From 6fe49ff1064461f8ca6de7b511640910c0fba140 Mon Sep 17 00:00:00 2001 From: projectSylas Date: Tue, 5 Oct 2021 02:17:34 +0000 Subject: [PATCH 01/18] =?UTF-8?q?=EC=83=81=EC=88=98=20G5=5FSEO=5FTITEL=5FW?= =?UTF-8?q?ORD=5FCUT=20=EC=9D=84=20G5=5FSEO=5FTITLE=5FWORD=5FCUT=20?= =?UTF-8?q?=EB=A1=9C=20=EC=88=98=EC=A0=95=20(sinbi=EB=8B=98,211005)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- lib/uri.lib.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config.php b/config.php index 2d568eb56..8ede1c127 100644 --- a/config.php +++ b/config.php @@ -158,7 +158,7 @@ define('G5_SPACE', 32); // 공백 define('G5_SPECIAL', 64); // 특수문자 // SEO TITLE 문단 길이 -define('G5_SEO_TITEL_WORD_CUT', 8); // SEO TITLE 문단 길이 +define('G5_SEO_TITLE_WORD_CUT', 8); // SEO TITLE 문단 길이 // 퍼미션 define('G5_DIR_PERMISSION', 0755); // 디렉토리 생성시 퍼미션 diff --git a/lib/uri.lib.php b/lib/uri.lib.php index 5561cd839..e1443ea8c 100644 --- a/lib/uri.lib.php +++ b/lib/uri.lib.php @@ -193,7 +193,7 @@ function correct_goto_url($url){ return $url; } -function generate_seo_title($string, $wordLimit=G5_SEO_TITEL_WORD_CUT){ +function generate_seo_title($string, $wordLimit=G5_SEO_TITLE_WORD_CUT){ $separator = '-'; if($wordLimit != 0){ From 650ea165230c55318a9f9ae8f79e78275934b9b6 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 14 Oct 2021 14:42:49 +0900 Subject: [PATCH 02/18] =?UTF-8?q?shop=5Fis=5Ftaxsave=20=ED=95=A8=EC=88=98?= =?UTF-8?q?=EC=97=90=20$od=5Fpay=5Ftype=20=EB=B3=80=EC=88=98=EC=9D=98=20vb?= =?UTF-8?q?ank,=20transfer=20=EA=B0=80=20=EB=B0=94=EB=80=8C=EC=96=B4=20?= =?UTF-8?q?=EC=9E=88=EB=8A=94=20=EA=B2=83=EC=9D=84=20=EC=88=98=EC=A0=95=20?= =?UTF-8?q?(moons=EB=8B=98,211014)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/shop.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/shop.lib.php b/lib/shop.lib.php index faf569494..fc9331f6e 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -2455,9 +2455,9 @@ function shop_is_taxsave($od, $is_view_receipt=false){ if( $od['od_settle_case'] == '무통장' ){ $od_pay_type = 'account'; } else if ( $od['od_settle_case'] == '계좌이체' ) { - $od_pay_type = 'vbank'; - } else if ( $od['od_settle_case'] == '가상계좌' ) { $od_pay_type = 'transfer'; + } else if ( $od['od_settle_case'] == '가상계좌' ) { + $od_pay_type = 'vbank'; } if( $od_pay_type ) { From 24ba84d6f080bde8d73f4c49db67784f40a6abc5 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 14 Oct 2021 14:49:20 +0900 Subject: [PATCH 03/18] =?UTF-8?q?KG=EC=9D=B4=EB=8B=88=EC=8B=9C=EC=8A=A4=20?= =?UTF-8?q?=EA=B0=80=EC=83=81=EA=B3=84=EC=A2=8C=20=EC=82=AC=EC=9A=A9?= =?UTF-8?q?=EC=8B=9C=20=EC=95=88=EB=82=B4=EB=AC=B8=EA=B5=AC=20=EC=A4=91=20?= =?UTF-8?q?=EA=B1=B0=EB=9E=98=EC=A1=B0=ED=9A=8C=EB=A5=BC=20=EA=B1=B0?= =?UTF-8?q?=EB=9E=98=EB=82=B4=EC=97=AD=EC=9C=BC=EB=A1=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/configform.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/shop_admin/configform.php b/adm/shop_admin/configform.php index 9cda6b00f..d34875e49 100644 --- a/adm/shop_admin/configform.php +++ b/adm/shop_admin/configform.php @@ -625,7 +625,7 @@ if(!$default['de_kakaopay_cancelpwd']){ KG이니시스 가상계좌 입금통보 URL - KG이니시스 관리자 > 거래조회 > 가상계좌 > 입금통보방식선택 > URL 수신 설정에 넣으셔야 상점에 자동으로 입금 통보됩니다."); ?