From 5111f026e6fe1863673b7d1709452659d5cd2b8a Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 24 Dec 2015 15:43:34 +0900 Subject: [PATCH 1/7] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=EA=B8=80=20=EB=93=B1?= =?UTF-8?q?=EB=A1=9D=20=EB=A9=94=EC=9D=BC=20=EC=9D=B4=EB=AF=B8=EC=A7=80=20?= =?UTF-8?q?=EC=B6=9C=EB=A0=A5=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/qawrite_update.php | 4 ++-- bbs/write_update.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index be8193ce3..7e1c10226 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -403,7 +403,7 @@ if($w == 'a' && $write['qa_email_recv'] && trim($write['qa_email'])) { include_once(G5_LIB_PATH.'/mailer.lib.php'); $subject = $config['cf_title'].' '.$qaconfig['qa_title'].' 답변 알림 메일'; - $content = nl2br(conv_unescape_nl($qa_content)); + $content = nl2br(conv_unescape_nl(stripslashes($qa_content))); mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $write['qa_email'], $subject, $content, 1); } @@ -413,7 +413,7 @@ if(($w == '' || $w == 'r') && trim($qaconfig['qa_admin_email'])) { include_once(G5_LIB_PATH.'/mailer.lib.php'); $subject = $config['cf_title'].' '.$qaconfig['qa_title'].' 질문 알림 메일'; - $content = nl2br(conv_unescape_nl($qa_content)); + $content = nl2br(conv_unescape_nl(stripslashes($qa_content))); mailer($config['cf_admin_email_name'], $qa_email, $qaconfig['qa_admin_email'], $subject, $content, 1); } diff --git a/bbs/write_update.php b/bbs/write_update.php index 0bf65612e..4bf43a4ac 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -607,7 +607,7 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai else if (strstr($html, 'html2')) $tmp_html = 2; - $wr_content = conv_content(conv_unescape_nl($wr_content), $tmp_html); + $wr_content = conv_content(conv_unescape_nl(stripslashes($wr_content)), $tmp_html); $warr = array( ''=>'입력', 'u'=>'수정', 'r'=>'답변', 'c'=>'코멘트', 'cu'=>'코멘트 수정' ); $str = $warr[$w]; From 92210edc161b97b59e095757140488a0535c15f4 Mon Sep 17 00:00:00 2001 From: chicpro Date: Tue, 12 Jan 2016 09:59:04 +0900 Subject: [PATCH 2/7] =?UTF-8?q?sca=20=ED=95=84=ED=84=B0=EB=A7=81=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common.php b/common.php index 079473bf3..9352ce75a 100644 --- a/common.php +++ b/common.php @@ -227,8 +227,10 @@ $qstr = ''; if (isset($_REQUEST['sca'])) { $sca = clean_xss_tags(trim($_REQUEST['sca'])); - if ($sca) + if ($sca) { + $sca = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sca); $qstr .= '&sca=' . urlencode($sca); + } } else { $sca = ''; } From cd72e1c06b95c874fdfd3c32296a37b658331094 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 20 Jan 2016 09:59:57 +0900 Subject: [PATCH 3/7] =?UTF-8?q?5.1.12=20=EB=B2=84=EC=A0=84=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 15cf62fb1..087d32ba7 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.1.11'); +define('G5_GNUBOARD_VER', '5.1.12'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); From 9df86d771e851149f1bb601efce869b7ca3875e0 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 21 Jan 2016 15:58:32 +0900 Subject: [PATCH 4/7] =?UTF-8?q?sca=20=ED=95=84=ED=84=B0=EB=A7=81=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index 9352ce75a..ba1580e2e 100644 --- a/common.php +++ b/common.php @@ -228,7 +228,7 @@ $qstr = ''; if (isset($_REQUEST['sca'])) { $sca = clean_xss_tags(trim($_REQUEST['sca'])); if ($sca) { - $sca = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sca); + $sca = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)]/", "", $sca); $qstr .= '&sca=' . urlencode($sca); } } else { From 7db9a33cef7a9c9183f342e98de54e95aa92e6aa Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 28 Jan 2016 17:02:08 +0900 Subject: [PATCH 5/7] =?UTF-8?q?=EB=A9=94=EC=9D=BC=EC=9D=B8=EC=A6=9D=20?= =?UTF-8?q?