Merge branch 'master' of github.com:gnuboard/g5

adm/config_form.php

@@ -1436,16 +1436,29 @@ if($config['cf_cert_use']) {
         $log_path = G5_LGXPAY_PATH.'/lgdacom/log';
 
         if(!is_dir($log_path)) {
-            echo '<script>'.PHP_EOL;
+
-            echo 'alert("'.str_replace(G5_PATH.'/', '', G5_LGXPAY_PATH).'/lgdacom 폴더 안에 log 폴더를 생성하신 후 쓰기권한을 부여해 주십시오.\n> mkdir log\n> chmod 707 log");'.PHP_EOL;
+            if( is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){
-            echo '</script>'.PHP_EOL;
+                // 디렉토리가 없다면 생성합니다. (퍼미션도 변경하구요.)
-        } else {
+                @mkdir($log_path, G5_DIR_PERMISSION);
-            if(!is_writable($log_path)) {
+                @chmod($log_path, G5_DIR_PERMISSION);
+            }
+
+            if(!is_dir($log_path)){
                 echo '<script>'.PHP_EOL;
-                echo 'alert("'.str_replace(G5_PATH.'/', '',$log_path).' 폴더에 쓰기권한을 부여해 주십시오.\n> chmod 707 log");'.PHP_EOL;
+                echo 'alert("'.str_replace(G5_PATH.'/', '', G5_LGXPAY_PATH).'/lgdacom 폴더 안에 log 폴더를 생성하신 후 쓰기권한을 부여해 주십시오.\n> mkdir log\n> chmod 707 log");'.PHP_EOL;
                 echo '</script>'.PHP_EOL;
             }
         }
+
+        if(is_dir($log_path) && is_writable($log_path)) {
+            if( function_exists('check_log_folder') ){
+                check_log_folder($log_path);
+            }
+        } else if (is_dir($log_path)) {
+            echo '<script>'.PHP_EOL;
+            echo 'alert("'.str_replace(G5_PATH.'/', '',$log_path).' 폴더에 쓰기권한을 부여해 주십시오.\n> chmod 707 log");'.PHP_EOL;
+            echo '</script>'.PHP_EOL;
+        }
     }
 }
 

adm/config_form_update.php

@@ -28,6 +28,14 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
 
 $_POST['cf_title'] = strip_tags($_POST['cf_title']);
 
+$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
+
+foreach( $check_keys as $key ){
+    if ( isset($_POST[$key]) && $_POST[$key] ){
+        $_POST[$key] = preg_replace('/[^a-z0-9_\-]/i', '', $_POST[$key]);
+    }
+}
+
 $sql = " update {$g5['config_table']}
             set cf_title = '{$_POST['cf_title']}',
                 cf_admin = '{$_POST['cf_admin']}',

adm/menu_list_update.php

@@ -23,7 +23,7 @@ for ($i=0; $i<$count; $i++)
 
     $code    = $_POST['code'][$i];
     $me_name = $_POST['me_name'][$i];
-    $me_link = preg_match('/^javascript/i', $_POST['me_link'][$i]) ? G5_URL : strip_tags($_POST['me_link'][$i]);
+    $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
     
     if(!$code || !$me_name || !$me_link)
         continue;

adm/sms_admin/_common.php

@@ -13,6 +13,7 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
 }
 
 $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
+$st = (isset($_REQUEST['st']) && $st) ? substr(get_search_string($_REQUEST['st']), 0, 12) : '';
 
 if( isset($token) ){
     $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);

adm/sms_admin/emoticon_move.php

@@ -12,7 +12,7 @@ $g5['title'] = '이모티콘그룹 이동';
 include_once(G5_PATH.'/head.sub.php');
 
 $list = array();    //배열 변수 초기화
-$fo_no_list = isset($_POST['fo_no']) ? implode(',', $_POST['fo_no']) : '';
+$fo_no_list = isset($_POST['fo_no']) ? clean_xss_tags(strip_tags(implode(',', $_POST['fo_no']))) : '';
 
 $sql = " select * from {$g5['sms5_form_group_table']} order by fg_no ";
 $result = sql_query($sql);

adm/sms_admin/form_group_update.php

@@ -11,8 +11,8 @@ if ($w == 'u') // 업데이트
         // 실제 번호를 넘김
         $k = $_POST['chk'][$i];
         $fg_no = (int) $_POST['fg_no'][$k];
-        $fg_name = strip_tags($_POST['fg_name'][$k]);
+        $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
-        $fg_member = strip_tags($_POST['fg_member'][$k]);
+        $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
 
         if (!is_numeric($fg_no))
             alert('그룹 고유번호가 없습니다.');
@@ -83,7 +83,7 @@ else // 등록
     if (!strlen(trim($fg_name)))
         alert('그룹명을 입력해주세요');
 
-    $fg_name = strip_tags($fg_name);
+    $fg_name = addslashes(strip_tags($fg_name));
 
