diff --git a/adm/board_form_update.php b/adm/board_form_update.php index d2cb9e76e..71341fbbe 100644 --- a/adm/board_form_update.php +++ b/adm/board_form_update.php @@ -18,18 +18,18 @@ $_POST['bo_include_head'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_incl $_POST['bo_include_tail'] = preg_replace("#[\\\]+$#", "", substr($_POST['bo_include_tail'], 0, 255)); if ($file = $_POST['bo_include_head']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_head'] = $file; } if ($file = $_POST['bo_include_tail']) { - $purl = parse_url($file); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($file, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } $_POST['bo_include_tail'] = $file; diff --git a/adm/board_list_update.php b/adm/board_list_update.php index a26e521d6..90a1c5d33 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -8,6 +8,8 @@ if (!count($_POST['chk'])) { alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); } +check_admin_token(); + if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'w'); @@ -19,7 +21,7 @@ if ($_POST['act_button'] == "선택수정") { if ($is_admin != 'super') { $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b - where a.gr_id = '{$_POST['gr_id'][$k]}' + where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."' and a.gr_id = b.gr_id and b.gr_admin = '{$member['mb_id']}' "; $row = sql_fetch($sql); @@ -28,19 +30,20 @@ if ($_POST['act_button'] == "선택수정") { } $sql = " update {$g5['board_table']} - set gr_id = '{$_POST['gr_id'][$k]}', - bo_subject = '{$_POST['bo_subject'][$k]}', - bo_device = '{$_POST['bo_device'][$k]}', - bo_skin = '{$_POST['bo_skin'][$k]}', - bo_mobile_skin = '{$_POST['bo_mobile_skin'][$k]}', - bo_read_point = '{$_POST['bo_read_point'][$k]}', - bo_write_point = '{$_POST['bo_write_point'][$k]}', - bo_comment_point = '{$_POST['bo_comment_point'][$k]}', - bo_download_point = '{$_POST['bo_download_point'][$k]}', - bo_use_search = '{$_POST['bo_use_search'][$k]}', - bo_use_sns = '{$_POST['bo_use_sns'][$k]}', - bo_order = '{$_POST['bo_order'][$k]}' - where bo_table = '{$_POST['board_table'][$k]}' "; + set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."', + bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."', + bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."', + bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."', + bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."', + bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."', + bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."', + bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."', + bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."', + bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."', + bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."', + bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."' + where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' "; + sql_query($sql); } @@ -51,8 +54,6 @@ if ($_POST['act_button'] == "선택수정") { auth_check($auth[$sub_menu], 'd'); - check_admin_token(); - // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함 define('_BOARD_DELETE_', true); diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 47adc9b88..b56dc1f47 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -11,17 +11,17 @@ check_admin_token(); $error_msg = ''; if( $qa_include_head ){ - $purl = parse_url($qa_include_head); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_head, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('상단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } if( $qa_include_tail ){ - $purl = parse_url($qa_include_tail); - $file = $purl['path']; - if (!preg_match("/\.(php|htm['l']?)$/i", $file)) { + $file_ext = pathinfo($qa_include_tail, PATHINFO_EXTENSION); + + if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) ) { alert('하단 파일 경로의 확장자는 php, html 만 허용합니다.'); } } diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php index 592e273ce..075c7b4a4 100644 --- a/adm/sms_admin/emoticon_move.php +++ b/adm/sms_admin/emoticon_move.php @@ -11,7 +11,8 @@ auth_check($auth[$sub_menu], "r"); $g5['title'] = '이모티콘그룹 이동'; include_once(G5_PATH.'/head.sub.php'); -$fo_no_list = implode(',', $_POST['fo_no']); +$list = array(); //배열 변수 초기화 +$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : ''; $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no "; $result = sql_query($sql); @@ -27,7 +28,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
- +