From bc37a2cd599bf1cbc52c83ae49e8e4ecaf31660b Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 15 Feb 2021 10:33:16 +0900 Subject: [PATCH 1/9] =?UTF-8?q?=EA=B2=8C=EC=8B=9C=ED=8C=90=20=EC=8A=A4?= =?UTF-8?q?=ED=82=A8=EC=97=90=EC=84=9C=20=EB=AC=B8=EC=A0=9C=EA=B0=80=20?= =?UTF-8?q?=EB=90=98=EB=8A=94=20download=20attribute=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/skin/board/basic/view.skin.php | 2 +- mobile/skin/board/gallery/view.skin.php | 2 +- skin/board/basic/view.skin.php | 2 +- skin/board/gallery/view.skin.php | 2 +- theme/basic/mobile/skin/board/basic/view.skin.php | 2 +- theme/basic/mobile/skin/board/gallery/view.skin.php | 2 +- theme/basic/skin/board/basic/view.skin.php | 2 +- theme/basic/skin/board/gallery/view.skin.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php index f72574070..8a3f2dd57 100644 --- a/mobile/skin/board/basic/view.skin.php +++ b/mobile/skin/board/basic/view.skin.php @@ -143,7 +143,7 @@ jQuery(function($){ if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) { ?>
  • - + () diff --git a/mobile/skin/board/gallery/view.skin.php b/mobile/skin/board/gallery/view.skin.php index d75600e81..37237904e 100644 --- a/mobile/skin/board/gallery/view.skin.php +++ b/mobile/skin/board/gallery/view.skin.php @@ -145,7 +145,7 @@ jQuery(function($){ if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) { ?>
  • - + () diff --git a/skin/board/basic/view.skin.php b/skin/board/basic/view.skin.php index cbf54f971..ffe1ef78f 100644 --- a/skin/board/basic/view.skin.php +++ b/skin/board/basic/view.skin.php @@ -161,7 +161,7 @@ add_stylesheet('', 0 ?>
  • - + ()
    diff --git a/skin/board/gallery/view.skin.php b/skin/board/gallery/view.skin.php index 293af3bf1..e94e3f08b 100644 --- a/skin/board/gallery/view.skin.php +++ b/skin/board/gallery/view.skin.php @@ -161,7 +161,7 @@ add_stylesheet('', 0 ?>
  • - + ()
    diff --git a/theme/basic/mobile/skin/board/basic/view.skin.php b/theme/basic/mobile/skin/board/basic/view.skin.php index f72574070..8a3f2dd57 100644 --- a/theme/basic/mobile/skin/board/basic/view.skin.php +++ b/theme/basic/mobile/skin/board/basic/view.skin.php @@ -143,7 +143,7 @@ jQuery(function($){ if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) { ?>
  • - + () diff --git a/theme/basic/mobile/skin/board/gallery/view.skin.php b/theme/basic/mobile/skin/board/gallery/view.skin.php index d75600e81..37237904e 100644 --- a/theme/basic/mobile/skin/board/gallery/view.skin.php +++ b/theme/basic/mobile/skin/board/gallery/view.skin.php @@ -145,7 +145,7 @@ jQuery(function($){ if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view']) { ?>
  • - + () diff --git a/theme/basic/skin/board/basic/view.skin.php b/theme/basic/skin/board/basic/view.skin.php index cbf54f971..ffe1ef78f 100644 --- a/theme/basic/skin/board/basic/view.skin.php +++ b/theme/basic/skin/board/basic/view.skin.php @@ -161,7 +161,7 @@ add_stylesheet('', 0 ?>
  • - + ()
    diff --git a/theme/basic/skin/board/gallery/view.skin.php b/theme/basic/skin/board/gallery/view.skin.php index 293af3bf1..e94e3f08b 100644 --- a/theme/basic/skin/board/gallery/view.skin.php +++ b/theme/basic/skin/board/gallery/view.skin.php @@ -161,7 +161,7 @@ add_stylesheet('', 0 ?>
