From 01902c981c556a51fae387acdf5e51e2ffd17392 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 10 Dec 2014 09:30:34 +0900 Subject: [PATCH 1/5] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EB=B3=B5?= =?UTF-8?q?=EC=82=AC=20=EB=95=8C=20=EC=8B=A4=EB=AA=85=EC=82=AC=EC=9A=A9=20?= =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EB=B3=B5=EC=82=AC=EB=90=98=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy_update.php | 1 + 1 file changed, 1 insertion(+) diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index 45d856d51..feaf3093e 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -58,6 +58,7 @@ $sql = " insert into {$g5['board_table']} bo_use_rss_view = '{$board[bo_use_rss_view]}', bo_use_good = '{$board[bo_use_good]}', bo_use_nogood = '{$board[bo_use_nogood]}', + bo_use_name = '{$board[bo_use_name]}', bo_use_signature = '{$board[bo_use_signature]}', bo_use_ip_view = '{$board[bo_use_ip_view]}', bo_use_list_view = '{$board['bo_use_list_view']}', From f35bf0572681a4e7663a7a22b2ef541ae8a842e2 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 11 Dec 2014 09:24:26 +0900 Subject: [PATCH 2/5] =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=95=98=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EB=8A=94=20=ED=8C=8C=EC=9D=BC=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 1 - lib/mobile.lib.php | 145 --------------------------------------------- 2 files changed, 146 deletions(-) delete mode 100644 lib/mobile.lib.php diff --git a/common.php b/common.php index b9118e474..8a69c4539 100644 --- a/common.php +++ b/common.php @@ -266,7 +266,6 @@ $_SESSION['ss_is_mobile'] = $is_mobile; define('G5_IS_MOBILE', $is_mobile); define('G5_DEVICE_BUTTON_DISPLAY', $set_device); if (G5_IS_MOBILE) { - include_once(G5_LIB_PATH.'/mobile.lib.php'); // 모바일 전용 라이브러리 $g5['mobile_path'] = G5_PATH.'/'.$g5['mobile_dir']; } //============================================================================== diff --git a/lib/mobile.lib.php b/lib/mobile.lib.php deleted file mode 100644 index 5143791b4..000000000 --- a/lib/mobile.lib.php +++ /dev/null @@ -1,145 +0,0 @@ -"; - - preg_match("/src=[\"\']?([^\"\'\s>]+)/i", $img, $m); - $src = trim($m[1]); - //echo $src; - - // 상대경로(..)로 시작되면 sir.co.kr 도메인으로 여긴다. - $src = preg_replace("/^\.\.\//", "http://m.sir.co.kr/", $src); - $absolute = preg_replace("/^http\:\/\/(www\.)?sir\.co\.kr\/(.*)$/", "/home/sir/$2", $src); - - $thumb_dir = G5_DATA_PATH.'/thumb/'.$bo_table; - if (!is_dir($thumb_dir)) { - @mkdir($thumb_dir, G5_DIR_PERMISSION); - @chmod($thumb_dir, G5_DIR_PERMISSION); - } - - $result = true; - - if (preg_match("/\.(jpe?g|png)$/i", $src)) { - // 유일한 파일명을 만든다. - $src_md5 = md5($src.$width); - $thumb = "$thumb_dir/{$wr_id}-{$src_md5}"; - - if (!file_exists($thumb)) { - $result = mobile_create_thumb($src, $width, $thumb); - } - } - else { - $thumb = $src; - } - - if ($result) { - $size = @getimagesize($absolute); - if ($size[2] == IMAGETYPE_GIF) - $w = ($size[0] < $width) ? $size[0] : $width; - else - $w = ($size[0] < $width) ? $size[0] : "100%"; - return ""; - } - } - } else { - - foreach ($matches as $img) { - preg_match("/src=[\"\']?([^\"\'\s>]+)/i", $img, $m); - - $result = true; - - $src = trim($m[1]); - //if ($is_admin) echo $src."
