firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

충돌 수정

Browse Source
This commit is contained in:
thisgun
2018-11-21 16:41:48 +09:00
parent 58369c7ded 8399dafd4b
commit ceb0e3ef01
25 changed files with 92 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adm/board_form_update.php
View File

@ -72,6 +72,9 @@ $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list);
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : '';
$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
$sql_common = " gr_id = '{$_POST['gr_id']}',
bo_subject = '{$_POST['bo_subject']}',
bo_mobile_subject = '{$_POST['bo_mobile_subject']}',

2
adm/boardgroup_form.php
View File

@ -117,7 +117,7 @@ include_once('./admin.head.php');
<label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
<input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
<label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo $gr['gr_'.$i] ?>" id="gr_<?php echo $i ?>" class="frm_input">
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input">
</td>
</tr>
<?php } ?>

2
adm/config_form.php
View File

@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
<input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
<label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo $config['cf_'.$i] ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
</td>
</tr>
<?php } ?>

2
adm/config_form_update.php
View File

@ -26,6 +26,8 @@ if(!$_POST['cf_cert_use']) {
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}',

4
adm/contentform.php
View File

@ -109,8 +109,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<td>
<?php echo help("내용에서 iframe 등의 태그를 사용하려면 사용안함으로 선택해 주십시오."); ?>
<select name="co_tag_filter_use" id="co_tag_filter_use">
<option value="1"<?php echo get_selected(1, $co['co_tag_filter_use']); ?>>사용함</option>
<option value="0"<?php echo get_selected(0, $co['co_tag_filter_use']); ?>>사용안함</option>
<option value="1"<?php echo get_selected($co['co_tag_filter_use'], 1); ?>>사용함</option>
<option value="0"<?php echo get_selected($co['co_tag_filter_use'], 0); ?>>사용안함</option>
</select>
</td>
</tr>

14
adm/menu_list.php
View File

@ -196,6 +196,20 @@ function base_convert(number, frombase, tobase) {
function fmenulist_submit(f)
{
var me_links = document.getElementsByName('me_link[]');
var reg = /^javascript/;
for (i=0; i<me_links.length; i++){
if( reg.test(me_links[i].value) ){
alert('링크에 자바스크립트문을 입력할수 없습니다.');
me_links[i].focus();
return false;
}
}
return true;
}
</script>

4
adm/menu_list_update.php
View File

@ -23,8 +23,8 @@ for ($i=0; $i<$count; $i++)
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$me_link = $_POST['me_link'][$i];
$me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
continue;

4
bbs/board_head.php
View File

@ -5,13 +5,13 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
if (G5_IS_MOBILE) {
// 모바일의 경우 설정을 따르지 않는다.
include_once(G5_BBS_PATH.'/_head.php');
echo stripslashes($board['bo_mobile_content_head']);
echo html_purifier(stripslashes($board['bo_mobile_content_head']));
} else {
if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크
@include ($board['bo_include_head']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴
include_once(G5_BBS_PATH.'/_head.php');
}
echo stripslashes($board['bo_content_head']);
echo html_purifier(stripslashes($board['bo_content_head']));
}
?>

4
bbs/board_tail.php
View File

@ -3,11 +3,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
// 게시판 관리의 하단 파일 경로
if (G5_IS_MOBILE) {
echo stripslashes($board['bo_mobile_content_tail']);
echo html_purifier(stripslashes($board['bo_mobile_content_tail']));
// 모바일의 경우 설정을 따르지 않는다.
include_once(G5_BBS_PATH.'/_tail.php');
} else {
echo stripslashes($board['bo_content_tail']);
echo html_purifier(stripslashes($board['bo_content_tail']));
if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크
@include ($board['bo_include_tail']);
} else { //파일경로가 올바르지 않으면 기본파일을 가져옴

6
bbs/confirm.php
View File

@ -2,9 +2,9 @@
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');
$url1 = clean_xss_tags($url1);
$url2 = clean_xss_tags($url2);
$url3 = clean_xss_tags($url3);
$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
// url 체크
check_url_host($url1);

