From a7604e02c4f9036069d44814542445c9a2a04f09 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 19 Feb 2014 08:58:45 +0900 Subject: [PATCH 01/14] =?UTF-8?q?mysql=5Freal=5Fescape=5Fstring=20?= =?UTF-8?q?=ED=95=A8=EC=88=98=20=EC=A0=81=EC=9A=A9=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 54 +++++++++++++++++++++------------------------- lib/common.lib.php | 18 ++++++++++++++++ 2 files changed, 42 insertions(+), 30 deletions(-) diff --git a/common.php b/common.php index a1c2fa1a1..3f8a74a56 100644 --- a/common.php +++ b/common.php @@ -11,30 +11,6 @@ if (!defined('G5_SET_TIME_LIMIT')) define('G5_SET_TIME_LIMIT', 0); @set_time_limit(G5_SET_TIME_LIMIT); -//============================================================================== -// php.ini 의 magic_quotes_gpc 값이 Off 인 경우 addslashes() 적용 -// SQL Injection 등으로 부터 보호 -// http://kr.php.net/manual/en/function.get-magic-quotes-gpc.php#97783 -//------------------------------------------------------------------------------ -if (!get_magic_quotes_gpc()) { - $escape_function = 'addslashes($value)'; - $addslashes_deep = create_function('&$value, $fn', ' - if (is_string($value)) { - $value = ' . $escape_function . '; - } else if (is_array($value)) { - foreach ($value as &$v) $fn($v, $fn); - } - '); - - // Escape data - $addslashes_deep($_POST, $addslashes_deep); - $addslashes_deep($_GET, $addslashes_deep); - $addslashes_deep($_COOKIE, $addslashes_deep); - $addslashes_deep($_REQUEST, $addslashes_deep); -} -//============================================================================== - - //========================================================================================================================== // extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음 // 081029 : letsgolee 님께서 도움 주셨습니다. @@ -49,12 +25,6 @@ for ($i=0; $i<$ext_cnt; $i++) { } //========================================================================================================================== -// PHP 4.1.0 부터 지원됨 -// php.ini 의 register_globals=off 일 경우 -@extract($_GET); -@extract($_POST); -@extract($_SERVER); - // 완두콩님이 알려주신 보안관련 오류 수정 // $member 에 값을 직접 넘길 수 있음 $config = array(); @@ -97,6 +67,30 @@ if (file_exists($dbconfig_file)) { @mysql_query(" set names utf8 "); if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) @mysql_query("SET SESSION sql_mode = ''"); if (defined(G5_TIMEZONE)) @mysql_query(" set time_zone = '".G5_TIMEZONE."'"); + + //============================================================================== + // SQL Injection 등으로 부터 보호를 위해 mysql_real_escape_string() 적용 + //------------------------------------------------------------------------------ + // magic_quotes_gpc 에 의한 backslashes 제거 + if (get_magic_quotes_gpc()) { + $_POST = array_map_deep('stripslashes', $_POST); + $_GET = array_map_deep('stripslashes', $_GET); + $_COOKIE = array_map_deep('stripslashes', $_COOKIE); + $_REQUEST = array_map_deep('stripslashes', $_REQUEST); + } + + // mysql_real_escape_string 적용 + $_POST = array_map_deep('mysql_real_escape_string', $_POST); + $_GET = array_map_deep('mysql_real_escape_string', $_GET); + $_COOKIE = array_map_deep('mysql_real_escape_string', $_COOKIE); + $_REQUEST = array_map_deep('mysql_real_escape_string', $_REQUEST); + //============================================================================== + + // PHP 4.1.0 부터 지원됨 + // php.ini 의 register_globals=off 일 경우 + @extract($_GET); + @extract($_POST); + @extract($_SERVER); } else { ?> diff --git a/lib/common.lib.php b/lib/common.lib.php index e22a53413..8f70a6a34 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -7,6 +7,24 @@ if (!defined('_GNUBOARD_')) exit; ** *************************************************************************/ +// multi-dimensional array에 사용자지정 함수적용 +function array_map_deep($fn, $array) +{ + if(is_array($array)) { + foreach($array as $key => $value) { + if(is_array($value)) { + $array[$key] = array_map_deep($fn, $value); + } else { + $array[$key] = call_user_func($fn, $value); + } + } + } else { + $array = call_user_func($fn, $array); + } + + return $array; +} + // 마이크로 타임을 얻어 계산 형식으로 만듦 function get_microtime() { From 95d697a99aecaa4498a17ae010e3fa643dc94a57 Mon Sep 17 00:00:00 2001 From: chicpro Date: Wed, 19 Feb 2014 08:59:18 +0900 Subject: [PATCH 02/14] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=EA=B8=80=20=EC=88=98?= =?UTF-8?q?=EC=A0=95=20=EC=8B=9C=20=EA=B3=B5=EC=A7=80=EC=B2=B4=ED=81=AC=20?= =?UTF-8?q?=ED=95=B4=EC=A0=9C=EB=90=98=EC=A7=80=20=EC=95=8A=EB=8A=94=20?= =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common.lib.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/common.lib.php b/lib/common.lib.php index 8f70a6a34..624017d40 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2320,10 +2320,11 @@ function https_url($dir, $https=true) // 게시판의 공지사항을 , 로 구분하여 업데이트 한다. function board_notice($bo_notice, $wr_id, $insert=false) { - if(strpos($bo_notice, strval($wr_id)) !== false) + $notice_array = explode(",", trim($bo_notice)); + + if($insert && in_array($wr_id, $notice_array)) return $bo_notice; - $notice_array = explode(",", trim($bo_notice)); $notice_array = array_merge(array($wr_id), $notice_array); $notice_array = array_unique($notice_array); foreach ($notice_array as $key=>$value) { From 847df782b51cce653c3a87a6789b81923737eeb0 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 20 Feb 2014 08:52:29 +0900 Subject: [PATCH 03/14] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EB=B3=B5?