firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

5.3.2.9 버전 수정

Browse Source
This commit is contained in:
thisgun
2019-05-29 14:33:57 +09:00
parent 37c3bca5b5 2ec7390cd6
commit f0d1eab873
33 changed files with 131 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/admin.lib.php
View File

@ -477,7 +477,7 @@ function admin_check_xss_params($params){
if( is_array($value) ){
admin_check_xss_params($value);
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}

24
adm/board_list_update.php
View File

@ -30,18 +30,18 @@ if ($_POST['act_button'] == "선택수정") {
}
$sql = " update {$g5['board_table']}
set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."',
bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."',
bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."',
bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."',
bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."',
bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."',
bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."',
bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."',
bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."',
bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."',
bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."',
bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."'
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
bo_subject = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
bo_read_point = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
bo_write_point = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
bo_comment_point = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
bo_download_point = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
bo_use_search = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
bo_use_sns = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
bo_order = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
sql_query($sql);

2
adm/config_form.php
View File

@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
<input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
<label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input extra-value-input" size="30">
</td>
</tr>
<?php } ?>

2
adm/config_form_update.php
View File

@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){

6
adm/contentform.php
View File

@ -86,11 +86,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</tr>
<tr>
<th scope="row">내용</th>
<td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
<td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
</tr>
<tr>
<th scope="row">모바일 내용</th>
<td><?php echo editor_html('co_mobile_content', get_text($co['co_mobile_content'], 0)); ?></td>
<td><?php echo editor_html('co_mobile_content', get_text(html_purifier($co['co_mobile_content']), 0)); ?></td>
</tr>
<tr>
<th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>
@ -104,6 +104,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<?php echo get_mobile_skin_select('content', 'co_mobile_skin', 'co_mobile_skin', $co['co_mobile_skin'], 'required'); ?>
</td>
</tr>
<!--
<tr>
<th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>
<td>
@ -114,6 +115,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</select>
</td>
</tr>
-->
<tr>
<th scope="row"><label for="co_include_head">상단 파일 경로</label></th>
<td>

1
adm/contentformupdate.php
View File

@ -24,6 +24,7 @@ $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
$co_subject = strip_tags($co_subject);
$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
// 관리자가 자동등록방지를 사용해야 할 경우
if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){

4
adm/css/admin.css
View File

@ -406,8 +406,8 @@ tfoot th {}
#anc_bo_extra label {display:inline-block;width:100px}
#anc_bo_extra input {margin-right:10px}
/* 게시판 여분필드 값 input style 로빈아빠님 제안 */
#anc_bo_extra input.extra-value-input {width:calc(100% - 370px);}
/* 환경설정 및 게시판 여분필드 값 input style 로빈아빠님 제안 */
#anc_bo_extra input.extra-value-input, #anc_cf_extra input.extra-value-input{width:calc(100% - 370px);}
/* 접속자집계 목록 */
.tbl_visit_list td {text-align:center}

41
adm/member_form_update.php
View File

@ -120,6 +120,28 @@ else if ($w == 'u')
if ($row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
if ($mb_password)
$sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
else
$sql_password = "";
if ($passive_certify)
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
else
$sql_certify = "";
$sql = " update {$g5['member_table']}
set {$sql_common}
{$sql_password}
{$sql_certify}
where mb_id = '{$mb_id}' ";
sql_query($sql);
}
else
alert('제대로 된 값이 넘어오지 않았습니다.');
if( $w == '' || $w == 'u' ){
$mb_dir = substr($mb_id,0,2);
// 회원 아이콘 삭제
@ -212,26 +234,7 @@ else if ($w == 'u')
}
}
}
if ($mb_password)
$sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
else
$sql_password = "";
if ($passive_certify)
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
else
$sql_certify = "";
$sql = " update {$g5['member_table']}
set {$sql_common}
{$sql_password}
{$sql_certify}
where mb_id = '{$mb_id}' ";
sql_query($sql);
}
else
alert('제대로 된 값이 넘어오지 않았습니다.');
goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
?>

2
adm/menu_list.php
View File

@ -76,7 +76,7 @@ $colspan = 7;
<td class="td_category<?php echo $sub_menu_class; ?>">
<input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>">
<label for="me_name_<?php echo $i; ?>" class="sound_only"><?php echo $sub_menu_info; ?> 메뉴<strong class="sound_only"> 필수</strong></label>
<input type="text" name="me_name[]" value="<?php echo $me_name; ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
<input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
</td>
<td>
<label for="me_link_<?php echo $i; ?>" class="sound_only">링크<strong class="sound_only"> 필수</strong></label>