15
bbs/member_confirm.php
View File

@ -11,23 +11,28 @@ else
$urlencode = urlencode($_SERVER[REQUEST_URI]);
*/
$url = clean_xss_tags($_GET['url']);
//소셜 로그인 한 경우
if( function_exists('social_member_comfirm_redirect') ){
if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php') ){
social_member_comfirm_redirect();
}
$g5['title'] = '회원 비밀번호 확인';
include_once('./_head.sub.php');
$url = clean_xss_tags($_GET['url']);
// url 체크
check_url_host($url, '', G5_URL, true);
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
if($url){
$url = preg_replace('#^/\\\{1,}#', '/', $url);
if( preg_match('#^/{3,}#', $url) ){
$url = preg_replace('#^/{3,}#', '/', $url);
}
}
$url = get_text($url);
include_once($member_skin_path.'/member_confirm.skin.php');

2
bbs/new_delete.php
View File

@ -128,7 +128,7 @@ for($i=0;$i<count($_POST['chk_bn_id']);$i++)
$row = sql_fetch($sql);
// 원글의 코멘트 숫자를 감소
sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '$row[wr_last]' where wr_id = '{$write['wr_parent']}' ");
sql_query(" update $write_table set wr_comment = wr_comment - 1, wr_last = '{$row['wr_last']}' where wr_id = '{$write['wr_parent']}' ");
// 코멘트 숫자 감소
sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment - 1 where bo_table = '$bo_table' ");

8
bbs/password.php
View File

@ -43,8 +43,8 @@ switch ($w) {
include_once(G5_PATH.'/head.sub.php');
//if ($board['bo_include_head']) { @include ($board['bo_include_head']); }
//if ($board['bo_content_head']) { echo stripslashes($board['bo_content_head']); }
//if ($board['bo_include_head'] && is_include_path_check($board['bo_content_head'])) { @include ($board['bo_include_head']); }
//if ($board['bo_content_head']) { echo html_purifier(stripslashes($board['bo_content_head'])); }
/* 비밀글의 제목을 가져옴 지운아빠 2013-01-29 */
$sql = " select wr_subject from {$write_table}
@ -57,8 +57,8 @@ $g5['title'] = get_text($row['wr_subject']);
include_once($member_skin_path.'/password.skin.php');
//if ($board['bo_content_tail']) { echo stripslashes($board['bo_content_tail']); }
//if ($board['bo_include_tail']) { @include ($board['bo_include_tail']); }
//if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); }
//if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); }
include_once(G5_PATH.'/tail.sub.php');
?>

4
bbs/view_image.php
View File

@ -4,12 +4,12 @@ include_once('./_common.php');
$g5['title'] = '이미지 크게보기';
include_once(G5_PATH.'/head.sub.php');
$filename = preg_replace('/[^A-Za-z0-9 _ .-\/]/', '', $_GET['fn']);
$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){
alert_close('확장자가 이미지인것만 요청할수 있습니다.');
alert_close('이미지 확장자가 아닙니다.');
}
if(strpos($filename, 'data/editor')) {

2
config.php
View File

@ -5,7 +5,7 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.3.1.9');
define('G5_GNUBOARD_VER', '5.3.2.0');
define('G5_YOUNGCART_VER', '5.3.1.9');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음

7
js/certify.js
View File

@ -1,6 +1,11 @@
// 본인확인 인증창 호출
function certify_win_open(type, url)
function certify_win_open(type, url, event)
{
if (typeof event == "undefined") {
event = window.event;
}
if(type == 'kcb-ipin')
{
var popupWindow = window.open( url, "kcbPop", "left=200, top=100, status=0, width=450, height=550" );

