2.4.11

.gitignore

@@ -1 +1 @@
-data/
+/data/

app/sign.php

@@ -118,7 +118,7 @@ public function init()
         $mbinfo = array(
             'id' => $sql->fetch('mb_id'),
             'idx' => $sql->fetch('mb_idx'),
-            'remote_addr' => (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']
+            'remote_addr' => MB_REMOTE_ADDR
         );
 
         // 로그인 session 처리
@@ -405,7 +405,7 @@ public function init()
 
         // insert
         $mbchk_var = ($CONF['use_emailchk'] == 'Y') ? 'N' : 'Y';
-        $remote_addr = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+        $remote_addr = MB_REMOTE_ADDR;
 
         $sql->query(
             "

app/sub/view.php

@@ -38,7 +38,7 @@ public function init()
     {
         $this->layout()->category_key(3);
         $this->layout()->head();
-        $this->layout()->view(PH_THEME_PATH.'/html/sub/manager.tpl.php'); // view(template) 파일과 결합하는 경우 view 경로 지정
+        $this->layout()->view(PH_THEME_PATH.'/html/sub/manager.tpl.php', false);
         $this->layout()->foot();
     }
 

lib/blocked.class.php

@@ -10,7 +10,7 @@ static public function get_qry()
     {
         global $ip_qry;
 
-        $ip_ex = explode('.', $_SERVER['REMOTE_ADDR']);
+        $ip_ex = explode('.', MB_REMOTE_ADDR);
         $ip_qry = array();
 
         for ($i = 0; $i < count($ip_ex); $i++) {
@@ -37,7 +37,7 @@ static public function chk_block()
 
         $localhosts = array('127.0.0.1', '::1', 'localhost', '255.255.255.0');
 
-        if (in_array($_SERVER['REMOTE_ADDR'], $localhosts)) return false;
+        if (in_array(MB_REMOTE_ADDR, $localhosts)) return false;
 
         $sql = new Pdosql();
 

lib/functions.class.php

@@ -416,7 +416,7 @@ static public function chk_captcha($val)
 
         // google recaptcha 검증
         if ($CONF['use_recaptcha'] == 'Y') {
-            $url = SET_GRECAPTCHA_URL[1].$CONF['recaptcha_key2'].'&response='.$val.'&remoteip='.$_SERVER['REMOTE_ADDR'];
+            $url = SET_GRECAPTCHA_URL[1].$CONF['recaptcha_key2'].'&response='.$val.'&remoteip='.MB_REMOTE_ADDR;
             $req = self::url_get_contents($url);
 
             return ($req['data']['success']) ? true : false;

lib/method.class.php

@@ -62,13 +62,31 @@ static function security($type)
         $type = strtolower($type);
 
         if ($type == 'referer') {
-            $referer_http_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
-            if (!isset($_SERVER['HTTP_REFERER']) || !preg_match(";{$referer_http_host};", $_SERVER['HTTP_REFERER'])) Func::core_err(ERR_MSG_1);
+            $referer_http_host = array();
+
+            if (isset($_SERVER['HTTP_X_FORWARDED_HOST']) && !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+                $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
+                $referer_http_host = array_merge($referer_http_host, $hosts);
+
+            } else if (isset($_SERVER['HTTP_HOST']) && !empty($_SERVER['HTTP_HOST'])) {
+                $referer_http_host[] = $_SERVER['HTTP_HOST'];
+
+            } else {
+                Func::core_err(ERR_MSG_1);
+            }
+
+            $match_count = 0;
+
+            foreach ($referer_http_host as $key => $value) {
+                if (isset($_SERVER['HTTP_REFERER']) && preg_match(";".trim($value).";", $_SERVER['HTTP_REFERER'])) $match_count++;
+            }
+
+            if ($match_count < 1) Func::core_err(ERR_MSG_1);
 
-        } elseif ($type == 'request_get') {
+        } else if ($type == 'request_get') {
             if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') Func::core_err(ERR_MSG_1);
 
