그누보드 5.2.9 업데이트 적용

SmarTools-OSS · Jul 4, 2017 · ef3d55b · ef3d55b
1 parent 09e0e4b
commit ef3d55b
Show file tree

Hide file tree

Showing 108 changed files with 32,278 additions and 23,393 deletions.
diff --git a/_st/core/ST.php b/_st/core/ST.php
@@ -1,9 +1,7 @@
 <?php if (!defined('_GNUBOARD_')) exit;
 
-define('ST_VER', '5.2.6.5');
-define('ST_VER_DATE', '2017.01.30');
-//define('ST_VER', '5.2.4.4');
-//define('ST_VER_DATE', '2016.11.29');
+define('ST_VER', '5.2.9.6');
+define('ST_VER_DATE', '2017.07.04');
 
 require_once ST_PATH.'/helpers/st_helper.php';
 require_once 'ST_Config.php';

diff --git a/adm/_common.php b/adm/_common.php
@@ -2,4 +2,8 @@
 define('G5_IS_ADMIN', true);
 include_once ('../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
+
+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
 ?>
diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
@@ -2,6 +2,8 @@
 $sub_menu = '300100';
 include_once('./_common.php');
 
+check_demo();
+
 auth_check($auth[$sub_menu], 'w');
 
 check_admin_token();

diff --git a/adm/board_form_update.php b/adm/board_form_update.php
@@ -35,6 +35,14 @@
     $_POST['bo_include_tail'] = $file;
 }
 
+if(!is_include_path_check($_POST['bo_include_head'])) {
+    alert('/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.');
+}
+
+if(!is_include_path_check($_POST['bo_include_tail'])) {
+    alert('/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.');
+}
+
 $board_path = G5_DATA_PATH.'/file/'.$bo_table;
 
 // 게시판 디렉토리 생성

diff --git a/adm/board_list.php b/adm/board_list.php
@@ -63,7 +63,7 @@
 
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_subject", true); ?>>TABLE</option>
+    <option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_table", true); ?>>TABLE</option>
     <option value="bo_subject"<?php echo get_selected($_GET['sfl'], "bo_subject"); ?>>제목</option>
     <option value="a.gr_id"<?php echo get_selected($_GET['sfl'], "a.gr_id"); ?>>그룹ID</option>
 </select>

diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
@@ -18,6 +18,18 @@
 if ($co_himg_del)  @unlink(G5_DATA_PATH."/content/{$co_id}_h");
 if ($co_timg_del)  @unlink(G5_DATA_PATH."/content/{$co_id}_t");
 
+$error_msg = '';
+
+if( $co_include_head && ! is_include_path_check($co_include_head) ){
+    $co_include_head = '';
+    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.';
+}
+
+if( $co_include_tail && ! is_include_path_check($co_include_tail) ){
+    $co_include_tail = '';
+    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
+}
+
 $sql_common = " co_include_head     = '$co_include_head',
                 co_include_tail     = '$co_include_tail',
                 co_html             = '$co_html',
@@ -74,7 +86,11 @@
         @chmod($dest_path, G5_FILE_PERMISSION);
     }
 
-    goto_url("./contentform.php?w=u&amp;co_id=$co_id");
+    if( $error_msg ){
+        alert($error_msg, "./contentform.php?w=u&amp;co_id=$co_id");
+    } else {
+        goto_url("./contentform.php?w=u&amp;co_id=$co_id");
+    }
 }
 else
 {

diff --git a/adm/css/admin.css b/adm/css/admin.css
@@ -311,6 +311,7 @@ tfoot td {font-weight:bold;text-align:center}
 #menu_frm #menu_result {margin:20px 0}
 
 #menulist .sub_menu_class {padding-left:25px;background:url('../img/sub_menu_ico.gif') 5px 15px no-repeat}
+.exist_menu_link {font-weight:bold;color:red}
 
 /* 회원관리 목록 */
 .mb_leave_msg {color:#b6b6b6}

diff --git a/adm/menu_form.php b/adm/menu_form.php
@@ -43,13 +43,57 @@
         "./menu_form_search.php"
     );
 
