firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

5.3.2.8 버전 수정

Browse Source
This commit is contained in:
thisgun
2019-03-19 11:29:47 +09:00
parent 903585ffcf e4a7c1b21d
commit e73b4b2c63
18 changed files with 83 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bbs/alert.php
View File

@ -35,6 +35,7 @@ $url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
$url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
// url 체크
check_url_host($url, $msg);
@ -48,11 +49,9 @@ if($error) {
<script>
alert("<?php echo $msg; ?>");
//document.location.href = "<?php echo $url; ?>";
<?php if ($url) { ?>
document.location.replace("<?php echo str_replace('&amp;', '&', $url); ?>");
<?php } else { ?>
//alert('history.back();');
history.back();
<?php } ?>
</script>

12
bbs/confirm.php
View File

@ -2,9 +2,15 @@
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');
$url1 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url1));
$url2 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url2));
$url3 = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", clean_xss_tags($url3));
$pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
$pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
$url1 = preg_replace($pattern1, "", clean_xss_tags($url1));
$url1 = preg_replace($pattern2, "", $url1);
$url2 = preg_replace($pattern1, "", clean_xss_tags($url2));
$url2 = preg_replace($pattern2, "", $url2);
$url3 = preg_replace($pattern1, "", clean_xss_tags($url3));
$url3 = preg_replace($pattern2, "", $url3);
// url 체크
check_url_host($url1);

6
bbs/move_update.php
View File

@ -196,8 +196,10 @@ if ($sw == 'move')
{
for ($i=0; $i<count($save); $i++)
{
for ($k=0; $k<count($save[$i]['bf_file']); $k++)
@unlink($save[$i]['bf_file'][$k]);
if( isset($save[$i]['bf_file']) && $save[$i]['bf_file'] ){
for ($k=0; $k<count($save[$i]['bf_file']); $k++)
@unlink($save[$i]['bf_file'][$k]);
}
sql_query(" delete from $write_table where wr_parent = '{$save[$i]['wr_id']}' ");
sql_query(" delete from {$g5['board_new_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");

2
bbs/write.php
View File

@ -362,7 +362,7 @@ if (isset($write['wr_subject'])) {
$content = '';
if ($w == '') {
$content = $board['bo_insert_content'];
$content = html_purifier($board['bo_insert_content']);
} else if ($w == 'r') {
if (!strstr($write['wr_option'], 'html')) {
$content = "\n\n\n &gt; "