11
lib/common.lib.php
View File

@ -2900,6 +2900,8 @@ function clean_xss_tags($str)
{
$str = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
$str = str_replace(array('<script>','</script>','<noscript>','</noscript>'), '', $str);
return $str;
}
@ -3438,10 +3440,13 @@ function is_use_email_certify(){
function get_real_client_ip(){
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
$real_ip = $_SERVER['REMOTE_ADDR'];
return $_SERVER['REMOTE_ADDR'];
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_SERVER['HTTP_X_FORWARDED_FOR']) ){
$real_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return preg_replace('/[^0-9.]/', '', $real_ip);
}
function get_call_func_cache($func, $args=array()){

16
mobile/skin/member/basic/register_form.skin.php
View File

@ -52,7 +52,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
if($config['cf_cert_use']) {
if($config['cf_cert_ipin'])
echo '<button type="button" id="win_ipin_cert" class="btn_frmline btn">아이핀 본인확인</button>'.PHP_EOL;
if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg')
if($config['cf_cert_hp'])
echo '<button type="button" id="win_hp_cert" class="btn_frmline btn">휴대폰 본인확인</button>'.PHP_EOL;
echo '<noscript>본인확인을 위해서는 자바스크립트 사용이 가능해야합니다.</noscript>'.PHP_EOL;
@ -106,7 +106,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php if ($config['cf_use_homepage']) { ?>
<li>
<label for="reg_mb_homepage" class="sound_only">홈페이지<?php if ($config['cf_req_homepage']){ ?><strong>필수</strong><?php } ?></label>
<input type="url" name="mb_homepage" value="<?php echo get_text($member['mb_homepage']) ?>" id="reg_mb_homepage" class="frm_input full_input <?php echo $config['cf_req_homepage']?"required":""; ?>" maxlength="255" <?php echo $config['cf_req_homepage']?"required":""; ?> placeholder="홈페이지">
<input type="text" name="mb_homepage" value="<?php echo get_text($member['mb_homepage']) ?>" id="reg_mb_homepage" class="frm_input full_input <?php echo $config['cf_req_homepage']?"required":""; ?>" maxlength="255" <?php echo $config['cf_req_homepage']?"required":""; ?> placeholder="홈페이지">
</li>
<?php } ?>
@ -272,19 +272,19 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php if($config['cf_cert_use'] && $config['cf_cert_ipin']) { ?>
// 아이핀인증
$("#win_ipin_cert").click(function() {
$("#win_ipin_cert").click(function(e) {
if(!cert_confirm())
return false;
var url = "<?php echo G5_OKNAME_URL; ?>/ipin1.php";
certify_win_open('kcb-ipin', url);
certify_win_open('kcb-ipin', url, e);
return;
});
<?php } ?>
<?php if($config['cf_cert_use'] && $config['cf_cert_hp']) { ?>
// 휴대폰인증
$("#win_hp_cert").click(function() {
$("#win_hp_cert").click(function(e) {
if(!cert_confirm())
return false;
@ -298,6 +298,10 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
$cert_url = G5_KCPCERT_URL.'/kcpcert_form.php';
$cert_type = 'kcp-hp';
break;
case 'lg':
$cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php';
$cert_type = 'lg-hp';
break;
default:
echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");';
echo 'return false;';
@ -305,7 +309,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
}
?>
certify_win_open("<?php echo $cert_type; ?>", "<?php echo $cert_url; ?>");
certify_win_open("<?php echo $cert_type; ?>", "<?php echo $cert_url; ?>", e);
return;
});
<?php } ?>

2
plugin/lgxpay/AuthOnlyReq.php
View File

@ -165,6 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
<input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
<?php
foreach ($payReqMap as $key => $value) {
$key = htmlspecialchars(strip_tags($key));
$value = htmlspecialchars(strip_tags($value));
echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
}
?>

2
plugin/lgxpay/returnurl.php
View File

@ -57,6 +57,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
<form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
<?php
foreach ($payReqMap as $key => $value) {
$key = htmlspecialchars(strip_tags($key));
$value = htmlspecialchars(strip_tags($value));
echo "<input type='hidden' name='$key' id='$key' value='$value'>";
}
?>

