firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

5.3.2.8 버전 수정

Browse Source
This commit is contained in:
thisgun
2019-03-19 11:29:47 +09:00
parent 903585ffcf e4a7c1b21d
commit e73b4b2c63
18 changed files with 83 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/board_form.php
View File

@ -918,7 +918,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_insert_content">글쓰기 기본 내용</label></th>
<td>
<textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo $board['bo_insert_content'] ?></textarea>
<textarea id="bo_insert_content" name="bo_insert_content" rows="5"><?php echo html_purifier($board['bo_insert_content']); ?></textarea>
</td>
<td class="td_grpset">
<input type="checkbox" name="chk_grp_insert_content" value="1" id="chk_grp_insert_content">

9
adm/board_form_update.php
View File

@ -9,7 +9,10 @@ auth_check($auth[$sub_menu], 'w');
check_admin_token();
if (!$_POST['gr_id']) { alert('그룹 ID는 반드시 선택하세요.'); }
$gr_id = isset($_POST['gr_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['gr_id']) : '';
$bo_admin = isset($_POST['bo_admin']) ? preg_replace('/[^a-z0-9_\, \|\#]/i', '', $_POST['bo_admin']) : '';
if (!$gr_id) { alert('그룹 ID는 반드시 선택하세요.'); }
if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }
if (!$_POST['bo_subject']) { alert('게시판 제목을 입력하세요.'); }
@ -75,11 +78,11 @@ $str_bo_category_list = isset($_POST['bo_category_list']) ? preg_replace("/[\<\>
$_POST['bo_subject'] = strip_tags($_POST['bo_subject']);
$_POST['bo_mobile_subject'] = strip_tags($_POST['bo_mobile_subject']);
$sql_common = " gr_id = '{$_POST['gr_id']}',
$sql_common = " gr_id = '{$gr_id}',
bo_subject = '{$_POST['bo_subject']}',
bo_mobile_subject = '{$_POST['bo_mobile_subject']}',
bo_device = '{$_POST['bo_device']}',
bo_admin = '{$_POST['bo_admin']}',
bo_admin = '{$bo_admin}',
bo_list_level = '{$_POST['bo_list_level']}',
bo_read_level = '{$_POST['bo_read_level']}',
bo_write_level = '{$_POST['bo_write_level']}',

4
adm/config_form.php
View File

@ -1419,6 +1419,10 @@ if($config['cf_cert_use']) {
}
echo module_exec_check($exe, 'okname');
if(is_dir(G5_OKNAME_PATH.'/log') && is_writable(G5_OKNAME_PATH.'/log') && function_exists('check_log_folder') ) {
check_log_folder(G5_OKNAME_PATH.'/log');
}
}
// kcp일 때

3
bbs/alert.php
View File

@ -35,6 +35,7 @@ $url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
$url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
// url 체크
check_url_host($url, $msg);
@ -48,11 +49,9 @@ if($error) {
<script>
alert("<?php echo $msg; ?>");
//document.location.href = "<?php echo $url; ?>";
<?php if ($url) { ?>
document.location.replace("<?php echo str_replace('&amp;', '&', $url); ?>");
<?php } else { ?>
//alert('history.back();');
history.back();
<?php } ?>
</script>

12
bbs/confirm.php
View File

@ -2,9 +2,15 @@
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');
$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
$url1 = preg_replace($pattern2, "", $url1);
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
$url2 = preg_replace($pattern2, "", $url2);
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
$url3 = preg_replace($pattern2, "", $url3);
// url 체크
check_url_host($url1);

6
bbs/move_update.php
View File

@ -196,8 +196,10 @@ if ($sw == 'move')
{
for ($i=0; $i<count($save); $i++)
{
for ($k=0; $k<count($save[$i]['bf_file']); $k++)
@unlink($save[$i]['bf_file'][$k]);
if( isset($save[$i]['bf_file']) && $save[$i]['bf_file'] ){
for ($k=0; $k<count($save[$i]['bf_file']); $k++)
@unlink($save[$i]['bf_file'][$k]);
}
sql_query(" delete from $write_table where wr_parent = '{$save[$i]['wr_id']}' ");
sql_query(" delete from {$g5['board_new_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");

