From 9233b02ba97c81c1ab8101bffb3658acbda0111c Mon Sep 17 00:00:00 2001 From: Arcturus Date: Sat, 28 Sep 2024 13:03:15 +0900 Subject: [PATCH] eventhandler update --- AvocadoEdition_Light/addon/index.php | 3 + AvocadoEdition_Light/adm/_common.php | 7 + AvocadoEdition_Light/adm/assets/sql_write.sql | 2 - .../adm/board_copy_update.php | 34 +-- AvocadoEdition_Light/adm/board_form.php | 6 + .../adm/board_form_update.php | 2 + .../adm/board_list_update.php | 4 +- .../adm/boardgroup_form_update.php | 6 +- .../adm/boardgroup_list_update.php | 2 + .../adm/cache_file_delete.php | 11 +- .../adm/config_form_update.php | 2 + .../adm/contentformupdate.php | 3 + AvocadoEdition_Light/adm/member_form.php | 7 + .../adm/member_form_update.php | 79 +++---- .../adm/member_list_update.php | 2 + AvocadoEdition_Light/adm/menu_list.php | 5 +- AvocadoEdition_Light/adm/menu_list_update.php | 2 + AvocadoEdition_Light/adm/theme_update.php | 2 + .../adm/viewer_form_update.php | 2 + AvocadoEdition_Light/bbs/delete.php | 10 +- AvocadoEdition_Light/bbs/delete_all.php | 8 +- AvocadoEdition_Light/bbs/delete_comment.php | 8 +- AvocadoEdition_Light/bbs/download.php | 8 +- AvocadoEdition_Light/bbs/good.php | 14 +- AvocadoEdition_Light/bbs/login.php | 3 + AvocadoEdition_Light/bbs/login_check.php | 33 ++- AvocadoEdition_Light/bbs/logout.php | 2 + AvocadoEdition_Light/bbs/member_leave.php | 2 + AvocadoEdition_Light/bbs/memo.php | 46 ++-- AvocadoEdition_Light/bbs/memo_delete.php | 12 +- AvocadoEdition_Light/bbs/memo_form.php | 8 +- AvocadoEdition_Light/bbs/memo_form_update.php | 6 +- AvocadoEdition_Light/bbs/memo_view.php | 34 +-- AvocadoEdition_Light/bbs/move.php | 9 +- AvocadoEdition_Light/bbs/move_update.php | 116 +++++----- AvocadoEdition_Light/bbs/new_delete.php | 2 + AvocadoEdition_Light/bbs/password_check.php | 13 +- AvocadoEdition_Light/bbs/password_lost2.php | 6 +- .../bbs/password_lost_certify.php | 10 + AvocadoEdition_Light/bbs/qadelete.php | 43 +++- AvocadoEdition_Light/bbs/qadownload.php | 2 + AvocadoEdition_Light/bbs/qawrite_update.php | 91 ++++---- AvocadoEdition_Light/bbs/register_form.php | 11 +- .../bbs/register_form_update.php | 197 ++++++++-------- AvocadoEdition_Light/bbs/write.php | 14 +- .../bbs/write_comment_update.php | 6 +- AvocadoEdition_Light/bbs/write_update.php | 66 +++--- AvocadoEdition_Light/classes/event/event.php | 18 ++ .../classes/event/event_handler.php | 62 +++++ AvocadoEdition_Light/common.php | 213 ++++++++++-------- AvocadoEdition_Light/head.php | 7 +- AvocadoEdition_Light/head.sub.php | 2 +- AvocadoEdition_Light/lib/cache.lib.php | 9 +- AvocadoEdition_Light/lib/common.lib.php | 78 ++++++- AvocadoEdition_Light/lib/mailer.lib.php | 63 ++++-- AvocadoEdition_Light/lib/thumbnail.lib.php | 2 +- .../editor/cheditor5/imageUpload/config.php | 64 +++--- .../editor/cheditor5/imageUpload/delete.php | 44 ++-- .../editor/cheditor5/imageUpload/upload.php | 8 +- .../popup/php/UploadHandler.php | 4 +- .../photo_uploader/popup/php/index.php | 11 +- AvocadoEdition_Light/tail.php | 6 + AvocadoEdition_Light/tail.sub.php | 2 + 63 files changed, 961 insertions(+), 593 deletions(-) create mode 100644 AvocadoEdition_Light/addon/index.php create mode 100644 AvocadoEdition_Light/classes/event/event.php create mode 100644 AvocadoEdition_Light/classes/event/event_handler.php diff --git a/AvocadoEdition_Light/addon/index.php b/AvocadoEdition_Light/addon/index.php new file mode 100644 index 0000000..1bc3fd3 --- /dev/null +++ b/AvocadoEdition_Light/addon/index.php @@ -0,0 +1,3 @@ +close(); - run_event('admin_board_copy_file', $bo_table, $target_table); - + EventHandler::triggerEvent("gnuboard.admin.board_copy_file", $bo_table, $target_table); + // 글복사 $sql = " insert into {$g5['write_prefix']}$target_table select * from {$g5['write_prefix']}$bo_table "; sql_query($sql, false); @@ -204,21 +204,21 @@ if (count($file_copy)) { $file_copy[$i] = run_replace('admin_copy_update_file', $file_copy[$i], $file_copy[$i]['bf_file'], $bo_table, $target_table); $sql = " insert into {$g5['board_file_table']} - set bo_table = '$target_table', - wr_id = '{$file_copy[$i]['wr_id']}', - bf_no = '{$file_copy[$i]['bf_no']}', - bf_source = '" . addslashes($file_copy[$i]['bf_source']) . "', - bf_file = '{$file_copy[$i]['bf_file']}', - bf_download = '{$file_copy[$i]['bf_download']}', - bf_content = '" . addslashes($file_copy[$i]['bf_content']) . "', - bf_fileurl = '" . addslashes($file_copy[$i]['bf_fileurl']) . "', - bf_thumburl = '" . addslashes($file_copy[$i]['bf_thumburl']) . "', - bf_storage = '" . addslashes($file_copy[$i]['bf_storage']) . "', - bf_filesize = '{$file_copy[$i]['bf_filesize']}', - bf_width = '{$file_copy[$i]['bf_width']}', - bf_height = '{$file_copy[$i]['bf_height']}', - bf_type = '{$file_copy[$i]['bf_type']}', - bf_datetime = '{$file_copy[$i]['bf_datetime']}' "; + set bo_table = '$target_table', + wr_id = '{$file_copy[$i]['wr_id']}', + bf_no = '{$file_copy[$i]['bf_no']}', + bf_source = '" . addslashes($file_copy[$i]['bf_source']) . "', + bf_file = '{$file_copy[$i]['bf_file']}', + bf_download = '{$file_copy[$i]['bf_download']}', + bf_content = '" . addslashes($file_copy[$i]['bf_content']) . "', + bf_fileurl = '" . addslashes($file_copy[$i]['bf_fileurl']) . "', + bf_thumburl = '" . addslashes($file_copy[$i]['bf_thumburl']) . "', + bf_storage = '" . addslashes($file_copy[$i]['bf_storage']) . "', + bf_filesize = '{$file_copy[$i]['bf_filesize']}', + bf_width = '{$file_copy[$i]['bf_width']}', + bf_height = '{$file_copy[$i]['bf_height']}', + bf_type = '{$file_copy[$i]['bf_type']}', + bf_datetime = '{$file_copy[$i]['bf_datetime']}' "; sql_query($sql, false); } diff --git a/AvocadoEdition_Light/adm/board_form.php b/AvocadoEdition_Light/adm/board_form.php index 5decd7c..fa3d3e7 100644 --- a/AvocadoEdition_Light/adm/board_form.php +++ b/AvocadoEdition_Light/adm/board_form.php @@ -12,6 +12,12 @@ if (!