  • - + ()
    From 6365717c0dd8f2766013a86babbcabf86198bf2b Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 23 Feb 2021 18:29:30 +0900 Subject: [PATCH 2/9] =?UTF-8?q?=EC=98=A4=ED=83=80=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EB=B0=8F=20=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=9C=84=EC=B9=98?= =?UTF-8?q?=EC=97=90=20=EC=9E=88=EB=8A=94=20=EC=BD=94=EB=93=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/move_update.php | 4 ++-- bbs/register_form_update.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bbs/move_update.php b/bbs/move_update.php index dd5a6345a..595e6f5a6 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -193,12 +193,12 @@ while ($row = sql_fetch_array($result)) $save[$cnt]['wr_id'] = $row2['wr_parent']; $cnt++; + + run_event('bbs_move_copy', $row2, $move_bo_table, $insert_id, $next_wr_num, $sw); } sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' "); sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment + '$count_comment' where bo_table = '$move_bo_table' "); - - run_event('bbs_move_copy', $row2, $move_bo_table, $insert_id, $next_wr_num, $sw); delete_cache_latest($move_bo_table); } diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 793b51315..9cafded03 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -512,8 +512,8 @@ if ($config['cf_use_email_certify'] && $old_email != $mb_email) { if(isset($_SESSION['ss_cert_type'])) unset($_SESSION['ss_cert_type']); if(isset($_SESSION['ss_cert_no'])) unset($_SESSION['ss_cert_no']); if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_hash']); -if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_birth']); -if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_adult']); +if(isset($_SESSION['ss_cert_birth'])) unset($_SESSION['ss_cert_birth']); +if(isset($_SESSION['ss_cert_adult'])) unset($_SESSION['ss_cert_adult']); if ($msg) echo ''; From 5a308040f15af3cbe1e6f2b92e45774b54547847 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 2 Mar 2021 13:57:39 +0900 Subject: [PATCH 3/9] =?UTF-8?q?=EC=86=8C=EC=85=9C=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=20=ED=9A=8C=EC=9B=90=EA=B0=80=EC=9E=85=EC=8B=9C=20?= =?UTF-8?q?=EB=8B=89=EB=84=A4=EC=9E=84=EC=9D=84=20=EB=B0=9B=EC=95=84?= =?UTF-8?q?=EC=98=A4=EC=A7=80=20=EB=AA=BB=ED=96=88=EC=9D=84=20=EB=95=8C=20?= =?UTF-8?q?SQL=20QUERY=EB=9F=89=EC=9D=B4=20=EC=A6=9D=EA=B0=80=ED=95=98?= =?UTF-8?q?=EB=8A=94=20=EB=AC=B8=EC=A0=9C=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/social/register_member.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plugin/social/register_member.php b/plugin/social/register_member.php index 3c62ce00b..45662b631 100644 --- a/plugin/social/register_member.php +++ b/plugin/social/register_member.php @@ -26,6 +26,11 @@ $user_nick = social_relace_nick($user_profile->displayName); $user_email = isset($user_profile->emailVerified) ? $user_profile->emailVerified : $user_profile->email; $user_id = $user_profile->sid ? preg_replace("/[^0-9a-z_]+/i", "", $user_profile->sid) : get_social_convert_id($user_profile->identifier, $provider_name); +if(! $user_nick) { + $tmp = explode('_', $user_id); + $user_nick = $tmp[1]; +} + //$is_exists_id = exist_mb_id($user_id); //$is_exists_name = exist_mb_nick($user_nick, ''); $user_id = exist_mb_id_recursive($user_id); From d0b2d6811e024ca21f5dbbd61e389d5375134796 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 15 Mar 2021 10:34:22 +0900 Subject: [PATCH 4/9] =?UTF-8?q?