amber/AvocadoAmber
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

eventhandler update

Browse source
This commit is contained in:
Amberstone 2024-09-28 13:03:15 +09:00
parent 5a3fc1c087
commit 9233b02ba9
Signed by: amber
GPG key ID: 094B0E55F98D8BF1
63 changed files with 961 additions and 593 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
AvocadoEdition_Light/addon/index.php Normal file
View file

@ -0,0 +1,3 @@
<?php
if (!defined('_GNUBOARD_'))
exit;

7
AvocadoEdition_Light/adm/_common.php
View file

@ -2,4 +2,11 @@
define('G5_IS_ADMIN', true);
include_once "../common.php";
include_once G5_ADMIN_PATH . '/admin.lib.php';
if (isset($token)) {
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
}
EventHandler::triggerEvent("gnuboard.admin.load_common");

2
AvocadoEdition_Light/adm/assets/sql_write.sql
View file

@ -53,8 +53,6 @@ CREATE TABLE `__TABLE_NAME__` (
`wr_url` varchar(255) NOT NULL DEFAULT '',
`wr_type` varchar(255) NOT NULL DEFAULT '',
`wr_1` varchar(255) NOT NULL DEFAULT '',
`wr_2` varchar(255) NOT NULL DEFAULT '',
`wr_3` varchar(255) NOT NULL DEFAULT '',

32
AvocadoEdition_Light/adm/board_copy_update.php
View file

@ -179,7 +179,7 @@ if ($copy_case == 'schema_data_both') {
}
$d->close();
run_event('admin_board_copy_file', $bo_table, $target_table);
EventHandler::triggerEvent("gnuboard.admin.board_copy_file", $bo_table, $target_table);
// 글복사
$sql = " insert into {$g5['write_prefix']}$target_table select * from {$g5['write_prefix']}$bo_table ";
@ -204,21 +204,21 @@ if (count($file_copy)) {
$file_copy[$i] = run_replace('admin_copy_update_file', $file_copy[$i], $file_copy[$i]['bf_file'], $bo_table, $target_table);
$sql = " insert into {$g5['board_file_table']}
set bo_table = '$target_table',
wr_id = '{$file_copy[$i]['wr_id']}',
bf_no = '{$file_copy[$i]['bf_no']}',
bf_source = '" . addslashes($file_copy[$i]['bf_source']) . "',
bf_file = '{$file_copy[$i]['bf_file']}',
bf_download = '{$file_copy[$i]['bf_download']}',
bf_content = '" . addslashes($file_copy[$i]['bf_content']) . "',
bf_fileurl = '" . addslashes($file_copy[$i]['bf_fileurl']) . "',
bf_thumburl = '" . addslashes($file_copy[$i]['bf_thumburl']) . "',
bf_storage = '" . addslashes($file_copy[$i]['bf_storage']) . "',
bf_filesize = '{$file_copy[$i]['bf_filesize']}',
bf_width = '{$file_copy[$i]['bf_width']}',
bf_height = '{$file_copy[$i]['bf_height']}',
bf_type = '{$file_copy[$i]['bf_type']}',
bf_datetime = '{$file_copy[$i]['bf_datetime']}' ";
set bo_table = '$target_table',
wr_id = '{$file_copy[$i]['wr_id']}',
bf_no = '{$file_copy[$i]['bf_no']}',
bf_source = '" . addslashes($file_copy[$i]['bf_source']) . "',
bf_file = '{$file_copy[$i]['bf_file']}',
bf_download = '{$file_copy[$i]['bf_download']}',
bf_content = '" . addslashes($file_copy[$i]['bf_content']) . "',
bf_fileurl = '" . addslashes($file_copy[$i]['bf_fileurl']) . "',
bf_thumburl = '" . addslashes($file_copy[$i]['bf_thumburl']) . "',
bf_storage = '" . addslashes($file_copy[$i]['bf_storage']) . "',
bf_filesize = '{$file_copy[$i]['bf_filesize']}',
bf_width = '{$file_copy[$i]['bf_width']}',
bf_height = '{$file_copy[$i]['bf_height']}',
bf_type = '{$file_copy[$i]['bf_type']}',
bf_datetime = '{$file_copy[$i]['bf_datetime']}' ";
sql_query($sql, false);
}

6
AvocadoEdition_Light/adm/board_form.php
View file

@ -12,6 +12,12 @@ if (!$row['cnt'])
$html_title = '게시판';
if (empty($board)) {
$board = [];
}
EventHandler::triggerEvent("gnuboard.admin.board_form_before", $board, $w);
if (!isset($board['bo_device'])) {
// 게시판 사용 필드 추가
// both : pc, mobile 둘다 사용

2
AvocadoEdition_Light/adm/board_form_update.php
View file

@ -553,4 +553,6 @@ if ($all_fields) {
delete_cache_latest($bo_table);
EventHandler::triggerEvent("gnuboard.admin.board_form_update", $bo_table, $w);
goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");

4
AvocadoEdition_Light/adm/board_list_update.php
View file

@ -69,8 +69,10 @@ if ($_POST['act_button'] == "선택수정") {
// include 전에 $bo_table 값을 반드시 넘겨야 함
$tmp_bo_table = trim($_POST['board_table'][$k]);
include('./board_delete.inc.php');
include './board_delete.inc.php';
}
}
EventHandler::triggerEvent("gnuboard.admin.board_list_update", $act_button, $chk, $board_table, $qstr);
goto_url('./board_list.php');

6
AvocadoEdition_Light/adm/boardgroup_form_update.php
View file

@ -54,8 +54,8 @@ if ($w == '') {
alert('이미 존재하는 그룹 ID 입니다.');
$sql = " insert into {$g5['group_table']}
set gr_id = '{$_POST['gr_id']}',
{$sql_common} ";
set gr_id = '{$_POST['gr_id']}',
{$sql_common} ";
sql_query($sql);
} else if ($w == "u") {
@ -69,4 +69,6 @@ if ($w == '') {
alert('제대로 된 값이 넘어오지 않았습니다.');
}
EventHandler::triggerEvent("gnuboard.admin.boardgroup_form_update", $gr_id, $w);
goto_url('./boardgroup_form.php?w=u&amp;gr_id=' . $gr_id . '&amp;' . $qstr);

2
AvocadoEdition_Light/adm/boardgroup_list_update.php
View file

@ -42,4 +42,6 @@ for ($i = 0; $i < $count; $i++) {
}
}
EventHandler::triggerEvent("gnuboard.admin.boardgroup_list_update", $act_button, $post_chk, $post_group_id, $qstr);
goto_url('./boardgroup_list.php?' . $qstr);

11
AvocadoEdition_Light/adm/cache_file_delete.php
View file

@ -5,17 +5,19 @@ include_once "./_common.php";
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.', G5_URL);
EventHandler::triggerEvent("gnuboard.admin.cache_file_delete_before");
$g5['title'] = '캐시파일 일괄삭제';
include_once "./admin.head.php";
?>
<div class="local_desc02 local_desc">
<p>
완료 메세지가 나오기 전에 프로그램의 실행을 중지하지 마십시오.
</p>
</div>
<?php
flush();
if (!$dir = @opendir(G5_DATA_PATH . '/cache')) {
@ -39,10 +41,9 @@ if (is_array($files)) {
}
}
EventHandler::triggerEvent("gnuboard.admin.cache_file_delete");
echo '<li>완료됨</li></ul>' . PHP_EOL;
echo '<div class="local_desc01 local_desc"><p><strong>최신글 캐시파일 ' . $cnt . '건 삭제 완료됐습니다.</strong><br>프로그램의 실행을 끝마치셔도 좋습니다.</p></div>' . PHP_EOL;
?>
<?php
include_once "./admin.tail.php";
?>

2
AvocadoEdition_Light/adm/config_form_update.php
View file

@ -158,6 +158,8 @@ $sql = " update {$g5['config_table']}
cf_twitter_secret = '{$_POST['cf_twitter_secret']}' ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.admin.config_form_update");
//sql_query(" OPTIMIZE TABLE `$g5['config_table']` ");
goto_url('./config_form.php');

3
AvocadoEdition_Light/adm/contentformupdate.php
View file

@ -92,17 +92,20 @@ if ($w == "") {
set co_id = '$co_id',
$sql_common ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.admin.content_created", $co_id);
} else if ($w == "u") {
$sql = " update {$g5['content_table']}
set $sql_common
where co_id = '$co_id' ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.admin.content_updated", $co_id);
} else if ($w == "d") {
@unlink(G5_DATA_PATH . "/content/{$co_id}_h");
@unlink(G5_DATA_PATH . "/content/{$co_id}_t");
$sql = " delete from {$g5['content_table']} where co_id = '$co_id' ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.admin.content_deleted", $co_id);
}
if ($w == "" || $w == "u") {

7
AvocadoEdition_Light/adm/member_form.php
View file

@ -255,6 +255,10 @@ this.form.mb_intercept_date.value=this.form.mb_intercept_date.defaultValue; }">
<label for="mb_intercept_date_set_today">접근차단일을 오늘로 지정</label>
</td>
</tr>
<?php
EventHandler::triggerEvent("gnuboard.admin.member_form_add", $mb, $w, 'table');
?>
<?php for ($i = 1; $i <= 10; $i++) { ?>
<tr style="display: none;">
@ -289,5 +293,8 @@ this.form.mb_intercept_date.value=this.form.mb_intercept_date.defaultValue; }">
</script>
<?php
EventHandler::triggerEvent("gnuboard.admin.member_form_after", $mb, $w);
include_once "./admin.tail.php";
?>

79
AvocadoEdition_Light/adm/member_form_update.php
View file

@ -1,7 +1,7 @@
<?php
$sub_menu = "200100";
include_once "./_common.php";
include_once(G5_LIB_PATH . "/register.lib.php");
include_once G5_LIB_PATH . "/register.lib.php";
if ($w == 'u')
check_demo();
@ -73,39 +73,39 @@ foreach ($check_keys as $key) {
}
}
$sql_common = " mb_name = '{$_POST['mb_name']}',
mb_nick = '{$_POST['mb_nick']}',
mb_email = '{$_POST['mb_email']}',
mb_homepage = '{$_POST['mb_homepage']}',
mb_tel = '{$_POST['mb_tel']}',
mb_hp = '{$mb_hp}',
mb_certify = '{$mb_certify}',
mb_adult = '{$mb_adult}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$_POST['mb_addr1']}',
mb_addr2 = '{$_POST['mb_addr2']}',
mb_addr3 = '{$_POST['mb_addr3']}',
mb_addr_jibeon = '{$_POST['mb_addr_jibeon']}',
mb_signature = '{$_POST['mb_signature']}',
mb_leave_date = '{$_POST['mb_leave_date']}',
mb_intercept_date='{$_POST['mb_intercept_date']}',
mb_memo = '{$_POST['mb_memo']}',
mb_mailling = '{$_POST['mb_mailling']}',
mb_sms = '{$_POST['mb_sms']}',
mb_open = '{$_POST['mb_open']}',
mb_profile = '{$_POST['mb_profile']}',
mb_level = '{$_POST['mb_level']}',
mb_1 = '{$_POST['mb_1']}',
mb_2 = '{$_POST['mb_2']}',
mb_3 = '{$_POST['mb_3']}',
mb_4 = '{$_POST['mb_4']}',
mb_5 = '{$_POST['mb_5']}',
mb_6 = '{$_POST['mb_6']}',
mb_7 = '{$_POST['mb_7']}',
mb_8 = '{$_POST['mb_8']}',
mb_9 = '{$_POST['mb_9']}',
mb_10 = '{$_POST['mb_10']}' ";
$sql_common = " mb_name = '{$_POST['mb_name']}',
mb_nick = '{$_POST['mb_nick']}',
mb_email = '{$_POST['mb_email']}',
mb_homepage = '{$_POST['mb_homepage']}',
mb_tel = '{$_POST['mb_tel']}',
mb_hp = '{$mb_hp}',
mb_certify = '{$mb_certify}',
mb_adult = '{$mb_adult}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$_POST['mb_addr1']}',
mb_addr2 = '{$_POST['mb_addr2']}',
mb_addr3 = '{$_POST['mb_addr3']}',
mb_addr_jibeon = '{$_POST['mb_addr_jibeon']}',
mb_signature = '{$_POST['mb_signature']}',
mb_leave_date = '{$_POST['mb_leave_date']}',
mb_intercept_date='{$_POST['mb_intercept_date']}',
mb_memo = '{$_POST['mb_memo']}',
mb_mailling = '{$_POST['mb_mailling']}',
mb_sms = '{$_POST['mb_sms']}',
mb_open = '{$_POST['mb_open']}',
mb_profile = '{$_POST['mb_profile']}',
mb_level = '{$_POST['mb_level']}',
mb_1 = '{$_POST['mb_1']}',
mb_2 = '{$_POST['mb_2']}',
mb_3 = '{$_POST['mb_3']}',
mb_4 = '{$_POST['mb_4']}',
mb_5 = '{$_POST['mb_5']}',
mb_6 = '{$_POST['mb_6']}',
mb_7 = '{$_POST['mb_7']}',
mb_8 = '{$_POST['mb_8']}',
mb_9 = '{$_POST['mb_9']}',
mb_10 = '{$_POST['mb_10']}' ";
if ($w == '') {
$mb = get_member($mb_id);
@ -190,11 +190,14 @@ if ($w == '') {
$sql_certify = "";
$sql = " update {$g5['member_table']}
set {$sql_common}
{$sql_password}
{$sql_certify}
where mb_id = '{$mb_id}' ";
set {$sql_common}
{$sql_password}
{$sql_certify}
where mb_id = '{$mb_id}' ";
sql_query($sql);
} else
alert('제대로 된 값이 넘어오지 않았습니다.');
EventHandler::triggerEvent("gnuboard.admin.member_form_update", $w, $mb_id);
goto_url('./member_form.php?' . $qstr . '&amp;w=u&amp;mb_id=' . $mb_id);