2
bbs/write.php
View File

@ -362,7 +362,7 @@ if (isset($write['wr_subject'])) {
$content = '';
if ($w == '') {
$content = $board['bo_insert_content'];
$content = html_purifier($board['bo_insert_content']);
} else if ($w == 'r') {
if (!strstr($write['wr_option'], 'html')) {
$content = "\n\n\n &gt; "

30
common.php
View File

@ -29,20 +29,22 @@ for ($i=0; $i<$ext_cnt; $i++) {
function g5_path()
{
$chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
$result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
$document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
$pattern = '/' . preg_quote($document_root, '/') . '/i';
$root = preg_replace($pattern, '', $result['path']);
$port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(preg_replace($pattern, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http.$host.$port.$user.$root;
$chroot = substr($_SERVER['SCRIPT_FILENAME'], 0, strpos($_SERVER['SCRIPT_FILENAME'], dirname(__FILE__)));
$result['path'] = str_replace('\\', '/', $chroot.dirname(__FILE__));
$server_script_name = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_NAME']));
$server_script_filename = preg_replace('/\/+/', '/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $server_script_name);
$document_root = str_replace($tilde_remove, '', $server_script_filename);
$pattern = '/' . preg_quote($document_root, '/') . '/i';
$root = preg_replace($pattern, '', $result['path']);
$port = ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
$user = str_replace(preg_replace($pattern, '', $server_script_filename), '', $server_script_name);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http.$host.$port.$user.$root;
return $result;
}

4
config.php
View File

@ -5,8 +5,8 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.3.2.7');
define('G5_YOUNGCART_VER', '5.3.2.7');
define('G5_GNUBOARD_VER', '5.3.2.8');
define('G5_YOUNGCART_VER', '5.3.2.8');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
define('_GNUBOARD_', true);

15
lib/common.lib.php
View File

@ -3503,7 +3503,7 @@ function get_call_func_cache($func, $args=array()){
return $result;
}
// include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
// include 하는 경로에 data file 경로나 안전하지 않은 경로가 있는지 체크합니다.
function is_include_path_check($path='', $is_input='')
{
if( $path ){
@ -3514,6 +3514,14 @@ function is_include_path_check($path='', $is_input='')
if( stripos($path, 'rar:') !== false || stripos($path, 'php:') !== false || stripos($path, 'zlib:') !== false || stripos($path, 'bzip2:') !== false || stripos($path, 'zip:') !== false || stripos($path, 'data:') !== false || stripos($path, 'phar:') !== false ){
return false;
}
$replace_path = str_replace('\\', '/', $path);
$slash_count = substr_count(str_replace('\\', '/', $_SERVER['SCRIPT_NAME']), '/');
$peer_count = substr_count($replace_path, '../');
if ( $peer_count && $peer_count > $slash_count ){
return false;
}
try {
// whether $path is unix or not
@ -3551,7 +3559,10 @@ function is_include_path_check($path='', $is_input='')
return false;
}
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', str_replace('\\', '/', $path)) ){
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
return false;
}
if( preg_match('/\.\.\//i', $replace_path) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
return false;
}
}

6
plugin/htmlpurifier/extend.video.php
View File

@ -24,6 +24,7 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
if (strstr($html, '<iframe')) {
$html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.youtube\.com\/embed\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
$html = preg_replace_callback('/<iframe.*?src="https?:\/\/player\.vimeo.com\/video\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
$html = preg_replace_callback('/<iframe.*?src="https?:\/\/www\.facebook.com\/plugins\/([^"]*)[^>]*>(.*?)?\/iframe>/i', array($this, 'trust_url_match'), $html);
//$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
//$html = preg_replace('#</iframe>#i', '</img>', $html);
}
@ -62,9 +63,10 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
// Domain Whitelist
$youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]);
$vimeoMatch = preg_match('#src="https?://player.vimeo.com/#i', $matches[1]);
if ($youTubeMatch || $vimeoMatch) {
$fackbookMatch = preg_match('#src="https?://www.facebook.com/#i', $matches[1]);
if ($youTubeMatch || $vimeoMatch || $fackbookMatch) {
$extra = ' frameborder="0"';
if ($youTubeMatch) {
if ($youTubeMatch || $fackbookMatch) {
$extra .= ' allowfullscreen';
} elseif ($vimeoMatch) {
$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';

