Merge remote-tracking branch '그누보드/master'

adm/board_form_update.php

@@ -39,14 +39,17 @@ $bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]
 $check_captcha = false;
 
 // 관리자가 자동등록방지 CAPTCHA를 사용해야 할 경우
-if ($w === 'u') {
+// 최고 관리자인 경우에만 수정가능
-    if (isset($board['bo_include_head'], $board['bo_include_tail']) &&
+if ($is_admin === 'super') {
-        ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail)) {
+    if ($w === 'u') {
-        $check_captcha = true;
+        if (isset($board['bo_include_head'], $board['bo_include_tail']) &&
-    }
+            ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail)) {
-} elseif ($w === '') {
+            $check_captcha = true;
-    if ($bo_include_head !== '_head.php' || $bo_include_tail !== '_tail.php') {
+        }
-        $check_captcha = true;
+    } elseif ($w === '') {
+        if ($bo_include_head !== '_head.php' || $bo_include_tail !== '_tail.php') {
+            $check_captcha = true;
+        }
     }
 }
 

adm/css/admin.css

@@ -587,7 +587,7 @@ td.td_grpset {width:160px;border-left:1px solid #e9ecee;text-align:center}
 .td_time{text-align:center;width:130px}
 .td_center{text-align:center;}
 .td_type{width:120px}
-.td_consent{width:200px}
+.td_consent{min-width:70px;max-width:200px}
 
 .td_mng_s{width:60px}
 .td_mng_m{width:100px}

adm/member_list.php

@@ -127,7 +127,7 @@ $colspan = 16;
                     <th scope="col" rowspan="2" id="mb_list_cert"><?php echo subject_sort_link('mb_certify', '', 'desc') ?>본인확인</a></th>
                     <th scope="col" id="mb_list_mailc"><?php echo subject_sort_link('mb_email_certify', '', 'desc') ?>메일인증</a></th>
                     <th scope="col" id="mb_list_open"><?php echo subject_sort_link('mb_open', '', 'desc') ?>정보공개</a></th>
-                    <th scope="col" id="mb_list_mailr"><?php echo subject_sort_link('mb_mailling', '', 'desc') ?>광고성이메일수신</a></th>
+                    <th scope="col" id="mb_list_mailr"><?php echo subject_sort_link('mb_mailling', '', 'desc') ?>광고성이메일</a></th>
                     <th scope="col" id="mb_list_auth">상태</th>
                     <th scope="col" id="mb_list_mobile">휴대폰</th>
                     <th scope="col" id="mb_list_lastcall"><?php echo subject_sort_link('mb_today_login', '', 'desc') ?>최종접속</a></th>
@@ -137,9 +137,9 @@ $colspan = 16;
                 <tr>
                     <th scope="col" id="mb_list_name"><?php echo subject_sort_link('mb_name') ?>이름</a></th>
                     <th scope="col" id="mb_list_nick"><?php echo subject_sort_link('mb_nick') ?>닉네임</a></th>
-                    <th scope="col" id="mb_list_sms"><?php echo subject_sort_link('mb_sms', '', 'desc') ?>광고성SMS/카카오톡수신</a></th>
                     <th scope="col" id="mb_list_adultc"><?php echo subject_sort_link('mb_adult', '', 'desc') ?>성인인증</a></th>
                     <th scope="col" id="mb_list_auth"><?php echo subject_sort_link('mb_intercept_date', '', 'desc') ?>접근차단</a></th>
+                    <th scope="col" id="mb_list_sms"><?php echo subject_sort_link('mb_sms', '', 'desc') ?>광고성SMS</a></th>
                     <th scope="col" id="mb_list_deny"><?php echo subject_sort_link('mb_level', '', 'desc') ?>권한</a></th>
                     <th scope="col" id="mb_list_tel">전화번호</th>
                     <th scope="col" id="mb_list_join"><?php echo subject_sort_link('mb_datetime', '', 'desc') ?>가입일</a></th>
@@ -258,7 +258,7 @@ $colspan = 16;
                             <input type="checkbox" name="mb_open[<?php echo $i; ?>]" <?php echo $row['mb_open'] ? 'checked' : ''; ?> value="1" id="mb_open_<?php echo $i; ?>">
                         </td>
                         <td headers="mb_list_mailr" class="td_consent">
-                            <label for="mb_mailling_<?php echo $i; ?>" class="sound_only">메일수신</label>
+                            <label for="mb_mailling_<?php echo $i; ?>" class="sound_only">광고성이메일수신</label>
                             <input type="checkbox" name="mb_mailling[<?php echo $i; ?>]" <?php echo $row['mb_mailling'] ? 'checked' : ''; ?> value="1" id="mb_mailling_<?php echo $i; ?>">
                             <input type="hidden" name="mb_mailling_default[<?php echo $i; ?>]" value="<?php echo isset($row['mb_mailling']) ? $row['mb_mailling'] : '0'; ?> " id="mb_mailling_default_<?php echo $i; ?>">
                         </td>
@@ -281,12 +281,6 @@ $colspan = 16;
                         <td headers="mb_list_nick" class="td_name sv_use">
                             <div><?php echo $mb_nick ?></div>
                         </td>
-
-                        <td headers="mb_list_sms">
-                            <label for="mb_sms_<?php echo $i; ?>" class="sound_only">SMS수신</label>
-                            <input type="checkbox" name="mb_sms[<?php echo $i; ?>]" <?php echo $row['mb_sms'] ? 'checked' : ''; ?> value="1" id="mb_sms_<?php echo $i; ?>">
-                            <input type="hidden" name="mb_sms_default[<?php echo $i; ?>]" value="<?php echo isset($row['mb_sms']) ? $row['mb_sms'] : '0'; ?> " id="mb_sms_default_<?php echo $i; ?>">
-                        </td>
                         <td headers="mb_list_adultc">
                             <label for="mb_adult_<?php echo $i; ?>" class="sound_only">성인인증</label>
                             <input type="checkbox" name="mb_adult[<?php echo $i; ?>]" <?php echo $row['mb_adult'] ? 'checked' : ''; ?> value="1" id="mb_adult_<?php echo $i; ?>">
@@ -297,6 +291,11 @@ $colspan = 16;
                                 <label for="mb_intercept_date_<?php echo $i; ?>" class="sound_only">접근차단</label>
                             <?php } ?>
                         </td>
+                        <td headers="mb_list_sms">
+                            <label for="mb_sms_<?php echo $i; ?>" class="sound_only">광고성SMS/카카오톡수신</label>
+                            <input type="checkbox" name="mb_sms[<?php echo $i; ?>]" <?php echo $row['mb_sms'] ? 'checked' : ''; ?> value="1" id="mb_sms_<?php echo $i; ?>">
+                            <input type="hidden" name="mb_sms_default[<?php echo $i; ?>]" value="<?php echo isset($row['mb_sms']) ? $row['mb_sms'] : '0'; ?> " id="mb_sms_default_<?php echo $i; ?>">
+                        </td>
                         <td headers="mb_list_auth" class="td_mbstat">
                             <?php echo get_member_level_select("mb_level[$i]", 1, $member['mb_level'], $row['mb_level']) ?>
                         </td>

