Merge branch 'master' of github.com:gnuboard/g5

2017-12-07 11:18:09 +09:00
parent 7d8e2e4fdd 82279c376b
commit bc68c4bc70
168 changed files with 31946 additions and 31344 deletions
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@ -176,7 +176,7 @@ function get_theme_config_value($dir, $key='*')
    $tconfig = array();
    $theme_config_file = G5_PATH.'/'.G5_THEME_DIR.'/'.$dir.'/theme.config.php';
-    if(is_file) {
+    if(is_file($theme_config_file)) {
        include($theme_config_file);
        if($key == '*') {
--- a/adm/mail_select_list.php
+++ b/adm/mail_select_list.php
@ -106,7 +106,7 @@ include_once('./admin.head.php');
    <?php } ?>
    </tbody>
    </table>
-    <textarea name="ma_list" style="display:none"><?=$ma_list?></textarea>
+    <textarea name="ma_list" style="display:none"><?php echo $ma_list?></textarea>
 </div>
 <div class="btn_confirm01 btn_confirm">
--- a/adm/sendmail_test.php
+++ b/adm/sendmail_test.php
@ -13,26 +13,37 @@ $g5['title'] = '메일 테스트';
 include_once('./admin.head.php');
 if (isset($_POST['email'])) {
    $_POST['email'] = strip_tags($_POST['email']);
    $email = explode(',', $_POST['email']);
    for ($i=0; $i<count($email); $i++)
        mailer($config['cf_admin_email_name'], $config['cf_admin_email'], trim($email[$i]), '[메일검사] 제목', '<span style="font-size:9pt;">[메일검사] 내용<p>이 내용이 제대로 보인다면 보내는 메일 서버에는 이상이 없는것입니다.<p>'.G5_TIME_YMDHIS.'<p>이 메일 주소로는 회신되지 않습니다.</span>', 1);
-    echo '<section>';
+    $real_email = array();
-    echo '<h2>결과메세지</h2>';
+
-    echo '<div class="local_desc01 local_desc"><p>';
+    for ($i=0; $i<count($email); $i++){
-    echo '다음 '.count($email).'개의 메일 주소로 테스트 메일 발송이 완료되었습니다.';
+
-    echo '</p></div>';
+        if (!preg_match("/([0-9a-zA-Z_-]+)@([0-9a-zA-Z_-]+)\.([0-9a-zA-Z_-]+)/", $email[$i])) continue;
-    echo '<ul>';
+        
-    for ($i=0;$i<count($email);$i++) {
+        $real_email[] = $email[$i];
-        echo '<li>'.$email[$i].'</li>';
+        mailer($config['cf_admin_email_name'], $config['cf_admin_email'], trim($email[$i]), '[메일검사] 제목', '<span style="font-size:9pt;">[메일검사] 내용<p>이 내용이 제대로 보인다면 보내는 메일 서버에는 이상이 없는것입니다.<p>'.G5_TIME_YMDHIS.'<p>이 메일 주소로는 회신되지 않습니다.</span>', 1);
    }
    if( $real_email ){
        echo '<section>';
        echo '<h2>결과메세지</h2>';
        echo '<div class="local_desc01 local_desc"><p>';
        echo '다음 '.count($real_email).'개의 메일 주소로 테스트 메일 발송이 완료되었습니다.';
        echo '</p></div>';
        echo '<ul>';
        for ($i=0;$i<count($real_email);$i++) {
            echo '<li>'.$real_email[$i].'</li>';
        }
        echo '</ul>';
        echo '<div class="local_desc02 local_desc"><p>';
        echo '해당 주소로 테스트 메일이 도착했는지 확인해 주십시오.<br>';
        echo '만약, 테스트 메일이 오지 않는다면 더 다양한 계정의 메일 주소로 메일을 보내 보십시오.<br>';
        echo '그래도 메일이 하나도 도착하지 않는다면 메일 서버(sendmail server)의 오류일 가능성이 높으니, 웹 서버관리자에게 문의하여 주십시오.<br>';
        echo '</p></div>';
        echo '</section>';
    }
    echo '</ul>';
    echo '<div class="local_desc02 local_desc"><p>';
    echo '해당 주소로 테스트 메일이 도착했는지 확인해 주십시오.<br>';
    echo '만약, 테스트 메일이 오지 않는다면 더 다양한 계정의 메일 주소로 메일을 보내 보십시오.<br>';
    echo '그래도 메일이 하나도 도착하지 않는다면 메일 서버(sendmail server)의 오류일 가능성이 높으니, 웹 서버관리자에게 문의하여 주십시오.<br>';
    echo '</p></div>';
    echo '</section>';
 }
