4.34.22 (2012.03.30)
    :   2012 3 30  Ǵ ȣ  ȸԽ ֹεϹȣ Է  ϵ 

        adm/config_form.php
        bbs/register_form.php
        skin/member/basic/register.skin.php

4.34.21 (2012.03.09)
    :   [ġ] ϸ ̿ XSS   (wh1antԲ  ּ̽ϴ.)
    :   UTF-8  ũ ѱ    (forever, NaviGatorԲ  ּ̽ϴ.)


        skin/board/basic/view.skin.php  Ʒ  ϼ.

            echo "<a href=\"javascript:file_download('{$view[file][$i][href]}', '".urlencode($view[file][$i][source])."');\" title='{$view[file][$i][content]}'>";
            ...
            <? if ($board[bo_download_point] < 0) { ?>if (confirm("'"+decodeURIComponent(file)+"'  ٿε Ͻø Ʈ (<?=number_format($board[bo_download_point])?>)˴ϴ.\n\nƮ Խù ѹ Ǹ  ٽ ٿε ϼŵ ߺϿ  ʽϴ.\n\n׷ ٿε Ͻðڽϱ?"))<?}?>


        lib/common.lib.php  function url_auto_link($str) 

            $str = preg_replace("/([^(HREF=\"?'?)|(SRC=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[\xA1-\xFEa-zA-Z0-9\.:&#=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET='$config[cf_link_target]'>\\2</A>", $str);
             

            global $g4;
            ...
            if (strtoupper($g4['charset']) == 'UTF-8') {
                $str = preg_replace("/([^(HREF=\"?'?)|(SRC=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[-R\xA1-\xFEa-zA-Z0-9\.:&#=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET='$config[cf_link_target]'>\\2</A>", $str);
            } else {
                $str = preg_replace("/([^(HREF=\"?'?)|(SRC=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[\xA1-\xFEa-zA-Z0-9\.:&#=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET='$config[cf_link_target]'>\\2</A>", $str);
            }
             ϼ.


4.34.20 (2012.03.02)
    :   UTF-8  cut_str Լ  ۵ ʴ κ  (־Բ  ּ̽ϴ.)
        ģ   Ǿϴ.
        http://www.sir.co.kr/bbs/board.php?bo_table=g4_tiptech&wr_id=1328#c_1355
    :   ȣ 2012.01.26. ݿ 51,898 (FM2fmediaԲ  ּ̽ϴ.)

        lib/common.lib.php  cut_str() Լ 
        bbs/zip.db 

4.34.19 (2012.01.17)
    :   Ư   ĸí̹  ν ϴ  
        (ؿ  euc-kr  ϴ 쿡  ȹ ֽϴ.)

        bbs/kcaptcha_result.php  Ʒ ڵ尡  ߰ Ǿϴ.

            header("Content-Type: text/html; charset=$g4[charset]");

4.34.18 (2012.01.03)
    :   PHP   basic ȸ Ų  euc-kr  ajax   ۵ǵ  (konahn)

        skin/member/basic/_common.php  Ʒ  Ͻʽÿ.

        $g4_path = "../../.."; // common.php   
        include_once("$g4_path/common.php");
        header("Content-Type: text/html; charset=$g4[charset]"); // ߰ ڵ


4.34.17 (11.12.09)
    :   [ġ] Խù ˻ $sfl  ̿Ͽ н ߰  κ  (i2Sec-輼[kaist])

        bbs/search.php 

            switch ($field[$k]) 
            {
                case "mb_id" :
                case "mb_name" :
                    $str .= "$field[$k] = '$s[$i]'";
                    break;
                default :
                    if (preg_match("/[a-zA-Z]/", $search_str))
                        $str .= "INSTR(LOWER($field[$k]), LOWER('$search_str'))";
                    else
                        $str .= "INSTR($field[$k], '$search_str')";
                    break;
            }

             ڵ带 

            switch ($field[$k]) 
            {
                case "mb_id" :
                case "wr_name" :
                    $str .= "$field[$k] = '$s[$i]'";
                    break;
                case "wr_subject" :
                case "wr_content" :
                    if (preg_match("/[a-zA-Z]/", $search_str))
                        $str .= "INSTR(LOWER($field[$k]), LOWER('$search_str'))";
                    else
                        $str .= "INSTR($field[$k], '$search_str')";
                    break;
                default :
                    $str .= "1=0"; // ׻ 
                    break;
            }

              Ͽ ֽʽÿ.


        lib/common.lib.php 

            switch ($field[$k]) {
                case "mb_id" :
                case "wr_name" :
                    $str .= " $field[$k] = '$s[$i]' ";
                    break;
                case "wr_hit" :
                case "wr_good" :
                case "wr_nogood" :
                    $str .= " $field[$k] >= '$s[$i]' ";
                    break;
                // ȣ ش ˻ -1  
                case "wr_num" :
                    $str .= "$field[$k] = ".((-1)*$s[$i]);
                    break;
                // LIKE  INSTR ӵ 
                default :
                    if (preg_match("/[a-zA-Z]/", $search_str))
                        $str .= "INSTR(LOWER($field[$k]), LOWER('$search_str'))";
                    else
                        $str .= "INSTR($field[$k], '$search_str')";
                    break;
            }

             ڵ带

            switch ($field[$k]) {
                case "mb_id" :
                case "wr_name" :
                    $str .= " $field[$k] = '$s[$i]' ";
                    break;
                case "wr_hit" :
                case "wr_good" :
                case "wr_nogood" :
                    $str .= " $field[$k] >= '$s[$i]' ";
                    break;
                // ȣ ش ˻ -1  
                case "wr_num" :
                    $str .= "$field[$k] = ".((-1)*$s[$i]);
                    break;
                case "wr_ip" :
                case "wr_password" :
                    $str .= "1=0"; // ׻ 
                    break;
                // LIKE  INSTR ӵ 
                default :
                    if (preg_match("/[a-zA-Z]/", $search_str))
                        $str .= "INSTR(LOWER($field[$k]), LOWER('$search_str'))";
                    else
                        $str .= "INSTR($field[$k], '$search_str')";
                    break;
            }

              Ͽ ֽʽÿ.

4.34.16 (11.11.15)
    :   [ġ] XSS  ǰ   (i2Sec-)

        lib/common.lib.php  function conv_content() 
    
        $content = preg_replace("#\/\*.*\*\/#iU", "", $content); 

         ڵ ġ ٲ ذ

4.34.15 (11.10.24)
    :   [ġ] SQL Injection    ڵ ġ û   (packet storm -> ѱͳ)

        bbs/tb.php  Ʒ ڵ尡  Ǿϴ.

            //   _  ġ ʴ ڴ Ѵ. (ִ 20)
            $bo_table = preg_replace("/\W/", "", substr($arr[1],0,20));
            //  ȯ
            $wr_id = (int)$arr[2];
            // ҹ   ġ ʴ ڴ Ѵ. (ִ 32)
            $to_token = preg_replace("/[^a-z0-9]/", "", substr($arr[3],0,32));

        ߽) Ʈ   ʴ     ü  ֽϴ.

4.34.14 (11.10.04)
    :   [ġ] ȸԽ Ȩ ʵ带  SQL Injection  
    :   [ġ] ۼ, 亯 ũ ʵ带  XSS  
        (̴Բ ˷ ּ̽ϴ.)

        bbs/register_form_update.php  ߰ Ǿϴ.

            $mb_homepage = trim(strip_tags(mysql_escape_string($_POST[mb_homepage])));

        bbs/write_update.php  ߰ Ǿϴ.
            
            $wr_link1 = mysql_real_escape_string($_POST['wr_link1']);
            $wr_link2 = mysql_real_escape_string($_POST['wr_link2']);

        bbs/write.php  ߰ Ǿϴ.

            else if ($w == "u") {
                ...
                for ($i=1; $i<=$g4[link_count]; $i++) {
                    $write["wr_link".$i] = get_text($write["wr_link".$i]);
                    $link[$i] = $write["wr_link".$i];
                }
                ...
            } else if ($w == "r") {
                ...
                for ($i=1; $i<=$g4[link_count]; $i++) {
                    $write["wr_link".$i] = get_text($write["wr_link".$i]);
                }

4.34.13 (11.10.01)
    :   [ġ] ȸ   ȸ̺ ʵ忡 ùٸ   Ե  ִ  ߰ Ǿϴ.
        (̴Բ ˷ ּ̽ϴ.)

        bbs/register_form.php

            $member[mb_email]       = get_text($member[mb_email]);
            ...  ...
            $member[mb_10]          = get_text($member[mb_10]);

        adm/member_form.php

            $mb[mb_email]       = get_text($mb[mb_email]);
            ...  ...
            $mb[mb_10]          = get_text($mb[mb_10]);

        lib/common.lib.php

            function get_sideview($mb_id, $name="", $email="", $homepage="") Լ Ʒ ڵ尡 ߰ Ǿϴ.

            $name     = get_text($name);
            $email    = get_text($email);
            $homepage = get_text($homepage);

4.34.12 (11.09.22)
    :    Ǵ ڸƮ    ߼ ϴ 쿡 ü ȸ  ߼۵ ʴ  
        (ΰԲ ˷ ּ̽ϴ.)

        bbs/write_update.php
        bbs/write_comment_update.php

            ΰ   Ʒ ڵ常 ߰ Ǿϴ.