adm/shop_admin/configformupdate.php

@@ -64,6 +64,8 @@ foreach($check_skin_keys as $key){
     if( isset($_POST[$key]) && preg_match('#\.+(\/|\\\)#', $_POST[$key]) ){
         alert('스킨설정에 유효하지 문자가 포함되어 있습니다.');
     }
+    
+    $$key = $_POST[$key] = sql_real_escape_string($_POST[$key]);
 }
 
 // 현금영수증 발급수단

adm/shop_admin/itemeventform.php

@@ -67,7 +67,9 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
     for ($i=0; $i<$len; $i++)
         $nbsp .= "&nbsp;&nbsp;&nbsp;";
 
-    $category_select .= "<option value=\"{$row['ca_id']}\">$nbsp{$row['ca_name']}</option>\n";
+    // 전체 카테고리 경로 표시
+    $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row['ca_id']) : $row['ca_name'];
+    $category_select .= "<option value=\"{$row['ca_id']}\">$nbsp{$category_path}</option>\n";
 }
 
 // 모바일 1줄당 이미지수 필드 추가

adm/shop_admin/itemeventlist.php

@@ -107,7 +107,9 @@ if($ev_id) {
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemform.php

@@ -147,7 +147,9 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
     for ($i=0; $i<$len; $i++)
         $nbsp .= "&nbsp;&nbsp;&nbsp;";
     
