5.3.2.9 버전 수정
This commit is contained in:
thisgun
@ -477,7 +477,7 @@ function admin_check_xss_params($params){
|
||||
|
||||
if( is_array($value) ){
|
||||
admin_check_xss_params($value);
|
||||
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
|
||||
} else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){
|
||||
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
|
||||
die();
|
||||
}
|
||||
|
||||
@ -30,18 +30,18 @@ if ($_POST['act_button'] == "선택수정") {
|
||||
}
|
||||
|
||||
$sql = " update {$g5['board_table']}
|
||||
set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."',
|
||||
bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."',
|
||||
bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."',
|
||||
bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."',
|
||||
bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."',
|
||||
bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."',
|
||||
bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."',
|
||||
bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."',
|
||||
bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."',
|
||||
bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."',
|
||||
bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."',
|
||||
bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."'
|
||||
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
|
||||
bo_subject = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."',
|
||||
bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
|
||||
bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
|
||||
bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
|
||||
bo_read_point = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
|
||||
bo_write_point = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
|
||||
bo_comment_point = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
|
||||
bo_download_point = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
|
||||
bo_use_search = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
|
||||
bo_use_sns = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
|
||||
bo_order = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
|
||||
where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
|
||||
|
||||
sql_query($sql);
|
||||
|
||||
@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
|
||||
<label for="cf_<?php echo $i ?>_subj">여분필드<?php echo $i ?> 제목</label>
|
||||
<input type="text" name="cf_<?php echo $i ?>_subj" value="<?php echo get_text($config['cf_'.$i.'_subj']) ?>" id="cf_<?php echo $i ?>_subj" class="frm_input" size="30">
|
||||
<label for="cf_<?php echo $i ?>">여분필드<?php echo $i ?> 값</label>
|
||||
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input" size="30">
|
||||
<input type="text" name="cf_<?php echo $i ?>" value="<?php echo get_sanitize_input($config['cf_'.$i]); ?>" id="cf_<?php echo $i ?>" class="frm_input extra-value-input" size="30">
|
||||
</td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
|
||||
@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',',
|
||||
|
||||
$_POST['cf_title'] = strip_tags($_POST['cf_title']);
|
||||
|
||||
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key');
|
||||
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
|
||||
|
||||
foreach( $check_keys as $key ){
|
||||
if ( isset($_POST[$key]) && $_POST[$key] ){
|
||||
|
||||
@ -86,11 +86,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">내용</th>
|
||||
<td><?php echo editor_html('co_content', get_text($co['co_content'], 0)); ?></td>
|
||||
<td><?php echo editor_html('co_content', get_text(html_purifier($co['co_content']), 0)); ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">모바일 내용</th>
|
||||
<td><?php echo editor_html('co_mobile_content', get_text($co['co_mobile_content'], 0)); ?></td>
|
||||
<td><?php echo editor_html('co_mobile_content', get_text(html_purifier($co['co_mobile_content']), 0)); ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="co_skin">스킨 디렉토리<strong class="sound_only">필수</strong></label></th>
|
||||
@ -104,6 +104,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
|
||||
<?php echo get_mobile_skin_select('content', 'co_mobile_skin', 'co_mobile_skin', $co['co_mobile_skin'], 'required'); ?>
|
||||
</td>
|
||||
</tr>
|
||||
<!--
|
||||
<tr>
|
||||
<th scope="row"><label for="co_tag_filter_use">태그 필터링 사용</label></th>
|
||||
<td>
|
||||
@ -114,6 +115,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
-->
|
||||
<tr>
|
||||
<th scope="row"><label for="co_include_head">상단 파일 경로</label></th>
|
||||
<td>
|
||||
|
||||
@ -24,6 +24,7 @@ $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
|
||||
$co_subject = strip_tags($co_subject);
|
||||
$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
|
||||
$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
|
||||
$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
|
||||
|
||||
// 관리자가 자동등록방지를 사용해야 할 경우
|
||||
if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
|
||||
|
||||
@ -406,8 +406,8 @@ tfoot th {}
|
||||
#anc_bo_extra label {display:inline-block;width:100px}
|
||||
#anc_bo_extra input {margin-right:10px}
