XSS 취약점 및 기타 오류 수정

adm/sms_admin/history_send.php

@@ -116,7 +116,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            $log = @iconv('UTF-8', 'UTF-8//IGNORE', $log);
+            $log = @iconv('euc-kr', 'utf-8', $log);
 
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'", false);
         }

adm/sms_admin/sms_write_send.php

@@ -202,7 +202,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            $log = @iconv('UTF-8', 'UTF-8//IGNORE', $log);
+            $log = @iconv('euc-kr', 'utf-8', $log);
 
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'", false);
         }

bbs/password.php

@@ -51,7 +51,7 @@ $sql = " select wr_subject from {$write_table}
                       and wr_is_comment = 0 ";
 $row = sql_fetch($sql);
 
-$g5['title'] = $row['wr_subject'];
+$g5['title'] = get_text($row['wr_subject']);
 
 include_once($member_skin_path.'/password.skin.php');
 

config.php

@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.0.41');
+define('G5_GNUBOARD_VER', '5.0.42');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);