-    $category_select .= "<option value=\"{$row['ca_id']}\">$nbsp{$row['ca_name']}</option>\n";
+    // 전체 카테고리 경로 표시 (예: 남성의류 > 상의 > 셔츠)
+    $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row['ca_id']) : $row['ca_name'];
+    $category_select .= "<option value=\"{$row['ca_id']}\">$nbsp{$category_path}</option>\n";
     
     $script .= "ca_use['{$row['ca_id']}'] = {$row['ca_use']};\n";
     $script .= "ca_stock_qty['{$row['ca_id']}'] = {$row['ca_stock_qty']};\n";
@@ -1394,7 +1396,9 @@ $(function(){
                             for ($i=0; $i<$len; $i++)
                                 $nbsp .= "&nbsp;&nbsp;&nbsp;";
 
-                            echo "<option value=\"{$row['ca_id']}\">$nbsp{$row['ca_name']}</option>\n";
+                            // 전체 카테고리 경로 표시
+                            $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row['ca_id']) : $row['ca_name'];
+                            echo "<option value=\"{$row['ca_id']}\">$nbsp{$category_path}</option>\n";
                         }
                     ?>
                 </select>

adm/shop_admin/itemlist.php

@@ -25,7 +25,8 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
     for ($i=0; $i<$len; $i++) {
         $nbsp .= '&nbsp;&nbsp;&nbsp;';
     }
-    $ca_list .= '<option value="'.$row['ca_id'].'">'.$nbsp.$row['ca_name'].'</option>'.PHP_EOL;
+    $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row['ca_id']) : $row['ca_name'];
+    $ca_list .= '<option value="'.$row['ca_id'].'">'.$nbsp.$category_path.'</option>'.PHP_EOL;
 }
 
 $where = " and ";
@@ -100,7 +101,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = '';
         for ($i=0; $i<$len; $i++) $nbsp .= '&nbsp;&nbsp;&nbsp;';
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sca, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sca, $row1['ca_id']).'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemqalist.php

@@ -79,7 +79,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
         $selected = ($row1['ca_id'] == $sca) ? ' selected="selected"' : '';
-        echo '<option value="'.$row1['ca_id'].'"'.$selected.'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'"'.$selected.'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemsellrank.php

@@ -83,7 +83,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemstocklist.php

@@ -82,7 +82,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemtypelist.php

@@ -98,7 +98,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sca, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sca, $row1['ca_id']).'>'.$nbsp.$category_path.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/itemuselist.php

@@ -81,7 +81,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
         $selected = ($row1['ca_id'] == $sca) ? ' selected="selected"' : '';
-        echo '<option value="'.$row1['ca_id'].'"'.$selected.'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'"'.$selected.'>'.$nbsp.$category_path.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/optionstocklist.php

@@ -84,7 +84,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$row1['ca_name'].'</option>'.PHP_EOL;
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo '<option value="'.$row1['ca_id'].'" '.get_selected($sel_ca_id, $row1['ca_id']).'>'.$nbsp.$category_path.'</option>'.PHP_EOL;
     }
     ?>
 </select>

adm/shop_admin/wishlist.php

@@ -71,7 +71,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
         $len = strlen($row1['ca_id']) / 2 - 1;
         $nbsp = "";
         for ($i=0; $i<$len; $i++) $nbsp .= "&nbsp;&nbsp;&nbsp;";
-        echo "<option value='{$row1['ca_id']}'".get_selected($row1['ca_id'], $sel_ca_id).">$nbsp{$row1['ca_name']}\n";
+        // 전체 카테고리 경로 표시
+        $category_path = function_exists('get_shop_category_path') ? get_shop_category_path($row1['ca_id']) : $row1['ca_name'];
+        echo "<option value='{$row1['ca_id']}'".get_selected($row1['ca_id'], $sel_ca_id).">$nbsp{$category_path}\n";
     }
     ?>
 </select>

bbs/formmail_send.php

@@ -40,6 +40,12 @@ if ($type) {
 else
     $mail_content = $content;
 
+// 환경설정에서 폼메일 사용 여부가 회원만 사용에 체크되어 있으면
+if ($config['cf_formmail_is_member']) {
+    $fnick = (isset($member['mb_nick']) && $member['mb_nick']) ? $member['mb_nick'] : $member['mb_name'];
+    $fmail = $member['mb_email'];
+}
+
 mailer($fnick, $fmail, $to, $subject, $mail_content, $type, $file);
 
