From 2e81619ea87bc9c0b4a073d8df3c7693a6fdbf0d Mon Sep 17 00:00:00 2001 From: kagla Date: Tue, 14 Dec 2021 16:10:41 +0900 Subject: [PATCH 1/6] =?UTF-8?q?$kind=20=EB=B3=80=EC=88=98=EB=A5=BC=20?= =?UTF-8?q?=EC=9D=B4=EC=9A=A9=ED=95=9C=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90?= =?UTF-8?q?=20=EC=88=98=EC=A0=95=20(Pocas=EB=8B=98,211214)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbs/memo.php b/bbs/memo.php index 8dc446c13..86ffb7930 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -15,8 +15,10 @@ if ($kind == 'recv') $unkind = 'send'; else if ($kind == 'send') $unkind = 'recv'; -else +else { + $kind = clean_xss_tags(trim($kind)); alert(''.$kind .'값을 넘겨주세요.'); +} if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) From dfa677aadb9b224fc3b5d91c56abb49cf801c8e0 Mon Sep 17 00:00:00 2001 From: projectSylas Date: Wed, 15 Dec 2021 11:32:06 +0900 Subject: [PATCH 2/6] =?UTF-8?q?=EC=87=BC=ED=95=91=EB=AA=B0=20=EA=B2=80?= =?UTF-8?q?=EC=83=89=EC=8B=9C=20PC=EC=9D=98=20'=EC=A0=84=EC=B2=B4=EB=B6=84?= =?UTF-8?q?=EB=A5=98'=EA=B0=80=200=EC=9C=BC=EB=A1=9C=20=ED=91=9C=EC=8B=9C?= =?UTF-8?q?=EB=90=98=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20?= =?UTF-8?q?(=EC=BD=9C=EB=9D=BC=EC=8B=9C=EB=9F=AC=EB=8B=98,211215)=20?= =?UTF-8?q?=EC=A0=84=EC=B2=B4=EB=B6=84=EB=A5=98=EA=B0=80=20=EC=95=9E?= =?UTF-8?q?=EC=97=90=20=EB=82=98=EC=98=A4=EB=8F=84=EB=A1=9D=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/shop/basic/search.skin.php | 2 +- skin/shop/basic/search.skin.php | 2 +- theme/basic/mobile/skin/shop/basic/search.skin.php | 2 +- theme/basic/skin/shop/basic/search.skin.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mobile/skin/shop/basic/search.skin.php b/mobile/skin/shop/basic/search.skin.php index 5bd7323c1..0f07cb3b6 100644 --- a/mobile/skin/shop/basic/search.skin.php +++ b/mobile/skin/shop/basic/search.skin.php @@ -44,12 +44,12 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
diff --git a/skin/shop/basic/search.skin.php b/skin/shop/basic/search.skin.php index 5b05d53a7..66f624fa0 100644 --- a/skin/shop/basic/search.skin.php +++ b/skin/shop/basic/search.skin.php @@ -42,8 +42,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
    전체분류 ('.$total_count.')'.PHP_EOL; $total_cnt = 0; - echo '
  • 전체분류 ('.$total_cnt.')
    • '.PHP_EOL; foreach((array) $categorys as $row){ if( empty($row) ) continue; echo "
  • {$row['ca_name']} (".$row['cnt'].")
    • \n"; diff --git a/theme/basic/mobile/skin/shop/basic/search.skin.php b/theme/basic/mobile/skin/shop/basic/search.skin.php index 5bd7323c1..0f07cb3b6 100644 --- a/theme/basic/mobile/skin/shop/basic/search.skin.php +++ b/theme/basic/mobile/skin/shop/basic/search.skin.php @@ -44,12 +44,12 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
    diff --git a/theme/basic/skin/shop/basic/search.skin.php b/theme/basic/skin/shop/basic/search.skin.php index c20e9fcbe..e1cf4bace 100644 --- a/theme/basic/skin/shop/basic/search.skin.php +++ b/theme/basic/skin/shop/basic/search.skin.php @@ -42,8 +42,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
      전체분류 ('.$total_count.')'.PHP_EOL; $total_cnt = 0; - echo '
    • 전체분류 ('.$total_cnt.')