            $unique_email = array_values($unique_email);
        
4.34.11 (11.09.20)
    :   ȣ 2011.08.30. ݿ (־Բ  ּ̽ϴ.)

        bbs/zip.db

4.34.10 (11.08.10)
    :   [ġ] $_SERVER 迭   ̿ SQL Injection   ڵԴϴ.
        (SK Infosec ĨԲ ˷ ּ̽ϴ.)

        bbs/visit_insert.inc.php 

            $sql = " insert $g4[visit_table] ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '$vi_id', '$_SERVER[REMOTE_ADDR]', '$g4[time_ymd]', '$g4[time_his]', '$_SERVER[HTTP_REFERER]', '$_SERVER[HTTP_USER_AGENT]' ) ";

             Ʒ ڵ üմϴ.

            $remote_addr = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
            $referer     = mysql_real_escape_string($_SERVER['HTTP_REFERER']);
            $user_agent  = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);
            $sql = " insert $g4[visit_table] ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '$vi_id', '$remote_addr', '$g4[time_ymd]', '$g4[time_his]', '$referer', '$user_agent' ) ";


4.34.09 (11.07.26)
    :   ȣ  Ʈ 2011.07.21 
        http://zipfinder.co.kr/zipcode/modi_list.htm
    :   admin.menu300.php.bak  ޴ ҷ  ʱ
        ( pogusm Բ  ּ̽ϴ. )

        bbs/zip.db

        adm/admin.lib.php

            if (!preg_match("/^admin.menu([0-9]{3}).*\.php$/", $entry, $m)) 

4.34.08 (11.07.22)
    :   Ȳ ѱ   
    :    > Խǰ > α˻ , α˻  ߰

        lib/common.lib.php : is_utf8() Լ ߰
        visit_list.php

        adm/admin.menu300.php
        adm/popular_list.php
        adm/popular_rank.php

4.34.07 (11.07.01)
    :   [ġ] Ͼε  ̿ XSS    ( wh1antԲ  ּ̽ϴ. )
        php.ini  magic_quotes_gpc = Off  ϴ 쿡  ߻մϴ.
    :   [ġ] CHEDITOR5  㰡    װ ߰ Ǿϴ. ( letsgoleeԲ  ּ̽ϴ. )
    :   ȣ  Ʈ (ũԲ  ּ̽ϴ.)
            ""  ּҰ ǥõ ʴ ׸ 

        bbs/write_update.php  Ʒ ڵ带 ߰ϼ.

        if (!get_magic_quotes_gpc()) {
            $upload[$i]['source'] = addslashes($upload[$i]['source']);
        }


        Ʒ 3  ü ֽñ ٶϴ.
        
        cheditor5/imageUpload/upload.php
        cheditor5/imageUpload/delete.php
        bbs/zip.db

4.34.06 (11.06.21)
    :   [߰ġ] CHSOFT ǥ âȣԲ  ּ̽ϴ. ( CHEDITOR  )
        4.34.05  ϵ ġԴϴ.
        ÷ÿ ̹  ƴ 쿡 ε  ʽϴ.

        Ʒ 3  ü ֽñ ٶϴ.

        cheditor5/imageUpload/upload.php
        cheditor5/popup/js/image.js
        cheditor5/popup/flash/CHXImage.swf

4.34.05 (11.06.18)
    :   [ġ] CHSOFT ǥ âȣԲ  ּ̽ϴ. ( CHEDITOR  )
        GIF Exploit ̶ Ҹ   ̹ Ͽ PHP ڵ带 ɾ  ε մϴ.
        CHEDITOR5  ش˴ϴ.

        ) ɰ ̹Ƿ ǵ  ġ ֽô  ϴ.

      
        Ʒ 2  ü ֽñ ٶϴ.

        cheditor5/imageUpload/upload.php
        cheditor5/popup/js/image.js


        ߰) 
        data  php  html   ϰ Ϸ Ʒ  data   ñ ٶϴ.
        data  ϳ  ø ˴ϴ.

        ϸ : .htaccess (ϸ տ  ٽϴ.   մϴ.)

         : 

        <FilesMatch "\.([Pp][Hh][Pp]|[Hh][Tt][Mm][Ll]?|[Ii][Nn][Cc]|[Cc][Gg][Ii]|[Pp][Ll])"> 
            Order allow,deny 
            Deny from all
        </FilesMatch>

4.34.04 (11.05.27)
    :   ۺ, ̵ ڸƮ , ߰ ־ٸ ڸƮ  , ̵ ʴ ׸ Ͽϴ.
        ( Բ ̹ 2009⿡ ˷ֽ ε ġ ʾϴ. http://sir.co.kr/bbs/board.php?bo_table=g4_tiptech&wr_id=18926 )

        bbs/move_update.php 

        $sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_comment desc, wr_id ";

        

        $sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";

        ̷ Ͻø ˴ϴ.

4.34.03 (11.05.17)
    :   [ġ] SQL Injection   ڵ 
        (ѱͳ Ͽ õб Բ  ذ ڼϰ ˷ּ̽ϴ.)
    :   [ġ] ̹ ± src Ӽ download.php ũ ִ  Խù Ȯϴ ͸ε  ٿε尡   
        (ȼ[i2Sec] ƴԲ ˷ּ̽ϴ.)

        lib/common.lib.php  get_sql_search() Լ ߰

            $field[$k] = preg_match("/^[\w\,\|]+$/", $field[$k]) ? $field[$k] : "wr_subject";

        lib/common.lib.php  conv_content() Լ ߰
            
            $content = preg_replace("/<(img[^>]+download\.php[^>]+bo_table[^>]+)/i", "*** CSRF  : &lt;$1", $content);

4.34.02 (11.05.13)
    :   [ġ] ̹ ± src Ӽ  ũ ִ  Խù Ȯϴ ͸ε   ϹǷ ̰ 
        (ȼ[i2Sec] ƴԲ ˷ּ̽ϴ.)
    :   ĸí ڵ  (ȸ ڸƮ  ٸ  ĸí̹   ֵ )
        (letsgolee Բ ˷ּ̽ϴ.)

        [ġ]

        lib/common.lib.php  conv_content() Լ Ʒ ڵ带 ߰մϴ.

            $content = preg_replace("/<(img[^>]+delete\.php[^>]+bo_table[^>]+)/i", "*** CSRF  : &lt;$1", $content);
            $content = preg_replace("/<(img[^>]+delete_comment\.php[^>]+bo_table[^>]+)/i", "*** CSRF  : &lt;$1", $content);
            $content = preg_replace("/<(img[^>]+logout\.php[^>]+)/i", "*** CSRF  : &lt;$1", $content);

        bbs/delete.php  bbs/delete_comment.php  Ʒ ڵ带 ߰մϴ.

        if ($is_admin)
        {
            if (!($token && get_session("ss_delete_token") == $token)) 
                alert("ū   Ұմϴ.");
        }
            
        bbs/view.php  Ʒ ڵ带 ߰մϴ.

            if ($is_admin) 
            {
                set_session("ss_delete_token", $token = uniqid(time()));
                $delete_href = "javascript:del('./delete.php?bo_table=$bo_table&wr_id=$wr_id&token=$token&page=$page".urldecode($qstr)."');";
            }

        bbs/view_comment.php  ߰ Ǵ մϴ.

            ߰ 
            
            // ڸƮ â   ǰ Ƿ Ѵ.
            if ($is_admin && !$token) 
            {
                set_session("ss_delete_token", $token = uniqid(time()));
            }

            ...

            

            $list[$i][del_link]  = "./delete_comment.php?bo_table=$bo_table&comment_id=$row[wr_id]&token=$token&cwin=$cwin&page=$page".$qstr;

        [ĸíڵ庯]

        js/jquery.kcaptcha.js ü

        skin/board/basic/view_comment.skin.php  Ʒ  մϴ.

            jQuery.fn.extend({...});  Ͻð

            //jQuery(this).kcaptcha_load();  ڵ带 Ʒ ڵ մϴ.
            if (comment_id && work == 'c')
                $.kcaptcha_run();

4.34.01 (11.05.11)
    :   ȸ 亯 ڸƮ ⿡ ĸí  ʴ   (޿´ ˷ּ̽ϴ.)
        4.33.00  ִ ڵ带 Ͽϴ.
        ) ĸí̹ ŬϿ ο ̹ Ҽ 

        skin/board/basic/view_comment.skin.php  Ʒ  մϴ.

        jQuery.fn.extend({
            kcaptcha_load: function() {
                $.ajax({
                    type: 'POST',
                    url: g4_path+'/'+g4_bbs+'/kcaptcha_session.php',
                    cache: false,
                    async: false,
                    success: function(text) {
                        $('#kcaptcha_image')
                            .attr('src', g4_path+'/'+g4_bbs+'/kcaptcha_image.php?t=' + (new Date).getTime())
                            .css('cursor', '')
                            .attr('title', '');
                        md5_norobot_key = text;
                    }
                });
            }
        });

        function comment_box(comment_id, work)
        {
            ...
            if (typeof(wrestInitialized) != 'undefined')
                wrestInitialized();

            jQuery(this).kcaptcha_load();

4.34.00 (11.04.29)
    :   cheditor v5.04 ž (״忡   ְ ֽ CHSOFT âȣ ǥԲ 帳ϴ. www.chcode.com)
        ֽ (v5.06) ణ  ־  ణ  žմϴ.
        ̹ ε ÷ø ϴµ .htaccess  н带 ɾٴ ϴ 쿡 ̹ ε尡 ȵ˴ϴ.
        ÷õ <object><embed> ڵ ž մϴ. Ʃ  > ҽڵ >  ҽڵ   ڵ
    :   [ġ] 4.33.10  ڵ带  Ͽϴ. (letsgolee Բ ˷ּ̽ϴ.)

