그누보드

multi_latest

헤롱헤롱이 2020. 5. 15. 15:13

latest.lib.php 추가

 

function latest_multi($skin_dir='', $bo_table_multy, $rows=10, $subject_len=40)

{

    global $g5;

      

      $findMulti = stripos($bo_table_multy,"|");

      if($findMulti){

            $tableExp = explode("|", $bo_table_multy);

      }

    if (!$skin_dir) $skin_dir = 'basic';

    if(preg_match('#^theme/(.+)$#', $skin_dir, $match)) {

        if (G5_IS_MOBILE) {

            $latest_skin_path = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];

            if(!is_dir($latest_skin_path))

                $latest_skin_path = G5_THEME_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];

            $latest_skin_url = str_replace(G5_PATH, G5_URL, $latest_skin_path);

        } else {

            $latest_skin_path = G5_THEME_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];

            $latest_skin_url = str_replace(G5_PATH, G5_URL, $latest_skin_path);

        }

        $skin_dir = $match[1];

    } else {

        if(G5_IS_MOBILE) {

            $latest_skin_path = G5_MOBILE_PATH.'/'.G5_SKIN_DIR.'/latest/'.$skin_dir;

            $latest_skin_url  = G5_MOBILE_URL.'/'.G5_SKIN_DIR.'/latest/'.$skin_dir;

        } else {

            $latest_skin_path = G5_SKIN_PATH.'/latest/'.$skin_dir;

            $latest_skin_url  = G5_SKIN_URL.'/latest/'.$skin_dir;

        }

    }

      for($i=0; $i<count($tableExp); $i++){

          if($i==0){

              $union = "(SELECT `wr_id`, `wr_subject`, `wr_datetime`, '{$tableExp[$i]}' as 'bo_table' FROM `g5_write_{$tableExp[$i]}` where `wr_is_comment`!='1')";

          }else{

              $union .= "UNION ALL (SELECT `wr_id`, `wr_subject`, `wr_datetime`, '{$tableExp[$i]}' as 'bo_table' FROM `g5_write_{$tableExp[$i]}` where `wr_is_comment`!='1')";

          }

      }

      $union .=" order by `wr_datetime` DESC LIMIT 0,{$rows};";

      

      $aa = sql_query2_multi($union);

      $i=0;

      while($aabb = sql_fetch_array($aa)){

          $list[$i]['wr_id'] = $aabb['wr_id'];

          $list[$i]['subject'] = $aabb['wr_subject'];

          $list[$i]['subject'] = mb_substr($list[$i]['subject'],0,$subject_len,"utf-8");

          $list[$i]['wr_subject'] = $aabb['wr_subject'];

          $list[$i]['bo_table'] = $aabb['bo_table'];

          $list[$i]['href'] = "/bbs/board.php?bo_table={$aabb['bo_table']}&wr_id={$aabb['wr_id']}";

          $i++;

      }

 

      ob_start();

    include $latest_skin_path.'/latest.skin.php';

    $content = ob_get_contents();

      ob_end_clean();

      return $content;

}

function sql_query2_multi($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null)

{

    global $g5;

   

    if(!$link)

        $link = $g5['connect_db'];

       

        // Blind SQL Injection 취약점 해결

        $sql = trim($sql);

        // union의 사용을 허락하지 않습니다.

        //$sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);

        //$sql = preg_replace("#^select.*from.*[\s\(]+union[\s\)]+.*#i ", "select 1", $sql);

        // `information_schema` DB로의 접근을 허락하지 않습니다.

        $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);

       

        if(function_exists('mysqli_query') && G5_MYSQLI_USE) {

            if ($error) {

                $result = @mysqli_query($link, $sql) or die("<p>$sql<p>" . mysqli_errno($link) . " : " .  mysqli_error($link) . "<p>error file : {$_SERVER['SCRIPT_NAME']}");

            } else {

                $result = @mysqli_query($link, $sql);

            }

        } else {

            if ($error) {

                $result = @mysql_query($sql, $link) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['SCRIPT_NAME']}");

            } else {

                $result = @mysql_query($sql, $link);

            }

        }

       

        return $result;

}

 

저작자표시 (새창열림)