 ?>
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@ -15,7 +15,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처
 <div class="local_sch local_sch01">
    <form name="fvisit" method="get" onsubmit="return fvisit_submit(this);">
-    <?=$listall?>
+    <?php echo $listall?>
    <label for="sch_sort" class="sound_only">검색분류</label>
    <select name="sfl" id="sch_sort" class="search_sort">
        <option value="vi_ip"<?php echo get_selected($sfl, 'vi_ip'); ?>>IP</option>
--- a/bbs/group.php
+++ b/bbs/group.php
@ -28,9 +28,9 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
 <?php
 //  최신글
 $sql = " select bo_table, bo_subject
-            from {$g5[board_table]}
+            from {$g5['board_table']}
            where gr_id = '{$gr_id}'
-              and bo_list_level <= '{$member[mb_level]}'
+              and bo_list_level <= '{$member['mb_level']}'
              and bo_device <> 'mobile' ";
 if(!$is_admin)
    $sql .= " and bo_use_cert = '' ";
--- a/common.php
+++ b/common.php
@ -29,7 +29,8 @@ for ($i=0; $i<$ext_cnt; $i++) {
 function g5_path()
 {
-    $result['path'] = str_replace('\\', '/', dirname(__FILE__));
+    $chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
    $result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
    $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
    $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
    $pattern = '/' . preg_quote($document_root, '/') . '/i';
@ -139,7 +140,7 @@ if (file_exists($dbconfig_file)) {
    sql_set_charset('utf8', $connect_db);
    if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) sql_query("SET SESSION sql_mode = ''");
-    if (defined(G5_TIMEZONE)) sql_query(" set time_zone = '".G5_TIMEZONE."'");
+    if (defined('G5_TIMEZONE')) sql_query(" set time_zone = '".G5_TIMEZONE."'");
 } else {
 ?>
@ -485,7 +486,7 @@ if(isset($config['cf_theme']) && trim($config['cf_theme'])) {
 // 테마 설정 로드
-if(is_file(G5_THEME_PATH.'/theme.config.php'))
+if(defined('G5_THEME_PATH') && is_file(G5_THEME_PATH.'/theme.config.php'))
    include_once(G5_THEME_PATH.'/theme.config.php');
 //=====================================================================================
--- a/config.php
+++ b/config.php
@ -5,7 +5,7 @@
 ********************/
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.2.9.6');
+define('G5_GNUBOARD_VER', '5.2.9.7');
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
--- a/g4_import_run.php
+++ b/g4_import_run.php
@ -379,10 +379,53 @@ document.onkeydown = noRefresh ;
            $comma = '';
            $sql_common = '';
            // 모바일 스킨 디렉토리
            if( ! isset($row['bo_mobile_skin']) ){
                $row['bo_mobile_skin'] = 'basic';
            }
            // 모바일 제목 길이
            if( ! isset($row['bo_mobile_subject_len']) ){
                $row['bo_mobile_subject_len'] = '30';
            }
            // 모바일 페이지당 목록 수
            if( ! isset($row['bo_mobile_page_rows']) ){
                $row['bo_mobile_page_rows'] = '15';
            }
            // 갤러리 이미지 폭 ( 리스트 )
            if( ! isset($row['bo_gallery_width']) ){
                $row['bo_gallery_width'] = '174';
            }
            // 갤러리 이미지 높이 ( 리스트 )
            if( ! isset($row['bo_gallery_height']) ){