        =======================================================
        cheditor5   (! ! !)
        =======================================================
        
        cheditor5  ü ε 
        
        lib/cheditor4.lib.php ü 
        
        config.php  $g4['is_cheditor5']   = true; ߰
        
        skin/board/?????/write.skin.php 

            <?
            if ($is_dhtml_editor) echo cheditor3('wr_content');
            ?>

            if (document.getElementById('tx_wr_content')) {
                if (!ed_wr_content.outputBodyText()) { 
                    alert(' ԷϽʽÿ.'); 
                    ed_wr_content.returnFalse();
                    return false;
                }
            }

            

            if (document.getElementById('tx_wr_content')) {
                if (!ed_wr_content.outputBodyText()) { 
                    alert(' ԷϽʽÿ.'); 
                    ed_wr_content.returnFalse();
                    return false;
                }
            }

            <?
            if ($is_dhtml_editor) echo cheditor3('wr_content');
            ?>

            ̷  ٲ ּ.
            
        =======================================================

        bbs/register_form.php

            /*
            if (!($member[mb_password] == sql_password($_POST[mb_password]) && $_POST[mb_password]))
                alert("н尡 Ʋϴ.");

            //   ٽ   ƿ  ӽ÷  
            set_session("ss_tmp_password", $_POST[mb_password]);
            */

            if ($_POST['mb_password']) {
                //   Ʈ ǵ °̶ н尡 ȣȭ ä Ѿ°
                if ($_POST['is_update'])
                    $tmp_password = $_POST['mb_password'];
                else
                    $tmp_password = sql_password($_POST['mb_password']);

                if ($member['mb_password'] != $tmp_password)
                    alert("н尡 Ʋϴ.");
            }

        bbs/register_form_update.php

            /* 
            // н带 ȣȭϿ ѱ
            if ($mb_password)
                $tmp_password = sql_password($mb_password);
            else
                $tmp_password = get_session("ss_tmp_password");
            */

            $row  = sql_fetch(" select mb_password from $g4[member_table] where mb_id = '$member[mb_id]' ");
            $tmp_password = $row['mb_password'];

            ...

            <input type='hidden' name='is_update' value='1'> ߰

4.33.11 (11.04.28)
    :   [ġ] 4.33.10  ġ  ־ ٽ ġմϴ.
        (ѱͳ Ͽ Null@Root Ҽ Hacker@n Բ ٽ ˷ּ̽ϴ.)

        *  ҽ   ڵ Ͽ ġ ֽñ ٶϴ.

        bbs/register_form.php

            /*
            if (!($member[mb_password] == sql_password($_POST[mb_password]) && $_POST[mb_password]))
                alert("н尡 Ʋϴ.");

            //   ٽ   ƿ  ӽ÷  
            set_session("ss_tmp_password", $_POST[mb_password]);
            */

            if ($_POST['mb_password']) {
                //   Ʈ ǵ °̶ н尡 ȣȭ ä Ѿ°
                if ($_POST['is_update'])
                    $tmp_password = $_POST['mb_password'];
                else
                    $tmp_password = sql_password($_POST['mb_password']);

                if ($member['mb_password'] != $tmp_password)
                    alert("н尡 Ʋϴ.");
            }

        bbs/register_form_update.php

            // н带 ȣȭϿ ѱ
            if ($mb_password)
                $tmp_password = sql_password($mb_password);
            else
                $tmp_password = get_session("ss_tmp_password");

            ...

            <input type='hidden' name='is_update' value='1'> ߰

4.33.10 (11.04.27)
    :   [ġ] ȸ ǿ ϵ н带 ˾Ƴ  ִ  ߰ߵǾϴ.
        (ѱͳ Ͽ Null@Root Ҽ Hacker@n Բ ˷ּ̽ϴ.)
    :   ԽǺ Ǵ Խ ̺ CHARSET    ʴ  Ͽϴ. 
        ( зԲ ˷ּ̽ϴ. )

        bbs/register_form.php

            // н带 ˾ƺ   ȸϽø ־ ȣȭ 
            set_session("ss_tmp_password", base64_encode($member[mb_datetime].$_POST[mb_password]));

        bbs/register_form_update.php

            // ȣȭ   ȸϽø ָ  н尡 
            $tmp_password = preg_replace("/^".$member[mb_datetime]."/", "", base64_decode(get_session("ss_tmp_password")));

        lib/common.lib.php

        function get_table_define($table, $crlf="\n")
        {
            global $g4;

            ...
            
            if (strtolower($g4['charset']) == "utf-8")
                $schema_create .= $crlf . ') DEFAULT CHARSET=utf8';
            else
                $schema_create .= $crlf . ')';

4.33.09 (11.04.15)
    :   Ʒ ΰ  ѱͳ(KISA) Ͽ 
        ͳݰб 1г⿡  οԲ ˷ ּ̽ϴ.

        XSS 
        embed, object ±׸  ʴ  ȸ ݿ  


        lib/common.lib.php  ΰ Լ  Ǿϴ.


        function conv_content($content, $html)
            
            ...

            //$content = preg_replace("/(ex)(pression)/i", "&#101&#120;$2", $content);
            ...
            // ̷ 츦  <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
            $content = preg_replace("#\/\*.*\*\/#iU", "", $content);

            $pattern = "";
            $pattern .= "(e|&#(x65|101);?)";
            $pattern .= "(x|&#(x78|120);?)";
            $pattern .= "(p|&#(x70|112);?)";
            $pattern .= "(r|&#(x72|114);?)";
            $pattern .= "(e|&#(x65|101);?)";
            $pattern .= "(s|&#(x73|115);?)";
            $pattern .= "(s|&#(x73|115);?)";
            $pattern .= "(i|&#(x6a|105);?)";
            $pattern .= "(o|&#(x6f|111);?)";
            $pattern .= "(n|&#(x6e|110);?)";
            $content = preg_replace("/".$pattern."/i", "__EXPRESSION__", $content);


        ...


        function bad_tag_convert($code)
            
            ...

            if ($is_admin && $member[mb_id] != $view[mb_id]) {
                //$code = preg_replace_callback("#(\<(embed|object)[^\>]*)\>(\<\/(embed|object)\>)?#i",
                // embed Ǵ object ±׸  ʴ  ͸ ǵ 
                $code = preg_replace_callback("#(\<(embed|object)[^\>]*)\>?(\<\/(embed|object)\>)?#i",
                            create_function('$matches', 'return "<div class=\"embedx\">ȹ Ͽ  ̵δ embed Ǵ object ±׸   ϴ. ȮϽ÷   ٸ ̵ ϼ.</div>";'),
                            $code);
            }

            //return preg_replace("/\<([\/]?)(script|iframe)([^\>]*)\>/i", "&lt;$1$2$3&gt;", $code);
            // script  iframe ±׸  ʴ  ͸ ǵ 
            return preg_replace("/\<([\/]?)(script|iframe)([^\>]*)\>?/i", "&lt;$1$2$3&gt;", $code);


4.33.08 (11.04.01)
    :   Ʒ ΰ  ѱͳ(KISA) Ͽ 
        ͳݰб 1г⿡  οԲ ˷ ּ̽ϴ.
    :   [ġ] XSS(Cross Site Scripting)  
          XML namespace ̿Ͽ ϴ Դϴ. 
        Խǿ DHTML ͸  ʴ 쿡   Ȯ Ǿϴ.
    :   [ġ] RFI(Remote File Inclusion)   
             Ŀ Խ  , ϴϰο 
        Data URI scheme (http://en.wikipedia.org/wiki/Data_URI_scheme)  ̿Ͽ 
         remote  ϰ ش remote  ̿Ͽ ش  ϴ 
        Դϴ.
        PHP 5.x ̻ ׸ allow_url_fopen  On  쿡 ߻մϴ.
        
        lib/common.lib.php

            $content = preg_replace("/\<(\w|\s|\?)*(xml)/i", "", $content);

        adm/board_form.php 

            <tr class='ht'>
                <td colspan='2'>
                     н
                </td>
                <td>
                    <input class='ed' type='password' name='admin_password' itemname=" н" required>
                    <?=help("  ѱ Ϳ Ͽ α  н带 ѹ  ° Դϴ.");?>
                </td>
            </tr>

        adm/board_form_update.php 

            if ($member[mb_password] != sql_password($_POST['admin_password'])) {
                alert("н尡 ٸϴ.");
            }

4.33.07 (11.03.22)
    :   Ʈ ̺ Ǿ ִ ߰ (Ÿ Բ ˷ ּ̽ϴ.)
        (  ʴ ̹Ƿ ġ ŵ մϴ.)
    :   Ʈ ޼ ½ ѱ  

        bbs/write_update.php

        if ($msg) {
            echo "<meta http-equiv='content-type' content='text/html; charset={$g4['charset']}'>\n";
            echo "<script type='text/javascript'>alert('$msg $wr_trackback');</script>";
        }

4.33.06 (11.02.22)
    :   [ġ] Ա   ڵϹ ĸí̹  ڵ 

         PHPSESSID Ͽ ڰ PHPSESSID   ȮҼ 
        Ƿ ̰ Ͽ ڵϹ ڵ带 ˾Ƴ  ִ װ 
        ־ϴ. (jacobswell Բ ˷ ּ̽ϴ.)
        ڰ ȮҼ  ڵ带 Ͽ Է° 5ȸ̻ Ʋ
        ٽ Է ϵ Ͽϴ.