> + KG이니시스 관리자 > 거래내역 > 가상계좌 > 입금통보방식선택 > URL 수신 설정에 넣으셔야 상점에 자동으로 입금 통보됩니다."); ?> /settle_inicis_common.php From 6dc462d7843bc09ccef08f1128cb4b445da1d6c9 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 15 Oct 2021 16:04:17 +0900 Subject: [PATCH 04/18] =?UTF-8?q?(KVE-2021-0849)=20=ED=99=95=EC=9E=A5?= =?UTF-8?q?=EC=9E=90=20.phar=20=ED=8C=8C=EC=9D=BC=20=EC=97=85=EB=A1=9C?= =?UTF-8?q?=EB=93=9C=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite_update.php | 2 +- bbs/write_update.php | 2 +- install/install_db.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 08c614e07..bf74ef3c7 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -217,7 +217,7 @@ for ($i=1; $i<=$upload_count; $i++) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/bbs/write_update.php b/bbs/write_update.php index dbda388ef..f36c60add 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -561,7 +561,7 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/install/install_db.php b/install/install_db.php index 60bdaccf0..09c6b96b6 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -632,10 +632,10 @@ fclose($f);
  • DB설정 파일 생성 완료 ()
    • + Order allow,deny Deny from all From 3a3434104c1b8a974f829b64d1dffcea3a6ad313 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 15 Oct 2021 16:40:04 +0900 Subject: [PATCH 05/18] =?UTF-8?q?(KVE-2021-0755)=20=EB=A9=94=EB=89=B4?= =?UTF-8?q?=EC=9D=98=20=EB=A7=81=ED=81=AC=20=EA=B8=B0=EB=8A=A5=EC=9D=84=20?= =?UTF-8?q?=EC=9D=B4=EC=9A=A9=ED=95=9C=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/menu_list_update.php | 1 + 1 file changed, 1 insertion(+) diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index f62ab4714..7c5e03141 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -26,6 +26,7 @@ for ($i=0; $i<$count; $i++) } $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : ''; + $_POST['me_link'][$i] = html_purifier($_POST['me_link'][$i]); $code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : ''; $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : ''; From 9ada18ae56c959c553d8321d0110886d8e4aa1aa Mon Sep 17 00:00:00 2001 From: kagla Date: Mon, 18 Oct 2021 12:15:07 +0900 Subject: [PATCH 06/18] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.17=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index e44e7b826..8fa1128b1 100644 --- a/version.php +++ b/version.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.16'); +define('G5_GNUBOARD_VER', '5.4.17'); // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다. From de73f54959e76870faa438a7060dd93322f1b2f7 Mon Sep 17 00:00:00 2001 From: kagla Date: Tue, 19 Oct 2021 11:13:59 +0900 Subject: [PATCH 07/18] =?UTF-8?q?=EC=8B=A0=EC=9A=A9=EC=B9=B4=EB=93=9C=20?= =?UTF-8?q?=EA=B2=B0=EC=A0=9C=EC=B0=BD=EC=97=90=EC=84=9C=20=EB=84=A4?= =?UTF-8?q?=EC=9D=B4=EB=B2=84=ED=8E=98=EC=9D=B4=EB=A5=BC=20=EC=A7=80?= =?UTF-8?q?=EC=9B=90=ED=95=98=EB=AF=80=EB=A1=9C=20=EC=83=81=ED=92=88?= =?UTF-8?q?=EC=83=81=EC=84=B8=ED=8E=98=EC=9D=B4=EC=A7=80,=20=EC=9E=A5?= =?UTF-8?q?=EB=B0=94=EA=B5=AC=EB=8B=88=EC=97=90=EC=84=9C=20=EB=8D=94?= =?UTF-8?q?=EC=9D=B4=EC=83=81=20=EB=84=A4=EC=9D=B4=EB=B2=84=ED=8E=98?= =?UTF-8?q?=EC=9D=B4=20=EC=A7=81=EC=A0=91=EA=B2=B0=EC=A0=9C=EB=A5=BC=20?