From d930b36d6102e675a52f278ca3731830993207b9 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 18 Oct 2018 18:44:24 +0900 Subject: [PATCH 01/12] =?UTF-8?q?LGU=20=EB=B3=B8=EC=9D=B8=EA=B2=B0?= =?UTF-8?q?=EC=A0=9C=20=EB=AA=A8=EB=B0=94=EC=9D=BC=EC=97=90=EC=84=9C=20?= =?UTF-8?q?=EC=B6=9C=EB=A0=A5=EC=95=88=EB=90=98=EB=8A=94=20=EB=AC=B8?= =?UTF-8?q?=EC=A0=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/certify.js | 7 ++++++- mobile/skin/member/basic/register_form.skin.php | 16 ++++++++++------ .../skin/member/basic/register_form.skin.php | 16 ++++++++++------ 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/js/certify.js b/js/certify.js index d98c59785..bcf4f9ed8 100644 --- a/js/certify.js +++ b/js/certify.js @@ -1,6 +1,11 @@ // 본인확인 인증창 호출 -function certify_win_open(type, url) +function certify_win_open(type, url, event) { + + if (typeof event == "undefined") { + event = window.event; + } + if(type == 'kcb-ipin') { var popupWindow = window.open( url, "kcbPop", "left=200, top=100, status=0, width=450, height=550" ); diff --git a/mobile/skin/member/basic/register_form.skin.php b/mobile/skin/member/basic/register_form.skin.php index 7719e0deb..bcd18bfd5 100644 --- a/mobile/skin/member/basic/register_form.skin.php +++ b/mobile/skin/member/basic/register_form.skin.php @@ -52,7 +52,7 @@ add_stylesheet('', if($config['cf_cert_use']) { if($config['cf_cert_ipin']) echo ''.PHP_EOL; - if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg') + if($config['cf_cert_hp']) echo ''.PHP_EOL; echo ''.PHP_EOL; @@ -106,7 +106,7 @@ add_stylesheet('',
  • - " maxlength="255" placeholder="홈페이지"> + " maxlength="255" placeholder="홈페이지">
    • @@ -272,19 +272,19 @@ add_stylesheet('', // 아이핀인증 - $("#win_ipin_cert").click(function() { + $("#win_ipin_cert").click(function(e) { if(!cert_confirm()) return false; var url = "/ipin1.php"; - certify_win_open('kcb-ipin', url); + certify_win_open('kcb-ipin', url, e); return; }); // 휴대폰인증 - $("#win_hp_cert").click(function() { + $("#win_hp_cert").click(function(e) { if(!cert_confirm()) return false; @@ -298,6 +298,10 @@ add_stylesheet('', $cert_url = G5_KCPCERT_URL.'/kcpcert_form.php'; $cert_type = 'kcp-hp'; break; + case 'lg': + $cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php'; + $cert_type = 'lg-hp'; + break; default: echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");'; echo 'return false;'; @@ -305,7 +309,7 @@ add_stylesheet('', } ?> - certify_win_open("", ""); + certify_win_open("", "", e); return; }); diff --git a/theme/basic/mobile/skin/member/basic/register_form.skin.php b/theme/basic/mobile/skin/member/basic/register_form.skin.php index 3e11894c1..6f9137059 100644 --- a/theme/basic/mobile/skin/member/basic/register_form.skin.php +++ b/theme/basic/mobile/skin/member/basic/register_form.skin.php @@ -52,7 +52,7 @@ add_stylesheet('', if($config['cf_cert_use']) { if($config['cf_cert_ipin']) echo ''.PHP_EOL; - if($config['cf_cert_hp'] && $config['cf_cert_hp'] != 'lg') + if($config['cf_cert_hp']) echo ''.PHP_EOL; echo ''.PHP_EOL; @@ -106,7 +106,7 @@ add_stylesheet('',
  • - " maxlength="255" placeholder="홈페이지"> + " maxlength="255" placeholder="홈페이지">
    • @@ -272,19 +272,19 @@ add_stylesheet('', // 아이핀인증 - $("#win_ipin_cert").click(function() { + $("#win_ipin_cert").click(function(e) { if(!cert_confirm()) return false; var url = "/ipin1.php"; - certify_win_open('kcb-ipin', url); + certify_win_open('kcb-ipin', url, e); return; }); // 휴대폰인증 - $("#win_hp_cert").click(function() { + $("#win_hp_cert").click(function(e) { if(!cert_confirm()) return false; @@ -298,6 +298,10 @@ add_stylesheet('', $cert_url = G5_KCPCERT_URL.'/kcpcert_form.php'; $cert_type = 'kcp-hp'; break; + case 'lg': + $cert_url = G5_LGXPAY_URL.'/AuthOnlyReq.php'; + $cert_type = 'lg-hp'; + break; default: echo 'alert("기본환경설정에서 휴대폰 본인확인 설정을 해주십시오");'; echo 'return false;'; @@ -305,7 +309,7 @@ add_stylesheet('', } ?