diff --git a/bbs/login_check.php b/bbs/login_check.php index fd83a67bb..a66ed1c44 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -31,7 +31,8 @@ if ($mb['mb_leave_date'] && $mb['mb_leave_date'] <= date("Ymd", G5_SERVER_TIME)) } if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_certify'])) { - confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL.'/register_email.php?mb_id='.$mb_id); + $ckey = md5($mb['mb_ip'].$mb['mb_datetime']); + confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL.'/register_email.php?mb_id='.$mb_id.'&ckey='.$ckey); } @include_once($member_skin_path.'/login_check.skin.php'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index be8193ce3..7e1c10226 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -403,7 +403,7 @@ if($w == 'a' && $write['qa_email_recv'] && trim($write['qa_email'])) { include_once(G5_LIB_PATH.'/mailer.lib.php'); $subject = $config['cf_title'].' '.$qaconfig['qa_title'].' 답변 알림 메일'; - $content = nl2br(conv_unescape_nl($qa_content)); + $content = nl2br(conv_unescape_nl(stripslashes($qa_content))); mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $write['qa_email'], $subject, $content, 1); } @@ -413,7 +413,7 @@ if(($w == '' || $w == 'r') && trim($qaconfig['qa_admin_email'])) { include_once(G5_LIB_PATH.'/mailer.lib.php'); $subject = $config['cf_title'].' '.$qaconfig['qa_title'].' 질문 알림 메일'; - $content = nl2br(conv_unescape_nl($qa_content)); + $content = nl2br(conv_unescape_nl(stripslashes($qa_content))); mailer($config['cf_admin_email_name'], $qa_email, $qaconfig['qa_admin_email'], $subject, $content, 1); } diff --git a/bbs/register_email.php b/bbs/register_email.php index e7fc92537..2d83f2c72 100644 --- a/bbs/register_email.php +++ b/bbs/register_email.php @@ -6,11 +6,17 @@ $g5['title'] = '메일인증 메일주소 변경'; include_once('./_head.php'); $mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20); -$sql = " select mb_email, mb_datetime, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; +$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; $mb = sql_fetch($sql); if (substr($mb['mb_email_certify'],0,1)!=0) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } + +$ckey = trim($_GET['ckey']); +$key = md5($mb['mb_ip'].$mb['mb_datetime']); + +if(!$ckey || $ckey != $key) + alert('올바른 방법으로 이용해 주십시오.', G5_URL); ?>

메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.

diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 36fe66f8f..12287c668 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,12 +3,15 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = trim($_POST['mb_id']); -$mb_email = trim($_POST['mb_email']); +$mb_id = substr(clean_xss_tags($_POST['mb_id']), 0, 20); +$mb_email = get_email_address(trim($_POST['mb_email'])); -$sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; +if(!$mb_id || !$mb_email) + alert('올바른 방법으로 이용해 주십시오.', G5_URL); + +$sql = " select mb_name, mb_password, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and substring(mb_email_certify, 1, 1) = '0' "; $mb = sql_fetch($sql); -if ($mb) { +if (!$mb) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } diff --git a/bbs/write_update.php b/bbs/write_update.php index 0bf65612e..4bf43a4ac 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -607,7 +607,7 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai else if (strstr($html, 'html2')) $tmp_html = 2; - $wr_content = conv_content(conv_unescape_nl($wr_content), $tmp_html); + $wr_content = conv_content(conv_unescape_nl(stripslashes($wr_content)), $tmp_html); $warr = array( ''=>'입력', 'u'=>'수정', 'r'=>'답변', 'c'=>'코멘트', 'cu'=>'코멘트 수정' ); $str = $warr[$w]; diff --git a/common.php b/common.php index 079473bf3..ba1580e2e 100644 --- a/common.php +++ b/common.php @@ -227,8 +227,10 @@ $qstr = ''; if (isset($_REQUEST['sca'])) { $sca = clean_xss_tags(trim($_REQUEST['sca'])); - if ($sca) + if ($sca) { + $sca = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)]/", "", $sca); $qstr .= '&sca=' . urlencode($sca); + } } else { $sca = ''; } diff --git a/config.php b/config.php index 15cf62fb1..087d32ba7 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.1.11'); +define('G5_GNUBOARD_VER', '5.1.12'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); diff --git a/head.sub.php b/head.sub.php index e70da0c59..00220f503 100644 --- a/head.sub.php +++ b/head.sub.php @@ -74,11 +74,9 @@ var g5_bo_table = ""; var g5_sca = ""; var g5_editor = ""; var g5_cookie_domain = ""; - + +var g5_admin_url = ""; + diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php index 6eb194fdc..33998c4e1 100644 --- a/theme/basic/head.sub.php +++ b/theme/basic/head.sub.php @@ -61,11 +61,6 @@ var g5_bo_table = ""; var g5_sca = ""; var g5_editor = ""; var g5_cookie_domain = ""; - @@ -75,6 +70,8 @@ if ($is_admin) { if(G5_IS_MOBILE) { echo ''.PHP_EOL; // overflow scroll 감지 } +if(!defined('G5_IS_ADMIN')) + echo $config['cf_add_script']; ?>