= =?UTF-8?q?=EC=82=AC=20=EC=98=A4=ED=83=80=20=EC=88=98=EC=A0=95=20-=20?= =?UTF-8?q?=EC=B0=B8=EC=97=86=EB=8B=A4=EB=8B=98=20=EB=B3=B4=EA=B3=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index e89c4468b..9537ed786 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -61,7 +61,7 @@ $sql = " insert into {$g5['board_table']} bo_use_nogood = '{$board[bo_use_nogood]}', bo_use_signature = '{$board[bo_use_signature]}', bo_use_ip_view = '{$board[bo_use_ip_view]}', - bo_use_list_view = '{$board['o_use_list_view']}', + bo_use_list_view = '{$board['bo_use_list_view']}', bo_use_list_content = '{$board[bo_use_list_content]}', bo_table_width = '{$board[bo_table_width]}', bo_subject_len = '{$board[bo_subject_len]}', From aa66a8757991e3cda0f2e1b25c904aed7e52325c Mon Sep 17 00:00:00 2001 From: whitedot Date: Thu, 20 Feb 2014 09:45:37 +0900 Subject: [PATCH 04/14] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90:=20btn=5Fcanc?= =?UTF-8?q?el=20=EC=8A=A4=ED=83=80=EC=9D=BC=20a=20=EB=B6=84=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/admin.css | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/css/admin.css b/css/admin.css index ede367374..3b42d12a9 100644 --- a/css/admin.css +++ b/css/admin.css @@ -135,7 +135,8 @@ h2.h2_frm {padding-top:15px} .btn_submit {background:#ff3061;cursor:pointer} .btn_confirm .btn_submit {padding:0 15px;border:0;height:30px;color:#fff} -.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none;line-height:2.5em;vertical-align:middle} +.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none} +a.btn_cancel {line-height:2.5em;vertical-align:middle} .btn_frmline {display:inline-block;padding:0 7px;height:24px;border:0;background:#444;color:#fff !important;letter-spacing:-0.1em;text-decoration:none;vertical-align:middle;line-height:2em} /* 우편번호검색버튼 등 */ .btn_frmline:focus, .btn_frmline:hover, .btn_frmline:active {text-decoration:none} From 7bd383b7cf9d64bcd513674536542eb976430b2b Mon Sep 17 00:00:00 2001 From: whitedot Date: Thu, 20 Feb 2014 10:14:41 +0900 Subject: [PATCH 05/14] =?UTF-8?q?=EA=B3=B5=ED=86=B5:=20=ED=8C=9D=EC=97=85?= =?UTF-8?q?=EB=A0=88=EC=9D=B4=EC=96=B4=20=EC=9E=85=EB=A0=A5=EB=90=9C=20?= =?UTF-8?q?=EB=82=B4=EC=9A=A9=EC=9D=B4=20=EC=84=A4=EC=A0=95=EB=90=9C=20?= =?UTF-8?q?=EB=86=92=EC=9D=B4=EB=B3=B4=EB=8B=A4=20=EA=B8=B8=20=EB=95=8C=20?= =?UTF-8?q?=EB=8B=AB=EA=B8=B0=20=EB=B2=84=ED=8A=BC=20=EA=B0=80=EB=A0=A4?= =?UTF-8?q?=EC=A7=80=EB=8A=94=20=ED=98=84=EC=83=81=20=EC=88=98=EC=A0=95,?= =?UTF-8?q?=20=EC=B0=B8=EC=97=86=EB=8B=A4(uyong)=EB=8B=98=20=EC=A0=9C?= =?UTF-8?q?=EB=B3=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/newwin.inc.php | 4 ++-- css/default.css | 4 ++-- css/mobile.css | 4 ++-- mobile/newwin.inc.php | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bbs/newwin.inc.php b/bbs/newwin.inc.php index 176638c70..139fbfa17 100644 --- a/bbs/newwin.inc.php +++ b/bbs/newwin.inc.php @@ -17,8 +17,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++) ?> -
-
+
+
diff --git a/css/default.css b/css/default.css index 20618c8ec..938c3a203 100644 --- a/css/default.css +++ b/css/default.css @@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #hd_pop {z-index:1000;position:relative;margin:0 auto;width:1000px;height:0} #hd_pop h2 {position:absolute;font-size:0;line-height:0;overflow:hidden} .hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} -.hd_pops_con {margin:0 0 30px} -.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} .hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} /* 상단 레이아웃 */ diff --git a/css/mobile.css b/css/mobile.css index 5d8f18744..975ed6ca9 100644 --- a/css/mobile.css +++ b/css/mobile.css @@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline} #hd_pop {z-index:1000;position:relative;margin:0 auto;width:100%;height:1px} #hd_pop h2 {position:absolute;font-size:0;text-indent:-9999em;line-height:0;overflow:hidden} .hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff} -.hd_pops_con {margin:0 0 30px} -.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right} +.hd_pops_con {} +.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right} .hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff} /* 상단 레이아웃 */ diff --git a/mobile/newwin.inc.php b/mobile/newwin.inc.php index 1f2af0357..78c27d878 100644 --- a/mobile/newwin.inc.php +++ b/mobile/newwin.inc.php @@ -17,8 +17,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++) ?> -
-
+
+
From c5e056463c3ef40f337124d1ba8008d12808abc1 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 20 Feb 2014 11:07:28 +0900 Subject: [PATCH 06/14] =?UTF-8?q?=EC=9E=A5=EB=B0=94=EA=B5=AC=EB=8B=88=20?= =?UTF-8?q?=EB=8B=B4=EA=B8=B0=EB=95=8C=20=EC=9E=AC=EA=B3=A0=EC=88=98?= =?UTF-8?q?=EB=9F=89=20=EC=B2=B4=ED=81=AC=20=EC=BD=94=EB=93=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/cartupdate.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shop/cartupdate.php b/shop/cartupdate.php index 0f3556001..4e9383508 100644 --- a/shop/cartupdate.php +++ b/shop/cartupdate.php @@ -160,7 +160,7 @@ else // 장바구니에 담기 and io_id = '$io_id' and io_type = '$io_type' and ct_stock_use = 0 - and ct_status in ('주문', '입금', '준비') "; + and ct_status = '쇼핑' "; $row = sql_fetch($sql); $sum_qty = $row['cnt']; @@ -173,7 +173,7 @@ else // 장바구니에 담기 if ($ct_qty + $sum_qty > $it_stock_qty) { - alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty) . " 개"); + alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty - $sum_qty) . " 개"); } } //-------------------------------------------------------- From bc1cfad1c21f1109fc8f4ebe4c2b37292fb5ca64 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 20 Feb 2014 11:29:19 +0900 Subject: [PATCH 07/14] =?UTF-8?q?post=20=EB=93=B1=EC=97=90=20mysql=5Freal?