Merge branch 'master' of github.com:gnuboard/g5

2019-09-06 12:29:07 +09:00
parent 86e550895c d33753014c
commit cb37a9d52c
6 changed files with 9 additions and 8 deletions
--- a/adm/config_form.php
+++ b/adm/config_form.php
@ -1067,7 +1067,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                    <input type="checkbox" name="cf_social_servicelist[]" id="check_social_kakao" value="kakao" <?php echo option_array_checked('kakao', $config['cf_social_servicelist']); ?> >
                    <label for="check_social_kakao">카카오 로그인을 사용합니다</label>
                    <div>
-                    <h3>카카오 웹 Redirect Path</h3>
+                    <h3>카카오 로그인 Redirect URI</h3>
                    <p><?php echo get_social_callbackurl('kakao', true); ?></p>
                    </div>
                </div>
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@ -306,7 +306,7 @@ if(!isset($qaconfig['qa_include_head'])) {
        <tr>
            <th scope="row"><label for="qa_insert_content">글쓰기 기본 내용</label></th>
            <td>
-                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo $qaconfig['qa_insert_content'] ?></textarea>
+                <textarea id="qa_insert_content" name="qa_insert_content" rows="5"><?php echo html_purifier($qaconfig['qa_insert_content']); ?></textarea>
            </td>
        </tr>
        <?php for ($i=1; $i<=5; $i++) { ?>
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@ -50,6 +50,8 @@ if( $qa_include_tail && ! is_include_path_check($qa_include_tail, 1) ){
    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
 }
 $_POST['qa_title'] = strip_tags($_POST['qa_title']);
 $sql = " update {$g5['qa_config_table']}
            set qa_title                = '{$_POST['qa_title']}',
                qa_category             = '{$_POST['qa_category']}',
--- a/bbs/qawrite.php
+++ b/bbs/qawrite.php
@ -67,7 +67,7 @@ if(is_file($skin_file)) {
    $content = '';
    if ($w == '') {
-        $content = $qaconfig['qa_insert_content'];
+        $content = html_purifier($qaconfig['qa_insert_content']);
    } else if($w == 'r') {
        if($is_dhtml_editor)
            $content = '<div><br><br><br>====== 이전 답변내용 =======<br></div>';
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -3576,12 +3576,15 @@ function is_include_path_check($path='', $is_input='')
            if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
                return false;
            }
-            if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
+            if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){
                return false;
            }
            if( substr_count($replace_path, './') > 5 ){
                return false;
            }
            if( defined('G5_SHOP_DIR') && preg_match('/'.G5_SHOP_DIR.'\//i', $replace_path) && preg_match('/kcp\//i', $replace_path) ){
                return false;
            }
        }
        $extension = pathinfo($path, PATHINFO_EXTENSION);
--- a/plugin/social/includes/functions.php
+++ b/plugin/social/includes/functions.php
@ -48,10 +48,6 @@ function get_social_callbackurl($provider, $no_domain=false){
    $base_url = G5_SOCIAL_LOGIN_BASE_URL;
    if( $provider === 'kakao' && $no_domain ){
        $base_url = '/'.ltrim(parse_url($base_url, PHP_URL_PATH), '/');
    }
    if ( $provider === 'twitter' ){
        return $base_url;
    }