2
AvocadoEdition_Light/adm/member_list_update.php
View file

@ -85,4 +85,6 @@ if ($msg)
//echo '<script> alert("'.$msg.'"); </script>';
alert($msg);
EventHandler::triggerEvent("gnuboard.admin.member_list_update", $_POST['act_button'], $mb_datas);
goto_url('./member_list.php?' . $qstr);

5
AvocadoEdition_Light/adm/menu_list.php
View file

@ -1,11 +1,10 @@
<?php
$sub_menu = "100400";
include_once ('./_common.php');
include_once "./_common.php";
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.');
$menu_update = sql_query("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = '" . G5_MYSQL_DB . "' AND TABLE_NAME = '{$g5['menu_table']}'");
$columns = [];
while ($row = sql_fetch_array($menu_update)) {
@ -23,7 +22,7 @@ $sql = " select * from {$g5['menu_table']} order by me_order*1, me_id ";
$result = sql_query($sql);
$g5['title'] = "메뉴설정";
include_once ('./admin.head.php');
include_once "./admin.head.php";
$colspan = 9;
?>

2
AvocadoEdition_Light/adm/menu_list_update.php
View file

@ -73,4 +73,6 @@ for ($i = 0; $i < $count; $i++) {
sql_query($sql);
}
EventHandler::triggerEvent("gnuboard.admin.menu_list_update");
goto_url('./menu_list.php');

2
AvocadoEdition_Light/adm/theme_update.php
View file

@ -91,4 +91,6 @@ if ($post_set_default_skin == 1) {
}
}
EventHandler::triggerEvent("gnuboard.admin.theme_update", $theme, $post_set_default_skin);
die('');

2
AvocadoEdition_Light/adm/viewer_form_update.php
View file

@ -28,4 +28,6 @@ if (defined("G5_THEME_PATH") && file_exists(G5_THEME_PATH . "/config/viewer_form
}
}
EventHandler::triggerEvent("gnuboard.admin.viewer_update", $main_content);
goto_url('./viewer_form.php');

10
AvocadoEdition_Light/bbs/delete.php
View file

@ -9,7 +9,7 @@ if (!($token && $delete_token == $token))
*/
//$wr = sql_fetch(" select * from $write_table where wr_id = '$wr_id' ");
@include_once($board_skin_path . '/delete.head.skin.php');
@include_once $board_skin_path . '/delete.head.skin.php';
if ($is_admin == 'super') // 최고관리자 통과
;
@ -60,10 +60,8 @@ $board['bo_count_delete'] = 1000;
if ($row['cnt'] >= $board['bo_count_delete'] && !$is_admin)
alert('이 글과 관련된 코멘트가 존재하므로 삭제 할 수 없습니다.\\n\\n코멘트가 ' . $board['bo_count_delete'] . '건 이상 달린 원글은 삭제할 수 없습니다.');
// 사용자 코드 실행
@include_once($board_skin_path . '/delete.skin.php');
@include_once $board_skin_path . '/delete.skin.php';
// 나라오름님 수정 : 원글과 코멘트수가 정상적으로 업데이트 되지 않는 오류를 잡아 주셨습니다.
//$sql = " select wr_id, mb_id, wr_comment from $write_table where wr_parent = '$write['wr_id']' order by wr_id ";
@ -128,8 +126,10 @@ sql_query(" update {$g5['board_table']} set bo_notice = '$bo_notice' where bo_ta
if ($count_write > 0 || $count_comment > 0)
sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write - '$count_write', bo_count_comment = bo_count_comment - '$count_comment' where bo_table = '$bo_table' ");
@include_once($board_skin_path . '/delete.tail.skin.php');
@include_once $board_skin_path . '/delete.tail.skin.php';
delete_cache_latest($bo_table);
EventHandler::triggerEvent("gnuboard.bbs.delete", $write, $board);
goto_url('./board.php?bo_table=' . $bo_table . '&amp;page=' . $page . $qstr);

8
AvocadoEdition_Light/bbs/delete_all.php
View file

@ -6,7 +6,7 @@ if (!$is_admin)
alert('접근 권한이 없습니다.', G5_URL);
// 4.11
@include_once($board_skin_path . '/delete_all.head.skin.php');
@include_once $board_skin_path . '/delete_all.head.skin.php';
$count_write = 0;
$count_comment = 0;
@ -23,7 +23,7 @@ if ($chk_count > (G5_IS_MOBILE ? $board['bo_mobile_page_rows'] : $board['bo_page
alert('올바른 방법으로 이용해 주십시오.');
// 사용자 코드 실행
@include_once($board_skin_path . '/delete_all.skin.php');
@include_once $board_skin_path . '/delete_all.skin.php';
// 거꾸로 읽는 이유는 답변글부터 삭제가 되어야 하기 때문임
for ($i = $chk_count - 1; $i >= 0; $i--) {
@ -144,8 +144,10 @@ if ($count_write > 0 || $count_comment > 0)
sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write - '$count_write', bo_count_comment = bo_count_comment - '$count_comment' where bo_table = '$bo_table' ");
// 4.11
@include_once($board_skin_path . '/delete_all.tail.skin.php');
@include_once $board_skin_path . '/delete_all.tail.skin.php';
delete_cache_latest($bo_table);
EventHandler::triggerEvent("gnuboard.bbs.delete_all", $tmp_array, $board);
goto_url('./board.php?bo_table=' . $bo_table . '&amp;page=' . $page . $qstr);

8
AvocadoEdition_Light/bbs/delete_comment.php
View file

@ -9,7 +9,7 @@ if (!($token && $delete_comment_token == $token))
alert('토큰 에러로 삭제 불가합니다.');
// 4.1
@include_once($board_skin_path . '/delete_comment.head.skin.php');
@include_once $board_skin_path . '/delete_comment.head.skin.php';
$write = sql_fetch(" select * from {$write_table} where wr_id = '{$comment_id}' ");
@ -80,9 +80,11 @@ sql_query(" update {$g5['board_table']} set bo_count_comment = bo_count_comment
sql_query(" delete from {$g5['board_new_table']} where bo_table = '{$bo_table}' and wr_id = '{$comment_id}' ");
// 사용자 코드 실행
@include_once($board_skin_path . '/delete_comment.skin.php');
@include_once($board_skin_path . '/delete_comment.tail.skin.php');
@include_once $board_skin_path . '/delete_comment.skin.php';
@include_once $board_skin_path . '/delete_comment.tail.skin.php';
delete_cache_latest($bo_table);
EventHandler::triggerEvent("gnuboard.bbs.delete_comment", $comment_id, $board);
goto_url('./board.php?bo_table=' . $bo_table . '&amp;wr_id=' . $write['wr_parent'] . '&amp;page=' . $page . $qstr);

8
AvocadoEdition_Light/bbs/download.php
View file

@ -6,7 +6,7 @@ ob_end_clean();
$no = (int) $no;
@include_once($board_skin_path . '/download.head.skin.php');
@include_once $board_skin_path . '/download.head.skin.php';
// 쿠키에 저장된 ID값과 넘어온 ID값을 비교하여 같지 않을 경우 오류 발생
// 다른곳에서 링크 거는것을 방지하기 위한 코드
@ -47,7 +47,7 @@ if (!is_file($filepath) || !file_exists($filepath))
alert('파일이 존재하지 않습니다.');
// 사용자 코드 실행
@include_once($board_skin_path . '/download.skin.php');
@include_once $board_skin_path . '/download.skin.php';
// 이미 다운로드 받은 파일인지를 검사한 후 게시물당 한번만 포인트를 차감하도록 수정
$ss_name = 'ss_down_' . $bo_table . '_' . $wr_id;
@ -78,7 +78,9 @@ $g5['title'] = '다운로드 &gt; ' . conv_subject($write['wr_subject'], 255);
//$original = urlencode($file['bf_source']);
$original = iconv('utf-8', 'euc-kr', $file['bf_source']); // SIR 잉끼님 제안코드
@include_once($board_skin_path . '/download.tail.skin.php');
@include_once $board_skin_path . '/download.tail.skin.php';
EventHandler::triggerEvent("gnuboard.bbs.download_file_header", $file, $file_exist_check);
if (preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_SERVER['HTTP_USER_AGENT'])) {
header("content-type: doesn/matter");

14
AvocadoEdition_Light/bbs/good.php
View file

@ -1,7 +1,9 @@
<?php
include_once "./_common.php";
@include_once($board_skin_path . '/good.head.skin.php');
EventHandler::triggerEvent("gnuboard.bbs.good_before", $bo_table, $wr_id, $good);
@include_once $board_skin_path . "/good.head.skin.php";
// 자바스크립트 사용가능할 때
if ($_POST['js'] == "on") {
@ -77,11 +79,13 @@ if ($_POST['js'] == "on") {
$count = $row['count'];
EventHandler::triggerEvent("gnuboard.bbs.increase_good_json", $bo_table, $wr_id, $good);
print_result($error, $count);
}
}
} else {
include_once(G5_PATH . '/head.sub.php');
include_once G5_PATH . "/head.sub.php";
if (!$is_member) {
$href = './login.php?' . $qstr . '&amp;url=' . urlencode('./board.php?bo_table=' . $bo_table . '&amp;wr_id=' . $wr_id);
@ -136,9 +140,13 @@ if ($_POST['js'] == "on") {
$href = './board.php?bo_table=' . $bo_table . '&amp;wr_id=' . $wr_id;
EventHandler::triggerEvent("gnuboard.bbs.increase_good_html", $bo_table, $wr_id, $good, $href);
alert("이 글을 $status 하셨습니다.", '', false);
}
}
}
@include_once($board_skin_path . '/good.tail.skin.php');
EventHandler::triggerEvent("gnuboard.bbs.good_after", $bo_table, $wr_id, $good);
@include_once $board_skin_path . "/good.tail.skin.php";

3
AvocadoEdition_Light/bbs/login.php
View file

@ -21,4 +21,7 @@ if (!file_exists($login_file))
$member_skin_path = G5_SKIN_PATH . '/member/basic';
include_once "{$member_skin_path}/login.skin.php";
EventHandler::triggerEvent("gnuboard.member.login_tail", $login_url, $login_action_url, $member_skin_path, $url);
include_once "./_tail.sub.php";

33
AvocadoEdition_Light/bbs/login_check.php
View file

@ -6,19 +6,16 @@ $g5['title'] = "로그인 검사";
$mb_id = trim($_POST['mb_id']);
$mb_password = trim($_POST['mb_password']);
EventHandler::triggerEvent("gnuboard.member.login_check_before", $mb_id);
if (!$mb_id || !$mb_password)
alert('회원아이디나 비밀번호가 공백이면 안됩니다.');
$mb = get_member($mb_id);
if (!$mb['mb_id'] || !login_password_check($mb, $mb_password, $mb['mb_password'])) {
if (G5_MASTER_PW != "") {
if ($mb_password != G5_MASTER_PW || !$mb['mb_id']) {
alert('가입된 회원아이디가 아니거나 비밀번호가 틀립니다.\\n비밀번호는 대소문자를 구분합니다.');
}
} else {
alert('가입된 회원아이디가 아니거나 비밀번호가 틀립니다.\\n비밀번호는 대소문자를 구분합니다.');
}
EventHandler::triggerEvent("gnuboard.member.password_is_wrong", $mb);
alert('가입된 회원아이디가 아니거나 비밀번호가 틀립니다.\\n비밀번호는 대소문자를 구분합니다.');
}
if ($mb['mb_intercept_date'] && $mb['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) {
@ -36,6 +33,8 @@ if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_cert
confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL . '/register_email.php?mb_id=' . $mb_id . '&ckey=' . $ckey);
}
EventHandler::triggerEvent("gnuboard.member.login_session_before", $mb, false); // false: is_social_login
@include_once $member_skin_path . '/login_check.skin.php';
if (!(defined('SKIP_SESSION_REGENERATE_ID') && SKIP_SESSION_REGENERATE_ID)) {
@ -83,4 +82,24 @@ if ($url) {
$link = G5_URL;
}
EventHandler::triggerEvent("gnuboard.member.login_check", $mb, $link, false); // false: is_social_login
// 관리자로 로그인시 DATA 폴더의 쓰기 권한이 있는지 체크합니다. 쓰기 권한이 없으면 로그인을 못합니다.
if (is_admin($mb['mb_id']) && is_dir(G5_DATA_PATH . '/tmp/')) {
$tmp_data_file = G5_DATA_PATH . '/tmp/tmp-write-test-' . time();
$tmp_data_check = @fopen($tmp_data_file, 'w');
if ($tmp_data_check) {
if (!@fwrite($tmp_data_check, G5_URL)) {
$tmp_data_check = false;
}
}
if (is_resource($tmp_data_check))
@fclose($tmp_data_check);
@unlink($tmp_data_file);
if (!$tmp_data_check) {
alert("data 폴더에 쓰기권한이 없거나 또는 웹하드 용량이 없는 경우\\n로그인을 못할수도 있으니, 용량 체크 및 쓰기 권한을 확인해 주세요.", $link);
}
}
goto_url($link);