2
skin/board/basic/style.css
View File

@ -65,7 +65,7 @@
#bo_w .tbl_frm01 {}
#bo_w .tbl_frm01 th {}
#bo_w .tbl_frm01 td {}
#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea {}
/*
#bo_w .tbl_frm01 #captcha {}

2
skin/board/gallery/style.css
View File

@ -55,7 +55,7 @@
#bo_w .tbl_frm01 {}
#bo_w .tbl_frm01 th {}
#bo_w .tbl_frm01 td {}
#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea {}
/*
#bo_w .tbl_frm01 #captcha {}

16
theme/basic/mobile/skin/member/basic/register_form.skin.php
View File

@ -52,7 +52,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
if($config['cf_cert_use']) {
if($config['cf_cert_ipin'])
echo '<button type="button" id="win_ipin_cert" class="btn_frmline btn">아이핀 본인확인</button>'.PHP_EOL;
if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg')
if($config['cf_cert_hp'])
echo '<button type="button" id="win_hp_cert" class="btn_frmline btn">휴대폰 본인확인</button>'.PHP_EOL;
echo '<noscript>본인확인을 위해서는 자바스크립트 사용이 가능해야합니다.</noscript>'.PHP_EOL;
@ -106,7 +106,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php if ($config['cf_use_homepage']) { ?>
<li>
<label for="reg_mb_homepage" class="sound_only">홈페이지<?php if ($config['cf_req_homepage']){ ?><strong>필수</strong><?php } ?></label>
<input type="url" name="mb_homepage" value="<?php echo get_text($member['mb_homepage']) ?>" id="reg_mb_homepage" class="frm_input full_input <?php echo $config['cf_req_homepage']?"required":""; ?>" maxlength="255" <?php echo $config['cf_req_homepage']?"required":""; ?> placeholder="홈페이지">
<input type="text" name="mb_homepage" value="<?php echo get_text($member['mb_homepage']) ?>" id="reg_mb_homepage" class="frm_input full_input <?php echo $config['cf_req_homepage']?"required":""; ?>" maxlength="255" <?php echo $config['cf_req_homepage']?"required":""; ?> placeholder="홈페이지">
</li>
<?php } ?>
@ -272,19 +272,19 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
<?php if($config['cf_cert_use'] && $config['cf_cert_ipin']) { ?>
// 아이핀인증
$("#win_ipin_cert").click(function() {
$("#win_ipin_cert").click(function(e) {
if(!cert_confirm())
return false;
var url = "<?php echo G5_OKNAME_URL; ?>/ipin1.php";
certify_win_open('kcb-ipin', url);
certify_win_open('kcb-ipin', url, e);
return;
});
<?php } ?>
<?php if($config['cf_cert_use'] && $config['cf_cert_hp']) { ?>
// 휴대폰인증
$("#win_hp_cert").click(function() {
$("#win_hp_cert").click(function(e) {
if(!cert_confirm())
return false;
@ -298,6 +298,10 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
$cert_url = G5_KCPCERT_URL.'/kcpcert_form.php';
$cert_type = 'kcp-hp';
break;
case 'lg':
$cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php';
$cert_type = 'lg-hp';
break;
default:
echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");';
echo 'return false;';
@ -305,7 +309,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
}
?>
certify_win_open("<?php echo $cert_type; ?>", "<?php echo $cert_url; ?>");
certify_win_open("<?php echo $cert_type; ?>", "<?php echo $cert_url; ?>", e);
return;
});
<?php } ?>

2
theme/basic/skin/board/basic/style.css
View File

@ -65,7 +65,7 @@
#bo_w .tbl_frm01 {}
#bo_w .tbl_frm01 th {}
#bo_w .tbl_frm01 td {}
#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea {}
/*
#bo_w .tbl_frm01 #captcha {}

2
theme/basic/skin/board/gallery/style.css
View File

@ -55,7 +55,7 @@
#bo_w .tbl_frm01 {}
#bo_w .tbl_frm01 th {}
#bo_w .tbl_frm01 td {}
#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {}
#bo_w .tbl_frm01 textarea {}
/*
#bo_w .tbl_frm01 #captcha {}