PHP81버전 대응 충돌수정

Author: thisgun

bbs/login_check.php

@@ -64,6 +64,8 @@
 set_session('ss_mb_id', $mb['mb_id']);
 // FLASH XSS 공격에 대응하기 위하여 회원의 고유키를 생성해 놓는다. 관리자에서 검사함 - 110106
 set_session('ss_mb_key', md5($mb['mb_datetime'] . get_real_client_ip() . $_SERVER['HTTP_USER_AGENT']));
+// 회원의 토큰키를 세션에 저장한다. /common.php 에서 해당 회원의 토큰값을 검사한다.
+if(function_exists('update_auth_session_token')) update_auth_session_token($mb['mb_datetime']);
 
 // 포인트 체크
 if($config['cf_use_point']) {

bbs/register_form_update.php

@@ -304,8 +304,10 @@
     }
 
     // 메일인증 사용하지 않는 경우에만 로그인
-    if (!$config['cf_use_email_certify'])
+    if (!$config['cf_use_email_certify']) {
         set_session('ss_mb_id', $mb_id);
+        if(function_exists('update_auth_session_token')) update_auth_session_token(G5_TIME_YMDHIS);
+    }
 
     set_session('ss_mb_reg', $mb_id);
 

bbs/write_update.php

@@ -222,7 +222,7 @@
 $wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id);
 
 $options = array($html,$secret,$mail);
-$wr_option = implode(',', array_filter($options, function($v) { return trim($v); }));
+$wr_option = implode(',', array_filter(array_map('trim', $options)));
 
 if ($w == '' || $w == 'r') {
 

common.php

@@ -208,7 +208,8 @@ function sql_escape_string($str)
 @ini_set("session.use_trans_sid", 0);    // PHPSESSID를 자동으로 넘기지 않음
 @ini_set("url_rewriter.tags",""); // 링크에 PHPSESSID가 따라다니는것을 무력화함 (해뜰녘님께서 알려주셨습니다.)
 
-session_save_path(G5_SESSION_PATH);
+// 세션파일 저장 디렉토리를 지정할 경우
+// session_save_path(G5_SESSION_PATH);
 
 if (isset($SESSION_CACHE_LIMITER))
     @session_cache_limiter($SESSION_CACHE_LIMITER);
@@ -232,8 +233,15 @@ function chrome_domain_session_name(){
     '.maru.net',    // 마루호스팅
     );
 
-    if(isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){  // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다.
-        if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5PHPSESSID');
+    $add_str = '';
+    $document_root_path = str_replace('\\', '/', realpath($_SERVER['DOCUMENT_ROOT']));
+
+    if( G5_PATH !== $document_root_path ){
+        $add_str = substr_count(G5_PATH, '/').basename(dirname(__FILE__));
+    }
+
+    if($add_str || (isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])) ){  // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다.
+        if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5'.$add_str.'PHPSESSID');
         @session_name(G5_SESSION_NAME);
     }
 }
@@ -243,8 +251,18 @@ function chrome_domain_session_name(){
 if( ! class_exists('XenoPostToForm') ){
     class XenoPostToForm
     {
+        public static function g5_session_name(){
+            return (defined('G5_SESSION_NAME') && G5_SESSION_NAME) ? G5_SESSION_NAME : 'PHPSESSID';
+        }
+
+        public static function php52_request_check(){
+            $cookie_session_name = self::g5_session_name();
+            if (isset($_REQUEST[$cookie_session_name]) && $_REQUEST[$cookie_session_name] != session_id())
+                goto_url(G5_BBS_URL.'/logout.php');
+        }
+
         public static function check() {
-            $cookie_session_name = (defined('G5_SESSION_NAME') && G5_SESSION_NAME) ? G5_SESSION_NAME : 'PHPSESSID'; 
+            $cookie_session_name = self::g5_session_name(); 
 
             return !isset($_COOKIE[$cookie_session_name]) && count($_POST) && ((isset($_SERVER['HTTP_REFERER']) && !preg_match('~^https://'.preg_quote($_SERVER['HTTP_HOST'], '~').'/~', $_SERVER['HTTP_REFERER']) || ! isset($_SERVER['HTTP_REFERER']) ));
         }
@@ -351,8 +369,9 @@ function session_start_samesite($options = array())
 
