버전 5.4.5.2 수정

bbs/move_update.php

@@ -130,7 +130,20 @@ while ($row = sql_fetch_array($result))
                     {
                         // 원본파일을 복사하고 퍼미션을 변경
                         // 제이프로님 코드제안 적용
-                        $copy_file_name = ($bo_table !== $move_bo_table) ? $row3['bf_file'] : $row2['wr_id'].'_copy_'.$insert_id.'_'.$row3['bf_file'];
+
+                        $copy_file_name = $row3['bf_file'];
+
+                        if($bo_table === $move_bo_table){
+                            if(preg_match('/_copy(\d+)?_(\d+)_/', $copy_file_name, $match)){
+
+                                $number = isset($match[1]) ? (int) $match[1] : 0;
+                                $replace_str = '_copy'.($number + 1).'_'.$insert_id.'_';
+                                $copy_file_name = preg_replace('/_copy(\d+)?_(\d+)_/', $replace_str, $copy_file_name);
+                            } else {
+                                $copy_file_name = $row2['wr_id'].'_copy_'.$insert_id.'_'.$row3['bf_file'];
+                            }
+                        }
+
                         $is_exist_file = is_file($src_dir.'/'.$row3['bf_file']) && file_exists($src_dir.'/'.$row3['bf_file']);
                         if( $is_exist_file ){
                             @copy($src_dir.'/'.$row3['bf_file'], $dst_dir.'/'.$copy_file_name);
@@ -193,12 +206,12 @@ while ($row = sql_fetch_array($result))
                 $save[$cnt]['wr_id'] = $row2['wr_parent'];
 
             $cnt++;
+
+            run_event('bbs_move_copy', $row2, $move_bo_table, $insert_id, $next_wr_num, $sw);
         }
 
         sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' ");
         sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment + '$count_comment' where bo_table = '$move_bo_table' ");
-        
-        run_event('bbs_move_copy', $row2, $move_bo_table, $insert_id, $next_wr_num, $sw);
 
         delete_cache_latest($move_bo_table);
     }

bbs/new_delete.php

@@ -53,9 +53,17 @@ for($i=0;$i<$count_chk_bn_id;$i++)
                 // 업로드된 파일이 있다면 파일삭제
                 $sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' ";
                 $result2 = sql_query($sql2);
-                while ($row2 = sql_fetch_array($result2))
-                    @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']);
+                while ($row2 = sql_fetch_array($result2)){
 
+                    $delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row2['bf_file']), $row2);
+                    if( file_exists($delete_file) ){
+                        @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row2['bf_file']);
+                    }
+                    // 이미지파일이면 썸네일삭제
+                    if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['bf_file'])) {
+                        delete_board_thumbnail($bo_table, $row2['bf_file']);
+                    }
+                }
                 // 파일테이블 행 삭제
                 sql_query(" delete from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' ");
 
@@ -63,9 +71,9 @@ for($i=0;$i<$count_chk_bn_id;$i++)
             }
             else
             {
-                // 코멘트 포인트 삭제
-                if (!delete_point($row['mb_id'], $bo_table, $row['wr_id'], '코멘트'))
-                    insert_point($row['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_id']}-{$row['wr_id']} 코멘트삭제");
+                // 댓글 포인트 삭제
+                if (!delete_point($row['mb_id'], $bo_table, $row['wr_id'], '댓글'))
+                    insert_point($row['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_id']}-{$row['wr_id']} 댓글삭제");
 
                 $count_comment++;
             }
@@ -120,8 +128,8 @@ for($i=0;$i<$count_chk_bn_id;$i++)
         $comment_reply = substr($write['wr_comment_reply'], 0, $len);
 
         // 코멘트 삭제
-        if (!delete_point($write['mb_id'], $bo_table, $comment_id, '코멘트')) {
-            insert_point($write['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_parent']}-{$comment_id} 코멘트삭제");
+        if (!delete_point($write['mb_id'], $bo_table, $comment_id, '댓글')) {
+            insert_point($write['mb_id'], $board['bo_comment_point'] * (-1), "{$board['bo_subject']} {$write['wr_parent']}-{$comment_id} 댓글삭제");
         }
 
         // 코멘트 삭제

bbs/qadelete.php

@@ -45,7 +45,7 @@ for($i=0; $i<$count; $i++) {
 
     // 첨부파일 삭제
     for($k=1; $k<=2; $k++) {
-        @unlink(G5_DATA_PATH.'/qa/'.$row['qa_file'.$k]);
+        @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row['qa_file'.$k]));
         // 썸네일삭제
         if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['qa_file'.$k])) {
             delete_qa_thumbnail($row['qa_file'.$k]);
@@ -60,7 +60,7 @@ for($i=0; $i<$count; $i++) {
         $row2 = sql_fetch(" select qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_parent = '$qa_id' ");
         // 첨부파일 삭제
         for($k=1; $k<=2; $k++) {
-            @unlink(G5_DATA_PATH.'/qa/'.$row2['qa_file'.$k]);
+            @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($row2['qa_file'.$k]));
             // 썸네일삭제
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $row2['qa_file'.$k])) {
                 delete_qa_thumbnail($row2['qa_file'.$k]);

bbs/qawrite_update.php

@@ -157,7 +157,7 @@ for ($i=1; $i<=$upload_count; $i++) {
     // 삭제에 체크가 되어있다면 파일을 삭제합니다.
     if (isset($_POST['bf_file_del'][$i]) && $_POST['bf_file_del'][$i]) {
         $upload[$i]['del_check'] = true;
-        @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]);
+        @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i]));
         // 썸네일삭제
         if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) {
             delete_qa_thumbnail($write['qa_file'.$i]);
@@ -204,7 +204,7 @@ for ($i=1; $i<=$upload_count; $i++) {
 
         if ($w == 'u') {
             // 존재하는 파일이 있다면 삭제합니다.
-            @unlink(G5_DATA_PATH.'/qa/'.$write['qa_file'.$i]);
+            @unlink(G5_DATA_PATH.'/qa/'.clean_relative_paths($write['qa_file'.$i]));
             // 이미지파일이면 썸네일삭제
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $write['qa_file'.$i])) {
                 delete_qa_thumbnail($row['qa_file'.$i]);
@@ -244,7 +244,7 @@ if($w == '' || $w == 'a' || $w == 'r') {
         $qa_num = $write['qa_num'];
         $qa_parent = $write['qa_id'];
         $qa_related = $write['qa_related'];
-        $qa_category = $write['qa_category'];
+        $qa_category = addslashes($write['qa_category']);
         $qa_type = 1;
         $qa_status = 1;
     }

bbs/register_form_update.php

@@ -557,8 +557,8 @@ if($w == '' && $default['de_member_reg_coupon_use'] && $default['de_member_reg_c
 if(isset($_SESSION['ss_cert_type'])) unset($_SESSION['ss_cert_type']);
 if(isset($_SESSION['ss_cert_no'])) unset($_SESSION['ss_cert_no']);
 if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_hash']);
-if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_birth']);
-if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_adult']);
+if(isset($_SESSION['ss_cert_birth'])) unset($_SESSION['ss_cert_birth']);
+if(isset($_SESSION['ss_cert_adult'])) unset($_SESSION['ss_cert_adult']);
 
 if ($msg)
     echo '<script>alert(\''.$msg.'\');</script>';