From 26dfe6379f1a740b2280e6485423c608d302277d Mon Sep 17 00:00:00 2001 From: EC2 Default User Date: Thu, 10 Mar 2022 05:31:20 +0000 Subject: [PATCH 01/16] =?UTF-8?q?PHP8.1=EC=97=90=EC=84=9C=20DB=20Table=20?= =?UTF-8?q?=EC=A1=B4=EC=9E=AC=EC=9C=A0=EB=AC=B4=20=EA=B2=80=EC=82=AC?= =?UTF-8?q?=EC=8B=9C=20=EC=98=A4=EB=A5=98=EA=B0=80=20=EB=82=98=EB=8A=94=20?= =?UTF-8?q?describe=20=EB=8C=80=EC=8B=A0=20show=20tables=20like=20?= =?UTF-8?q?=EB=A1=9C=20=EC=88=98=EC=A0=95,=20PHP=20message:=20PHP=20Fatal?= =?UTF-8?q?=20error:=20=20Uncaught=20mysqli=5Fsql=5Fexception:=20Table?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/common.lib.php b/lib/common.lib.php index b8315e2ca..b9fae59b4 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1593,6 +1593,14 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null) // `information_schema` DB로의 접근을 허락하지 않습니다. $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql); + if (preg_match("#^desc(?:ribe)?\s+(.*)#i", $sql)) { + $sql = preg_replace_callback("#^desc(?:ribe)?\s+(.*)#i", + function ($m) { + return "show tables like '".str_replace("`", "", $m[1])."'"; + }, trim($sql) + ); + } + $is_debug = get_permission_debug_show(); $start_time = $is_debug ? get_microtime() : 0; From 2e7953daba0f978c358a68c7a7e47ff75e4c0403 Mon Sep 17 00:00:00 2001 From: EC2 Default User Date: Mon, 14 Mar 2022 00:53:09 +0000 Subject: [PATCH 02/16] =?UTF-8?q?PHP8.1=20=EC=97=90=20=EB=8C=80=EC=9D=91?= =?UTF-8?q?=ED=95=98=EA=B8=B0=20=EC=9C=84=ED=95=B4=20deprecated=20?= =?UTF-8?q?=EB=90=98=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EB=93=B1=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_form_update.php | 2 +- adm/dbupgrade.php | 2 +- common.php | 4 +++- lib/common.lib.php | 14 +++++++++++--- plugin/htmlpurifier/HTMLPurifier.standalone.php | 6 ++++++ 5 files changed, 22 insertions(+), 6 deletions(-) diff --git a/adm/board_form_update.php b/adm/board_form_update.php index 557a1a2a6..9f9644052 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -28,7 +28,7 @@ $bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\] $bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : ''; // 관리자가 자동등록방지를 사용해야 할 경우 -if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ +if ($board && (isset($board['bo_include_head']) && $board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); if (!chk_captcha()) { diff --git a/adm/dbupgrade.php b/adm/dbupgrade.php index 3f6a4be3d..7ac478d40 100644 --- a/adm/dbupgrade.php +++ b/adm/dbupgrade.php @@ -197,7 +197,7 @@ if (defined('G5_USE_SHOP') && G5_USE_SHOP) { $result = sql_query("describe `{$g5['g5_shop_post_log_table']}`"); while ($row = sql_fetch_array($result)){ - if( $row['Field'] === 'ol_msg' && $row['Type'] === 'varchar(255)' ){ + if( isset($row['Field']) && $row['Field'] === 'ol_msg' && $row['Type'] === 'varchar(255)' ){ sql_query("ALTER TABLE `{$g5['g5_shop_post_log_table']}` MODIFY ol_msg TEXT NOT NULL;", false); sql_query("ALTER TABLE `{$g5['g5_shop_post_log_table']}` DROP PRIMARY KEY;", false); sql_query("ALTER TABLE `{$g5['g5_shop_post_log_table']}` ADD `log_id` int(11) NOT NULL AUTO_INCREMENT, ADD PRIMARY KEY (`log_id`);", false); diff --git a/common.php b/common.php index dd4c2e1af..80171c164 100644 --- a/common.php +++ b/common.php @@ -2,7 +2,9 @@ /******************************************************************************* ** 공통 변수, 상수, 코드 *******************************************************************************/ -error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING ); +// error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING ); +error_reporting(E_ALL); +ini_set("display_errors", 1); // 보안설정이나 프레임이 달라도 쿠키가 통하도록 설정 header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"'); diff --git a/lib/common.lib.php b/lib/common.lib.php index b9fae59b4..1b0acda5e 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1511,7 +1511,7 @@ function hsc($str) //   & · 등을 정상으로 출력 function html_symbol($str) { - return preg_replace("/\&([a-z0-9]{1,20}|\#[0-9]{0,3});/i", "&\\1;", $str); + return $str ? preg_replace("/\&([a-z0-9]{1,20}|\#[0-9]{0,3});/i", "&\\1;", $str) : ""; } @@ -1609,7 +1609,11 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null) if ($error) { $result = @mysqli_query($link, $sql) or die("

$sql

" . mysqli_errno($link) . " : " . mysqli_error($link) . "