             $headers = headers_list();
             krsort($headers);
+            $cookie_session_name = method_exists('XenoPostToForm', 'g5_session_name') ? XenoPostToForm::g5_session_name() : 'PHPSESSID'; 
             foreach ($headers as $header) {
-                if (!preg_match('~^Set-Cookie: PHPSESSID=~', $header)) continue;
+                if (!preg_match('~^Set-Cookie: '.$cookie_session_name.'=~', $header)) continue;
                 $header = preg_replace('~; secure(; HttpOnly)?$~', '', $header) . '; secure; SameSite=None';
                 header($header, false);
                 $g5['session_cookie_samesite'] = 'none';
@@ -375,9 +394,8 @@ function session_start_samesite($options = array())
 define('G5_CAPTCHA_URL',    G5_PLUGIN_URL.'/'.G5_CAPTCHA_DIR);
 define('G5_CAPTCHA_PATH',   G5_PLUGIN_PATH.'/'.G5_CAPTCHA_DIR);
 
-// 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다.
-if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id())
-    goto_url(G5_BBS_URL.'/logout.php');
+// 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다. php5.2 버전 이하에서만 해당되는 코드이며, 오히려 무한리다이렉트 오류가 일어날수 있으므로 주석처리합니다.
+// if( method_exists('XenoPostToForm', 'php52_request_check') ) XenoPostToForm::php52_request_check();
 
 // QUERY_STRING
 $qstr = '';
@@ -497,8 +515,8 @@ function session_start_samesite($options = array())
 if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이라면
     $member = get_member($_SESSION['ss_mb_id']);
 
-    // 차단된 회원이면 ss_mb_id 초기화
-    if($member['mb_intercept_date'] && $member['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) {
+    // 차단된 회원이면 ss_mb_id 초기화, 또는 세션에 저장된 회원 토큰값을 비교하여 틀리면 초기화
+    if( ($member['mb_intercept_date'] && $member['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) || (function_exists('check_auth_session_token') && !check_auth_session_token($member['mb_datetime'])) ) {
         set_session('ss_mb_id', '');
         $member = array();
     } else {
@@ -521,7 +539,7 @@ function session_start_samesite($options = array())
         $tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
         // 최고관리자는 자동로그인 금지
         if (strtolower($tmp_mb_id) !== strtolower($config['cf_admin'])) {
-            $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
+            $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify, mb_datetime from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
             $row = sql_fetch($sql);
             if($row['mb_password']){
                 $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['SERVER_SOFTWARE'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
@@ -534,6 +552,7 @@ function session_start_samesite($options = array())
                         (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify'])) ) {
                         // 세션에 회원아이디를 저장하여 로그인으로 간주
                         set_session('ss_mb_id', $tmp_mb_id);
+                        if(function_exists('update_auth_session_token')) update_auth_session_token($row['mb_datetime']);
 
                         // 페이지를 재실행
                         echo "<script type='text/javascript'> window.location.reload(); </script>";

install/install_db.php

@@ -570,6 +570,7 @@
 fwrite($f, "define('G5_MYSQL_DB', '".addcslashes($mysql_db, "\\'")."');\n");
 fwrite($f, "define('G5_MYSQL_SET_MODE', {$mysql_set_mode});\n\n");
 fwrite($f, "define('G5_TABLE_PREFIX', '{$table_prefix}');\n\n");
+fwrite($f, "define('G5_TOKEN_ENCRYPTION_KEY', '".get_random_token_string(16)."'); // 토큰 암호화에 사용할 키\n\n");
 fwrite($f, "\$g5['write_prefix'] = G5_TABLE_PREFIX.'write_'; // 게시판 테이블명 접두사\n\n");
 fwrite($f, "\$g5['auth_table'] = G5_TABLE_PREFIX.'auth'; // 관리권한 설정 테이블\n");
 fwrite($f, "\$g5['config_table'] = G5_TABLE_PREFIX.'config'; // 기본환경 설정 테이블\n");
@@ -649,6 +650,7 @@
 Order allow,deny
 Deny from all
 </FilesMatch>
+RedirectMatch 403 /session/.*
 EOD;
 fwrite($f, $str);
 fclose($f);

lib/Cache/obj.class.php

@@ -6,7 +6,7 @@
     public $contents = array();
     public $etcs = array();
 