12
adm/menu_list_update.php
View File

@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$code = $_POST['code'][$i];
$me_name = $_POST['me_name'][$i];
$code = strip_tags($_POST['code'][$i]);
$me_name = strip_tags($_POST['me_name'][$i]);
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
if(!$code || !$me_name || !$me_link)
@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
set me_code = '$me_code',
me_name = '$me_name',
me_link = '$me_link',
me_target = '{$_POST['me_target'][$i]}',
me_order = '{$_POST['me_order'][$i]}',
me_use = '{$_POST['me_use'][$i]}',
me_mobile_use = '{$_POST['me_mobile_use'][$i]}' ";
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
sql_query($sql);
}

8
adm/sms_admin/history_view.php
View File

@ -131,22 +131,22 @@ function all_send()
<tr>
<td><?php echo $re_vnum--?></td>
<!-- <td><input type=checkbox></td> -->
<!-- <td><?php echo $res[wr_message]; ?></span></td>-->
<!-- <td><?php echo $res[wr_reply]; ?></td>-->
<!-- <td><?php echo $res['wr_message']; ?></span></td>-->
<!-- <td><?php echo $res['wr_reply']; ?></td>-->
<td><?php echo $res['wr_datetime']?></td>
<td><?php echo number_format($res['wr_total'])?></td>
<td><?php echo number_format($res['wr_success'])?></td>
<td><?php echo number_format($res['wr_failure'])?></td>
<td class="td_mng">
<a href="./history_view.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res['wr_no']?>&amp;wr_renum=<?php echo $res['wr_renum']?>" class="btn btn_03">수정</a>
<!-- <a href="./history_del.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res[wr_no]?>&amp;wr_renum=<?php echo $res[wr_renum]?>">삭제</a> -->
<!-- <a href="./history_del.php?page=<?php echo $page?>&amp;st=<?php echo $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $res['wr_no']?>&amp;wr_renum=<?php echo $res['wr_renum']?>">삭제</a> -->
</td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } ?>
</div>
<?php } ?>
<?php
if( $write['wr_memo'] ){

2
bbs/content.php
View File

@ -26,6 +26,8 @@ if ($co['co_include_head'] && is_include_path_check($co['co_include_head']))
else
include_once('./_head.php');
// KVE-2019-0828 취약점 내용
$co['co_tag_filter_use'] = 1;
$str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']);
// $src 를 $dst 로 변환

6
bbs/download.php
View File

@ -25,8 +25,12 @@ if (!$file['bf_file'])
// JavaScript 불가일 때
if($js != 'on' && $board['bo_download_point'] < 0) {
$msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
$url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&amp;js=on';
$url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';
$url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);
if( $url2 && stripos($url2, $_SERVER['REQUEST_URI']) !== false ){
$url2 = G5_BBS_URL.'/board.php?'.clean_query_string($_SERVER['QUERY_STRING'], false);
}
//$url1 = 확인link, $url2=취소link
// 특정주소로 이동시키려면 $url3 이용

2
bbs/login.php
View File

@ -8,7 +8,7 @@ if( function_exists('social_check_login_before') ){
$g5['title'] = '로그인';
include_once('./_head.sub.php');
$url = $_GET['url'];
$url = strip_tags($_GET['url']);
// url 체크
check_url_host($url);

2
bbs/move_update.php
View File

@ -1,6 +1,8 @@
<?php
include_once('./_common.php');
$act = isset($act) ? strip_tags($act) : '';
// 게시판 관리자 이상 복사, 이동 가능
if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
alert_close('게시판 관리자 이상 접근이 가능합니다.');

4
bbs/view_image.php
View File

@ -12,10 +12,10 @@ if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){
alert_close('이미지 확장자가 아닙니다.');
}
if(strpos($filename, 'data/editor')) {
if(strpos($filename, G5_DATA_DIR.'/editor')) {
$editor_file = strstr($filename, 'editor');
$filepath = G5_DATA_PATH.'/'.$editor_file;
} else if(strpos($filename, 'data/qa')) {
} else if(strpos($filename, G5_DATA_DIR.'/qa')) {
$editor_file = strstr($filename, 'qa');
$filepath = G5_DATA_PATH.'/'.$editor_file;
} else {

4
config.php
View File

@ -5,8 +5,8 @@
********************/
define('G5_VERSION', '그누보드5');
define('G5_GNUBOARD_VER', '5.3.2.8');
define('G5_YOUNGCART_VER', '5.3.2.8.1');
define('G5_GNUBOARD_VER', '5.3.2.9');
define('G5_YOUNGCART_VER', '5.3.2.9');
// 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
define('_GNUBOARD_', true);