     $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
     if ($res)

adm/sms_admin/history_num.php

@@ -11,15 +11,15 @@ $g5['title'] = "문자전송 내역 (번호별)";
 
 if ($page < 1) $page = 1;
 
+if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
+    $st = '';
+}
+
 if ($st && trim($sv))
     $sql_search = " and $st like '%$sv%' ";
 else
     $sql_search = "";
 
-if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
-    $st = '';
-}
-
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_history_table']} where 1 $sql_search");
 $total_count = $total_res['cnt'];
 

adm/sms_admin/num_book_update.php

@@ -12,6 +12,9 @@ $is_hp_exist = false;
 
 $bk_hp = get_hp($bk_hp);
 
+$bk_memo = strip_tags($bk_memo);
+$bk_name = strip_tags($bk_name);
+
 if ($w=='u') // 업데이트
 {
     if (!$bg_no) $bg_no = 0;
@@ -21,8 +24,6 @@ if ($w=='u') // 업데이트
     if (!strlen(trim($bk_name)))
         alert('이름을 입력해주세요');
 
-    $bk_name = strip_tags($bk_name);
-
     if ($bk_hp == '')
         alert('휴대폰번호만 입력 가능합니다.');
 /*
@@ -48,7 +49,7 @@ if ($w=='u') // 업데이트
             sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
     }
 
-    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
     if ($res['mb_id']){ //만약에 mb_id가 있다면...
         // 휴대폰번호 중복체크
         $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";

adm/sms_admin/num_book_write.php

@@ -121,7 +121,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");
     <tr>
         <th scope="row"><label for="bk_memo">메모</label></th>
         <td>
-            <textarea name="bk_memo" id="bk_memo"><?php echo $write['bk_memo']?></textarea>
+            <textarea name="bk_memo" id="bk_memo"><?php echo html_purifier($write['bk_memo']); ?></textarea>
         </td>
     </tr>
     </tbody>

bbs/alert.php

@@ -68,7 +68,7 @@ history.back();
     <?php
     foreach($_POST as $key => $value) {
         
-        $key = clean_xss_tags($url);
+        $key = clean_xss_tags($key);
         $value = clean_xss_tags($value);
 
         if(strlen($value) < 1)

bbs/memo_form_update.php

@@ -60,7 +60,7 @@ for ($i=0; $i<count($member_list['id']); $i++) {
     $recv_mb_nick = get_text($member_list['nick'][$i]);
 
     // 쪽지 INSERT
-    $sql = " insert into {$g5['memo_table']} ( me_id, me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo ) values ( '$me_id', '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}' ) ";
+    $sql = " insert into {$g5['memo_table']} ( me_id, me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime ) values ( '$me_id', '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}', '0000-00-00 00:00:00' ) ";
     sql_query($sql);
 
     // 실시간 쪽지 알림 기능

common.php

@@ -122,7 +122,7 @@ $member = array();
 $board  = array();
 $group  = array();
 $g5     = array();
-
+$qaconfig = array();
 
 //==============================================================================
 // 공통

config.php

@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.3.2.4');
+define('G5_GNUBOARD_VER', '5.3.2.5');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

lib/common.lib.php

@@ -288,6 +288,7 @@ function get_file($bo_table, $wr_id)
     while ($row = sql_fetch_array($result))
     {
         $no = $row['bf_no'];
+        $bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
         $file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&wr_id=$wr_id&no=$no" . $qstr;
         $file[$no]['download'] = $row['bf_download'];
         // 4.00.11 - 파일 path 추가
@@ -295,8 +296,8 @@ function get_file($bo_table, $wr_id)
         $file[$no]['size'] = get_filesize($row['bf_filesize']);
         $file[$no]['datetime'] = $row['bf_datetime'];
         $file[$no]['source'] = addslashes($row['bf_source']);
-        $file[$no]['bf_content'] = $row['bf_content'];
+        $file[$no]['bf_content'] = $bf_content;
-        $file[$no]['content'] = get_text($row['bf_content']);
+        $file[$no]['content'] = get_text($bf_content);
         //$file[$no]['view'] = view_file_link($row['bf_file'], $file[$no]['content']);
         $file[$no]['view'] = view_file_link($row['bf_file'], $row['bf_width'], $row['bf_height'], $file[$no]['content']);
         $file[$no]['file'] = $row['bf_file'];

plugin/lgxpay/AuthOnlyReq.php

@@ -165,8 +165,8 @@ $_SESSION['lgd_certify'] = $payReqMap;
 <input type="hidden" name="LGD_ENCODING" value="UTF-8"/>
 <?php
 foreach ($payReqMap as $key => $value) {
-    $key = htmlspecialchars(strip_tags($key));
+    $key = htmlspecialchars(strip_tags($key), ENT_QUOTES);
-    $value = htmlspecialchars(strip_tags($value));
+    $value = htmlspecialchars(strip_tags($value), ENT_QUOTES);
     echo "<input type='hidden' name='$key' id='$key' value='$value'/>".PHP_EOL;
 }
 ?>