-	function get($type, $key, $group ='default') {
+    function get($type, $key, $group ='default') {
 
         switch ($type) {
             case 'bbs':
@@ -28,10 +28,10 @@ function get($type, $key, $group ='default') {
         }
 
         return false;
-	}
+    }
+
+    function exists($type, $key, $group = 'default' ) {
 
-	function exists($type, $key, $group = 'default' ) {
-        
         $return_data = '';
 
         switch ($type) {
@@ -47,9 +47,9 @@ function exists($type, $key, $group = 'default' ) {
         }
 
         return isset($datas[$group]) && ( isset($datas[$group][$key]) || array_key_exists($key, $datas[$group]) );
-	}
+    }
 
-	function set($type, $key, $data=array(), $group='default') {
+    function set($type, $key, $data=array(), $group='default') {
         if ( is_object( $data ) )
             $data = clone $data;
 
@@ -65,10 +65,10 @@ function set($type, $key, $data=array(), $group='default') {
                 break;
         }
 
-	}
+    }
 
     function delete($key, $group='default') {
-        switch ($type) {
+        switch ($key) {
             case 'bbs':
                 $datas = $this->writes;
                 break;

lib/common.lib.php

@@ -3924,6 +3924,38 @@ function is_include_path_check($path='', $is_input='')
     return true;
 }
 
+function check_auth_session_token($str=''){
+    if (get_session('ss_mb_token_key') === get_token_encryption_key($str)) {
+        return true;
+    }
+    return false;
+}
+
+function update_auth_session_token($str=''){
+    set_session('ss_mb_token_key', get_token_encryption_key($str));
+}
+
+function get_token_encryption_key($str=''){
+    $token = G5_TABLE_PREFIX.(defined('G5_SHOP_TABLE_PREFIX') ? G5_SHOP_TABLE_PREFIX : '').(defined('G5_TOKEN_ENCRYPTION_KEY') ? G5_TOKEN_ENCRYPTION_KEY : '').$str;
+
+    return md5($token);
+}
+
+function get_random_token_string($length=6)
+{
+    if(function_exists('random_bytes')){
+        return bin2hex(random_bytes($length));
+    }
+
+    $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+    $characters_length = strlen($characters);
+    $output = '';
+    for ($i = 0; $i < $length; $i++)
+        $output .= $characters[rand(0, $characters_length - 1)];
+
+    return bin2hex($output);
+}
+
 function filter_input_include_path($path){
     return str_replace('//', '/', $path);
 }

plugin/PHPMailer/composer.json

@@ -274,9 +274,15 @@ function chk_captcha()
         return false;
     }
 
-    if (!isset($_POST['captcha_key'])) return false;
-    if (!trim($_POST['captcha_key'])) return false;
-    if ($_POST['captcha_key'] != get_session('ss_captcha_key')) {
+    $post_captcha_key = (isset($_POST['captcha_key']) && $_POST['captcha_key']) ? trim($_POST['captcha_key']) : '';
+    if (!trim($post_captcha_key)) return false;
+
+    if( $post_captcha_key && function_exists('get_string_encrypt') ){
+        $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
+        $post_captcha_key = get_string_encrypt($ip.$post_captcha_key);
+    }
+
+    if ($post_captcha_key != get_session('ss_captcha_key')) {
         $_SESSION['ss_captcha_count'] = $captcha_count + 1;
         return false;
     }

plugin/PHPMailer/composer.lock

@@ -3,6 +3,11 @@
 include_once('captcha.lib.php');
 