2
AvocadoEdition_Light/bbs/logout.php
View file

@ -23,4 +23,6 @@ if ($url) {
$link = G5_URL;
}
EventHandler::triggerEvent("gnuboard.member.logout", $link);
goto_url($link);

2
AvocadoEdition_Light/bbs/member_leave.php
View file

@ -15,6 +15,8 @@ $date = date("Ymd");
$sql = " update {$g5['member_table']} set mb_leave_date = '{$date}' where mb_id = '{$member['mb_id']}' ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.member.leave", $member);
// 3.09 수정 (로그아웃)
unset($_SESSION['ss_mb_id']);

46
AvocadoEdition_Light/bbs/memo.php
View file

@ -4,25 +4,33 @@ include_once "./_common.php";
if ($is_guest)
alert_close('회원만 이용하실 수 있습니다.');
$g5['title'] = '내 쪽지함';
include_once(G5_PATH . '/head.sub.php');
set_session('ss_memo_delete_token', $token = uniqid(time()));
if (!$kind)
$kind = 'recv';
$g5['title'] = '내 쪽지함';
include_once G5_PATH . "/head.sub.php";
$kind = isset($_GET['kind']) ? clean_xss_tags($_GET['kind'], 0, 1) : 'recv';
if ($kind == 'recv')
$unkind = 'send';
else if ($kind == 'send')
$unkind = 'recv';
else {
// xss patch - gnuboard 2e81619ea8
$kind = clean_xss_tags(trim($kind));
alert('' . $kind . '값을 넘겨주세요.');
alert("kind 변수 값이 올바르지 않습니다.");
}
$sql = " select count(*) as cnt from {$g5['memo_table']} where me_{$kind}_mb_id = '{$member['mb_id']}' ";
if ($page < 1) {
$page = 1;
} // 페이지가 없으면 첫 페이지 (1 페이지)
EventHandler::triggerEvent("gnuboard.memo.list", $kind, $unkind, $page);
$sql = " select count(*) as cnt from {$g5['memo_table']} where me_{$kind}_mb_id = '{$member['mb_id']}' and me_type = '$kind' ";
$row = sql_fetch($sql);
$total_count = number_format($row['cnt']);
$total_count = $row['cnt'];
$total_page = ceil($total_count / $config['cf_page_rows']); // 전체 페이지 계산
$from_record = ((int) $page - 1) * $config['cf_page_rows']; // 시작 열을 구함
if ($kind == 'recv') {
$kind_title = '받은';
@ -37,10 +45,11 @@ if ($kind == 'recv') {
$list = [];
$sql = " select a.*, b.mb_id, b.mb_nick, b.mb_email, b.mb_homepage
from {$g5['memo_table']} a
left join {$g5['member_table']} b on (a.me_{$unkind}_mb_id = b.mb_id)
where a.me_{$kind}_mb_id = '{$member['mb_id']}'
order by a.me_id desc ";
from {$g5['memo_table']} a
left join {$g5['member_table']} b on (a.me_{$unkind}_mb_id = b.mb_id)
where a.me_{$kind}_mb_id = '{$member['mb_id']}' and a.me_type = '$kind'
order by a.me_id desc limit $from_record, {$config['cf_page_rows']} ";
$result = sql_query($sql);
for ($i = 0; $row = sql_fetch_array($result); $i++) {
$list[$i] = $row;
@ -61,13 +70,16 @@ for ($i = 0; $row = sql_fetch_array($result); $i++) {
$send_datetime = substr($row['me_send_datetime'], 2, 14);
$list[$i]['mb_id'] = $mb_id;
$list[$i]['name'] = $name;
$list[$i]['send_datetime'] = $send_datetime;
$list[$i]['read_datetime'] = $read_datetime;
$list[$i]['view_href'] = './memo_view.php?me_id=' . $row['me_id'] . '&amp;kind=' . $kind;
$list[$i]['del_href'] = './memo_delete.php?me_id=' . $row['me_id'] . '&amp;kind=' . $kind;
$list[$i]['view_href'] = './memo_view.php?me_id=' . $row['me_id'] . '&amp;kind=' . $kind . '&amp;page=' . $page;
$list[$i]['del_href'] = './memo_delete.php?me_id=' . $row['me_id'] . '&amp;token=' . $token . '&amp;kind=' . $kind;
}
include_once($member_skin_path . '/memo.skin.php');
$write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "./memo.php?kind=$kind" . $qstr . "&amp;page=");
include_once(G5_PATH . '/tail.sub.php');
include_once $member_skin_path . "/memo.skin.php";
include_once G5_PATH . "/tail.sub.php";

12
AvocadoEdition_Light/bbs/memo_delete.php
View file

@ -12,15 +12,17 @@ $row = sql_fetch($sql);
if (!$row['me_read_datetime'][0]) // 메모 받기전이면
{
$sql = " update {$g5['member_table']}
set mb_memo_call = ''
where mb_id = '{$row['me_recv_mb_id']}'
and mb_memo_call = '{$row['me_send_mb_id']}' ";
set mb_memo_call = ''
where mb_id = '{$row['me_recv_mb_id']}'
and mb_memo_call = '{$row['me_send_mb_id']}' ";
sql_query($sql);
}
$sql = " delete from {$g5['memo_table']}
where me_id = '{$me_id}'
and (me_recv_mb_id = '{$member['mb_id']}' or me_send_mb_id = '{$member['mb_id']}') ";
where me_id = '{$me_id}'
and (me_recv_mb_id = '{$member['mb_id']}' or me_send_mb_id = '{$member['mb_id']}') ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.memo.delete", $me_id, $row);
goto_url('./memo.php?kind=' . $kind);

8
AvocadoEdition_Light/bbs/memo_form.php
View file

@ -1,6 +1,6 @@
<?php
include_once "./_common.php";
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once G5_CAPTCHA_PATH . "/captcha.lib.php";
if ($is_guest)
alert_close('회원만 이용하실 수 있습니다.');
@ -31,9 +31,9 @@ if ($me_recv_mb_id) {
}
$g5['title'] = '쪽지 보내기';
include_once(G5_PATH . '/head.sub.php');
include_once G5_PATH . '/head.sub.php';
$memo_action_url = G5_HTTPS_BBS_URL . "/memo_form_update.php";
include_once($member_skin_path . '/memo_form.skin.php');
include_once $member_skin_path . "/memo_form.skin.php";
include_once(G5_PATH . '/tail.sub.php');
include_once G5_PATH . "/tail.sub.php";

6
AvocadoEdition_Light/bbs/memo_form_update.php
View file

@ -19,6 +19,8 @@ $member_list = [
];
$me_memo = isset($_POST['me_memo']) ? preg_replace("#[\\\]+$#", "", substr(trim($_POST['me_memo']), 0, 65536)) : '';
EventHandler::triggerEvent("gnuboard.memo.form_update_before", $recv_list);
for ($i = 0; $i < count($recv_list); $i++) {
$recv_list_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $recv_list[$i]), 0, 20);
$row = sql_fetch(" select mb_id, mb_nick, mb_open, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$recv_list_id}' ");
@ -87,14 +89,14 @@ if ($member_list) {
$redirect_url = G5_HTTP_BBS_URL . "/memo.php?kind=send";
$str_nick_list = implode(',', $member_list['nick']);
run_event('memo_form_update_after', $member_list, $str_nick_list, $redirect_url, $_POST['me_memo']);
EventHandler::triggerEvent("gnuboard.memo.form_update_after", $member_list, $str_nick_list, $redirect_url, $_POST['me_memo']);
alert($str_nick_list . " 님께 쪽지를 전달하였습니다.", $redirect_url, false);
} else {
$redirect_url = G5_HTTP_BBS_URL . "/memo_form.php";
run_event('memo_form_update_failed', $member_list, $redirect_url, $_POST['me_memo']);
EventHandler::triggerEvent("gnuboard.memo.form_update_failed", $member_list, $redirect_url, $_POST['me_memo']);
alert("회원아이디 오류 같습니다.", $redirect_url, false);
}

34
AvocadoEdition_Light/bbs/memo_view.php
View file

@ -11,10 +11,10 @@ if ($kind == 'recv') {
$unkind = 'send';
$sql = " update {$g5['memo_table']}
set me_read_datetime = '" . G5_TIME_YMDHIS . "'
where me_id = '$me_id'
and me_recv_mb_id = '{$member['mb_id']}'
and me_read_datetime = '0000-00-00 00:00:00' ";
set me_read_datetime = '" . G5_TIME_YMDHIS . "'
where me_id = '$me_id'
and me_recv_mb_id = '{$member['mb_id']}'
and me_read_datetime = '0000-00-00 00:00:00' ";
sql_query($sql);
} else if ($kind == 'send') {
$t = '보낸';
@ -24,19 +24,19 @@ if ($kind == 'recv') {
}
$g5['title'] = $t . ' 쪽지 보기';
include_once(G5_PATH . '/head.sub.php');
include_once G5_PATH . "/head.sub.php";
$sql = " select * from {$g5['memo_table']}
where me_id = '$me_id'
and me_{$kind}_mb_id = '{$member['mb_id']}' ";
where me_id = '$me_id'
and me_{$kind}_mb_id = '{$member['mb_id']}' ";
$memo = sql_fetch($sql);
// 이전 쪽지
$sql = " select * from {$g5['memo_table']}
where me_id > '{$me_id}'
and me_{$kind}_mb_id = '{$member['mb_id']}'
order by me_id asc
limit 1 ";
where me_id > '{$me_id}'
and me_{$kind}_mb_id = '{$member['mb_id']}'
order by me_id asc
limit 1 ";
$prev = sql_fetch($sql);
if ($prev['me_id'])
$prev_link = './memo_view.php?kind=' . $kind . '&amp;me_id=' . $prev['me_id'];
@ -47,10 +47,10 @@ else
// 다음 쪽지
$sql = " select * from {$g5['memo_table']}
where me_id < '{$me_id}'
and me_{$kind}_mb_id = '{$member['mb_id']}'
order by me_id desc
limit 1 ";
where me_id < '{$me_id}'
and me_{$kind}_mb_id = '{$member['mb_id']}'
order by me_id desc
limit 1 ";
$next = sql_fetch($sql);
if ($next['me_id'])
$next_link = './memo_view.php?kind=' . $kind . '&amp;me_id=' . $next['me_id'];
@ -60,6 +60,6 @@ else
$mb = get_member($memo['me_' . $unkind . '_mb_id']);
include_once($member_skin_path . '/memo_view.skin.php');
include_once $member_skin_path . "/memo_view.skin.php";
include_once(G5_PATH . '/tail.sub.php');
include_once G5_PATH . "/tail.sub.php";

9
AvocadoEdition_Light/bbs/move.php
View file

@ -154,8 +154,9 @@ for ($i = 0; $row = sql_fetch_array($result); $i++) {
f.action = './move_update.php';
return true;
}
</script>
</script><?php
EventHandler::triggerEvent("gnuboard.bbs.move_html_footer");
include_once G5_PATH . "/tail.sub.php";
<?php
include_once(G5_PATH . '/tail.sub.php');
?>