= =?UTF-8?q?=EC=A7=80=EC=9B=90=ED=95=98=EC=A7=80=20=EC=95=8A=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/configform.php | 2 ++ adm/shop_admin/configformupdate.php | 14 ++++++++------ shop.config.php | 4 ++++ shop/settle_naverpay.inc.php | 1 + 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/adm/shop_admin/configform.php b/adm/shop_admin/configform.php index d34875e49..2cc89e2fd 100644 --- a/adm/shop_admin/configform.php +++ b/adm/shop_admin/configform.php @@ -919,6 +919,7 @@ if(!$default['de_kakaopay_cancelpwd']){ + @@ -982,6 +983,7 @@ if(!$default['de_kakaopay_cancelpwd']){ + 에스크로 사용 diff --git a/adm/shop_admin/configformupdate.php b/adm/shop_admin/configformupdate.php index 3d31db95c..ae621cbf0 100644 --- a/adm/shop_admin/configformupdate.php +++ b/adm/shop_admin/configformupdate.php @@ -427,17 +427,19 @@ $sql = " update {$g5['g5_shop_default_table']} de_kakaopay_enckey = '{$de_kakaopay_enckey}', de_kakaopay_hashkey = '{$de_kakaopay_hashkey}', de_kakaopay_cancelpwd = '{$de_kakaopay_cancelpwd}', - de_naverpay_mid = '{$de_naverpay_mid}', - de_naverpay_cert_key = '{$de_naverpay_cert_key}', - de_naverpay_button_key = '{$de_naverpay_button_key}', - de_naverpay_test = '{$de_naverpay_test}', - de_naverpay_mb_id = '{$de_naverpay_mb_id}', - de_naverpay_sendcost = '{$de_naverpay_sendcost}', de_member_reg_coupon_use = '{$de_member_reg_coupon_use}', de_member_reg_coupon_term = '{$de_member_reg_coupon_term}', de_member_reg_coupon_price = '{$de_member_reg_coupon_price}', de_member_reg_coupon_minimum = '{$de_member_reg_coupon_minimum}' "; +if (defined('G5_SHOP_DIRECT_NAVERPAY') && G5_SHOP_DIRECT_NAVERPAY) { + $sql .= " ,de_naverpay_mid = '{$de_naverpay_mid}', + de_naverpay_cert_key = '{$de_naverpay_cert_key}', + de_naverpay_button_key = '{$de_naverpay_button_key}', + de_naverpay_test = '{$de_naverpay_test}', + de_naverpay_mb_id = '{$de_naverpay_mb_id}', + de_naverpay_sendcost = '{$de_naverpay_sendcost}' "; +} sql_query($sql); // 환경설정 > 포인트 사용 diff --git a/shop.config.php b/shop.config.php index bd219cdec..0b926680b 100644 --- a/shop.config.php +++ b/shop.config.php @@ -94,6 +94,10 @@ if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') { define('SHOP_TOSSPAYMENTS_CASHRECEIPT_TEST_JS', 'http://pgweb.tosspayments.com:7085/WEB_SERVER/js/receipt_link.js'); } +// 네이버페이를 신용카드 결제창에서 지원하고 있으므로 네이버에 직접신청하는 결제 기능을 미사용(false:기본설정) 합니다. (kagla,211019) +// 네이버에서 직접신청 결제를 사용(true)하시는 경우 모든 문제를 직접 해결해 주셔야 합니다. +define('G5_SHOP_DIRECT_NAVERPAY', false); // false 미사용(기본설정), true 사용 + /* // 주문상태 상수 define('G5_OD_STATUS_ORDER' , '입금확인중'); diff --git a/shop/settle_naverpay.inc.php b/shop/settle_naverpay.inc.php index 3fc9dd8b0..93c4b501b 100644 --- a/shop/settle_naverpay.inc.php +++ b/shop/settle_naverpay.inc.php @@ -1,5 +1,6 @@ Date: Fri, 22 Oct 2021 13:45:59 +0900 Subject: [PATCH 08/18] =?UTF-8?q?=EB=B9=84=EB=B0=80=20=EB=8C=93=EA=B8=80?= =?UTF-8?q?=20=EC=88=98=EC=A0=95=EC=8B=9C=20=EB=B9=84=EB=B0=80=EA=B8=80=20?= =?UTF-8?q?=ED=95=B4=EC=A0=9C=EA=B0=80=20=EB=90=98=EC=A7=80=20=EC=95=8A?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=EB=A5=BC=20=EC=88=98=EC=A0=95=20?= =?UTF-8?q?