Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
영카트5.0.34 수정내역 적용
Browse files Browse the repository at this point in the history
  • Loading branch information
chicpro committed May 19, 2015
1 parent ec1a9c8 commit b5d1def
Show file tree
Hide file tree
Showing 13 changed files with 40 additions and 18 deletions.
1 change: 0 additions & 1 deletion adm/boardgroupmember_form.php
View file
Expand Up @@ -76,7 +76,6 @@
$sql .= " order by a.gr_id desc ";
$result = sql_query($sql);
for ($i=0; $row=sql_fetch_array($result); $i++) {
$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
?>
<tr>
<td class="td_chk">
Expand Down
2 changes: 0 additions & 2 deletions adm/boardgroupmember_list.php
View file
Expand Up @@ -104,8 +104,6 @@
if ($row2['cnt'])
$group = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">'.$row2['cnt'].'</a>';

//$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';

$mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);

$bg = 'bg'.($i%2);
Expand Down
1 change: 0 additions & 1 deletion adm/mail_list.php
View file
Expand Up @@ -52,7 +52,6 @@
<tbody>
<?php
for ($i=0; $row=mysql_fetch_array($result); $i++) {
//$s_del = '<a href="javascript:post_delete(\'mail_update.php\', '.$row['ma_id'].');">삭제</a>';
$s_vie = '<a href="./mail_preview.php?ma_id='.$row['ma_id'].'" target="_blank">미리보기</a>';

$num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i);
Expand Down
2 changes: 0 additions & 2 deletions adm/member_list.php
View file
Expand Up @@ -158,10 +158,8 @@

if ($is_admin == 'group') {
$s_mod = '';
$s_del = '';
} else {
$s_mod = '<a href="./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
//$s_del = '<a href="javascript:post_delete(\'member_delete.php\', \''.$row['mb_id'].'\');">삭제</a>';
}
$s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

Expand Down
1 change: 0 additions & 1 deletion adm/poll_list.php
View file
Expand Up @@ -106,7 +106,6 @@
$po_etc = ($row['po_etc']) ? "사용" : "미사용";

$s_mod = '<a href="./poll_form.php?'.$qstr.'&amp;w=u&amp;po_id='.$row['po_id'].'">수정</a>';
//$s_del = '<a href="javascript:post_delete(\'poll_form_update.php\', \''.$row['po_id'].'\');">삭제</a>';

$bg = 'bg'.($i%2);
?>
Expand Down
4 changes: 2 additions & 2 deletions adm/visit_list.php
View file
Expand Up @@ -75,8 +75,8 @@
else
$ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);

if ($brow == '기타') { $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>'; }
if ($os == '기타') { $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>'; }
if ($brow == '기타') { $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>'; }
if ($os == '기타') { $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>'; }

$bg = 'bg'.($i%2);
?>
Expand Down
4 changes: 2 additions & 2 deletions adm/visit_search.php
View file
Expand Up @@ -92,8 +92,8 @@
else
$ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);

if ($brow == '기타') $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>';
if ($os == '기타') $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>';
if ($brow == '기타') $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>';
if ($os == '기타') $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>';

$bg = 'bg'.($i%2);
?>
Expand Down
3 changes: 3 additions & 0 deletions bbs/alert.php
View file
Expand Up @@ -32,6 +32,9 @@

if (!$url) $url = $_SERVER['HTTP_REFERER'];

// url 체크
check_url_host($url);

if($error) {
$header2 = "다음 항목에 오류가 있습니다.";
} else {
Expand Down
5 changes: 5 additions & 0 deletions bbs/confirm.php
View file
@@ -1,6 +1,11 @@
<?php
include_once('./_common.php');
include_once(G5_PATH.'/head.sub.php');

// url 체크
check_url_host($url1);
check_url_host($url2);
check_url_host($url3);
?>

<script>
Expand Down
8 changes: 2 additions & 6 deletions bbs/login.php
View file
Expand Up @@ -6,12 +6,8 @@

$url = $_GET['url'];

$p = parse_url($url);
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
//print_r2($p);
if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
alert('url에 타 도메인을 지정할 수 없습니다.');
}
// url 체크
check_url_host($url);

// 이미 로그인 중이라면
if ($is_member) {
Expand Down
3 changes: 3 additions & 0 deletions bbs/login_check.php
View file
Expand Up @@ -65,6 +65,9 @@
}

if ($url) {
// url 체크
check_url_host($url);

$link = urldecode($url);
// 2003-06-14 추가 (다른 변수들을 넘겨주기 위함)
if (preg_match("/\?/", $link))
Expand Down
2 changes: 1 addition & 1 deletion bbs/visit_insert.inc.php
View file
Expand Up @@ -14,7 +14,7 @@
$referer = "";
if (isset($_SERVER['HTTP_REFERER']))
$referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
$user_agent = escape_trim($_SERVER['HTTP_USER_AGENT']);
$user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
$sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";

$result = sql_query($sql, FALSE);
Expand Down
22 changes: 22 additions & 0 deletions lib/common.lib.php
View file
Expand Up @@ -2859,4 +2859,26 @@ function check_password($pass, $hash)

return ($password === $hash);
}

// 동일한 host url 인지
function check_url_host($url, $msg='', $return_url=G5_URL)
{
if(!$msg)
$msg = 'url에 타 도메인을 지정할 수 없습니다.';

$p = parse_url($url);
if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
echo '<script>'.PHP_EOL;
echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;
echo '</script>'.PHP_EOL;
echo '<noscript>'.PHP_EOL;
echo '<p>'.$msg.'</p>'.PHP_EOL;
echo '<p><a href="'.$return_url.'">돌아가기</a></p>'.PHP_EOL;
echo '</noscript>'.PHP_EOL;
exit;
}
}
}
?>

0 comments on commit b5d1def

Please sign in to comment.