= =?UTF-8?q?=5Fescape=5Fstring=20=EC=A0=81=EC=9A=A9=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy_update.php | 4 +-- adm/board_list_update.php | 2 +- adm/member_form_update.php | 2 +- adm/visit_search.php | 4 +-- bbs/ajax.autosave.php | 6 ++-- bbs/ajax.mb_email.php | 4 +-- bbs/ajax.mb_hp.php | 4 +-- bbs/ajax.mb_id.php | 2 +- bbs/ajax.mb_nick.php | 4 +-- bbs/ajax.mb_recommend.php | 2 +- bbs/login_check.php | 6 ++-- bbs/password_lost2.php | 2 +- bbs/qawrite_update.php | 2 +- bbs/register_email_update.php | 4 +-- bbs/register_form_update.php | 64 +++++++++++++++++------------------ bbs/visit_insert.inc.php | 10 +++--- bbs/write_comment_update.php | 4 +-- bbs/write_update.php | 8 ++--- common.php | 14 ++++---- lib/common.lib.php | 4 +-- 20 files changed, 76 insertions(+), 76 deletions(-) diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index 9537ed786..5636b1cae 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -4,8 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'w'); -$target_table = escape_trim($_POST['target_table']); -$target_subject = escape_trim($_POST['target_subject']); +$target_table = trim($_POST['target_table']); +$target_subject = trim($_POST['target_subject']); if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); diff --git a/adm/board_list_update.php b/adm/board_list_update.php index 5754db411..0cf509bd7 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") { $k = $_POST['chk'][$i]; // include 전에 $bo_table 값을 반드시 넘겨야 함 - $tmp_bo_table = escape_trim($_POST['board_table'][$k]); + $tmp_bo_table = trim($_POST['board_table'][$k]); include ('./board_delete.inc.php'); } diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 18a40b548..50543e0d7 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w'); check_token(); -$mb_id = escape_trim($_POST['mb_id']); +$mb_id = trim($_POST['mb_id']); // 휴대폰번호 체크 $mb_hp = $_POST['mb_hp']; diff --git a/adm/visit_search.php b/adm/visit_search.php index 1750956e2..fa01682f4 100644 --- a/adm/visit_search.php +++ b/adm/visit_search.php @@ -9,8 +9,8 @@ $g5['title'] = '접속자검색'; include_once('./admin.head.php'); include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php'); -$search_word = escape_trim($_GET['search_word']); -$search_sort = escape_trim($_GET['search_sort']); +$search_word = trim($_GET['search_word']); +$search_sort = trim($_GET['search_sort']); $colspan = 5; $qstr = 'search_word='.$search_word.'&search_sort='.$search_sort; //페이징 처리관련 변수 diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php index 2073c1f86..2222a86b3 100644 --- a/bbs/ajax.autosave.php +++ b/bbs/ajax.autosave.php @@ -3,9 +3,9 @@ include_once('./_common.php'); if (!$is_member) die('0'); -$uid = escape_trim($_REQUEST['uid']); -$subject = escape_trim(stripslashes($_REQUEST['subject'])); -$content = escape_trim(stripslashes($_REQUEST['content'])); +$uid = trim($_REQUEST['uid']); +$subject = trim(stripslashes($_REQUEST['subject'])); +$content = trim(stripslashes($_REQUEST['content'])); if ($subject && $content) { $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' "; diff --git a/bbs/ajax.mb_email.php b/bbs/ajax.mb_email.php index b6673ee51..6c50300cc 100644 --- a/bbs/ajax.mb_email.php +++ b/bbs/ajax.mb_email.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_email = escape_trim($_POST['reg_mb_email']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_email = trim($_POST['reg_mb_email']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_email($mb_email)) die($msg); if ($msg = valid_mb_email($mb_email)) die($msg); diff --git a/bbs/ajax.mb_hp.php b/bbs/ajax.mb_hp.php index 635bef022..5f4c9ffb6 100644 --- a/bbs/ajax.mb_hp.php +++ b/bbs/ajax.mb_hp.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_hp = escape_trim($_POST['reg_mb_hp']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_hp = trim($_POST['reg_mb_hp']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = valid_mb_hp($mb_hp)) die($msg); if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg); diff --git a/bbs/ajax.mb_id.php b/bbs/ajax.mb_id.php index 3e4025dbf..6b0badd06 100644 --- a/bbs/ajax.mb_id.php +++ b/bbs/ajax.mb_id.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_id($mb_id)) die($msg); if ($msg = valid_mb_id($mb_id)) die($msg); diff --git a/bbs/ajax.mb_nick.php b/bbs/ajax.mb_nick.php index b3757dfac..50a90f037 100644 --- a/bbs/ajax.mb_nick.php +++ b/bbs/ajax.mb_nick.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_nick = escape_trim($_POST['reg_mb_nick']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_nick = trim($_POST['reg_mb_nick']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_nick($mb_nick)) die($msg); if ($msg = valid_mb_nick($mb_nick)) die($msg); diff --git a/bbs/ajax.mb_recommend.php b/bbs/ajax.mb_recommend.php index f7e1062e4..c19470fa0 100644 --- a/bbs/ajax.mb_recommend.php +++ b/bbs/ajax.mb_recommend.php @@ -2,7 +2,7 @@ include_once("./_common.php"); include_once(G5_LIB_PATH."