From ed6b7f332625ae53db07600b0e9a7da4f8ee7461 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 4 Jun 2024 17:38:33 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B8=80=EC=93=B0=EA=B8=B0=20=EC=9E=84?=
 =?UTF-8?q?=EC=8B=9C=EC=A0=80=EC=9E=A5=EA=B3=BC=20=EC=AA=BD=EC=A7=80?=
 =?UTF-8?q?=EC=93=B0=EA=B8=B0=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/ajax.autosave.php    |  4 ++--
 bbs/memo_form_update.php | 14 +++++++++-----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php
index 1e01c798a..3eddb39ca 100644
--- a/bbs/ajax.autosave.php
+++ b/bbs/ajax.autosave.php
@@ -4,8 +4,8 @@ include_once('./_common.php');
 if (!$is_member) die('0');
 
 $uid     = isset($_REQUEST['uid']) ? preg_replace('/[^0-9]/', '', $_REQUEST['uid']) : 0;
-$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
-$content = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : '';
+$subject = isset($_REQUEST['subject']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['subject']),0,255)) : '';
+$content = isset($_REQUEST['content']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['content']),0,65536)) : '';
 
 if ($subject && $content) {
     $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";
diff --git a/bbs/memo_form_update.php b/bbs/memo_form_update.php
index 42263fce5..4397e4503 100644
--- a/bbs/memo_form_update.php
+++ b/bbs/memo_form_update.php
@@ -14,24 +14,28 @@ $str_nick_list = '';
 $msg = '';
 $error_list  = array();
 $member_list = array('id'=>array(), 'nick'=>array());
+$me_memo = isset($_POST['me_memo']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['me_memo']),0,65536)) : '';
 
 run_event('memo_form_update_before', $recv_list);
 
 for ($i=0; $i<count($recv_list); $i++) {
-    $row = sql_fetch(" select mb_id, mb_nick, mb_open, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$recv_list[$i]}' ");
+
+    $recv_list_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $recv_list[$i]), 0, 20);
+
+    $row = sql_fetch(" select mb_id, mb_nick, mb_open, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$recv_list_id}' ");
     if ($row) {
         if ($is_admin || ($row['mb_open'] && (!$row['mb_leave_date'] && !$row['mb_intercept_date']))) {
             $member_list['id'][]   = $row['mb_id'];
             $member_list['nick'][] = $row['mb_nick'];
         } else {
-            $error_list[]   = $recv_list[$i];
+            $error_list[]   = $recv_list_id;
         }
     }
     /*
     // 관리자가 아니면서
     // 가입된 회원이 아니거나 정보공개를 하지 않았거나 탈퇴한 회원이거나 차단된 회원에게 쪽지를 보내는것은 에러
     if ((!$row['mb_id'] || !$row['mb_open'] || $row['mb_leave_date'] || $row['mb_intercept_date']) && !$is_admin) {
-        $error_list[]   = $recv_list[$i];
+        $error_list[]   = $recv_list_id;
     } else {
         $member_list['id'][]   = $row['mb_id'];
         $member_list['nick'][] = $row['mb_nick'];
@@ -67,14 +71,14 @@ for ($i=0; $i<count($member_list['id']); $i++) {
     $recv_mb_nick = get_text($member_list['nick'][$i]);
 
     // 받는 회원 쪽지 INSERT
-    $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_type, me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}', '0000-00-00 00:00:00' , 'recv', '{$_SERVER['REMOTE_ADDR']}' ) ";
+    $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_type, me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$me_memo}', '0000-00-00 00:00:00' , 'recv', '{$_SERVER['REMOTE_ADDR']}' ) ";
 
     sql_query($sql);
 
     if( $me_id = sql_insert_id() ){
 
         // 보내는 회원 쪽지 INSERT
-        $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_send_id, me_type , me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$_POST['me_memo']}', '0000-00-00 00:00:00', '$me_id', 'send', '{$_SERVER['REMOTE_ADDR']}' ) ";
+        $sql = " insert into {$g5['memo_table']} ( me_recv_mb_id, me_send_mb_id, me_send_datetime, me_memo, me_read_datetime, me_send_id, me_type , me_send_ip ) values ( '$recv_mb_id', '{$member['mb_id']}', '".G5_TIME_YMDHIS."', '{$me_memo}', '0000-00-00 00:00:00', '$me_id', 'send', '{$_SERVER['REMOTE_ADDR']}' ) ";
         sql_query($sql);
 		
 		$member_list['me_id'][$i] = $me_id;