        )  Ͽ ظ ԰ ôٸ ȸ ۾ ֽǰ 
               帳ϴ. ȸ ۾  α׷ ٴ  
              ø  Ȯ Ǿϴ.

        js/jquery.kcaptcha.js
        bbs/kcaptcha_session.php
        bbs/kcaptcha_result.php

        4.33.05  ̰() ϼž մϴ.

        -------------------------------------------------------------------------
            Ÿ)  Ų  ġ
        -------------------------------------------------------------------------
            
            if (typeof(f.wr_key) != 'undefined') {
                if (hex_md5(f.wr_key.value) != md5_norobot_key) {
                    alert('ڵϹ ڰ  Էµ ʾҽϴ.');
                    f.wr_key.select();
                    f.wr_key.focus();
                    return false;
                }
            }

              ڵ带

            if (!check_kcaptcha(f.wr_key)) {
                return false;
            }

            ̷ ٲٽø ˴ϴ.

        -------------------------------------------------------------------------


4.33.05 (11.02.20)
    :   [ġ] Ա   ڵϹ ĸí̹  ڵ 
        
         ״ Եϱ ĸí̹   md5  Ͽ 
         () ˾Ƴ  մϴ.
         帮ڸ  ϴ. 
        md5 DB Ʒ   ϴ.

         md5 ؽŰ̸    Դϴ.
        c4ca4238a0b923820dcc509a6f75849b = 1
        c81e728d9d4c2f636f067f89cc14862c = 2
        eccbc87e4b5ce2fe28308fd9f2a7baf3 = 3
        ...
        52c69e3a57331081823331c4e69d3f2e = 999999
        
         js/jquery.kcaptcha.js  md5_norobot_key  52c69e3a57331081823331c4e69d3f2e  
        md5 DB 52c69e3a57331081823331c4e69d3f2e  ãƳ   999999  ˾Ƴٴ .
        (̰ ȣȭ ƴմϴ. . · շȱ  ġ ؾ߰?)
        ׷ ̹ ġ  Ϳ ߰ PHPSESSID  ־ md5 DB   ãƳ   
        ϴ.


        js/jquery.kcaptcha.js
        bbs/kcaptcha_session.php
        skin/board/basic/write.skin.php
        skin/board/basic/view_comment.skin.php
        skin/member/basic/formmail.skin.php
        skin/member/basic/memo_form.skin.php
        skin/member/basic/password_lost.skin.php
        skin/member/basic/register_form.skin.php


        -------------------------------------------------------------------------
            Ÿ)  Ų  ġ
        -------------------------------------------------------------------------
            
            if (typeof(f.wr_key) != 'undefined') {
                if (hex_md5(f.wr_key.value) != md5_norobot_key) {
                    alert('ڵϹ ڰ  Էµ ʾҽϴ.');
                    f.wr_key.select();
                    f.wr_key.focus();
                    return false;
                }
            }

              ڵ带

            if (!check_kcaptcha(f.wr_key)) {
                return false;
            }

            ̷ ٲٽø ˴ϴ.

        -------------------------------------------------------------------------


4.33.04 (11.02.12)
    :   4.33.03  common.php  ġ ڵ   4.33.02  ǵϴ.
    :   4.33.03  adm/member_form.php  ġ ڵ忡  ־ϴ.

        common.php

            if (isset($sca))  {
                $sca = mysql_real_escape_string($sca);
                $qstr .= '&sca=' . urlencode($sca);
            }

            if (isset($sfl))  {
                $sfl = mysql_real_escape_string($sfl);
                $qstr .= '&sfl=' . urlencode($sfl); // search field (˻ ʵ)
            }

            if (isset($stx))  { // search text (˻)
                $stx = mysql_real_escape_string($stx);
                $qstr .= '&stx=' . urlencode($stx);
            }

            if (isset($sst))  {
                $sst = mysql_real_escape_string($sst);
                $qstr .= '&sst=' . urlencode($sst); // search sort (˻  ʵ)
            }


        adm/member_form.php

            <?=get_member_level_select("mb_level", 1, $member[mb_level], $mb[mb_level])?>


4.33.03 (11.02.10)
    :   ȸ ڵ  (Ÿ)
    :   б Ʈ Ǿ  б  1 Ǿ  Ʈ    ʴ   (forever, )
    :   [ġ] SQL INJECTION ݿ  ڵ  (ΰ)

        adm/member_form.php

            <?=get_member_level_select("mb_level", 1, $member[mb_level], $member[mb_level])?>

        bbs/board.php

            if (!get_session($ss_name))
            {
                sql_query(" update $write_table set wr_hit = wr_hit + 1 where wr_id = '$wr_id' ");

                // ڽ ̸ 
                if ($write[mb_id] && $write[mb_id] == $member[mb_id]) {
                    ;
                } else if ($is_guest && $board[bo_read_level] == 1 && $write[wr_ip] == $_SERVER['REMOTE_ADDR']) {
                    // ȸ̸鼭 бⷹ 1̰ ϵ ǰ ٸ ڽ ̹Ƿ 
                    ;
                } else {
                    /*
                    // ȸ̻ бⰡ ϴٸ
                    if ($board[bo_read_level] > 1) {
                        if ($member[mb_point] + $board[bo_read_point] < 0)
                            alert("Ͻ Ʈ(".number_format($member[mb_point]).") ų ڶ б(".number_format($board[bo_read_point]).") Ұմϴ.\\n\\nƮ   ٽ б  ֽʽÿ.");

                        insert_point($member[mb_id], $board[bo_read_point], "$board[bo_subject] $wr_id б", $bo_table, $wr_id, 'б');
                    }
                    */
                    // б Ʈ Ǿ ִٸ
                    if ($board[bo_read_point] && $member[mb_point] + $board[bo_read_point] < 0)
                        alert("Ͻ Ʈ(".number_format($member[mb_point]).") ų ڶ б(".number_format($board[bo_read_point]).") Ұմϴ.\\n\\nƮ   ٽ б  ֽʽÿ.");

                    insert_point($member[mb_id], $board[bo_read_point], "$board[bo_subject] $wr_id б", $bo_table, $wr_id, 'б');
                }

                set_session($ss_name, TRUE);
            }


        common.php
        
            if (isset($sca))  {
                $sca = preg_replace("/([\'\"\`\<\>\(\)\;\/~@?=%&!]+)/", "", $sca);
                $qstr .= '&sca=' . urlencode($sca);
            }

            if (isset($sfl))  {
                $sfl = preg_replace("/([\'\"\`\<\>\(\)\;\/~@?=%&!]+)/", "", $sfl);
                $qstr .= '&sfl=' . urlencode($sfl); // search field (˻ ʵ)
            }

            if (isset($stx))  { // search text (˻)
                $stx = preg_replace("/([\'\"\`\<\>\(\)\;\/~@?=%&!]+)/", "", $stx);
                $qstr .= '&stx=' . urlencode($stx);
            }

            if (isset($sst))  {
                $sst = preg_replace("/([\'\"\`\<\>\(\)\;\/~@?=%&!]+)/", "", $sst);
                $qstr .= '&sst=' . urlencode($sst); // search sort (˻  ʵ)
            }


4.33.02 (11.01.24)
    :   [ġ] LFI(Local File Include )
        LFI  ߰ߵǾ  ڵԴϴ. (SK Ĩ)

        common.php
            if ($_GET['g4_path'] || $_POST['g4_path'] || $_COOKIE['g4_path']) { ... }
             ڵ常  Ǿϴ.

4.33.01 (11.01.10)
    :   [ġ] XSS / CSRF
        4.33.00  object ±׷ε ÷ø     ڵԴϴ. (ư)

        lib/common.lib.php 
             bad_tag_convert() Լ ڵ常 

4.33.00 (11.01.06)
    :   [ġ] XSS / CSRF
        FLASH  ACTION SCRIPT  ǰ ˾Ƴ Ͽ ᱹ ڱ   Ǵ 
        ġ  ߰ Ǿϴ. (ϰ ؼ ÷ø °͸ ǰ ˴ϴ.)
        ̰ Ŀ  ϴ   н尡 Ȱ ƴմϴ.
        ġ ֵ  Խ ٸ ȸ ø embed ±״ ڿ  ʰ ϴ Դϴ.
        , Ű Ǵ    α   üũմϴ.
        ⺻ȯ漳, Ѽ, ȸ, Ʈ  н带 ٽ    Ѱ ʵ Ͽϴ.
        ̰Ͱ õ ڼ  ȴ  Ͻʽÿ.
        http://www.boannews.com/media/view.asp?idx=24280&kind=1
        (i2Sec  ȣԲ ˷ֽ Դϴ.)

        Ʒ ġ  ϱ  Ʈ ߿ Ǿ ִ ϸ  ֽñ ٶϴ.