(=ED=95=9C=EB=B3=84=EC=95=84=EB=B9=A0=EB=8B=98,211022)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_comment_update.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index 71e7c5c50..ed1984251 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -324,9 +324,7 @@ else if ($w == 'cu') // 댓글 수정 if (!$is_admin) $sql_ip = " , wr_ip = '{$_SERVER['REMOTE_ADDR']}' "; - $sql_secret = ""; - if ($wr_secret) - $sql_secret = " , wr_option = '$wr_secret' "; + $sql_secret = " , wr_option = '$wr_secret' "; $sql = " update $write_table set wr_subject = '$wr_subject', From 6148da1addd9a8e11651bfa64b4ccf5d03ec275a Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 21 Oct 2021 11:12:15 +0900 Subject: [PATCH 09/18] =?UTF-8?q?$BANK=5FCODE=20=EC=97=90=20=ED=86=A0?= =?UTF-8?q?=EC=8A=A4=EB=B1=85=ED=81=AC(92)=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/settle_inicis.inc.php | 1 + shop/settle_inicis.inc.php | 1 + 2 files changed, 2 insertions(+) diff --git a/mobile/shop/settle_inicis.inc.php b/mobile/shop/settle_inicis.inc.php index b77f87151..503e165c7 100644 --- a/mobile/shop/settle_inicis.inc.php +++ b/mobile/shop/settle_inicis.inc.php @@ -54,6 +54,7 @@ $BANK_CODE = array( '88' => '신한은행', '89' => '케이뱅크', '90' => '카카오뱅크', + '92' => '토스뱅크', 'D1' => '동양종합금융증권', 'D2' => '현대증권', 'D3' => '미래에셋증권', diff --git a/shop/settle_inicis.inc.php b/shop/settle_inicis.inc.php index e63a9ab4c..8e502166f 100644 --- a/shop/settle_inicis.inc.php +++ b/shop/settle_inicis.inc.php @@ -102,6 +102,7 @@ $BANK_CODE = array( '88' => '신한은행', '89' => '케이뱅크', '90' => '카카오뱅크', + '92' => '토스뱅크', 'D1' => '동양종합금융증권', 'D2' => '현대증권', 'D3' => '미래에셋증권', From 413044ab06b6b9ec1041cf5793e6b8226669b6d5 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 21 Oct 2021 11:16:49 +0900 Subject: [PATCH 10/18] =?UTF-8?q?=EC=9D=B4=ED=9B=84=20=EB=B2=84=EC=A0=84?= =?UTF-8?q?=EC=9D=98=20PHP=EC=97=90=EC=84=9C=EB=8A=94=20class=20=EC=97=90?= =?UTF-8?q?=20=EC=86=8D=ED=95=9C=20method(=ED=95=A8=EC=88=98)=20=EC=9D=B4?= =?UTF-8?q?=EB=A6=84=EC=9D=84=20class=20=EC=9D=B4=EB=A6=84=EA=B3=BC=20?= =?UTF-8?q?=EB=8F=99=EC=9D=BC=ED=95=98=EA=B2=8C=20=EB=A7=8C=EB=93=A4=20?= =?UTF-8?q?=EC=88=98=20=EC=97=86=EC=8A=B5=EB=8B=88=EB=8B=A4.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/inicis/libs/sha256.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/shop/inicis/libs/sha256.inc.php b/shop/inicis/libs/sha256.inc.php index e39cd63da..72386947b 100644 --- a/shop/inicis/libs/sha256.inc.php +++ b/shop/inicis/libs/sha256.inc.php @@ -73,7 +73,9 @@ if (!class_exists('nanoSha2')) var $platform; // Php 4 - 6 compatable constructor - function nanoSha2($toUpper = false) { + // PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP + // function nanoSha2($toUpper = false) { + function __construct($toUpper = false) { // Determine if the caller wants upper case or not. $this->toUpper = is_bool($toUpper) ? $toUpper From 6ee9b1fbf285a410b8d92b4689fc0d7ae6b4b637 Mon Sep 17 00:00:00 2001 From: projectSylas Date: Mon, 25 Oct 2021 01:22:50 +0000 Subject: [PATCH 11/18] =?UTF-8?q?PHP8=EC=97=90=EC=84=9C=20=EC=83=81?= =?UTF-8?q?=EB=8B=A8=20=ED=8C=8C=EC=9D=BC=20=EA=B2=BD=EB=A1=9C,=20?= =?UTF-8?q?=ED=95=98=EB=8B=A8=20=ED=8C=8C=EC=9D=BC=20=EA=B2=BD=EB=A1=9C?