/register.lib.php"); -$mb_recommend = escape_trim($_POST["reg_mb_recommend"]); +$mb_recommend = trim($_POST["reg_mb_recommend"]); if ($msg = valid_mb_id($mb_recommend)) { die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요."); diff --git a/bbs/login_check.php b/bbs/login_check.php index 2e5ed57a3..4defcc399 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -3,10 +3,10 @@ include_once('./_common.php'); $g5['title'] = "로그인 검사"; -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); -if (!trim($mb_id) || !trim($mb_password)) +if (!$mb_id || !$mb_password) alert('회원아이디나 비밀번호가 공백이면 안됩니다.'); $mb = get_member($mb_id); diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index f56927427..074e2bfd7 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -11,7 +11,7 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$email = escape_trim($_POST['mb_email']); +$email = trim($_POST['mb_email']); if (!$email) alert_close('메일주소 오류입니다.'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index c6fde25d5..c7fa45225 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -52,7 +52,7 @@ for ($i=1; $i<=5; $i++) { $var = "qa_$i"; $$var = ""; if (isset($_POST['qa_'.$i]) && $_POST['qa_'.$i]) { - $$var = escape_trim($_POST['qa_'.$i]); + $$var = trim($_POST['qa_'.$i]); } } diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 240fd0a26..7f59541e9 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,8 +3,8 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = escape_trim($_POST['mb_id']); -$mb_email = escape_trim($_POST['mb_email']); +$mb_id = trim($_POST['mb_id']); +$mb_email = trim($_POST['mb_email']); $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; $mb = sql_fetch($sql); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 31bda65a0..b593792cc 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -20,38 +20,38 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); -$mb_password_re = escape_trim($_POST['mb_password_re']); -$mb_name = escape_trim($_POST['mb_name']); -$mb_nick = escape_trim($_POST['mb_nick']); -$mb_email = escape_trim($_POST['mb_email']); -$mb_sex = isset($_POST['mb_sex']) ? escape_trim($_POST['mb_sex']) : ""; -$mb_birth = isset($_POST['mb_birth']) ? escape_trim($_POST['mb_birth']) : ""; -$mb_homepage = isset($_POST['mb_homepage']) ? escape_trim($_POST['mb_homepage']) : ""; -$mb_tel = isset($_POST['mb_tel']) ? escape_trim($_POST['mb_tel']) : ""; -$mb_hp = isset($_POST['mb_hp']) ? escape_trim($_POST['mb_hp']) : ""; -$mb_zip1 = isset($_POST['mb_zip1']) ? escape_trim($_POST['mb_zip1']) : ""; -$mb_zip2 = isset($_POST['mb_zip2']) ? escape_trim($_POST['mb_zip2']) : ""; -$mb_addr1 = isset($_POST['mb_addr1']) ? escape_trim($_POST['mb_addr1']) : ""; -$mb_addr2 = isset($_POST['mb_addr2']) ? escape_trim($_POST['mb_addr2']) : ""; -$mb_addr3 = isset($_POST['mb_addr3']) ? escape_trim($_POST['mb_addr3']) : ""; -$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? escape_trim($_POST['mb_addr_jibeon']) : ""; -$mb_signature = isset($_POST['mb_signature']) ? escape_trim($_POST['mb_signature']) : ""; -$mb_profile = isset($_POST['mb_profile']) ? escape_trim($_POST['mb_profile']) : ""; -$mb_recommend = isset($_POST['mb_recommend']) ? escape_trim($_POST['mb_recommend']) : ""; -$mb_mailling = isset($_POST['mb_mailling']) ? escape_trim($_POST['mb_mailling']) : ""; -$mb_sms = isset($_POST['mb_sms']) ? escape_trim($_POST['mb_sms']) : ""; -$mb_1 = isset($_POST['mb_1']) ? escape_trim($_POST['mb_1']) : ""; -$mb_2 = isset($_POST['mb_2']) ? escape_trim($_POST['mb_2']) : ""; -$mb_3 = isset($_POST['mb_3']) ? escape_trim($_POST['mb_3']) : ""; -$mb_4 = isset($_POST['mb_4']) ? escape_trim($_POST['mb_4']) : ""; -$mb_5 = isset($_POST['mb_5']) ? escape_trim($_POST['mb_5']) : ""; -$mb_6 = isset($_POST['mb_6']) ? escape_trim($_POST['mb_6']) : ""; -$mb_7 = isset($_POST['mb_7']) ? escape_trim($_POST['mb_7']) : ""; -$mb_8 = isset($_POST['mb_8']) ? escape_trim($_POST['mb_8']) : ""; -$mb_9 = isset($_POST['mb_9']) ? escape_trim($_POST['mb_9']) : ""; -$mb_10 = isset($_POST['mb_10']) ? escape_trim($_POST['mb_10']) : ""; +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); +$mb_password_re = trim($_POST['mb_password_re']); +$mb_name = trim($_POST['mb_name']); +$mb_nick = trim($_POST['mb_nick']); +$mb_email = trim($_POST['mb_email']); +$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : ""; +$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : ""; +$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : ""; +$mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : ""; +$mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : ""; +$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : ""; +$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : ""; +$mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : ""; +$mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : ""; +$mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : ""; +$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? trim($_POST['mb_addr_jibeon']) : ""; +$mb_signature = isset($_POST['mb_signature']) ? trim($_POST['mb_signature']) : ""; +$mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) : ""; +$mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : ""; +$mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : ""; +$mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : ""; +$mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : ""; +$mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : ""; +$mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : ""; +$mb_4 = isset($_POST['mb_4']) ? trim($_POST['mb_4']) : ""; +$mb_5 = isset($_POST['mb_5']) ? trim($_POST['mb_5']) : ""; +$mb_6 = isset($_POST['mb_6']) ? trim($_POST['mb_6']) : ""; +$mb_7 = isset($_POST['mb_7']) ? trim($_POST['mb_7']) : ""; +$mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8']) : ""; +$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : ""; +$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : ""; if ($w == '' || $w == 'u') { diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index e0698f75c..dccd1326f 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -1,8 +1,8 @@ 50) { @include_once($board_skin_path.'