error file : {$_SERVER['SCRIPT_NAME']}"); } else { - $result = @mysqli_query($link, $sql); + try { + $result = @mysqli_query($link, $sql); + } catch (Exception $e) { + $result = null; + } } } else { if ($error) { @@ -1657,7 +1661,11 @@ function sql_fetch_array($result) if( ! $result) return array(); if(function_exists('mysqli_fetch_assoc') && G5_MYSQLI_USE) - $row = @mysqli_fetch_assoc($result); + try { + $row = @mysqli_fetch_assoc($result); + } catch (Exception $e) { + $row = null; + } else $row = @mysql_fetch_assoc($result); diff --git a/plugin/htmlpurifier/HTMLPurifier.standalone.php b/plugin/htmlpurifier/HTMLPurifier.standalone.php index 6e9db001f..d889e6af3 100644 --- a/plugin/htmlpurifier/HTMLPurifier.standalone.php +++ b/plugin/htmlpurifier/HTMLPurifier.standalone.php @@ -8319,7 +8319,10 @@ class HTMLPurifier_PropertyListIterator extends FilterIterator /** * @return bool + * + * {@inheritdoc} */ + #[\ReturnTypeWillChange] public function accept() { $key = $this->getInnerIterator()->key(); @@ -8437,7 +8440,10 @@ class HTMLPurifier_StringHash extends ArrayObject * Retrieves a value, and logs the access. * @param mixed $index * @return mixed + * + * {@inheritdoc} */ + #[\ReturnTypeWillChange] public function offsetGet($index) { $this->accessed[$index] = true; From 99f7cd4d198e27496ea9f932a0e9dd813d6b31f8 Mon Sep 17 00:00:00 2001 From: kagla Date: Mon, 14 Mar 2022 04:38:15 +0000 Subject: [PATCH 03/16] =?UTF-8?q?base=5Fconvert():=20Passing=20null=20to?= =?UTF-8?q?=20parameter=20#1=20($num)=20of=20type=20string=20is=20deprecat?= =?UTF-8?q?ed.=20=EB=AC=B8=EC=9E=90=EC=97=B4=20=EC=9C=A0=ED=98=95=EC=9D=98?= =?UTF-8?q?=20=EB=A7=A4=EA=B0=9C=EB=B3=80=EC=88=98=20#1($num)=EC=97=90=20n?= =?UTF-8?q?ull=EC=9D=84=20=EC=A0=84=EB=8B=AC=ED=95=98=EB=8A=94=20=EA=B2=83?= =?UTF-8?q?=EC=9D=80=20=EB=8D=94=20=EC=9D=B4=EC=83=81=20=EC=82=AC=EC=9A=A9?= =?UTF-8?q?=EB=90=98=EC=A7=80=20=EC=95=8A=EC=8A=B5=EB=8B=88=EB=8B=A4.=20?= =?UTF-8?q?=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/categoryform.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/shop_admin/categoryform.php b/adm/shop_admin/categoryform.php index 8a133d515..93e22f793 100644 --- a/adm/shop_admin/categoryform.php +++ b/adm/shop_admin/categoryform.php @@ -49,7 +49,7 @@ if ($w == "") where SUBSTRING(ca_id,1,$len) = '$ca_id' "; $row = sql_fetch($sql); - $subid = base_convert($row['max_subid'], 36, 10); + $subid = base_convert((string)$row['max_subid'], 36, 10); $subid += 36; if ($subid >= 36 * 36) { From 767af99ba87add68f1ed09e128a0b7f72de3e812 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 31 Mar 2022 05:41:23 +0000 Subject: [PATCH 04/16] =?UTF-8?q?PHP8.1=20number=5Fformat():=20Passing=20n?= =?UTF-8?q?ull=20to=20parameter=20#1=20($num)=20of=20type=20float=20is=20d?= =?UTF-8?q?eprecated.=20=EB=B6=80=EB=8F=99=EC=86=8C=EC=88=98=EC=A0=90=20?= =?UTF-8?q?=ED=83=80=EC=9E=85=EC=9D=98=20=ED=8C=8C=EB=9D=BC=EB=AF=B8?= =?UTF-8?q?=ED=84=B0=20#1($num)=EC=97=90=20null=EC=9D=84=20=EC=A0=84?= =?UTF-8?q?=EB=8B=AC=ED=95=98=EB=8A=94=20=EA=B2=83=EC=9D=80=20=EB=8D=94=20?= =?UTF-8?q?=EC=9D=B4=EC=83=81=20=EC=82=AC=EC=9A=A9=EB=90=98=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EC=8A=B5=EB=8B=88=EB=8B=A4.=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/itemstocklist.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/adm/shop_admin/itemstocklist.php b/adm/shop_admin/itemstocklist.php index bd2b5519d..314192d85 100644 --- a/adm/shop_admin/itemstocklist.php +++ b/adm/shop_admin/itemstocklist.php @@ -171,9 +171,9 @@ $listall = '전체목 - - - + + + From 66130b3fe16c73fda23a20c72c61235c670067ed Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 31 Mar 2022 08:00:49 +0000 Subject: [PATCH 05/16] =?UTF-8?q?PHP8.1=20Deprecated:=20addslashes():=20Pa?= =?UTF-8?q?ssing=20null=20to=20parameter=20#1=20($string)=20of=20type=20st?= =?UTF-8?q?ring=20is=20deprecated.=20addslashes=20=ED=95=A8=EC=88=98?= =?UTF-8?q?=EC=9D=98=20=EB=AC=B8=EC=9E=90=ED=83=80=EC=9E=85=EC=9D=98=20?= =?UTF-8?q?=EC=B2=AB=EB=B2=88=EC=A7=B8=20=ED=8C=8C=EB=9D=BC=EB=AF=B8?= =?UTF-8?q?=ED=84=B0=EC=97=90=20null=EC=9D=84=20=EC=A0=84=EB=8B=AC?= =?UTF-8?q?=ED=95=98=EB=8A=94=20=EA=B2=83=EC=9D=80=20=EB=8D=94=20=EC=9D=B4?= =?UTF-8?q?=EC=83=81=20=EC=82=AC=EC=9A=A9=EB=90=98=EC=A7=80=20=EC=95=8A?= =?UTF-8?q?=EC=8A=B5=EB=8B=88=EB=8B=A4.=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/itemexcelupdate.php | 56 +++++++++++++++--------------- lib/PHPExcel/Cell.php | 2 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/adm/shop_admin/itemexcelupdate.php b/adm/shop_admin/itemexcelupdate.php index 600da0237..773cb1a00 100644 --- a/adm/shop_admin/itemexcelupdate.php +++ b/adm/shop_admin/itemexcelupdate.php @@ -10,7 +10,7 @@ auth_check_menu($auth, $sub_menu, "w"); function only_number($n) { - return preg_replace('/[^0-9]/', '', $n); + return preg_replace('/[^0-9]/', '', (string)$n); } $is_upload_file = (isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) ? 