= =?UTF-8?q?=EA=B0=80=20=EC=97=86=EC=9D=84=EB=95=8C=20=EB=82=98=EC=98=A4?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20(?= =?UTF-8?q?=EB=A3=A8=EB=AF=B8=EC=A7=91=EC=82=AC=EB=8B=98,211025)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/board_head.php | 2 +- bbs/board_tail.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/board_head.php b/bbs/board_head.php index 96508e75d..2fb10c18c 100644 --- a/bbs/board_head.php +++ b/bbs/board_head.php @@ -7,7 +7,7 @@ if (G5_IS_MOBILE) { include_once(G5_BBS_PATH.'/_head.php'); echo html_purifier(stripslashes($board['bo_mobile_content_head'])); } else { - if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크 + if($board['bo_include_head'] && is_include_path_check($board['bo_include_head'])) { //파일경로 체크 @include ($board['bo_include_head']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 include_once(G5_BBS_PATH.'/_head.php'); diff --git a/bbs/board_tail.php b/bbs/board_tail.php index 9358c1b3f..87385e9fe 100644 --- a/bbs/board_tail.php +++ b/bbs/board_tail.php @@ -8,7 +8,7 @@ if (G5_IS_MOBILE) { include_once(G5_BBS_PATH.'/_tail.php'); } else { echo html_purifier(stripslashes($board['bo_content_tail'])); - if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 + if($board['bo_include_tail'] && is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 @include ($board['bo_include_tail']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 include_once(G5_BBS_PATH.'/_tail.php'); From edb0b849d99d033d763d5b9da60b744ec6e44851 Mon Sep 17 00:00:00 2001 From: kagla Date: Mon, 25 Oct 2021 11:15:26 +0900 Subject: [PATCH 12/18] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.18=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index 8fa1128b1..7224acd9a 100644 --- a/version.php +++ b/version.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.17'); +define('G5_GNUBOARD_VER', '5.4.18'); // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다. From 7a054e1dbb0aa33c5496f3ba983c18f83ff67abd Mon Sep 17 00:00:00 2001 From: projectSylas Date: Thu, 11 Nov 2021 04:09:01 +0000 Subject: [PATCH 13/18] =?UTF-8?q?.gitignore=20=EC=97=90=20pma=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 940c403cd..6be4686a4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ naver*.html initests01/ SIRsoft000/ config.php +pma/ From 8c8bb94d6890b2a4964582398cd316a0d65e480e Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 24 Nov 2021 15:26:47 +0900 Subject: [PATCH 14/18] =?UTF-8?q?=EC=A0=91=EC=86=8D=EC=9E=90=EB=A1=9C?= =?UTF-8?q?=EA=B7=B8=EA=B0=80=20=EC=97=86=EC=9D=84=EB=95=8C=20=EB=85=84?= =?UTF-8?q?=EB=8F=84=EA=B0=80=200=EB=B6=80=ED=84=B0=20=EC=8B=9C=EC=9E=91?= =?UTF-8?q?=ED=95=98=EB=8A=94=20=EA=B2=83=EC=9D=84=20=ED=98=84=EC=9E=AC?= =?UTF-8?q?=EB=85=84=EB=8F=84=EA=B0=80=20=EB=82=98=EC=98=A4=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95=20(=EB=8B=A4=EC=98=A8=ED=85=8C?= =?UTF-8?q?=EB=A7=88=EB=8B=98,211115)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/visit_delete.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/adm/visit_delete.php b/adm/visit_delete.php index 16390c3ee..24d4436df 100644 --- a/adm/visit_delete.php +++ b/adm/visit_delete.php @@ -13,6 +13,9 @@ $row = sql_fetch($sql); $min_year = (int)substr($row['min_date'], 0, 4); $now_year = (int)substr(G5_TIME_YMD, 0, 4); +if (!$min_year) { + $min_year = $now_year; +} ?>