 $captcha = new KCAPTCHA();
-$captcha->setKeyString(get_session("ss_captcha_key"));
+$ss_captcha_key = get_session("ss_captcha_key");
+if( $ss_captcha_key && !preg_match('/^[0-9]/', $ss_captcha_key) && function_exists('get_string_decrypt') ){
+    $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
+    $ss_captcha_key = str_replace($ip, '', get_string_decrypt($ss_captcha_key));
+}
+$captcha->setKeyString($ss_captcha_key);
 $captcha->getKeyString();
 $captcha->image();

plugin/kcaptcha/kcaptcha.lib.php

@@ -8,6 +8,10 @@ function make_mp3()
     $number = get_session("ss_captcha_key");
 
     if ($number == "") return;
+    $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
+    if( $number && function_exists('get_string_decrypt') ){
+        $number = str_replace($ip, '', get_string_decrypt($number));
+    }
     if ($number == get_session("ss_captcha_save")) return;
 
     $mp3s = array();
@@ -16,7 +20,6 @@ function make_mp3()
         $mp3s[] = $file;
     }
 
-    $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
     $mp3_file = 'cache/kcaptcha-'.$ip.'_'.G5_SERVER_TIME.'.mp3';
 
     $contents = '';
@@ -35,6 +38,9 @@ function make_mp3()
         }
     }
 
+    if( $number && function_exists('get_string_encrypt') ){
+        $number = get_string_encrypt($ip.$number);
+    }
     set_session("ss_captcha_save", $number);
 
     return G5_DATA_URL.'/'.$mp3_file;

plugin/kcaptcha/kcaptcha_image.php

@@ -9,5 +9,10 @@
     echo false;
 } else {
     set_session("ss_captcha_count", $count + 1);
+
+    if( $captcha_key && function_exists('get_string_encrypt') ){
+        $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
+        $captcha_key = get_string_encrypt($ip.$captcha_key);
+    }
     echo (get_session("ss_captcha_key") === $captcha_key) ? true : false;
 }

plugin/kcaptcha/kcaptcha_mp3.php

@@ -11,6 +11,11 @@
     if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) break;
 }
 
+if( $keystring && function_exists('get_string_encrypt') ){
+    $ip = md5(sha1($_SERVER['REMOTE_ADDR']));
+    $keystring = get_string_encrypt($ip.$keystring);
+}
+
 set_session("ss_captcha_count", 0);
 set_session("ss_captcha_key", $keystring);
 $captcha = new KCAPTCHA();

plugin/kcaptcha/kcaptcha_result.php

@@ -11,6 +11,7 @@
  * HybridAuth storage manager
  */
 class Hybrid_Storage implements Hybrid_Storage_Interface {
+    public static $stores = array();
 
 	/**
 	 * Constructor
@@ -37,11 +38,21 @@ public function config($key, $value = null) {
 		$key = strtolower($key);
 
 		if ($value) {
-			$_SESSION["HA::CONFIG"][$key] = serialize($value);
+			$serialize_value = function_exists('get_string_encrypt') ? get_string_encrypt(serialize($value)) : serialize($value);
+
+			if( in_array($key, array('php_session_id', 'config')) ){
+				$this->stores[$key] = $serialize_value;
+			} else {
+				$_SESSION["HA::CONFIG"][$key] = $serialize_value;
+			}
+		} elseif (isset($this->stores[$key])) {
+			$unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($this->stores[$key])) : unserialize($this->stores[$key]);
+			return $unserialize_value;
 		} elseif (isset($_SESSION["HA::CONFIG"][$key])) {
-			return unserialize($_SESSION["HA::CONFIG"][$key]);
+			$unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($_SESSION["HA::CONFIG"][$key])) : unserialize($_SESSION["HA::CONFIG"][$key]);
+			return $unserialize_value;
 		}
-		
+
 		return null;
 	}
 
@@ -55,7 +66,8 @@ public function get($key) {
 		$key = strtolower($key);
 
 		if (isset($_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key])) {
-			return unserialize($_SESSION["HA::STORE"][$key]);
+			$unserialize_value = function_exists('get_string_decrypt') ? unserialize(get_string_decrypt($_SESSION["HA::STORE"][$key])) : unserialize($_SESSION["HA::STORE"][$key]);
+			return $unserialize_value;
 		}
 
 		return null;
@@ -70,7 +82,8 @@ public function get($key) {
 	 */
 	public function set($key, $value) {
 		$key = strtolower($key);
-		$_SESSION["HA::STORE"][$key] = serialize($value);
+		$serialize_value = function_exists('get_string_encrypt') ? get_string_encrypt(serialize($value)) : serialize($value);
+		$_SESSION["HA::STORE"][$key] = $serialize_value;
 	}
 