                $row['bo_gallery_height'] = '124';
            }
            // 모바일 갤러리 이미지 폭 ( 리스트 )
            if( ! isset($row['bo_mobile_gallery_width']) ){
                $row['bo_mobile_gallery_width'] = '125';
            }
            // 모바일 갤러리 이미지 높이 ( 리스트 )
            if( ! isset($row['bo_mobile_gallery_height']) ){
                $row['bo_mobile_gallery_height'] = '100';
            }
            foreach($row as $key=>$val) {
                if(!in_array($key, $columns))
                    continue;
                if($key === 'bo_notice'){
                    $val = str_replace("\n", ",", $val);
                    if( substr($val, -1)  === ',' ){
                        $val = substr($val, 0, -1);
                    }
                }
                $sql_common .= $comma . " $key = '".addslashes($val)."' ";
                $comma = ',';
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -216,11 +216,12 @@ function url_auto_link($str)
    // 140326 유창화님 제안코드로 수정
    // http://sir.kr/pg_lecture/461
    // http://sir.kr/pg_lecture/463
    $attr_nofollow = (function_exists('check_html_link_nofollow') && check_html_link_nofollow('url_auto_link')) ? ' rel="nofollow"' : '';
    $str = str_replace(array("&lt;", "&gt;", "&amp;", "&quot;", "&nbsp;", "&#039;"), array("\t_lt_\t", "\t_gt_\t", "&", "\"", "\t_nbsp_\t", "'"), $str);
    //$str = preg_replace("`(?:(?:(?:href|src)\s*=\s*(?:\"|'|)){0})((http|https|ftp|telnet|news|mms)://[^\"'\s()]+)`", "<A HREF=\"\\1\" TARGET='{$config['cf_link_target']}'>\\1</A>", $str);
-    $str = preg_replace("/([^(href=\"?'?)|(src=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[가-힣\xA1-\xFEa-zA-Z0-9\.:&#!=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET=\"{$config['cf_link_target']}\">\\2</A>", $str);
+    $str = preg_replace("/([^(href=\"?'?)|(src=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[가-힣\xA1-\xFEa-zA-Z0-9\.:&#!=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET=\"{$config['cf_link_target']}\" $attr_nofollow>\\2</A>", $str);
-    $str = preg_replace("/(^|[\"'\s(])(www\.[^\"'\s()]+)/i", "\\1<A HREF=\"http://\\2\" TARGET=\"{$config['cf_link_target']}\">\\2</A>", $str);
+    $str = preg_replace("/(^|[\"'\s(])(www\.[^\"'\s()]+)/i", "\\1<A HREF=\"http://\\2\" TARGET=\"{$config['cf_link_target']}\" $attr_nofollow>\\2</A>", $str);
-    $str = preg_replace("/[0-9a-z_-]+@[a-z0-9._-]{4,}/i", "<a href=\"mailto:\\0\">\\0</a>", $str);
+    $str = preg_replace("/[0-9a-z_-]+@[a-z0-9._-]{4,}/i", "<a href=\"mailto:\\0\" $attr_nofollow>\\0</a>", $str);
    $str = str_replace(array("\t_nbsp_\t", "\t_lt_\t", "\t_gt_\t", "'"), array("&nbsp;", "&lt;", "&gt;", "&#039;"), $str);
    /*
@ -538,6 +539,9 @@ function conv_content($content, $html, $filter=true)
    return $content;
 }
 function check_html_link_nofollow($type=''){
    return true;
 }
 // http://htmlpurifier.org/
 // Standards-Compliant HTML Filtering
@ -561,6 +565,7 @@ function html_purifier($html)
    $safeiframe = implode('|', $domains);
    include_once(G5_PLUGIN_PATH.'/htmlpurifier/HTMLPurifier.standalone.php');
    include_once(G5_PLUGIN_PATH.'/htmlpurifier/extend.video.php');
    $config = HTMLPurifier_Config::createDefault();
    // data/cache 디렉토리에 CSS, HTML, URI 디렉토리 등을 만든다.