=EC=83=88=EA=B8=80=20=ED=8E=98=EC=9D=B4?= =?UTF-8?q?=EC=A7=80=EC=99=80=20=EC=8D=B8=EB=84=A4=EC=9D=BC=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=EC=9D=98=20=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.head.php | 2 +- adm/view.php | 2 +- bbs/new_delete.php | 22 +++++++++++++++------- lib/thumbnail.lib.php | 2 +- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/adm/admin.head.php b/adm/admin.head.php index 13d1251de..0f91ddbd1 100644 --- a/adm/admin.head.php +++ b/adm/admin.head.php @@ -130,7 +130,7 @@ function imageview(id, w, h) foreach($amenu as $key=>$value) { $href1 = $href2 = ''; - if ($menu['menu'.$key][0][2]) { + if (isset($menu['menu'.$key][0][2]) && $menu['menu'.$key][0][2]) { $href1 = ''; $href2 = ''; } else { diff --git a/adm/view.php b/adm/view.php index 58db281e8..937318e16 100644 --- a/adm/view.php +++ b/adm/view.php @@ -11,7 +11,7 @@ if( ! $call ){ if( ! $is_admin ){ $sql = " select count(*) as cnt from {$g5['auth_table']} where mb_id = '{$member['mb_id']}' "; $row = sql_fetch($sql); - if ( ! $row['cnt']) { + if (! (isset($row['cnt']) && $row['cnt'])) { return; } } diff --git a/bbs/new_delete.php b/bbs/new_delete.php index faff90f42..0cf1d425c 100644 --- a/bbs/new_delete.php +++ b/bbs/new_delete.php @@ -53,9 +53,17 @@ for($i=0;$i<$count_chk_bn_id;$i++) // 업로드된 파일이 있다면 파일삭제 $sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' "; $result2 = sql_query($sql2); - while ($row2 = sql_fetch_array($result2)) - @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + while ($row2 = sql_fetch_array($result2)){ + $delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row2['bf_file']), $row2); + if( file_exists($delete_file) ){ + @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']); + } + // 이미지파일이면 썸네일삭제 + if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) { + delete_board_thumbnail($bo_table, $row2['bf_file']); + } + } // 파일테이블 행 삭제 sql_query(" delete from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' "); @@ -63,9 +71,9 @@ for($i=0;$i<$count_chk_bn_id;$i++) } else { - // 코멘트 포인트 삭제 - if (!delete_point($row['mb_id'], $bo_table, $row['wr_id'], '코멘트')) - insert_point($row['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_id']}-{$row['wr_id']} 코멘트삭제"); + // 댓글 포인트 삭제 + if (!delete_point($row['mb_id'], $bo_table, $row['wr_id'], '댓글')) + insert_point($row['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_id']}-{$row['wr_id']} 댓글삭제"); $count_comment++; } @@ -120,8 +128,8 @@ for($i=0;$i<$count_chk_bn_id;$i++) $comment_reply = substr($write['wr_comment_reply'], 0, $len); // 코멘트 삭제 - if (!delete_point($write['mb_id'], $bo_table, $comment_id, '코멘트')) { - insert_point($write['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_parent']}-{$comment_id} 코멘트삭제"); + if (!delete_point($write['mb_id'], $bo_table, $comment_id, '댓글')) { + insert_point($write['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_parent']}-{$comment_id} 