=EA=B8=B0=EB=8A=A5=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/login_check.php | 3 ++- bbs/register_email.php | 8 +++++++- bbs/register_email_update.php | 11 +++++++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/bbs/login_check.php b/bbs/login_check.php index fd83a67bb..a66ed1c44 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -31,7 +31,8 @@ if ($mb['mb_leave_date'] && $mb['mb_leave_date'] <= date("Ymd", G5_SERVER_TIME)) } if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_certify'])) { - confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL.'/register_email.php?mb_id='.$mb_id); + $ckey = md5($mb['mb_ip'].$mb['mb_datetime']); + confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL.'/register_email.php?mb_id='.$mb_id.'&ckey='.$ckey); } @include_once($member_skin_path.'/login_check.skin.php'); diff --git a/bbs/register_email.php b/bbs/register_email.php index e7fc92537..2d83f2c72 100644 --- a/bbs/register_email.php +++ b/bbs/register_email.php @@ -6,11 +6,17 @@ $g5['title'] = '메일인증 메일주소 변경'; include_once('./_head.php'); $mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20); -$sql = " select mb_email, mb_datetime, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; +$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; $mb = sql_fetch($sql); if (substr($mb['mb_email_certify'],0,1)!=0) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } + +$ckey = trim($_GET['ckey']); +$key = md5($mb['mb_ip'].$mb['mb_datetime']); + +if(!$ckey || $ckey != $key) + alert('올바른 방법으로 이용해 주십시오.', G5_URL); ?>

메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.

diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 36fe66f8f..12287c668 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,12 +3,15 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = trim($_POST['mb_id']); -$mb_email = trim($_POST['mb_email']); +$mb_id = substr(clean_xss_tags($_POST['mb_id']), 0, 20); +$mb_email = get_email_address(trim($_POST['mb_email'])); -$sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; +if(!$mb_id || !$mb_email) + alert('올바른 방법으로 이용해 주십시오.', G5_URL); + +$sql = " select mb_name, mb_password, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and substring(mb_email_certify, 1, 1) = '0' "; $mb = sql_fetch($sql); -if ($mb) { +if (!$mb) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } From e5aedd5cb1c2a0557d779128d7816a663139f709 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 28 Jan 2016 17:31:58 +0900 Subject: [PATCH 6/7] =?UTF-8?q?g5=5Fadmin=5Furl=20=EB=B3=80=EC=88=98=20?= =?UTF-8?q?=EC=84=A4=EC=A0=95=20=EC=BD=94=EB=93=9C=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.head.php | 2 ++ head.sub.php | 5 ----- theme/basic/head.sub.php | 7 ++----- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/adm/admin.head.php b/adm/admin.head.php index 90b07d8d7..56e1131c2 100644 --- a/adm/admin.head.php +++ b/adm/admin.head.php @@ -41,6 +41,8 @@ function print_menu2($key, $no) ?> diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php index 6eb194fdc..33998c4e1 100644 --- a/theme/basic/head.sub.php +++ b/theme/basic/head.sub.php @@ -61,11 +61,6 @@ var g5_bo_table = ""; var g5_sca = ""; var g5_editor = ""; var g5_cookie_domain = ""; - @@ -75,6 +70,8 @@ if ($is_admin) { if(G5_IS_MOBILE) { echo ''.PHP_EOL; // overflow scroll 감지 } +if(!defined('G5_IS_ADMIN')) + echo $config['cf_add_script']; ?> From 3674acc4f1aa69baad77bc256f453c6ab1c6ee02 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 3 Feb 2016 10:37:58 +0900 Subject: [PATCH 7/7] =?UTF-8?q?g5=5Fadmin=5Furl=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.head.php | 2 -- head.sub.php | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/adm/admin.head.php b/adm/admin.head.php index 56e1131c2..90b07d8d7 100644 --- a/adm/admin.head.php +++ b/adm/admin.head.php @@ -41,8 +41,6 @@ function print_menu2($key, $no) ?>