    $config->set('Cache.SerializerPath', G5_DATA_PATH.'/cache');
@ -568,8 +573,13 @@ function html_purifier($html)
    $config->set('HTML.SafeObject', false);
    $config->set('Output.FlashCompat', false);
    $config->set('HTML.SafeIframe', true);
    if( (function_exists('check_html_link_nofollow') && check_html_link_nofollow('html_purifier')) ){
        $config->set('HTML.Nofollow', true);    // rel=nofollow 으로 스팸유입을 줄임
    }
    $config->set('URI.SafeIframeRegexp','%^(https?:)?//('.$safeiframe.')%');
    $config->set('Attr.AllowedFrameTargets', array('_blank'));
    //유튜브, 비메오 전체화면 가능하게 하기
    $config->set('Filter.Custom', array(new HTMLPurifier_Filter_Iframevideo()));
    $purifier = new HTMLPurifier($config);
    return $purifier->purify($html);
 }
@ -1213,8 +1223,8 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
    $tmp_name = "";
    if ($mb_id) {
-        //$tmp_name = "<a href=\"".G5_BBS_URL."/profile.php?mb_id=".$mb_id."\" class=\"sv_member\" title=\"$name 자기소개\" target=\"_blank\" onclick=\"return false;\">$name</a>";
+        //$tmp_name = "<a href=\"".G5_BBS_URL."/profile.php?mb_id=".$mb_id."\" class=\"sv_member\" title=\"$name 자기소개\" rel="nofollow" target=\"_blank\" onclick=\"return false;\">$name</a>";
-        $tmp_name = '<a href="'.G5_BBS_URL.'/profile.php?mb_id='.$mb_id.'" class="sv_member" title="'.$name.' 자기소개" target="_blank" onclick="return false;">';
+        $tmp_name = '<a href="'.G5_BBS_URL.'/profile.php?mb_id='.$mb_id.'" class="sv_member" title="'.$name.' 자기소개" target="_blank" rel="nofollow" onclick="return false;">';
        if ($config['cf_use_member_icon']) {
            $mb_dir = substr($mb_id,0,2);
@ -1241,7 +1251,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
        if(!$bo_table)
            return $name;
-        $tmp_name = '<a href="'.G5_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;sca='.$sca.'&amp;sfl=wr_name,1&amp;stx='.$name.'" title="'.$name.' 이름으로 검색" class="sv_guest" onclick="return false;">'.$name.'</a>';
+        $tmp_name = '<a href="'.G5_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;sca='.$sca.'&amp;sfl=wr_name,1&amp;stx='.$name.'" title="'.$name.' 이름으로 검색" class="sv_guest" rel="nofollow" onclick="return false;">'.$name.'</a>';
        $title_mb_id = '[비회원]';
    }
@ -2137,6 +2147,10 @@ function check_device($device)
 // 게시판 최신글 캐시 파일 삭제
 function delete_cache_latest($bo_table)
 {
    if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) {
        return;
    }
    $files = glob(G5_DATA_PATH.'/cache/latest-'.$bo_table.'-*');
    if (is_array($files)) {
        foreach ($files as $filename)
--- a/mobile/skin/popular/basic/popular.skin.php
+++ b/mobile/skin/popular/basic/popular.skin.php
@ -9,9 +9,15 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
    <div>
        <h2>인기검색어</h2>
        <ul>
-        <?php for ($i=0; $i<count($list); $i++) { ?>
+        <?php
        if( isset($list) && is_array($list) ){
            for ($i=0; $i<count($list); $i++) {
        ?>
            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
-        <?php } ?>
+            <?php
            }   //end for
        }   //end if
        ?>
        </ul>
    </div>
 </aside>
--- a/plugin/editor/smarteditor2/photo_uploader/popup/index.html
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/index.html
@ -48,8 +48,8 @@
    </div>
 </div>
-<script src="./js/jquery-1.8.3.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
-<script src="./js/jquery-ui.min.js"></script>
+<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js"></script>
 <!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
 <script src="./js/jquery.iframe-transport.js"></script>
--- a/plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-1.8.3.min.js
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-1.8.3.min.js
--- a/plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-ui.min.js
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/js/jquery-ui.min.js
--- a/plugin/htmlpurifier/HTMLPurifier.standalone.php
+++ b/plugin/htmlpurifier/HTMLPurifier.standalone.php
--- a/plugin/htmlpurifier/extend.video.php
+++ b/plugin/htmlpurifier/extend.video.php
@ -0,0 +1,66 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 //https://stackoverflow.com/questions/4739284/htmlpurifier-iframe-vimeo-and-youtube-video
 /**
 * Based on: http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/
 * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
 */
 if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
 	class HTMLPurifier_Filter_iframevideo extends HTMLPurifier_Filter
 	{
 		public $name = 'Iframevideo';
 		/**
 		 *
 		 * @param string $html
 		 * @param HTMLPurifier_Config $config
 		 * @param HTMLPurifier_Context $context
 		 * @return string
 		 */
 		public function preFilter($html, $config, $context)
 		{
 			$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
 			$html = preg_replace('#</iframe>#i', '</img>', $html);
 			return $html;
 		}
 		/**
 		 *
 		 * @param string $html
 		 * @param HTMLPurifier_Config $config
 		 * @param HTMLPurifier_Context $context
 		 * @return string
 		 */
 		public function postFilter($html, $config, $context)
 		{
 			$post_regex = '#<img class="Iframevideo"([^>]+?)>#';
 			return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
 		}
 		/**
 		 *
 		 * @param array $matches
 		 * @return string
 		 */
 		protected function postFilterCallback($matches)
 		{
 			// Domain Whitelist
 			$youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]);
 			$vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]);
 			if ($youTubeMatch || $vimeoMatch) {
 				$extra = ' frameborder="0"';
 				if ($youTubeMatch) {
 					$extra .= ' allowfullscreen';
 				} elseif ($vimeoMatch) {
 					$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
 				}
 				return '<iframe ' . $matches[1] . $extra . '></iframe>';
 			} else {
 				return '';
 			}
 		}
 	}
 }
 ?>
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
@ -0,0 +1,16 @@
 Core.AggressivelyRemoveScript
 TYPE: bool
 VERSION: 4.9.0
 DEFAULT: true
 --DESCRIPTION--
 <p>
    This directive enables aggressive pre-filter removal of
    script tags.  This is not necessary for security,
    but it can help work around a bug in libxml where embedded
    HTML elements inside script sections cause the parser to
    choke.  To revert to pre-4.9.0 behavior, set this to false.