> - certify_win_open("", ""); + certify_win_open("", "", e); return; }); From 798951f4c61cf19d38cfb34c40ef7734c40f5b08 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 22 Oct 2018 14:33:02 +0900 Subject: [PATCH 02/12] =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=20=EB=B3=B4?= =?UTF-8?q?=EA=B8=B0=20=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=A0=95=EA=B7=9C?= =?UTF-8?q?=EC=8B=9D=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/view_image.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bbs/view_image.php b/bbs/view_image.php index bc7f8e63e..196df9f4c 100644 --- a/bbs/view_image.php +++ b/bbs/view_image.php @@ -4,12 +4,12 @@ include_once('./_common.php'); $g5['title'] = '이미지 크게보기'; include_once(G5_PATH.'/head.sub.php'); -$filename = preg_replace('/[^A-Za-z0-9 _ .-\/]/', '', $_GET['fn']); +$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']); $extension = pathinfo($filename, PATHINFO_EXTENSION); if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){ - alert_close('확장자가 이미지인것만 요청할수 있습니다.'); + alert_close('이미지 확장자가 아닙니다.'); } if(strpos($filename, 'data/editor')) { From c82c937fbb3f092b52c895561eec73499a739389 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 26 Oct 2018 11:54:53 +0900 Subject: [PATCH 03/12] =?UTF-8?q?get=5Freal=5Fclient=5Fip=20=ED=95=A8?= =?UTF-8?q?=EC=88=98=EC=97=90=20=ED=95=84=ED=84=B0=EB=A7=81=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 65f555a0d..c12ff17e3 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3423,10 +3423,13 @@ function is_use_email_certify(){ function get_real_client_ip(){ - if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) - return $_SERVER['HTTP_X_FORWARDED_FOR']; + $real_ip = $_SERVER['REMOTE_ADDR']; - return $_SERVER['REMOTE_ADDR']; + if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_SERVER['HTTP_X_FORWARDED_FOR']) ){ + $real_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } + + return preg_replace('/[^0-9.]/', '', $real_ip); } function get_call_func_cache($func, $args=array()){ From a45241f4bc46aee1ab2cc0749f6444b043681edf Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 30 Oct 2018 09:42:48 +0900 Subject: [PATCH 04/12] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form_update.php | 3 +++ adm/boardgroup_form.php | 2 +- adm/config_form.php | 2 +- adm/config_form_update.php | 2 ++ adm/menu_list.php | 14 ++++++++++++++ adm/menu_list_update.php | 4 ++-- bbs/board_head.php | 4 ++-- bbs/board_tail.php | 4 ++-- bbs/password.php | 8 ++++---- 9 files changed, 31 insertions(+), 12 deletions(-) diff --git a/adm/board_form_update.php b/adm/board_form_update.php index 912887760..2222baadb 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -72,6 +72,9 @@ $bo_category_list = str_replace($src_char, $dst_char, $bo_category_list); //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 $str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $_POST['bo_category_list']) : ''; +$_POST['bo_subject'] = strip_tags($_POST['bo_subject']); +$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']); + $sql_common = " gr_id = '{$_POST['gr_id']}', bo_subject = '{$_POST['bo_subject']}', bo_mobile_subject = '{$_POST['bo_mobile_subject']}', diff --git a/adm/boardgroup_form.php b/adm/boardgroup_form.php index 73e162d98..c9e8338bd 100644 --- a/adm/boardgroup_form.php +++ b/adm/boardgroup_form.php @@ -117,7 +117,7 @@ include_once('./admin.head.php'); - + diff --git a/adm/config_form.php b/adm/config_form.php index 00915fe7d..e4daee961 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - + diff --git a/adm/config_form_update.php b/adm/config_form_update.php index 03179c345..126786382 100644 --- a/adm/config_form_update.php +++ b/adm/config_form_update.php @@ -26,6 +26,8 @@ if(!