2
extend/sms5.extend.php
View File

@ -23,6 +23,8 @@ $g5['sms5_book_group_table'] = $g5['sms5_prefix'] . 'book_group';
$g5['sms5_form_table'] = $g5['sms5_prefix'] . 'form';
$g5['sms5_form_group_table'] = $g5['sms5_prefix'] . 'form_group';
$sms5 = array();
if (!empty($config['cf_sms_use'])) {
$sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false);

3
head.sub.php
View File

@ -19,6 +19,9 @@ else {
$g5_head_title .= " | ".$config['cf_title'];
}
$g5['title'] = strip_tags(get_text($g5['title']));
$g5_head_title = strip_tags(get_text($g5_head_title));
// 현재 접속자
// 게시판 제목에 ' 포함되면 오류 발생
$g5['lo_location'] = addslashes($g5['title']);

2
install/ajax.install.check.php
View File

@ -16,7 +16,7 @@ $mysql_host = safe_install_string_check($_POST['mysql_host'], 'json');
$mysql_user = safe_install_string_check($_POST['mysql_user'], 'json');
$mysql_pass = safe_install_string_check($_POST['mysql_pass'], 'json');
$mysql_db = safe_install_string_check($_POST['mysql_db'], 'json');
$table_prefix= safe_install_string_check($_POST['table_prefix']);
$table_prefix= safe_install_string_check(preg_replace('/[^a-zA-Z0-9_]/', '_', $_POST['table_prefix']));
$tmp_str = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
$ajax_token = md5($tmp_str.$_SERVER['REMOTE_ADDR'].$_SERVER['DOCUMENT_ROOT']);

2
install/install_config.php
View File

@ -187,7 +187,7 @@ function frm_install_submit(f)
alert('TABLE명 접두사'+reg_msg); f.table_prefix.focus(); return false;
}
if(/^[a-z][a-z0-9]/i.test(f.admin_id.value) == false) {
if(/^[a-z]+[a-z0-9]{2,19}$/i.test(f.admin_id.value) == false) {
alert('최고관리자 회원 ID는 첫자는 반드시 영문자 그리고 영문자와 숫자로만 만드셔야 합니다.');
f.admin_id.focus();
return false;

4
install/install_db.php
View File

@ -33,6 +33,10 @@ if (isset($_POST['g5_install']))
$g5_shop_prefix = $_POST['g5_shop_prefix'];
$g5_shop_install= $_POST['g5_shop_install'];
if (preg_match("/[^0-9a-z_]+/i", $admin_id)) {
die('<div class="ins_inner"><p>관리자 아이디는 영문자, 숫자, _ 만 입력하세요.</p><div class="inner_btn"><a href="./install_config.php">뒤로가기</a></div></div>');
}
$dblink = sql_connect($mysql_host, $mysql_user, $mysql_pass, $mysql_db);
if (!$dblink) {
?>

9
lib/common.lib.php
View File

@ -2752,6 +2752,11 @@ function module_exec_check($exe, $type)
} else {
// 바이너리 파일인지
if($is_linux) {
if ( !function_exists('exec') ) {
alert('exec 함수실행이 불가능하므로 사용할수 없습니다.');
}
$search = false;
$isbinary = true;
$executable = true;
@ -3431,7 +3436,7 @@ function get_head_title($title){
global $g5;
if( isset($g5['board_title']) && $g5['board_title'] ){
$title = $g5['board_title'];
$title = strip_tags(get_text($g5['board_title']));
}
return $title;
@ -3562,7 +3567,7 @@ function is_include_path_check($path='', $is_input='')
if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
return false;
}
if( preg_match('/\.\.\//i', $replace_path) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
return false;
}
}

10
plugin/okname/hpcert1.php
View File

@ -1,8 +1,14 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
$check_arrays = array('exe', 'svcTxSeqno', 'name', 'birthday', 'gender', 'ntvFrnrTpCd', 'mblTelCmmCd', 'mbphnNo', 'rsv1', 'rsv2', 'rsv3', 'returnMsg', 'returnUrl', 'inTpBit', 'hsCertMsrCd', 'hsCertRqstCausCd', 'memId', 'clientIp', 'clientDomain', 'endPointURL', 'logPath');
foreach($check_arrays as $key){
if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
die('bad request');
}
$$key = '';
}
// 금일 인증시도 회수 체크

10
plugin/okname/hpcert2.php
View File

@ -1,8 +1,14 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
$check_arrays = array('exe', 'keypath', 'memId', 'endPointURL', 'logPath');
foreach($check_arrays as $key){
if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
die('bad request');
}
$$key = '';
}
// KISA 취약점 내용(KVE-2018-0291) hpcert1.php의 $cmd 함수에 대한 인자 값은 hpcert_config.php 파일에서 설정되나, 이를 다른 페이지에서 포함한 뒤 호출할 시 임의 값 설정 가능

10
plugin/okname/ipin1.php
View File

@ -1,8 +1,14 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
$check_arrays = array('exe', 'keypath', 'memid', 'reserved1', 'reserved2', 'EndPointURL', 'logpath', 'option');
foreach($check_arrays as $key){
if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
die('bad request');
}
$$key = '';
}
// 금일 인증시도 회수 체크

10
plugin/okname/ipin2.php
View File

@ -1,8 +1,14 @@
<?php
include_once('./_common.php');
if( isset($_REQUEST['exe']) && isset($exe) && $exe ){
die('bad request');
$check_arrays = array('exe', 'keypath', 'memid', 'EndPointURL', 'cpubkey', 'csig', 'encdata', 'logpath', 'option');
foreach($check_arrays as $key){
if( isset($_REQUEST[$key]) && $_REQUEST[$key] ){
die('bad request');
}
$$key = '';
}
include('./ipin.config.php');

12
plugin/sms5/sms5.lib.php
View File

@ -164,8 +164,8 @@ if($config['cf_sms_type'] == 'LMS') {
}
function Init() {
$this->Data = ""; // 발송하기 위한 패킷내용이 배열로 들어간다.
$this->Result = ""; // 발송결과값이 배열로 들어간다.
$this->Data = array(); // 발송하기 위한 패킷내용이 배열로 들어간다.
$this->Result = array(); // 발송결과값이 배열로 들어간다.
}
function Add($strDest, $strCallBack, $strCaller, $strSubject, $strURL, $strData, $strDate="", $nCount) {
@ -260,7 +260,7 @@ if($config['cf_sms_type'] == 'LMS') {
$this->Result[] = "$phone:$code";
$this->Log[] = $puts;
}
$this->Data = "";
$this->Data = array();
return true;
exit;
}
@ -284,7 +284,7 @@ if($config['cf_sms_type'] == 'LMS') {
}
fclose($fsocket);
$this->Data = "";
$this->Data = array();
return true;
}
}
@ -431,7 +431,7 @@ if($config['cf_sms_type'] == 'LMS') {
$this->Result[] = "$phone:$code";
$this->Log[] = $puts;
}
$this->Data = "";
$this->Data = array();
return true;
exit;
}
@ -463,7 +463,7 @@ if($config['cf_sms_type'] == 'LMS') {
if ($count++%1000 == 0) sleep(5);
}
fclose($fsocket);
$this->Data = "";
$this->Data = array();
return true;
}
}

2
plugin/syndi/ping.php
View File

@ -29,7 +29,7 @@ $feed_updated = date('Y-m-d\TH:i:s\+09:00', G5_SERVER_TIME);
$find = array('&amp;', '&nbsp;'); # 찾아서
$replace = array('&', ' '); # 바꾼다
$content = str_replace( $find, $replace, $write['wr_content'] );
$content = str_replace( $find, $replace, html_purifier($write['wr_content']) );
$summary = str_replace( $find, $replace, strip_tags($write['wr_content']) );
Header("Content-type: text/xml");

2
skin/board/gallery/list.skin.php
View File

@ -128,7 +128,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
</a>
</div>
<div class="gall_name">
<span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?>
<span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?></span>
</div>
<div class="gall_info">
<span class="sound_only">조회 </span><i class="fa fa-eye" aria-hidden="true"></i> <?php echo $list[$i]['wr_hit'] ?>

1
skin/latest/basic/latest.skin.php
View File

@ -3,7 +3,6 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
// add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
add_stylesheet('<link rel="stylesheet" href="'.$latest_skin_url.'/style.css">', 0);
add_javascript('<script src="'.G5_JS_URL.'/jquery.bxslider.js"></script>', 10);
?>
<div class="lat">

3
theme/basic/head.sub.php
View File

@ -13,6 +13,9 @@ else {
$g5_head_title .= " | ".$config['cf_title'];
}
$g5['title'] = strip_tags(get_text($g5['title']));
$g5_head_title = strip_tags(get_text($g5_head_title));
// 현재 접속자
// 게시판 제목에 ' 포함되면 오류 발생
$g5['lo_location'] = addslashes($g5['title']);

2
theme/basic/skin/board/gallery/list.skin.php
View File

@ -128,7 +128,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
</a>
</div>
<div class="gall_name">
<span class="sound_only">작성자 </span><?php echo $list[$i]['name'] ?>
<span class="sound_only">작성자 </span><span class="profile_img"><?php echo $list[$i]['name'] ?></span>
</div>
<div class="gall_info">
<span class="sound_only">조회 </span><i class="fa fa-eye" aria-hidden="true"></i> <?php echo $list[$i]['wr_hit'] ?>