        === ߿ ===
        lib/common.lib.php 
             bad_tag_convert(), view_file_link() Լ ڵ 
        skin/board/basic/view_comment.skin.php 
             $str = preg_replace("/\[\<a\s.*href\=\"(http|https|ftp)\:\/\/([^[:space:]]+)\.(swf)\".*\<\/a\>\]/i", "<script>doc_write(flash_movie('$1://$2.$3'));</script>", $str);
             ڵ  Ǵ ּó
        bbs/login_check.php
             ss_mb_key Ű ߰
        adm/admin.lib.php
             ss_mb_key 
        === /߿ ===

        adm/config_form.php
        adm/config_form_update.php
        adm/auth_list.php
        adm/auth_update.php
        adm/member_form.php
        adm/member_form_update.php
        adm/point_list.php
        adm/point_update.php

4.32.15 (10.12.28)
    :   [ġ] $write_table  ʱȭ  ()

        common.php

4.32.14 (10.12.07)
    :   ۾, ڸƮ  ߼ ڵ 
    :   ڸƮ Ʈ ȸ Ʈ   ڸƮ  ϴ ׸  (־)
    :   ȣ   (2010 11 19) - ߺ ȣ   (־)

        bbs/write_update.php
        bbs/write_comment_update.php
        bbs/zip.db

4.32.13 (10.11.02)
    :   [ġ] б      ̿ܿ б  ϵ  (źԲ ˷ ּ̽ϴ.)
    :   [ġ] ٸ    ִ   (źԲ ˷ ּ̽ϴ.)
    :   ȸ     (־Բ û ּ̽ϴ.)

        bbs/write_update.php
        skin/member/basic/register_form.skin.php

4.32.12 (10.10.21)
    :   [ġ] Ư ȸ     ´ٸ ġϽñ ٶϴ.
    :    ۹ POST θ ϵ 
    :   ۽ ڵϹ ڵ带 Ͽ CSRF Ͽϴ.

        bbs/memo_form_update.php
        skin/member/basic/memo_form.skin.php

4.32.11 (10.09.11)
    :   [ġ] ݵ ġϽñ ٶϴ.
        ڵα ɿ ɰ װ մϴ. 

        common.php  ڵ带 Ʒ   ֽʽÿ.

        if ($tmp_mb_id = get_cookie("ck_mb_id"))
        {
            $tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
            // ְڴ ڵα 
            if ($tmp_mb_id != $config['cf_admin'])
            {
                $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g4['member_table']} where mb_id = '{$tmp_mb_id}' ";

        common.php

4.32.10 (10.09.07)
    :   ̵/н ã ڵ  (ȼ  )
         ϴ password_forget   ̻   password_lost  üմϴ.
        ȸԽ н нǽ , 亯  ̻ Է  ʽϴ.
    
        bbs/password_lost.php
        bbs/password_lost2.php
        bbs/password_lost_certify.php
        skin/member/basic/password_lost.skin.php
        skin/member/basic/register_form.skin.php
        skin/member/basic/login.skin.php            : win_password_forget() -> win_password_lost()  ü
        skin/outlogin/basic/outlogin.skin.1.php     : win_password_forget() -> win_password_lost()  ü
        js/common.js                                : function win_password_lost() ߰

        //  ġ Ͻ  Ʒ 3  ݵ Ͻñ ٶϴ.
        bbs/password_forget.php
        bbs/password_forget2.php
        bbs/password_forget3.php

4.32.09 (10.09.07)
    :   Խǿ \  ˻  ֵ  (ֳԲ ˷ּ̽ϴ.)
    
        lib/common.lib.php                          : $search_text = trim(stripslashes($search_text));  
        skin/board/basic/list.skin.php              : value='<?=stripslashes($stx)?>'  

4.32.08 (10.08.25)
    :   url_auto_link() Լ ڵ 
    
        lib/common.lib.php 

4.32.07 (10.08.23)
    :   [] XSS(Cross Site Scripting) ݿ       Ͽϴ. (sjsjin Բ ˷ּ̽ϴ.)
    :   ȸ Ʈ 0 ̸  Խ ۾ Ʈ  쿡    (־Բ ٽ ˷ ּ̽ϴ.)    
    :   ȸ ý checkbox  radio  Ͽϴ. (ѱͳ ǰ)
    :   ȸ  ¥ý ޷ jquery datepicker ϵ 

        common.php
        bbs/write.php
        skin/member/basic/register.skin.php
        skin/member/basic/register_form.skin.php

4.32.06 (10.08.09)
    :   [] XSS(Cross Site Scripting) ݿ      (sjsjin Բ ˷ּ̽ϴ.)
    :   ۾, ڸƮ  ܾ ͸   (âȭ, ҴԲ ˷ּ̽ϴ.)

        common.php
        skin/board/basic/ajax.filter.php

4.32.05 (10.07.26)
    :   ȣ 2010 7 22 ݿ (51,031)
    :   ۾, ڸƮ  ܾ ͸ ܺο  ʵ AJAX ó
    :   Խǰ ԽǺ 丮 簡 ϵ  (輱Բ ڵ带 ˷ ּ̽ϴ.)
    :    Ÿ  ·   ִ   (ƿԲ ˷ּ̽ϴ.)
    
        adm/board_copy_update.php
        bbs/memo_view.php
        bbs/view_comment.php
        bbs/write.php
        bbs/zip.db
        skin/board/basic/ajax.filter.php
        skin/board/basic/view_comment.skin.php
        skin/board/basic/write.skin.php
        
4.32.04 (10.07.02)
    :   Խ ,  ˻ 1 ̵ϵ  (intelԲ ˷ּ̽ϴ.)
    :   ϸ Ưڰ   ٿε  ʴ   (־Բ ˷ּ̽ϴ.)
    :   Խǿ δܾ ̻ ˻  ˻ Խù ڸƮ     (־Բ ˷ּ̽ϴ.)
    :   $g4[https_url]     ̿ ߰ θ ϸ αν   

        bbs/view.php
        bbs/list.php
        lib/common.lib.php
        skin/member/basic/login.skin.php
        skin/outlogin/basic/outlogin.skin.1.php

4.32.03 (10.04.30)
    :   ڸƮ 亯 ĸí̹, Է¹ڽ üũ  ǥõ ʴ  
    :   ȸ Ʈ 0 ̸  Խ ۾ Ʈ  쿡   
        (־Բ ˷ ּ̽ϴ.)
    :   ȸϹ߼ۿ ԽǱ׷켱ý ش ԽǱ׷쿡  ȸ Ѹ    SQL   (ŸϴԲ ˷ּ̽ϴ.)

        adm/mail_select_list.php
        bbs/write.php
        skin/board/basic/view_comment.skin.php

4.32.02 (10.03.16)
    :   α      
    :   ȸԽ  ѱ  ν ϴ  

        adm/member_form_update.php
        skin/member/basic/ajax_mb_nick_check.php
        skin/member/basic/ajax_register_form.jquery.js

4.32.01 (10.03.12)
    :   پ ÷   ֵ prototype.js  jquery.js  üմϴ.
         ڵ带 ϱ Ͽ js/prototype.js   ʽϴ.
    :   2010 2 25 ȣ  (־Բ ÷ֽ ڷԴϴ.)
    :   Խǰ cheditor  ߰

        head.sub.php
        adm/board_form.php
        adm/config_form.php
        bbs/zip.db
        js/jquery-1.4.2.min.js
        js/jquery.kcaptcha.js
        skin/board/basic/view_comment.skin.php
        skin/board/basic/write.skin.php
        skin/member/basic/ajax_register_form.jquery.js
        skin/member/basic/formmail.skin.php
        skin/member/basic/password_forget2.skin.php
        skin/member/basic/register_form.skin.php                

4.31.15 (10.02.08)
    :   ȸ ֹεϹȣ  
        function member_delete($mb_id) { ... mb_jumin = '', ...
    :   Ȳ OS Windows7 ߰ (JustinԲ ˷ּ̽ϴ.)
    :   POSIX Regex Լ  ( ereg_replace, ereg, eregi_replace, eregi, split, spliti, sql_regcase )
          PHP 5.3.0  ǰ PHP 6.0.0  ŵ˴ϴ.  ɿ  ʱ⸦ մϴ.
    :   ⺻ð븦  PHP 5.1   date_default_timezone_set()
    :   2009 4 ȣ 泻 (2009.12.16. : 50,742) http://www.zipfinder.co.kr
    :   password_check.php  $qstr  $sop ߰ 
    :   js/common.js  del() Լ charset  óǵ 

        adm/admin.lib.php
        adm/board_copy_update.php
        adm/board_form_update.php
        adm/boardgroup_form_update.php
        adm/mail_select_update.php
        bbs/download.php
        bbs/list.php
        bbs/password_check.php
        bbs/zip.db
        cheditor4/imageupload-class.php
        config.php
        js/common.js
        lib/common.lib.php
        lib/mailer.lib.php
        lib/visit.lib.php

