/** * KBoard 워드프레스 게시판 페이지 출력 함수 * @link www.cosmosfarm.com * @copyright Copyright 2013 Cosmosfarm. All rights reserved. * @license http://www.gnu.org/licenses/gpl.html */ function kboard_pagination($current_page, $total, $limit) { foreach ($_GET as $key => $value) { if ($key != 'pageid' && $value) { $query_strings[] = urlencode(kboard_xssfilter(kboard_htmlclear(trim($key)))) . '=' . urlencode(kboard_xssfilter(kboard_htmlclear(trim($value)))); } } if (isset($query_strings) && $query_strings) { $query_strings = '&' . implode('&', $query_strings); } else { $query_strings = ''; } $sliding_size = 10; $total_page = ceil($total / $limit); $paging = ''; $i = 0; if ($current_page > $sliding_size) { $i = $current_page - $current_page % $sliding_size; } // offset은 윈도의 마지막 페이지 번호다. $offset = $i + $sliding_size; // 윈도의 시작 $i 부터, 윈도우 마지막 까지 출력한다. for ($i; $i < $offset && $i < $total_page; $i++) { $page_name = $i + 1; // 링크는 적당히 수정 if ($current_page != $page_name) { $paging .= "<li><a href=\"?pageid={$page_name}{$query_strings}\">{$page_name}</a></li>"; } else { $paging .= "<li class=\"active\"><a href=\"?pageid={$page_name}{$query_strings}\">{$page_name}</a></li>"; } } // 좌우 이동 화살표 «, »를 출력한다. // 처음과 마지막 페이지가 아니라면 링크를 걸어주면 된다. if ($current_page != 1) { $prev_page = $current_page - 1; $paging = "<li><a href=\"?pageid={$prev_page}{$query_strings}\">«</a></li>{$paging}"; } if ($current_page != $total_page) { $next_page = $current_page + 1; $paging = "{$paging}<li><a href=\"?pageid={$next_page}{$query_strings}\">»</a></li>"; } return $total ? $paging : '<li class="active"><a href="#" onclick="return false;">1</a></li>'; }
public function __construct($board_id = '') { $_GET['uid'] = intval($_GET['uid']); $_GET['parent_uid'] = intval($_GET['parent_uid']); $_GET['pageid'] = intval($_GET['pageid']); $_GET['mod'] = kboard_xssfilter(kboard_htmlclear($_GET['mod'])); $_GET['category1'] = kboard_xssfilter(kboard_htmlclear($_GET['category1'])); $_GET['category2'] = kboard_xssfilter(kboard_htmlclear($_GET['category2'])); $_GET['keyword'] = kboard_xssfilter(kboard_htmlclear($_GET['keyword'])); $_GET['target'] = kboard_xssfilter(kboard_htmlclear($_GET['target'])); $_POST['uid'] = intval($_POST['uid']); $_POST['mod'] = kboard_xssfilter(kboard_htmlclear($_POST['mod'])); $uid = $_GET['uid'] ? $_GET['uid'] : $_POST['uid']; $mod = $_GET['mod'] ? $_GET['mod'] : $_POST['mod']; $this->mod = in_array($mod, array('list', 'document', 'editor', 'remove')) ? $mod : apply_filters('kboard_default_build_mod', 'list'); $this->category1 = $_GET['category1']; $this->category2 = $_GET['category2']; $this->uid = $uid; $this->skin = 'default'; if ($board_id) { $this->setBoardID($board_id); } }
public function __construct($board_id = '') { $_GET['uid'] = isset($_GET['uid']) ? intval($_GET['uid']) : ''; $_GET['parent_uid'] = isset($_GET['parent_uid']) ? intval($_GET['parent_uid']) : ''; $_GET['pageid'] = isset($_GET['pageid']) ? intval($_GET['pageid']) : ''; $_GET['mod'] = isset($_GET['mod']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['mod']))) : ''; $_GET['category1'] = isset($_GET['category1']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['category1']))) : ''; $_GET['category2'] = isset($_GET['category2']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['category2']))) : ''; $_GET['keyword'] = isset($_GET['keyword']) ? addslashes(str_replace(array('/', '\\', '"', '\'', ':', '+', '-', '=', '`', '[', ']', '{', '}', '(', ')', '<', '>'), '', kboard_xssfilter(kboard_htmlclear($_GET['keyword'])))) : ''; $_GET['target'] = isset($_GET['target']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['target']))) : ''; $_GET['kboard_id'] = isset($_GET['kboard_id']) ? intval($_GET['kboard_id']) : ''; $_POST['uid'] = isset($_POST['uid']) ? intval($_POST['uid']) : ''; $_POST['mod'] = isset($_POST['mod']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_POST['mod']))) : ''; $uid = $_GET['uid'] ? $_GET['uid'] : $_POST['uid']; $mod = $_GET['mod'] ? $_GET['mod'] : $_POST['mod']; $this->mod = in_array($mod, array('list', 'document', 'editor', 'remove')) ? $mod : apply_filters('kboard_default_build_mod', 'list', $board_id); $this->category1 = $_GET['category1']; $this->category2 = $_GET['category2']; $this->uid = $uid; $this->skin = 'default'; if ($board_id) { $this->setBoardID($board_id); } }
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host']; } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = intval($_GET['uid']); if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = addslashes($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (!strstr($referer, basename(__FILE__))) { $_SESSION['redirect_uri'] = $referer; } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID());