1 : 0; @@ -50,44 +50,44 @@ if($is_upload_file) { $it_id = (string) $rowData[0][$j++]; $it_id = preg_match('/[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)/', $it_id) ? addslashes(sprintf("%.0f", $it_id)) : preg_replace('/[^0-9a-z_\-]/i', '', $it_id); $ca_id = addslashes($rowData[0][$j++]); - $ca_id2 = addslashes($rowData[0][$j++]); - $ca_id3 = addslashes($rowData[0][$j++]); + $ca_id2 = addslashes((string)$rowData[0][$j++]); + $ca_id3 = addslashes((string)$rowData[0][$j++]); $it_name = addslashes($rowData[0][$j++]); - $it_maker = addslashes($rowData[0][$j++]); - $it_origin = addslashes($rowData[0][$j++]); - $it_brand = addslashes($rowData[0][$j++]); - $it_model = addslashes($rowData[0][$j++]); - $it_type1 = addslashes($rowData[0][$j++]); - $it_type2 = addslashes($rowData[0][$j++]); - $it_type3 = addslashes($rowData[0][$j++]); - $it_type4 = addslashes($rowData[0][$j++]); - $it_type5 = addslashes($rowData[0][$j++]); - $it_basic = addslashes($rowData[0][$j++]); - $it_explan = addslashes($rowData[0][$j++]); - $it_mobile_explan = addslashes($rowData[0][$j++]); + $it_maker = addslashes((string)$rowData[0][$j++]); + $it_origin = addslashes((string)$rowData[0][$j++]); + $it_brand = addslashes((string)$rowData[0][$j++]); + $it_model = addslashes((string)$rowData[0][$j++]); + $it_type1 = addslashes((string)$rowData[0][$j++]); + $it_type2 = addslashes((string)$rowData[0][$j++]); + $it_type3 = addslashes((string)$rowData[0][$j++]); + $it_type4 = addslashes((string)$rowData[0][$j++]); + $it_type5 = addslashes((string)$rowData[0][$j++]); + $it_basic = addslashes((string)$rowData[0][$j++]); + $it_explan = addslashes((string)$rowData[0][$j++]); + $it_mobile_explan = addslashes((string)$rowData[0][$j++]); $it_cust_price = addslashes(only_number($rowData[0][$j++])); $it_price = addslashes(only_number($rowData[0][$j++])); - $it_tel_inq = addslashes($rowData[0][$j++]); + $it_tel_inq = addslashes((string)$rowData[0][$j++]); $it_point = addslashes(only_number($rowData[0][$j++])); $it_point_type = addslashes(only_number($rowData[0][$j++])); - $it_sell_email = addslashes($rowData[0][$j++]); - $it_use = addslashes($rowData[0][$j++]); + $it_sell_email = addslashes((string)$rowData[0][$j++]); + $it_use = addslashes((string)$rowData[0][$j++]); $it_stock_qty = addslashes(only_number($rowData[0][$j++])); $it_noti_qty = addslashes(only_number($rowData[0][$j++])); $it_buy_min_qty = addslashes(only_number($rowData[0][$j++])); $it_buy_max_qty = addslashes(only_number($rowData[0][$j++])); $it_notax = addslashes(only_number($rowData[0][$j++])); $it_order = addslashes(only_number($rowData[0][$j++])); - $it_img1 = addslashes($rowData[0][$j++]); - $it_img2 = addslashes($rowData[0][$j++]); - $it_img3 = addslashes($rowData[0][$j++]); - $it_img4 = addslashes($rowData[0][$j++]); - $it_img5 = addslashes($rowData[0][$j++]); - $it_img6 = addslashes($rowData[0][$j++]); - $it_img7 = addslashes($rowData[0][$j++]); - $it_img8 = addslashes($rowData[0][$j++]); - $it_img9 = addslashes($rowData[0][$j++]); - $it_img10 = addslashes($rowData[0][$j++]); + $it_img1 = addslashes((string)$rowData[0][$j++]); + $it_img2 = addslashes((string)$rowData[0][$j++]); + $it_img3 = addslashes((string)$rowData[0][$j++]); + $it_img4 = addslashes((string)$rowData[0][$j++]); + $it_img5 = addslashes((string)$rowData[0][$j++]); + $it_img6 = addslashes((string)$rowData[0][$j++]); + $it_img7 = addslashes((string)$rowData[0][$j++]); + $it_img8 = addslashes((string)$rowData[0][$j++]); + $it_img9 = addslashes((string)$rowData[0][$j++]); + $it_img10 = addslashes((string)$rowData[0][$j++]); $it_explan2 = strip_tags(trim($it_explan)); if(!$it_id || !$ca_id || !$it_name) { diff --git a/lib/PHPExcel/Cell.php b/lib/PHPExcel/Cell.php index 4b1437f55..e18dec3f8 100644 --- a/lib/PHPExcel/Cell.php +++ b/lib/PHPExcel/Cell.php @@ -842,7 +842,7 @@ class PHPExcel_Cell if ($pColumnIndex < 26) { $_indexCache[$pColumnIndex] = chr(65 + $pColumnIndex); } elseif ($pColumnIndex < 702) { - $_indexCache[$pColumnIndex] = chr(64 + ($pColumnIndex / 26)) . + $_indexCache[$pColumnIndex] = chr(64 + (int)($pColumnIndex / 26)) . chr(65 + $pColumnIndex % 26); } else { $_indexCache[$pColumnIndex] = chr(64 + (($pColumnIndex - 26) / 676)) . From ecb10436e527cb130cfcba80b6037eced228d8fa Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 31 Mar 2022 08:00:49 +0000 Subject: [PATCH 06/16] =?UTF-8?q?PHP8.1=20Deprecated:=20addslashes():=20Pa?= =?UTF-8?q?ssing=20null=20to=20parameter=20#1=20($string)=20of=20type=20st?= =?UTF-8?q?ring=20is=20deprecated.=20addslashes=20=ED=95=A8=EC=88=98?= =?UTF-8?q?=EC=9D=98=20=EB=AC=B8=EC=9E=90=ED=83=80=EC=9E=85=EC=9D=98=20?= =?UTF-8?q?=EC=B2=AB=EB=B2=88=EC=A7=B8=20=ED=8C=8C=EB=9D=BC=EB=AF=B8?= =?UTF-8?q?=ED=84=B0=EC=97=90=20null=EC=9D=84=20=EC=A0=84=EB=8B=AC?= =?UTF-8?q?=ED=95=98=EB=8A=94=20=EA=B2=83=EC=9D=80=20=EB=8D=94=20=EC=9D=B4?= =?UTF-8?q?=EC=83=81=20=EC=82=AC=EC=9A=A9=EB=90=98=EC=A7=80=20=EC=95=8A?= =?UTF-8?q?=EC=8A=B5=EB=8B=88=EB=8B=A4.=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/itemexcelupdate.php | 56 +++++++++++++++--------------- common.php | 4 +-- lib/PHPExcel/Cell.php | 2 +- 3 files changed, 30 insertions(+), 32 deletions(-) diff --git a/adm/shop_admin/itemexcelupdate.php b/adm/shop_admin/itemexcelupdate.php index 600da0237..773cb1a00 100644 --- a/adm/shop_admin/itemexcelupdate.php +++ b/adm/shop_admin/itemexcelupdate.php @@ -10,7 +10,7 @@ auth_check_menu($auth, $sub_menu, "w"); function only_number($n) { - return preg_replace('/[^0-9]/', '', $n); + return preg_replace('/[^0-9]/', '', (string)$n); } $is_upload_file = (isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) ? 