 // 임시 첨부파일 삭제

bbs/write.php

@@ -346,8 +346,10 @@ if ($w == '') {
     }
 
     for($i=0;$i<$file_count;$i++){
-        if(! isset($file[$i])) {
+        if (!isset($file[$i])) {
             $file[$i] = array('file'=>null, 'source'=>null, 'size'=>null, 'bf_content' => null);
+        } else {
+            $file[$i]['bf_content'] = isset($file[$i]['bf_content']) ? htmlspecialchars($file[$i]['bf_content'], ENT_QUOTES, 'UTF-8', false) : null;
         }
     }
 

config.php

@@ -173,7 +173,7 @@ define('G5_DIR_PERMISSION',  0755); // 디렉토리 생성시 퍼미션
 define('G5_FILE_PERMISSION', 0644); // 파일 생성시 퍼미션
 
 // 모바일 인지 결정 $_SERVER['HTTP_USER_AGENT']
-define('G5_MOBILE_AGENT',   'phone|samsung|lgtel|mobile|[^A]skt|nokia|blackberry|BB10|android|sony');
+define('G5_MOBILE_AGENT',   'phone|samsung.*mobile|lgtel|mobile|[^A]skt|nokia|blackberry|BB10|android|sony');
 
 // SMTP
 // lib/mailer.lib.php 에서 사용

install/install_db.php

@@ -158,7 +158,7 @@ if ($g5_install || $is_install === false) {
                     cf_theme = 'basic',
                     cf_admin = '$admin_id',
                     cf_admin_email = '$admin_email',
-                    cf_admin_email_name = '".G5_VERSION."',
+                    cf_admin_email_name = '".G5_VERSION.'_'.substr(base_convert(mt_rand(), 10, 36), 0, 6)."',
                     cf_use_point = '1',
                     cf_use_copy_log = '1',
                     cf_login_point = '100',

lib/common.lib.php

@@ -3951,10 +3951,16 @@ class str_encrypt
 
     function __construct($salt='')
     {
-        if(!$salt)
+        global $config;
-            $this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), $_SERVER['SERVER_SOFTWARE'].$_SERVER['DOCUMENT_ROOT']));
+        
-        else
+        if (!$salt) {
+            $config_hash = md5(serialize(array($config['cf_title'], $config['cf_theme'], $config['cf_admin_email_name'], $config['cf_login_point'], $config['cf_memo_send_point'])));
+            
+            //$this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr($config_hash, -1), $_SERVER['SERVER_SOFTWARE'].$config_hash.$_SERVER['DOCUMENT_ROOT']));
+            $this->salt = hash('sha256', preg_replace('/[^0-9A-Za-z]/', substr($config_hash, -1), $_SERVER['SERVER_SOFTWARE'].$config_hash.$_SERVER['DOCUMENT_ROOT']));
+        } else {
             $this->salt = $salt;
+        }
 
         $this->length = strlen($this->salt);
     }

lib/shop.lib.php

@@ -2461,7 +2461,7 @@ function get_itemuselist_thumbnail($it_id, $contents, $thumb_width, $thumb_heigh
 }
 
 function shop_is_taxsave($od, $is_view_receipt=false){
-	global $default, $is_memeber;
+	global $default, $is_member;
 
 	$od_pay_type = '';
 
@@ -2770,6 +2770,50 @@ function get_item_images_info($it, $size=array(), $image_width=0, $image_height=
     return $images; 
 }
 
+// 카테고리 전체 경로를 가져오는 함수 (예: 남성의류 > 상의 > 셔츠)
+function get_shop_category_path($ca_id, $separator = ' > ')
+{
+    global $g5;
+    static $category_cache = array(); // 카테고리명 캐시
+    static $path_cache = array();     // 경로 캐시
+
+    if (!$ca_id) return '';
+
+    // 동일한 separator로 이미 조회한 경로가 있으면 캐시에서 반환
+    $cache_key = $ca_id . '|' . $separator;
+    if (isset($path_cache[$cache_key])) {
+        return $path_cache[$cache_key];
+    }
+
+    $path_arr = array();
+    $ca_id_len = strlen($ca_id);
+
+    // 카테고리 ID를 2자리씩 분할하여 각 단계의 카테고리명을 조회
+    for ($i = 2; $i <= $ca_id_len; $i += 2) {
+        $current_ca_id = substr($ca_id, 0, $i);
+
+        // 캐시에 없으면 DB 조회
+        if (!isset($category_cache[$current_ca_id])) {
+            $sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '$current_ca_id' ";
+            $row = sql_fetch($sql);
+            if ($row) {
+                $category_cache[$current_ca_id] = $row['ca_name'];
+            } else {
+                $category_cache[$current_ca_id] = '';
+            }
+        }
+
+        if ($category_cache[$current_ca_id]) {
+            $path_arr[] = $category_cache[$current_ca_id];
+        }
+    }
+
+    $result = implode($separator, $path_arr);
+    $path_cache[$cache_key] = $result; // 결과를 캐시에 저장
+
+    return $result;
+}
+
 function check_payment_method($od_settle_case) {
     global $default;
 

