firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/g5

Browse Source
This commit is contained in:
kagla
2015-06-18 15:49:09 +09:00
parent 605933c516 7224f97781
commit cc91e49f7b
12 changed files with 100 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/sms_admin/form_write.php
View File

@ -145,7 +145,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
</div>
<div class="btn_confirm01 btn_confirm">
<input type="submit" value="확인" class="btn_submit" accesskey="s">
<a href="./form_list.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
<a href="./form_list.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
</div>
</form>

2
adm/sms_admin/num_book.php
View File

@ -142,7 +142,7 @@ function no_hp_click(val)
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="hidden" name="sw" value="">
<input type="hidden" name="atype" value="del">
<input type="hidden" name="str_query" value="<?php echo $_SERVER['QUERY_STRING']?>" >
<input type="hidden" name="str_query" value="<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>" >
<div class="tbl_head01 tbl_wrap">
<table>

2
adm/sms_admin/num_book_write.php
View File

@ -130,7 +130,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
<div class="btn_confirm01 btn_confirm">
<input type="submit" value="확인" class="btn_submit" accesskey="s" onclick="return book_submit();">
<a href="./num_book.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
<a href="./num_book.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
</div>
</form>

4
bbs/download.php
View File

@ -25,8 +25,8 @@ if (!$file['bf_file'])
// JavaScript 불가일 때
if($js != 'on' && $board['bo_download_point'] < 0) {
$msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
$url1 = G5_BBS_URL.'/download.php?'.$_SERVER['QUERY_STRING'].'&amp;js=on';
$url2 = $_SERVER['HTTP_REFERER'];
$url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&amp;js=on';
$url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);
//$url1 = 확인link, $url2=취소link
// 특정주소로 이동시키려면 $url3 이용

8
bbs/member_confirm.php
View File

@ -16,12 +16,8 @@ include_once('./_head.sub.php');
$url = $_GET['url'];
$p = parse_url($url);
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
//print_r2($p);
if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
alert('url에 타 도메인을 지정할 수 없습니다.');
}
// url 체크
check_url_host($url);
include_once($member_skin_path.'/member_confirm.skin.php');

2
config.php
View File

@ -5,7 +5,7 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.0.35');
define('G5_GNUBOARD_VER', '5.0.36');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
define('_GNUBOARD_', true);

84
lib/common.lib.php
View File

@ -2869,4 +2869,88 @@ function check_url_host($url, $msg='', $return_url=G5_URL)
}
}
}
// QUERY STRING 에 포함된 XSS 태그 제거
function clean_query_string($query, $amp=true)
{
$qstr = trim($query);
parse_str($qstr, $out);
if(is_array($out)) {
$q = array();
foreach($out as $key=>$val) {
$key = trim($key);
$val = trim($val);
switch($key) {
case 'wr_id':
$val = (int)preg_replace('/[^0-9]/', '', $val);
$q[$key] = $val;
break;
case 'sca':
$val = clean_xss_tags($val);
$q[$key] = $val;
break;
case 'sfl':
$val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val);
$q[$key] = $val;
break;
case 'stx':
$val = get_search_string($val);
$q[$key] = $val;
break;
case 'sst':
$val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val);
$q[$key] = $val;
break;
case 'sod':
$val = preg_match("/^(asc|desc)$/i", $val) ? $val : '';
$q[$key] = $val;
break;
case 'sop':
$val = preg_match("/^(or|and)$/i", $val) ? $val : '';
$q[$key] = $val;
break;
case 'spt':
$val = (int)preg_replace('/[^0-9]/', '', $val);
$q[$key] = $val;
break;
case 'page':
$val = (int)preg_replace('/[^0-9]/', '', $val);
$q[$key] = $val;
break;
case 'w':
$val = substr($val, 0, 2);
$q[$key] = $val;
break;
case 'bo_table':
$val = preg_replace('/[^a-z0-9_]/i', '', $val);
$val = substr($val, 0, 20);
$q[$key] = $val;
break;
case 'gr_id':
$val = preg_replace('/[^a-z0-9_]/i', '', $val);
$q[$key] = $val;
break;
default:
$val = clean_xss_tags($val);
$q[$key] = $val;
break;
}
}
if($amp)
$sep = '&amp;';
else
$sep ='&';
$str = http_build_query($q, '', $sep);
} else {
$str = clean_xss_tags($qstr);
}
return $str;
}
?>

2
mobile/skin/board/basic/view_comment.skin.php
View File

@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
<?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
$query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";

2
mobile/skin/board/gallery/view_comment.skin.php
View File

@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
<?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
$query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";

4
mobile/skin/member/basic/member_confirm.skin.php
View File

@ -10,7 +10,11 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<p>
<strong>비밀번호를 한번 더 입력해주세요.</strong>
<?php if ($url == 'member_leave.php') { ?>
비밀번호를 입력하시면 회원탈퇴가 완료됩니다.
<?php }else{ ?>
회원님의 정보를 안전하게 보호하기 위해 비밀번호를 한번 더 확인합니다.
<?php } ?>
</p>
<form name="fmemberconfirm" action="<?php echo $url ?>" onsubmit="return fmemberconfirm_submit(this);" method="post">

2
skin/board/basic/view_comment.skin.php
View File

@ -56,7 +56,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
<?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
$query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";

2
skin/board/gallery/view_comment.skin.php
View File

@ -56,7 +56,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
<textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>
<?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
$query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
$sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";