1 : 0; @@ -50,44 +50,44 @@ if($is_upload_file) { $it_id = (string) $rowData[0][$j++]; $it_id = preg_match('/[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)/', $it_id) ? addslashes(sprintf("%.0f", $it_id)) : preg_replace('/[^0-9a-z_\-]/i', '', $it_id); $ca_id = addslashes($rowData[0][$j++]); - $ca_id2 = addslashes($rowData[0][$j++]); - $ca_id3 = addslashes($rowData[0][$j++]); + $ca_id2 = addslashes((string)$rowData[0][$j++]); + $ca_id3 = addslashes((string)$rowData[0][$j++]); $it_name = addslashes($rowData[0][$j++]); - $it_maker = addslashes($rowData[0][$j++]); - $it_origin = addslashes($rowData[0][$j++]); - $it_brand = addslashes($rowData[0][$j++]); - $it_model = addslashes($rowData[0][$j++]); - $it_type1 = addslashes($rowData[0][$j++]); - $it_type2 = addslashes($rowData[0][$j++]); - $it_type3 = addslashes($rowData[0][$j++]); - $it_type4 = addslashes($rowData[0][$j++]); - $it_type5 = addslashes($rowData[0][$j++]); - $it_basic = addslashes($rowData[0][$j++]); - $it_explan = addslashes($rowData[0][$j++]); - $it_mobile_explan = addslashes($rowData[0][$j++]); + $it_maker = addslashes((string)$rowData[0][$j++]); + $it_origin = addslashes((string)$rowData[0][$j++]); + $it_brand = addslashes((string)$rowData[0][$j++]); + $it_model = addslashes((string)$rowData[0][$j++]); + $it_type1 = addslashes((string)$rowData[0][$j++]); + $it_type2 = addslashes((string)$rowData[0][$j++]); + $it_type3 = addslashes((string)$rowData[0][$j++]); + $it_type4 = addslashes((string)$rowData[0][$j++]); + $it_type5 = addslashes((string)$rowData[0][$j++]); + $it_basic = addslashes((string)$rowData[0][$j++]); + $it_explan = addslashes((string)$rowData[0][$j++]); + $it_mobile_explan = addslashes((string)$rowData[0][$j++]); $it_cust_price = addslashes(only_number($rowData[0][$j++])); $it_price = addslashes(only_number($rowData[0][$j++])); - $it_tel_inq = addslashes($rowData[0][$j++]); + $it_tel_inq = addslashes((string)$rowData[0][$j++]); $it_point = addslashes(only_number($rowData[0][$j++])); $it_point_type = addslashes(only_number($rowData[0][$j++])); - $it_sell_email = addslashes($rowData[0][$j++]); - $it_use = addslashes($rowData[0][$j++]); + $it_sell_email = addslashes((string)$rowData[0][$j++]); + $it_use = addslashes((string)$rowData[0][$j++]); $it_stock_qty = addslashes(only_number($rowData[0][$j++])); $it_noti_qty = addslashes(only_number($rowData[0][$j++])); $it_buy_min_qty = addslashes(only_number($rowData[0][$j++])); $it_buy_max_qty = addslashes(only_number($rowData[0][$j++])); $it_notax = addslashes(only_number($rowData[0][$j++])); $it_order = addslashes(only_number($rowData[0][$j++])); - $it_img1 = addslashes($rowData[0][$j++]); - $it_img2 = addslashes($rowData[0][$j++]); - $it_img3 = addslashes($rowData[0][$j++]); - $it_img4 = addslashes($rowData[0][$j++]); - $it_img5 = addslashes($rowData[0][$j++]); - $it_img6 = addslashes($rowData[0][$j++]); - $it_img7 = addslashes($rowData[0][$j++]); - $it_img8 = addslashes($rowData[0][$j++]); - $it_img9 = addslashes($rowData[0][$j++]); - $it_img10 = addslashes($rowData[0][$j++]); + $it_img1 = addslashes((string)$rowData[0][$j++]); + $it_img2 = addslashes((string)$rowData[0][$j++]); + $it_img3 = addslashes((string)$rowData[0][$j++]); + $it_img4 = addslashes((string)$rowData[0][$j++]); + $it_img5 = addslashes((string)$rowData[0][$j++]); + $it_img6 = addslashes((string)$rowData[0][$j++]); + $it_img7 = addslashes((string)$rowData[0][$j++]); + $it_img8 = addslashes((string)$rowData[0][$j++]); + $it_img9 = addslashes((string)$rowData[0][$j++]); + $it_img10 = addslashes((string)$rowData[0][$j++]); $it_explan2 = strip_tags(trim($it_explan)); if(!$it_id || !$ca_id || !$it_name) { diff --git a/common.php b/common.php index 80171c164..dd4c2e1af 100644 --- a/common.php +++ b/common.php @@ -2,9 +2,7 @@ /******************************************************************************* ** 공통 변수, 상수, 코드 *******************************************************************************/ -// error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING ); -error_reporting(E_ALL); -ini_set("display_errors", 1); +error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING ); // 보안설정이나 프레임이 달라도 쿠키가 통하도록 설정 header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"'); diff --git a/lib/PHPExcel/Cell.php b/lib/PHPExcel/Cell.php index 4b1437f55..e18dec3f8 100644 --- a/lib/PHPExcel/Cell.php +++ b/lib/PHPExcel/Cell.php @@ -842,7 +842,7 @@ class PHPExcel_Cell if ($pColumnIndex < 26) { $_indexCache[$pColumnIndex] = chr(65 + $pColumnIndex); } elseif ($pColumnIndex < 702) { - $_indexCache[$pColumnIndex] = chr(64 + ($pColumnIndex / 26)) . + $_indexCache[$pColumnIndex] = chr(64 + (int)($pColumnIndex / 26)) . chr(65 + $pColumnIndex % 26); } else { $_indexCache[$pColumnIndex] = chr(64 + (($pColumnIndex - 26) / 676)) . From 0b90f9d63148ad5b22e02611dc2968e5ca9380a0 Mon Sep 17 00:00:00 2001 From: kjh Date: Tue, 24 May 2022 08:42:01 +0000 Subject: [PATCH 07/16] =?UTF-8?q?htmlpurifier=204.14.0=20ver=20=EC=A0=81?