    From d87802eb946e378a9810385acf27f3a8859cc282 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 8 Dec 2021 10:38:18 +0900 Subject: [PATCH 15/18] =?UTF-8?q?(KVE-2021-1846)=20url=20=EA=B0=92?= =?UTF-8?q?=EC=97=90=20Line=20feed=EC=9D=B8=20"%0A"=20=EA=B0=92=EC=9D=84?= =?UTF-8?q?=20=EC=82=BD=EC=9E=85=ED=95=98=EC=97=AC=20=EC=A0=84=EC=86=A1?= =?UTF-8?q?=ED=95=98=EB=8A=94=20=EA=B2=BD=EC=9A=B0=20check=5Furl=5Fhost=20?= =?UTF-8?q?=ED=95=A8=EC=88=98=20=EC=9A=B0=ED=9A=8C=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95=20(Pocas=EB=8B=98)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index b6bb9837c..8608ddd29 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3299,7 +3299,7 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) if(!$msg) $msg = 'url에 타 도메인을 지정할 수 없습니다.'; - $p = @parse_url($url); + $p = @parse_url(trim($url)); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $is_host_check = false; From 80a71fef56d4f69e8bac5cc7cd5d8b8b0b0a45bb Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 8 Dec 2021 12:28:24 +0900 Subject: [PATCH 16/18] =?UTF-8?q?=EC=84=A4=EC=B9=98=EC=8B=9C=20data/file/?= =?UTF-8?q?=20=EB=94=94=EB=A0=89=ED=86=A0=EB=A6=AC=EC=97=90=20=EA=B8=B0?= =?UTF-8?q?=EB=B3=B8=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EB=94=94=EB=A0=89?= =?UTF-8?q?=ED=86=A0=EB=A6=AC(free,=20gallery,=20notice,=20qa)=EA=B0=80=20?= =?UTF-8?q?=EB=A7=8C=EB=93=A4=EC=96=B4=EC=A7=80=EC=A7=80=20=EC=95=8A?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20(?= =?UTF-8?q?=EC=9E=91=EC=9D=80=EB=B3=84=EB=8B=98,211206)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/install_db.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/install/install_db.php b/install/install_db.php index 09c6b96b6..b5ed70b38 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -529,6 +529,13 @@ for ($i=0; $i Date: Thu, 9 Dec 2021 10:45:48 +0900 Subject: [PATCH 17/18] =?UTF-8?q?url=EC=97=90=20=ED=83=80=EB=8F=84?= =?UTF-8?q?=EB=A9=94=EC=9D=B8=EC=9D=84=20=EC=A7=80=EC=A0=95=ED=95=A0=20?= =?UTF-8?q?=EC=88=98=20=EC=9E=88=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95=20(Pocas=EB=8B=98,211208)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/common.lib.php b/lib/common.lib.php index 8608ddd29..83ef9c3b0 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3299,6 +3299,7 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) if(!$msg) $msg = 'url에 타 도메인을 지정할 수 없습니다.'; + $url = urldecode($url); $p = @parse_url(trim($url)); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $is_host_check = false; From 796b6d9ab135048c334182c0f959e5a0c1dcbe16 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 9 Dec 2021 10:48:40 +0900 Subject: [PATCH 18/18] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.19=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index 7224acd9a..0cfde7b1f 100644 --- a/version.php +++ b/version.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.18'); +define('G5_GNUBOARD_VER', '5.4.19'); // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.