-        } elseif ($type == 'request_post') {
+        } else if ($type == 'request_post') {
             if (strtolower($_SERVER['REQUEST_METHOD']) == 'get') Func::core_err(ERR_MSG_1);
         }
     }

lib/pdo.class.php

@@ -205,7 +205,7 @@ public function etcfd_exp($exp)
 
         for ($i = 0; $i < 10; $i++) {
             if (!isset($ex[$i])) $ex[$i] = '';
-            $ex[$i] = str_replace('|', '&vert;', $ex[$i]);
+            $ex[$i] = str_replace('|', "&vert;", $ex[$i]);
         }
 
         return implode('|', $ex);

lib/session.class.php

@@ -81,7 +81,7 @@ public function read($key)
                 array(
                     $key,
                     $this->expiry,
-                    $_SERVER['REMOTE_ADDR']
+                    MB_REMOTE_ADDR
                 )
             );
 

lib/statistic.class.php

@@ -17,7 +17,7 @@ static public function rec_visitcount()
 
             $user_info = array(
                 'device' => Func::chkdevice(),
-                'remote_addr' => (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'],
+                'remote_addr' => MB_REMOTE_ADDR,
                 'user_agent' => ($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''
             );
 

lib/variable.inc.php

@@ -86,6 +86,12 @@
 define('IS_MEMBER', Session::is_sess('MB_IDX'));
 define('MB_IDX', (IS_MEMBER) ? Session::sess('MB_IDX') : null);
 
+// 클라이언트 IP 획득
+$remote_addr = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+$remote_addr_exp = explode(',', $remote_addr); 
+define('MB_REMOTE_ADDR', $remote_addr_exp[0]);
+
+// 회원 기본 정보
 $MB = array();
 
 if (IS_MEMBER) {

mod/board/controller/comment.php

@@ -341,7 +341,7 @@ private function get_write()
             insert into {$sql->table("mod:board_cmt_".$board_id)}
             (`ln`, `rn`, `bo_idx`, `mb_idx`, `writer`, `comment`, `ip`, `regdate`, `cmt_1`, `cmt_2`, `cmt_3`, `cmt_4`, `cmt_5`, `cmt_6`, `cmt_7`, `cmt_8`, `cmt_9`, `cmt_10`)
             values
-            (:col1, :col2, :col3, :col4, :col5, :col6, '{$_SERVER['REMOTE_ADDR']}', now(), :col7, :col8, :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16)
+            (:col1, :col2, :col3, :col4, :col5, :col6, '".MB_REMOTE_ADDR."', now(), :col7, :col8, :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16)
             ",
             array(
                 $ln_arr['ln_max'], 0, $req['read'], $mb_idx, $writer, $req['comment'], $req['cmt_1'], $req['cmt_2'],
@@ -457,7 +457,7 @@ private function get_reply()
             insert into {$sql->table("mod:board_cmt_".$board_id)}
             (`parent_mb_idx`, `parent_writer`, `ln`, `rn`, `bo_idx`, `mb_idx`, `writer`, `comment`, `ip`, `regdate`, `cmt_1`, `cmt_2`, `cmt_3`, `cmt_4`, `cmt_5`, `cmt_6`, `cmt_7`, `cmt_8`, `cmt_9`, `cmt_10`)
             values
-            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, '{$_SERVER['REMOTE_ADDR']}', now(), :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16, :col17, :col18)
+            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, '".MB_REMOTE_ADDR."', now(), :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16, :col17, :col18)
             ",
             array(
                 $parent_mb_idx, $parent_writer, $ln_isrt, $rn_next, $req['read'], $mb_idx, $writer, $req['re_comment'], $req['cmt_1'], $req['cmt_2'], $req['cmt_3'], $req['cmt_4'], $req['cmt_5'],
@@ -533,7 +533,7 @@ private function get_modify()
         $sql->query(
             "
             update {$sql->table("mod:board_cmt_".$board_id)}
-            set `writer`=:col2, `comment`=:col3, ip='{$_SERVER['REMOTE_ADDR']}', `cmt_1`=:col4, `cmt_2`=:col5, `cmt_3`=:col6, `cmt_4`=:col7, `cmt_5`=:col8, `cmt_6`=:col9, `cmt_7`=:col10, `cmt_8`=:col11, `cmt_9`=:col12, `cmt_10`=:col13
+            set `writer`=:col2, `comment`=:col3, ip='".MB_REMOTE_ADDR."', `cmt_1`=:col4, `cmt_2`=:col5, `cmt_3`=:col6, `cmt_4`=:col7, `cmt_5`=:col8, `cmt_6`=:col9, `cmt_7`=:col10, `cmt_8`=:col11, `cmt_9`=:col12, `cmt_10`=:col13
             where `idx`=:col1
             ",
             array(