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../htmlpurifier/HTMLPurifier.standalone.php | 47 ++++++++++++++----- .../Language/classes/en-x-test.php | 9 ---- .../Language/messages/en-x-test.php | 11 ----- .../Language/messages/en-x-testmini.php | 12 ----- 4 files changed, 34 insertions(+), 45 deletions(-) delete mode 100644 plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php delete mode 100644 plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-test.php delete mode 100644 plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php diff --git a/plugin/htmlpurifier/HTMLPurifier.standalone.php b/plugin/htmlpurifier/HTMLPurifier.standalone.php index d889e6af3..0c74802e3 100644 --- a/plugin/htmlpurifier/HTMLPurifier.standalone.php +++ b/plugin/htmlpurifier/HTMLPurifier.standalone.php @@ -7,7 +7,7 @@ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * FILE, changes will be overwritten the next time the script is run. * - * @version 4.13.0 + * @version 4.14.0 * * @warning * You must *not* include any other HTML Purifier files before this file, @@ -39,7 +39,7 @@ */ /* - HTML Purifier 4.13.0 - Standards Compliant HTML Filtering + HTML Purifier 4.14.0 - Standards Compliant HTML Filtering Copyright (C) 2006-2008 Edward Z. Yang This library is free software; you can redistribute it and/or @@ -78,12 +78,12 @@ class HTMLPurifier * Version of HTML Purifier. * @type string */ - public $version = '4.13.0'; + public $version = '4.14.0'; /** * Constant with version of HTML Purifier. */ - const VERSION = '4.13.0'; + const VERSION = '4.14.0'; /** * Global configuration object. @@ -1312,6 +1312,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition ); $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition(); + $this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite( + array( + new HTMLPurifier_AttrDef_Enum( + array( + 'auto', + 'cover', + 'contain', + 'initial', + 'inherit', + ) + ), + new HTMLPurifier_AttrDef_CSS_Percentage(), + new HTMLPurifier_AttrDef_CSS_Length() + ) + ); + $border_color = $this->info['border-top-color'] = $this->info['border-bottom-color'] = @@ -1811,7 +1827,7 @@ class HTMLPurifier_Config * HTML Purifier's version * @type string */ - public $version = '4.13.0'; + public $version = '4.14.0'; /** * Whether or not to automatically finalize @@ -2593,7 +2609,7 @@ class HTMLPurifier_Config if ($index !== false) { $array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array(); } - $mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); + $mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc(); $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema); $ret = array(); @@ -6207,8 +6223,9 @@ class HTMLPurifier_HTMLModule */ public function makeLookup($list) { + $args = func_get_args(); if (is_string($list)) { - $list = func_get_args(); + $list = $args; } $ret = array(); foreach ($list as $value) { @@ -11080,6 +11097,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $this->info['background-repeat'] = $def->info['background-repeat']; $this->info['background-attachment'] = $def->info['background-attachment']; $this->info['background-position'] = $def->info['background-position']; + $this->info['background-size'] = $def->info['background-size']; } /** @@ -11108,6 +11126,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef $caught['repeat'] = false; $caught['attachment'] = false; $caught['position'] = false; + $caught['size'] = false; $i = 0; // number of catches @@ -15274,7 +15293,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef } } - if (empty($content)) { + if (empty($content) && $thead === false && $tfoot === false) { return false; } @@ -17631,10 +17650,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule $type = "info_$type"; $e = $this; } - // PHP does some weird parsing when I do - // $e->$type[$attr], so I have to assign a ref. - $f =& $e->$type; - $f[$attr] = $fix; + $e->{$type}[$attr] = $fix; break; case 'tag_transform': $this->info_tag_transform[$params['element']] = $fix; @@ -17974,9 +17990,11 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule // @vspace for img ------------------------------------------------ $r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace'); - // @width for hr, td, th ------------------------------------------ + // @width for table, hr, td, th, col ------------------------------------------ + $r['table@width'] = $r['td@width'] = $r['th@width'] = + $r['col@width'] = $r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width'); return $r; @@ -18513,6 +18531,9 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector '/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu', $token->data, -1, PREG_SPLIT_DELIM_CAPTURE); + if ($bits === false) { + return; + } $token = array(); diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php deleted file mode 100644 index 8828f5cde..000000000 --- a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/classes/en-x-test.php +++ /dev/null @@ -1,9 +0,0 @@ - 'HTML Purifier X' -); - -// vim: et sw=4 sts=4 diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php deleted file mode 100644 index 806c83fbf..000000000 --- a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en-x-testmini.php +++ /dev/null @@ -1,12 +0,0 @@ - 'HTML Purifier XNone' -); - -// vim: et sw=4 sts=4 From 0edbdab1d8cc8796cebaab1b22cd3f67e3fd5bdd Mon Sep 17 00:00:00 2001 From: kjh Date: Tue, 24 May 2022 08:44:52 +0000 Subject: [PATCH 08/16] PHP8.1 Syntax/Functionality Changes & Deprecations List Check --- lib/PHPExcel/Calculation/DateTime.php | 8 ++++---- plugin/PHPMailer/extras/ntlm_sasl_client.php | 2 +- plugin/kcaptcha/kcaptcha.lib.php | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/PHPExcel/Calculation/DateTime.php b/lib/PHPExcel/Calculation/DateTime.php index 72f4c7a23..76d471b29 100644 --- a/lib/PHPExcel/Calculation/DateTime.php +++ b/lib/PHPExcel/Calculation/DateTime.php @@ -534,7 +534,7 @@ class PHPExcel_Calculation_DateTime if ($testVal2 !== false) { $testVal3 = strtok('- '); if ($testVal3 === false) { - $testVal3 = strftime('%Y'); + $testVal3 = date('Y'); } } else { return PHPExcel_Calculation_Functions::VALUE(); @@ -554,16 +554,16 @@ class PHPExcel_Calculation_DateTime if (($PHPDateArray !== false) && ($PHPDateArray['error_count'] == 0)) { // Execute function if ($PHPDateArray['year'] == '') { - $PHPDateArray['year'] = strftime('%Y'); + $PHPDateArray['year'] = date('Y'); } if ($PHPDateArray['year'] < 1900) { return PHPExcel_Calculation_Functions::VALUE(); } if ($PHPDateArray['month'] == '') { - $PHPDateArray['month'] = strftime('%m'); + $PHPDateArray['month'] = date('m'); } if ($PHPDateArray['day'] == '') { - $PHPDateArray['day'] = strftime('%d'); + $PHPDateArray['day'] = date('d'); } $excelDateValue = floor( PHPExcel_Shared_Date::FormattedPHPToExcel( diff --git a/plugin/PHPMailer/extras/ntlm_sasl_client.php b/plugin/PHPMailer/extras/ntlm_sasl_client.php index 3fd539240..f412ef006 100644 --- a/plugin/PHPMailer/extras/ntlm_sasl_client.php +++ b/plugin/PHPMailer/extras/ntlm_sasl_client.php @@ -66,7 +66,7 @@ class ntlm_sasl_client_class public function NTLMResponse($challenge, $password) { $unicode = $this->ASCIIToUnicode($password); - $md4 = mhash(MHASH_MD4, $unicode); + $md4 = hash('md4', $unicode, true); $padded = $md4 . str_repeat(chr(0), 21 - strlen($md4)); $iv_size = mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); diff --git a/plugin/kcaptcha/kcaptcha.lib.php b/plugin/kcaptcha/kcaptcha.lib.php index 6354399b9..3da6a84d4 100644 --- a/plugin/kcaptcha/kcaptcha.lib.php +++ b/plugin/kcaptcha/kcaptcha.lib.php @@ -171,10 +171,10 @@ class KCAPTCHA{ if($sx<0 || $sy<0 || $sx>=$width-1 || $sy>=$height-1){ continue; }else{ - $color=imagecolorat($img, $sx, $sy) & 0xFF; - $color_x=imagecolorat($img, $sx+1, $sy) & 0xFF; - $color_y=imagecolorat($img, $sx, $sy+1) & 0xFF; - $color_xy=imagecolorat($img, $sx+1, $sy+1) & 0xFF; + $color=imagecolorat($img, (int)$sx, (int)$sy) & 0xFF; + $color_x=imagecolorat($img, (int)$sx+1, (int)$sy) & 0xFF; + $color_y=imagecolorat($img, (int)$sx, (int)$sy+1) & 0xFF; + $color_xy=imagecolorat($img, (int)$sx+1, (int)$sy+1) & 0xFF; } if($color==255 && $color_x==255 && $color_y==255 && $color_xy==255){ @@ -204,7 +204,7 @@ class KCAPTCHA{ $newblue=$newcolor0*$foreground_color[2]+$newcolor*$background_color[2]; } - imagesetpixel($img2, $x, $y, imagecolorallocate($img2, $newred, $newgreen, $newblue)); + imagesetpixel($img2, (int)$x, (int)$y, imagecolorallocate($img2, (int)$newred, (int)$newgreen, (int)$newblue)); } } From b591c91c993555d1b1b2c07c117cc93447848cfa Mon Sep 17 00:00:00 2001 From: kjh Date: Tue, 24 May 2022 08:47:17 +0000 Subject: [PATCH 09/16] =?UTF-8?q?=ED=88=AC=ED=91=9C=20>=20=EA=B8=B0?= =?UTF-8?q?=ED=83=80=EC=9D=98=EA=B2=AC=20=EC=9E=91=EC=84=B1=20=EC=8B=9C=20?= =?UTF-8?q?=EB=B9=84=ED=9A=8C=EC=9B=90=EB=A7=8C=20capcha=20=ED=91=9C?= =?UTF-8?q?=EC=8B=9C=ED=95=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/poll/basic/poll_result.skin.php | 2 +- skin/poll/basic/poll_result.skin.php | 2 +- skin/poll/shop_basic/poll_result.skin.php | 2 +- theme/basic/mobile/skin/poll/basic/poll_result.skin.php | 2 +- theme/basic/skin/poll/basic/poll_result.skin.php | 2 +- theme/basic/skin/poll/shop_basic/poll_result.skin.