Merge branch 'master' of github.com:gnuboard/g4s

adm/admin.lib.php

@@ -10,7 +10,7 @@ if (!get_session('ss_admin')) {
 */
 
 // 스킨경로를 얻는다
-function get_skin_dir($skin, $len="")
+function get_skin_dir($skin)
 {
     global $g4;
 
@@ -18,8 +18,7 @@ function get_skin_dir($skin, $len="")
 
     $dirname = $g4['path'].'/skin/'.$skin.'/';
     $handle = opendir($dirname);
-    while ($file = readdir($handle))
+    while ($file = readdir($handle)) {
-    {
         if($file == '.'||$file == '..') continue;
 
         if (is_dir($dirname.$file)) $result_array[] = $file;
@@ -114,15 +113,16 @@ function get_member_level_select($name, $start_id=0, $end_id=10, $selected="", $
 {
     global $g4;
 
-    $str = '<select id="'.$name.'" name="'.$name.'" '.$event.'>';
+    $str = "\n<select id=\"{$name}\" name=\"{$name}\"";
-    for ($i=$start_id; $i<=$end_id; $i++)
+    if ($event) $str .= " $event";
-    {
+    $str .= ">\n";
+    for ($i=$start_id; $i<=$end_id; $i++) {
         $str .= '<option value="'.$i.'"';
         if ($i == $selected)
-            $str .= ' selected';
+            $str .= ' selected="selected"';
-        $str .= '>'.$i.'</option>';
+        $str .= ">{$i}</option>\n";
     }
-    $str .= '</select>';
+    $str .= "</select>\n";
     return $str;
 }
 

adm/admin.tail.php

@@ -2,6 +2,12 @@
 if (!defined("_GNUBOARD_")) exit;
 ?>
 
+    <noscript>
+        <p>
+            귀하께서 사용하시는 브라우저는 현재 <strong>자바스크립트를 사용하지 않음</strong>으로 설정되어 있습니다.<br>
+            <strong>자바스크립트를 사용하지 않음</strong>으로 설정하신 경우는 수정이나 삭제시 별도의 경고창이 나오지 않으므로 이점 주의하시기 바랍니다.
+        </p>
+    </noscript>
 </div>
 
 <footer>

adm/board_copy.php

@@ -1,5 +1,6 @@
 <?
 $sub_menu = "300100";
+define('_CAPTCHA_', 1);
 include_once("./_common.php");
 
 auth_check($auth[$sub_menu], 'w');
@@ -11,9 +12,8 @@ $administrator = 1;
 include_once($g4['path'].'/head.sub.php');
 ?>
 
-<form id="fboardcopy" name="fboardcopy" method="post" onsubmit="return fboardcopy_check(this);" autocomplete="off">
+<form id="fboardcopy" name="fboardcopy" method="post" action="./board_copy_update.php" onsubmit="return fboardcopy_check(this);">
 <input type="hidden" id="bo_table" name="bo_table" value="<?=$bo_table?>">
-<input type="hidden" id="token" name="token" value="<?=$token?>">
 <table>
 <caption>기존 게시판을 새 게시판으로 복사</caption>
 <tbody>
@@ -23,11 +23,11 @@ include_once($g4['path'].'/head.sub.php');
 </tr>
 <tr>
     <th scope="col"><label for="target_table">복사할 TABLE</label></th>
-    <td><input type="text" id="target_table" name="target_table" maxlength="20" required class="required alnum_"> 영문자, 숫자, _ 만 가능 (공백없이)</td>
+    <td><input type="text" id="target_table" name="target_table" maxlength="20" class="required alnum_" required="required" title="복사할 TABLE"> 영문자, 숫자, _ 만 가능 (공백없이)</td>
 </tr>
 <tr>
     <th scope="col"><label for="target_subject">게시판 제목</label></th>
-    <td><input type="text" id="target_subject" name="target_subject" maxlength="120" required value="[복사본] <?=$board['bo_subject']?>"></td>
+    <td><input type="text" id="target_subject" name="target_subject" maxlength="120" value="[복사본] <?=$board['bo_subject']?>" required="required" title="게시판 제목"></td>
 </tr>
 <tr>
     <th scope="col">복사 유형</th>
@@ -41,6 +41,8 @@ include_once($g4['path'].'/head.sub.php');
 </tbody>
 </table>
 
+<? echo captcha_html(); ?>
+
 <div class="btn_confirm">
     <input type="submit" value="복사">
     <input type="button" value="창닫기" onclick="window.close();">
@@ -51,7 +53,8 @@ include_once($g4['path'].'/head.sub.php');
 <script>
 function fboardcopy_check(f)
 {
-    f.action = "./board_copy_update.php";
+    <? echo chk_captcha_js(); ?>
+
     return true;
 }
 </script>

adm/board_copy_update.php

@@ -1,11 +1,16 @@
 <?
 $sub_menu = '300100';
+define('_CAPTCHA_', 1);
 include_once('./_common.php');
 
 auth_check($auth[$sub_menu], 'w');
 