    This directive has no effect if %Core.Trusted is true,
    %Core.RemoveScriptContents is false, or %Core.HiddenElements
    does not contain script.
 </p>
 --# vim: et sw=4 sts=4
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
@ -0,0 +1,36 @@
 Core.LegacyEntityDecoder
 TYPE: bool
 VERSION: 4.9.0
 DEFAULT: false
 --DESCRIPTION--
 <p>
    Prior to HTML Purifier 4.9.0, entities were decoded by performing
    a global search replace for all entities whose decoded versions
    did not have special meanings under HTML, and replaced them with
    their decoded versions.  We would match all entities, even if they did
    not have a trailing semicolon, but only if there weren't any trailing
    alphanumeric characters.
 </p>
 <table>
 <tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
 <tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
 <tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
 <tr><td>&amp;yena</td><td>&amp;yena</td><td>&amp;yena</td></tr>
 <tr><td>&amp;yen=</td><td>&yen;=</td><td>&yen;=</td></tr>
 </table>
 <p>
    In HTML Purifier 4.9.0, we changed the behavior of entity parsing
    to match entities that had missing trailing semicolons in less
    cases, to more closely match HTML5 parsing behavior:
 </p>
 <table>
 <tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
 <tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
 <tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
 <tr><td>&amp;yena</td><td>&yen;a</td><td>&amp;yena</td></tr>
 <tr><td>&amp;yen=</td><td>&yen;=</td><td>&amp;yen=</td></tr>
 </table>
 <p>
    This flag reverts back to pre-HTML Purifier 4.9.0 behavior.
 </p>
 --# vim: et sw=4 sts=4
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
@ -0,0 +1,10 @@
 --# vim: et sw=4 sts=4
 HTML.TargetNoopener
 TYPE: bool
 VERSION: 4.8.0
 DEFAULT: TRUE
 --DESCRIPTION--
 If enabled, noopener rel attributes are added to links which have
 a target attribute associated with them.  This prevents malicious
 destinations from overwriting the original window.
 --# vim: et sw=4 sts=4
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
@ -1,5 +1,5 @@
 URI.DefaultScheme
-TYPE: string
+TYPE: string/null
 DEFAULT: 'http'
 --DESCRIPTION--
@ -7,4 +7,9 @@ DEFAULT: 'http'
    Defines through what scheme the output will be served, in order to
    select the proper object validator when no scheme information is present.
 </p>
 <p>
    Starting with HTML Purifier 4.9.0, the default scheme can be null, in
    which case we reject all URIs which do not have explicit schemes.