4.31.14 (09.10.15)
    :    Խ Ͻ ,ϴ ̹, , ϴ  θ     (κƺ  091015)

        adm/board_form_update.php        

4.31.13 (09.10.14)
    :   utf-8  ԽǺз ý  ˻ ʴ  
        skin/board/basic/list.skin.php 
        <select name=sca onchange="location='<?=$category_location?>'+this.value;"> 
        <select name=sca onchange="location='<?=$category_location?>'+<?=strtolower($g4[charset])=='utf-8' ? "encodeURIComponent(this.value)" : "this.value"?>;">   Ͻʽÿ.
    :   ѱ۷ ˻ ˻  ϰ ٽ  ƿö ѱ    ( 090930)
        bbs/view.php 
        $delete_href = "javascript:del('./delete.php?bo_table=$bo_table&wr_id=$wr_id&page=$page".$qstr."');"; 
        $delete_href = "javascript:del('./delete.php?bo_table=$bo_table&wr_id=$wr_id&page=$page".urldecode($qstr)."');";  Ͻʽÿ.
    :   2009 3 ȣ 泻 (2009.09.29. : 50,554) http://www.zipfinder.co.kr

        skin/board/basic/list.skin.php
        bbs/view.php
        bbs/zip.db

4.31.12 (09.09.25)
    :   Ȳ Ӱο <!-- ּ ڵ尡 ԵǸ ȭ  ǥõ ʴ   (neueԲ ˷ּ̽ϴ.)
        $title = str_replace(array("<", ">"), array("&lt;", "&gt;"), urldecode($row[vi_referer]));
    :   Ȳ IE 8, CHROME, WINDOWS NT 6   ǥõǵ 
    :   ÷ ÷ν ÷ϸ  ԵǾ  Ϻ PC  ʰų ٿε  ʴ  ֽϴ. (  090925)
        (bbs/write_update.php) $upload[$i][file] = abs(ip2long($_SERVER[REMOTE_ADDR])).'_'.substr($shuffle,0,8).'_'.str_replace('%', '', urlencode(str_replace(' ', '_', $filename))); 
    :   ϴٿε      Ʈ Ǵ   (ƺҴ 090914)

        adm/visit_list.php
        lib/visit.lib.php
        bbs/write_update.php
        bbs/download.php

4.31.11 (09.07.14)
    :     ε  ̿   (ݵ ġ ֽʽÿ.)

        lib/common.lib.php : view_file_link() Լ
        bbs/write_update.php :  ε κ
        bbs/register_form_update.php : ȸ ε κ

4.31.10 (09.07.13)
    :   write.php  ϴ Խ($bo_table) ˻ϴ ڵ ߰ (nascaԲ ˷ּ̽ϴ.)
    :   HTML   ִ 쿡 DHTML  ϵ  (TopSchooLԲ ˷ּ̽ϴ.)

        bbs/write.php

4.31.09 (09.07.10)
    :   ۾, ڸƮ ÿ  &# ڷ ټ ϴ  ȭ鿡   鼭    
    :   2009.06.23 ȣ Ϸ  (50,353) http://www.zipfinder.co.kr/

        bbs/zip.db
        bbs/write_update.php
        bbs/write_comment_update.php

4.31.08 (09.06.23)
    :     ݷ ⺻ ڵ 
        ini_set("session.gc_probability", 1); // session.gc_probability session.gc_divisor Ͽ gc( ) ƾ  Ȯ մϴ. ⺻ 1Դϴ. ڼ  session.gc_divisor Ͻʽÿ.
        ini_set("session.gc_divisor", 100); // session.gc_divisor session.gc_probability Ͽ   ʱȭ ÿ gc( ) μ  Ȯ մϴ. Ȯ gc_probability/gc_divisor Ͽ մϴ. , 1/100  ûÿ GC μ  Ȯ 1%Դϴ. session.gc_divisor ⺻ 100Դϴ.
    :     CHEDITOR  ϴ   ǥõǵ 

        common.php
        cheditor4/cheditor.js

4.31.07 (09.06.16)
    :   ȸԽ ֹιȣ ϴ   ֹιȣ ȸ    (letsgolee )
    :   Խù Ʈ   ʵ尡 ƴҶ  κ  (nasca )
    :   н нǽ 亯 񱳽 !=  !==   ( 1 != 1.  쿡  亯 ν)
    :    ð 100%  ݷ

        bbs/list.php
        bbs/register_form_update.php
        bbs/password_forget3.php
        common.php

4.31.06 (09.02.03)
    :   SQL Injection  
    :   Խ ε ϸ    ִ ڵ带 

        /bbs/point.php
            $sql_common = " from $g4[point_table] where mb_id = '".mysql_escape_string($member[mb_id])."' ";

        /bbs/poll_result.php
            if (!file_exists("$poll_skin_path/poll_result.skin.php")) die("skin error");

        /bbs/register_form_update.php
            $mb_id = trim(strip_tags(mysql_escape_string($_POST[mb_id])));
            $mb_password = trim(mysql_escape_string($_POST[mb_password]));
            $mb_name = trim(strip_tags(mysql_escape_string($_POST[mb_name])));
            $mb_nick = trim(strip_tags(mysql_escape_string($_POST[mb_nick])));
            $mb_email = trim(strip_tags(mysql_escape_string($_POST[mb_email])));

        /bbs/write_update.php
            $chars_array = array_merge(range(0,9), range('a','z'), range('A','Z'));
            ...
            shuffle($chars_array);
            $shuffle = implode("", $chars_array);
            $upload[$i][file] = abs(ip2long($_SERVER[REMOTE_ADDR])).'_'.substr($shuffle,0,8).'_'.str_replace('%', '', urlencode($filename)); 


        //  
        /bbs/point.php
        /bbs/poll_result.php
        /bbs/register_form_update.php
        /bbs/write_update.php

4.31.05 (09.01.30)
    :   XSS  

        if ($wr_id) {
            $wr_id = (int)$wr_id;
        }

        if ($bo_table) {
            $bo_table = preg_match("/^[a-zA-Z0-9_]+$/", $bo_table) ? $bo_table : "";
        }

        common.php

4.31.04 (09.01.17)
    :   PHP  register_globals=on  ϴ 쿡 $g4_path  ̿ ״   Ͽϴ.
        register_globals=off  ϴ 쿡  ʽϴ.
        GENESYS Բ ˷ ּ̽ϴ.

        // common.php  94κ Ʒ ڵ常 ߰ ֽø ˴ϴ. common.php  Ͻʽÿ.
        if ($_GET['g4_path'] || $_POST['g4_path']) {
            unset($_GET['g4_path']);
            unset($_POST['g4_path']);
            unset($g4_path);
        }
    
        common.php

4.31.03 (08.12.29)
    :    ū  Ͽ ū  ʵ  (check_token Լ)
    :   CAPTCHA ̹  µ ʴ   (character-set )

        lib/common.lib.php
        bbs/kcaptcha_session.php

4.31.02 (08.11.03)
    :   HTML ⿡ on ۵Ǵ ̺Ʈ(:onclick)   κ  : conv_content()

        lib/common.lib.php            

4.31.01 (08.10.29)
    :   extract($_GET);    
        letsgolee Բ  ּ̽ϴ.
    :   token     token 
    
        adm/member_form.php
        adm/member_form_update.php
        common.php
        lib/common.lib.php            

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4.31.00 (08.10.28)
    :   CSRF  ȭ  ڵ 
         > ⺻ȯ漳  cpatcha 
        õ)  ⺻  adm  ٸ ̸ Ͻ  
              config.php  $g4['admin'] = "adm";  Ͻø CSRF      ֽϴ.
    :   κ   CSRF  ȭ  ū 
    :   cheditor4 ڵ 
    :   ȸ ÿ captcha 
    :   "ȣå"  "޹ħ" 

        adm/* (κ ڵ尡  Ǿϴ.)
        bbs/password_forget2.php
        bbs/register_form_update.php
        lib/cheditor4.lib.php
        lib/common.lib.php
        skin/board/basic/*
        skin/member/basic/register_form.skin.php
        skin/member/basic/register.skin.php
        skin/board/basic/write.skin.php

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4.30.00 (08.10.01)
    :   DHTML  geditor cheditor4.2  

        config.php Ͽ Ʒ ڵ带 ߰Ͻʽÿ.
        $g4['cheditor4']      = "cheditor4";
        $g4['cheditor4_path'] = $g4['path'] . "/" . $g4['cheditor4'];

        lib/cheditor4.lib.php  ߰Ͻʽÿ.
        cheditor4/*  ߰Ͻʽÿ.

    :    ũҿ  ۵ǵ  κ ڵ 
    :   SQL Injection, PHP Injection   ڵ  (ѱȣ ˷ּ̽ϴ.)
    :   XSS (Cross Site Scripting)   (ѱȣ ˷ּ̽ϴ.)
    :   GET, POST  g4_path ѱ涧 ߻ϴ   (Բ ˷ּ̽ϴ.)
    :   α׷  ȸ, ۾, ̵/н ã capcha ڵ  (δԲ ּ̽ϴ.)
    :   α׷  Ϲ߼  capcha ڵ ߰
    :   йȣ(н) Է½ CapsLock   ִ ˻ϴ ڵ ߰

    *   ̹   ڵ尡  Ǿϴ.
          Ͻô  Ʒ  Ǿ   α׷(AcroDiff α׷ õ) ̿Ͽ ٲ ڵ常  ֽñ ٶϴ.

    *   cheditor CHSOFT Corp(http://chcode.com) ̹Ƿ ״ ̼ʹ Դϴ.
        cheditor  Ͽ , ǸϽô 쿡 ݵ cheditor  ϼž մϴ.