$_POST['cf_cert_use']) { $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : ''; +$_POST['cf_title'] = strip_tags($_POST['cf_title']); + $sql = " update {$g5['config_table']} set cf_title = '{$_POST['cf_title']}', cf_admin = '{$_POST['cf_admin']}', diff --git a/adm/menu_list.php b/adm/menu_list.php index ffe88aee7..4a6c25127 100644 --- a/adm/menu_list.php +++ b/adm/menu_list.php @@ -196,6 +196,20 @@ function base_convert(number, frombase, tobase) { function fmenulist_submit(f) { + + var me_links = document.getElementsByName('me_link[]'); + var reg = /^javascript/; + + for (i=0; i diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index f05e2ec22..4244d3343 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -23,8 +23,8 @@ for ($i=0; $i<$count; $i++) $code = $_POST['code'][$i]; $me_name = $_POST['me_name'][$i]; - $me_link = $_POST['me_link'][$i]; - + $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]); + if(!$code || !$me_name || !$me_link) continue; diff --git a/bbs/board_head.php b/bbs/board_head.php index 04b60450f..a62706a28 100644 --- a/bbs/board_head.php +++ b/bbs/board_head.php @@ -5,13 +5,13 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 if (G5_IS_MOBILE) { // 모바일의 경우 설정을 따르지 않는다. include_once(G5_BBS_PATH.'/_head.php'); - echo stripslashes($board['bo_mobile_content_head']); + echo html_purifier(stripslashes($board['bo_mobile_content_head'])); } else { if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크 @include ($board['bo_include_head']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 include_once(G5_BBS_PATH.'/_head.php'); } - echo stripslashes($board['bo_content_head']); + echo html_purifier(stripslashes($board['bo_content_head'])); } ?> \ No newline at end of file diff --git a/bbs/board_tail.php b/bbs/board_tail.php index 57b81b46e..436e2cc3b 100644 --- a/bbs/board_tail.php +++ b/bbs/board_tail.php @@ -3,11 +3,11 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 // 게시판 관리의 하단 파일 경로 if (G5_IS_MOBILE) { - echo stripslashes($board['bo_mobile_content_tail']); + echo html_purifier(stripslashes($board['bo_mobile_content_tail'])); // 모바일의 경우 설정을 따르지 않는다. include_once(G5_BBS_PATH.'/_tail.php'); } else { - echo stripslashes($board['bo_content_tail']); + echo html_purifier(stripslashes($board['bo_content_tail'])); if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 @include ($board['bo_include_tail']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 diff --git a/bbs/password.php b/bbs/password.php index e5e0a4d4e..646f3b645 100644 --- a/bbs/password.php +++ b/bbs/password.php @@ -43,8 +43,8 @@ switch ($w) { include_once(G5_PATH.'/head.sub.php'); -//if ($board['bo_include_head']) { @include ($board['bo_include_head']); } -//if ($board['bo_content_head']) { echo stripslashes($board['bo_content_head']); } +//if ($board['bo_include_head'] && is_include_path_check($board['bo_content_head'])) { @include ($board['bo_include_head']); } +//if ($board['bo_content_head']) { echo html_purifier(stripslashes($board['bo_content_head'])); } /* 비밀글의 제목을 가져옴 지운아빠 2013-01-29 */ $sql = " select wr_subject from {$write_table} @@ -57,8 +57,8 @@ $g5['title'] = get_text($row['wr_subject']); include_once($member_skin_path.'/password.skin.php'); -//if ($board['bo_content_tail']) { echo stripslashes($board['bo_content_tail']); } -//if ($board['bo_include_tail']) { @include ($board['bo_include_tail']); } +//if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); } +//if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); } include_once(G5_PATH.'/tail.sub.php'); ?> From 26f6edfd0b7f1bf1464d08c1da82f6eba0c45b10 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 30 Oct 2018 16:02:50 +0900 Subject: [PATCH 05/12] =?UTF-8?q?=EC=86=8C=EC=85=9C=20=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=ED=95=9C=20=EA=B3=84=EC=A0=95=EC=9D=80=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=20=ED=83=88=ED=87=B4=EB=A5=BC=20=EB=AA=BB=ED=95=98?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/member_confirm.