-    $("#me_type").on("change", function() {
-        var type = $(this).val();
+    function link_checks_all_chage(){
+
+        var $links = $(opener.document).find("#menulist input[name='me_link[]']"),
+            $o_link = $(".td_mngsmall input[name='link[]']"),
+            hrefs = [],
+            menu_exist = false;
+
+        if( $links.length ){
+            $links.each(function( index ) {
+                hrefs.push( $(this).val() );
+            });
+
+            $o_link.each(function( index ) {
+                if( $.inArray( $(this).val(), hrefs ) != -1 ){
+                    $(this).closest("tr").find("td:eq( 0 )").addClass("exist_menu_link");
+                    menu_exist = true;
+                }
+            });
+        }
+
+        if( menu_exist ){
+            $(".menu_exists_tip").show();
+        } else {
+            $(".menu_exists_tip").hide();
+        }
+    }
+
+    function menu_result_change( type ){
+
+        var dfd = new $.Deferred();
 
         $("#menu_result").empty().load(
             "./menu_form_search.php",
-            { type : type }
+            { type : type },
+            function(){
+                dfd.resolve('Finished');
+            }
         );
+
+        return dfd.promise();
+    }
+
+    $("#me_type").on("change", function() {
+        var type = $(this).val();
+
+        var promise = menu_result_change( type );
+
+        promise.done(function(message) {
+            link_checks_all_chage(type);
+        });
+
     });
 
     $(document).on("click", "#add_manual", function() {

diff --git a/adm/menu_form_search.php b/adm/menu_form_search.php
@@ -11,7 +11,7 @@
                     order by gr_order, gr_id ";
         break;
     case 'board':
-        $sql = " select bo_table as id, bo_subject as subject
+        $sql = " select bo_table as id, bo_subject as subject, gr_id
                     from {$g5['board_table']}
                     order by bo_order, bo_table ";
         break;
@@ -32,13 +32,18 @@
 
     for($i=0; $row=sql_fetch_array($result); $i++) {
         if($i == 0) {
+
+    $bbs_subject_title = ($type == 'board') ? '게시판제목' : '제목';
 ?>
 
 <div class="tbl_head01 tbl_wrap">
     <table>
     <thead>
     <tr>
-        <th scope="col">제목</th>
+        <th scope="col"><?php echo $bbs_subject_title; ?></th>
+        <?php if($type == 'board'){ ?>
+            <th scope="col">게시판 그룹</th>
+        <?php } ?>
         <th scope="col">선택</th>
     </tr>
     </thead>
@@ -63,6 +68,12 @@
 
     <tr>
         <td><?php echo $row['subject']; ?></td>
+        <?php
+        if($type == 'board'){
+        $group = get_call_func_cache('get_group', array($row['gr_id']));
+        ?>
+        <td><?php echo $group['gr_subject']; ?></td>
+        <?php } ?>
         <td class="td_mngsmall">
             <input type="hidden" name="subject[]" value="<?php echo preg_replace('/[\'\"]/', '', $row['subject']); ?>">
             <input type="hidden" name="link[]" value="<?php echo $link; ?>">
@@ -76,6 +87,10 @@
     </table>
 </div>
 
+<div class="local_desc01 menu_exists_tip" style="display:none">
+    <p>* <strong>빨간색</strong>의 제목은 이미 메뉴에 연결되어 경우 표시됩니다.</p>
+</div>
+
 <div class="btn_win02 btn_win">
     <button type="button" class="btn_cancel" onclick="window.close();">창닫기</button>
 </div>

diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php
@@ -8,6 +8,18 @@
 
 check_admin_token();
 
+$error_msg = '';
+
+if( $qa_include_head && ! is_include_path_check($qa_include_head) ){
+    $qa_include_head = '';
+    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.';
+}
+
+if( $qa_include_tail && ! is_include_path_check($qa_include_tail) ){
+    $qa_include_tail = '';
+    $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
+}
+
 $sql = " update {$g5['qa_config_table']}
             set qa_title                = '{$_POST['qa_title']}',
                 qa_category             = '{$_POST['qa_category']}',
@@ -29,8 +41,8 @@
                 qa_image_width          = '{$_POST['qa_image_width']}',
                 qa_upload_size          = '{$_POST['qa_upload_size']}',
                 qa_insert_content       = '{$_POST['qa_insert_content']}',
-                qa_include_head         = '{$_POST['qa_include_head']}',
-                qa_include_tail         = '{$_POST['qa_include_tail']}',
+                qa_include_head         = '{$qa_include_head}',
+                qa_include_tail         = '{$qa_include_tail}',
                 qa_content_head         = '{$_POST['qa_content_head']}',
                 qa_content_tail         = '{$_POST['qa_content_tail']}',
                 qa_mobile_content_head  = '{$_POST['qa_mobile_content_head']}',
@@ -47,5 +59,9 @@
                 qa_5                    = '{$_POST['qa_5']}' ";
 sql_query($sql);
 
-goto_url('./qa_config.php');
+if($error_msg){
+    alert($error_msg, './qa_config.php');
+} else {
+    goto_url('./qa_config.php');
+}
 ?>
diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
@@ -12,5 +12,11 @@
     //$sms5 = sql_fetch("select * from ".$g5['sms5_config_table'] );
 }
 
+$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
+
+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
+
 add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
 ?>
diff --git a/adm/visit_date.php b/adm/visit_date.php
@@ -71,6 +71,7 @@
     </tr>
 
     <?php
+        $i++;
         }
     } else {
         echo '<tr><td colspan="'.$colspan.'" class="empty_table">자료가 없습니다.</td></tr>';

diff --git a/adm/visit_month.php b/adm/visit_month.php
@@ -72,6 +72,7 @@
     </tr>
 
     <?php
+        $i++;
         }
 
 

diff --git a/adm/visit_search.php b/adm/visit_search.php
@@ -44,7 +44,7 @@
     <?php
     $sql_common = " from {$g5['visit_table']} ";
     if ($sfl) {
-        if($sst=='vi_ip' || $sst=='vi_date'){
+        if($sfl=='vi_ip' || $sfl=='vi_date'){
             $sql_search = " where $sfl like '$stx%' ";
         }else{
             $sql_search = " where $sfl like '%$stx%' ";

diff --git a/bbs/board_head.php b/bbs/board_head.php
@@ -7,7 +7,11 @@
     include_once(G5_BBS_PATH.'/_head.php');
     echo stripslashes($board['bo_mobile_content_head']);
 } else {
-    @include ($board['bo_include_head']);
+    if(is_include_path_check($board['bo_include_head'])) {  //파일경로 체크
+        @include ($board['bo_include_head']);
+    } else {    //파일경로가 올바르지 않으면 기본파일을 가져옴
+        include_once(G5_BBS_PATH.'/_head.php');
+    }
     echo stripslashes($board['bo_content_head']);
 }
 ?>
diff --git a/bbs/board_tail.php b/bbs/board_tail.php
@@ -8,6 +8,10 @@
     include_once(G5_BBS_PATH.'/_tail.php');
 } else {
     echo stripslashes($board['bo_content_tail']);
-    @include ($board['bo_include_tail']);
+    if(is_include_path_check($board['bo_include_tail'])) {  //파일경로 체크
+        @include ($board['bo_include_tail']);
+    } else {    //파일경로가 올바르지 않으면 기본파일을 가져옴
+        include_once(G5_BBS_PATH.'/_tail.php');
+    }
 }
 ?>
diff --git a/bbs/content.php b/bbs/content.php
@@ -19,7 +19,7 @@
 
 $g5['title'] = $co['co_subject'];
 
-if ($co['co_include_head'])
+if (is_include_path_check($co['co_include_head']))
     @include_once($co['co_include_head']);
 else
     include_once('./_head.php');
@@ -85,7 +85,7 @@
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
 }
 
-if ($co['co_include_tail'])
+if (is_include_path_check($co['co_include_tail']))
     @include_once($co['co_include_tail']);
 else
     include_once('./_tail.php');

diff --git a/bbs/delete.php b/bbs/delete.php
@@ -134,5 +134,5 @@
 
 delete_cache_latest($bo_table);
 
-goto_url('./board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr);
+goto_url(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr);
 ?>
diff --git a/bbs/delete_all.php b/bbs/delete_all.php
@@ -156,5 +156,5 @@
 
 delete_cache_latest($bo_table);
 
-goto_url('./board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr);
+goto_url(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr);
 ?>
diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php
@@ -84,5 +84,5 @@
 
 delete_cache_latest($bo_table);
 
-goto_url('./board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr);
+goto_url(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr);
 ?>