    *   4.30.00  ٲ  ü 

        adm/auth_list.php
        adm/board_copy.php
        adm/board_form.php
        adm/boardgroup_form.php
        adm/config_form.php
        adm/index.php
        adm/mail_select_list.php
        adm/member_form.php
        adm/point_list.php
        adm/poll_form.php
        bbs/delete_all.php
        bbs/delete_comment.php
        bbs/formmail_send.php
        bbs/fonts/*
        bbs/kcaptcha_config.php
        bbs/kcaptcha_image.php
        bbs/kcaptcha.php
        bbs/kcaptcha_session.php
        bbs/member_nick_check.php
        bbs/move.php
        bbs/move_update.php
        bbs/password_forget3.php
        bbs/register_form_update.php
        bbs/search.php
        bbs/view.php
        bbs/write_comment_update.php
        bbs/write_update.php
        cheditor4/_common.php
        cheditor4/imageupload-class.php
        cheditor4/insert_image.php
        common.php
        config.php
        head.php
        head.sub.php
        img/capslock.gif 
        index.php
        js/capslock.js 
        lib/cheditor4.lib.php
        lib/common.lib.php
        skin/board/basic/list.skin.php
        skin/board/basic/view_comment.skin.php
        skin/board/basic/view.skin.php
        skin/board/basic/write.skin.php
        skin/latest/basic/latest.skin.php
        skin/member/basic/formmail.skin.php
        skin/member/basic/login.skin.php
        skin/member/basic/member_confirm.skin.php
        skin/member/basic/memo_form.skin.php
        skin/member/basic/password_forget2.skin.php
        skin/member/basic/password_forget3.skin.php
        skin/member/basic/password_forget.skin.php
        skin/member/basic/password.skin.php
        skin/member/basic/register_form.skin.php
        skin/member/basic/register.skin.php
        skin/new/basic/new.skin.php
        skin/outlogin/basic/outlogin.skin.1.php
        skin/poll/basic/poll_result.skin.php
        skin/search/basic/search.skin.php

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4.22.06 (08.09.07)
    :   geditor ̹ ε ̹ Ȯڸ ε ϵ 

        geditor/upload.php

4.22.05 (08.09.01)
    :   2008.08.28 ȣ Ϸ ü (49,893)

        bbs/zip.db

4.22.04 (08.06.11)
    :   [ʼġ]    ڡڡڡڡڡڡڡڡڡ

        common.php  Ʒ  ݵ ݵ ݵ Ͻñ ٶϴ.
        // Ų
        $board_skin_path = ''; // <!--  ڵ  ݵ  մϴ. 
        if (isset($board['bo_skin']))
            $board_skin_path = "{$g4['path']}/skin/board/{$board['bo_skin']}"; // Խ Ų 

4.22.03 (08.03.31)
    :   ̵/н ã  κ    (GD LIB ڸ )

        skin/member/basic/password_forget2.skin.php
        bbs/password_forget2.php
        bbs/password_forget3.php

4.22.02 (08.03.28)
    :   UTF-8   â ̸   
    :   ȣ  zzzz ø Ϸ ü
    :   ڵϹ ̹ ĳø ϱ  ڵ ߰

        js/common.js
        bbs/zip.db
        skin/board/basic/write.skin.php
        skin/member/basic/register_form.skin.php

4.22.01 (08.02.29)
    :   ޸  ȣ  ҷ ϴ  

        bbs/zip.php

4.22.00 (08.02.18) [ڵϹ ʼ ġ]
    :     ڵ η ٲ  
        
        cheditor/cheditor.js

    :      required ɼ õǴ  
        
        js/wrest.js

    :   ڵϹ ڵ ߰ (gd lib  ϴ   ˴ϴ.)
        
        bbs/norobot.inc.php
        bbs/norobot_image.php
        skin/member/basic/register_form.skin.php
        skin/board/basic/write.skin.php
        skin/board/basic/view_comment.skin.php

4.21.04 (07.12.04) [Ȱ ʼ ġ]
    :   ܺο ȸ   ִ  
        ȸ Է f.submit()   ڵ尡 ݵ ߰ Ǿ մϴ.
        set_cookie("<?=md5($token)?>", "<?=base64_encode($token)?>", 1, "<?=$g4['cookie_domain']?>");
        morssola Բ  ּ̽ϴ.
    :   ⺻ Խ Ų  (GEditor )
        config.php    ߰ Ǿϴ.
        $g4['geditor']        = "geditor";
        $g4['geditor_path']   = $g4['path'] . "/" . $g4['geditor'];


        skin/member/basic/register_form.skin.php
        bbs/register_form_update.php
        geditor/*
        skin/board/basic/*
        config.php

4.21.03 (07.11.30) [Ȱ ʼ ġ]
    :   ܺο ȸ   ִ  
    :   Ͽ ū 
    :    ȸԽŲ(register_form.skin.php) 
        <input type=hidden name=token value="<?=$token?>">  ڵ带 ߰ ֽʽÿ. 
    :    ϽŲ(formmail.skin.php) 
        <input type=hidden name=token value="<?=$token?>">  ڵ带 ߰ ֽʽÿ. 
        
        bbs/register_form.php
        bbs/register_form_update.php
        skin/member/basic/register_form.skin.php
        bbs/formmail.php
        bbs/formmail_send.php
        skin/member/basic/formmail.skin.php

4.21.02 (07.08.22)
    :   referer_check() ּ ó  
         URL    üũ 
    :    α ڵ 
    :   Խǰ ,ϴ ̹ ڵ 
        輱(sucjin) ڵ带 ˷ּ̽ϴ.
    :   Ʈ  ޴  ڵ 
    :   ܾ  ִ  trim ó word_filter_check()
    :   ũ Ŭ ũ   ̾  εǴ  
    :   ۾   ڽ   ϵ ڵ 
        輱(sucjin) ڵ带 ˷ּ̽ϴ.

        bbs/link.php
        bbs/norobot_check.inc.php
        bbs/tb.php
        bbs/write.php
        bbs/write_update.php
        lib/common.lib.php
        skin/member/basic/login.skin.php
        skin/outlogin/basic/outlogin.skin.1.php
        adm/board_form.php
        adm/board_form_update.php
        js/filter.js

4.21.01 (07.06.05)
    :   б  ġ
        īԲ ˷ ּ̽ϴ.

        bbs/view_comment.php
        skin/board/basic/view_comment.skin.php

4.21.00 (07.05.30)
    :   ȼ Ͽ α, ȸ ּҸ https  ϴ ڵ ߰
    :   ܺηα ȸ  Ƚ 
    :   ȸԽ ߺȮ ajax  ü
    :   ڸƮ б ϵ 
    :   Խù /̵ Խ µǴ  ׷, ˻ 
    :    ٸ ǳʶ
    :   [̳ʱ׷̵] 1:1 Խ  

        config.php  Ʒ    ߰ ֽʽÿ.
        $g4['https_url'] = "";

        bbs/list.php
        bbs/move.php
        bbs/view_comment.php
        bbs/write_comment_update.php
        bbs/write_update.php
        bbs/register_form_update.php
        lib/outlogin.lib.php
        skin/board/basic/view_comment.skin.php
        skin/member/basic/_common.php
        skin/member/basic/ajax_mb_email_check.php
        skin/member/basic/ajax_mb_id_check.php
        skin/member/basic/ajax_mb_nick_check.php
        skin/member/basic/ajax_register_form.js
        skin/member/basic/register_form.skin.php
        skin/outlogin/basic/outlogin.skin.1.php

4.20.03 (07.05.04)
    :   ֽű ӵ  ϱ  SELECT  
    :   lib/one.lib.php  upload_file() Լ upload_file2()  

        lib/latest.lib.php
        lib/one.lib.php
        bbs/oneanswer.php
        bbs/onequestion.php

4.20.02 (07.04.26)
    :   1:1 Խ  
        sql_one.sql   ʵ on_1 ~ on_10 ʵ ߰
        ̾ dhtml editor  亯  ߻մϴ.

        adm/sql_one.sql
        bbs/oneanswer.php
        bbs/onequestion.php

4.20.01 (07.04.23 16:25)
    :   1:1 Խ  

        bbs/one.php
        bbs/oneanswer.php
        skin/oneboard/one/oneanswermail.skin.php
        skin/oneboard/one/oneview.skin.php
    
4.20.00 (07.04.23)
    :   ٰ IP,  IP ڵ 
        sjsjinԲ ˷ ּ̽ϴ.
    :   ǵ   ߰
        ڵ  ʴ ǵ͸  
    :   ȸ̺ mb_no AUTO_INCREMENT PRIMARY KEY  ü
    :   1:1 Խ  ߰

        config.php 
        $g4['one_prefix']          = $g4['table_prefix'] . "one_";   // 1:1 Խ ̺ λ
        $g4['oneboard_table']      = $g4['table_prefix'] . "oneboard";      // 1:1Խ  ̺
           ߰ ֽʽÿ.