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index 685dec86c..722a78302 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -11,16 +11,16 @@ else $urlencode = urlencode($_SERVER[REQUEST_URI]); */ +$url = clean_xss_tags($_GET['url']); + //소셜 로그인 한 경우 -if( function_exists('social_member_comfirm_redirect') ){ +if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php') ){ social_member_comfirm_redirect(); } $g5['title'] = '회원 비밀번호 확인'; include_once('./_head.sub.php'); -$url = clean_xss_tags($_GET['url']); - // url 체크 check_url_host($url, '', G5_URL, true); From ad2419026a70bef3160423c6889065f5f0160988 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 30 Oct 2018 16:09:56 +0900 Subject: [PATCH 06/12] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20php=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/new_delete.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/new_delete.php b/bbs/new_delete.php index 45341a244..6791e33e3 100644 --- a/bbs/new_delete.php +++ b/bbs/new_delete.php @@ -128,7 +128,7 @@ for($i=0;$i Date: Fri, 16 Nov 2018 10:55:56 +0900 Subject: [PATCH 07/12] =?UTF-8?q?KVE-2018-0979=20=EA=B7=B8=EB=88=84?= =?UTF-8?q?=EB=B3=B4=EB=93=9C=20=EC=98=81=EC=B9=B4=ED=8A=B8=20lgxpay=20XSS?= =?UTF-8?q?=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/lgxpay/AuthOnlyReq.php | 2 ++ plugin/lgxpay/returnurl.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php index f8c42b1b6..571d7d9c9 100644 --- a/plugin/lgxpay/AuthOnlyReq.php +++ b/plugin/lgxpay/AuthOnlyReq.php @@ -165,6 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap; $value) { + $key = htmlspecialchars(strip_tags($key)); + $value = htmlspecialchars(strip_tags($value)); echo "".PHP_EOL; } ?> diff --git a/plugin/lgxpay/returnurl.php b/plugin/lgxpay/returnurl.php index e0cd0a37b..b40e8940e 100644 --- a/plugin/lgxpay/returnurl.php +++ b/plugin/lgxpay/returnurl.php @@ -57,6 +57,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
    $value) { + $key = htmlspecialchars(strip_tags($key)); + $value = htmlspecialchars(strip_tags($value)); echo ""; } ?> From ccba200fbdcbad9f4a75ebf27eddb1341cd5628d Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 16 Nov 2018 11:15:10 +0900 Subject: [PATCH 08/12] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/contentform.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/adm/contentform.php b/adm/contentform.php index 7ebe8bf01..6217e4603 100644 --- a/adm/contentform.php +++ b/adm/contentform.php @@ -109,8 +109,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); From bc5779fafbd9a363b0b392c2b30b03f70d1b87f8 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 16 Nov 2018 17:54:57 +0900 Subject: [PATCH 09/12] =?UTF-8?q?KVE-2018-1316=20=EA=B7=B8=EB=88=84?= =?UTF-8?q?=EB=B3=B4=EB=93=9C,=EC=98=81=EC=B9=B4=ED=8A=B8=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/confirm.php | 6 +++--- bbs/member_confirm.php | 9 +++++++-- lib/common.lib.php | 2 ++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/bbs/confirm.php b/bbs/confirm.php index fcf94e0e9..a80f5eab1 100644 --- a/bbs/confirm.php +++ b/bbs/confirm.php @@ -2,9 +2,9 @@ include_once('./_common.php'); include_once(G5_PATH.'/head.sub.php'); -$url1 = clean_xss_tags($url1); -$url2 = clean_xss_tags($url2); -$url3 = clean_xss_tags($url3); +$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1)); +$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2)); +$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3)); // url 체크 check_url_host($url1); diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php index 722a78302..e3fc28498 100644 --- a/bbs/member_confirm.php +++ b/bbs/member_confirm.php @@ -24,10 +24,15 @@ include_once('./_head.sub.php'); // url 체크 check_url_host($url, '', G5_URL, true); -if( preg_match('#^/{3,}#', $url) ){ - $url = preg_replace('#^/{3,}#', '/', $url); +if($url){ + $url = preg_replace('#^/\\\{1,}#', '/', $url); + + if( preg_match('#^/{3,}#', $url) ){ + $url = preg_replace('#^/{3,}#', '/', $url); + } } + $url = get_text($url); include_once($member_skin_path.'