"; - if (preg_match("/\.(jpe?g|png)$/i", $src)) { - // 상대경로(..)로 시작되면 도메인으로 여긴다. - $src = preg_replace("/^\.\.\//", 'http://'.$_SERVER['SERVER_NAME'].'/', $src); - - // 유일한 파일명을 만든다. - $src_md5 = md5($src.$width); - $thumb = G5_DATA_PATH.'/thumb/'.$bo_table.'-'.$wr_id.'-'.$src_md5; - - if (!file_exists($thumb)) { - $result = mobile_create_thumb($src, $width, $thumb); - } - } - else { - $thumb = $src; - } - - if ($result) { - //if ($is_admin) { $begin_time = get_microtime(); } - //echo $thumb; - $size = @getimagesize($thumb); - //if ($is_admin) print_r2($size); - if ($size[2] == IMAGETYPE_GIF) - $w = ($size[0] < $width) ? $size[0] : $width; - else - $w = ($size[0] < $width) ? $size[0] : "100%"; - //if ($is_admin) { echo "

time : "; echo get_microtime() - $begin_time; } - return ""; - } - } - - } - -} - -function mobile_embed($matches) -{ - foreach ($matches as $embed) { - //$embed = preg_replace("#height\=\d+#i", "", $embed); - //$embed = preg_replace("#width\=\d+#i", "", $embed); - - return $embed; - } -} -?> \ No newline at end of file From 525117f3fd1e5652e3ae44790cd8e8cb6da68453 Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 16 Dec 2014 09:36:46 +0900 Subject: [PATCH 3/5] =?UTF-8?q?=EA=B0=80=EC=9E=85=EA=B8=88=EC=9D=B4=20?= =?UTF-8?q?=EC=9D=B4=EB=A9=94=EC=9D=BC=20=EC=A4=91=20=EC=88=AB=EC=9E=90?= =?UTF-8?q?=EB=8F=84=EB=A9=94=EC=9D=B8=20=EC=B2=B4=ED=81=AC=EB=90=98?= =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/register.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/register.lib.php b/lib/register.lib.php index 7381efc76..303612bea 100644 --- a/lib/register.lib.php +++ b/lib/register.lib.php @@ -115,7 +115,7 @@ function prohibit_mb_email($reg_mb_email) list($id, $domain) = explode("@", $reg_mb_email); $email_domains = explode("\n", trim($config['cf_prohibit_email'])); for ($i=0; $i Date: Tue, 16 Dec 2014 16:07:00 +0900 Subject: [PATCH 4/5] =?UTF-8?q?REQUEST=5FURI=EB=A5=BC=20=EC=9D=B4=EC=9A=A9?= =?UTF-8?q?=ED=95=9C=20SQL=20Injection=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- head.sub.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/head.sub.php b/head.sub.php index 027150bf6..587d438c8 100644 --- a/head.sub.php +++ b/head.sub.php @@ -17,8 +17,8 @@ else { // 게시판 제목에 ' 포함되면 오류 발생 $g5['lo_location'] = addslashes($g5['title']); if (!$g5['lo_location']) - $g5['lo_location'] = $_SERVER['REQUEST_URI']; -$g5['lo_url'] = $_SERVER['REQUEST_URI']; + $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']); +$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']); if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = ''; /* From af3da468ee913d75094df1db3d17466aeb8e5766 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 17 Dec 2014 09:54:42 +0900 Subject: [PATCH 5/5] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=EA=B8=80=20=EB=B3=B5?= =?UTF-8?q?=EC=82=AC=20=EB=95=8C=20=EB=94=B0=EC=98=B4=ED=91=9C=EB=A1=9C=20?= =?UTF-8?q?=EC=9D=B8=ED=95=B4=20=EB=B0=9C=EC=83=9D=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy_update.php | 4 ++-- bbs/move_update.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index feaf3093e..a349e7d7a 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -180,10 +180,10 @@ if (count($file_copy)) { set bo_table = '$target_table', wr_id = '{$file_copy[$i]['wr_id']}', bf_no = '{$file_copy[$i]['bf_no']}', - bf_source = '{$file_copy[$i]['bf_source']}', + bf_source = '".addslashes($file_copy[$i]['bf_source'])."', bf_file = '{$file_copy[$i]['bf_file']}', bf_download = '{$file_copy[$i]['bf_download']}', - bf_content = '{$file_copy[$i]['bf_content']}', + bf_content = '".addslashes($file_copy[$i]['bf_content'])."', bf_filesize = '{$file_copy[$i]['bf_filesize']}', bf_width = '{$file_copy[$i]['bf_width']}', bf_height = '{$file_copy[$i]['bf_height']}', diff --git a/bbs/move_update.php b/bbs/move_update.php index 11fff763d..41b7fd4a3 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -121,7 +121,7 @@ while ($row = sql_fetch_array($result)) set bo_table = '$move_bo_table', wr_id = '$insert_id', bf_no = '{$row3['bf_no']}', - bf_source = '{$row3['bf_source']}', + bf_source = '".addslashes($row3['bf_source'])."', bf_file = '{$row3['bf_file']}', bf_download = '{$row3['bf_download']}', bf_content = '".addslashes($row3['bf_content'])."',