        ̺  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        common.php
        config.php
        adm/admin.menu100.php
        adm/admin.menu300.php
        adm/config_form.php
        adm/oneboard*.php
        adm/sql_one.sql
        adm/session_delete.php
        adm/upgrade.php
        bbs/one*.php
        lib/one.lib.php
        skin/oneboard/one/*

4.11.00 (06.12.29)
    :   Խ ˻  ΰ ӵ   ߻ϴ  
        lib/common.lib.php  get_sql_search(), search_font() Լ 
        bobԲ  ּ̽ϴ.
    :   ȸ ̵ ̾ ޴ "ȸԽù" ˻ ߰
    :   download.tail.skin.php   ʾ bbs/download.php  ڵ ġ 
    :   ߼۽ Ʈ   ߰
    :   Ʈ    
        config.php  $g4['token_time'] = 3; ߰
    :   head.sub.php  Ʒ   ߰Ͻʽÿ.
        <script type="text/javascript" src="<?=$g4['path']?>/js/ajax.js"></script> 

        ̺ ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        config.php
        head.sub.php
        adm/config_form.php
        adm/config_form_update.php
        adm/upgrade.php
        bbs/download.php
        bbs/memo_form_update.php
        bbs/tb.php
        bbs/tb_token.php
        bbs/view.php
        lib/common.lib.php
        js/ajax.js
        js/sideview.js
        skin/board/basic/view.skin.php

4.10.00 (06.11.27)
    :   cheditor  Է  ͸ ġ  <DIV>&nbsp;</DIV>   
    :   Խǰ б 뿡 '' б ɼ ߰
    :   RSS   ʵ ߰ 
        ȸ бⰡ ϰ RSS  뿡 üũ Ǿ߸ RSS(XML)  
    :   Խǰ DHTML    ɼ ߰
        basic, cheditor Ų 
        ʵ尡 ߰Ǿ adm/board_list.php  ݵ ѹ Ͽ ֽʽÿ.
    :   ȸ ȸ  ϰ ȸ̵  
    :   bbs/view.php , bbs/view_comment.php  Ų , ϴ  include   ֵ 
    :   ȸ   Է Ź 䱸ϴ  
    :   ȸ Ʈ , Ż ũ ߰
    :     '  Խù , ̵   
    :   set_cookie() ڹٽũƮ Լ cookie domain  
    :   ȸԽ ȣå  ߰
        ʵ ߰  adm/config_form.php  ݵ ѹ ̻ Ͽ ֽʽÿ.
    :   ٰ IP  
    :   UTF-8  : common.lib.php : check_string(), cut_hangul_last()
        0samaԲ  ּ̽ϴ.
        ͶԲ  ּ̽ϴ.
    :   ԽǽŲ ũ⺯  ߰
        js/board.js ʼ ߰
        head.sub.php  Ʒ ڵ ʼ ߰
            var g4_cookie_domain = "<?=$g4['cookie_domain']?>"; 
    :      бѺ ۴ٸ â Ӷߴ  
        īԲ  ּ̽ϴ.

        adm/admin.lib.php
        adm/board_copy_update.php
        adm/board_form.php
        adm/board_form_update.php
        adm/board_list.php
        adm/config_form.php
        adm/config_form_update.php
        adm/member_delete.php
        adm/member_list.php
        bbs/board.php
        bbs/list.php
        bbs/move_update.php
        bbs/register_form.php
        bbs/rss.php
        bbs/view.php
        bbs/view_comment.php
        bbs/write.php
        cheditor/cheditor.js
        common.php
        head.sub.php
        js/board.js
        js/common.js
        skin/board/basic/*
        skin/member/basic/register.skin.php
        skin/member/basic/register_form.skin.php

4.09.02 (06.10.10)
    :   ÷ϼ ' Ǵ " ԷµǸ  κ 
    :   ڸƮ  쿡       
    :   Խ з &  =  ҰѰ 2Ʈ ڷ ó
    :     (lib/constant.php)
    :    > Խ ÿ Ʈ龲   ʴ  
    :   Խ ۾⿡ bo_table   ϴ   ̵ϵ 
    :   ѱ(2bytes)  ڰ 1byte  
        ½   ߻ϹǷ 
           (1byte) ϳ  (cut_hangul_last)
    :   â ڸƮ   ϸ head.php, tail.php  Ǿ µǴ  
    :    ϼ ˸
    :   ̸ ǥ  ( lib/common.lib.php -> url_auto_link() )
    :   Խ з select   Լ  ( get_category_option() )
    :   Ÿ ڸƮ   ִ  
    :   亯 Ϲޱ (Խڿ  )  
    :    ʴ $cfg 迭  

        adm/board_copy_update.php
        adm/board_form_update.php
        bbs/delete_comment.php
        bbs/formmail_send.php
        bbs/tb.php
        bbs/view_comment.php
        bbs/write.php
        bbs/write_comment_update.php
        lib/common.lib.php
        lib/constant.php
        skin/member/basic/memo.skin.php

4.09.01 (06.08.28)
    :   ȣ 2006 7 1ڷ 
    :   ڹٽũƮ ȸ    

        common.php
        bbs/zip.db
        bbs/register_form_update.php
        bbs/delete.php

4.09.00 (06.07.01)
    :      ȸ  ߼  ִ  
        淩̴Բ ˾Ƴ̽ϴ.
    :   ȸ , E-mail ߺ   ִ  
        Բ ˾Ƴ̽ϴ.
    :   ȸ б ø ڰ 亯 ÷  ȸ ڰ ø 亯 ٷ     
    :   ȭ鿡 ֱƮ Ʈ ù ȸ  ʴ  
    :   Խ    
        01010101010101010101Բ ˷ּ̽ϴ.
    :   Խǿ ֱ( ڸƮ  ð)  ߰
    :   Խ Ų   (basic Ų ϼ)
    :   Խ ̺ Խ Ʈ  ʵ ߰
    :   Խ ̺ ʵ  ʵ ߰
    :   Խ ׷ ̺ ʵ  ʵ ߰
    :   ⺻ȯ漳 ̺ ʵ  ʵ ߰
    :      ޼  ʵ 
        ƿԲ ˷ּ̽ϴ.

        ʵ尡 ߰,  Ǿ ݵ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/board_copy_update.php
        adm/board_form.php
        adm/board_form_update.php
        adm/boardgroup_form.php
        adm/boardgroup_form_update.php
        adm/config_form.php
        adm/config_form_update.php
        adm/index.php
        adm/point_list.php
        adm/upgrade.php
        bbs/board.php
        bbs/delete_all.php
        bbs/delete_comment.php
        bbs/download.php
        bbs/good.php
        bbs/list.php
        bbs/member_id_check.php
        bbs/member_nick_check.php
        bbs/memo_delete.php
        bbs/memo_form_update.php
        bbs/move_update.php
        bbs/register_form_update.php
        bbs/write.php
        bbs/write_comment_update.php
        bbs/write_update.php
        lib/common.lib.php
        skin/member/basic/register_form.skin.php
        skin/board/basic/*
        skin/board/cheditor/*

4.08.00 (06.05.13) [ʼġ]
    :   ̾(ҿ) Խ   ٿε  ʴ  
        zzzzԲ ˷ּ̽ϴ.
    :   ȸԽ ȸ̵, , ̸ ˻翡 ˻  trim() Լ ¿ 
    :   ȸԽ  Ư Է½     ִ  
        ƿԲ ˷ּ̽ϴ.
    :   ԽǸƮ  Խǰڰ   
    :          
    :   õ, õ ̺ Ͽ ߺ õ ϵ 
        config.php  Ʒ   ߰Ͻʽÿ.
        $g4['board_good_table']    = $g4['table_prefix'] . "board_good";
    :   UTF-8  

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        config.php
        adm/board_list_update.php
        adm/config_form.php
        adm/config_form_update.php
        adm/upgrade.php
        cheditor/insert_image.php
        bbs/download.php
        bbs/member_id_check.php
        bbs/member_nick_check.php
        bbs/member_email_check.php
        bbs/register_form_update.php
        bbs/search.php
        bbs/good.php
        js/wrest.js
        lib/mailer.lib.php
        skin/member/basic/register.skin.php
        skin/member/basic/register_form.skin.php
        skin/board/basic/list.skin.php

4.07.00 (06.04.28)
    :   cheditor    ʴ  
    :   cheditor  ũ⸦ ũ  ġ  
    :   board_new_table  ȸ̵ ʵ带 ߰Ͽ ڽ    Ȯ  ִ  ߰

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        cheditor/cheditor.js
        adm/upgrade.php
        bbs/new.php
        bbs/scrap_popin_update.php
        bbs/write_comment_update.php
        bbs/write_update.php
        skin/new/basic/new.skin.php

4.06.19 (06.04.14)
    :   ie ġ  ڵ 
    :    select  mb_point ʵ ߰
    :    > Խ  Խ ׷쿡 з  üũ ݿ ʴ  
    :   bbs/move_update.php â  ĳͼ ڵ ߰
        zzzzԲ ˷ ּ̽ϴ.
    :   Ϲ߼ۿ Űź  ʴ  
        ڴԲ ˷ ּ̽ϴ.
    :    ߼۽ ȸ̵   ߼ ޼ ϵ 
    :   ⿡ ,     ֵ 
    :   g4_charset.toUpperCase -> g4_charset.toUpperCase() 
        ˸Բ ˷ ּ̽ϴ.
    :   | ڷ ˻  
        z, ƿԲ ˷ ּ̽ϴ.
    :   Էʵ˻ ũƮ(wrest.js) ȭȣ(telnumber) Ӽ ߰
        sisjinԲ  ּ̽ϴ.
    :   ȭ help() ũƮ ڵ 
        NOGOONԲ ˷ ּ̽ϴ.

        js/common.js
        js/wrest.js
        lib/common.lib.php  :   view_file_link() Լ
        lib/common.lib.php  :   search_font() Լ
        bbs/current_connect.php
        bbs/move_update.php
        bbs/memo.php
        bbs/memo_form_update.php
        bbs/memo_view.php
        skin/member/basic/memo_view.skin.php
        skin/member/basic/register_form.skin.php
        adm/admin.head.php
        adm/board_form_update.php
        adm/mail_select_list.php
        adm/mail_select_update.php

4.06.18 (06.03.07)
    :   latest() Լ  
        $skin_dir μ Ѿ ʴ   κ 
    :   ¡ Լ  (å  ߰)
    :   wrest.js  trim κ ڵ 
        hammerԲ ˷ ּ̽ϴ.
    :   UTF-8   cheditor html Ȯڸ php ