diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index e89c4468b..5636b1cae 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -4,8 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'w'); -$target_table = escape_trim($_POST['target_table']); -$target_subject = escape_trim($_POST['target_subject']); +$target_table = trim($_POST['target_table']); +$target_subject = trim($_POST['target_subject']); if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); @@ -61,7 +61,7 @@ $sql = " insert into {$g5['board_table']} bo_use_nogood = '{$board[bo_use_nogood]}', bo_use_signature = '{$board[bo_use_signature]}', bo_use_ip_view = '{$board[bo_use_ip_view]}', - bo_use_list_view = '{$board['o_use_list_view']}', + bo_use_list_view = '{$board['bo_use_list_view']}', bo_use_list_content = '{$board[bo_use_list_content]}', bo_table_width = '{$board[bo_table_width]}', bo_subject_len = '{$board[bo_subject_len]}', diff --git a/adm/board_list_update.php b/adm/board_list_update.php index 5754db411..0cf509bd7 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") { $k = $_POST['chk'][$i]; // include 전에 $bo_table 값을 반드시 넘겨야 함 - $tmp_bo_table = escape_trim($_POST['board_table'][$k]); + $tmp_bo_table = trim($_POST['board_table'][$k]); include ('./board_delete.inc.php'); } diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 18a40b548..50543e0d7 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w'); check_token(); -$mb_id = escape_trim($_POST['mb_id']); +$mb_id = trim($_POST['mb_id']); // 휴대폰번호 체크 $mb_hp = $_POST['mb_hp']; diff --git a/adm/shop_admin/orderlist.php b/adm/shop_admin/orderlist.php index 9878a9ec0..9c5665099 100644 --- a/adm/shop_admin/orderlist.php +++ b/adm/shop_admin/orderlist.php @@ -108,7 +108,7 @@ $sql = " select *, limit $from_record, $rows "; $result = sql_query($sql); -$qstr1 = "sel_field=$sel_field&search=$search&save_search=$search"; +$qstr1 = "od_status=$od_status&sel_field=$sel_field&search=$search&save_search=$search"; $qstr = "$qstr1&sort1=$sort1&sort2=$sort2&page=$page"; $listall = '전체목록'; diff --git a/adm/visit_search.php b/adm/visit_search.php index 1750956e2..fa01682f4 100644 --- a/adm/visit_search.php +++ b/adm/visit_search.php @@ -9,8 +9,8 @@ $g5['title'] = '접속자검색'; include_once('./admin.head.php'); include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php'); -$search_word = escape_trim($_GET['search_word']); -$search_sort = escape_trim($_GET['search_sort']); +$search_word = trim($_GET['search_word']); +$search_sort = trim($_GET['search_sort']); $colspan = 5; $qstr = 'search_word='.$search_word.'&search_sort='.$search_sort; //페이징 처리관련 변수 diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php index 2073c1f86..2222a86b3 100644 --- a/bbs/ajax.autosave.php +++ b/bbs/ajax.autosave.php @@ -3,9 +3,9 @@ include_once('./_common.php'); if (!$is_member) die('0'); -$uid = escape_trim($_REQUEST['uid']); -$subject = escape_trim(stripslashes($_REQUEST['subject'])); -$content = escape_trim(stripslashes($_REQUEST['content'])); +$uid = trim($_REQUEST['uid']); +$subject = trim(stripslashes($_REQUEST['subject'])); +$content = trim(stripslashes($_REQUEST['content'])); if ($subject && $content) { $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' "; diff --git a/bbs/ajax.mb_email.php b/bbs/ajax.mb_email.php index b6673ee51..6c50300cc 100644 --- a/bbs/ajax.mb_email.php +++ b/bbs/ajax.mb_email.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_email = escape_trim($_POST['reg_mb_email']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_email = trim($_POST['reg_mb_email']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_email($mb_email)) die($msg); if ($msg = valid_mb_email($mb_email)) die($msg); diff --git a/bbs/ajax.mb_hp.php b/bbs/ajax.mb_hp.php index 635bef022..5f4c9ffb6 100644 --- a/bbs/ajax.mb_hp.php +++ b/bbs/ajax.mb_hp.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_hp = escape_trim($_POST['reg_mb_hp']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_hp = trim($_POST['reg_mb_hp']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = valid_mb_hp($mb_hp)) die($msg); if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg); diff --git a/bbs/ajax.mb_id.php b/bbs/ajax.mb_id.php index 3e4025dbf..6b0badd06 100644 --- a/bbs/ajax.mb_id.php +++ b/bbs/ajax.mb_id.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_id($mb_id)) die($msg); if ($msg = valid_mb_id($mb_id)) die($msg); diff --git a/bbs/ajax.mb_nick.php b/bbs/ajax.mb_nick.php index b3757dfac..50a90f037 100644 --- a/bbs/ajax.mb_nick.php +++ b/bbs/ajax.mb_nick.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_nick = escape_trim($_POST['reg_mb_nick']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_nick = trim($_POST['reg_mb_nick']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_nick($mb_nick)) die($msg); if ($msg = valid_mb_nick($mb_nick)) die($msg); diff --git a/bbs/ajax.mb_recommend.php b/bbs/ajax.mb_recommend.php index f7e1062e4..c19470fa0 100644 --- a/bbs/ajax.mb_recommend.php +++ b/bbs/ajax.mb_recommend.php @@ -2,7 +2,7 @@ include_once("./_common.php"); include_once(G5_LIB_PATH."/register.lib.php"); -$mb_recommend = escape_trim($_POST["reg_mb_recommend"]); +$mb_recommend = trim($_POST["reg_mb_recommend"]); if ($msg = valid_mb_id($mb_recommend)) { die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요."); diff --git a/bbs/login_check.php b/bbs/login_check.php index 2e5ed57a3..4defcc399 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -3,10 +3,10 @@ include_once('./_common.php'); $g5['title'] = "로그인 검사"; -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); -if (!trim($mb_id) || !trim($mb_password)) +if (!$mb_id || !$mb_password) alert('회원아이디나 비밀번호가 공백이면 안됩니다.'); $mb = get_member($mb_id); diff --git a/bbs/newwin.inc.php b/bbs/newwin.inc.php index 0c0027516..b49290baa 100644 --- a/bbs/newwin.inc.php +++ b/bbs/newwin.inc.php @@ -23,8 +23,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++) ?> -
-
+
+
diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index f56927427..074e2bfd7 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -11,7 +11,7 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$email = escape_trim($_POST['mb_email']); +$email = trim($_POST['mb_email']); if (!$email) alert_close('메일주소 오류입니다.'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index c6fde25d5..c7fa45225 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -52,7 +52,7 @@ for ($i=1; $i<=5; $i++) { $var = "qa_$i"; $$var = ""; if (isset($_POST['qa_'.$i]) && $_POST['qa_'.$i]) { - $$var = escape_trim($_POST['qa_'.$i]); + $$var = trim($_POST['qa_'.$i]); } } diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 240fd0a26..7f59541e9 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,8 +3,8 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = escape_trim($_POST['mb_id']); -$mb_email = escape_trim($_POST['mb_email']); +$mb_id = trim($_POST['mb_id']); +$mb_email = trim($_POST['mb_email']); $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; $mb = sql_fetch($sql); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 31bda65a0..b593792cc 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -20,38 +20,38 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); -$mb_password_re = escape_trim($_POST['mb_password_re']); -$mb_name = escape_trim($_POST['mb_name']); -$mb_nick = escape_trim($_POST['mb_nick']); -$mb_email = escape_trim($_POST['mb_email']); -$mb_sex = isset($_POST['mb_sex']) ? escape_trim($_POST['mb_sex']) : ""; -$mb_birth = isset($_POST['mb_birth']) ? escape_trim($_POST['mb_birth']) : ""; -$mb_homepage = isset($_POST['mb_homepage']) ? escape_trim($_POST['mb_homepage']) : ""; -$mb_tel = isset($_POST['mb_tel']) ? escape_trim($_POST['mb_tel']) : ""; -$mb_hp = isset($_POST['mb_hp']) ? escape_trim($_POST['mb_hp']) : ""; -$mb_zip1 = isset($_POST['mb_zip1']) ? escape_trim($_POST['mb_zip1']) : ""; -$mb_zip2 = isset($_POST['mb_zip2']) ? escape_trim($_POST['mb_zip2']) : ""; -$mb_addr1 = isset($_POST['mb_addr1']) ? escape_trim($_POST['mb_addr1']) : ""; -$mb_addr2 = isset($_POST['mb_addr2']) ? escape_trim($_POST['mb_addr2']) : ""; -$mb_addr3 = isset($_POST['mb_addr3']) ? escape_trim($_POST['mb_addr3']) : ""; -$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? escape_trim($_POST['mb_addr_jibeon']) : ""; -$mb_signature = isset($_POST['mb_signature']) ? escape_trim($_POST['mb_signature']) : ""; -$mb_profile = isset($_POST['mb_profile']) ? escape_trim($_POST['mb_profile']) : ""; -$mb_recommend = isset($_POST['mb_recommend']) ? escape_trim($_POST['mb_recommend']) : ""; -$mb_mailling = isset($_POST['mb_mailling']) ? escape_trim($_POST['mb_mailling']) : ""; -$mb_sms = isset($_POST['mb_sms']) ? escape_trim($_POST['mb_sms']) : ""; -$mb_1 = isset($_POST['mb_1']) ? escape_trim($_POST['mb_1']) : ""; -$mb_2 = isset($_POST['mb_2']) ? escape_trim($_POST['mb_2']) : ""; -$mb_3 = isset($_POST['mb_3']) ? escape_trim($_POST['mb_3']) : ""; -$mb_4 = isset($_POST['mb_4']) ? escape_trim($_POST['mb_4']) : ""; -$mb_5 = isset($_POST['mb_5']) ? escape_trim($_POST['mb_5']) : ""; -$mb_6 = isset($_POST['mb_6']) ? escape_trim($_POST['mb_6']) : ""; -$mb_7 = isset($_POST['mb_7']) ? escape_trim($_POST['mb_7']) : ""; -$mb_8 = isset($_POST['mb_8']) ? escape_trim($_POST['mb_8']) : ""; -$mb_9 = isset($_POST['mb_9']) ? escape_trim($_POST['mb_9']) : ""; -$mb_10 = isset($_POST['mb_10']) ? escape_trim($_POST['mb_10']) : ""; +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); +$mb_password_re = trim($_POST['mb_password_re']); +$mb_name = trim($_POST['mb_name']); +$mb_nick = trim($_POST['mb_nick']); +$mb_email = trim($_POST['mb_email']); +$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : ""; +$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : ""; +$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : ""; +$mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : ""; +$mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : ""; +$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : ""; +$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : ""; +$mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : ""; +$mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : ""; +$mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : ""; +$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? trim($_POST['mb_addr_jibeon']) : ""; +$mb_signature = isset($_POST['mb_signature']) ? trim($_POST['mb_signature']) : ""; +$mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) : ""; +$mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : ""; +$mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : ""; +$mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : ""; +$mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : ""; +$mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : ""; +$mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : ""; +$mb_4 = isset($_POST['mb_4']) ? trim($_POST['mb_4']) : ""; +$mb_5 = isset($_POST['mb_5']) ? trim($_POST['mb_5']) : ""; +$mb_6 = isset($_POST['mb_6']) ? trim($_POST['mb_6']) : ""; +$mb_7 = isset($_POST['mb_7']) ? trim($_POST['mb_7']) : ""; +$mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8']) : ""; +$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : ""; +$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : ""; if ($w == '' || $w == 'u') { diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index e0698f75c..dccd1326f 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -1,8 +1,8 @@ 50) { @include_once($board_skin_path.'/write_comment_update.head.skin.php'); $w = $_POST["w"]; -$wr_name = escape_trim($_POST['wr_name']); +$wr_name = trim($_POST['wr_name']); $wr_email = ''; if (!empty($_POST['wr_email'])) - $wr_email = escape_trim($_POST['wr_email']); + $wr_email = trim($_POST['wr_email']); // 비회원의 경우 이름이 누락되는 경우가 있음 if ($is_guest) { diff --git a/bbs/write_update.php b/bbs/write_update.php index 0b71d3306..2caae2308 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -50,8 +50,8 @@ if (empty($_POST)) { } $w = $_POST['w']; -$wr_link1 = escape_trim(strip_tags($_POST['wr_link1'])); -$wr_link2 = escape_trim(strip_tags($_POST['wr_link2'])); +$wr_link1 = trim(strip_tags($_POST['wr_link1'])); +$wr_link2 = trim(strip_tags($_POST['wr_link2'])); $notice_array = explode(",", $board['bo_notice']); @@ -91,7 +91,7 @@ for ($i=1; $i<=10; $i++) { $var = "wr_$i"; $$var = ""; if (isset($_POST['wr_'.$i]) && $_POST['wr_'.$i]) { - $$var = escape_trim($_POST['wr_'.$i]); + $$var = trim($_POST['wr_'.$i]); } } @@ -291,7 +291,7 @@ if ($w == '' || $w == 'r') { } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = escape_trim($_POST['wr_name']); + $wr_name = trim($_POST['wr_name']); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); diff --git a/common.php b/common.php index a1c2fa1a1..7e2db059a 100644 --- a/common.php +++ b/common.php @@ -11,30 +11,6 @@ if (!defined('G5_SET_TIME_LIMIT')) define('G5_SET_TIME_LIMIT', 0); @set_time_limit(G5_SET_TIME_LIMIT); -//============================================================================== -// php.ini 의 magic_quotes_gpc 값이 Off 인 경우 addslashes() 적용 -// SQL Injection 등으로 부터 보호 -// http://kr.php.net/manual/en/function.get-magic-quotes-gpc.php#97783 -//------------------------------------------------------------------------------ -if (!get_magic_quotes_gpc()) { - $escape_function = 'addslashes($value)'; - $addslashes_deep = create_function('&$value, $fn', ' - if (is_string($value)) { - $value = ' . $escape_function . '; - } else if (is_array($value)) { - foreach ($value as &$v) $fn($v, $fn); - } - '); - - // Escape data - $addslashes_deep($_POST, $addslashes_deep); - $addslashes_deep($_GET, $addslashes_deep); - $addslashes_deep($_COOKIE, $addslashes_deep); - $addslashes_deep($_REQUEST, $addslashes_deep); -} -//============================================================================== - - //========================================================================================================================== // extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음 // 081029 : letsgolee 님께서 도움 주셨습니다. @@ -49,12 +25,6 @@ for ($i=0; $i<$ext_cnt; $i++) { } //========================================================================================================================== -// PHP 4.1.0 부터 지원됨 -// php.ini 의 register_globals=off 일 경우 -@extract($_GET); -@extract($_POST); -@extract($_SERVER); - // 완두콩님이 알려주신 보안관련 오류 수정 // $member 에 값을 직접 넘길 수 있음 $config = array(); @@ -97,6 +67,30 @@ if (file_exists($dbconfig_file)) { @mysql_query(" set names utf8 "); if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) @mysql_query("SET SESSION sql_mode = ''"); if (defined(G5_TIMEZONE)) @mysql_query(" set time_zone = '".G5_TIMEZONE."'"); + + //============================================================================== + // SQL Injection 등으로 부터 보호를 위해 mysql_real_escape_string() 적용 + //------------------------------------------------------------------------------ + // magic_quotes_gpc 에 의한 backslashes 제거 + if (get_magic_quotes_gpc()) { + $_POST = array_map_deep('stripslashes', $_POST); + $_GET = array_map_deep('stripslashes', $_GET); + $_COOKIE = array_map_deep('stripslashes', $_COOKIE); + $_REQUEST = array_map_deep('stripslashes', $_REQUEST); + } + + // mysql_real_escape_string 적용 + $_POST = array_map_deep('mysql_real_escape_string', $_POST); + $_GET = array_map_deep('mysql_real_escape_string', $_GET); + $_COOKIE = array_map_deep('mysql_real_escape_string', $_COOKIE); + $_REQUEST = array_map_deep('mysql_real_escape_string', $_REQUEST); + //============================================================================== + + // PHP 4.1.0 부터 지원됨 + // php.ini 의 register_globals=off 일 경우 + @extract($_GET); + @extract($_POST); + @extract($_SERVER); } else { ?> @@ -211,7 +205,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) $qstr = ''; if (isset($_REQUEST['sca'])) { - $sca = escape_trim($_REQUEST['sca']); + $sca = trim($_REQUEST['sca']); if ($sca) $qstr .= '&sca=' . urlencode($sca); } else { @@ -219,7 +213,7 @@ if (isset($_REQUEST['sca'])) { } if (isset($_REQUEST['sfl'])) { - $sfl = escape_trim($_REQUEST['sfl']); + $sfl = trim($_REQUEST['sfl']); $sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl); if ($sfl) $qstr .= '&sfl=' . urlencode($sfl); // search field (검색 필드) @@ -229,7 +223,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) - $stx = escape_trim($_REQUEST['stx']); + $stx = trim($_REQUEST['stx']); if ($stx) $qstr .= '&stx=' . urlencode($stx); } else { @@ -237,7 +231,7 @@ if (isset($_REQUEST['stx'])) { // search text (검색어) } if (isset($_REQUEST['sst'])) { - $sst = escape_trim($_REQUEST['sst']); + $sst = trim($_REQUEST['sst']); if ($sst) $qstr .= '&sst=' . urlencode($sst); // search sort (검색 정렬 필드) } else { @@ -289,7 +283,7 @@ if (isset($_REQUEST['wr_id'])) { } if (isset($_REQUEST['bo_table'])) { - $bo_table = escape_trim($_REQUEST['bo_table']); + $bo_table = trim($_REQUEST['bo_table']); $bo_table = substr($bo_table, 0, 20); } else { $bo_table = ''; @@ -297,7 +291,7 @@ if (isset($_REQUEST['bo_table'])) { // URL ENCODING if (isset($_REQUEST['url'])) { - $url = escape_trim($_REQUEST['url']); + $url = trim($_REQUEST['url']); $urlencode = urlencode($url); } else { $url = ''; @@ -309,7 +303,7 @@ if (isset($_REQUEST['url'])) { } if (isset($_REQUEST['gr_id'])) { - $gr_id = escape_trim($_REQUEST['gr_id']); + $gr_id = trim($_REQUEST['gr_id']); } else { $gr_id = ''; } diff --git a/css/admin.css b/css/admin.css index ce3a706fd..84b6b8252 100644 --- a/css/admin.css +++ b/css/admin.css @@ -145,7 +145,8 @@ h3 {margin:0 20px} .btn_submit {background:#ff3061;cursor:pointer} .btn_confirm .btn_submit {padding:0 15px;border:0;height:30px;color:#fff} -.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none;line-height:2.5em;vertical-align:middle} +.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none} +a.btn_cancel {line-height:2.5em;vertical-align:middle} .btn_frmline {display:inline-block;padding:0 7px;height:24px;border:0;background:#444;color:#fff !important;letter-spacing:-0.1em;text-decoration:none;vertical-align:middle;line-height:2em} /* 우편번호검색버튼 등 */ .btn_frmline:focus, .btn_frmline:hover, .btn_frmline:active {text-decoration:none} diff --git a/css/default.css b/css/default.css index f0d850038..a51a5b7fa 100644 --- a/css/default.css +++ b/css/default.css @@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #hd_pop {z-index:1000;position:relative;margin:0 auto;width:1000px;height:0} #hd_pop h2 {position:absolute;font-size:0;line-height:0;overflow:hidden} .hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} -.hd_pops_con {margin:0 0 30px} -.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} .hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} /* 상단 레이아웃 */ diff --git a/css/mobile.css b/css/mobile.css index d1c306147..0c89cd452 100644 --- a/css/mobile.css +++ b/css/mobile.css @@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #hd_pop {z-index:1000;position:relative;margin:0 auto;width:100%;height:1px} #hd_pop h2 {position:absolute;font-size:0;text-indent:-9999em;line-height:0;overflow:hidden} .hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} -.hd_pops_con {margin:0 0 30px} -.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} .hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} /* 상단 레이아웃 */ diff --git a/install/install_config.php b/install/install_config.php index 860460595..3e4ffe064 100644 --- a/install/install_config.php +++ b/install/install_config.php @@ -75,7 +75,7 @@ if (!isset($_POST['agree']) || $_POST['agree'] != '동의함') { - 설치 + 설치 diff --git a/js/kakao.link.js b/js/kakao.link.js new file mode 100644 index 000000000..872b6f296 --- /dev/null +++ b/js/kakao.link.js @@ -0,0 +1,95 @@ +/* + Copyright 2012 KAKAO + */ + +(function (window, undefined) { + var kakao = {}; + window.kakao = window.kakao || kakao; + + var uagent = navigator.userAgent.toLocaleLowerCase(); + if (uagent.search("android") > -1) { + kakao.os = "android"; + if (uagent.search("chrome") > -1) { + kakao.browser = "android+chrome"; + } + } else if (uagent.search("iphone") > -1 || uagent.search("ipod") > -1 || uagent.search("ipad") > -1) { + kakao.os = "ios"; + } + + var app = { + talk: { + base_url: "kakaolink://sendurl?", + apiver: "2.0.1", + store: { + android: "market://details?id=com.kakao.talk", + ios: "http://itunes.apple.com/app/id362057947" + }, + package: "com.kakao.talk" + }, + story: { + base_url: "storylink://posting?", + apiver: "1.0", + store: { + android: "market://details?id=com.kakao.story", + ios: "http://itunes.apple.com/app/id486244601" + }, + package: "com.kakao.story" + } + }; + + kakao.link = function (name) { + var link_app = app[name]; + if (!link_app) return { send: function () { + throw "No App exists"; + }}; + return { + send: function (params) { + var _app = this.app; + params['apiver'] = _app.apiver; + var full_url = _app.base_url + serialized(params); + + var install_block = (function (os) { + return function () { + window.location = _app.store[os]; + }; + })(this.os); + + if (this.os == "ios") { + var timer = setTimeout(install_block, 2 * 1000); + window.addEventListener('pagehide', clearTimer(timer)); + window.location = full_url; + } else if (this.os == "android") { + if (this.browser == "android+chrome") { + window.location = "intent:" + full_url + "#Intent;package=" + _app.package + ";end;"; + } else { + var iframe = document.createElement('iframe'); + iframe.style.display = 'none'; + iframe.src = full_url; + iframe.onload = install_block; + document.body.appendChild(iframe); + } + } + }, + app: link_app, + os: kakao.os, + browser: kakao.browser + }; + + function serialized(params) { + var stripped = []; + for (var k in params) { + if (params.hasOwnProperty(k)) { + stripped.push(k + "=" + encodeURIComponent(params[k])); + } + } + return stripped.join("&"); + } + + function clearTimer(timer) { + return function () { + clearTimeout(timer); + window.removeEventListener('pagehide', arguments.callee); + }; + } + }; +}(window)); diff --git a/lib/common.lib.php b/lib/common.lib.php index a05214d8b..a50f89b16 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -7,6 +7,24 @@ if (!defined('_GNUBOARD_')) exit; ** *************************************************************************/ +// multi-dimensional array에 사용자지정 함수적용 +function array_map_deep($fn, $array) +{ + if(is_array($array)) { + foreach($array as $key => $value) { + if(is_array($value)) { + $array[$key] = array_map_deep($fn, $value); + } else { + $array[$key] = call_user_func($fn, $value); + } + } + } else { + $array = call_user_func($fn, $array); + } + + return $array; +} + // 마이크로 타임을 얻어 계산 형식으로 만듦 function get_microtime() { @@ -1867,8 +1885,8 @@ function escape_trim($field) if ($field) { $str = mysql_real_escape_string(@trim($field)); - if(PHP_VERSION < '5.3.0') - $str = stripslashes($str); + //if(PHP_VERSION < '5.3.0') + // $str = stripslashes($str); return $str; } @@ -2302,10 +2320,11 @@ function https_url($dir, $https=true) // 게시판의 공지사항을 , 로 구분하여 업데이트 한다. function board_notice($bo_notice, $wr_id, $insert=false) { - if(strpos($bo_notice, strval($wr_id)) !== false) + $notice_array = explode(",", trim($bo_notice)); + + if($insert && in_array($wr_id, $notice_array)) return $bo_notice; - $notice_array = explode(",", trim($bo_notice)); $notice_array = array_merge(array($wr_id), $notice_array); $notice_array = array_unique($notice_array); foreach ($notice_array as $key=>$value) { diff --git a/lib/shop.lib.php b/lib/shop.lib.php index fbf99a017..d2f904887 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -1421,6 +1421,9 @@ function get_sns_share_link($sns, $url, $title, $img) case 'googleplus': $str = ''; break; + case 'kakaotalk': + $str = ''; + break; } return $str; @@ -1469,29 +1472,6 @@ function get_coupon_id() } -// array_map() 대체 -function array_add_callback($func, $array) -{ - if(!$func) { - return; - } - - if(is_array($array)) { - foreach($array as $key => $value) { - if(is_array($value)) { - $array[$key] = array_add_callback($func, $value); - } else { - $array[$key] = call_user_func($func, $value); - } - } - } else { - $array = call_user_func($func, $array); - } - - return $array; -} - - // 주문의 금액, 배송비 과세금액 등의 정보를 가져옴 function get_order_info($od_id) { diff --git a/mobile/newwin.inc.php b/mobile/newwin.inc.php index d028ebbab..84b79497e 100644 --- a/mobile/newwin.inc.php +++ b/mobile/newwin.inc.php @@ -23,8 +23,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++) ?> -
-
+
+
diff --git a/mobile/shop/item.php b/mobile/shop/item.php index ea57a2d87..b5015d75b 100644 --- a/mobile/shop/item.php +++ b/mobile/shop/item.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/iteminfo.lib.php'); -$it_id = escape_trim($_GET['it_id']); +$it_id = trim($_GET['it_id']); // 분류사용, 상품사용하는 상품의 정보를 얻음 $sql = " select a.*, diff --git a/mobile/shop/itemqaform.php b/mobile/shop/itemqaform.php index a49f9fec7..2a0275618 100644 --- a/mobile/shop/itemqaform.php +++ b/mobile/shop/itemqaform.php @@ -6,9 +6,9 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$iq_id = escape_trim($_REQUEST['iq_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$iq_id = trim($_REQUEST['iq_id']); $chk_secret = ''; diff --git a/mobile/shop/itemqalist.php b/mobile/shop/itemqalist.php index 219ceb182..00f01f867 100644 --- a/mobile/shop/itemqalist.php +++ b/mobile/shop/itemqalist.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '상품문의'; include_once(G5_MSHOP_PATH.'/_head.php'); diff --git a/mobile/shop/itemuseform.php b/mobile/shop/itemuseform.php index 295f22baa..5a77f01c5 100644 --- a/mobile/shop/itemuseform.php +++ b/mobile/shop/itemuseform.php @@ -6,9 +6,9 @@ if (!$is_member) { alert_close("사용후기는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$is_id = escape_trim($_REQUEST['is_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$is_id = trim($_REQUEST['is_id']); // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); diff --git a/mobile/shop/itemuselist.php b/mobile/shop/itemuselist.php index a66ce22a3..5cd6e5c38 100644 --- a/mobile/shop/itemuselist.php +++ b/mobile/shop/itemuselist.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '사용후기'; include_once(G5_MSHOP_PATH.'/_head.php'); diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php index 04df26e09..3786fd4ea 100644 --- a/mobile/shop/orderformupdate.php +++ b/mobile/shop/orderformupdate.php @@ -1,14 +1,6 @@ 마이페이지
  • 장바구니
  • 개인결제
    • +
  • FAQ
  • 1:1문의
  • 커뮤니티
    • diff --git a/mobile/skin/shop/basic/item.form.skin.php b/mobile/skin/shop/basic/item.form.skin.php index 5235dfb6b..b5d52edc6 100644 --- a/mobile/skin/shop/basic/item.form.skin.php +++ b/mobile/skin/shop/basic/item.form.skin.php @@ -7,6 +7,7 @@ add_stylesheet('', +
    @@ -64,6 +65,7 @@ add_stylesheet('', +
    @@ -364,52 +366,6 @@ $(function(){ }); }); -function content_swipe(direction) -{ - // 로딩 레이어 - load_message(); - - var next_href = ''; - var prev_href = ''; - var str; - - if(direction == "left") { - str = next_href; - } else { - str = prev_href; - } - - var href = str.match(/https?:\/{2}[^\"]+/gi); - - setTimeout(function() { - document.location.href = href[0]; - }, 500); -} - -function load_message() -{ - var w = $(window).width(); - var h = $(window).height(); - var img_w = 64; - var img_h = 64; - var top, left; - var scr_top = $(window).scrollTop(); - - if (/iP(hone|od|ad)/.test(navigator.platform)) { - if(window.innerHeight - $(window).outerHeight(true) > 0) - h += (window.innerHeight - $(window).outerHeight(true)); - } - - top = parseInt((h - img_h) / 2); - left = parseInt((w - img_w) / 2); - - var img = "
    "; - img += "/img/loading.gif\" style=\"top:"+top+"px;left:"+left+"px;\" />"; - img += "
    "; - - $("body").append(img); -} - // 상품보관 function item_wish(f, it_id) { @@ -502,4 +458,51 @@ function fitem_submit(f) return true; } + +// 카카오톡 링크 보내기 메세지 입력 +function kakaolink_message() +{ + var popup = "
    "; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += "
    "; + + $("form[name=fitem]").before(popup); +} + +function send_cancel() +{ + $("#kakao_message").remove(); +} + +// 카카오톡 링크 보내기 +function kakaolink_send(f) +{ + var msg = f.message.value; + if(!msg) { + alert("메세지를 입력해 주세요"); + return false; + } + + /* + msg, url, appid, appname은 실제 서비스에서 사용하는 정보로 업데이트되어야 합니다. + */ + kakao.link("talk").send({ + msg : msg, + url : "", + appid : "", + appver : "2.0", + appname : "", + type : "link" + }); + + $("#kakao_message").remove(); + + return false; + +} \ No newline at end of file diff --git a/shop/cartupdate.php b/shop/cartupdate.php index 0f3556001..4e9383508 100644 --- a/shop/cartupdate.php +++ b/shop/cartupdate.php @@ -160,7 +160,7 @@ else // 장바구니에 담기 and io_id = '$io_id' and io_type = '$io_type' and ct_stock_use = 0 - and ct_status in ('주문', '입금', '준비') "; + and ct_status = '쇼핑' "; $row = sql_fetch($sql); $sum_qty = $row['cnt']; @@ -173,7 +173,7 @@ else // 장바구니에 담기 if ($ct_qty + $sum_qty > $it_stock_qty) { - alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty) . " 개"); + alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty - $sum_qty) . " 개"); } } //-------------------------------------------------------- diff --git a/shop/item.php b/shop/item.php index f1850ab04..1d521f143 100644 --- a/shop/item.php +++ b/shop/item.php @@ -6,7 +6,7 @@ if (G5_IS_MOBILE) { return; } -$it_id = escape_trim($_GET['it_id']); +$it_id = trim($_GET['it_id']); include_once(G5_LIB_PATH.'/iteminfo.lib.php'); diff --git a/shop/itemqaform.php b/shop/itemqaform.php index c1855ec7b..67a969db9 100644 --- a/shop/itemqaform.php +++ b/shop/itemqaform.php @@ -12,9 +12,9 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$iq_id = escape_trim($_REQUEST['iq_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$iq_id = trim($_REQUEST['iq_id']); $chk_secret = ''; diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index 150747724..85249ffe1 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -5,11 +5,11 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성이 가능합니다."); } -$iq_id = escape_trim($_REQUEST['iq_id']); -$iq_subject = escape_trim($_POST['iq_subject']); -$iq_question = escape_trim(stripslashes($_POST['iq_question'])); -$iq_answer = escape_trim(stripslashes($_POST['iq_answer'])); -$hash = escape_trim($_REQUEST['hash']); +$iq_id = trim($_REQUEST['iq_id']); +$iq_subject = trim($_POST['iq_subject']); +$iq_question = trim(stripslashes($_POST['iq_question'])); +$iq_answer = trim(stripslashes($_POST['iq_answer'])); +$hash = trim($_REQUEST['hash']); if ($w == "" || $w == "u") { $iq_name = $member['mb_name']; diff --git a/shop/itemqalist.php b/shop/itemqalist.php index 8f01bcd64..2f549c98c 100644 --- a/shop/itemqalist.php +++ b/shop/itemqalist.php @@ -8,8 +8,8 @@ if (G5_IS_MOBILE) { include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '상품문의'; include_once('./_head.php'); diff --git a/shop/itemuseform.php b/shop/itemuseform.php index 5bee27b78..d47f7b0d0 100644 --- a/shop/itemuseform.php +++ b/shop/itemuseform.php @@ -12,9 +12,9 @@ if (!$is_member) { alert_close("사용후기는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$is_id = escape_trim($_REQUEST['is_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$is_id = trim($_REQUEST['is_id']); // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 381384edf..0686fe4d1 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -8,11 +8,11 @@ if (!$is_member) { // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); -$it_id = escape_trim($_REQUEST['it_id']); -$is_subject = escape_trim($_POST['is_subject']); -$is_content = escape_trim($_POST['is_content']); -$is_name = escape_trim($_POST['is_name']); -$is_password = escape_trim($_POST['is_password']); +$it_id = trim($_REQUEST['it_id']); +$is_subject = trim($_POST['is_subject']); +$is_content = trim($_POST['is_content']); +$is_name = trim($_POST['is_name']); +$is_password = trim($_POST['is_password']); $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score']; if ($w == "" || $w == "u") { diff --git a/shop/itemuselist.php b/shop/itemuselist.php index 729bf0435..eacbc2086 100644 --- a/shop/itemuselist.php +++ b/shop/itemuselist.php @@ -8,8 +8,8 @@ if (G5_IS_MOBILE) { include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '사용후기'; include_once('./_head.php'); diff --git a/shop/orderformupdate.php b/shop/orderformupdate.php index f11c8fb40..f29a2d6e8 100644 --- a/shop/orderformupdate.php +++ b/shop/orderformupdate.php @@ -1,15 +1,6 @@ 로그인
  • 마이페이지
    • +
  • FAQ
  • 1:1문의
  • 개인결제
  • 사용후기