 	/**
@@ -138,4 +151,4 @@ function restoreSessionData($sessiondata = null) {
 		$_SESSION["HA::STORE"] = unserialize($sessiondata);
 	}
 
-}
+}

plugin/kcaptcha/kcaptcha_session.php

@@ -391,7 +391,8 @@ function social_session_exists_check(){
     }
 
     if( $provider_name && isset($_SESSION['HA::STORE']['hauth_session.'.strtolower($provider_name).'.is_logged_in']) && !empty($_SESSION['sl_userprofile'][$provider_name]) ){
-        return json_decode($_SESSION['sl_userprofile'][$provider_name]);
+        $decode_value = function_exists('get_string_decrypt') ? json_decode(get_string_decrypt($_SESSION['sl_userprofile'][$provider_name])) : json_decode($_SESSION['sl_userprofile'][$provider_name]);
+        return $decode_value;
     }
 
     return false;
@@ -485,8 +486,9 @@ function social_check_login_before($p_service=''){
                 $_SESSION['sl_userprofile'] = array(); 
             }
 
-            if( ! $is_member ){ 
-                $_SESSION['sl_userprofile'][$provider_name] = json_encode( $user_profile );
+            if( ! $is_member ){
+                $encode_value = function_exists('get_string_encrypt') ? get_string_encrypt(json_encode($user_profile)) : json_encode($user_profile);
+                $_SESSION['sl_userprofile'][$provider_name] = $encode_value;
             }
         }
 

plugin/social/Hybrid/Storage.php

@@ -3,6 +3,40 @@
 
 class G5_Hybrid_Endpoint extends Hybrid_Endpoint
 {
+	protected function authInit() {
+		if (!$this->initDone) {
+			$this->initDone = true;
+
+			// Init Hybrid_Auth
+			try {
+				if (!class_exists("Hybrid_Storage", false)) {
+					require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Storage.php";
+				}
+				if (!class_exists("Hybrid_Exception", false)) {
+					require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Exception.php";
+				}
+				if (!class_exists("Hybrid_Logger", false)) {
+					require_once realpath(dirname(dirname(__FILE__))). "/Hybrid/Logger.php";
+				}
+
+				$storage = new Hybrid_Storage();
+				$provider_id = ucfirst(trim(strip_tags($this->request["hauth_start"])));
+				if(!$provider_id) $provider_id = ucfirst(trim(strip_tags($this->request["hauth_done"])));
+
+				$storage->config("CONFIG", social_build_provider_config($provider_id));
+				// Check if Hybrid_Auth session already exist
+				if (!$storage->config("CONFIG")) {
+					$this->dieError("CONFIG FAILED: ", "Unable to get config", array());
+				}
+
+				Hybrid_Auth::initialize($storage->config("CONFIG"));
+			} catch (Exception $e) {
+				Hybrid_Logger::error("Endpoint: Error while trying to init Hybrid_Auth: " . $e->getMessage());
+				$this->dieError("Endpoint Error: ", $e->getMessage(), $e);
+			}
+		}
+	}
+
     protected function processAuthStart(){
 		try {
 			parent::processAuthStart();

plugin/social/includes/functions.php

@@ -226,6 +226,7 @@
 
         //바로 로그인 처리
         set_session('ss_mb_id', $mb['mb_id']);
+        if(function_exists('update_auth_session_token')) update_auth_session_token(G5_TIME_YMDHIS);
 
     } else {    // 메일인증을 사용한다면
         $subject = '['.$config['cf_title'].'] 인증확인 메일입니다.';

plugin/social/includes/g5_endpoint_class.php

@@ -2,7 +2,7 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.5.7.2');
+define('G5_GNUBOARD_VER', '5.5.7.5');
 // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전을 합쳐서 그누보드5.4.6 버전에서 시작함 (kagla-210617)
 // G5_YOUNGCART_VER 이 상수를 사용하는 곳이 있으므로 주석 처리 해제함
 // 그누보드5.4.6 이상 버전 부터는 영카트를 그누보드에 포함하여 배포하므로 영카트5의 버전은 의미가 없습니다.