lib/thumbnail.lib.php

@@ -276,10 +276,9 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
     // $thumb_file = "$target_path/thumb-{$thumb_filename}_{$thumb_width}x{$thumb_height}.".$ext[$size[2]];
     $thumb_file = "$target_path/thumb-{$thumb_filename}_{$thumb_width}x{$thumb_height}.".$file_ext;
 
-    $thumb_time = @filemtime($thumb_file);
-    $source_time = @filemtime($source_file);
-
     if (file_exists($thumb_file)) {
+        $thumb_time = @filemtime($thumb_file);
+        $source_time = @filemtime($source_file);
         if ($is_create == false && $source_time < $thumb_time) {
             return basename($thumb_file);
         }

mobile/shop/orderform.sub.php

@@ -1499,8 +1499,8 @@ function pay_approval()
                 break;
         }
         f.method.value = pay_method;
-        f.orderId.value = '<?=$od_id?>';
+        f.orderId.value = "<?php echo $od_id; ?>";
-        f.orderName.value = '<?=$goods?>';
+        f.orderName.value = "<?php echo $goods; ?>";
 
         f.customerName.value = pf.od_name.value;
         f.customerEmail.value = pf.od_email.value;
@@ -1523,6 +1523,10 @@ function pay_approval()
 
         f.amountCurrency.value = 'KRW';
         f.amountValue.value = f.good_mny.value;
+        if (pf && pf.amountValue) {
+            pf.amountValue.value = f.good_mny.value;
+        }
+        
         <?php if($default['de_tax_flag_use']) { ?>
         f.taxFreeAmount.value = pf.comm_free_mny.value;
         <?php } ?>

mobile/shop/personalpayformupdate.php

@@ -183,7 +183,7 @@ if((int)$pp['pp_price'] !== (int)$pg_price) {
             include G5_SHOP_PATH.'/lg/xpay_cancel.php';
             break;
         case 'toss':
-            include G5_SHOP_PATH.'/toss/toss_result.php';
+            include G5_SHOP_PATH.'/toss/toss_cancel.php';
             break;
         case 'inicis':
             include G5_SHOP_PATH.'/inicis/inipay_cancel.php';
@@ -271,7 +271,7 @@ if($pp_receipt_price > 0 && $pp['pp_id'] && $pp['od_id']) {
                 include G5_SHOP_PATH.'/lg/xpay_cancel.php';
                 break;
             case 'toss':
-                include G5_SHOP_PATH.'/toss/toss_result.php';
+                include G5_SHOP_PATH.'/toss/toss_cancel.php';
                 break;
             case 'inicis':
                 include G5_SHOP_PATH.'/inicis/inipay_cancel.php';

mobile/shop/toss/toss_approval.php

@@ -90,7 +90,7 @@ foreach($payReqMap as $key => $value) {
 * 수정불가.
 */
 const clientKey = "<?php echo $config['cf_toss_client_key']; ?>";
-const customerKey = "<?php echo isset($member['mb_id']) ? $member['mb_id'] : ''; ?>";
+const customerKey = "<?php echo $is_member ? $member['mb_id'] : md5(get_session('ss_order_id')); ?>";
 const tossPayments = TossPayments(clientKey);
 
 const payment = tossPayments.payment({ customerKey });

shop/naverpay/naverpay_order.php

@@ -3,6 +3,8 @@ include_once('./_common.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');
 
+if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return;
+
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
 $post_naverpay_form = isset($_POST['naverpay_form']) ? clean_xss_tags($_POST['naverpay_form']) : '';
 
@@ -98,6 +100,7 @@ for($i=0; $i<$count; $i++) {
     $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0;
     
     if( ! $it_id) continue;
+    if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue;
     
     if($opt_count && $_POST['io_type'][$it_id][0] != 0)
         return_error2json('상품의 선택옵션을 선택해 주십시오.');

shop/naverpay/naverpay_wish.php

@@ -3,6 +3,8 @@ include_once('./_common.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');
 