$row['cnt']) $html_title = '게시판'; +if (empty($board)) { + $board = []; +} + +EventHandler::triggerEvent("gnuboard.admin.board_form_before", $board, $w); + if (!isset($board['bo_device'])) { // 게시판 사용 필드 추가 // both : pc, mobile 둘다 사용 diff --git a/AvocadoEdition_Light/adm/board_form_update.php b/AvocadoEdition_Light/adm/board_form_update.php index 7854e1c..4833f6f 100644 --- a/AvocadoEdition_Light/adm/board_form_update.php +++ b/AvocadoEdition_Light/adm/board_form_update.php @@ -553,4 +553,6 @@ if ($all_fields) { delete_cache_latest($bo_table); +EventHandler::triggerEvent("gnuboard.admin.board_form_update", $bo_table, $w); + goto_url("./board_form.php?w=u&bo_table={$bo_table}&{$qstr}"); diff --git a/AvocadoEdition_Light/adm/board_list_update.php b/AvocadoEdition_Light/adm/board_list_update.php index 50c7fa4..01e740f 100644 --- a/AvocadoEdition_Light/adm/board_list_update.php +++ b/AvocadoEdition_Light/adm/board_list_update.php @@ -69,8 +69,10 @@ if ($_POST['act_button'] == "선택수정") { // include 전에 $bo_table 값을 반드시 넘겨야 함 $tmp_bo_table = trim($_POST['board_table'][$k]); - include('./board_delete.inc.php'); + include './board_delete.inc.php'; } } +EventHandler::triggerEvent("gnuboard.admin.board_list_update", $act_button, $chk, $board_table, $qstr); + goto_url('./board_list.php'); diff --git a/AvocadoEdition_Light/adm/boardgroup_form_update.php b/AvocadoEdition_Light/adm/boardgroup_form_update.php index 1658d0b..14cf336 100644 --- a/AvocadoEdition_Light/adm/boardgroup_form_update.php +++ b/AvocadoEdition_Light/adm/boardgroup_form_update.php @@ -54,8 +54,8 @@ if ($w == '') { alert('이미 존재하는 그룹 ID 입니다.'); $sql = " insert into {$g5['group_table']} - set gr_id = '{$_POST['gr_id']}', - {$sql_common} "; + set gr_id = '{$_POST['gr_id']}', + {$sql_common} "; sql_query($sql); } else if ($w == "u") { @@ -69,4 +69,6 @@ if ($w == '') { alert('제대로 된 값이 넘어오지 않았습니다.'); } +EventHandler::triggerEvent("gnuboard.admin.boardgroup_form_update", $gr_id, $w); + goto_url('./boardgroup_form.php?w=u&gr_id=' . $gr_id . '&' . $qstr); diff --git a/AvocadoEdition_Light/adm/boardgroup_list_update.php b/AvocadoEdition_Light/adm/boardgroup_list_update.php index 23cc92d..bdfc19c 100644 --- a/AvocadoEdition_Light/adm/boardgroup_list_update.php +++ b/AvocadoEdition_Light/adm/boardgroup_list_update.php @@ -42,4 +42,6 @@ for ($i = 0; $i < $count; $i++) { } } +EventHandler::triggerEvent("gnuboard.admin.boardgroup_list_update", $act_button, $post_chk, $post_group_id, $qstr); + goto_url('./boardgroup_list.php?' . $qstr); diff --git a/AvocadoEdition_Light/adm/cache_file_delete.php b/AvocadoEdition_Light/adm/cache_file_delete.php index 938b3ca..a446afd 100644 --- a/AvocadoEdition_Light/adm/cache_file_delete.php +++ b/AvocadoEdition_Light/adm/cache_file_delete.php @@ -5,17 +5,19 @@ include_once "./_common.php"; if ($is_admin != 'super') alert('최고관리자만 접근 가능합니다.', G5_URL); +EventHandler::triggerEvent("gnuboard.admin.cache_file_delete_before"); + $g5['title'] = '캐시파일 일괄삭제'; + include_once "./admin.head.php"; ?> -

완료 메세지가 나오기 전에 프로그램의 실행을 중지하지 마십시오.

- 완료됨' . PHP_EOL; echo '

최신글 캐시파일 ' . $cnt . '건 삭제 완료됐습니다.
프로그램의 실행을 끝마치셔도 좋습니다.

' . PHP_EOL; -?> - diff --git a/AvocadoEdition_Light/adm/config_form_update.php b/AvocadoEdition_Light/adm/config_form_update.php index 0ea5dee..7c5c642 100644 --- a/AvocadoEdition_Light/adm/config_form_update.php +++ b/AvocadoEdition_Light/adm/config_form_update.php @@ -158,6 +158,8 @@ $sql = " update {$g5['config_table']} cf_twitter_secret = '{$_POST['cf_twitter_secret']}' "; sql_query($sql); +EventHandler::triggerEvent("gnuboard.admin.config_form_update"); + //sql_query(" OPTIMIZE TABLE `$g5['config_table']` "); goto_url('./config_form.php'); diff --git a/AvocadoEdition_Light/adm/contentformupdate.php b/AvocadoEdition_Light/adm/contentformupdate.php index 5334095..a6e7e14 100644 --- a/AvocadoEdition_Light/adm/contentformupdate.php +++ b/AvocadoEdition_Light/adm/contentformupdate.php @@ -92,17 +92,20 @@ if ($w == "") { set co_id = '$co_id', $sql_common "; sql_query($sql); + EventHandler::triggerEvent("gnuboard.admin.content_created", $co_id); } else if ($w == "u") { $sql = " update {$g5['content_table']} set $sql_common where co_id = '$co_id' "; sql_query($sql); + EventHandler::triggerEvent("gnuboard.admin.content_updated", $co_id); } else if ($w == "d") { @unlink(G5_DATA_PATH . "/content/{$co_id}_h"); @unlink(G5_DATA_PATH . "/content/{$co_id}_t"); $sql = " delete from {$g5['content_table']} where co_id = '$co_id' "; sql_query($sql); + EventHandler::triggerEvent("gnuboard.admin.content_deleted", $co_id); } if ($w == "" || $w == "u") { diff --git a/AvocadoEdition_Light/adm/member_form.php b/AvocadoEdition_Light/adm/member_form.php index b3710e3..4b4f884 100644 --- a/AvocadoEdition_Light/adm/member_form.php +++ b/AvocadoEdition_Light/adm/member_form.php @@ -255,6 +255,10 @@ this.form.mb_intercept_date.value=this.form.mb_intercept_date.defaultValue; }"> + @@ -289,5 +293,8 @@ this.form.mb_intercept_date.value=this.form.mb_intercept_date.defaultValue; }"> diff --git a/AvocadoEdition_Light/adm/member_form_update.php b/AvocadoEdition_Light/adm/member_form_update.php index 8631dcd..7e4aa18 100644 --- a/AvocadoEdition_Light/adm/member_form_update.php +++ b/AvocadoEdition_Light/adm/member_form_update.php @@ -1,7 +1,7 @@ alert("'.$msg.'"); '; alert($msg); +EventHandler::triggerEvent("gnuboard.admin.member_list_update", $_POST['act_button'], $mb_datas); + goto_url('./member_list.php?' . $qstr); diff --git a/AvocadoEdition_Light/adm/menu_list.php b/AvocadoEdition_Light/adm/menu_list.php index 517ff32..af815e3 100644 --- a/AvocadoEdition_Light/adm/menu_list.php +++ b/AvocadoEdition_Light/adm/menu_list.php @@ -1,11 +1,10 @@ diff --git a/AvocadoEdition_Light/adm/menu_list_update.php b/AvocadoEdition_Light/adm/menu_list_update.php index d4a4bed..f82ed8d 100644 --- a/AvocadoEdition_Light/adm/menu_list_update.php +++ b/AvocadoEdition_Light/adm/menu_list_update.php @@ -73,4 +73,6 @@ for ($i = 0; $i < $count; $i++) { sql_query($sql); } +EventHandler::triggerEvent("gnuboard.admin.menu_list_update"); + goto_url('./menu_list.php'); diff --git a/AvocadoEdition_Light/adm/theme_update.php b/AvocadoEdition_Light/adm/theme_update.php index 262f7e5..5b6e53d 100644 --- a/AvocadoEdition_Light/adm/theme_update.php +++ b/AvocadoEdition_Light/adm/theme_update.php @@ -91,4 +91,6 @@ if ($post_set_default_skin == 1) { } } +EventHandler::triggerEvent("gnuboard.admin.theme_update", $theme, $post_set_default_skin); + die(''); diff --git a/AvocadoEdition_Light/adm/viewer_form_update.php b/AvocadoEdition_Light/adm/viewer_form_update.php index f937bb9..7875dfb 100644 --- a/AvocadoEdition_Light/adm/viewer_form_update.php +++ b/AvocadoEdition_Light/adm/viewer_form_update.php @@ -28,4 +28,6 @@ if (defined("G5_THEME_PATH") && file_exists(G5_THEME_PATH . "/config/viewer_form } } +EventHandler::triggerEvent("gnuboard.admin.viewer_update", $main_content); + goto_url('./viewer_form.php'); diff --git a/AvocadoEdition_Light/bbs/delete.php b/AvocadoEdition_Light/bbs/delete.php index a186235..988f747 100644 --- a/AvocadoEdition_Light/bbs/delete.php +++ b/AvocadoEdition_Light/bbs/delete.php @@ -9,7 +9,7 @@ if (!($token && $delete_token == $token)) */ //$wr = sql_fetch(" select * from $write_table where wr_id = '$wr_id' "); -@include_once($board_skin_path . '/delete.head.skin.php'); +@include_once $board_skin_path . '/delete.head.skin.php'; if ($is_admin == 'super') // 최고관리자 통과 ; @@ -60,10 +60,8 @@ $board['bo_count_delete'] = 1000; if ($row['cnt'] >= $board['bo_count_delete'] && !$is_admin) alert('이 글과 관련된 코멘트가 존재하므로 삭제 할 수 없습니다.\\n\\n코멘트가 ' . $board['bo_count_delete'] . '건 이상 달린 원글은 삭제할 수 없습니다.'); - // 사용자 코드 실행 -@include_once($board_skin_path . '/delete.skin.php'); - +@include_once $board_skin_path . '/delete.skin.php'; // 나라오름님 수정 : 원글과 코멘트수가 정상적으로 업데이트 되지 않는 오류를 잡아 주셨습니다. //$sql = " select wr_id, mb_id, wr_comment from $write_table where wr_parent = '$write['wr_id']' order by wr_id "; @@ -128,8 +126,10 @@ sql_query(" update {$g5['board_table']} set bo_notice = '$bo_notice' where bo_ta if ($count_write > 0 || $count_comment > 0) sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write - '$count_write', bo_count_comment = bo_count_comment - '$count_comment' where bo_table = '$bo_table' "); -@include_once($board_skin_path . '/delete.tail.skin.php'); +@include_once $board_skin_path . '/delete.tail.skin.php'; delete_cache_latest($bo_table); +EventHandler::triggerEvent("gnuboard.bbs.delete", $write, $board); + goto_url('./board.php?bo_table=' . $bo_table . '&page=' . $page . $qstr); diff --git a/AvocadoEdition_Light/bbs/delete_all.php b/AvocadoEdition_Light/bbs/delete_all.php index d5d0b9e..2ded4bb 100644 --- a/AvocadoEdition_Light/bbs/delete_all.php +++ b/AvocadoEdition_Light/bbs/delete_all.php @@ -6,7 +6,7 @@ if (!$is_admin) alert('접근 권한이 없습니다.', G5_URL); // 4.11 -@include_once($board_skin_path . '/delete_all.head.skin.php'); +@include_once $board_skin_path . '/delete_all.head.skin.php'; $count_write = 0; $count_comment = 0; @@ -23,7 +23,7 @@ if ($chk_count > (G5_IS_MOBILE ? $board['bo_mobile_page_rows'] : $board['bo_page alert('올바른 방법으로 이용해 주십시오.'); // 사용자 코드 실행 -@include_once($board_skin_path . '/delete_all.skin.php'); +@include_once $board_skin_path . '/delete_all.skin.php'; // 거꾸로 읽는 이유는 답변글부터 삭제가 되어야 하기 때문임 for ($i = $chk_count - 1; $i >= 0; $i--) { @@ -144,8 +144,10 @@ if ($count_write > 0 || $count_comment > 0) sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write - '$count_write', bo_count_comment = bo_count_comment - '$count_comment' where bo_table = '$bo_table' "); // 4.11 -@include_once($board_skin_path . '/delete_all.tail.skin.php'); +@include_once $board_skin_path . '/delete_all.tail.skin.php'; delete_cache_latest($bo_table); +EventHandler::triggerEvent("gnuboard.bbs.delete_all", $tmp_array, $board); + goto_url('./board.php?bo_table=' . $bo_table . '&page=' . $page . $qstr); diff --git a/AvocadoEdition_Light/bbs/delete_comment.php b/AvocadoEdition_Light/bbs/delete_comment.php index c03c631..37c1d81 100644 --- a/AvocadoEdition_Light/bbs/delete_comment.php +++ b/AvocadoEdition_Light/bbs/delete_comment.php @@ -9,7 +9,7 @@ if (!($token && $delete_comment_token == $token)) alert('토큰 에러로 삭제 불가합니다.'); // 4.1 -@include_once($board_skin_path . '/delete_comment.head.skin.php'); +@include_once $board_skin_path . '/delete_comment.head.skin.php'; $write = sql_fetch(" select * from {$write_table} where wr_id = '{$comment_id}' "); @@ -80,9 +80,11 @@ sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment sql_query(" delete from {$g5['board_new_table']} where bo_table = '{$bo_table}' and wr_id = '{$comment_id}' "); // 사용자 코드 실행 -@include_once($board_skin_path . '/delete_comment.skin.php'); -@include_once($board_skin_path . '/delete_comment.tail.skin.php'); +@include_once $board_skin_path . '/delete_comment.skin.php'; +@include_once $board_skin_path . '/delete_comment.tail.skin.php'; delete_cache_latest($bo_table); +EventHandler::triggerEvent("gnuboard.bbs.delete_comment", $comment_id, $board); + goto_url('./board.php?bo_table=' . $bo_table . '&wr_id=' . $write['wr_parent'] . '&page=' . $page . $qstr); diff --git a/AvocadoEdition_Light/bbs/download.php b/AvocadoEdition_Light/bbs/download.php index 7349365..43c8c73 100644 --- a/AvocadoEdition_Light/bbs/download.php +++ b/AvocadoEdition_Light/bbs/download.php @@ -6,7 +6,7 @@ ob_end_clean(); $no = (int) $no; -@include_once($board_skin_path . '/download.head.skin.php'); +@include_once $board_skin_path . '/download.head.skin.php'; // 쿠키에 저장된 ID값과 넘어온 ID값을 비교하여 같지 않을 경우 오류 발생 // 다른곳에서 링크 거는것을 방지하기 위한 코드 @@ -47,7 +47,7 @@ if (!is_file($filepath) || !file_exists($filepath)) alert('파일이 존재하지 않습니다.'); // 사용자 코드 실행 -@include_once($board_skin_path . '/download.skin.php'); +@include_once $board_skin_path . '/download.skin.php'; // 이미 다운로드 받은 파일인지를 검사한 후 게시물당 한번만 포인트를 차감하도록 수정 $ss_name = 'ss_down_' . $bo_table . '_' . $wr_id; @@ -78,7 +78,9 @@ $g5['title'] = '다운로드 > ' . conv_subject($write['wr_subject'], 255); //$original = urlencode($file['bf_source']); $original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드 -@include_once($board_skin_path . '/download.tail.skin.php'); +@include_once $board_skin_path . '/download.tail.skin.php'; + +EventHandler::triggerEvent("gnuboard.bbs.download_file_header", $file, $file_exist_check); if (preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_SERVER['HTTP_USER_AGENT'])) { header("content-type: doesn/matter"); diff --git a/AvocadoEdition_Light/bbs/good.php b/AvocadoEdition_Light/bbs/good.php index 6203370..b15b5df 100644 --- a/AvocadoEdition_Light/bbs/good.php +++ b/AvocadoEdition_Light/bbs/good.php @@ -1,7 +1,9 @@ '{$me_id}' - and me_{$kind}_mb_id = '{$member['mb_id']}' - order by me_id asc - limit 1 "; + where me_id > '{$me_id}' + and me_{$kind}_mb_id = '{$member['mb_id']}' + order by me_id asc + limit 1 "; $prev = sql_fetch($sql); if ($prev['me_id']) $prev_link = './memo_view.php?kind=' . $kind . '&me_id=' . $prev['me_id']; @@ -47,10 +47,10 @@ else // 다음 쪽지 $sql = " select * from {$g5['memo_table']} - where me_id < '{$me_id}' - and me_{$kind}_mb_id = '{$member['mb_id']}' - order by me_id desc - limit 1 "; + where me_id < '{$me_id}' + and me_{$kind}_mb_id = '{$member['mb_id']}' + order by me_id desc + limit 1 "; $next = sql_fetch($sql); if ($next['me_id']) $next_link = './memo_view.php?kind=' . $kind . '&me_id=' . $next['me_id']; @@ -60,6 +60,6 @@ else $mb = get_member($memo['me_' . $unkind . '_mb_id']); -include_once($member_skin_path . '/memo_view.skin.php'); +include_once $member_skin_path . "/memo_view.skin.php"; -include_once(G5_PATH . '/tail.sub.php'); +include_once G5_PATH . "/tail.sub.php"; diff --git a/AvocadoEdition_Light/bbs/move.php b/AvocadoEdition_Light/bbs/move.php index 97598b0..23e891d 100644 --- a/AvocadoEdition_Light/bbs/move.php +++ b/AvocadoEdition_Light/bbs/move.php @@ -154,8 +154,9 @@ for ($i = 0; $row = sql_fetch_array($result); $i++) { f.action = './move_update.php'; return true; } - + diff --git a/AvocadoEdition_Light/bbs/move_update.php b/AvocadoEdition_Light/bbs/move_update.php index 629d870..c9916d1 100644 --- a/AvocadoEdition_Light/bbs/move_update.php +++ b/AvocadoEdition_Light/bbs/move_update.php @@ -61,41 +61,41 @@ while ($row = sql_fetch_array($result)) { } $sql = " insert into $move_write_table - set wr_num = '$next_wr_num', - wr_reply = '{$row2['wr_reply']}', - wr_is_comment = '{$row2['wr_is_comment']}', - wr_comment = '{$row2['wr_comment']}', - wr_comment_reply = '{$row2['wr_comment_reply']}', - ca_name = '" . addslashes($row2['ca_name']) . "', - wr_option = '{$row2['wr_option']}', - wr_subject = '" . addslashes($row2['wr_subject']) . "', - wr_content = '" . addslashes($row2['wr_content']) . "', - wr_link1 = '" . addslashes($row2['wr_link1']) . "', - wr_link2 = '" . addslashes($row2['wr_link2']) . "', - wr_link1_hit = '{$row2['wr_link1_hit']}', - wr_link2_hit = '{$row2['wr_link2_hit']}', - wr_hit = '{$row2['wr_hit']}', - wr_good = '{$wr_good}', - wr_nogood = '{$wr_nogood}', - mb_id = '{$row2['mb_id']}', - wr_password = '{$row2['wr_password']}', - wr_name = '" . addslashes($row2['wr_name']) . "', - wr_email = '" . addslashes($row2['wr_email']) . "', - wr_homepage = '" . addslashes($row2['wr_homepage']) . "', - wr_datetime = '{$row2['wr_datetime']}', - wr_file = '{$row2['wr_file']}', - wr_last = '{$row2['wr_last']}', - wr_ip = '{$row2['wr_ip']}', - wr_1 = '" . addslashes($row2['wr_1']) . "', - wr_2 = '" . addslashes($row2['wr_2']) . "', - wr_3 = '" . addslashes($row2['wr_3']) . "', - wr_4 = '" . addslashes($row2['wr_4']) . "', - wr_5 = '" . addslashes($row2['wr_5']) . "', - wr_6 = '" . addslashes($row2['wr_6']) . "', - wr_7 = '" . addslashes($row2['wr_7']) . "', - wr_8 = '" . addslashes($row2['wr_8']) . "', - wr_9 = '" . addslashes($row2['wr_9']) . "', - wr_10 = '" . addslashes($row2['wr_10']) . "' "; + set wr_num = '$next_wr_num', + wr_reply = '{$row2['wr_reply']}', + wr_is_comment = '{$row2['wr_is_comment']}', + wr_comment = '{$row2['wr_comment']}', + wr_comment_reply = '{$row2['wr_comment_reply']}', + ca_name = '" . addslashes($row2['ca_name']) . "', + wr_option = '{$row2['wr_option']}', + wr_subject = '" . addslashes($row2['wr_subject']) . "', + wr_content = '" . addslashes($row2['wr_content']) . "', + wr_link1 = '" . addslashes($row2['wr_link1']) . "', + wr_link2 = '" . addslashes($row2['wr_link2']) . "', + wr_link1_hit = '{$row2['wr_link1_hit']}', + wr_link2_hit = '{$row2['wr_link2_hit']}', + wr_hit = '{$row2['wr_hit']}', + wr_good = '{$wr_good}', + wr_nogood = '{$wr_nogood}', + mb_id = '{$row2['mb_id']}', + wr_password = '{$row2['wr_password']}', + wr_name = '" . addslashes($row2['wr_name']) . "', + wr_email = '" . addslashes($row2['wr_email']) . "', + wr_homepage = '" . addslashes($row2['wr_homepage']) . "', + wr_datetime = '{$row2['wr_datetime']}', + wr_file = '{$row2['wr_file']}', + wr_last = '{$row2['wr_last']}', + wr_ip = '{$row2['wr_ip']}', + wr_1 = '" . addslashes($row2['wr_1']) . "', + wr_2 = '" . addslashes($row2['wr_2']) . "', + wr_3 = '" . addslashes($row2['wr_3']) . "', + wr_4 = '" . addslashes($row2['wr_4']) . "', + wr_5 = '" . addslashes($row2['wr_5']) . "', + wr_6 = '" . addslashes($row2['wr_6']) . "', + wr_7 = '" . addslashes($row2['wr_7']) . "', + wr_8 = '" . addslashes($row2['wr_8']) . "', + wr_9 = '" . addslashes($row2['wr_9']) . "', + wr_10 = '" . addslashes($row2['wr_10']) . "' "; sql_query($sql); $insert_id = sql_insert_id(); @@ -114,18 +114,18 @@ while ($row = sql_fetch_array($result)) { } $sql = " insert into {$g5['board_file_table']} - set bo_table = '$move_bo_table', - wr_id = '$insert_id', - bf_no = '{$row3['bf_no']}', - bf_source = '" . addslashes($row3['bf_source']) . "', - bf_file = '{$row3['bf_file']}', - bf_download = '{$row3['bf_download']}', - bf_content = '" . addslashes($row3['bf_content']) . "', - bf_filesize = '{$row3['bf_filesize']}', - bf_width = '{$row3['bf_width']}', - bf_height = '{$row3['bf_height']}', - bf_type = '{$row3['bf_type']}', - bf_datetime = '{$row3['bf_datetime']}' "; + set bo_table = '$move_bo_table', + wr_id = '$insert_id', + bf_no = '{$row3['bf_no']}', + bf_source = '" . addslashes($row3['bf_source']) . "', + bf_file = '{$row3['bf_file']}', + bf_download = '{$row3['bf_download']}', + bf_content = '" . addslashes($row3['bf_content']) . "', + bf_filesize = '{$row3['bf_filesize']}', + bf_width = '{$row3['bf_width']}', + bf_height = '{$row3['bf_height']}', + bf_type = '{$row3['bf_type']}', + bf_datetime = '{$row3['bf_datetime']}' "; sql_query($sql); if ($sw == 'move' && $row3['bf_file']) @@ -159,6 +159,8 @@ while ($row = sql_fetch_array($result)) { $save[$cnt]['wr_id'] = $row2['wr_parent']; $cnt++; + + EventHandler::triggerEvent("gnuboard.bbs.move_copy", $row2, $move_bo_table, $insert_id, $next_wr_num, $sw); } sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' "); @@ -189,17 +191,17 @@ $msg = '해당 게시물을 선택한 게시판으로 ' . $act . ' 하였습니 $opener_href = './board.php?bo_table=' . $bo_table . '&page=' . $page . '&' . $qstr; $opener_href1 = str_replace('&', '&', $opener_href); -echo << -HEREDOC; +

+ +

+ 돌아가기 + $value) { delete_cache_latest($value); } +EventHandler::triggerEvent("gnuboard.bbs.new_delete", $chk_bn_id, $save_bo_table, $save_wr_id); + goto_url("new.php?sfl=$sfl&stx=$stx&page=$page"); diff --git a/AvocadoEdition_Light/bbs/password_check.php b/AvocadoEdition_Light/bbs/password_check.php index 24859aa..e1d07f1 100644 --- a/AvocadoEdition_Light/bbs/password_check.php +++ b/AvocadoEdition_Light/bbs/password_check.php @@ -11,8 +11,10 @@ if ($w == 's') { } } - if (!check_password($wr_password, $wr['wr_password'])) + if (!check_password($wr_password, $wr['wr_password'])) { + EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr); alert('비밀번호가 틀립니다.'); + } // 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임. //$ss_name = 'ss_secret.'_'.$bo_table.'_'.$wr_id'; @@ -25,8 +27,10 @@ if ($w == 's') { $wr = get_write($write_table, $wr_id); - if ($wr_password != $wr['wr_protect']) + if ($wr_password != $wr['wr_protect']) { + EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr); alert('비밀번호가 틀립니다.'); + } // 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임. //$ss_name = 'ss_secret.'_'.$bo_table.'_'.$wr_id'; @@ -44,8 +48,10 @@ if ($w == 's') { } } - if (!check_password($wr_password, $wr['wr_password'])) + if (!check_password($wr_password, $wr['wr_password'])) { + EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr); alert('비밀번호가 틀립니다.'); + } // 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임. $ss_name = 'ss_secret_comment_' . $bo_table . '_' . $wr['wr_id']; @@ -57,6 +63,7 @@ if ($w == 's') { $bo = sql_fetch("select bo_pass from {$g5['board_table']} where bo_table='{$bo_table}'"); $pw = get_encrypt_string($bo['bo_pass']); if (!check_password($wr_password, $pw)) { + EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr); alert('비밀번호가 틀립니다.'); } diff --git a/AvocadoEdition_Light/bbs/password_lost2.php b/AvocadoEdition_Light/bbs/password_lost2.php index ae12495..fa45862 100644 --- a/AvocadoEdition_Light/bbs/password_lost2.php +++ b/AvocadoEdition_Light/bbs/password_lost2.php @@ -1,7 +1,7 @@ '; mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb['mb_email'], $subject, $content, 1); +EventHandler::triggerEvent("gnuboard.bbs.password_lost2_after", $mb, $mb_nonce, $mb_lost_certify); + alert_close($email . ' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.'); diff --git a/AvocadoEdition_Light/bbs/password_lost_certify.php b/AvocadoEdition_Light/bbs/password_lost_certify.php index 7f9df40..c3d786a 100644 --- a/AvocadoEdition_Light/bbs/password_lost_certify.php +++ b/AvocadoEdition_Light/bbs/password_lost_certify.php @@ -1,6 +1,13 @@ alert(\'' . $msg . '\');'; +EventHandler::triggerEvent("gnuboard.member.register_form_update_after", $mb_id, $w); + if ($w == '') { goto_url(G5_HTTP_BBS_URL . '/register_result.php'); } else if ($w == 'u') { @@ -454,23 +466,24 @@ if ($w == '') { alert('회원 정보가 수정 되었습니다.\n\nE-mail 주소가 변경되었으므로 다시 인증하셔야 합니다.', G5_URL); } else { echo ' - - - - - 회원정보수정 - -
- - - - -
- - - '; + + + + + 회원정보수정 + + +
+ + + + +
+ + +'; } } diff --git a/AvocadoEdition_Light/bbs/write.php b/AvocadoEdition_Light/bbs/write.php index 082e71b..1a60556 100644 --- a/AvocadoEdition_Light/bbs/write.php +++ b/AvocadoEdition_Light/bbs/write.php @@ -1,7 +1,7 @@ '; -include_once($board_skin_path . '/write.skin.php'); +include_once $board_skin_path . '/write.skin.php'; include_once "./board_tail.php"; -@include_once($board_skin_path . '/write.tail.skin.php'); -include_once(G5_PATH . '/tail.sub.php'); +@include_once $board_skin_path . '/write.tail.skin.php'; +include_once G5_PATH . '/tail.sub.php'; diff --git a/AvocadoEdition_Light/bbs/write_comment_update.php b/AvocadoEdition_Light/bbs/write_comment_update.php index 32728f3..2d2937c 100644 --- a/AvocadoEdition_Light/bbs/write_comment_update.php +++ b/AvocadoEdition_Light/bbs/write_comment_update.php @@ -340,4 +340,8 @@ if ($w == 'c') // 댓글 입력 delete_cache_latest($bo_table); -goto_url('./board.php?bo_table=' . $bo_table . '&wr_id=' . $wr['wr_parent'] . '&' . $qstr . '&#c_' . $comment_id); +$redirect_url = short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&wr_id='.$wr['wr_parent'].'&'.$qstr.'&#c_'.$comment_id); + +EventHandler::triggerEvent("gnuboard.bbs.comment_update_after", $board, $wr_id, $w, $qstr, $redirect_url, $comment_id, $reply_array); + +goto_url($redirect_url); diff --git a/AvocadoEdition_Light/bbs/write_update.php b/AvocadoEdition_Light/bbs/write_update.php index 0633f76..a84c634 100644 --- a/AvocadoEdition_Light/bbs/write_update.php +++ b/AvocadoEdition_Light/bbs/write_update.php @@ -1,7 +1,7 @@ action = $action; + $this->priority = $priority; + } + + public function getAction(...$data) + { + return call_user_func($this->action, $data); + } +} diff --git a/AvocadoEdition_Light/classes/event/event_handler.php b/AvocadoEdition_Light/classes/event/event_handler.php new file mode 100644 index 0000000..8c7cef3 --- /dev/null +++ b/AvocadoEdition_Light/classes/event/event_handler.php @@ -0,0 +1,62 @@ +createdAt = microtime(true); + } + + protected static function addStopwatch($key) + { + if (defined("__IS_DEBUG__")) { + if (count(self::$performanceStopwatch) > 0) { + $prev = end(self::$performanceStopwatch); + self::$performanceStopwatch[$key] = microtime(true) - self::$createdAt - $prev; + } else { + self::$performanceStopwatch[$key] = microtime(true) - self::$createdAt; + } + } + } + + public static function addStopwatchWithCallStack($key) + { + if (defined("__IS_DEBUG__")) { + if ($key === 0) + $key = "start"; + else if ($key === 1) + $key = "end"; + $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); + $cf = $backtrace[1]['function'] ?? 'global scope'; + self::addStopwatch("{$cf} {$key}"); + } + } + + public static function addEventHandler($event, $callback, $priority = 10) + { + if (!isset(self::$eventHandlers[$event])) { + self::$eventHandlers[$event] = []; + } + self::$eventHandlers[$event][] = new Event($callback, $priority); + } + + public static function triggerEvent($event, ...$data) + { + if (isset(self::$eventHandlers[$event])) { + foreach (self::$eventHandlers[$event] as $callback) { + $callback->getAction($data); + } + } + } +} diff --git a/AvocadoEdition_Light/common.php b/AvocadoEdition_Light/common.php index 2bf6f69..ad44242 100644 --- a/AvocadoEdition_Light/common.php +++ b/AvocadoEdition_Light/common.php @@ -10,16 +10,16 @@ header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV if (!defined('G5_SET_TIME_LIMIT')) define('G5_SET_TIME_LIMIT', 0); +define("__ADVDIR__", __DIR__); @set_time_limit(G5_SET_TIME_LIMIT); -define("__ADVDIR__", __DIR__); -define("G5_MASTER_PW", ""); // 20240926 안쓰는 변수가 참조되고 있으나 전부 들어내기엔 외부 코드에서 의존하는 코드가 상당할 것으로 판단... + //========================================================================================================================== // extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음 // 081029 : letsgolee 님께서 도움 주셨습니다. //-------------------------------------------------------------------------------------------------------------------------- -$ext_arr = array( +$ext_arr = [ 'PHP_SELF', '_ENV', '_GET', @@ -37,7 +37,8 @@ $ext_arr = array( 'HTTP_COOKIE_VARS', 'HTTP_SESSION_VARS', 'GLOBALS' -); +]; + $ext_cnt = count($ext_arr); for ($i = 0; $i < $ext_cnt; $i++) { // POST, GET 으로 선언된 전역변수가 있다면 unset() 시킴 @@ -49,7 +50,7 @@ for ($i = 0; $i < $ext_cnt; $i++) { //========================================================================================================================== /** - * Summary of load_libs + * Load require class and others * @param mixed $base_dir * @throws \Exception * @return string[] @@ -60,89 +61,33 @@ function load_libs($base_dir) if ($base_path === false) { throw new Exception("지정된 기본 디렉토리를 찾을 수 없습니다: $base_dir"); } + $loaded_files = []; $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($base_path, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); + foreach ($iterator as $file) { - if ($file->isDir()) { - $parent_folder_name = $file->getFilename(); - $class_file = $file->getPathname() . DIRECTORY_SEPARATOR . $parent_folder_name . '.class.php'; - if (file_exists($class_file)) { - require_once $class_file; - $loaded_files[] = $class_file; + try { + if ($file->isDir()) { + $parent_folder_name = $file->getFilename(); + + $class_file = $file->getPathname() . DIRECTORY_SEPARATOR . "{$parent_folder_name}.class.php"; + + if (file_exists($class_file)) { + require_once $class_file; + $loaded_files[] = $class_file; + } } + } catch(Exception $x) { + } } + return $loaded_files; } -$_system = new stdClass; -$_system->classes = load_libs(__DIR__ . "/classes"); - -function g5_path() -{ - $result['path'] = str_replace('\\', '/', dirname(__FILE__)); - $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']); - $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']); - $root = str_replace($document_root, '', $result['path']); - $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : ''; - $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : '') . '://'; - $user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']); - $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; - if (isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host)) - $host = preg_replace('/:[0-9]+$/', '', $host); - $host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host); - $result['url'] = $http . $host . $port . $user . $root; - return $result; -} - -$g5_path = g5_path(); - -include_once($g5_path['path'] . '/config.php'); // 설정 파일 - -unset($g5_path); - -// Cloudflare 환경을 고려한 https 사용여부 -if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === "https") { - $_SERVER['HTTPS'] = 'on'; -} - -// multi-dimensional array에 사용자지정 함수적용 -function array_map_deep($fn, $array) -{ - if (is_array($array)) { - foreach ($array as $key => $value) { - if (is_array($value)) { - $array[$key] = array_map_deep($fn, $value); - } else { - $array[$key] = call_user_func($fn, $value); - } - } - } else { - $array = call_user_func($fn, $array); - } - - return $array; -} - -// SQL Injection 대응 문자열 필터링 -function sql_escape_string($str) -{ - if (defined('G5_ESCAPE_PATTERN') && defined('G5_ESCAPE_REPLACE')) { - $pattern = G5_ESCAPE_PATTERN; - $replace = G5_ESCAPE_REPLACE; - - if ($pattern) - $str = preg_replace($pattern, $replace, $str); - } - - $str = call_user_func('addslashes', $str); - - return $str; -} - /** * custom function from arcturus * https://info.drk.st/about @@ -153,7 +98,9 @@ function get_url_path_from_root($currentDir = __DIR__) { $documentRoot = rtrim($_SERVER["DOCUMENT_ROOT"], '/'); $relativePath = str_replace($documentRoot, '', $currentDir); + $urlPath = str_replace(DIRECTORY_SEPARATOR, '/', $relativePath); + return rtrim($urlPath, '/'); } @@ -189,6 +136,74 @@ function get_embed_file($type, $path, ...$args) } } +include_once __DIR__ . "/classes/event/event_handler.php"; + +$_system = new stdClass; +$_system->classes = load_libs(__DIR__ . "/classes"); +// $_system->modules = load_libs(__DIR__ . "/modules", "model"); +// $_system->modules = load_libs(__DIR__ . "/modules"); + +// arc: 이 이벤트는 before 가 없습니다. +EventHandler::triggerEvent("gnuboard.loadlibs.after", $_system); + +function g5_path() +{ + $result['path'] = str_replace('\\', '/', dirname(__FILE__)); + $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']); + $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']); + $root = str_replace($document_root, '', $result['path']); + $port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : ''; + $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : '') . '://'; + $user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']); + $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; + if (isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host)) + $host = preg_replace('/:[0-9]+$/', '', $host); + $host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host); + $result['url'] = $http . $host . $port . $user . $root; + return $result; +} + +$g5_path = g5_path(); + +include_once $g5_path['path'] . '/config.php'; // 설정 파일 + +unset($g5_path); + +// Cloudflare 환경을 고려한 https 사용여부 +if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === "https") { + $_SERVER['HTTPS'] = 'on'; +} + +// multi-dimensional array에 사용자지정 함수적용 +function array_map_deep($fn, $array) +{ + if (is_array($array)) { + foreach ($array as $key => $value) { + $array[$key] = is_array($value) ? array_map_deep($fn, $value) : call_user_func($fn, $value); + } + } else { + $array = call_user_func($fn, $array); + } + + return $array; +} + +// SQL Injection 대응 문자열 필터링 +function sql_escape_string($str) +{ + if (defined('G5_ESCAPE_PATTERN') && defined('G5_ESCAPE_REPLACE')) { + $pattern = G5_ESCAPE_PATTERN; + $replace = G5_ESCAPE_REPLACE; + + if ($pattern) + $str = preg_replace($pattern, $replace, $str); + } + + $str = call_user_func('addslashes', $str); + + return $str; +} + //============================================================================== // SQL Injection 등으로 부터 보호를 위해 sql_escape_string() 적용 //------------------------------------------------------------------------------ @@ -199,7 +214,7 @@ function strip_slashes_deep($value) // magic_quotes_gpc 에 의한 backslashes 제거 if (version_compare(PHP_VERSION, '7.0.0', '<')) { - if (version_compare(PHP_VERSION, '5.0.0', '>=')) { + if (version_compare(PHP_VERSION, '5.6.0', '>=')) { if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $_POST = array_map('strip_slashes_deep', $_POST); $_GET = array_map('strip_slashes_deep', $_GET); @@ -619,7 +634,6 @@ if ($gr_id) { $group = sql_fetch(" select * from {$g5['group_table']} where gr_id = '$gr_id' "); } - // 회원, 비회원 구분 $is_member = $is_guest = false; $is_admin = ''; @@ -635,26 +649,27 @@ if ($member['mb_id']) { if ($is_admin != 'super') { - /* // 접근가능 IP - $cf_possible_ip = trim($config['cf_possible_ip']); - if ($cf_possible_ip) { - $is_possible_ip = false; - $pattern = explode("\n", $cf_possible_ip); - for ($i=0; $i
-
+
location.replace('$url'); "; @@ -176,8 +178,9 @@ function get_cookie($cookie_name) // 경고메세지를 경고창으로 function alert($msg = '', $url = '', $error = true, $post = false) { - global $g5, $config, $member; - global $is_admin; + global $g5, $config, $member, $is_admin; + + EventHandler::triggerEvent("gnuboard.alert", $msg, $url, $error, $post); if (!$msg) $msg = '올바른 방법으로 이용해 주십시오.'; @@ -196,11 +199,14 @@ function alert_close($msg, $error = true) { global $g5; + EventHandler::triggerEvent("gnuboard.alert_close", $msg, $error); + $header = ''; if (isset($g5['title'])) { $header = $g5['title']; } - include_once(G5_BBS_PATH . '/alert_close.php'); + + include_once G5_BBS_PATH . '/alert_close.php'; exit; } @@ -570,21 +576,29 @@ function conv_content($content, $html, $filter = true) // Open : HTML Purifier is open-source and highly customizable function html_purifier($html) { + global $is_admin, $write; + $f = file(G5_PLUGIN_PATH . '/htmlpurifier/safeiframe.txt'); $domains = []; foreach ($f as $domain) { // 첫행이 # 이면 주석 처리 if (!preg_match("/^#/", $domain)) { $domain = trim($domain); - if ($domain) + if ($domain) { array_push($domains, $domain); + } } } - // 내 도메인도 추가 - array_push($domains, $_SERVER['HTTP_HOST'] . '/'); - $safeiframe = implode('|', $domains); + + // 글쓴이가 관리자인 경우에만 현재 사이트 도메인을 허용 + if (isset($write) && isset($write['mb_id']) && $write['mb_id'] && is_admin($write['mb_id'])) { + array_push($domains, $_SERVER['HTTP_HOST'] . '/'); + } + $safeiframe = implode('|', run_replace('html_purifier_safeiframes', $domains, $html)); include_once(G5_PLUGIN_PATH . '/htmlpurifier/HTMLPurifier.standalone.php'); + include_once(G5_PLUGIN_PATH . '/htmlpurifier/extend.video.php'); + $config = HTMLPurifier_Config::createDefault(); // data/cache 디렉토리에 CSS, HTML, URI 디렉토리 등을 만든다. $config->set('Cache.SerializerPath', G5_DATA_PATH . '/cache'); @@ -592,10 +606,27 @@ function html_purifier($html) $config->set('HTML.SafeObject', false); $config->set('Output.FlashCompat', false); $config->set('HTML.SafeIframe', true); - $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(' . $safeiframe . ')%'); + if ((function_exists('check_html_link_nofollow') && check_html_link_nofollow('html_purifier'))) { + $config->set('HTML.Nofollow', true); // rel=nofollow 으로 스팸유입을 줄임 + } + $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(' . preg_replace('/\\\?