-$target_table   = mysql_real_escape_string(trim($_POST['target_table']));
+if (!chk_captcha()) {
-$target_subject = mysql_real_escape_string(trim($_POST['target_subject']));
+    alert('스팸방지에 입력한 숫자가 틀렸습니다.');
+}
+
+$target_table   = escape_trim($_POST['target_table']);
+$target_subject = escape_trim($_POST['target_subject']);
 
 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table))
 {
@@ -156,7 +161,7 @@ if ($copy_case == 'schema_data_both')
     // 게시글수 저장
     $sql = " select bo_count_write, bo_count_comment from {$g4['board_table']} where bo_table = '$bo_table' ";
     $row = sql_fetch($sql);
-    $sql = " update {$g4['board_table']} set bo_count_write = '{$row['bo_count_write']}', bo_count_comment = '{$row['bo_count_comment]}' where bo_table = '$target_table' ";
+    $sql = " update {$g4['board_table']} set bo_count_write = '{$row['bo_count_write']}', bo_count_comment = '{$row['bo_count_comment']}' where bo_table = '$target_table' ";
     sql_query($sql);
 
     // 05.05.24
@@ -176,7 +181,7 @@ if (count($file_copy))
 {
     for ($i=0; $i<count($file_copy); $i++)
     {
-        $sql = " insert into $g4['board_file_table']
+        $sql = " insert into {$g4['board_file_table']}
                     set bo_table = '$target_table',
                          wr_id = '{$file_copy[$i]['wr_id']}',
                          bf_no = '{$file_copy[$i]['bf_no']}',

adm/board_form.php

@@ -78,7 +78,7 @@ include_once ('./admin.head.php');
     <li><a href="#frm_extra">여분필드</a></li>
 </ul>
 
-<form id="fboardform" name="fboardform" method="post" onsubmit="return fboardform_submit(this)" enctype="multipart/form-data">
+<form id="fboardform" name="fboardform" action="./board_form_update.php" method="post" onsubmit="return fboardform_submit(this)" enctype="multipart/form-data">
 <input type="hidden" name="w" value="<?=$w?>">
 <input type="hidden" name="sfl" value="<?=$sfl?>">
 <input type="hidden" name="stx" value="<?=$stx?>">
@@ -92,7 +92,7 @@ include_once ('./admin.head.php');
 <tr>
     <th scope="row"><label for="bo_table">TABLE</label></th>
     <td colspan="2">
-        <input type="text" id="bo_table" name="bo_table" maxlength="20" <?=$bo_table_attr?> value="<?=$board['bo_table'] ?>">
+        <input type="text" id="bo_table" name="bo_table" maxlength="20" <?=$bo_table_attr?> value="<?=$board['bo_table'] ?>" required="required">
         <?
         if ($w == '')
             echo '영문자, 숫자, _ 만 가능 (공백없이 20자 이내)';
@@ -104,14 +104,13 @@ include_once ('./admin.head.php');
 <tr>
     <th scope="row"><label for="gr_id">그룹</label></th>
     <td colspan="2">
-        <?=get_group_select('gr_id', $board['gr_id'], "required");?>
+        <?=get_group_select('gr_id', $board['gr_id'], 'required="required"');?>
-        <? if ($w=='u') { ?><a href="javascript:location.href='./board_list.php?sfl=a.gr_id&amp;stx='+document.fboardform.gr_id.value;">동일그룹게시판목록</a><?}?>
     </td>
 </tr>
 <tr>
     <th scope="row"><label for="bo_subject">게시판 제목</label></th>
     <td colspan="2">
-        <input type="text" id="bo_subject" name="bo_subject" maxlength="120" class="required" value="<?=get_text($board['bo_subject'])?>" size="80">
+        <input type="text" id="bo_subject" name="bo_subject" maxlength="120" class="required" value="<?=get_text($board['bo_subject'])?>" size="80" required="required">
     </td>
 </tr>
 <tr>
@@ -295,11 +294,10 @@ include_once ('./admin.head.php');
     <td>
         <?=help('"체크박스"는 글작성시 비밀글 체크가 가능합니다. "무조건"은 작성되는 모든글을 비밀글로 작성합니다. (관리자는 체크박스로 출력합니다.) 스킨에 따라 적용되지 않을 수 있습니다.')?>
         <select id="bo_use_secret" name="bo_use_secret">
-        <option value='0'>사용하지 않음
+        <?=option_selected(0, $board['bo_use_secret'], "사용하지 않음");?>
-        <option value="1">체크박스
+        <?=option_selected(1, $board['bo_use_secret'], "체크박스");?>
-        <option value='2'>무조건
+        <?=option_selected(2, $board['bo_use_secret'], "무조건");?>
         </select>
-        <script>document.getElementById('bo_use_secret').value="<?=$board['bo_use_secret']?>";</script>
     </td>
     <td class="group_setting">
         <input type="checkbox" id="chk_use_secret" name="chk_use_secret" value="1">
@@ -521,14 +519,7 @@ if (!preg_match("/([m|M])$/", $upload_max_filesize)) {
     <tr>
     <th scope="row"><label for="bo_skin">스킨 디렉토리</label></th>
     <td>
-        <select id="bo_skin" name="bo_skin" class="required">
+        <?=get_skin_select("board", "bo_skin", "bo_skin", $board['bo_skin'], 'required="required"');?>
-        <?
-        $arr = get_skin_dir('board');
-        for ($i=0; $i<count($arr); $i++) {
-            echo '<option value="'.$arr[$i].'">'.$arr[$i].'</option>'.PHP_EOL;
-        }
-        ?></select>
-        <script>document.fboardform.bo_skin.value="<?=$board['bo_skin']?>";</script>
     </td>
     <td class="group_setting">
         <input type="checkbox" id="chk_skin" name="chk_skin" value="1">
@@ -787,18 +778,25 @@ if (!preg_match("/([m|M])$/", $upload_max_filesize)) {
     <legend>XSS 혹은 CSRF 방지</legend>
     <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
     <label for="admin_password">관리자 패스워드</label>
-    <input type="password" id="admin_password" name="admin_password" class="required" title="관리자 패스워드">
+    <input type="password" id="admin_password" name="admin_password" class="required" title="관리자 패스워드" required="required">
 </fieldset>
 
 <div class="btn_confirm">
     <input type="submit" class="btn_submit" accesskey="s" value="확인">
-    <button onclick="document.location.href='./board_list.php?<?=$qstr?>';">목록</button>
+    <a href="./board_list.php?<?=$qstr?>">목록</a>
-    <? if ($w == 'u') { ?><button onclick="board_copy('<?=$bo_table?>');">게시판복사</button><?}?>
+    <? if ($w == 'u') { ?><a href="./board_copy.php?bo_table=<?=$bo_table?>" id="board_copy" target="win_board_copy">게시판복사</a><?}?>
 </div>
 
 </form>
 
 <script>
+$(function(){
+    $("#board_copy").click(function(){
+        window.open(this.href, "win_board_copy", "left=10,top=10,width=500,height=400");
+        return false;
+    });
+});
+
 function board_copy(bo_table) {
     window.open("./board_copy.php?bo_table="+bo_table, "BoardCopy", "left=10,top=10,width=500,height=200");
 }
@@ -834,7 +832,6 @@ function fboardform_submit(f)
         return false;
     }
 
-    f.action = './board_form_update.php';
     return true;
 }
 </script>

adm/board_form_update.php

@@ -7,10 +7,15 @@ if ($w == 'u')
 
 auth_check($auth[$sub_menu], 'w');
 
-if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
+if ($_POST['admin_password']) {
-    alert('패스워드가 다릅니다.');
+    if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
+        alert('관리자 패스워드가 틀립니다.');
+    }
+} else {
+    alert('관리자 패스워드를 입력하세요.');
 }
 
+
 if (!$_POST['gr_id']) { alert('그룹 ID는 반드시 선택하세요.'); }
 if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
 if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }

adm/board_list.php

@@ -70,9 +70,9 @@ var list_delete_php = 'board_list_delete.php';
     </span>
     <label for="sfl">검색대상</label>
     <select id="sfl" name="sfl">
-        <option value="bo_table">TABLE</option>
+        <option value="bo_table" <?=get_selected($_GET['sfl'], "bo_subject", true);?>>TABLE</option>
-        <option value="bo_subject">제목</option>
+        <option value="bo_subject" <?=get_selected($_GET['sfl'], "bo_subject");?>>제목</option>
-        <option value="a.gr_id">그룹ID</option>
+        <option value="a.gr_id" <?=get_selected($_GET['sfl'], "a.gr_id");?>>그룹ID</option>
     </select>
     <input type="text" name="stx" required value="<?=$stx?>" title="검색어">
     <input type="submit" class="fieldset_submit" value="검색">
@@ -113,17 +113,6 @@ var list_delete_php = 'board_list_delete.php';
 </thead>
 <tbody>
 <?
-// 스킨디렉토리
-$skin_options = '';
-$arr = get_skin_dir('board');
-for ($k=0; $k<count($arr); $k++) {
-    $option = $arr[$k];
-    if (strlen($option) > 10)
-        $option = substr($arr[$k], 0, 18) . '…';
-
-    $skin_options .= '<option value="'.$arr[$k].'">'.$option.'</option>';
-}
-
 for ($i=0; $row=sql_fetch_array($result); $i++) {
     $s_upd = '<a href="./board_form.php?w=u&amp;bo_table='.$row['bo_table'].'&amp;'.$qstr.'">수정</a>';
     $s_del = "";
@@ -150,12 +139,9 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
         <a href="<?=$g4['bbs_path']?>/board.php?bo_table=<?=$row['bo_table']?>"><?=$row['bo_table']?></a>
     </td>
     <td>
-        <select id="bo_skin_<?=$i?>" name="bo_skin[<?=$i?>]">
+        <?=get_skin_select("board", "bo_skin_$i", "bo_skin[$i]", $row['bo_skin']);?>
-            <?=$skin_options?>
-        </select>
-        <script>document.getElementById("bo_skin_<?=$i?>").value="<?=$row['bo_skin']?>";</script>
     </td>
-    <td><input type="text" id="bo_subject[<?=$i?>]" name="bo_subject[<?=$i?>]" value="<?=get_text($row['bo_subject'])?>" title="게시판제목" size="20"></td>
+    <td><input type="text" id="bo_subject[<?=$i?>]" name="bo_subject[<?=$i?>]" class="required" value="<?=get_text($row['bo_subject'])?>" title="게시판제목" size="20" required="required"></td>
     <td>
         <label for="bo_read_point_<?=$i?>">읽기</label>
         <input type="text" id="bo_read_point_<?=$i?>" name="bo_read_point[<?=$i?>]" value="<?=$row['bo_read_point']?>" size="2">
@@ -190,10 +176,6 @@ if ($i == 0)
     <?}?>
 </div>
 
-<noscript>
-<p>자바스크립트를 사용하지 않는 경우<br>별도의 확인 절차 없이 바로 선택수정 및 선택삭제 처리하므로 주의하시기 바랍니다.</p>
-</noscript>
-
 <?
 $pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page=');
 ?>
@@ -201,10 +183,6 @@ $pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['
     <?=$pagelist?>
 </div>
 
-<?
-if (isset($stx))
-    echo '<script>document.fsearch.sfl.value = "'.$sfl.'";</script>';
-?>
 </form>
 
 <script>

adm/board_list_update.php

@@ -5,7 +5,7 @@ include_once('./_common.php');
 check_demo();
 
 if (!count($_POST['chk'])) {
-    alert($_POST['btn_submit']." 하실 항목을 하나 이상 선택하세요.");
+    alert($_POST['btn_submit']." 하실 항목을 하나 이상 체크하세요.");
 }
 
 if ($_POST['btn_submit'] == "선택수정") {

adm/boardgroup_form_update.php

@@ -9,7 +9,7 @@ auth_check($auth[$sub_menu], 'w');
 
 if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
 
-if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $gr_id))
+if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
     alert('그룹 ID는 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (10자 이내)');
 
 if (!$gr_subject) alert('그룹 제목을 입력하세요.');

bbs/gcaptcha/down.php

@@ -0,0 +1,35 @@
+<?
+include_once('./_common.php');
+
+$file = addslashes($_GET['file']);
+$captcha_path = mk_subdir($g4['cache_dir'].'/'.$g4['captcha_dir']);
+$filepath = $captcha_path.'/'.$file;
+$original = "number.wav";
+
+if(preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_SERVER['HTTP_USER_AGENT'])) {
+    header("content-type: doesn/matter");
+    header("content-length: ".filesize("$filepath"));
+    header("content-disposition: attachment; filename=\"$original\"");
+    header("content-transfer-encoding: binary");
+} else {
+    header("content-type: file/unknown");
+    header("content-length: ".filesize("$filepath"));
+    header("content-disposition: attachment; filename=\"$original\"");
+    header("content-description: php generated data");
+}
+header("pragma: no-cache");
+header("expires: 0");
+flush();
+
+$fp = fopen($filepath, 'rb');
+
+$download_rate = 10;
+
+while(!feof($fp)) {
+    print fread($fp, round($download_rate * 1024));
+    flush();
+    usleep(1000);
+}
+fclose ($fp);
+flush();
+?>

bbs/gcaptcha/gcaptcha.lib.php

@@ -151,6 +151,7 @@ function captcha_html($class="captcha")
     $html .= '<legend class="sound_only">스팸방지</legend>';
     $html .= '<img src="'.captcha_file('.png').'" alt="스팸방지 숫자">';
     $html .= '<a href="'.captcha_file('.wav').'" id="captcha_wav"><img src="'.$g4['bbs_path'].'/gcaptcha/img/sound.gif" alt="숫자를 음성으로 듣기"></a>';
+    $html .= '<a href="'.$g4['gcaptcha_path'].'/down.php?file='.abs_ip2long().'_'.$_COOKIE['PHPSESSID'].'.wav'.'" id="captcha_wav">다운로드</a>';
     $html .= '<input type="text" id="captcha_key" name="captcha_key" class="captcha_box fieldset_input" size="6" maxlength="6" required title="스팸방지 숫자 입력">';
     $html .= '<p class="sound_only">스팸방지 숫자를 순서대로 입력하세요.</p>';
     $html .= '</fieldset>';

bbs/move.php

@@ -54,6 +54,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
     <input type="hidden" name="spt" value="<?=$spt?>">
     <input type="hidden" name="page" value="<?=$page?>">
     <input type="hidden" name="act" value="<?=$act?>">
+    <input type="hidden" name="url" value="<?=$_SERVER['HTTP_REFERER']?>">
     <table>
     <caption><?=$act?>할 게시판을 한개 이상 선택하여 주십시오.</caption>
     <thead>

bbs/move_update.php

@@ -9,7 +9,7 @@ if ($sw != 'move' && $sw != 'copy')
     alert('sw 값이 제대로 넘어오지 않았습니다.');
 
 if(!count($_POST['chk_bo_table']))
-    alert("게시물을 ".$act."할 게시판을 한개 이상 선택해 주십시오.");
+    alert("게시물을 ".$act."할 게시판을 한개 이상 선택해 주십시오.", $url);
 
 // 원본 파일 디렉토리
 $src_dir = $g4['path'].'/data/file/'.$bo_table;
@@ -21,11 +21,11 @@ $cnt = 0;
 
 // SQL Injection 으로 인한 코드 보완
 //$sql = " select distinct wr_num from {$write_table} where wr_id in (" . stripslashes($wr_id_list) . ") order by wr_id ";
-$sql = " select distinct wr_num from {$write_table} where wr_id in ({$wr_id_list}) order by wr_id ";
+$sql = " select distinct wr_num from $write_table where wr_id in ({$wr_id_list}) order by wr_id ";
 $result = sql_query($sql);
 while ($row = sql_fetch_array($result))
 {
-    $wr_num = $row[wr_num];
+    $wr_num = $row['wr_num'];
     for ($i=0; $i<count($_POST['chk_bo_table']); $i++)
     {
         $move_bo_table = $_POST['chk_bo_table'][$i];
@@ -40,86 +40,86 @@ while ($row = sql_fetch_array($result))
         $next_wr_num = get_next_num($move_write_table);
 
         //$sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_comment desc, wr_id ";
-        $sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";
+        $sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";
         $result2 = sql_query($sql2);
         while ($row2 = sql_fetch_array($result2))
         {
-            $nick = cut_str($member[mb_nick], $config[cf_cut_name]);
+            $nick = cut_str($member['mb_nick'], $config['cf_cut_name']);
-            if (!$row2[wr_is_comment] && $config[cf_use_copy_log])
+            if (!$row2['wr_is_comment'] && $config['cf_use_copy_log'])
-                $row2[wr_content] .= PHP_EOL.'[이 게시물은 '.$nick.'님에 의해 '.$g4[time_ymdhis].' '.$board[bo_subject].'에서 '.($sw == 'copy' ? '복사' : '이동').' 됨]';
+                $row2['wr_content'] .= "\n".'[이 게시물은 '.$nick.'님에 의해 '.$g4['time_ymdhis'].' '.$board['bo_subject'].'에서 '.($sw == 'copy' ? '복사' : '이동').' 됨]';
 
