']) @@ -39,19 +41,19 @@ for ($i=0; $i<$count; $i++) } // 포인트 내역삭제 - $sql = " delete from {$g5['point_table']} where po_id = '{$_POST['po_id'][$k]}' "; + $sql = " delete from {$g5['point_table']} where po_id = '{$po_id}' "; sql_query($sql); // po_mb_point에 반영 $sql = " update {$g5['point_table']} set po_mb_point = po_mb_point - '{$row['po_point']}' - where mb_id = '{$_POST['mb_id'][$k]}' - and po_id > '{$_POST['po_id'][$k]}' "; + where mb_id = '{$str_mb_id}' + and po_id > '{$po_id}' "; sql_query($sql); // 포인트 UPDATE $sum_point = get_point_sum($_POST['mb_id'][$k]); - $sql= " update {$g5['member_table']} set mb_point = '$sum_point' where mb_id = '{$_POST['mb_id'][$k]}' "; + $sql= " update {$g5['member_table']} set mb_point = '$sum_point' where mb_id = '{$str_mb_id}' "; sql_query($sql); } diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index 1dbb5209a..fade9a22f 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -11,7 +11,7 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$email = trim($_POST['mb_email']); +$email = get_email_address(trim($_POST['mb_email'])); if (!$email) alert_close('메일주소 오류입니다.'); From 04f55c8b953bbb7edd09d538b3e774859e2bd95e Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 14 Feb 2019 10:09:20 +0900 Subject: [PATCH 3/4] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EA=B4=80?= =?UTF-8?q?=EB=A6=AC=20=ED=8E=98=EC=9D=B4=EC=A7=80=20=EC=97=AC=EB=B6=84?= =?UTF-8?q?=ED=95=84=EB=93=9C=20style=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form.php | 2 +- adm/css/admin.css | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/adm/board_form.php b/adm/board_form.php index ec6a2e1df..d71dccbfd 100644 --- a/adm/board_form.php +++ b/adm/board_form.php @@ -1242,7 +1242,7 @@ $pg_anchor = '
    - + diff --git a/adm/css/admin.css b/adm/css/admin.css index 5b31afdc1..ed58130fd 100644 --- a/adm/css/admin.css +++ b/adm/css/admin.css @@ -403,6 +403,9 @@ tfoot th {} #anc_bo_extra label {display:inline-block;width:100px} #anc_bo_extra input {margin-right:10px} +/* 게시판 여분필드 값 input style 로빈아빠님 제안 */ +#anc_bo_extra input.extra-value-input {width:calc(100% - 370px);} + /* 접속자집계 목록 */ .tbl_visit_list td {text-align:center} .visit_bar {position:relative} From 92ded4b17a55ca49e1aa2947edeff38dc8c92af0 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 14 Feb 2019 10:10:33 +0900 Subject: [PATCH 4/4] =?UTF-8?q?5.3.2.6=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 87887e444..ee4888284 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.2.5'); +define('G5_GNUBOARD_VER', '5.3.2.6'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);