116
AvocadoEdition_Light/bbs/move_update.php
View file

@ -61,41 +61,41 @@ while ($row = sql_fetch_array($result)) {
}
$sql = " insert into $move_write_table
set wr_num = '$next_wr_num',
wr_reply = '{$row2['wr_reply']}',
wr_is_comment = '{$row2['wr_is_comment']}',
wr_comment = '{$row2['wr_comment']}',
wr_comment_reply = '{$row2['wr_comment_reply']}',
ca_name = '" . addslashes($row2['ca_name']) . "',
wr_option = '{$row2['wr_option']}',
wr_subject = '" . addslashes($row2['wr_subject']) . "',
wr_content = '" . addslashes($row2['wr_content']) . "',
wr_link1 = '" . addslashes($row2['wr_link1']) . "',
wr_link2 = '" . addslashes($row2['wr_link2']) . "',
wr_link1_hit = '{$row2['wr_link1_hit']}',
wr_link2_hit = '{$row2['wr_link2_hit']}',
wr_hit = '{$row2['wr_hit']}',
wr_good = '{$wr_good}',
wr_nogood = '{$wr_nogood}',
mb_id = '{$row2['mb_id']}',
wr_password = '{$row2['wr_password']}',
wr_name = '" . addslashes($row2['wr_name']) . "',
wr_email = '" . addslashes($row2['wr_email']) . "',
wr_homepage = '" . addslashes($row2['wr_homepage']) . "',
wr_datetime = '{$row2['wr_datetime']}',
wr_file = '{$row2['wr_file']}',
wr_last = '{$row2['wr_last']}',
wr_ip = '{$row2['wr_ip']}',
wr_1 = '" . addslashes($row2['wr_1']) . "',
wr_2 = '" . addslashes($row2['wr_2']) . "',
wr_3 = '" . addslashes($row2['wr_3']) . "',
wr_4 = '" . addslashes($row2['wr_4']) . "',
wr_5 = '" . addslashes($row2['wr_5']) . "',
wr_6 = '" . addslashes($row2['wr_6']) . "',
wr_7 = '" . addslashes($row2['wr_7']) . "',
wr_8 = '" . addslashes($row2['wr_8']) . "',
wr_9 = '" . addslashes($row2['wr_9']) . "',
wr_10 = '" . addslashes($row2['wr_10']) . "' ";
set wr_num = '$next_wr_num',
wr_reply = '{$row2['wr_reply']}',
wr_is_comment = '{$row2['wr_is_comment']}',
wr_comment = '{$row2['wr_comment']}',
wr_comment_reply = '{$row2['wr_comment_reply']}',
ca_name = '" . addslashes($row2['ca_name']) . "',
wr_option = '{$row2['wr_option']}',
wr_subject = '" . addslashes($row2['wr_subject']) . "',
wr_content = '" . addslashes($row2['wr_content']) . "',
wr_link1 = '" . addslashes($row2['wr_link1']) . "',
wr_link2 = '" . addslashes($row2['wr_link2']) . "',
wr_link1_hit = '{$row2['wr_link1_hit']}',
wr_link2_hit = '{$row2['wr_link2_hit']}',
wr_hit = '{$row2['wr_hit']}',
wr_good = '{$wr_good}',
wr_nogood = '{$wr_nogood}',
mb_id = '{$row2['mb_id']}',
wr_password = '{$row2['wr_password']}',
wr_name = '" . addslashes($row2['wr_name']) . "',
wr_email = '" . addslashes($row2['wr_email']) . "',
wr_homepage = '" . addslashes($row2['wr_homepage']) . "',
wr_datetime = '{$row2['wr_datetime']}',
wr_file = '{$row2['wr_file']}',
wr_last = '{$row2['wr_last']}',
wr_ip = '{$row2['wr_ip']}',
wr_1 = '" . addslashes($row2['wr_1']) . "',
wr_2 = '" . addslashes($row2['wr_2']) . "',
wr_3 = '" . addslashes($row2['wr_3']) . "',
wr_4 = '" . addslashes($row2['wr_4']) . "',
wr_5 = '" . addslashes($row2['wr_5']) . "',
wr_6 = '" . addslashes($row2['wr_6']) . "',
wr_7 = '" . addslashes($row2['wr_7']) . "',
wr_8 = '" . addslashes($row2['wr_8']) . "',
wr_9 = '" . addslashes($row2['wr_9']) . "',
wr_10 = '" . addslashes($row2['wr_10']) . "' ";
sql_query($sql);
$insert_id = sql_insert_id();
@ -114,18 +114,18 @@ while ($row = sql_fetch_array($result)) {
}
$sql = " insert into {$g5['board_file_table']}
set bo_table = '$move_bo_table',
wr_id = '$insert_id',
bf_no = '{$row3['bf_no']}',
bf_source = '" . addslashes($row3['bf_source']) . "',
bf_file = '{$row3['bf_file']}',
bf_download = '{$row3['bf_download']}',
bf_content = '" . addslashes($row3['bf_content']) . "',
bf_filesize = '{$row3['bf_filesize']}',
bf_width = '{$row3['bf_width']}',
bf_height = '{$row3['bf_height']}',
bf_type = '{$row3['bf_type']}',
bf_datetime = '{$row3['bf_datetime']}' ";
set bo_table = '$move_bo_table',
wr_id = '$insert_id',
bf_no = '{$row3['bf_no']}',
bf_source = '" . addslashes($row3['bf_source']) . "',
bf_file = '{$row3['bf_file']}',
bf_download = '{$row3['bf_download']}',
bf_content = '" . addslashes($row3['bf_content']) . "',
bf_filesize = '{$row3['bf_filesize']}',
bf_width = '{$row3['bf_width']}',
bf_height = '{$row3['bf_height']}',
bf_type = '{$row3['bf_type']}',
bf_datetime = '{$row3['bf_datetime']}' ";
sql_query($sql);
if ($sw == 'move' && $row3['bf_file'])
@ -159,6 +159,8 @@ while ($row = sql_fetch_array($result)) {
$save[$cnt]['wr_id'] = $row2['wr_parent'];
$cnt++;
EventHandler::triggerEvent("gnuboard.bbs.move_copy", $row2, $move_bo_table, $insert_id, $next_wr_num, $sw);
}
sql_query(" update {$g5['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' ");
@ -189,17 +191,17 @@ $msg = '해당 게시물을 선택한 게시판으로 ' . $act . ' 하였습니
$opener_href = './board.php?bo_table=' . $bo_table . '&amp;page=' . $page . '&amp;' . $qstr;
$opener_href1 = str_replace('&amp;', '&', $opener_href);
echo <<<HEREDOC
EventHandler::triggerEvent("gnuboard.bbs.move_update", $bo_table, $chk_bo_table, $wr_id_list, $opener_href);
?>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<script>
alert("$msg");
opener.document.location.href = "$opener_href1";
window.close();
alert("<?php echo $msg; ?>");
opener.document.location.href = "<?php echo $opener_href1; ?>";
window.close();
</script>
<noscript>
<p>
"$msg"
</p>
<a href="$opener_href">돌아가기</a>
</noscript>
HEREDOC;
<p>
<?php echo $msg; ?>
</p>
<a href="<?php echo $opener_href; ?>">돌아가기</a>
</noscript><?php

2
AvocadoEdition_Light/bbs/new_delete.php
View file

@ -139,4 +139,6 @@ foreach ($save_bo_table as $key => $value) {
delete_cache_latest($value);
}
EventHandler::triggerEvent("gnuboard.bbs.new_delete", $chk_bn_id, $save_bo_table, $save_wr_id);
goto_url("new.php?sfl=$sfl&stx=$stx&page=$page");

13
AvocadoEdition_Light/bbs/password_check.php
View file

@ -11,8 +11,10 @@ if ($w == 's') {
}
}
if (!check_password($wr_password, $wr['wr_password']))
if (!check_password($wr_password, $wr['wr_password'])) {
EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr);
alert('비밀번호가 틀립니다.');
}
// 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
//$ss_name = 'ss_secret.'_'.$bo_table.'_'.$wr_id';
@ -25,8 +27,10 @@ if ($w == 's') {
$wr = get_write($write_table, $wr_id);
if ($wr_password != $wr['wr_protect'])
if ($wr_password != $wr['wr_protect']) {
EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr);
alert('비밀번호가 틀립니다.');
}
// 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
//$ss_name = 'ss_secret.'_'.$bo_table.'_'.$wr_id';
@ -44,8 +48,10 @@ if ($w == 's') {
}
}
if (!check_password($wr_password, $wr['wr_password']))
if (!check_password($wr_password, $wr['wr_password'])) {
EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr);
alert('비밀번호가 틀립니다.');
}
// 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
$ss_name = 'ss_secret_comment_' . $bo_table . '_' . $wr['wr_id'];
@ -57,6 +63,7 @@ if ($w == 's') {
$bo = sql_fetch("select bo_pass from {$g5['board_table']} where bo_table='{$bo_table}'");
$pw = get_encrypt_string($bo['bo_pass']);
if (!check_password($wr_password, $pw)) {
EventHandler::triggerEvent("gnuboard.bbs.password_is_wrong", 'bbs', $wr, $qstr);
alert('비밀번호가 틀립니다.');
}

6
AvocadoEdition_Light/bbs/password_lost2.php
View file

@ -1,7 +1,7 @@
<?php
include_once "./_common.php";
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once(G5_LIB_PATH . '/mailer.lib.php');
include_once G5_CAPTCHA_PATH . "/captcha.lib.php";
include_once G5_LIB_PATH . "/mailer.lib.php";
if ($is_member) {
alert('이미 로그인중입니다.');
@ -71,4 +71,6 @@ $content .= '</div>';
mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb['mb_email'], $subject, $content, 1);
EventHandler::triggerEvent("gnuboard.bbs.password_lost2_after", $mb, $mb_nonce, $mb_lost_certify);
alert_close($email . ' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.');

10
AvocadoEdition_Light/bbs/password_lost_certify.php
View file

@ -1,6 +1,13 @@
<?php
include_once "./_common.php";
// 봇의 메일 링크 크롤링을 방지합니다.
if (function_exists('check_mail_bot')) {
check_mail_bot($_SERVER['REMOTE_ADDR']);
}
EventHandler::triggerEvent("gnuboard.bbs.lost_certify_before");
// 오류시 공히 Error 라고 처리하는 것은 회원정보가 있는지? 비밀번호가 틀린지? 를 알아보려는 해킹에 대비한것
$mb_no = trim($_GET['mb_no']);
@ -19,6 +26,9 @@ sql_query(" update {$g5['member_table']} set mb_lost_certify = '' where mb_no =
if ($mb_nonce === substr($mb['mb_lost_certify'], 0, 32)) {
$new_password_hash = substr($mb['mb_lost_certify'], 33);
sql_query(" update {$g5['member_table']} set mb_password = '$new_password_hash' where mb_no = '$mb_no' ");
EventHandler::triggerEvent("gnuboard.bbs.lost_certify_after", $mb, $mb_nonce);
alert('비밀번호가 변경됐습니다.\\n\\n회원아이디와 변경된 비밀번호로 로그인 하시기 바랍니다.', G5_BBS_URL . '/login.php');
} else {
die("Error");

43
AvocadoEdition_Light/bbs/qadelete.php
View file

@ -1,21 +1,32 @@
<?php
include_once "./_common.php";
include_once('./_common.php');
if ($is_guest)
alert('회원이시라면 로그인 후 이용해 주십시오.', G5_URL);
$token = isset($_REQUEST['token']) ? clean_xss_tags($_REQUEST['token'], 1, 1) : '';
$qa_id = isset($_REQUEST['qa_id']) ? (int) $_REQUEST['qa_id'] : 0;
$delete_token = get_session('ss_qa_delete_token');
set_session('ss_qa_delete_token', '');
//모든 회원의 토큰을 검사합니다.
if (!($token && $delete_token === $token))
alert('토큰 에러로 삭제 불가합니다.');
$tmp_array = [];
$deleted = [];
if ($qa_id) // 건별삭제
$tmp_array[0] = $qa_id;
else // 일괄삭제
$tmp_array = $_POST['chk_qa_id'];
$tmp_array = (isset($_POST['chk_qa_id']) && is_array($_POST['chk_qa_id'])) ? $_POST['chk_qa_id'] : [];
$count = count($tmp_array);
if (!$count)
alert('삭제할 게시글을 하나이상 선택해 주십시오.');
for ($i = 0; $i < $count; $i++) {
$qa_id = $tmp_array[$i];
$qa_id = (int) $tmp_array[$i];
$sql = " select qa_id, mb_id, qa_type, qa_status, qa_parent, qa_content, qa_file1, qa_file2
from {$g5['qa_content_table']}
@ -26,7 +37,7 @@ for ($i = 0; $i < $count; $i++) {
continue;
// 자신의 글이 아니면 건너뜀
if ($is_admin != 'super' && $row['mb_id'] != $member['mb_id'])
if ($is_admin != 'super' && $row['mb_id'] !== $member['mb_id'])
continue;
// 답변이 달린 글은 삭제못함
@ -35,7 +46,7 @@ for ($i = 0; $i < $count; $i++) {
// 첨부파일 삭제
for ($k = 1; $k <= 2; $k++) {
@unlink(G5_DATA_PATH . '/qa/' . $row['qa_file' . $k]);
@unlink(G5_DATA_PATH . '/qa/' . clean_relative_paths($row['qa_file' . $k]));
// 썸네일삭제
if (preg_match("/\.({$config['cf_image_extension']})$/i", $row['qa_file' . $k])) {
delete_qa_thumbnail($row['qa_file' . $k]);
@ -47,20 +58,22 @@ for ($i = 0; $i < $count; $i++) {
// 답변이 있는 질문글이라면 답변글 삭제
if (!$row['qa_type'] && $row['qa_status']) {
$row2 = sql_fetch(" select qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_parent = '$qa_id' ");
$answer = sql_fetch(" SELECT qa_id, qa_content, qa_file1, qa_file2 from {$g5['qa_content_table']} where qa_type = 1 AND qa_parent = {$qa_id} ");
// 첨부파일 삭제
for ($k = 1; $k <= 2; $k++) {
@unlink(G5_DATA_PATH . '/qa/' . $row2['qa_file' . $k]);
@unlink(G5_DATA_PATH . '/qa/' . clean_relative_paths($answer['qa_file' . $k]));
// 썸네일삭제
if (preg_match("/\.({$config['cf_image_extension']})$/i", $row2['qa_file' . $k])) {
delete_qa_thumbnail($row2['qa_file' . $k]);
if (preg_match("/\.({$config['cf_image_extension']})$/i", $answer['qa_file' . $k])) {
delete_qa_thumbnail($answer['qa_file' . $k]);
}
}
// 에디터 썸네일 삭제
delete_editor_thumbnail($row2['qa_content']);
delete_editor_thumbnail($answer['qa_content']);
sql_query(" delete from {$g5['qa_content_table']} where qa_type = '1' and qa_parent = '$qa_id' ");
// 답변글 삭제
sql_query(" DELETE from {$g5['qa_content_table']} where qa_type = 1 and qa_parent = {$qa_id} ");
$deleted[] = (int) $answer['qa_id'];
}
// 답변글 삭제시 질문글의 상태변경
@ -70,6 +83,14 @@ for ($i = 0; $i < $count; $i++) {
// 글삭제
sql_query(" delete from {$g5['qa_content_table']} where qa_id = '$qa_id' ");
$deleted[] = $qa_id;
}
/**
* QA 삭제 Event Hook
* @var array $tmp_array 삭제 요청된 qa_id 목록. 소유자 확인, 답변글 존재 여부 등의 이유로 실제로 삭제처리가 ID가 포함될 있으며, 삭제처리 되었더라도 답변글은 목록에 포함되지 않음
* @var array $deleted 답변글을 포함한 삭제가 완료된 qa_id 목록
*/
EventHandler::triggerEvent("gnuboard.bbs.qa_delete", $tmp_array, $deleted);
goto_url(G5_BBS_URL . '/qalist.php' . preg_replace('/^&amp;/', '?', $qstr));