댓글삭제"); } // 코멘트 삭제 diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php index 51ab51453..f983100ff 100644 --- a/lib/thumbnail.lib.php +++ b/lib/thumbnail.lib.php @@ -227,7 +227,7 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h return; $size = @getimagesize($source_file); - if($size[2] < 1 || $size[2] > 3) // gif, jpg, png 에 대해서만 적용 + if(!isset($size[2]) || $size[2] < 1 || $size[2] > 3) // gif, jpg, png 에 대해서만 적용 return; if (!is_dir($target_path)) { From 1aedb8f805908b9c30937ca127b090e65b7e6271 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 15 Mar 2021 14:30:00 +0900 Subject: [PATCH 5/9] =?UTF-8?q?[KVE-2020-1617]=EA=B7=B8=EB=88=84=EB=B3=B4?= =?UTF-8?q?=EB=93=9C=20Cross=20Site=20Scripting(XSS)=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 140 ++++++++++++++++++------------------- adm/config_form_update.php | 6 +- 2 files changed, 75 insertions(+), 71 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index 32e779611..c14f294f5 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -339,14 +339,14 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - + - + @@ -357,79 +357,79 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 점 + - 점 + - 자리만 표시 + 자리만 표시 - 수정하면 일 동안 바꿀 수 없음 + 수정하면 일 동안 바꿀 수 없음 - 수정하면 일 동안 바꿀 수 없음 + 수정하면 일 동안 바꿀 수 없음 - 일 + - 일 + - 일 + - 일 + - 분 + - 라인 + 라인 - 라인 + 라인 - 라인 + 라인 - 페이지씩 표시 + 페이지씩 표시 - 페이지씩 표시 + 페이지씩 표시 @@ -516,13 +516,13 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - reCAPTCHA 등록하기 + reCAPTCHA 등록하기 - + @@ -536,33 +536,33 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 일 + 123.123.+ 도 입력 가능. (엔터로 구분)') ?> - + 123.123.+ 도 입력 가능. (엔터로 구분)') ?> - + - + - + @@ -605,7 +605,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 초 지난후 가능 + 초 지난후 가능 @@ -619,46 +619,46 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 점 + - 점 + - 점 + - 점 + - 건 단위로 검색 + 건 단위로 검색 - + - + - + - + @@ -733,11 +733,11 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 점 + - 일 후 자동 삭제 + 일 후 자동 삭제 @@ -754,25 +754,25 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - 바이트 이하 + 바이트 이하 회원아이콘 사이즈 - + - + 픽셀 이하 - 바이트 이하 + 바이트 이하 회원이미지 사이즈 - + - + 픽셀 이하 @@ -780,27 +780,27 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { > 사용 - 점 + - + - + - + - + @@ -862,7 +862,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { 서비스에 가입되어 있지 않다면, KCB와 계약체결 후 회원사ID를 발급 받으실 수 있습니다.
    이용하시려는 서비스에 대한 계약을 아이핀, 휴대폰 본인확인 각각 체결해주셔야 합니다.
    아이핀 본인확인 테스트의 경우에는 KCB 회원사ID가 필요 없으나,
    휴대폰 본인확인 테스트의 경우 KCB 에서 따로 발급 받으셔야 합니다.') ?> - KCB 아이핀 서비스 신청페이지 + KCB 아이핀 서비스 신청페이지 KCB 휴대폰 본인확인 서비스 신청페이지 @@ -871,7 +871,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { 서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 사이트코드를 발급 받으실 수 있습니다.') ?> SM - NHN KCP 휴대폰 본인확인 서비스 신청페이지 + NHN KCP 휴대폰 본인확인 서비스 신청페이지 @@ -879,21 +879,21 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { 서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 상점아이디를 발급 받으실 수 있습니다.
    LG유플러스 휴대폰본인확인은 ActiveX 설치가 필요하므로 Internet Explorer 에서만 사용할 수 있습니다.') ?> si_ - LG유플러스 본인확인 서비스 신청페이지 + LG유플러스 본인확인 서비스 신청페이지 계약정보 -> 상점정보관리에서 확인하실 수 있습니다.') ?> - + 회수제한은 실서비스에서 아이핀과 휴대폰 본인확인 인증에 개별 적용됩니다.
    0 으로 설정하시면 회수제한이 적용되지 않습니다.'); ?> - 회 + 회 @@ -1138,73 +1138,73 @@ include_once('_rewrite_config_form.php'); - 앱 등록하기 + 앱 등록하기 - + - 앱 등록하기 + 앱 등록하기 - + - 앱 등록하기 + 앱 등록하기 - + - 앱 등록하기 + 앱 등록하기 - + - API Key 등록하기 + API Key 등록하기 - 앱 등록하기 + 앱 등록하기 - + - + - 앱 등록하기 + 앱 등록하기 - + @@ -1276,20 +1276,20 @@ include_once('_rewrite_config_form.php'); - + - + 요금제
    (구버전) - + 충전 잔액
    (구버전) 원. - 충전하기 + 충전하기 diff --git a/adm/config_form_update.php b/adm/config_form_update.php index d2564cd8a..cd31cb1e0 100644 --- a/adm/config_form_update.php +++ b/adm/config_form_update.php @@ -162,7 +162,11 @@ foreach( $check_keys as $k => $v ){ if( $v === 'int' ){ $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? (int) $_POST[$k] : 0; } else { - $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? $_POST[$k] : ''; + if(in_array($k, array('cf_analytics', 'cf_add_meta', 'cf_add_script', 'cf_stipulation', 'cf_privacy'))){ + $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? $_POST[$k] : ''; + } else { + $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? strip_tags(clean_xss_attributes($_POST[$k])) : ''; + } } } From 086a1738d99e84010af26f5e62c437fc5ed584bb Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 15 Mar 2021 16:24:32 +0900 Subject: [PATCH 6/9] =?UTF-8?q?[KVE-2020-1616]=EA=B7=B8=EB=88=84=EB=B3=B4?= =?UTF-8?q?=EB=93=9C=20=EB=A9=94=EC=9D=B8=ED=99=94=EB=A9=B4=20XSS=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/menu_list_update.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index 9a3ecd499..f62ab4714 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -21,7 +21,11 @@ for ($i=0; $i<$count; $i++) { $_POST = array_map_deep('trim', $_POST); - $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : ''; + if(preg_match('/^javascript/i', preg_replace('/[ ]{1,}|[\t]/', '', $_POST['me_link'][$i]))){ + $_POST['me_link'][$i] = G5_URL; + } + + $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : ''; $code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : ''; $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : ''; From 0139d91ac9dfbcac279f75257768b2e7ca71e832 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 16 Mar 2021 11:09:42 +0900 Subject: [PATCH 7/9] =?UTF-8?q?[KVE-2021-0172,0329,0330]=20=EA=B7=B8?= =?UTF-8?q?=EB=88=84=EB=B3=B4=EB=93=9C=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/qa_config_update.php | 10 +++++++++- bbs/qadelete.php | 4 ++-- bbs/qawrite_update.php | 6 +++--- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php index 9f5869073..1f4f7d82c 100644 --- a/adm/qa_config_update.php +++ b/adm/qa_config_update.php @@ -61,9 +61,17 @@ if( function_exists('filter_input_include_path') ){ $qa_include_tail = filter_input_include_path($qa_include_tail); } +// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다. +$src_char = array('&', '='); +$dst_char = array('&', '〓'); +$qa_category = str_replace($src_char, $dst_char, $_POST['qa_category']); + +//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 +$qa_category = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $qa_category); + $sql = " update {$g5['qa_config_table']} set qa_title = '{$_POST['qa_title']}', - qa_category = '{$_POST['qa_category']}', + qa_category = '{$qa_category}', qa_skin = '{$_POST['qa_skin']}', qa_mobile_skin = '{$_POST['qa_mobile_skin']}', qa_use_email = '{$_POST['qa_use_email']}', diff --git a/bbs/qadelete.php b/bbs/qadelete.php index 3ce8580bd..af92640eb 100644 --- a/bbs/qadelete.php +++ b/bbs/qadelete.php @@ -45,7 +45,7 @@ for($i=0; $i<$count; $i++) { // 첨부파일 삭제 for($k=1; $k<=2; $k++) { - @unlink(G5_DATA_PATH.'/qa/'.$row['qa_file'.$k]); + @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row['qa_file'.