      • '.PHP_EOL; foreach((array) $categorys as $row){ if( empty($row) ) continue; echo "
    • {$row['ca_name']} (".$row['cnt'].")
      • \n"; From 26f6b802b71044dd807e770ded1bc449610dc9dc Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 22 Dec 2021 10:37:15 +0900 Subject: [PATCH 3/6] =?UTF-8?q?SMS5=20=EC=86=94=EB=A3=A8=EC=85=98=20?= =?UTF-8?q?=EC=84=A4=EC=B9=98=EC=8B=9C=20=EB=B6=88=ED=95=84=EC=9A=94?= =?UTF-8?q?=ED=95=9C=20=EB=B3=80=EC=88=98=20=EC=82=AD=EC=A0=9C=20(?= =?UTF-8?q?=EC=9E=91=EC=9D=80=EB=B3=84=EB=8B=98,211222)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/install.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/adm/sms_admin/install.php b/adm/sms_admin/install.php index c5405c3d2..afd88fb83 100644 --- a/adm/sms_admin/install.php +++ b/adm/sms_admin/install.php @@ -61,11 +61,6 @@ for ($i=0; $idocument.getElementById('sms5_job_01').innerHTML='전체 테이블 생성 완료';"; flush(); usleep(50000); -$read_point = -1; -$write_point = 5; -$comment_point = 1; -$download_point = -20; - //------------------------------------------------------------------------------------------------- // config 테이블 설정 $sql = " insert into {$g5['sms5_book_group_table']} set bg_name='미분류'"; From f8480a41c8cf89c54b551204eb068fb3276d90c0 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 22 Dec 2021 10:52:27 +0900 Subject: [PATCH 4/6] =?UTF-8?q?=EC=A4=91=EB=B3=B5=EB=90=9C=20=20?= =?UTF-8?q?=ED=83=9C=EA=B7=B8=20=ED=95=9C=EA=B0=9C=20=EC=82=AD=EC=A0=9C=20?= =?UTF-8?q?(=EA=B9=80=EC=B2=A0=EC=9A=A9=EB=8B=98,211222)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/qa/basic/view.skin.php | 2 +- theme/basic/skin/qa/basic/view.skin.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/skin/qa/basic/view.skin.php b/skin/qa/basic/view.skin.php index a8db766a5..a47b8528d 100644 --- a/skin/qa/basic/view.skin.php +++ b/skin/qa/basic/view.skin.php @@ -123,7 +123,7 @@ add_stylesheet('', 0); diff --git a/theme/basic/skin/qa/basic/view.skin.php b/theme/basic/skin/qa/basic/view.skin.php index a8db766a5..a47b8528d 100644 --- a/theme/basic/skin/qa/basic/view.skin.php +++ b/theme/basic/skin/qa/basic/view.skin.php @@ -123,7 +123,7 @@ add_stylesheet('', 0); From 20c94e5b0af4bb4fa46972f57815857c904fb694 Mon Sep 17 00:00:00 2001 From: kagla Date: Tue, 14 Dec 2021 16:10:41 +0900 Subject: [PATCH 5/6] =?UTF-8?q?[=EB=B3=B4=EC=95=88=ED=8C=A8=EC=B9=98]=20$k?= =?UTF-8?q?ind=20=EB=B3=80=EC=88=98=EB=A5=BC=20=EC=9D=B4=EC=9A=A9=ED=95=9C?= =?UTF-8?q?=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95=20(Po?= =?UTF-8?q?cas=EB=8B=98,211214)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbs/memo.php b/bbs/memo.php index 8dc446c13..86ffb7930 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -15,8 +15,10 @@ if ($kind == 'recv') $unkind = 'send'; else if ($kind == 'send') $unkind = 'recv'; -else +else { + $kind = clean_xss_tags(trim($kind)); alert(''.$kind .'값을 넘겨주세요.'); +} if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) From a73967dd9a4218b7a75d58814fcc56c1290862bb Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 22 Dec 2021 11:05:18 +0900 Subject: [PATCH 6/6] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.20=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index 0cfde7b1f..d52b1eabd 100644 --- a/version.php +++ b/version.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.19'); +define('G5_GNUBOARD_VER', '5.4.20'); // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617) // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.