/write_comment_update.head.skin.php'); $w = $_POST["w"]; -$wr_name = escape_trim($_POST['wr_name']); +$wr_name = trim($_POST['wr_name']); $wr_email = ''; if (!empty($_POST['wr_email'])) - $wr_email = escape_trim($_POST['wr_email']); + $wr_email = trim($_POST['wr_email']); // 비회원의 경우 이름이 누락되는 경우가 있음 if ($is_guest) { diff --git a/bbs/write_update.php b/bbs/write_update.php index 0b71d3306..2caae2308 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -50,8 +50,8 @@ if (empty($_POST)) { } $w = $_POST['w']; -$wr_link1 = escape_trim(strip_tags($_POST['wr_link1'])); -$wr_link2 = escape_trim(strip_tags($_POST['wr_link2'])); +$wr_link1 = trim(strip_tags($_POST['wr_link1'])); +$wr_link2 = trim(strip_tags($_POST['wr_link2'])); $notice_array = explode(",", $board['bo_notice']); @@ -91,7 +91,7 @@ for ($i=1; $i<=10; $i++) { $var = "wr_$i"; $$var = ""; if (isset($_POST['wr_'.$i]) && $_POST['wr_'.$i]) { - $$var = escape_trim($_POST['wr_'.$i]); + $$var = trim($_POST['wr_'.$i]); } } @@ -291,7 +291,7 @@ if ($w == '' || $w == 'r') { } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = escape_trim($_POST['wr_name']); + $wr_name = trim($_POST['wr_name']); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); diff --git a/common.php b/common.php index 3f8a74a56..7e2db059a 100644 --- a/common.php +++ b/common.php @@ -205,7 +205,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) $qstr = ''; if (isset($_REQUEST['sca'])) { - $sca = escape_trim($_REQUEST['sca']); + $sca = trim($_REQUEST['sca']); if ($sca) $qstr .= '&sca=' . urlencode($sca); } else { @@ -213,7 +213,7 @@ if (isset($_REQUEST['sca'])) { } if (isset($_REQUEST['sfl'])) { - $sfl = escape_trim($_REQUEST['sfl']); + $sfl = trim($_REQUEST['sfl']); $sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl); if ($sfl) $qstr .= '&sfl=' . urlencode($sfl); // search field (검색 필드) @@ -223,7 +223,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) - $stx = escape_trim($_REQUEST['stx']); + $stx = trim($_REQUEST['stx']); if ($stx) $qstr .= '&stx=' . urlencode($stx); } else { @@ -231,7 +231,7 @@ if (isset($_REQUEST['stx'])) { // search text (검색어) } if (isset($_REQUEST['sst'])) { - $sst = escape_trim($_REQUEST['sst']); + $sst = trim($_REQUEST['sst']); if ($sst) $qstr .= '&sst=' . urlencode($sst); // search sort (검색 정렬 필드) } else { @@ -283,7 +283,7 @@ if (isset($_REQUEST['wr_id'])) { } if (isset($_REQUEST['bo_table'])) { - $bo_table = escape_trim($_REQUEST['bo_table']); + $bo_table = trim($_REQUEST['bo_table']); $bo_table = substr($bo_table, 0, 20); } else { $bo_table = ''; @@ -291,7 +291,7 @@ if (isset($_REQUEST['bo_table'])) { // URL ENCODING if (isset($_REQUEST['url'])) { - $url = escape_trim($_REQUEST['url']); + $url = trim($_REQUEST['url']); $urlencode = urlencode($url); } else { $url = ''; @@ -303,7 +303,7 @@ if (isset($_REQUEST['url'])) { } if (isset($_REQUEST['gr_id'])) { - $gr_id = escape_trim($_REQUEST['gr_id']); + $gr_id = trim($_REQUEST['gr_id']); } else { $gr_id = ''; } diff --git a/lib/common.lib.php b/lib/common.lib.php index 624017d40..de725408f 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1885,8 +1885,8 @@ function escape_trim($field) if ($field) { $str = mysql_real_escape_string(@trim($field)); - if(PHP_VERSION < '5.3.0') - $str = stripslashes($str); + //if(PHP_VERSION < '5.3.0') + // $str = stripslashes($str); return $str; } From ebddad121e3124eb11a68cfd760e5b6cd33ae7fc Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 20 Feb 2014 11:37:26 +0900 Subject: [PATCH 08/14] =?UTF-8?q?post=20=EB=93=B1=EC=97=90=20mysql=5Freal?= =?UTF-8?q?=5Fescape=5Fstring=20=EC=A0=81=EC=9A=A9=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/item.php | 2 +- mobile/shop/itemqaform.php | 6 +++--- mobile/shop/itemqalist.php | 4 ++-- mobile/shop/itemuseform.php | 6 +++--- mobile/shop/itemuselist.php | 4 ++-- mobile/shop/search.php | 16 ++++++++-------- shop/item.php | 2 +- shop/itemqaform.php | 6 +++--- shop/itemqaformupdate.php | 10 +++++----- shop/itemqalist.php | 4 ++-- shop/itemuseform.php | 6 +++--- shop/itemuseformupdate.php | 10 +++++----- shop/itemuselist.php | 4 ++-- shop/search.php | 26 +++++++++++++------------- 14 files changed, 53 insertions(+), 53 deletions(-) diff --git a/mobile/shop/item.php b/mobile/shop/item.php index ea57a2d87..b5015d75b 100644 --- a/mobile/shop/item.php +++ b/mobile/shop/item.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/iteminfo.lib.php'); -$it_id = escape_trim($_GET['it_id']); +$it_id = trim($_GET['it_id']); // 분류사용, 상품사용하는 상품의 정보를 얻음 $sql = " select a.