\./', '\.', $safeiframe) . ')%'); $config->set('Attr.AllowedFrameTargets', array('_blank')); + //유튜브, 비메오 전체화면 가능하게 하기 + $config->set('Filter.Custom', array(new HTMLPurifier_Filter_Iframevideo())); + + /* + * HTMLPurifier 설정을 변경할 수 있는 Event hook + * 리스너에서는 첫번째 인자($config)로 `HTMLPurifier_Config` 객체를 받을 수 있다 + */ + EventHandler::triggerEvent("gnuboard.html_purifier_config", $config, [ + 'html' => $html, + 'write' => $write, + 'is_admin' => $is_admin + ]); + $purifier = new HTMLPurifier($config); - return $purifier->purify($html); + + return run_replace('html_purifier_result', $purifier->purify($html), $purifier, $html); } @@ -1568,6 +1599,9 @@ function sql_query($sql, $error = G5_DISPLAY_SQL_ERROR, $link = null) $result = @mysql_query($sql, $link); } } + + EventHandler::triggerEvent("gnuboard.sql_query_after", $result, $sql, $error); + return $result; } @@ -2283,6 +2317,8 @@ function delete_cache_latest($bo_table) foreach ($files as $filename) unlink($filename); } + + EventHandler::triggerEvent("gnuboard.delete_cache_latest", $bo_table); } // 게시판 첨부파일 썸네일 삭제 @@ -2321,6 +2357,8 @@ function delete_editor_thumbnail($contents) if (!$contents) return; + EventHandler::triggerEvent("gnuboard.delete_editor_thumbnail_before", $contents); + // $contents 중 img 태그 추출 $matchs = get_editor_image($contents); @@ -2340,6 +2378,8 @@ function delete_editor_thumbnail($contents) unlink($filename); } } + + EventHandler::triggerEvent("gnuboard.delete_editor_thumbnail_after", $contents, $matchs); } // 1:1문의 첨부파일 썸네일 삭제 @@ -3060,6 +3100,24 @@ function clean_xss_attributes($str) return $str; } +function clean_relative_paths($path) +{ + $path_len = strlen($path); + + $i = 0; + while ($i <= $path_len) { + $result = str_replace('../', '', str_replace('\\', '/', $path)); + + if ((string) $result === (string) $path) + break; + + $path = $result; + $i++; + } + + return $path; +} + // unescape nl 얻기 function conv_unescape_nl($str) { @@ -3115,6 +3173,8 @@ function member_delete($mb_id) // 아이콘 삭제 @unlink(G5_DATA_PATH . '/member/' . substr($mb_id, 0, 2) . '/' . $mb_id . '.gif'); + + EventHandler::triggerEvent("gnuboard.member_delete_after", $mb_id); } // 이메일 주소 추출 diff --git a/AvocadoEdition_Light/lib/mailer.lib.php b/AvocadoEdition_Light/lib/mailer.lib.php index 497b0dc..83d39f8 100644 --- a/AvocadoEdition_Light/lib/mailer.lib.php +++ b/AvocadoEdition_Light/lib/mailer.lib.php @@ -2,7 +2,7 @@ if (!defined('_GNUBOARD_')) exit; -include_once(G5_PHPMAILER_PATH . '/PHPMailerAutoload.php'); +include_once G5_PHPMAILER_PATH . '/PHPMailerAutoload.php'; // 메일 보내기 (파일 여러개 첨부 가능) // type : text=0, html=1, text+html=2 @@ -18,30 +18,49 @@ function mailer($fname, $fmail, $to, $subject, $content, $type = 0, $file = "", if ($type != 1) $content = nl2br($content); - $mail = new PHPMailer(); // defaults to using php "mail()" - if (defined('G5_SMTP') && G5_SMTP) { - $mail->IsSMTP(); // telling the class to use SMTP - $mail->Host = G5_SMTP; // SMTP server - if (defined('G5_SMTP_PORT') && G5_SMTP_PORT) - $mail->Port = G5_SMTP_PORT; + $result = run_replace('mailer', $fname, $fmail, $to, $subject, $content, $type, $file, $cc, $bcc); + + if (is_array($result) && isset($result['return'])) { + return $result['return']; } - $mail->CharSet = 'UTF-8'; - $mail->From = $fmail; - $mail->FromName = $fname; - $mail->Subject = $subject; - $mail->AltBody = ""; // optional, comment out and test - $mail->msgHTML($content); - $mail->addAddress($to); - if ($cc) - $mail->addCC($cc); - if ($bcc) - $mail->addBCC($bcc); - //print_r2($file); exit; - if ($file != "") { - foreach ($file as $f) { - $mail->addAttachment($f['path'], $f['name']); + + $mail_send_result = false; + + try { + $mail = new PHPMailer(); // defaults to using php "mail()" + if (defined('G5_SMTP') && G5_SMTP) { + $mail->IsSMTP(); // telling the class to use SMTP + $mail->Host = G5_SMTP; // SMTP server + if (defined('G5_SMTP_PORT') && G5_SMTP_PORT) + $mail->Port = G5_SMTP_PORT; } + $mail->CharSet = 'UTF-8'; + $mail->From = $fmail; + $mail->FromName = $fname; + $mail->Subject = $subject; + $mail->AltBody = ""; // optional, comment out and test + $mail->msgHTML($content); + $mail->addAddress($to); + if ($cc) + $mail->addCC($cc); + if ($bcc) + $mail->addBCC($bcc); + //print_r2($file); exit; + if ($file != "") { + foreach ($file as $f) { + $mail->addAttachment($f['path'], $f['name']); + } + } + + $mail = run_replace('mail_options', $mail, $fname, $fmail, $to, $subject, $content, $type, $file, $cc, $bcc); + $mail_send_result = $mail->send(); + + } catch (Exception $e) { + } + + EventHandler::triggerEvent("gnuboard.mail_send_result", $mail_send_result, $mail, $to, $cc, $bcc); + return $mail->send(); } diff --git a/AvocadoEdition_Light/lib/thumbnail.lib.php b/AvocadoEdition_Light/lib/thumbnail.lib.php index 2455dad..b1245b4 100644 --- a/AvocadoEdition_Light/lib/thumbnail.lib.php +++ b/AvocadoEdition_Light/lib/thumbnail.lib.php @@ -793,7 +793,7 @@ function is_animated_gif($filename) $cache[$key] = ($count > 1) ? true : false; - run_event('is_animated_gif_after', $filename, $cache[$key]); + EventHandler::triggerEvent("gnuboard.is_animated_gif_after", $filename, $cache[$key]); return $cache[$key]; } diff --git a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/config.php b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/config.php index 7766785..914041e 100644 --- a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/config.php +++ b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/config.php @@ -11,13 +11,13 @@ define("CHE_UPLOAD_IMG_CHECK", 1); // 이미지 파일을 썸네일 할수 있 # data/editor 디렉토리가 없는 경우가 있을수 있으므로 디렉토리를 생성하는 코드를 추가함. kagla 140305 -@mkdir(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION); -@chmod(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION); +@mkdir(G5_DATA_PATH . '/' . G5_EDITOR_DIR, G5_DIR_PERMISSION); +@chmod(G5_DATA_PATH . '/' . G5_EDITOR_DIR, G5_DIR_PERMISSION); $ym = date('ym', G5_SERVER_TIME); -$data_dir = G5_DATA_PATH.'