mod/board/controller/file.php

@@ -25,10 +25,11 @@ public function init()
         if (!$board_id || !$req['idx'] || !$req['file']) Func::err('필수 값이 누락 되었습니다.');
 
         // 게시글의 첨부파일 정보 불러옴
+        $board_data_table = str_replace(['`', '\`'], '', $sql->table("mod:board_data_".addslashes($board_id)));
         $sql->query(
             "
             select *
-            from {$sql->table("mod:board_data_".addslashes($board_id))}
+            from {$board_data_table}
             where `idx`=:col1
             ",
             array(
@@ -101,7 +102,7 @@ public function init()
         // 파일 다운로드 횟수 증가
         $sql->query(
             "
-            update {$sql->table("mod:board_data_".$board_id)}
+            update {$board_data_table}
             set `file{$req['file']}_cnt` = `file{$req['file']}_cnt` + 1
             where `idx`={$req['idx']}
             ", []

mod/board/controller/pop.php

@@ -335,12 +335,18 @@ private function get_move()
                 // 대상 게시판이 존재하는지 검증
                 if ($sql->table_exists(DB_PREFIX.'_mod_board_data_'.$t_board_id)) Valid::error('', '대상 게시판 id 값이 올바르지 않습니다.');
 
+                // table 정의
+                $board_data_table = str_replace(['`', '\`'], '', $sql->table("mod:board_data_".addslashes($board_id)));
+                $t_board_data_table = str_replace(['`', '\`'], '', $sql->table("mod:board_data_".addslashes($t_board_id)));
+                $board_cmt_table = str_replace(['`', '\`'], '', $sql->table("mod:board_cmt_".addslashes($board_id)));
+                $t_board_cmt_table = str_replace(['`', '\`'], '', $sql->table("mod:board_cmt_".addslashes($t_board_id)));
+
                 // 자식글의 범위를 구함
                 $ln_where = 'ln>'.$ln_min.' and ln<='.$ln_max;
                 $sql->query(
                     "
                     select *
-                    from {$sql->table("mod:board_data_".$board_id)}
+                    from {$board_data_table}
                     where $ln_where
                     ", []
                 );
@@ -349,7 +355,7 @@ private function get_move()
                 $cp_sql->query(
                     "
                     select max(`ln`)+1000 as ln_max
-                    from {$cp_sql->table("mod:board_data_".$t_board_id)}
+                    from {$t_board_data_table}
                     order by `ln` desc
                     limit 1
                     ", []
@@ -406,7 +412,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         insert into
-                        {$cp_sql->table("mod:board_data_".$t_board_id)}
+                        {$t_board_data_table}
                         (`category`, `ln`, `rn`, `mb_idx`, `mb_id`, `writer`, `pwd`, `email`, `article`, `subject`, `file1`, `file1_cnt`, `file2`, `file2_cnt`, `use_secret`, `use_html`, `use_email`, `view`, `ip`, `regdate`, `dregdate`, `data_1`, `data_2`, `data_3`, `data_4`, `data_5`, `data_6`, `data_7`, `data_8`, `data_9`, `data_10`)
                         values
                         (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16, :col17, :col18, :col19, now(), :col20, :col21, :col22, :col23, :col24, :col25, :col26, :col27, :col28, :col29, :col30)
@@ -422,7 +428,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         select `idx`
-                        from {$cp_sql->table("mod:board_data_".$t_board_id)}
+                        from {$t_board_data_table}
                         where `ln`=:col1
                         ",
                         array(
@@ -448,7 +454,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         select max(`ln`)+1000 as ln_max
-                        from {$cp_sql->table("mod:board_data_".$t_board_id)}
+                        from {$t_board_data_table}
                         order by `ln` desc
                         limit 1
                         ", []
@@ -462,7 +468,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         select *
-                        from {$cp_sql->table("mod:board_cmt_".$board_id)}
+                        from {$board_cmt_table}
                         where `bo_idx`=:col1
                         ",
                         array(
@@ -479,7 +485,7 @@ private function get_move()
                             $cp_sql2->query(
                                 "
                                 insert into
-                                {$cp_sql2->table("mod:board_cmt_".$t_board_id)}
+                                {$t_board_cmt_table}
                                 (`ln`, `rn`, `bo_idx`, `mb_idx`, `writer`, `parent_writer`, `parent_mb_idx`, `comment`, `ip`, `regdate`, `cmt_1`, `cmt_2`, `cmt_3`, `cmt_4`, `cmt_5`, `cmt_6`, `cmt_7`, `cmt_8`, `cmt_9`, `cmt_10`)
                                 values
                                 (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16, :col17, :col18, :col19, :col20)
@@ -497,7 +503,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         delete
-                        from {$cp_sql->table("mod:board_cmt_".$board_id)}
+                        from {$board_cmt_table}
                         where `bo_idx`=:col1
                         ",
                         array(
@@ -509,7 +515,7 @@ private function get_move()
                     $cp_sql->query(
                         "
                         delete
-                        from {$cp_sql->table("mod:board_data_".$board_id)}
+                        from {$board_data_table}
                         where `idx`=:col1
                         ",
                         array(
@@ -556,11 +562,17 @@ private function get_copy()
             // 대상 게시판이 존재하는지 검증
             if ($sql->table_exists(DB_PREFIX.'_mod_board_data_'.$t_board_id)) Valid::error('', '대상 게시판 id 값이 올바르지 않습니다.');
 
+            // table 정의
+            $board_data_table = str_replace(['`', '\`'], '', $sql->table("mod:board_data_".addslashes($board_id)));
+            $t_board_data_table = str_replace(['`', '\`'], '', $sql->table("mod:board_data_".addslashes($t_board_id)));
+            $board_cmt_table = str_replace(['`', '\`'], '', $sql->table("mod:board_cmt_".addslashes($board_id)));
+            $t_board_cmt_table = str_replace(['`', '\`'], '', $sql->table("mod:board_cmt_".addslashes($t_board_id)));
+
             // 원본글의 정보를 불러옴
             $sql->query(
                 "
                 select *
-                from {$sql->table("mod:board_data_".$board_id)}
+                from {$board_data_table}
                 where `idx`=:col1
                 ",
                 array(
@@ -578,7 +590,7 @@ private function get_copy()
                 $sql->query(
                     "
                     select max(`ln`)+1000 as ln_max
-                    from {$sql->table("mod:board_data_".$t_board_id)}
+                    from {$t_board_data_table}
                     order by `ln` desc
                     limit 1
                     ", []
@@ -624,7 +636,7 @@ private function get_copy()
                 $sql->query(
                     "
                     insert into
-                    {$sql->table("mod:board_data_".$t_board_id)}
+                    {$t_board_data_table}
                     (`category`, `ln`, `rn`, `mb_idx`, `mb_id`, `writer`, `pwd`, `email`, `article`, `subject`, `file1`, `file1_cnt`, `file2`, `file2_cnt`, `use_secret`, `use_html`, `use_email`, `view`, `ip`, `regdate`, `dregdate`, `data_1`, `data_2`, `data_3`, `data_4`, `data_5`, `data_6`, `data_7`, `data_8`, `data_9`, `data_10`)
                     values
                     (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, :col13, :col14, :col15, :col16, :col17, :col18, :col19, now(), :col20, :col21, :col22, :col23, :col24, :col25, :col26, :col27, :col28, :col29, :col30)