$k])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['qa_file'.$k])) { delete_qa_thumbnail($row['qa_file'.$k]); @@ -60,7 +60,7 @@ for($i=0; $i<$count; $i++) { $row2 = sql_fetch(" select qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_parent = '$qa_id' "); // 첨부파일 삭제 for($k=1; $k<=2; $k++) { - @unlink(G5_DATA_PATH.'/qa/'.$row2['qa_file'.$k]); + @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row2['qa_file'.$k])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['qa_file'.$k])) { delete_qa_thumbnail($row2['qa_file'.$k]); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 021cd3d4d..ab0b9b3a7 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -157,7 +157,7 @@ for ($i=1; $i<=$upload_count; $i++) { // 삭제에 체크가 되어있다면 파일을 삭제합니다. if (isset($_POST['bf_file_del'][$i]) && $_POST['bf_file_del'][$i]) { $upload[$i]['del_check'] = true; - @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]); + @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i])); // 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) { delete_qa_thumbnail($write['qa_file'.$i]); @@ -204,7 +204,7 @@ for ($i=1; $i<=$upload_count; $i++) { if ($w == 'u') { // 존재하는 파일이 있다면 삭제합니다. - @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]); + @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i])); // 이미지파일이면 썸네일삭제 if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) { delete_qa_thumbnail($row['qa_file'.$i]); @@ -244,7 +244,7 @@ if($w == '' || $w == 'a' || $w == 'r') { $qa_num = $write['qa_num']; $qa_parent = $write['qa_id']; $qa_related = $write['qa_related']; - $qa_category = $write['qa_category']; + $qa_category = addslashes($write['qa_category']); $qa_type = 1; $qa_status = 1; } From 38571d552f24ed46ac31c35ba92bf7b4aec6d2e1 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 16 Mar 2021 12:17:52 +0900 Subject: [PATCH 8/9] =?UTF-8?q?=EB=8F=99=EC=9D=BC=20=EA=B2=8C=EC=8B=9C?= =?UTF-8?q?=EA=B8=80=20=EB=B3=B5=EC=82=AC=EC=8B=9C=20=EC=B2=A8=EB=B6=80?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=EB=AA=85=20=EA=B8=B8=EC=9D=B4=EA=B0=80=20?= =?UTF-8?q?=EB=8A=98=EC=96=B4=EB=82=98=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/move_update.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/bbs/move_update.php b/bbs/move_update.php index 595e6f5a6..097af6863 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -130,7 +130,20 @@ while ($row = sql_fetch_array($result)) { // 원본파일을 복사하고 퍼미션을 변경 // 제이프로님 코드제안 적용 - $copy_file_name = ($bo_table !== $move_bo_table) ? $row3['bf_file'] : $row2['wr_id'].'_copy_'.$insert_id.'_'.$row3['bf_file']; + + $copy_file_name = $row3['bf_file']; + + if($bo_table === $move_bo_table){ + if(preg_match('/_copy(\d+)?_(\d+)_/', $copy_file_name, $match)){ + + $number = isset($match[1]) ? (int) $match[1] : 0; + $replace_str = '_copy'.($number + 1).'_'.$insert_id.'_'; + $copy_file_name = preg_replace('/_copy(\d+)?_(\d+)_/', $replace_str, $copy_file_name); + } else { + $copy_file_name = $row2['wr_id'].'_copy_'.$insert_id.'_'.$row3['bf_file']; + } + } + $is_exist_file = is_file($src_dir.'/'.$row3['bf_file']) && file_exists($src_dir.'/'.$row3['bf_file']); if( $is_exist_file ){ @copy($src_dir.'/'.$row3['bf_file'], $dst_dir.'/'.$copy_file_name); From 5b97b579574f0dffb24560ea6ba103fc5a239a66 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 16 Mar 2021 12:27:07 +0900 Subject: [PATCH 9/9] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.5.2=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 9fda63c91..95a9bc288 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.4.5.1'); +define('G5_GNUBOARD_VER', '5.4.5.2'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);