/'.G5_EDITOR_DIR.'/'.$ym; -$data_url = G5_DATA_URL.'/'.G5_EDITOR_DIR.'/'.$ym; +$data_dir = G5_DATA_PATH . '/' . G5_EDITOR_DIR . '/' . $ym; +$data_url = G5_DATA_URL . '/' . G5_EDITOR_DIR . '/' . $ym; define("SAVE_DIR", $data_dir); @@ -29,42 +29,46 @@ define("SAVE_DIR", $data_dir); define("SAVE_URL", $data_url); -function che_get_user_id() { - global $member; +function che_get_user_id() +{ + global $member; - if(session_id() == '') { - @session_start(); - } + if (session_id() == '') { + @session_start(); + } - $add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : ''; - return session_id().$add_str; + $add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : ''; + return session_id() . $add_str; } -function che_get_file_passname(){ - $tmp_name = che_get_user_id().$_SERVER['REMOTE_ADDR']; - $tmp_name = md5(sha1($tmp_name)); - return $tmp_name; +function che_get_file_passname() +{ + $tmp_name = che_get_user_id() . $_SERVER['REMOTE_ADDR']; + $tmp_name = md5(sha1($tmp_name)); + return $tmp_name; } -function che_generateRandomString($length = 4) { - $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; - $charactersLength = strlen($characters); - $randomString = ''; - for ($i = 0; $i < $length; $i++) { - $randomString .= $characters[rand(0, $charactersLength - 1)]; - } - return $randomString; +function che_generateRandomString($length = 4) +{ + $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; + $charactersLength = strlen($characters); + $randomString = ''; + for ($i = 0; $i < $length; $i++) { + $randomString .= $characters[rand(0, $charactersLength - 1)]; + } + return $randomString; } -function che_replace_filename($filename){ +function che_replace_filename($filename) +{ - $ext = pathinfo($filename, PATHINFO_EXTENSION); + $ext = pathinfo($filename, PATHINFO_EXTENSION); - $random_str = che_generateRandomString(4); + $random_str = che_generateRandomString(4); - $passname = che_get_file_passname(); - - $file_arr = explode('_', $filename); + $passname = che_get_file_passname(); - return $file_arr[0].'_'.$passname.'_'.$random_str.'.'.$ext; + $file_arr = explode('_', $filename); + + return $file_arr[0] . '_' . $passname . '_' . $random_str . '.' . $ext; } diff --git a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/delete.php b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/delete.php index 8ff619c..aa0fd87 100644 --- a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/delete.php +++ b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/delete.php @@ -1,51 +1,51 @@ ()\[\]\{\}]/", "", $_POST["filesrc"]) : ''; -if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){ - die( false ); +if (!$filesrc || !preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || !preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc)) { + die(false); } $is_editor_upload = false; -$get_nonce = get_session('nonce_'.FT_NONCE_SESSION_KEY); +$get_nonce = get_session('nonce_' . FT_NONCE_SESSION_KEY); -if( $get_nonce && ft_nonce_is_valid( $get_nonce, 'cheditor' ) ){ - $is_editor_upload = true; +if ($get_nonce && ft_nonce_is_valid($get_nonce, 'cheditor')) { + $is_editor_upload = true; } -if( !$is_editor_upload ){ - die( false ); +if (!$is_editor_upload) { + die(false); } // --------------------------------------------------------------------------- -$file_arr = explode('_', $filesrc ); +$file_arr = explode('_', $filesrc); -if( $file_arr[1] !== che_get_file_passname() ){ - die( false ); +if ($file_arr[1] !== che_get_file_passname()) { + die(false); } $filepath = SAVE_DIR . '/' . $filesrc; $r = false; -if( function_exists('run_event') ){ - run_event('delete_editor_file', $filepath, $r); +if (class_exists('EventHandler') && method_exists('EventHandler', 'triggerEvent')) { + EventHandler::triggerEvent("gnuboard.delete_editor_file", $filepath, $r); } if (file_exists($filepath)) { - $r = unlink($filepath); - if ($r) { - $thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . "thumb_" . basename($filepath); - if (file_exists($thumbPath)) { - unlink($thumbPath); - } - } + $r = unlink($filepath); + if ($r) { + $thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . "thumb_" . basename($filepath); + if (file_exists($thumbPath)) { + unlink($thumbPath); + } + } } echo $r ? true : false; diff --git a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php index c4ceda7..fc38564 100644 --- a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php +++ b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php @@ -1,8 +1,8 @@ get_upload_path($file_name); $success = is_file($file_path) && $file_name[0] !== '.' && unlink($file_path); - if (function_exists('run_event')) { - run_event('delete_editor_file', $file_path, $success); + if (class_exists('EventHandler') && method_exists('EventHandler', 'triggerEvent')) { + EventHandler::triggerEvent("gnuboard.delete_editor_file", $file_path, $success); } if ($success) { diff --git a/AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php b/AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php index 35bfa0f..48f355d 100644 --- a/AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php +++ b/AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php @@ -42,20 +42,19 @@ if (isset($_GET['_nonce']) && ft_nonce_is_valid($_GET['_nonce'], 'smarteditor')) if ($is_editor_upload) { - run_event('smarteditor_photo_upload', $data_dir, $data_url); + EventHandler::triggerEvent("gnuboard.smarteditor_photo_upload", $data_dir, $data_url); - require('UploadHandler.php'); - $options = array( + require 'UploadHandler.php'; + $options = [ 'upload_dir' => $data_dir, 'upload_url' => $data_url, // This option will disable creating thumbnail images and will not create that extra folder. // However, due to this, the images preview will not be displayed after upload 'image_versions' => [] - ); + ]; $upload_handler = new UploadHandler($options); - } else { - echo json_encode(array('files' => array('0' => array('error' => $_GET['_nonce'])))); + echo json_encode(['files' => ['0' => ['error' => $_GET['_nonce']]]]); exit; } diff --git a/AvocadoEdition_Light/tail.php b/AvocadoEdition_Light/tail.php index 1105572..f193765 100644 --- a/AvocadoEdition_Light/tail.php +++ b/AvocadoEdition_Light/tail.php @@ -2,8 +2,12 @@ if (!defined('_GNUBOARD_')) exit; +EventHandler::triggerEvent("gnuboard.tail.before"); + if (defined('G5_THEME_PATH') && file_exists(G5_THEME_PATH . "/tail.php")) { include_once G5_THEME_PATH . '/tail.php'; + + EventHandler::triggerEvent("gnuboard.tail.after"); return; } @@ -19,4 +23,6 @@ if (defined('G5_THEME_PATH') && file_exists(G5_THEME_PATH . "/tail.php")) {