/** * 댓글 정보를 입력한다. * @param int $parent_uid * @param int $user_uid * @param string $user_display * @param string $content * @param string $password */ public function add($parent_uid, $user_uid, $user_display, $content, $password = '') { global $wpdb; $content_uid = $this->content_uid; $parent_uid = intval($parent_uid); $user_uid = intval($user_uid); $user_display = addslashes(kboard_xssfilter(kboard_htmlclear(trim($user_display)))); $content = addslashes(kboard_xssfilter(trim($content))); $password = addslashes(kboard_xssfilter(kboard_htmlclear(trim($password)))); $created = current_time('YmdHis'); $wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_comments` (`content_uid`, `parent_uid`, `user_uid`, `user_display`, `content`, `created`, `password`) VALUE ('{$content_uid}', '{$parent_uid}', '{$user_uid}', '{$user_display}', '{$content}', '{$created}', '{$password}')"); $insert_id = $wpdb->insert_id; // 댓글 숫자를 게시물에 등록한다. $wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `comment`=`comment`+1 WHERE `uid`='" . $content_uid . "'"); // 댓글 입력 액션 훅 실행 do_action('kboard_comments_insert', $insert_id, $content_uid); return $insert_id; }
<?php list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); include $path . DIRECTORY_SEPARATOR . 'wp-load.php'; header("Content-Type: text/html; charset=UTF-8"); if (!stristr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = intval($_GET['uid']); $file = addslashes(kboard_xssfilter(kboard_htmlclear(trim($_GET['file'])))); if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); $board = new KBoard($content->board_id); if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID) { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url() . '";</script>'); } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $name = $file_info->file_name; if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } header('Content-type: ' . kboard_mime_type($path));
/** * 게시글의 옵션을 업데이트한다. (입력/수정/삭제) * @param int $uid */ function update_options($uid) { global $wpdb; foreach ($_REQUEST as $key => $value) { if (strstr($key, $this->skin_option_prefix)) { $key = addslashes(kboard_htmlclear(str_replace($this->skin_option_prefix, '', $key))); $value = addslashes(kboard_xssfilter(trim($value))); $present_value = $wpdb->get_var("SELECT `option_value` FROM `{$wpdb->prefix}kboard_board_option` WHERE `option_key`='{$key}' AND `content_uid`='{$uid}'"); if ($present_value) { $this->_update_option($uid, $key, $value); } else { $this->_insert_option($uid, $key, $value); } } } $this->_remove_empty_option(); }
/** * INPUT으로 반환한다. * @return string */ public function toInput() { foreach ($this->data as $key => $value) { if ($value) { $input[] = '<input type="hidden" name="' . kboard_xssfilter(kboard_htmlclear(trim($key))) . '" value="' . kboard_xssfilter(kboard_htmlclear(trim($value))) . '">'; } } $this->init(); return @implode('', $input); }
/** * 첨부파일 다운로드 */ public function fileDownload() { global $wpdb; header('X-Robots-Tag: noindex', true); // 검색엔진 수집 금지 header('Content-Type: text/html; charset=UTF-8'); $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : ''); } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = esc_sql($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $board->permission_read == 'author') { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>'); } else { if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) { if (!$board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if (!$board->isReader($parent->member_uid, $content->secret)) { if (!$board->isConfirm($parent->password, $parent->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $filename = str_replace(' ', '-', $file_info->file_name); if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (get_option('kboard_attached_copy_download')) { $unique_dir = uniqid(); $upload_dir = wp_upload_dir(); $temp_path = $upload_dir['basedir'] . '/kboard_temp'; $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->deleteWithOvertime($temp_path, 60); $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}"); copy($path, "{$temp_path}/{$unique_dir}/{$filename}"); header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}"); } else { $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false); if ($ie) { $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename); } header('Content-type: ' . kboard_mime_type($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . sprintf('%d', filesize($path))); header('Expires: 0'); if ($ie) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); } $fp = fopen($path, 'rb'); fpassthru($fp); fclose($fp); } exit; }
/** * 게시글의 옵션을 업데이트한다. (입력/수정/삭제) */ function updateOptions() { global $wpdb; if ($this->uid) { foreach ($_POST as $key => $value) { if (strpos($key, $this->skin_option_prefix) !== false) { $key = esc_sql(kboard_htmlclear(str_replace($this->skin_option_prefix, '', $key))); $value = esc_sql(kboard_xssfilter(trim($value))); $wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_board_option` (`content_uid`, `option_key`, `option_value`) VALUE ('{$this->uid}', '{$key}', '{$value}') ON DUPLICATE KEY UPDATE `option_value`='{$value}'"); } } $wpdb->query("DELETE FROM `{$wpdb->prefix}kboard_board_option` WHERE `content_uid`='{$this->uid}' AND `option_value`=''"); } }