/member_confirm.skin.php'); diff --git a/lib/common.lib.php b/lib/common.lib.php index c12ff17e3..5391220b6 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2885,6 +2885,8 @@ function clean_xss_tags($str) { $str = preg_replace('#]*+>#i', '', $str); + $str = str_replace(array('',''), '', $str); + return $str; } From e14f25d10f58ff96ace6f5ddc531c5be936db1df Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 21 Nov 2018 14:55:57 +0900 Subject: [PATCH 10/12] =?UTF-8?q?KVE-2018-1403=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/menu_list_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index 4244d3343..324f26209 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++) $code = $_POST['code'][$i]; $me_name = $_POST['me_name'][$i]; - $me_link = preg_match('/^javascript/', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]); + $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]); if(!$code || !$me_name || !$me_link) continue; From 30a0016d0bbd8a475bee8e45ce4202bfd51b7758 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 21 Nov 2018 15:03:33 +0900 Subject: [PATCH 11/12] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EA=B2=8C?= =?UTF-8?q?=EC=8B=9C=ED=8C=90=20=EC=8A=A4=ED=82=A8=20css=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/board/basic/style.css | 2 +- skin/board/gallery/style.css | 2 +- theme/basic/skin/board/basic/style.css | 2 +- theme/basic/skin/board/gallery/style.css | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/skin/board/basic/style.css b/skin/board/basic/style.css index 37bf7fab7..d85f02315 100644 --- a/skin/board/basic/style.css +++ b/skin/board/basic/style.css @@ -65,7 +65,7 @@ #bo_w .tbl_frm01 {} #bo_w .tbl_frm01 th {} #bo_w .tbl_frm01 td {} -#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {} +#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {} #bo_w .tbl_frm01 textarea {} /* #bo_w .tbl_frm01 #captcha {} diff --git a/skin/board/gallery/style.css b/skin/board/gallery/style.css index 7dd98d16b..cb38ea31f 100644 --- a/skin/board/gallery/style.css +++ b/skin/board/gallery/style.css @@ -55,7 +55,7 @@ #bo_w .tbl_frm01 {} #bo_w .tbl_frm01 th {} #bo_w .tbl_frm01 td {} -#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {} +#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {} #bo_w .tbl_frm01 textarea {} /* #bo_w .tbl_frm01 #captcha {} diff --git a/theme/basic/skin/board/basic/style.css b/theme/basic/skin/board/basic/style.css index 37bf7fab7..d85f02315 100644 --- a/theme/basic/skin/board/basic/style.css +++ b/theme/basic/skin/board/basic/style.css @@ -65,7 +65,7 @@ #bo_w .tbl_frm01 {} #bo_w .tbl_frm01 th {} #bo_w .tbl_frm01 td {} -#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {} +#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {} #bo_w .tbl_frm01 textarea {} /* #bo_w .tbl_frm01 #captcha {} diff --git a/theme/basic/skin/board/gallery/style.css b/theme/basic/skin/board/gallery/style.css index e20ab1c66..035553804 100644 --- a/theme/basic/skin/board/gallery/style.css +++ b/theme/basic/skin/board/gallery/style.css @@ -55,7 +55,7 @@ #bo_w .tbl_frm01 {} #bo_w .tbl_frm01 th {} #bo_w .tbl_frm01 td {} -#bo_w .tbl_frm01 textarea, #bo_w tbl_frm01 .frm_input {} +#bo_w .tbl_frm01 textarea, #bo_w .tbl_frm01 .frm_input {} #bo_w .tbl_frm01 textarea {} /* #bo_w .tbl_frm01 #captcha {} From 8399dafd4b4a0611c91697c8859a0ca3c5e5cdb9 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 21 Nov 2018 15:52:18 +0900 Subject: [PATCH 12/12] =?UTF-8?q?5.3.2.0=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index c7356a38d..4b7987a60 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.1.9'); +define('G5_GNUBOARD_VER', '5.3.2.0'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);