diff --git a/adm/config_form.php b/adm/config_form.php index 738e0cdea..716485c85 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1067,7 +1067,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { >
-

카카오 웹 Redirect Path

+

카카오 로그인 Redirect URI

diff --git a/adm/qa_config.php b/adm/qa_config.php index 92e9a4632..b73062251 100644 --- a/adm/qa_config.php +++ b/adm/qa_config.php @@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) { - + diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 1072b765f..a269c45ee 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -50,6 +50,8 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){ $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.'; } +$_POST['qa_title'] = strip_tags($_POST['qa_title']); + $sql = " update {$g5['qa_config_table']} set qa_title = '{$_POST['qa_title']}', qa_category = '{$_POST['qa_category']}', diff --git a/bbs/qawrite.php b/bbs/qawrite.php index 5a7a47345..484f271b5 100644 --- a/bbs/qawrite.php +++ b/bbs/qawrite.php @@ -67,7 +67,7 @@ if(is_file($skin_file)) { $content = ''; if ($w == '') { - $content = $qaconfig['qa_insert_content']; + $content = html_purifier($qaconfig['qa_insert_content']); } else if($w == 'r') { if($is_dhtml_editor) $content = '



====== 이전 답변내용 =======
'; diff --git a/lib/common.lib.php b/lib/common.lib.php index 6a88b5f21..da579f7da 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3576,12 +3576,15 @@ function is_include_path_check($path='', $is_input='') if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){ return false; } - if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){ + if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){ return false; } if( substr_count($replace_path, './') > 5 ){ return false; } + if( defined('G5_SHOP_DIR') && preg_match('/'.G5_SHOP_DIR.'\//i', $replace_path) && preg_match('/kcp\//i', $replace_path) ){ + return false; + } } $extension = pathinfo($path, PATHINFO_EXTENSION); diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php index fab949a88..50fb6af81 100644 --- a/plugin/social/includes/functions.php +++ b/plugin/social/includes/functions.php @@ -48,10 +48,6 @@ function get_social_callbackurl($provider, $no_domain=false){ $base_url = G5_SOCIAL_LOGIN_BASE_URL; - if( $provider === 'kakao' && $no_domain ){ - $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/'); - } - if ( $provider === 'twitter' ){ return $base_url; }