             $sql = " insert into $move_write_table
                         set wr_num = '$next_wr_num',
-                             wr_reply = '$row2[wr_reply]',
+                             wr_reply = '{$row2['wr_reply']}',
-                             wr_is_comment = '$row2[wr_is_comment]',
+                             wr_is_comment = '{$row2['wr_is_comment']}',
-                             wr_comment = '$row2[wr_comment]',
+                             wr_comment = '{$row2['wr_comment']}',
-                             wr_comment_reply = '$row2[wr_comment_reply]',
+                             wr_comment_reply = '{$row2['wr_comment_reply']}',
-                             ca_name = '".addslashes($row2[ca_name])."',
+                             ca_name = '".addslashes($row2['ca_name'])."',
-                             wr_option = '$row2[wr_option]',
+                             wr_option = '{$row2['wr_option']}',
-                             wr_subject = '".addslashes($row2[wr_subject])."',
+                             wr_subject = '".addslashes($row2['wr_subject'])."',
-                             wr_content = '".addslashes($row2[wr_content])."',
+                             wr_content = '".addslashes($row2['wr_content'])."',
-                             wr_link1 = '".addslashes($row2[wr_link1])."',
+                             wr_link1 = '".addslashes($row2['wr_link1'])."',
-                             wr_link2 = '".addslashes($row2[wr_link2])."',
+                             wr_link2 = '".addslashes($row2['wr_link2'])."',
-                             wr_link1_hit = '$row2[wr_link1_hit]',
+                             wr_link1_hit = '{$row2['wr_link1_hit']}',
-                             wr_link2_hit = '$row2[wr_link2_hit]',
+                             wr_link2_hit = '{$row2['wr_link2_hit']}',
-                             wr_hit = '$row2[wr_hit]',
+                             wr_hit = '{$row2['wr_hit']}',
-                             wr_good = '$row2[wr_good]',
+                             wr_good = '{$row2['wr_good']}',
-                             wr_nogood = '$row2[wr_nogood]',
+                             wr_nogood = '{$row2['wr_nogood']}',
-                             mb_id = '$row2[mb_id]',
+                             mb_id = '{$row2['mb_id']}',
-                             wr_password = '$row2[wr_password]',
+                             wr_password = '{$row2['wr_password']}',
-                             wr_name = '".addslashes($row2[wr_name])."',
+                             wr_name = '".addslashes($row2['wr_name'])."',
-                             wr_email = '".addslashes($row2[wr_email])."',
+                             wr_email = '".addslashes($row2['wr_email'])."',
-                             wr_homepage = '".addslashes($row2[wr_homepage])."',
+                             wr_homepage = '".addslashes($row2['wr_homepage'])."',
-                             wr_datetime = '$row2[wr_datetime]',
+                             wr_datetime = '{$row2['wr_datetime']}',
-                             wr_last = '$row2[wr_last]',
+                             wr_last = '{$row2['wr_last']}',
-                             wr_ip = '$row2[wr_ip]',
+                             wr_ip = '{$row2['wr_ip']}',
-                             wr_1 = '".addslashes($row2[wr_1])."',
+                             wr_1 = '".addslashes($row2['wr_1'])."',
-                             wr_2 = '".addslashes($row2[wr_2])."',
+                             wr_2 = '".addslashes($row2['wr_2'])."',
-                             wr_3 = '".addslashes($row2[wr_3])."',
+                             wr_3 = '".addslashes($row2['wr_3'])."',
-                             wr_4 = '".addslashes($row2[wr_4])."',
+                             wr_4 = '".addslashes($row2['wr_4'])."',
-                             wr_5 = '".addslashes($row2[wr_5])."',
+                             wr_5 = '".addslashes($row2['wr_5'])."',
-                             wr_6 = '".addslashes($row2[wr_6])."',
+                             wr_6 = '".addslashes($row2['wr_6'])."',
-                             wr_7 = '".addslashes($row2[wr_7])."',
+                             wr_7 = '".addslashes($row2['wr_7'])."',
-                             wr_8 = '".addslashes($row2[wr_8])."',
+                             wr_8 = '".addslashes($row2['wr_8'])."',
-                             wr_9 = '".addslashes($row2[wr_9])."',
+                             wr_9 = '".addslashes($row2['wr_9'])."',
-                             wr_10 = '".addslashes($row2[wr_10])."' ";
+                             wr_10 = '".addslashes($row2['wr_10'])."' ";
             sql_query($sql);
 
             $insert_id = mysql_insert_id();
 
             // 코멘트가 아니라면
-            if (!$row2[wr_is_comment])
+            if (!$row2['wr_is_comment'])
             {
                 $save_parent = $insert_id;
 
-                $sql3 = " select * from {$g4[board_file_table]} where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' order by bf_no ";
+                $sql3 = " select * from {$g4['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' order by bf_no ";
                 $result3 = sql_query($sql3);
                 for ($k=0; $row3 = sql_fetch_array($result3); $k++)
                 {
-                    if ($row3[bf_file])
+                    if ($row3['bf_file'])
                     {
                         // 원본파일을 복사하고 퍼미션을 변경
-                        @copy($src_dir.'/'.$row3[bf_file], $dst_dir.'/'.$row3[bf_file]);
+                        @copy($src_dir.'/'.$row3['bf_file'], $dst_dir.'/'.$row3['bf_file']);
-                        @chmod($dst_dir/$row3[bf_file], 0606);
+                        @chmod($dst_dir/$row3['bf_file'], 0606);
                     }
 
