From 826a497e843b96073205604d8e1281065fb441c7 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 10 Jan 2019 20:58:58 +0900 Subject: [PATCH 1/7] =?UTF-8?q?=ED=99=98=EA=B2=BD=EC=84=A4=EC=A0=95?= =?UTF-8?q?=ED=8E=98=EC=9D=B4=EC=A7=80=20=EC=BD=94=EB=93=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index e4daee961..f08a9d94c 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1436,16 +1436,29 @@ if($config['cf_cert_use']) { $log_path = G5_LGXPAY_PATH.'/lgdacom/log'; if(!is_dir($log_path)) { - echo ''.PHP_EOL; - } else { - if(!is_writable($log_path)) { + + if( is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){ + // 디렉토리가 없다면 생성합니다. (퍼미션도 변경하구요.) + @mkdir($log_path, G5_DIR_PERMISSION); + @chmod($log_path, G5_DIR_PERMISSION); + } + + if(!is_dir($log_path)){ echo ''.PHP_EOL; } } + + if(is_dir($log_path) && is_writable($log_path)) { + if( function_exists('check_log_folder') ){ + check_log_folder($log_path); + } + } else if (is_dir($log_path)) { + echo ''.PHP_EOL; + } } } From 2ce07e5ec9eaaf3a7c99d14eefc1f94daac1cc78 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 16 Jan 2019 14:46:39 +0900 Subject: [PATCH 2/7] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=98=A4?= =?UTF-8?q?=ED=83=80=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/alert.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/alert.php b/bbs/alert.php index b1117d347..1d74ad4b4 100644 --- a/bbs/alert.php +++ b/bbs/alert.php @@ -68,7 +68,7 @@ history.back(); $value) { - $key = clean_xss_tags($url); + $key = clean_xss_tags($key); $value = clean_xss_tags($value); if(strlen($value) < 1) From ab5fb4815d7406e83dc84998f22e8ec511f6aa8b Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 18 Jan 2019 11:34:31 +0900 Subject: [PATCH 3/7] =?UTF-8?q?KVE-2018-1968=20=EC=B7=A8=EC=95=BD=EC=A0=90?= =?UTF-8?q?=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index 5ba0419cc..c24c56e07 100644 --- a/common.php +++ b/common.php @@ -122,7 +122,7 @@ $member = array(); $board = array(); $group = array(); $g5 = array(); - +$qaconfig = array(); //============================================================================== // 공통 From 6b67183ec5803c9da0c86c47603e9d2f5ec6f072 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 18 Jan 2019 11:58:56 +0900 Subject: [PATCH 4/7] =?UTF-8?q?=EC=AA=BD=EC=A7=80=20=EC=A0=80=EC=9E=A5=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo_form_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbs/memo_form_update.php b/bbs/memo_form_update.php index cc9f00abe..dbdcb65dc 100644 --- a/bbs/memo_form_update.php +++ b/bbs/memo_form_update.php @@ -60,7 +60,7 @@ for ($i=0; $i Date: Fri, 18 Jan 2019 16:57:24 +0900 Subject: [PATCH 5/7] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.3.2.5=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index a7d518d18..87887e444 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.2.4'); +define('G5_GNUBOARD_VER', '5.3.2.5'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true); From 31bf6e94add179026ed4f9a59ec21dd3957ce20e Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 28 Jan 2019 10:07:29 +0900 Subject: [PATCH 6/7] =?UTF-8?q?KVE-2019-0001,=200002,=200042,=200050=20?= =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20=EB=8B=A4=EC=A4=91=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/_common.php | 1 + adm/sms_admin/form_group_update.php | 6 +++--- adm/sms_admin/history_num.php | 8 ++++---- adm/sms_admin/num_book_update.php | 7 ++++--- adm/sms_admin/num_book_write.php | 2 +- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php index 23e15e5ef..3c53259a8 100644 --- a/adm/sms_admin/_common.php +++ b/adm/sms_admin/_common.php @@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) { } $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : ''; +$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : ''; if( isset($token) ){ $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES); diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php index ee8b1627a..d5257dcea 100644 --- a/adm/sms_admin/form_group_update.php +++ b/adm/sms_admin/form_group_update.php @@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트 // 실제 번호를 넘김 $k = $_POST['chk'][$i]; $fg_no = (int) $_POST['fg_no'][$k]; - $fg_name = strip_tags($_POST['fg_name'][$k]); - $fg_member = strip_tags($_POST['fg_member'][$k]); + $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : ''; + $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : ''; if (!is_numeric($fg_no)) alert('그룹 고유번호가 없습니다.'); @@ -83,7 +83,7 @@ else // 등록 if (!strlen(trim($fg_name))) alert('그룹명을 입력해주세요'); - $fg_name = strip_tags($fg_name); + $fg_name = addslashes(strip_tags($fg_name)); $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'"); if ($res) diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php index f53dfb407..043fdd3f0 100644 --- a/adm/sms_admin/history_num.php +++ b/adm/sms_admin/history_num.php @@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)"; if ($page < 1) $page = 1; +if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){ + $st = ''; +} + if ($st && trim($sv)) $sql_search = " and $st like '%$sv%' "; else $sql_search = ""; -if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){ - $st = ''; -} - $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search"); $total_count = $total_res['cnt']; diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php index 0a13c641f..079c5eae1 100644 --- a/adm/sms_admin/num_book_update.php +++ b/adm/sms_admin/num_book_update.php @@ -12,6 +12,9 @@ $is_hp_exist = false; $bk_hp = get_hp($bk_hp); +$bk_memo = strip_tags($bk_memo); +$bk_name = strip_tags($bk_name); + if ($w=='u') // 업데이트 { if (!