 </p>
 --# vim: et sw=4 sts=4
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
@ -95,7 +95,10 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
        if ($tidy !== null) {
            $this->_tidy = $tidy;
        }
-        $html = preg_replace_callback('#<style(?:\s.*)?>(.+)</style>#isU', array($this, 'styleCallback'), $html);
+        // NB: this must be NON-greedy because if we have
        // <style>foo</style>  <style>bar</style>
        // we must not grab foo</style>  <style>bar
        $html = preg_replace_callback('#<style(?:\s.*)?>(.*)<\/style>#isU', array($this, 'styleCallback'), $html);
        $style_blocks = $this->_styleMatches;
        $this->_styleMatches = array(); // reset
        $context->register('StyleBlocks', $style_blocks); // $context must not be reused
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
@ -21,7 +21,7 @@ class HTMLPurifier_Lexer_PH5P extends HTMLPurifier_Lexer_DOMLex
    public function tokenizeHTML($html, $config, $context)
    {
        $new_html = $this->normalize($html, $config, $context);
-        $new_html = $this->wrapHTML($new_html, $config, $context);
+        $new_html = $this->wrapHTML($new_html, $config, $context, false /* no div */);
        try {
            $parser = new HTML5($new_html);
            $doc = $parser->save();
@ -34,9 +34,9 @@ class HTMLPurifier_Lexer_PH5P extends HTMLPurifier_Lexer_DOMLex
        $tokens = array();
        $this->tokenizeDOM(
            $doc->getElementsByTagName('html')->item(0)-> // <html>
-                getElementsByTagName('body')->item(0) //   <body>
+                  getElementsByTagName('body')->item(0) //   <body>
            ,
-            $tokens
+            $tokens, $config
        );
        return $tokens;
    }
@ -1515,6 +1515,7 @@ class HTML5
                // Consume the maximum number of characters possible, with the
                // consumed characters case-sensitively matching one of the
                // identifiers in the first column of the entities table.
                $e_name = $this->characters('0-9A-Za-z;', $this->char + 1);
                $len = strlen($e_name);
@ -1547,7 +1548,7 @@ class HTML5
        // Return a character token for the character corresponding to the
        // entity name (as given by the second column of the entities table).
-        return html_entity_decode('&' . $entity . ';', ENT_QUOTES, 'UTF-8');
+        return html_entity_decode('&' . rtrim($entity, ';') . ';', ENT_QUOTES, 'UTF-8');
    }
    private function emitToken($token)
--- a/skin/popular/basic/popular.skin.php
+++ b/skin/popular/basic/popular.skin.php
@ -10,9 +10,15 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
    <div>
        <h2>인기검색어</h2>
        <ul>
-        <?php for ($i=0; $i<count($list); $i++) {  ?>
+        <?php
-            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
+        if( isset($list) && is_array($list) ){
-        <?php }  ?>
+            for ($i=0; $i<count($list); $i++) {
            ?>
                <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
            <?php
            }   //end for
        }   //end if
        ?>
        </ul>
    </div>
 </section>
--- a/theme/basic/group.php
+++ b/theme/basic/group.php
@ -19,9 +19,9 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
 <?php
 //  최신글
 $sql = " select bo_table, bo_subject
-            from {$g5[board_table]}
+            from {$g5['board_table']}
            where gr_id = '{$gr_id}'
-              and bo_list_level <= '{$member[mb_level]}'
+              and bo_list_level <= '{$member['mb_level']}'
              and bo_device <> 'mobile' ";
 if(!$is_admin)
    $sql .= " and bo_use_cert = '' ";
--- a/theme/basic/mobile/skin/popular/basic/popular.skin.php
+++ b/theme/basic/mobile/skin/popular/basic/popular.skin.php
@ -9,9 +9,15 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
    <div>
        <h2>인기검색어</h2>
        <ul>
-        <?php for ($i=0; $i<count($list); $i++) { ?>
+        <?php
        if( isset($list) && is_array($list) ){
            for ($i=0; $i<count($list); $i++) {
        ?>
            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
-        <?php } ?>
+            <?php
            }   //end for
        }   //end if
        ?>
        </ul>
    </div>
 </aside>
--- a/theme/basic/skin/popular/basic/popular.skin.php
+++ b/theme/basic/skin/popular/basic/popular.skin.php
@ -10,9 +10,15 @@ add_stylesheet('<link rel="stylesheet" href="'.$popular_skin_url.'/style.css">',
    <div>
        <h2>인기검색어</h2>
        <ul>
-        <?php for ($i=0; $i<count($list); $i++) {  ?>
+        <?php
-            <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
+        if( isset($list) && is_array($list) ){
-        <?php }  ?>
+            for ($i=0; $i<count($list); $i++) {
            ?>
                <li><a href="<?php echo G5_BBS_URL ?>/search.php?sfl=wr_subject&amp;sop=and&amp;stx=<?php echo urlencode($list[$i]['pp_word']) ?>"><?php echo get_text($list[$i]['pp_word']); ?></a></li>
            <?php
            }   //end for
        }   //end if
        ?>
        </ul>
    </div>
 </section>