-                    $sql = " insert into $g4[board_file_table]
+                    $sql = " insert into {$g4['board_file_table']}
                                 set bo_table = '$move_bo_table',
                                      wr_id = '$insert_id',
-                                     bf_no = '$row3[bf_no]',
+                                     bf_no = '{$row3['bf_no']}',
-                                     bf_source = '$row3[bf_source]',
+                                     bf_source = '{$row3['bf_source']}',
-                                     bf_file = '$row3[bf_file]',
+                                     bf_file = '{$row3['bf_file']}',
-                                     bf_download = '$row3[bf_download]',
+                                     bf_download = '{$row3['bf_download']}',
-                                     bf_content = '".addslashes($row3[bf_content])."',
+                                     bf_content = '".addslashes($row3['bf_content'])."',
-                                     bf_filesize = '$row3[bf_filesize]',
+                                     bf_filesize = '{$row3['bf_filesize']}',
-                                     bf_width = '$row3[bf_width]',
+                                     bf_width = '{$row3['bf_width']}',
-                                     bf_height = '$row3[bf_height]',
+                                     bf_height = '{$row3['bf_height']}',
-                                     bf_type = '$row3[bf_type]',
+                                     bf_type = '{$row3['bf_type']}',
-                                     bf_datetime = '$row3[bf_datetime]' ";
+                                     bf_datetime = '{$row3['bf_datetime']}' ";
                     sql_query($sql);
 
-                    if ($sw == 'move' && $row3[bf_file])
+                    if ($sw == 'move' && $row3['bf_file'])
-                        $save[$cnt][bf_file][$k] = $src_dir.'/'.$row3[bf_file];
+                        $save[$cnt]['bf_file'][$k] = $src_dir.'/'.$row3['bf_file'];
                 }
 
                 $count_write++;
@@ -127,10 +127,10 @@ while ($row = sql_fetch_array($result))
                 if ($sw == 'move' && $i == 0)
                 {
                     // 스크랩 이동
-                    sql_query(" update {$g4[scrap_table]} set bo_table = '{$move_bo_table}', wr_id = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' ");
+                    sql_query(" update {$g4['scrap_table']} set bo_table = '$move_bo_table', wr_id = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
 
                     // 최신글 이동
-                    sql_query(" update {$g4[board_new_table]} set bo_table = '{$move_bo_table}', wr_id = '{$save_parent}', wr_parent = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' ");
+                    sql_query(" update {$g4['board_new_table']} set bo_table = '$move_bo_table', wr_id = '$save_parent', wr_parent = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
                 }
             }
             else
@@ -140,21 +140,21 @@ while ($row = sql_fetch_array($result))
                 if ($sw == 'move')
                 {
                     // 최신글 이동
-                    sql_query(" update {$g4[board_new_table]} set bo_table = '{$move_bo_table}', wr_id = '{$insert_id}', wr_parent = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' ");
+                    sql_query(" update {$g4['board_new_table']} set bo_table = '$move_bo_table', wr_id = '$insert_id', wr_parent = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
                 }
             }
 
-            sql_query(" update {$move_write_table} set wr_parent = '{$save_parent}' where wr_id = '{$insert_id}' ");
+            sql_query(" update $move_write_table set wr_parent = '$save_parent' where wr_id = '$insert_id' ");
 
             if ($sw == 'move')
-                $save[$cnt][wr_id] = $row2[wr_parent];
+                $save[$cnt]['wr_id'] = $row2['wr_parent'];
 
             $cnt++;
         }
 
 
-        sql_query(" update {$g4[board_table]} set bo_count_write = bo_count_write + '{$count_write}' where bo_table = '{$move_bo_table}' ");
+        sql_query(" update {$g4['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' ");
-        sql_query(" update {$g4[board_table]} set bo_count_comment = bo_count_comment + '{$count_comment}' where bo_table = '{$move_bo_table}' ");
+        sql_query(" update {$g4['board_table']} set bo_count_comment = bo_count_comment + '$count_comment' where bo_table = '$move_bo_table' ");
     }
 
     $save_count_write += $count_write;
@@ -165,14 +165,14 @@ if ($sw == "move")
 {
     for ($i=0; $i<count($save); $i++)
     {
-        for ($k=0; $k<count($save[$i][bf_file]); $k++)
+        for ($k=0; $k<count($save[$i]['bf_file']); $k++)
-            @unlink($save[$i][bf_file][$k]);
+            @unlink($save[$i]['bf_file'][$k]);
 