$bg_no) $bg_no = 0; @@ -21,8 +24,6 @@ if ($w=='u') // 업데이트 if (!strlen(trim($bk_name))) alert('이름을 입력해주세요'); - $bk_name = strip_tags($bk_name); - if ($bk_hp == '') alert('휴대폰번호만 입력 가능합니다.'); /* @@ -48,7 +49,7 @@ if ($w=='u') // 업데이트 sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'"); } - sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'"); + sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'"); if ($res['mb_id']){ //만약에 mb_id가 있다면... // 휴대폰번호 중복체크 $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' "; diff --git a/adm/sms_admin/num_book_write.php b/adm/sms_admin/num_book_write.php index 06896f81e..665673472 100644 --- a/adm/sms_admin/num_book_write.php +++ b/adm/sms_admin/num_book_write.php @@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php"); - + From 40508b05d0e95d84cc0a9668eb810b36940db87e Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 28 Jan 2019 11:11:49 +0900 Subject: [PATCH 7/7] =?UTF-8?q?KVE-2018-2451,=202452,=202453,=202019-0208?= =?UTF-8?q?=20=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20=EB=8B=A4=EC=A4=91=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form_update.php | 8 ++++++++ adm/menu_list_update.php | 2 +- adm/sms_admin/emoticon_move.php | 2 +- lib/common.lib.php | 5 +++-- plugin/lgxpay/AuthOnlyReq.php | 4 ++-- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/adm/config_form_update.php b/adm/config_form_update.php index 126786382..533782c7a 100644 --- a/adm/config_form_update.php +++ b/adm/config_form_update.php @@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_title'] = strip_tags($_POST['cf_title']); +$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key'); + +foreach( $check_keys as $key ){ + if ( isset($_POST[$key]) && $_POST[$key] ){ + $_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]); + } +} + $sql = " update {$g5['config_table']} set cf_title = '{$_POST['cf_title']}', cf_admin = '{$_POST['cf_admin']}', diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index 324f26209..3aaf18b11 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++) $code = $_POST['code'][$i]; $me_name = $_POST['me_name'][$i]; - $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]); + $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]); if(!$code || !$me_name || !$me_link) continue; diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php index 075c7b4a4..4e04cf496 100644 --- a/adm/sms_admin/emoticon_move.php +++ b/adm/sms_admin/emoticon_move.php @@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동'; include_once(G5_PATH.'/head.sub.php'); $list = array(); //배열 변수 초기화 -$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : ''; +$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : ''; $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no "; $result = sql_query($sql); diff --git a/lib/common.lib.php b/lib/common.lib.php index 4b2423f2c..c41b3e412 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id) while ($row = sql_fetch_array($result)) { $no = $row['bf_no']; + $bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : ''; $file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&wr_id=$wr_id&no=$no" . $qstr; $file[$no]['download'] = $row['bf_download']; // 4.00.11 - 파일 path 추가 @@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id) $file[$no]['size'] = get_filesize($row['bf_filesize']); $file[$no]['datetime'] = $row['bf_datetime']; $file[$no]['source'] = addslashes($row['bf_source']); - $file[$no]['bf_content'] = $row['bf_content']; - $file[$no]['content'] = get_text($row['bf_content']); + $file[$no]['bf_content'] = $bf_content; + $file[$no]['content'] = get_text($bf_content); //$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']); $file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']); $file[$no]['file'] = $row['bf_file']; diff --git a/plugin/lgxpay/AuthOnlyReq.php b/plugin/lgxpay/AuthOnlyReq.php index 571d7d9c9..e1eb02e9c 100644 --- a/plugin/lgxpay/AuthOnlyReq.php +++ b/plugin/lgxpay/AuthOnlyReq.php @@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap; $value) { - $key = htmlspecialchars(strip_tags($key)); - $value = htmlspecialchars(strip_tags($value)); + $key = htmlspecialchars(strip_tags($key), ENT_QUOTES); + $value = htmlspecialchars(strip_tags($value), ENT_QUOTES); echo "".PHP_EOL; } ?>