|
||||
|
||||
/* 게시판 여분필드 값 input style 로빈아빠님 제안 */
|
||||
#anc_bo_extra input.extra-value-input {width:calc(100% - 370px);}
|
||||
/* 환경설정 및 게시판 여분필드 값 input style 로빈아빠님 제안 */
|
||||
#anc_bo_extra input.extra-value-input, #anc_cf_extra input.extra-value-input{width:calc(100% - 370px);}
|
||||
|
||||
/* 접속자집계 목록 */
|
||||
.tbl_visit_list td {text-align:center}
|
||||
|
||||
@ -120,6 +120,28 @@ else if ($w == 'u')
|
||||
if ($row['mb_id'])
|
||||
alert('이미 존재하는 이메일입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
|
||||
|
||||
if ($mb_password)
|
||||
$sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
|
||||
else
|
||||
$sql_password = "";
|
||||
|
||||
if ($passive_certify)
|
||||
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
|
||||
else
|
||||
$sql_certify = "";
|
||||
|
||||
$sql = " update {$g5['member_table']}
|
||||
set {$sql_common}
|
||||
{$sql_password}
|
||||
{$sql_certify}
|
||||
where mb_id = '{$mb_id}' ";
|
||||
sql_query($sql);
|
||||
}
|
||||
else
|
||||
alert('제대로 된 값이 넘어오지 않았습니다.');
|
||||
|
||||
if( $w == '' || $w == 'u' ){
|
||||
|
||||
$mb_dir = substr($mb_id,0,2);
|
||||
|
||||
// 회원 아이콘 삭제
|
||||
@ -212,26 +234,7 @@ else if ($w == 'u')
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($mb_password)
|
||||
$sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
|
||||
else
|
||||
$sql_password = "";
|
||||
|
||||
if ($passive_certify)
|
||||
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
|
||||
else
|
||||
$sql_certify = "";
|
||||
|
||||
$sql = " update {$g5['member_table']}
|
||||
set {$sql_common}
|
||||
{$sql_password}
|
||||
{$sql_certify}
|
||||
where mb_id = '{$mb_id}' ";
|
||||
sql_query($sql);
|
||||
}
|
||||
else
|
||||
alert('제대로 된 값이 넘어오지 않았습니다.');
|
||||
|
||||
goto_url('./member_form.php?'.$qstr.'&w=u&mb_id='.$mb_id, false);
|
||||
?>
|
||||
@ -76,7 +76,7 @@ $colspan = 7;
|
||||
<td class="td_category<?php echo $sub_menu_class; ?>">
|
||||
<input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>">
|
||||
<label for="me_name_<?php echo $i; ?>" class="sound_only"><?php echo $sub_menu_info; ?> 메뉴<strong class="sound_only"> 필수</strong></label>
|
||||
<input type="text" name="me_name[]" value="<?php echo $me_name; ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
|
||||
<input type="text" name="me_name[]" value="<?php echo get_sanitize_input($me_name); ?>" id="me_name_<?php echo $i; ?>" required class="required tbl_input full_input">
|
||||
</td>
|
||||
<td>
|
||||
<label for="me_link_<?php echo $i; ?>" class="sound_only">링크<strong class="sound_only"> 필수</strong></label>
|
||||
|
||||
@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++)
|
||||
{
|
||||
$_POST = array_map_deep('trim', $_POST);
|
||||
|
||||
$code = $_POST['code'][$i];
|
||||
$me_name = $_POST['me_name'][$i];
|
||||
$code = strip_tags($_POST['code'][$i]);
|
||||
$me_name = strip_tags($_POST['me_name'][$i]);
|
||||
$me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
|
||||
|
||||
if(!$code || !$me_name || !$me_link)
|
||||
@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++)
|
||||
set me_code = '$me_code',
|
||||
me_name = '$me_name',
|
||||
me_link = '$me_link',
|
||||
me_target = '{$_POST['me_target'][$i]}',
|
||||
me_order = '{$_POST['me_order'][$i]}',
|
||||
me_use = '{$_POST['me_use'][$i]}',
|
||||
me_mobile_use = '{$_POST['me_mobile_use'][$i]}' ";
|
||||
me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
|
||||
me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
|
||||
me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
|
||||
me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' ";
|
||||
sql_query($sql);
|
||||
}
|
||||
|
||||
|
||||
@ -131,22 +131,22 @@ function all_send()
|
||||
<tr>
|
||||
<td><?php echo $re_vnum--?></td>
|
||||
<!-- <td><input type=checkbox></td> -->
|
||||
<!-- <td><?php echo $res[wr_message]; ?></span></td>-->
|
||||
<!-- <td><?php echo $res[wr_reply]; ?></td>-->
|
||||
<!-- <td><?php echo $res['wr_message']; ?></span></td>-->
|
||||
<!-- <td><?php echo $res['wr_reply']; ?></td>-->
|
||||
<td><?php echo $res['wr_datetime']?></td>
|
||||
<td><?php echo number_format($res['wr_total'])?></td>
|
||||
<td><?php echo number_format($res['wr_success'])?></td>
|
||||
<td><?php echo number_format($res['wr_failure'])?></td>
|
||||
<td class="td_mng">
|
||||
<a href="./history_view.php?page=<?php echo $page?>&st=<?php echo $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $res['wr_no']?>&wr_renum=<?php echo $res['wr_renum']?>" class="btn btn_03">수정</a>
|
||||
<!-- <a href="./history_del.php?page=<?php echo $page?>&st=<?php echo $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $res[wr_no]?>&wr_renum=<?php echo $res[wr_renum]?>">삭제</a> -->
|
||||
<!-- <a href="./history_del.php?page=<?php echo $page?>&st=<?php echo $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $res['wr_no']?>&wr_renum=<?php echo $res['wr_renum']?>">삭제</a> -->
|
||||
</td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php } ?>
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
<?php
|
||||
if( $write['wr_memo'] ){
|
||||
|
||||
Reference in New Issue
Block a user