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mobile/skin/poll/basic/poll_result.skin.php b/mobile/skin/poll/basic/poll_result.skin.php index d7c848936..6169445af 100644 --- a/mobile/skin/poll/basic/poll_result.skin.php +++ b/mobile/skin/poll/basic/poll_result.skin.php @@ -79,8 +79,8 @@ add_stylesheet('', 0) - + diff --git a/skin/poll/basic/poll_result.skin.php b/skin/poll/basic/poll_result.skin.php index 7c7383046..8538986d8 100644 --- a/skin/poll/basic/poll_result.skin.php +++ b/skin/poll/basic/poll_result.skin.php @@ -79,8 +79,8 @@ add_stylesheet('', 0) - + diff --git a/skin/poll/shop_basic/poll_result.skin.php b/skin/poll/shop_basic/poll_result.skin.php index ab3df7063..8141ab7b3 100644 --- a/skin/poll/shop_basic/poll_result.skin.php +++ b/skin/poll/shop_basic/poll_result.skin.php @@ -80,8 +80,8 @@ add_stylesheet('', 0) - + diff --git a/theme/basic/mobile/skin/poll/basic/poll_result.skin.php b/theme/basic/mobile/skin/poll/basic/poll_result.skin.php index d7c848936..6169445af 100644 --- a/theme/basic/mobile/skin/poll/basic/poll_result.skin.php +++ b/theme/basic/mobile/skin/poll/basic/poll_result.skin.php @@ -79,8 +79,8 @@ add_stylesheet('', 0) - + diff --git a/theme/basic/skin/poll/basic/poll_result.skin.php b/theme/basic/skin/poll/basic/poll_result.skin.php index 7c7383046..8538986d8 100644 --- a/theme/basic/skin/poll/basic/poll_result.skin.php +++ b/theme/basic/skin/poll/basic/poll_result.skin.php @@ -79,8 +79,8 @@ add_stylesheet('', 0) - + diff --git a/theme/basic/skin/poll/shop_basic/poll_result.skin.php b/theme/basic/skin/poll/shop_basic/poll_result.skin.php index ab3df7063..8141ab7b3 100644 --- a/theme/basic/skin/poll/shop_basic/poll_result.skin.php +++ b/theme/basic/skin/poll/shop_basic/poll_result.skin.php @@ -80,8 +80,8 @@ add_stylesheet('', 0) - + From 3aee9326d703e791c97e63771b511101fcaff46e Mon Sep 17 00:00:00 2001 From: kjh Date: Tue, 24 May 2022 08:48:51 +0000 Subject: [PATCH 10/16] fixed Undefined variable --- adm/shop_admin/couponformupdate.php | 2 +- adm/shop_admin/itemlistupdate.php | 4 ++-- adm/sms_admin/num_book_file_upload.php | 4 ++-- adm/sms_admin/number_move_update.php | 1 + bbs/memo_form.php | 8 ++++++-- bbs/password.php | 14 ++++++++------ bbs/password_lost2.php | 5 +++-- bbs/register_form_update.php | 1 + 8 files changed, 24 insertions(+), 15 deletions(-) diff --git a/adm/shop_admin/couponformupdate.php b/adm/shop_admin/couponformupdate.php index f5ddb3fb2..9d63f6db8 100644 --- a/adm/shop_admin/couponformupdate.php +++ b/adm/shop_admin/couponformupdate.php @@ -139,7 +139,7 @@ if($w == '') { } // 쿠폰생성알림 발송 -if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) { +if ($w == '' && (isset($_POST['cp_sms_send']) || isset($_POST['cp_email_send']))) { include_once(G5_LIB_PATH.'/mailer.lib.php'); $sms_count = 0; diff --git a/adm/shop_admin/itemlistupdate.php b/adm/shop_admin/itemlistupdate.php index 720a4979a..0bb4d393b 100644 --- a/adm/shop_admin/itemlistupdate.php +++ b/adm/shop_admin/itemlistupdate.php @@ -35,8 +35,8 @@ if ($post_act_button == "선택수정") { $p_it_stock_qty = (isset($_POST['it_stock_qty']) && is_array($_POST['it_stock_qty'])) ? strip_tags($_POST['it_stock_qty'][$k]) : ''; $p_it_skin = (isset($_POST['it_skin']) && is_array($_POST['it_skin'])) ? strip_tags($_POST['it_skin'][$k]) : ''; $p_it_mobile_skin = (isset($_POST['it_mobile_skin']) && is_array($_POST['it_mobile_skin'])) ? strip_tags($_POST['it_mobile_skin'][$k]) : ''; - $p_it_use = (isset($_POST['it_use']) && is_array($_POST['it_use'])) ? strip_tags($_POST['it_use'][$k]) : ''; - $p_it_soldout = (isset($_POST['it_soldout']) && is_array($_POST['it_soldout'])) ? strip_tags($_POST['it_soldout'][$k]) : ''; + $p_it_use = isset($_POST['it_use'][$k]) ? clean_xss_tags($_POST['it_use'][$k], 1, 1) : 0; + $p_it_soldout = isset($_POST['it_soldout'][$k]) ? clean_xss_tags($_POST['it_soldout'][$k], 1, 1) : 0; $p_it_order = (isset($_POST['it_order']) && is_array($_POST['it_order'])) ? strip_tags($_POST['it_order'][$k]) : ''; $p_it_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : ''; diff --git a/adm/sms_admin/num_book_file_upload.php b/adm/sms_admin/num_book_file_upload.php index 0c07d9ea9..bcc8f8665 100644 --- a/adm/sms_admin/num_book_file_upload.php +++ b/adm/sms_admin/num_book_file_upload.php @@ -74,13 +74,13 @@ for ($i = 1; $i <= $num_rows; $i++) { switch ($ext) { case '.csv' : - $name = $csv[$i][0]; + $name = isset($csv[$i][0]) ? $csv[$i][0] : ''; $str_encode = @mb_detect_encoding($name, $encode); if( $str_encode == "EUC-KR" ){ $name = iconv_utf8( $name ); } $name = addslashes($name); - $hp = addslashes($csv[$i][1]); + $hp = addslashes(isset($csv[$i][1]) ? $csv[$i][1] : ''); break; case '.xls' : case '.xlsx' : diff --git a/adm/sms_admin/number_move_update.php b/adm/sms_admin/number_move_update.php index f1925645f..4118dd96a 100644 --- a/adm/sms_admin/number_move_update.php +++ b/adm/sms_admin/number_move_update.php @@ -1,4 +1,5 @@ 1) $sql = " select mb_no, mb_id, mb_name, mb_nick, mb_email, mb_datetime, mb_leave_date from {$g5['member_table']} where mb_email = '$email' "; $mb = sql_fetch($sql); -if (!