+if (!(defined('G5_SHOP_USE_NAVERPAY') && G5_SHOP_USE_NAVERPAY)) return;
+
 $count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
 
 if ($count < 1)
@@ -14,6 +16,8 @@ $item  = '';
 for($i=0; $i<$count; $i++) {
     $it_id = isset($_POST['it_id']) ? $_POST['it_id'][$i] : '';
     
+    if (!preg_match('/^[a-zA-Z0-9_-]+$/', $it_id)) continue;
+
     // 상품정보
     $it = get_shop_item($it_id, true);
     if(! (isset($it['it_id']) && $it['it_id']))

shop/orderinquiryview.php

@@ -410,13 +410,13 @@ if($od['od_pg'] == 'lg') {
                 // 현금영수증 발급을 사용하는 경우에만
                 if ((function_exists('shop_is_taxsave') && shop_is_taxsave($od)) || (function_exists('is_order_cashreceipt') && is_order_cashreceipt($od))) {
                     // 미수금이 없고 현금일 경우에만 현금영수증을 발급 할 수 있습니다.
-                    if ($misu_price == 0 && is_order_cashreceipt($od)) {
+                    if ($misu_price == 0) {
                 ?>
                 <tr>
                     <th scope="row">현금영수증</th>
                     <td>
                     <?php
-                    if ($od['od_cash'])
+                    if ($od['od_cash'] && is_order_cashreceipt($od))
                     {
                         if($od['od_pg'] == 'lg') {
                             require_once G5_SHOP_PATH.'/settle_lg.inc.php';

shop/settle_naverpay.inc.php

@@ -15,6 +15,8 @@ if(basename($_SERVER['SCRIPT_NAME']) == 'item.php') {
         return;
 }
 
+define('G5_SHOP_USE_NAVERPAY', 1);
+
 $naverpay_button_js = '';
 
 $is_mobile_order = is_mobile();

shop/toss/orderform.1.php

@@ -13,7 +13,7 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
 * 수정불가.
 */
 const clientKey = "<?php echo $config['cf_toss_client_key']; ?>";
-const customerKey = "<?php echo isset($member['mb_id']) ? $member['mb_id'] : ''; ?>";
+const customerKey = "<?php echo $is_member ? $member['mb_id'] : md5(get_session('ss_order_id')); ?>";
 const tossPayments = TossPayments(clientKey);
 
 const payment = tossPayments.payment({ customerKey });

shop/toss/toss_result.php

@@ -16,9 +16,9 @@ $row = sql_fetch($sql);
 
 $data = isset($row['dt_data']) ? unserialize(base64_decode($row['dt_data'])) : array();
 
-$amount = isset($data['amountValue']) ? $data['amountValue'] : 0;
+$amount = isset($data['amountValue']) ? (int)$data['amountValue'] : 0;
 
-if ($amount <= 0) {
+if ($amount <= 0 || $amount !== (int)$order_price) {
     alert('결제금액이 올바르지 않습니다.', G5_SHOP_URL);
 }
 

theme/basic/shop/orderinquiryview.php

@@ -536,13 +536,13 @@ if($od['od_pg'] == 'lg') {
                 // 현금영수증 발급을 사용하는 경우 또는 현금영수증 발급을 한 주문건이면
 	            if ((function_exists('shop_is_taxsave') && shop_is_taxsave($od)) || (function_exists('is_order_cashreceipt') && is_order_cashreceipt($od))) {
 	                // 미수금이 없고 현금일 경우에만 현금영수증을 발급 할 수 있습니다.
-	                if ($misu_price == 0 && is_order_cashreceipt($od)) {
+	                if ($misu_price == 0) {
 	            ?>
 	            <li>
 	                <strong class="letter-2px">현금영수증</strong>
 	                <span>
 	                <?php
-	                if ($od['od_cash'])
+	                if ($od['od_cash'] && is_order_cashreceipt($od))
 	                {
 	                    if($od['od_pg'] == 'lg') {
 	                        require_once G5_SHOP_PATH.'/settle_lg.inc.php';

version.php

@@ -2,7 +2,7 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.6.23');
+define('G5_GNUBOARD_VER', '5.6.24');
 // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617)
 // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함
 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.