From d49200c99e60e9e4a0f66d110448b49f6f6f94eb Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Mon, 27 Jul 2015 14:08:23 +0900
Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EB=B0=8F?=
 =?UTF-8?q?=20=EA=B8=B0=ED=83=80=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/history_send.php   | 2 +-
 adm/sms_admin/sms_write_send.php | 2 +-
 bbs/password.php                 | 2 +-
 config.php                       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/adm/sms_admin/history_send.php b/adm/sms_admin/history_send.php
index a28d981fe..214815a6a 100644
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@@ -116,7 +116,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            $log = @iconv('UTF-8', 'UTF-8//IGNORE', $log);
+            $log = @iconv('euc-kr', 'utf-8', $log);
 
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'", false);
         }
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index 45646ffec..5bbc285bb 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -202,7 +202,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            $log = @iconv('UTF-8', 'UTF-8//IGNORE', $log);
+            $log = @iconv('euc-kr', 'utf-8', $log);
 
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'", false);
         }
diff --git a/bbs/password.php b/bbs/password.php
index b29681143..ffd2a55b4 100644
--- a/bbs/password.php
+++ b/bbs/password.php
@@ -51,7 +51,7 @@ $sql = " select wr_subject from {$write_table}
                       and wr_is_comment = 0 ";
 $row = sql_fetch($sql);
 
-$g5['title'] = $row['wr_subject'];
+$g5['title'] = get_text($row['wr_subject']);
 
 include_once($member_skin_path.'/password.skin.php');
 
diff --git a/config.php b/config.php
index 70a1da8ab..da4877c2c 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.0.41');
+define('G5_GNUBOARD_VER', '5.0.42');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);