*, diff --git a/mobile/shop/itemqaform.php b/mobile/shop/itemqaform.php index a49f9fec7..2a0275618 100644 --- a/mobile/shop/itemqaform.php +++ b/mobile/shop/itemqaform.php @@ -6,9 +6,9 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$iq_id = escape_trim($_REQUEST['iq_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$iq_id = trim($_REQUEST['iq_id']); $chk_secret = ''; diff --git a/mobile/shop/itemqalist.php b/mobile/shop/itemqalist.php index 219ceb182..00f01f867 100644 --- a/mobile/shop/itemqalist.php +++ b/mobile/shop/itemqalist.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '상품문의'; include_once(G5_MSHOP_PATH.'/_head.php'); diff --git a/mobile/shop/itemuseform.php b/mobile/shop/itemuseform.php index 295f22baa..5a77f01c5 100644 --- a/mobile/shop/itemuseform.php +++ b/mobile/shop/itemuseform.php @@ -6,9 +6,9 @@ if (!$is_member) { alert_close("사용후기는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$is_id = escape_trim($_REQUEST['is_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$is_id = trim($_REQUEST['is_id']); // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); diff --git a/mobile/shop/itemuselist.php b/mobile/shop/itemuselist.php index a66ce22a3..5cd6e5c38 100644 --- a/mobile/shop/itemuselist.php +++ b/mobile/shop/itemuselist.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '사용후기'; include_once(G5_MSHOP_PATH.'/_head.php'); diff --git a/mobile/shop/search.php b/mobile/shop/search.php index 2320d93f8..20d9bd483 100644 --- a/mobile/shop/search.php +++ b/mobile/shop/search.php @@ -4,14 +4,14 @@ include_once('./_common.php'); $g5['title'] = "상품 검색 결과"; include_once(G5_MSHOP_PATH.'/_head.php'); -$q = utf8_strcut(escape_trim($_GET['q']), 30, ""); -$qname = escape_trim($_GET['qname']); -$qexplan = escape_trim($_GET['qexplan']); -$qid = escape_trim($_GET['qid']); -$qcaid = escape_trim($_GET['qcaid']); -$qfrom = escape_trim($_GET['qfrom']); -$qto = escape_trim($_GET['qto']); -$qsort = escape_trim($_GET['qsort']); +$q = utf8_strcut(trim($_GET['q']), 30, ""); +$qname = trim($_GET['qname']); +$qexplan = trim($_GET['qexplan']); +$qid = trim($_GET['qid']); +$qcaid = trim($_GET['qcaid']); +$qfrom = trim($_GET['qfrom']); +$qto = trim($_GET['qto']); +$qsort = trim($_GET['qsort']); // QUERY 문에 공통적으로 들어가는 내용 // 상품명에 검색어가 포한된것과 상품판매가능인것만 diff --git a/shop/item.php b/shop/item.php index f1850ab04..1d521f143 100644 --- a/shop/item.php +++ b/shop/item.php @@ -6,7 +6,7 @@ if (G5_IS_MOBILE) { return; } -$it_id = escape_trim($_GET['it_id']); +$it_id = trim($_GET['it_id']); include_once(G5_LIB_PATH.'/iteminfo.lib.php'); diff --git a/shop/itemqaform.php b/shop/itemqaform.php index c1855ec7b..67a969db9 100644 --- a/shop/itemqaform.php +++ b/shop/itemqaform.php @@ -12,9 +12,9 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$iq_id = escape_trim($_REQUEST['iq_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$iq_id = trim($_REQUEST['iq_id']); $chk_secret = ''; diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index 150747724..85249ffe1 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -5,11 +5,11 @@ if (!$is_member) { alert_close("상품문의는 회원만 작성이 가능합니다."); } -$iq_id = escape_trim($_REQUEST['iq_id']); -$iq_subject = escape_trim($_POST['iq_subject']); -$iq_question = escape_trim(stripslashes($_POST['iq_question'])); -$iq_answer = escape_trim(stripslashes($_POST['iq_answer'])); -$hash = escape_trim($_REQUEST['hash']); +$iq_id = trim($_REQUEST['iq_id']); +$iq_subject = trim($_POST['iq_subject']); +$iq_question = trim(stripslashes($_POST['iq_question'])); +$iq_answer = trim(stripslashes($_POST['iq_answer'])); +$hash = trim($_REQUEST['hash']); if ($w == "" || $w == "u") { $iq_name = $member['mb_name']; diff --git a/shop/itemqalist.php b/shop/itemqalist.php index 8f01bcd64..2f549c98c 100644 --- a/shop/itemqalist.php +++ b/shop/itemqalist.php @@ -8,8 +8,8 @@ if (G5_IS_MOBILE) { include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '상품문의'; include_once('./_head.php'); diff --git a/shop/itemuseform.php b/shop/itemuseform.php index 5bee27b78..d47f7b0d0 100644 --- a/shop/itemuseform.php +++ b/shop/itemuseform.php @@ -12,9 +12,9 @@ if (!$is_member) { alert_close("사용후기는 회원만 작성 가능합니다."); } -$w = escape_trim($_REQUEST['w']); -$it_id = escape_trim($_REQUEST['it_id']); -$is_id = escape_trim($_REQUEST['is_id']); +$w = trim($_REQUEST['w']); +$it_id = trim($_REQUEST['it_id']); +$is_id = trim($_REQUEST['is_id']); // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 381384edf..0686fe4d1 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -8,11 +8,11 @@ if (!$is_member) { // 사용후기 작성 설정에 따른 체크 check_itemuse_write(); -$it_id = escape_trim($_REQUEST['it_id']); -$is_subject = escape_trim($_POST['is_subject']); -$is_content = escape_trim($_POST['is_content']); -$is_name = escape_trim($_POST['is_name']); -$is_password = escape_trim($_POST['is_password']); +$it_id = trim($_REQUEST['it_id']); +$is_subject = trim($_POST['is_subject']); +$is_content = trim($_POST['is_content']); +$is_name = trim($_POST['is_name']); +$is_password = trim($_POST['is_password']); $is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score']; if ($w == "" || $w == "u") { diff --git a/shop/itemuselist.php b/shop/itemuselist.php index 729bf0435..eacbc2086 100644 --- a/shop/itemuselist.php +++ b/shop/itemuselist.php @@ -8,8 +8,8 @@ if (G5_IS_MOBILE) { include_once(G5_LIB_PATH.'