$mb['mb_id'] || $mb['mb_leave_date']) +if (empty($mb['mb_id']) || $mb['mb_leave_date']) { alert('존재하지 않는 회원입니다.'); -else if (is_admin($mb['mb_id'])) +} elseif (is_admin($mb['mb_id'])) { alert('관리자 아이디는 접근 불가합니다.'); +} // 임시비밀번호 발급 $change_password = rand(100000, 999999); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 4374c6566..344856621 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -52,6 +52,7 @@ $mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) $mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : ""; $mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : ""; $mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : ""; +$mb_open = isset($_POST['mb_open']) ? trim($_POST['mb_open']) : "0"; $mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : ""; $mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : ""; $mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : ""; From 0031b205972535232cf0a465dfc3fcdaf9ce33ef Mon Sep 17 00:00:00 2001 From: kjh Date: Thu, 26 May 2022 06:09:45 +0000 Subject: [PATCH 11/16] =?UTF-8?q?bo=5Ftable=20=EC=84=A0=EC=96=B8=20?= =?UTF-8?q?=EB=B0=8F=20=EC=98=88=EC=99=B8=EC=B2=98=EB=A6=AC=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy.php | 12 +++++++++--- adm/board_copy_update.php | 27 ++++++++++++++++++--------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/adm/board_copy.php b/adm/board_copy.php index f0588585a..87036222d 100644 --- a/adm/board_copy.php +++ b/adm/board_copy.php @@ -6,6 +6,11 @@ auth_check_menu($auth, $sub_menu, 'w'); $g5['title'] = '게시판 복사'; include_once(G5_PATH.'/head.sub.php'); + +$bo_table = $_REQUEST['bo_table']; +if (empty($bo_table)) { + alert_close("정상적인 방법으로 이용해주세요."); +} ?> @@ -59,9 +64,10 @@ include_once(G5_PATH.'/head.sub.php'); function fboardcopy_check(f) { diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index a0452345f..ef53e30d1 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -8,23 +8,29 @@ auth_check_menu($auth, $sub_menu, 'w'); check_admin_token(); +$bo_table = isset($_POST['bo_table']) ? $_POST['bo_table'] : null; $target_table = isset($_POST['target_table']) ? trim($_POST['target_table']) : ''; $target_subject = isset($_POST['target_subject']) ? trim($_POST['target_subject']) : ''; $target_subject = strip_tags(clean_xss_attributes($target_subject)); +if (empty($bo_table)) { + alert("원본 테이블 정보가 없습니다."); +} + if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); } // 게시판명이 금지된 단어로 되어 있으면 -if ( $w == '' && in_array($target_table, get_bo_table_banned_word()) ){ +if ($w == '' && in_array($target_table, get_bo_table_banned_word())) { alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.'); } $row = sql_fetch(" select count(*) as cnt from {$g5['board_table']} where bo_table = '$target_table' "); -if ($row['cnt']) +if ($row['cnt']) { alert($target_table.'은(는) 이미 존재하는 게시판 테이블명 입니다.\\n복사할 테이블명으로 사용할 수 없습니다.'); +} // 게시판 테이블 생성 $sql = get_table_define($g5['write_prefix'] . $bo_table); @@ -146,22 +152,25 @@ $copy_file = 0; if ($copy_case == 'schema_data_both') { $d = dir(G5_DATA_PATH.'/file/'.$bo_table); while ($entry = $d->read()) { - if ($entry == '.' || $entry == '..') continue; + if ($entry == '.' || $entry == '..') { + continue; + } // 김선용 201007 : - if(is_dir(G5_DATA_PATH.'/file/'.$bo_table.'/'.$entry)){ + if (is_dir(G5_DATA_PATH.'/file/'.$bo_table.'/'.$entry)) { $dd = dir(G5_DATA_PATH.'/file/'.$bo_table.'/'.$entry); @mkdir(G5_DATA_PATH.'/file/'.$target_table.'/'.$entry, G5_DIR_PERMISSION); @chmod(G5_DATA_PATH.'/file/'.$target_table.'/'.$entry, G5_DIR_PERMISSION); while ($entry2 = $dd->read()) { - if ($entry2 == '.' || $entry2 == '..') continue; + if ($entry2 == '.' || $entry2 == '..') { + continue; + } @copy(G5_DATA_PATH.'/file/'.$bo_table.'/'.$entry.'/'.$entry2, G5_DATA_PATH.'/file/'.$target_table.'/'.$entry.'/'.$entry2); @chmod(G5_DATA_PATH.'/file/'.$target_table.'/'.$entry.'/'.$entry2, G5_DIR_PERMISSION); $copy_file++; } $dd->close(); - } - else { + } else { @copy(G5_DATA_PATH.'/file/'.$bo_table.'/'.$entry, G5_DATA_PATH.'/file/'.$target_table.'/'.$entry); @chmod(G5_DATA_PATH.'/file/'.$target_table.'/'.$entry, G5_DIR_PERMISSION); $copy_file++; @@ -185,13 +194,13 @@ if ($copy_case == 'schema_data_both') { // 위의 코드는 같은 테이블명을 사용하였다는 오류가 발생함. (희한하네 ㅡㅡ;) $sql = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' "; $result = sql_query($sql, false); - for ($i=0; $row=sql_fetch_array($result); $i++) + for ($i=0; $row=sql_fetch_array($result); $i++) { $file_copy[$i] = $row; + } } if (count($file_copy)) { for ($i=0; $i'', ); -for($i=0;$i<=10;$i++){ +for ($i = 0; $i <= 10; $i++) { $board_default['bo_'.$i.'_subj'] = ''; $board_default['bo_'.$i] = ''; } @@ -142,7 +143,6 @@ $readonly = ""; $sound_only = ""; $required_valid = ""; if ($w == '') { - $html_title .= ' 생성'; $required = 'required'; @@ -179,21 +179,20 @@ if ($w == '') { $board['bo_use_secret'] = 0; $board['bo_include_head'] = '_head.php'; $board['bo_include_tail'] = '_tail.php'; - -} else if ($w == 'u') { - +} elseif ($w == 'u') { $html_title .= ' 수정'; - if (!$board['bo_table']) + if (!$board['bo_table']) { alert('존재하지 않은 게시판 입니다.'); + } if ($is_admin == 'group') { - if ($member['mb_id'] != $group['gr_admin']) + if ($member['mb_id'] != $group['gr_admin']) { alert('그룹이 틀립니다.'); + } } $readonly = 'readonly'; - } if ($is_admin != 'super') { @@ -202,7 +201,7 @@ if ($is_admin != 'super') { } $g5['title'] = $html_title; -include_once ('./admin.head.php'); +include_once('./admin.head.php'); $pg_anchor = '