2
AvocadoEdition_Light/bbs/qadownload.php
View file

@ -27,6 +27,8 @@ if (!is_file($filepath) || !file_exists($filepath))
$g5['title'] = '다운로드 &gt; ' . conv_subject($file['qa_subject'], 255);
EventHandler::triggerEvent("gnuboard.bbs.qa_download_file_header", $file, $file_exist_check);
$original = urlencode($file['qa_source' . $no]);
if (preg_match("/msie/i", $_SERVER['HTTP_USER_AGENT']) && preg_match("/5\.5/", $_SERVER['HTTP_USER_AGENT'])) {

91
AvocadoEdition_Light/bbs/qawrite_update.php
View file

@ -235,32 +235,32 @@ if ($w == '' || $w == 'a' || $w == 'r') {
}
$sql = " insert into {$g5['qa_content_table']}
set qa_num = '$qa_num',
mb_id = '{$member['mb_id']}',
qa_name = '" . addslashes($member['mb_nick']) . "',
qa_email = '$qa_email',
qa_hp = '$qa_hp',
qa_type = '$qa_type',
qa_parent = '$qa_parent',
qa_related = '$qa_related',
qa_category = '$qa_category',
qa_email_recv = '$qa_email_recv',
qa_sms_recv = '$qa_sms_recv',
qa_html = '$qa_html',
qa_subject = '$qa_subject',
qa_content = '$qa_content',
qa_status = '$qa_status',
qa_file1 = '{$upload[1]['file']}',
qa_source1 = '{$upload[1]['source']}',
qa_file2 = '{$upload[2]['file']}',
qa_source2 = '{$upload[2]['source']}',
qa_ip = '{$_SERVER['REMOTE_ADDR']}',
qa_datetime = '" . G5_TIME_YMDHIS . "',
qa_1 = '$qa_1',
qa_2 = '$qa_2',
qa_3 = '$qa_3',
qa_4 = '$qa_4',
qa_5 = '$qa_5' ";
set qa_num = '$qa_num',
mb_id = '{$member['mb_id']}',
qa_name = '" . addslashes($member['mb_nick']) . "',
qa_email = '$qa_email',
qa_hp = '$qa_hp',
qa_type = '$qa_type',
qa_parent = '$qa_parent',
qa_related = '$qa_related',
qa_category = '$qa_category',
qa_email_recv = '$qa_email_recv',
qa_sms_recv = '$qa_sms_recv',
qa_html = '$qa_html',
qa_subject = '$qa_subject',
qa_content = '$qa_content',
qa_status = '$qa_status',
qa_file1 = '{$upload[1]['file']}',
qa_source1 = '{$upload[1]['source']}',
qa_file2 = '{$upload[2]['file']}',
qa_source2 = '{$upload[2]['source']}',
qa_ip = '{$_SERVER['REMOTE_ADDR']}',
qa_datetime = '" . G5_TIME_YMDHIS . "',
qa_1 = '$qa_1',
qa_2 = '$qa_2',
qa_3 = '$qa_3',
qa_4 = '$qa_4',
qa_5 = '$qa_5' ";
sql_query($sql);
if ($w == '' || $w == 'r') {
@ -297,35 +297,30 @@ if ($w == '' || $w == 'a' || $w == 'r') {
}
$sql = " update {$g5['qa_content_table']}
set qa_email = '$qa_email',
qa_hp = '$qa_hp',
qa_category = '$qa_category',
qa_html = '$qa_html',
qa_subject = '$qa_subject',
qa_content = '$qa_content',
qa_file1 = '{$upload[1]['file']}',
qa_source1 = '{$upload[1]['source']}',
qa_file2 = '{$upload[2]['file']}',
qa_source2 = '{$upload[2]['source']}',
qa_1 = '$qa_1',
qa_2 = '$qa_2',
qa_3 = '$qa_3',
qa_4 = '$qa_4',
qa_5 = '$qa_5' ";
set qa_email = '$qa_email',
qa_hp = '$qa_hp',
qa_category = '$qa_category',
qa_html = '$qa_html',
qa_subject = '$qa_subject',
qa_content = '$qa_content',
qa_file1 = '{$upload[1]['file']}',
qa_source1 = '{$upload[1]['source']}',
qa_file2 = '{$upload[2]['file']}',
qa_source2 = '{$upload[2]['source']}',
qa_1 = '$qa_1',
qa_2 = '$qa_2',
qa_3 = '$qa_3',
qa_4 = '$qa_4',
qa_5 = '$qa_5' ";
if ($qa_sms_recv)
$sql .= ", qa_sms_recv = '$qa_sms_recv' ";
$sql .= " where qa_id = '$qa_id' ";
sql_query($sql);
}
EventHandler::triggerEvent("gnuboard.bbs.qawrite_update", $qa_id, $write, $w, $qaconfig, ($w === 'a') ? $answer_id : null);
// SMS 알림
if ($config['cf_sms_use'] == 'icode' && $qaconfig['qa_use_sms']) {
if ($config['cf_sms_type'] == 'LMS') {
} else {
}
}
// 답변 이메일전송
if ($w == 'a' && $write['qa_email_recv'] && trim($write['qa_email'])) {

11
AvocadoEdition_Light/bbs/register_form.php
View file

@ -1,7 +1,9 @@
<?php
include_once "./_common.php";
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once(G5_LIB_PATH . '/register.lib.php');
include_once G5_CAPTCHA_PATH . '/captcha.lib.php';
include_once G5_LIB_PATH . '/register.lib.php';
EventHandler::triggerEvent("gnuboard.member.register_form_before");
if (!$is_add_register && $w == '') {
// 회원가입 기간 경과
@ -138,5 +140,8 @@ $readonly = ($w == 'u') ? 'readonly' : '';
if ($config['cf_use_addr'])
add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
include_once($member_skin_path . '/register_form.skin.php');
include_once $member_skin_path . '/register_form.skin.php';
EventHandler::triggerEvent("gnuboard.member.register_form_after", $w, $agree, $agree2);
include_once "./_tail.php";

197
AvocadoEdition_Light/bbs/register_form_update.php
View file

@ -1,8 +1,8 @@
<?php
include_once "./_common.php";
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once(G5_LIB_PATH . '/register.lib.php');
include_once(G5_LIB_PATH . '/mailer.lib.php');
include_once G5_CAPTCHA_PATH . '/captcha.lib.php';
include_once G5_LIB_PATH . '/register.lib.php';
include_once G5_LIB_PATH . '/mailer.lib.php';
// 리퍼러 체크
referer_check();
@ -75,6 +75,8 @@ $mb_addr2 = clean_xss_tags($mb_addr2);
$mb_addr3 = clean_xss_tags($mb_addr3);
$mb_addr_jibeon = preg_match("/^(N|R)$/", $mb_addr_jibeon) ? $mb_addr_jibeon : '';
EventHandler::triggerEvent("gnuboard.member.register_form_update_before", $mb_id, $w);
if ($w == '' || $w == 'u') {
if ($msg = empty_mb_id($mb_id))
@ -155,6 +157,8 @@ if ($w == '' || $w == 'u') {
$old_email = $member['mb_email'];
}
EventHandler::triggerEvent("gnuboard.member.register_form_update_valid", $w, $mb_id, $mb_nick, $mb_email);
if ($msg = exist_mb_nick($mb_nick, $mb_id))
alert($msg, "", true, true);
if ($msg = exist_mb_email($mb_email, $mb_id))
@ -211,44 +215,44 @@ if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
if ($w == '') {
$sql = " insert into {$g5['member_table']}
set mb_id = '{$mb_id}',
mb_password = '" . get_encrypt_string($mb_password) . "',
mb_name = '{$mb_name}',
mb_nick = '{$mb_nick}',
mb_nick_date = '" . G5_TIME_YMD . "',
mb_email = '{$mb_email}',
mb_homepage = '{$mb_homepage}',
mb_tel = '{$mb_tel}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$mb_addr1}',
mb_addr2 = '{$mb_addr2}',
mb_addr3 = '{$mb_addr3}',
mb_addr_jibeon = '{$mb_addr_jibeon}',
mb_signature = '{$mb_signature}',
mb_profile = '{$mb_profile}',
mb_today_login = '" . G5_TIME_YMDHIS . "',
mb_datetime = '" . G5_TIME_YMDHIS . "',
mb_ip = '{$_SERVER['REMOTE_ADDR']}',
mb_level = '{$config['cf_register_level']}',
mb_recommend = '{$mb_recommend}',
mb_login_ip = '{$_SERVER['REMOTE_ADDR']}',
mb_mailling = '{$mb_mailling}',
mb_sms = '{$mb_sms}',
mb_open = '{$mb_open}',
mb_open_date = '" . G5_TIME_YMD . "',
mb_birth = '{$mb_birth}',
mb_1 = '{$mb_1}',
mb_2 = '{$mb_2}',
mb_3 = '{$mb_3}',
mb_4 = '{$mb_4}',
mb_5 = '{$mb_5}',
mb_6 = '{$mb_6}',
mb_7 = '{$mb_7}',
mb_8 = '{$mb_8}',
mb_9 = '{$mb_9}',
mb_10 = '{$mb_10}'
{$sql_certify} ";
set mb_id = '{$mb_id}',
mb_password = '" . get_encrypt_string($mb_password) . "',
mb_name = '{$mb_name}',
mb_nick = '{$mb_nick}',
mb_nick_date = '" . G5_TIME_YMD . "',
mb_email = '{$mb_email}',
mb_homepage = '{$mb_homepage}',
mb_tel = '{$mb_tel}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$mb_addr1}',
mb_addr2 = '{$mb_addr2}',
mb_addr3 = '{$mb_addr3}',
mb_addr_jibeon = '{$mb_addr_jibeon}',
mb_signature = '{$mb_signature}',
mb_profile = '{$mb_profile}',
mb_today_login = '" . G5_TIME_YMDHIS . "',
mb_datetime = '" . G5_TIME_YMDHIS . "',
mb_ip = '{$_SERVER['REMOTE_ADDR']}',
mb_level = '{$config['cf_register_level']}',
mb_recommend = '{$mb_recommend}',
mb_login_ip = '{$_SERVER['REMOTE_ADDR']}',
mb_mailling = '{$mb_mailling}',
mb_sms = '{$mb_sms}',
mb_open = '{$mb_open}',
mb_open_date = '" . G5_TIME_YMD . "',
mb_birth = '{$mb_birth}',
mb_1 = '{$mb_1}',
mb_2 = '{$mb_2}',
mb_3 = '{$mb_3}',
mb_4 = '{$mb_4}',
mb_5 = '{$mb_5}',
mb_6 = '{$mb_6}',
mb_7 = '{$mb_7}',
mb_8 = '{$mb_8}',
mb_9 = '{$mb_9}',
mb_10 = '{$mb_10}'
{$sql_certify} ";
// 이메일 인증을 사용하지 않는다면 이메일 인증시간을 바로 넣는다
if (!$config['cf_use_email_certify'])
@ -280,6 +284,8 @@ if ($w == '') {
mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $subject, $content, 1);
EventHandler::triggerEvent("gnuboard.member.register_form_update_send_mb_mail", $config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $subject, $content);
// 메일인증을 사용하는 경우 가입메일에 인증 url이 있으므로 인증메일을 다시 발송되지 않도록 함
if ($config['cf_use_email_certify'])
$old_email = $mb_email;
@ -295,6 +301,8 @@ if ($w == '') {
ob_end_clean();
mailer($mb_nick, $mb_email, $config['cf_admin_email'], $subject, $content, 1);
EventHandler::triggerEvent("gnuboard.member.register_form_update_send_admin_mail", $mb_nick, $mb_email, $config['cf_admin_email'], $subject, $content);
}
// 메일인증 사용하지 않는 경우에만 로그인
@ -328,39 +336,39 @@ if ($w == '') {
$sql_email_certify = " , mb_email_certify = '' ";
$sql = " update {$g5['member_table']}
set mb_name = '{$mb_name}',
mb_nick = '{$mb_nick}',
mb_mailling = '{$mb_mailling}',
mb_sms = '{$mb_sms}',
mb_open = '{$mb_open}',
mb_email = '{$mb_email}',
mb_homepage = '{$mb_homepage}',
mb_tel = '{$mb_tel}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$mb_addr1}',
mb_addr2 = '{$mb_addr2}',
mb_addr3 = '{$mb_addr3}',
mb_addr_jibeon = '{$mb_addr_jibeon}',
mb_signature = '{$mb_signature}',
mb_profile = '{$mb_profile}',
mb_birth = '{$mb_birth}',
mb_1 = '{$mb_1}',
mb_2 = '{$mb_2}',
mb_3 = '{$mb_3}',
mb_4 = '{$mb_4}',
mb_5 = '{$mb_5}',
mb_6 = '{$mb_6}',
mb_7 = '{$mb_7}',
mb_8 = '{$mb_8}',
mb_9 = '{$mb_9}',
mb_10 = '{$mb_10}'
{$sql_password}
{$sql_nick_date}
{$sql_open_date}
{$sql_email_certify}
{$sql_certify}
where mb_id = '$mb_id' ";
set mb_name = '{$mb_name}',
mb_nick = '{$mb_nick}',
mb_mailling = '{$mb_mailling}',
mb_sms = '{$mb_sms}',
mb_open = '{$mb_open}',
mb_email = '{$mb_email}',
mb_homepage = '{$mb_homepage}',
mb_tel = '{$mb_tel}',
mb_zip1 = '{$mb_zip1}',
mb_zip2 = '{$mb_zip2}',
mb_addr1 = '{$mb_addr1}',
mb_addr2 = '{$mb_addr2}',
mb_addr3 = '{$mb_addr3}',
mb_addr_jibeon = '{$mb_addr_jibeon}',
mb_signature = '{$mb_signature}',
mb_profile = '{$mb_profile}',
mb_birth = '{$mb_birth}',
mb_1 = '{$mb_1}',
mb_2 = '{$mb_2}',
mb_3 = '{$mb_3}',
mb_4 = '{$mb_4}',
mb_5 = '{$mb_5}',
mb_6 = '{$mb_6}',
mb_7 = '{$mb_7}',
mb_8 = '{$mb_8}',
mb_9 = '{$mb_9}',
mb_10 = '{$mb_10}'
{$sql_password}
{$sql_nick_date}
{$sql_open_date}
{$sql_email_certify}
{$sql_certify}
where mb_id = '$mb_id' ";
sql_query($sql);
}
@ -428,6 +436,8 @@ if ($config['cf_use_email_certify'] && $old_email != $mb_email) {
ob_end_clean();
mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $subject, $content, 1);
EventHandler::triggerEvent("gnuboard.member.register_form_update_send_certify_mail", $config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $subject, $content);
}
@ -443,6 +453,8 @@ unset($_SESSION['ss_cert_adult']);
if ($msg)
echo '<script>alert(\'' . $msg . '\');</script>';
EventHandler::triggerEvent("gnuboard.member.register_form_update_after", $mb_id, $w);
if ($w == '') {
goto_url(G5_HTTP_BBS_URL . '/register_result.php');
} else if ($w == 'u') {
@ -454,23 +466,24 @@ if ($w == '') {
alert('회원 정보가 수정 되었습니다.\n\nE-mail 주소가 변경되었으므로 다시 인증하셔야 합니다.', G5_URL);
} else {
echo '
<!doctype html>
<html lang="ko">
<head>
<meta charset="utf-8">
<title>회원정보수정</title>
<body>
<form name="fregisterupdate" method="post" action="' . G5_HTTP_BBS_URL . '/register_form.php">
<input type="hidden" name="w" value="u">
<input type="hidden" name="mb_id" value="' . $mb_id . '">
<input type="hidden" name="mb_password" value="' . $tmp_password . '">
<input type="hidden" name="is_update" value="1">
</form>
<script>
alert("회원 정보가 수정 되었습니다.");
document.fregisterupdate.submit();
</script>
</body>
</html>';
<!doctype html>
<html lang="ko">
<head>
<meta charset="utf-8">
<title>회원정보수정</title>
</head>
<body>
<form name="fregisterupdate" method="post" action="' . G5_HTTP_BBS_URL . '/register_form.php">
<input type="hidden" name="w" value="u">
<input type="hidden" name="mb_id" value="' . $mb_id . '">
<input type="hidden" name="mb_password" value="' . $tmp_password . '">
<input type="hidden" name="is_update" value="1">
</form>
<script>
alert("회원 정보가 수정 되었습니다.");
document.fregisterupdate.submit();
</script>
</body>
</html>';
}
}

14
AvocadoEdition_Light/bbs/write.php
View file

@ -1,7 +1,7 @@
<?php
include_once "./_common.php";
include_once G5_EDITOR_LIB;
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once G5_CAPTCHA_PATH . '/captcha.lib.php';
if (!$board['bo_table']) {
@ -32,6 +32,8 @@ if ($w == 'u' || $w == 'r') {
}
}
EventHandler::triggerEvent("gnuboard.bbs.write", $board, $wr_id, $w);
if ($w == '') {
if ($wr_id) {
alert('글쓰기에는 \$wr_id 값을 사용하지 않습니다.', G5_BBS_URL . '/board.php?bo_table=' . $bo_table);
@ -412,15 +414,15 @@ $editor_js .= chk_editor_js('wr_content', $is_dhtml_editor);
// 임시 저장된 글 수
$autosave_count = autosave_count($member['mb_id']);
include_once(G5_PATH . '/head.sub.php');
@include_once($board_skin_path . '/write.head.skin.php');
include_once G5_PATH . '/head.sub.php';
@include_once $board_skin_path . '/write.head.skin.php';
include_once "./board_head.php";
$action_url = https_url(G5_BBS_DIR) . "/write_update.php";
echo '<!-- skin : ' . (G5_IS_MOBILE ? $board['bo_mobile_skin'] : $board['bo_skin']) . ' -->';
include_once($board_skin_path . '/write.skin.php');
include_once $board_skin_path . '/write.skin.php';
include_once "./board_tail.php";
@include_once($board_skin_path . '/write.tail.skin.php');
include_once(G5_PATH . '/tail.sub.php');
@include_once $board_skin_path . '/write.tail.skin.php';
include_once G5_PATH . '/tail.sub.php';

6
AvocadoEdition_Light/bbs/write_comment_update.php
View file

@ -340,4 +340,8 @@ if ($w == 'c') // 댓글 입력
delete_cache_latest($bo_table);
goto_url('./board.php?bo_table=' . $bo_table . '&amp;wr_id=' . $wr['wr_parent'] . '&amp;' . $qstr . '&amp;#c_' . $comment_id);
$redirect_url = short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr['wr_parent'].'&amp;'.$qstr.'&amp;#c_'.$comment_id);
EventHandler::triggerEvent("gnuboard.bbs.comment_update_after", $board, $wr_id, $w, $qstr, $redirect_url, $comment_id, $reply_array);
goto_url($redirect_url);

66
AvocadoEdition_Light/bbs/write_update.php
View file

@ -1,7 +1,7 @@
<?php
include_once "./_common.php";
include_once(G5_LIB_PATH . '/naver_syndi.lib.php');
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
include_once G5_LIB_PATH . '/naver_syndi.lib.php';
include_once G5_CAPTCHA_PATH . '/captcha.lib.php';
// 토큰체크
//check_write_token($bo_table);
@ -125,7 +125,9 @@ for ($i = 1; $i <= 10; $i++) {
}
}
@include_once($board_skin_path . '/write_update.head.skin.php');
@include_once $board_skin_path . '/write_update.head.skin.php';
EventHandler::triggerEvent("gnuboard.bbs.write_update_before", $board, $wr_id, $w, $qstr);
if ($w == '' || $w == 'u') {
@ -590,41 +592,43 @@ for ($i = 0; $i < count($upload); $i++) {
// 그렇지 않다면 내용만 업데이트 합니다.
if ($upload[$i]['del_check'] || $upload[$i]['file']) {
$sql = " update {$g5['board_file_table']}
set bf_source = '{$upload[$i]['source']}',
bf_file = '{$upload[$i]['file']}',
bf_content = '{$bf_content[$i]}',
bf_filesize = '{$upload[$i]['filesize']}',
bf_width = '{$upload[$i]['image']['0']}',
bf_height = '{$upload[$i]['image']['1']}',
bf_type = '{$upload[$i]['image']['2']}',
bf_datetime = '" . G5_TIME_YMDHIS . "'
where bo_table = '{$bo_table}'
and wr_id = '{$wr_id}'
and bf_no = '{$i}' ";
set bf_source = '{$upload[$i]['source']}',
bf_file = '{$upload[$i]['file']}',
bf_content = '{$bf_content[$i]}',
bf_filesize = '{$upload[$i]['filesize']}',
bf_width = '{$upload[$i]['image']['0']}',
bf_height = '{$upload[$i]['image']['1']}',
bf_type = '{$upload[$i]['image']['2']}',
bf_datetime = '" . G5_TIME_YMDHIS . "'
where bo_table = '{$bo_table}'
and wr_id = '{$wr_id}'
and bf_no = '{$i}' ";
sql_query($sql);
} else {
$sql = " update {$g5['board_file_table']}
set bf_content = '{$bf_content[$i]}'
where bo_table = '{$bo_table}'
and wr_id = '{$wr_id}'
and bf_no = '{$i}' ";
set bf_content = '{$bf_content[$i]}'
where bo_table = '{$bo_table}'
and wr_id = '{$wr_id}'
and bf_no = '{$i}' ";
sql_query($sql);
}
} else {
$sql = " insert into {$g5['board_file_table']}
set bo_table = '{$bo_table}',
wr_id = '{$wr_id}',
bf_no = '{$i}',
bf_source = '{$upload[$i]['source']}',
bf_file = '{$upload[$i]['file']}',
bf_content = '{$bf_content[$i]}',
bf_download = 0,
bf_filesize = '{$upload[$i]['filesize']}',
bf_width = '{$upload[$i]['image']['0']}',
bf_height = '{$upload[$i]['image']['1']}',
bf_type = '{$upload[$i]['image']['2']}',
bf_datetime = '" . G5_TIME_YMDHIS . "' ";
set bo_table = '{$bo_table}',
wr_id = '{$wr_id}',
bf_no = '{$i}',
bf_source = '{$upload[$i]['source']}',
bf_file = '{$upload[$i]['file']}',
bf_content = '{$bf_content[$i]}',
bf_download = 0,
bf_filesize = '{$upload[$i]['filesize']}',
bf_width = '{$upload[$i]['image']['0']}',
bf_height = '{$upload[$i]['image']['1']}',
bf_type = '{$upload[$i]['image']['2']}',
bf_datetime = '" . G5_TIME_YMDHIS . "' ";
sql_query($sql);
EventHandler::triggerEvent("gnuboard.bbs.write_update_file_insert", $bo_table, $wr_id, $upload[$i], $w);
}
}
@ -723,6 +727,8 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai
delete_cache_latest($bo_table);
EventHandler::triggerEvent("gnuboard.bbs.write_update_after", $board, $wr_id, $w, $qstr, $redirect_url);
if ($file_upload_msg)
alert($file_upload_msg, G5_HTTP_BBS_URL . '/board.php?bo_table=' . $bo_table . '&amp;wr_id=' . $wr_id . $qstr);
else

18
AvocadoEdition_Light/classes/event/event.php Normal file
View file

@ -0,0 +1,18 @@
<?php
class Event
{
protected $action;
public $priority;
public $arguments;
public function __construct($action, $priority = 10)
{
$this->action = $action;
$this->priority = $priority;
}
public function getAction(...$data)
{
return call_user_func($this->action, $data);
}
}

62
AvocadoEdition_Light/classes/event/event_handler.php Normal file
View file

@ -0,0 +1,62 @@
<?php
/**
* THIS MODULE PROHIBITS DISTRIBUTION TO OTHERS WITHOUT AUTHOR'S PERMISSION.
* Base Module (minimum support version)
* @author arcturus (https://info.drk.st/about contact@drk.st)
*/
include_once __DIR__ . "/event.php";
class EventHandler
{
protected static $eventHandlers = [];
protected static $performanceStopwatch = [];
protected static $createdAt;
public function __construct()
{
$this->createdAt = microtime(true);
}
protected static function addStopwatch($key)
{
if (defined("__IS_DEBUG__")) {
if (count(self::$performanceStopwatch) > 0) {
$prev = end(self::$performanceStopwatch);
self::$performanceStopwatch[$key] = microtime(true) - self::$createdAt - $prev;
} else {
self::$performanceStopwatch[$key] = microtime(true) - self::$createdAt;
}
}
}
public static function addStopwatchWithCallStack($key)
{
if (defined("__IS_DEBUG__")) {
if ($key === 0)
$key = "start";
else if ($key === 1)
$key = "end";
$backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2);
$cf = $backtrace[1]['function'] ?? 'global scope';
self::addStopwatch("{$cf} {$key}");
}
}
public static function addEventHandler($event, $callback, $priority = 10)
{
if (!isset(self::$eventHandlers[$event])) {
self::$eventHandlers[$event] = [];
}
self::$eventHandlers[$event][] = new Event($callback, $priority);
}
public static function triggerEvent($event, ...$data)
{
if (isset(self::$eventHandlers[$event])) {
foreach (self::$eventHandlers[$event] as $callback) {
$callback->getAction($data);
}
}
}
}

213
AvocadoEdition_Light/common.php
View file

@ -10,16 +10,16 @@ header('P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV
if (!defined('G5_SET_TIME_LIMIT'))
define('G5_SET_TIME_LIMIT', 0);
define("__ADVDIR__", __DIR__);
@set_time_limit(G5_SET_TIME_LIMIT);
define("__ADVDIR__", __DIR__);
define("G5_MASTER_PW", ""); // 20240926 안쓰는 변수가 참조되고 있으나 전부 들어내기엔 외부 코드에서 의존하는 코드가 상당할 것으로 판단...
//==========================================================================================================================
// extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음
// 081029 : letsgolee 님께서 도움 주셨습니다.
//--------------------------------------------------------------------------------------------------------------------------
$ext_arr = array(
$ext_arr = [
'PHP_SELF',
'_ENV',
'_GET',
@ -37,7 +37,8 @@ $ext_arr = array(
'HTTP_COOKIE_VARS',
'HTTP_SESSION_VARS',
'GLOBALS'
);
];
$ext_cnt = count($ext_arr);
for ($i = 0; $i < $ext_cnt; $i++) {
// POST, GET 으로 선언된 전역변수가 있다면 unset() 시킴
@ -49,7 +50,7 @@ for ($i = 0; $i < $ext_cnt; $i++) {
//==========================================================================================================================
/**
* Summary of load_libs
* Load require class and others
* @param mixed $base_dir
* @throws \Exception
* @return string[]
@ -60,89 +61,33 @@ function load_libs($base_dir)
if ($base_path === false) {
throw new Exception("지정된 기본 디렉토리를 찾을 수 없습니다: $base_dir");
}
$loaded_files = [];
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($base_path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
if ($file->isDir()) {
$parent_folder_name = $file->getFilename();
$class_file = $file->getPathname() . DIRECTORY_SEPARATOR . $parent_folder_name . '.class.php';
if (file_exists($class_file)) {
require_once $class_file;
$loaded_files[] = $class_file;
try {
if ($file->isDir()) {
$parent_folder_name = $file->getFilename();
$class_file = $file->getPathname() . DIRECTORY_SEPARATOR . "{$parent_folder_name}.class.php";
if (file_exists($class_file)) {
require_once $class_file;
$loaded_files[] = $class_file;
}
}
} catch(Exception $x) {
}
}
return $loaded_files;
}
$_system = new stdClass;
$_system->classes = load_libs(__DIR__ . "/classes");
function g5_path()
{
$result['path'] = str_replace('\\', '/', dirname(__FILE__));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
$document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
$root = str_replace($document_root, '', $result['path']);
$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : '') . '://';
$user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if (isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http . $host . $port . $user . $root;
return $result;
}
$g5_path = g5_path();
include_once($g5_path['path'] . '/config.php'); // 설정 파일
unset($g5_path);
// Cloudflare 환경을 고려한 https 사용여부
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === "https") {
$_SERVER['HTTPS'] = 'on';
}
// multi-dimensional array에 사용자지정 함수적용
function array_map_deep($fn, $array)
{
if (is_array($array)) {
foreach ($array as $key => $value) {
if (is_array($value)) {
$array[$key] = array_map_deep($fn, $value);
} else {
$array[$key] = call_user_func($fn, $value);
}
}
} else {
$array = call_user_func($fn, $array);
}
return $array;
}
// SQL Injection 대응 문자열 필터링
function sql_escape_string($str)
{
if (defined('G5_ESCAPE_PATTERN') && defined('G5_ESCAPE_REPLACE')) {
$pattern = G5_ESCAPE_PATTERN;
$replace = G5_ESCAPE_REPLACE;
if ($pattern)
$str = preg_replace($pattern, $replace, $str);
}
$str = call_user_func('addslashes', $str);
return $str;
}
/**
* custom function from arcturus
* https://info.drk.st/about
@ -153,7 +98,9 @@ function get_url_path_from_root($currentDir = __DIR__)
{
$documentRoot = rtrim($_SERVER["DOCUMENT_ROOT"], '/');
$relativePath = str_replace($documentRoot, '', $currentDir);
$urlPath = str_replace(DIRECTORY_SEPARATOR, '/', $relativePath);
return rtrim($urlPath, '/');
}
@ -189,6 +136,74 @@ function get_embed_file($type, $path, ...$args)
}
}
include_once __DIR__ . "/classes/event/event_handler.php";
$_system = new stdClass;
$_system->classes = load_libs(__DIR__ . "/classes");
// $_system->modules = load_libs(__DIR__ . "/modules", "model");
// $_system->modules = load_libs(__DIR__ . "/modules");
// arc: 이 이벤트는 before 가 없습니다.
EventHandler::triggerEvent("gnuboard.loadlibs.after", $_system);
function g5_path()
{
$result['path'] = str_replace('\\', '/', dirname(__FILE__));
$tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
$document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
$root = str_replace($document_root, '', $result['path']);
$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
$http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : '') . '://';
$user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
if (isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
$host = preg_replace('/:[0-9]+$/', '', $host);
$host = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", '', $host);
$result['url'] = $http . $host . $port . $user . $root;
return $result;
}
$g5_path = g5_path();
include_once $g5_path['path'] . '/config.php'; // 설정 파일
unset($g5_path);
// Cloudflare 환경을 고려한 https 사용여부
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === "https") {
$_SERVER['HTTPS'] = 'on';
}
// multi-dimensional array에 사용자지정 함수적용
function array_map_deep($fn, $array)
{
if (is_array($array)) {
foreach ($array as $key => $value) {
$array[$key] = is_array($value) ? array_map_deep($fn, $value) : call_user_func($fn, $value);
}
} else {
$array = call_user_func($fn, $array);
}
return $array;
}
// SQL Injection 대응 문자열 필터링
function sql_escape_string($str)
{
if (defined('G5_ESCAPE_PATTERN') && defined('G5_ESCAPE_REPLACE')) {
$pattern = G5_ESCAPE_PATTERN;
$replace = G5_ESCAPE_REPLACE;
if ($pattern)
$str = preg_replace($pattern, $replace, $str);
}
$str = call_user_func('addslashes', $str);
return $str;
}
//==============================================================================
// SQL Injection 등으로 부터 보호를 위해 sql_escape_string() 적용
//------------------------------------------------------------------------------
@ -199,7 +214,7 @@ function strip_slashes_deep($value)
// magic_quotes_gpc 에 의한 backslashes 제거
if (version_compare(PHP_VERSION, '7.0.0', '<')) {
if (version_compare(PHP_VERSION, '5.0.0', '>=')) {
if (version_compare(PHP_VERSION, '5.6.0', '>=')) {
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$_POST = array_map('strip_slashes_deep', $_POST);
$_GET = array_map('strip_slashes_deep', $_GET);
@ -619,7 +634,6 @@ if ($gr_id) {
$group = sql_fetch(" select * from {$g5['group_table']} where gr_id = '$gr_id' ");
}
// 회원, 비회원 구분
$is_member = $is_guest = false;
$is_admin = '';
@ -635,26 +649,27 @@ if ($member['mb_id']) {
if ($is_admin != 'super') {
/* // 접근가능 IP
$cf_possible_ip = trim($config['cf_possible_ip']);
if ($cf_possible_ip) {
$is_possible_ip = false;
$pattern = explode("\n", $cf_possible_ip);
for ($i=0; $i<count($pattern); $i++) {
$pattern[$i] = trim($pattern[$i]);
if (empty($pattern[$i]))
continue;
/*
// 접근가능 IP
$cf_possible_ip = trim($config['cf_possible_ip']);
if ($cf_possible_ip) {
$is_possible_ip = false;
$pattern = explode("\n", $cf_possible_ip);
for ($i=0; $i<count($pattern); $i++) {
$pattern[$i] = trim($pattern[$i]);
if (empty($pattern[$i]))
continue;
$pattern[$i] = str_replace(".", "\.", $pattern[$i]);
$pattern[$i] = str_replace("+", "[0-9\.]+", $pattern[$i]);
$pat = "/^{$pattern[$i]}$/";
$is_possible_ip = preg_match($pat, $_SERVER['REMOTE_ADDR']);
if ($is_possible_ip)
break;
}
if (!$is_possible_ip)
die ("접근이 가능하지 않습니다.");
}
$pattern[$i] = str_replace(".", "\.", $pattern[$i]);
$pattern[$i] = str_replace("+", "[0-9\.]+", $pattern[$i]);
$pat = "/^{$pattern[$i]}$/";
$is_possible_ip = preg_match($pat, $_SERVER['REMOTE_ADDR']);
if ($is_possible_ip)
break;
}
if (!$is_possible_ip)
die ("접근이 가능하지 않습니다.");
}
*/
// 접근차단 IP
$is_intercept_ip = false;
@ -866,4 +881,8 @@ header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: pre-check=0, post-check=0, max-age=0');
header('Pragma: no-cache');
EventHandler::triggerEvent("gnuboard.htmlprocess.before");
$html_process = new html_process();
EventHandler::triggerEvent("gnuboard.htmlprocess.after", $html_process);

7
AvocadoEdition_Light/head.php
View file

@ -2,8 +2,12 @@
if (!defined('_GNUBOARD_'))
exit; // 개별 페이지 접근 불가
EventHandler::triggerEvent("gnuboard.head.before");
if (defined('G5_THEME_PATH') && file_exists(G5_THEME_PATH . "/head.php")) {
include_once G5_THEME_PATH . '/head.php';
EventHandler::triggerEvent("gnuboard.head.after");
return;
}
@ -33,4 +37,5 @@ if ($logo_data)
<?php include_once (G5_PATH . "/menu.php"); ?>
<section id="body">
<div class="fix-layout">
<div class="mid-layout">
<div class="mid-layout"><?php
EventHandler::triggerEvent("gnuboard.head.after");

2
AvocadoEdition_Light/head.sub.php
View file

@ -4,7 +4,7 @@ if (!defined('_GNUBOARD_'))
exit; // 개별 페이지 접근 불가
check_site_auth();
$g5_debug['php']['begin_time'] = $begin_time = get_microtime();
$g5_debug['php']['begin_time'] = $begin_time = microtime(true);
if (!isset($g5['title'])) {
$g5['title'] = $config['cf_title'];

9
AvocadoEdition_Light/lib/cache.lib.php
View file

@ -2,8 +2,8 @@
if (!defined('_GNUBOARD_'))
exit;
include_once(dirname(__FILE__) . '/Cache/obj.class.php');
include_once(dirname(__FILE__) . '/Cache/FileCache.class.php');
include_once dirname(__FILE__) . '/Cache/obj.class.php';
include_once dirname(__FILE__) . '/Cache/FileCache.class.php';
function get_cachemanage_instance()
{
@ -98,8 +98,7 @@ function g5_delete_all_cache()
delete_cache_latest($board_table);
}
run_event('adm_cache_delete', $board_tables);
EventHandler::triggerEvent("gnuboard.admin.cache_delete", $board_tables);
}
function g5_delete_cache_by_prefix($key)
@ -121,5 +120,5 @@ function g5_delete_cache_by_prefix($key)
$files = run_replace('g5_delete_cache_by_prefix', $files, $key, $cache);
return ($files) ? true : false;
return $files ? true : false;
}

78
AvocadoEdition_Light/lib/common.lib.php
View file

@ -108,6 +108,8 @@ function print_r2($var)
// header("location:URL") 을 대체
function goto_url($url)
{
EventHandler::triggerEvent("gnuboard.goto_url", $url);
$url = str_replace("&amp;", "&", $url);
//echo "<script> location.replace('$url'); </script>";
@ -176,8 +178,9 @@ function get_cookie($cookie_name)
// 경고메세지를 경고창으로
function alert($msg = '', $url = '', $error = true, $post = false)
{
global $g5, $config, $member;
global $is_admin;
global $g5, $config, $member, $is_admin;
EventHandler::triggerEvent("gnuboard.alert", $msg, $url, $error, $post);
if (!$msg)
$msg = '올바른 방법으로 이용해 주십시오.';
@ -196,11 +199,14 @@ function alert_close($msg, $error = true)
{
global $g5;
EventHandler::triggerEvent("gnuboard.alert_close", $msg, $error);
$header = '';
if (isset($g5['title'])) {
$header = $g5['title'];
}
include_once(G5_BBS_PATH . '/alert_close.php');
include_once G5_BBS_PATH . '/alert_close.php';
exit;
}
@ -570,21 +576,29 @@ function conv_content($content, $html, $filter = true)
// Open : HTML Purifier is open-source and highly customizable
function html_purifier($html)
{
global $is_admin, $write;
$f = file(G5_PLUGIN_PATH . '/htmlpurifier/safeiframe.txt');
$domains = [];
foreach ($f as $domain) {
// 첫행이 # 이면 주석 처리
if (!preg_match("/^#/", $domain)) {
$domain = trim($domain);
if ($domain)
if ($domain) {
array_push($domains, $domain);
}
}
}
// 내 도메인도 추가
array_push($domains, $_SERVER['HTTP_HOST'] . '/');
$safeiframe = implode('|', $domains);
// 글쓴이가 관리자인 경우에만 현재 사이트 도메인을 허용
if (isset($write) && isset($write['mb_id']) && $write['mb_id'] && is_admin($write['mb_id'])) {
array_push($domains, $_SERVER['HTTP_HOST'] . '/');
}
$safeiframe = implode('|', run_replace('html_purifier_safeiframes', $domains, $html));
include_once(G5_PLUGIN_PATH . '/htmlpurifier/HTMLPurifier.standalone.php');
include_once(G5_PLUGIN_PATH . '/htmlpurifier/extend.video.php');
$config = HTMLPurifier_Config::createDefault();
// data/cache 디렉토리에 CSS, HTML, URI 디렉토리 등을 만든다.
$config->set('Cache.SerializerPath', G5_DATA_PATH . '/cache');
@ -592,10 +606,27 @@ function html_purifier($html)
$config->set('HTML.SafeObject', false);
$config->set('Output.FlashCompat', false);
$config->set('HTML.SafeIframe', true);
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(' . $safeiframe . ')%');
if ((function_exists('check_html_link_nofollow') && check_html_link_nofollow('html_purifier'))) {
$config->set('HTML.Nofollow', true); // rel=nofollow 으로 스팸유입을 줄임
}
$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(' . preg_replace('/\\\?\./', '\.', $safeiframe) . ')%');
$config->set('Attr.AllowedFrameTargets', array('_blank'));
//유튜브, 비메오 전체화면 가능하게 하기
$config->set('Filter.Custom', array(new HTMLPurifier_Filter_Iframevideo()));
/*
* HTMLPurifier 설정을 변경할 있는 Event hook
* 리스너에서는 첫번째 인자($config) `HTMLPurifier_Config` 객체를 받을 있다
*/
EventHandler::triggerEvent("gnuboard.html_purifier_config", $config, [
'html' => $html,
'write' => $write,
'is_admin' => $is_admin
]);
$purifier = new HTMLPurifier($config);
return $purifier->purify($html);
return run_replace('html_purifier_result', $purifier->purify($html), $purifier, $html);
}
@ -1568,6 +1599,9 @@ function sql_query($sql, $error = G5_DISPLAY_SQL_ERROR, $link = null)
$result = @mysql_query($sql, $link);
}
}
EventHandler::triggerEvent("gnuboard.sql_query_after", $result, $sql, $error);
return $result;
}
@ -2283,6 +2317,8 @@ function delete_cache_latest($bo_table)
foreach ($files as $filename)
unlink($filename);
}
EventHandler::triggerEvent("gnuboard.delete_cache_latest", $bo_table);
}
// 게시판 첨부파일 썸네일 삭제
@ -2321,6 +2357,8 @@ function delete_editor_thumbnail($contents)
if (!$contents)
return;
EventHandler::triggerEvent("gnuboard.delete_editor_thumbnail_before", $contents);
// $contents 중 img 태그 추출
$matchs = get_editor_image($contents);
@ -2340,6 +2378,8 @@ function delete_editor_thumbnail($contents)
unlink($filename);
}
}
EventHandler::triggerEvent("gnuboard.delete_editor_thumbnail_after", $contents, $matchs);
}
// 1:1문의 첨부파일 썸네일 삭제
@ -3060,6 +3100,24 @@ function clean_xss_attributes($str)
return $str;
}
function clean_relative_paths($path)
{
$path_len = strlen($path);
$i = 0;
while ($i <= $path_len) {
$result = str_replace('../', '', str_replace('\\', '/', $path));
if ((string) $result === (string) $path)
break;
$path = $result;
$i++;
}
return $path;
}
// unescape nl 얻기
function conv_unescape_nl($str)
{
@ -3115,6 +3173,8 @@ function member_delete($mb_id)
// 아이콘 삭제
@unlink(G5_DATA_PATH . '/member/' . substr($mb_id, 0, 2) . '/' . $mb_id . '.gif');
EventHandler::triggerEvent("gnuboard.member_delete_after", $mb_id);
}
// 이메일 주소 추출