/thumb.lib.php'); -$sfl = escape_trim($_REQUEST['sfl']); -$stx = escape_trim($_REQUEST['stx']); +$sfl = trim($_REQUEST['sfl']); +$stx = trim($_REQUEST['stx']); $g5['title'] = '사용후기'; include_once('./_head.php'); diff --git a/shop/search.php b/shop/search.php index f2ad3f8df..c3c779581 100644 --- a/shop/search.php +++ b/shop/search.php @@ -9,14 +9,14 @@ if (G5_IS_MOBILE) { $g5['title'] = "상품 검색 결과"; include_once('./_head.php'); -$q = utf8_strcut(escape_trim($_GET['q']), 30, ""); -$qname = escape_trim($_GET['qname']); -$qexplan = escape_trim($_GET['qexplan']); -$qid = escape_trim($_GET['qid']); -$qcaid = escape_trim($_GET['qcaid']); -$qfrom = escape_trim($_GET['qfrom']); -$qto = escape_trim($_GET['qto']); -$qsort = escape_trim($_GET['qsort']); +$q = utf8_strcut(trim($_GET['q']), 30, ""); +$qname = trim($_GET['qname']); +$qexplan = trim($_GET['qexplan']); +$qid = trim($_GET['qid']); +$qcaid = trim($_GET['qcaid']); +$qfrom = trim($_GET['qfrom']); +$qto = trim($_GET['qto']); +$qsort = trim($_GET['qsort']); // QUERY 문에 공통적으로 들어가는 내용 // 상품명에 검색어가 포한된것과 상품판매가능인것만 @@ -36,9 +36,9 @@ if ($q) { for ($i=0; $i Date: Thu, 20 Feb 2014 13:04:52 +0900 Subject: [PATCH 09/14] =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=95=98=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/shop.lib.php | 23 ----------------------- mobile/shop/orderformupdate.php | 8 -------- mobile/shop/personalpayformupdate.php | 8 -------- shop/orderformupdate.php | 9 --------- shop/personalpayformupdate.php | 8 -------- 5 files changed, 56 deletions(-) diff --git a/lib/shop.lib.php b/lib/shop.lib.php index fbf99a017..8e17dce38 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -1469,29 +1469,6 @@ function get_coupon_id() } -// array_map() 대체 -function array_add_callback($func, $array) -{ - if(!$func) { - return; - } - - if(is_array($array)) { - foreach($array as $key => $value) { - if(is_array($value)) { - $array[$key] = array_add_callback($func, $value); - } else { - $array[$key] = call_user_func($func, $value); - } - } - } else { - $array = call_user_func($func, $array); - } - - return $array; -} - - // 주문의 금액, 배송비 과세금액 등의 정보를 가져옴 function get_order_info($od_id) { diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php index 04df26e09..3786fd4ea 100644 --- a/mobile/shop/orderformupdate.php +++ b/mobile/shop/orderformupdate.php @@ -1,14 +1,6 @@ Date: Thu, 20 Feb 2014 14:50:11 +0900 Subject: [PATCH 10/14] =?UTF-8?q?faq=20=EB=A7=81=ED=81=AC=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/shop.head.php | 1 + shop/shop.head.php | 1 + 2 files changed, 2 insertions(+) diff --git a/mobile/shop/shop.head.php b/mobile/shop/shop.head.php index b1de0c62e..f33f29a5f 100644 --- a/mobile/shop/shop.head.php +++ b/mobile/shop/shop.head.php @@ -74,6 +74,7 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
  • 마이페이지
  • 장바구니
  • 개인결제
    • +
  • FAQ
  • 1:1문의
  • 커뮤니티
    • diff --git a/shop/shop.head.php b/shop/shop.head.php index 9ed2dddf8..1024ff708 100644 --- a/shop/shop.head.php +++ b/shop/shop.head.php @@ -74,6 +74,7 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
  • 로그인
  • 마이페이지
    • +
  • FAQ
  • 1:1문의
  • 개인결제
  • 사용후기
    • From 90f5c75a1b611bc215a656326ff8018239188b5e Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 21 Feb 2014 09:01:03 +0900 Subject: [PATCH 11/14] =?UTF-8?q?=EC=A3=BC=EB=AC=B8=EB=82=B4=EC=97=AD=20?= =?UTF-8?q?=ED=8E=98=EC=9D=B4=EC=A7=80=20=EB=B3=80=EA=B2=BD=20=EB=95=8C=20?= =?UTF-8?q?=EC=A3=BC=EB=AC=B8=EC=83=81=ED=83=9C=20=EB=88=84=EB=9D=BD?= =?UTF-8?q?=EB=90=98=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/shop_admin/orderlist.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adm/shop_admin/orderlist.php b/adm/shop_admin/orderlist.php index 9878a9ec0..9c5665099 100644 --- a/adm/shop_admin/orderlist.php +++ b/adm/shop_admin/orderlist.php @@ -108,7 +108,7 @@ $sql = " select *, limit $from_record, $rows "; $result = sql_query($sql); -$qstr1 = "sel_field=$sel_field&search=$search&save_search=$search"; +$qstr1 = "od_status=$od_status&sel_field=$sel_field&search=$search&save_search=$search"; $qstr = "$qstr1&sort1=$sort1&sort2=$sort2&page=$page"; $listall = '전체목록'; From 1c4f1d6518b56882929eb4405d9bab01f5529cb0 Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 21 Feb 2014 13:13:54 +0900 Subject: [PATCH 12/14] =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=95=98=EC=A7=80=20?= =?UTF-8?q?=EC=95=8A=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/shop/basic/item.form.skin.php | 46 ----------------------- 1 file changed, 46 deletions(-) diff --git a/mobile/skin/shop/basic/item.form.skin.php b/mobile/skin/shop/basic/item.form.skin.php index 5235dfb6b..895267296 100644 --- a/mobile/skin/shop/basic/item.form.skin.php +++ b/mobile/skin/shop/basic/item.form.skin.php @@ -364,52 +364,6 @@ $(function(){ }); }); -function content_swipe(direction) -{ - // 로딩 레이어 - load_message(); - - var next_href = ''; - var prev_href = ''; - var str; - - if(direction == "left") { - str = next_href; - } else { - str = prev_href; - } - - var href = str.match(/https?:\/{2}[^\"]+/gi); - - setTimeout(function() { - document.location.href = href[0]; - }, 500); -} - -function load_message() -{ - var w = $(window).width(); - var h = $(window).height(); - var img_w = 64; - var img_h = 64; - var top, left; - var scr_top = $(window).scrollTop(); - - if (/iP(hone|od|ad)/.test(navigator.platform)) { - if(window.innerHeight - $(window).outerHeight(true) > 0) - h += (window.innerHeight - $(window).outerHeight(true)); - } - - top = parseInt((h - img_h) / 2); - left = parseInt((w - img_w) / 2); - - var img = "