-        sql_query(" delete from {$write_table} where wr_parent = '{$save[$i][wr_id]}' ");
+        sql_query(" delete from $write_table where wr_parent = '{$save[$i]['wr_id']}' ");
-        sql_query(" delete from {$g4[board_new_table]} where bo_table = '{$bo_table}' and wr_id = '{$save[$i][wr_id]}' ");
+        sql_query(" delete from {$g4['board_new_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");
-        sql_query(" delete from {$g4[board_file_table]} where bo_table = '{$bo_table}' and wr_id = '{$save[$i][wr_id]}' ");
+        sql_query(" delete from {$g4['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");
     }
-    sql_query(" update {$g4[board_table]} set bo_count_write = bo_count_write - '{$save_count_write}', bo_count_comment = bo_count_comment - '{$save_count_comment}' where bo_table = '{$bo_table}' ");
+    sql_query(" update {$g4['board_table']} set bo_count_write = bo_count_write - '$save_count_write', bo_count_comment = bo_count_comment - '$save_count_comment' where bo_table = '$bo_table' ");
 }
 
 $msg = '해당 게시물을 선택한 게시판으로 '.$act.' 하였습니다.';

js/wrest.js

@@ -260,7 +260,7 @@ function wrestSubmit()
                 wrestRequired(el); 
             }
 
-            var array_css = el.className.split(' '); // class 를 공백으로 나눔
+            var array_css = el.className.split(" "); // class 를 공백으로 나눔
 
             el.style.backgroundColor = wrestFldDefaultColor;
 

lib/common.lib.php

@@ -778,28 +778,48 @@ function get_group_select($name, $selected='', $event='')
     $sql .= " order by a.gr_id ";
 
     $result = sql_query($sql);
-    $str = "<select id='$name' name='$name' class='$event'>";
+    $str = "<select id=\"$name\" name=\"$name\" $event>\n";
-    for ($i=0; $row=sql_fetch_array($result); $i++)
+    for ($i=0; $row=sql_fetch_array($result); $i++) {
-    {
+        $str .= option_selected($row['gr_id'], $selected, $row['gr_subject']);
-        $str .= "<option value='{$row['gr_id']}'";
-        if ($row['gr_id'] == $selected) $str .= " selected";
-        $str .= ">{$row['gr_subject']}</option>";
     }
     $str .= "</select>";
     return $str;
 }
 
 
+// 스킨디렉토리를 SELECT 형식으로 얻음
+function get_skin_select($skin_gubun, $id, $name, $selected='', $event='')
+{
+    $skins = get_skin_dir($skin_gubun);
+    $str = "<select id=\"$id\" name=\"$name\" $event>\n";
+    for ($i=0; $i<count($skins); $i++) {
+        $str .= option_selected($skins[$i], $selected);
+    }
+    $str .= "</select>";
+    return $str;
+}
+
+
+function option_selected($value, $selected, $text='')
+{
+    if (!$text) $text = $value;
+    if ($value == $selected) 
+        return "<option value=\"$value\" selected=\"selected\">$text</option>\n";
+    else
+        return "<option value=\"$value\">$text</option>\n";
+}
+
+
 // '예', '아니오'를 SELECT 형식으로 얻음
 function get_yn_select($name, $selected='1', $event='')
 {
-    $str = "<select name='$name' $event>";
+    $str = "<select name=\"$name\" $event>\n";
     if ($selected) {
-        $str .= "<option value='1' selected>예</option>";
+        $str .= "<option value=\"1\" selected>예</option>\n";
-        $str .= "<option value='0'>아니오</option>";
+        $str .= "<option value=\"0\">아니오</option>\n";
     } else {
-        $str .= "<option value='1'>예</option>";
+        $str .= "<option value=\"1\">예</option>\n";
-        $str .= "<option value='0' selected>아니오</option>";
+        $str .= "<option value=\"0\" selected>아니오</option>\n";
     }
     $str .= "</select>";
     return $str;
@@ -1598,4 +1618,13 @@ function abs_ip2long($ip='')
     $ip = $ip ? $ip : $_SERVER['REMOTE_ADDR'];
     return abs(ip2long($ip));
 }
+
+
+function get_selected($field, $value, $first=false) 
+{
+    $selected = ($field==$value) ? ' selected="selected"' : '';
+    if ($first && !$selected)
+        $selected = ($field=="") ? ' selected="selected"' : '';
+    return $selected;
+}
 ?>

skin/member/neo/memo_form.skin.php

@@ -35,7 +35,13 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
     </tbody>
     </table>
 
+<<<<<<< HEAD
+    <?=captcha_html();?>
+
+    <div class="btn_window btn_confirm">
+=======
     <div class="btn_win">
+>>>>>>> 41f59fa9ae589fc22660fde7d19293f195aede31
         <input type="submit" id="btn_submit" class="btn_submit" value="보내기">
         <a href="javascript:window.close();">창닫기</a>
     </div>