6
plugin/okname/hpcert1.php
View File

@ -1,11 +1,13 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
}
// 금일 인증시도 회수 체크
certify_count_check($member['mb_id'], 'hp');
//include_once('./hpcert.config.php');
// KISA 취약점 내용(KVE-2018-0291) hpcert1.php의 $cmd 함수에 대한 인자 값은 hpcert_config.php 파일에서 설정되나, 이를 다른 페이지에서 포함한 뒤 호출할 시 임의 값 설정 가능
// 이에 include_once 를 include 로 수정함
include('./hpcert.config.php');

7
plugin/okname/hpcert2.php
View File

@ -1,6 +1,9 @@
<?php
include_once('./_common.php');
//include_once('./hpcert.config.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
}
// KISA 취약점 내용(KVE-2018-0291) hpcert1.php의 $cmd 함수에 대한 인자 값은 hpcert_config.php 파일에서 설정되나, 이를 다른 페이지에서 포함한 뒤 호출할 시 임의 값 설정 가능
// 이에 include_once 를 include 로 수정함
@ -106,7 +109,7 @@ $phone_no = hyphen_hp_number($req_num);
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$mb_dupinfo}' ";
$row = sql_fetch($sql);
if ($row['mb_id']) {
alert_close("입력하신 본인인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
alert_close("입력하신 본인인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
}
// hash 데이터

1
plugin/okname/ipin.config.php
View File

@ -7,6 +7,7 @@ if(!$config['cf_cert_use'] || $config['cf_cert_ipin'] != 'kcb')
// key 디렉토리 체크
include_once('./key_dir_check.php');
$exe = '';
// 실행모듈
if(strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
if(PHP_INT_MAX == 2147483647) // 32-bit

4
plugin/okname/ipin1.php
View File

@ -1,6 +1,10 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
}
// 금일 인증시도 회수 체크
certify_count_check($member['mb_id'], 'ipin');

7
plugin/okname/ipin2.php
View File

@ -1,6 +1,11 @@
<?php
include_once('./_common.php');
include_once('./ipin.config.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
}
include('./ipin.config.php');
//아이핀팝업에서 조회한 PERSONALINFO이다.
@$encPsnlInfo = $_POST["encPsnlInfo"];

2
skin/latest/basic/style.css
View File

@ -6,7 +6,7 @@
.lat .lat_title a{color:#253dbe;display:inline-block;position:relative}
.lat .lat_title a:after{position:absolute;bottom:-1px;left:0;width:100%;height:2px;background:#253dbe;content:''}
.lat ul{padding:15px 20px}
.lat li {position:relative;line-height:18px;padding:3px 0;padding-right:50px;padding-left:10px;position:relative}
.lat li {position:relative;line-height:18px;padding:3px 0;padding-right:50px;padding-left:10px}
.lat li:before{position: absolute;top: 12px;left: 0px;width: 4px;height: 4px;background: #aaa;content: '';border-radius: 50%;}
.lat li a:hover{color:#a22121}
.lat li .fa-heart{color:#ff0000;}

2
theme/basic/skin/latest/basic/style.css
View File

@ -6,7 +6,7 @@
.lat .lat_title a{color:#253dbe;display:inline-block;position:relative}
.lat .lat_title a:after{position:absolute;bottom:-1px;left:0;width:100%;height:2px;background:#253dbe;content:''}
.lat ul{padding:15px 20px}
.lat li {position:relative;line-height:18px;padding:3px 0;padding-right:50px;padding-left:10px;position:relative}
.lat li {position:relative;line-height:18px;padding:3px 0;padding-right:50px;padding-left:10px}
.lat li:before{position: absolute;top: 12px;left: 0px;width: 4px;height: 4px;background: #aaa;content: '';border-radius: 50%;}
.lat li a:hover{color:#a22121}
.lat li .fa-heart{color:#ff0000;}