    "; - img += "/img/loading.gif\" style=\"top:"+top+"px;left:"+left+"px;\" />"; - img += "
    "; - - $("body").append(img); -} - // 상품보관 function item_wish(f, it_id) { From d8441c31df5473fc9b0ecf648aa55570b982506d Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 21 Feb 2014 14:34:38 +0900 Subject: [PATCH 13/14] =?UTF-8?q?=EB=AA=A8=EB=B0=94=EC=9D=BC=EC=87=BC?= =?UTF-8?q?=ED=95=91=EB=AA=B0=20=EC=B9=B4=EC=B9=B4=EC=98=A4=ED=86=A1=20?= =?UTF-8?q?=EB=A7=81=ED=81=AC=20=EB=B3=B4=EB=82=B4=EA=B8=B0=20=EA=B8=B0?= =?UTF-8?q?=EB=8A=A5=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/kakao.link.js | 95 +++++++++++++++++++++++ lib/shop.lib.php | 3 + mobile/skin/shop/basic/item.form.skin.php | 49 ++++++++++++ 3 files changed, 147 insertions(+) create mode 100644 js/kakao.link.js diff --git a/js/kakao.link.js b/js/kakao.link.js new file mode 100644 index 000000000..872b6f296 --- /dev/null +++ b/js/kakao.link.js @@ -0,0 +1,95 @@ +/* + Copyright 2012 KAKAO + */ + +(function (window, undefined) { + var kakao = {}; + window.kakao = window.kakao || kakao; + + var uagent = navigator.userAgent.toLocaleLowerCase(); + if (uagent.search("android") > -1) { + kakao.os = "android"; + if (uagent.search("chrome") > -1) { + kakao.browser = "android+chrome"; + } + } else if (uagent.search("iphone") > -1 || uagent.search("ipod") > -1 || uagent.search("ipad") > -1) { + kakao.os = "ios"; + } + + var app = { + talk: { + base_url: "kakaolink://sendurl?", + apiver: "2.0.1", + store: { + android: "market://details?id=com.kakao.talk", + ios: "http://itunes.apple.com/app/id362057947" + }, + package: "com.kakao.talk" + }, + story: { + base_url: "storylink://posting?", + apiver: "1.0", + store: { + android: "market://details?id=com.kakao.story", + ios: "http://itunes.apple.com/app/id486244601" + }, + package: "com.kakao.story" + } + }; + + kakao.link = function (name) { + var link_app = app[name]; + if (!link_app) return { send: function () { + throw "No App exists"; + }}; + return { + send: function (params) { + var _app = this.app; + params['apiver'] = _app.apiver; + var full_url = _app.base_url + serialized(params); + + var install_block = (function (os) { + return function () { + window.location = _app.store[os]; + }; + })(this.os); + + if (this.os == "ios") { + var timer = setTimeout(install_block, 2 * 1000); + window.addEventListener('pagehide', clearTimer(timer)); + window.location = full_url; + } else if (this.os == "android") { + if (this.browser == "android+chrome") { + window.location = "intent:" + full_url + "#Intent;package=" + _app.package + ";end;"; + } else { + var iframe = document.createElement('iframe'); + iframe.style.display = 'none'; + iframe.src = full_url; + iframe.onload = install_block; + document.body.appendChild(iframe); + } + } + }, + app: link_app, + os: kakao.os, + browser: kakao.browser + }; + + function serialized(params) { + var stripped = []; + for (var k in params) { + if (params.hasOwnProperty(k)) { + stripped.push(k + "=" + encodeURIComponent(params[k])); + } + } + return stripped.join("&"); + } + + function clearTimer(timer) { + return function () { + clearTimeout(timer); + window.removeEventListener('pagehide', arguments.callee); + }; + } + }; +}(window)); diff --git a/lib/shop.lib.php b/lib/shop.lib.php index 8e17dce38..d2f904887 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -1421,6 +1421,9 @@ function get_sns_share_link($sns, $url, $title, $img) case 'googleplus': $str = ''; break; + case 'kakaotalk': + $str = ''; + break; } return $str; diff --git a/mobile/skin/shop/basic/item.form.skin.php b/mobile/skin/shop/basic/item.form.skin.php index 895267296..b5d52edc6 100644 --- a/mobile/skin/shop/basic/item.form.skin.php +++ b/mobile/skin/shop/basic/item.form.skin.php @@ -7,6 +7,7 @@ add_stylesheet('', +
    @@ -64,6 +65,7 @@ add_stylesheet('', +
    @@ -456,4 +458,51 @@ function fitem_submit(f) return true; } + +// 카카오톡 링크 보내기 메세지 입력 +function kakaolink_message() +{ + var popup = "
    "; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += ""; + popup += "
    "; + + $("form[name=fitem]").before(popup); +} + +function send_cancel() +{ + $("#kakao_message").remove(); +} + +// 카카오톡 링크 보내기 +function kakaolink_send(f) +{ + var msg = f.message.value; + if(!msg) { + alert("메세지를 입력해 주세요"); + return false; + } + + /* + msg, url, appid, appname은 실제 서비스에서 사용하는 정보로 업데이트되어야 합니다. + */ + kakao.link("talk").send({ + msg : msg, + url : "", + appid : "", + appver : "2.0", + appname : "", + type : "link" + }); + + $("#kakao_message").remove(); + + return false; + +} \ No newline at end of file From 37cbaeec0604c864b4e86baa1d8265a65638b3b0 Mon Sep 17 00:00:00 2001 From: chicpro Date: Fri, 21 Feb 2014 15:31:12 +0900 Subject: [PATCH 14/14] =?UTF-8?q?=EC=84=A4=EC=B9=98=EC=8B=9C=20=EA=B8=B0?= =?UTF-8?q?=EB=B3=B8=EC=9C=BC=EB=A1=9C=20=EC=87=BC=ED=95=91=EB=AA=B0=20?= =?UTF-8?q?=EC=84=A4=EC=B9=98=EC=97=90=20=EC=B2=B4=ED=81=AC=EB=90=98?= =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/install_config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/install_config.php b/install/install_config.php index 860460595..3e4ffe064 100644 --- a/install/install_config.php +++ b/install/install_config.php @@ -75,7 +75,7 @@ if (!isset($_POST['agree']) || $_POST['agree'] != '동의함') {
    - 설치 + 설치