mod/board/controller/write.php

@@ -763,7 +763,7 @@ private function get_write()
             insert into {$sql->table("mod:board_data_".$board_id)}
             (`category`, `mb_idx`, `mb_id`, `writer`, `pwd`, `email`, `article`, `subject`, `file1`, `file2`, `use_secret`, `use_notice`, `use_html`, `use_email`, `ip`, `ln`, `rn`, `data_1`, `data_2`, `data_3`, `data_4`, `data_5`, `data_6`, `data_7`, `data_8`, `data_9`, `data_10`, `regdate`)
             values
-            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, 'Y', :col13, '{$_SERVER['REMOTE_ADDR']}', :col14, :col15, :col16, :col17, :col18, :col19, :col20, :col21, :col22, :col23, :col24, :col25, :col26)
+            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, 'Y', :col13, '".MB_REMOTE_ADDR."', :col14, :col15, :col16, :col17, :col18, :col19, :col20, :col21, :col22, :col23, :col24, :col25, :col26)
             ",
             array(
                 $req['category'], $MB['idx'], $MB['id'], $req['writer'], $req['password'], $req['email'], $req['article'], $req['subject'], (isset($ufile[1])) ? $ufile[1]['ufile_name'] : '',
@@ -874,7 +874,7 @@ private function get_modify()
             "
             update {$sql->table("mod:board_data_".$board_id)}
             set `category`=:col2, `writer`=:col3, `pwd`=:col4, `email`=:col5, `article`=:col6, `subject`=:col7, `file1`=:col8, `file2`=:col9, `use_secret`=:col10, `use_notice`=:col11,
-            use_html='Y', `use_email`=:col12, `ip`='{$_SERVER['REMOTE_ADDR']}', `regdate`=:col13, `data_1`=:col14, `data_2`=:col15, `data_3`=:col16, `data_4`=:col17, `data_5`=:col18, `data_6`=:col19, `data_7`=:col20, `data_8`=:col21, `data_9`=:col22, `data_10`=:col23
+            use_html='Y', `use_email`=:col12, `ip`='".MB_REMOTE_ADDR."', `regdate`=:col13, `data_1`=:col14, `data_2`=:col15, `data_3`=:col16, `data_4`=:col17, `data_5`=:col18, `data_6`=:col19, `data_7`=:col20, `data_8`=:col21, `data_9`=:col22, `data_10`=:col23
             where `idx`=:col1
             ",
             array(
@@ -958,7 +958,7 @@ private function get_reply()
             insert into {$sql->table("mod:board_data_".$board_id)}
             (`category`, `mb_idx`, `mb_id`, `writer`, `pwd`, `email`, `article`, `subject`, `file1`, `file2`, `use_secret`, `use_notice`, `use_html`, `use_email`, `ip`, `regdate`, `ln`, `rn`, `data_1`, `data_2`, `data_3`, `data_4`, `data_5`, `data_6`, `data_7`, `data_8`, `data_9`, `data_10`)
             values
-            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, 'Y', :col13, '{$_SERVER['REMOTE_ADDR']}', now(), :col14, :col15, :col16, :col17, :col18, :col19, :col20, :col21, :col22, :col23, :col24, :col25)
+            (:col1, :col2, :col3, :col4, :col5, :col6, :col7, :col8, :col9, :col10, :col11, :col12, 'Y', :col13, '".MB_REMOTE_ADDR."', now(), :col14, :col15, :col16, :col17, :col18, :col19, :col20, :col21, :col22, :col23, :col24, :col25)
             ",
             array(
                 $org_arr['category'], $MB['idx'], $MB['id'], $req['writer'], $req['password'], $req['email'], $req['article'], $req['subject'], (isset($ufile[1])) ? $ufile[1]['ufile_name'] : '',

mod/board/manage.set/module.info.xml

@@ -2,8 +2,8 @@
 <module>
     <name>게시판</name>
     <developer>zigger</developer>
-    <version>1.6.0</version>
+    <version>1.6.1</version>
     <develDate>2021.12.02</develDate>
-    <updateDate>2024.02.17</updateDate>
+    <updateDate>2024.03.31</updateDate>
     <website>https://www.zigger.net</website>
 </module>