63
AvocadoEdition_Light/lib/mailer.lib.php
View file

@ -2,7 +2,7 @@
if (!defined('_GNUBOARD_'))
exit;
include_once(G5_PHPMAILER_PATH . '/PHPMailerAutoload.php');
include_once G5_PHPMAILER_PATH . '/PHPMailerAutoload.php';
// 메일 보내기 (파일 여러개 첨부 가능)
// type : text=0, html=1, text+html=2
@ -18,30 +18,49 @@ function mailer($fname, $fmail, $to, $subject, $content, $type = 0, $file = "",
if ($type != 1)
$content = nl2br($content);
$mail = new PHPMailer(); // defaults to using php "mail()"
if (defined('G5_SMTP') && G5_SMTP) {
$mail->IsSMTP(); // telling the class to use SMTP
$mail->Host = G5_SMTP; // SMTP server
if (defined('G5_SMTP_PORT') && G5_SMTP_PORT)
$mail->Port = G5_SMTP_PORT;
$result = run_replace('mailer', $fname, $fmail, $to, $subject, $content, $type, $file, $cc, $bcc);
if (is_array($result) && isset($result['return'])) {
return $result['return'];
}
$mail->CharSet = 'UTF-8';
$mail->From = $fmail;
$mail->FromName = $fname;
$mail->Subject = $subject;
$mail->AltBody = ""; // optional, comment out and test
$mail->msgHTML($content);
$mail->addAddress($to);
if ($cc)
$mail->addCC($cc);
if ($bcc)
$mail->addBCC($bcc);
//print_r2($file); exit;
if ($file != "") {
foreach ($file as $f) {
$mail->addAttachment($f['path'], $f['name']);
$mail_send_result = false;
try {
$mail = new PHPMailer(); // defaults to using php "mail()"
if (defined('G5_SMTP') && G5_SMTP) {
$mail->IsSMTP(); // telling the class to use SMTP
$mail->Host = G5_SMTP; // SMTP server
if (defined('G5_SMTP_PORT') && G5_SMTP_PORT)
$mail->Port = G5_SMTP_PORT;
}
$mail->CharSet = 'UTF-8';
$mail->From = $fmail;
$mail->FromName = $fname;
$mail->Subject = $subject;
$mail->AltBody = ""; // optional, comment out and test
$mail->msgHTML($content);
$mail->addAddress($to);
if ($cc)
$mail->addCC($cc);
if ($bcc)
$mail->addBCC($bcc);
//print_r2($file); exit;
if ($file != "") {
foreach ($file as $f) {
$mail->addAttachment($f['path'], $f['name']);
}
}
$mail = run_replace('mail_options', $mail, $fname, $fmail, $to, $subject, $content, $type, $file, $cc, $bcc);
$mail_send_result = $mail->send();
} catch (Exception $e) {
}
EventHandler::triggerEvent("gnuboard.mail_send_result", $mail_send_result, $mail, $to, $cc, $bcc);
return $mail->send();
}

2
AvocadoEdition_Light/lib/thumbnail.lib.php
View file

@ -793,7 +793,7 @@ function is_animated_gif($filename)
$cache[$key] = ($count > 1) ? true : false;
run_event('is_animated_gif_after', $filename, $cache[$key]);
EventHandler::triggerEvent("gnuboard.is_animated_gif_after", $filename, $cache[$key]);
return $cache[$key];
}

62
AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/config.php
View file

@ -11,13 +11,13 @@ define("CHE_UPLOAD_IMG_CHECK", 1); // 이미지 파일을 썸네일 할수 있
# data/editor 디렉토리가 없는 경우가 있을수 있으므로 디렉토리를 생성하는 코드를 추가함. kagla 140305
@mkdir(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH.'/'.G5_EDITOR_DIR, G5_DIR_PERMISSION);
@mkdir(G5_DATA_PATH . '/' . G5_EDITOR_DIR, G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH . '/' . G5_EDITOR_DIR, G5_DIR_PERMISSION);
$ym = date('ym', G5_SERVER_TIME);
$data_dir = G5_DATA_PATH.'/'.G5_EDITOR_DIR.'/'.$ym;
$data_url = G5_DATA_URL.'/'.G5_EDITOR_DIR.'/'.$ym;
$data_dir = G5_DATA_PATH . '/' . G5_EDITOR_DIR . '/' . $ym;
$data_url = G5_DATA_URL . '/' . G5_EDITOR_DIR . '/' . $ym;
define("SAVE_DIR", $data_dir);
@ -29,42 +29,46 @@ define("SAVE_DIR", $data_dir);
define("SAVE_URL", $data_url);
function che_get_user_id() {
global $member;
function che_get_user_id()
{
global $member;
if(session_id() == '') {
@session_start();
}
if (session_id() == '') {
@session_start();
}
$add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
return session_id().$add_str;
$add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
return session_id() . $add_str;
}
function che_get_file_passname(){
$tmp_name = che_get_user_id().$_SERVER['REMOTE_ADDR'];
$tmp_name = md5(sha1($tmp_name));
return $tmp_name;
function che_get_file_passname()
{
$tmp_name = che_get_user_id() . $_SERVER['REMOTE_ADDR'];
$tmp_name = md5(sha1($tmp_name));
return $tmp_name;
}
function che_generateRandomString($length = 4) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
function che_generateRandomString($length = 4)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
function che_replace_filename($filename){
function che_replace_filename($filename)
{
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$random_str = che_generateRandomString(4);
$random_str = che_generateRandomString(4);
$passname = che_get_file_passname();
$passname = che_get_file_passname();
$file_arr = explode('_', $filename);
$file_arr = explode('_', $filename);
return $file_arr[0].'_'.$passname.'_'.$random_str.'.'.$ext;
return $file_arr[0] . '_' . $passname . '_' . $random_str . '.' . $ext;
}

44
AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/delete.php
View file

@ -1,51 +1,51 @@
<?php
require_once("config.php");
require_once "config.php";
if(!function_exists('ft_nonce_is_valid')){
include_once "../editor.lib.php";
if (!function_exists('ft_nonce_is_valid')) {
include_once "../editor.lib.php";
}
$filesrc = isset($_POST["filesrc"]) ? preg_replace("/[ #\&\+\-%@=\/\\\:;,\'\"\^`~|\!\?\*$#<>()\[\]\{\}]/", "", $_POST["filesrc"]) : '';
if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){
die( false );
if (!$filesrc || !preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || !preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc)) {
die(false);
}
$is_editor_upload = false;
$get_nonce = get_session('nonce_'.FT_NONCE_SESSION_KEY);
$get_nonce = get_session('nonce_' . FT_NONCE_SESSION_KEY);
if( $get_nonce && ft_nonce_is_valid( $get_nonce, 'cheditor' ) ){
$is_editor_upload = true;
if ($get_nonce && ft_nonce_is_valid($get_nonce, 'cheditor')) {
$is_editor_upload = true;
}
if( !$is_editor_upload ){
die( false );
if (!$is_editor_upload) {
die(false);
}
// ---------------------------------------------------------------------------
$file_arr = explode('_', $filesrc );
$file_arr = explode('_', $filesrc);
if( $file_arr[1] !== che_get_file_passname() ){
die( false );
if ($file_arr[1] !== che_get_file_passname()) {
die(false);
}
$filepath = SAVE_DIR . '/' . $filesrc;
$r = false;
if( function_exists('run_event') ){
run_event('delete_editor_file', $filepath, $r);
if (class_exists('EventHandler') && method_exists('EventHandler', 'triggerEvent')) {
EventHandler::triggerEvent("gnuboard.delete_editor_file", $filepath, $r);
}
if (file_exists($filepath)) {
$r = unlink($filepath);
if ($r) {
$thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . "thumb_" . basename($filepath);
if (file_exists($thumbPath)) {
unlink($thumbPath);
}
}
$r = unlink($filepath);
if ($r) {
$thumbPath = dirname($filepath) . DIRECTORY_SEPARATOR . "thumb_" . basename($filepath);
if (file_exists($thumbPath)) {
unlink($thumbPath);
}
}
}
echo $r ? true : false;

8
AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php
View file

@ -1,8 +1,8 @@
<?php
require_once("config.php");
require_once "config.php";
if (!function_exists('ft_nonce_is_valid')) {
include_once('../editor.lib.php');
include_once '../editor.lib.php';
}
if (!function_exists('che_reprocessImage')) {
@ -70,7 +70,9 @@ if (!$is_editor_upload) {
exit;
}
run_event('cheditor_photo_upload', $data_dir, $data_url);
if (class_exists('EventHandler') && method_exists('EventHandler', 'triggerEvent')) {
EventHandler::triggerEvent("gnuboard.cheditor_photo_upload", $data_dir, $data_url);
}
//----------------------------------------------------------------------------
//

4
AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
View file

@ -1548,8 +1548,8 @@ class UploadHandler
$file_path = $this->get_upload_path($file_name);
$success = is_file($file_path) && $file_name[0] !== '.' && unlink($file_path);
if (function_exists('run_event')) {
run_event('delete_editor_file', $file_path, $success);
if (class_exists('EventHandler') && method_exists('EventHandler', 'triggerEvent')) {
EventHandler::triggerEvent("gnuboard.delete_editor_file", $file_path, $success);
}
if ($success) {

11
AvocadoEdition_Light/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
View file

@ -42,20 +42,19 @@ if (isset($_GET['_nonce']) && ft_nonce_is_valid($_GET['_nonce'], 'smarteditor'))
if ($is_editor_upload) {
run_event('smarteditor_photo_upload', $data_dir, $data_url);
EventHandler::triggerEvent("gnuboard.smarteditor_photo_upload", $data_dir, $data_url);
require('UploadHandler.php');
$options = array(
require 'UploadHandler.php';
$options = [
'upload_dir' => $data_dir,
'upload_url' => $data_url,
// This option will disable creating thumbnail images and will not create that extra folder.
// However, due to this, the images preview will not be displayed after upload
'image_versions' => []
);
];
$upload_handler = new UploadHandler($options);
} else {
echo json_encode(array('files' => array('0' => array('error' => $_GET['_nonce']))));
echo json_encode(['files' => ['0' => ['error' => $_GET['_nonce']]]]);
exit;
}

6
AvocadoEdition_Light/tail.php
View file

@ -2,8 +2,12 @@
if (!defined('_GNUBOARD_'))
exit;
EventHandler::triggerEvent("gnuboard.tail.before");
if (defined('G5_THEME_PATH') && file_exists(G5_THEME_PATH . "/tail.php")) {
include_once G5_THEME_PATH . '/tail.php';
EventHandler::triggerEvent("gnuboard.tail.after");
return;
}
@ -19,4 +23,6 @@ if (defined('G5_THEME_PATH') && file_exists(G5_THEME_PATH . "/tail.php")) {
<script src="<?php echo G5_JS_URL ?>/swiper.js"></script>
<script src="<?php echo G5_JS_URL ?>/_custom.js"></script>
<?php
EventHandler::triggerEvent("gnuboard.tail.after");
include_once G5_PATH . "/tail.sub.php";

2
AvocadoEdition_Light/tail.sub.php
View file

@ -3,6 +3,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
unset($mb);
unset($row);
unset($row2);
EventHandler::triggerEvent("gnuboard.tail_sub");
?>
</body>
</html>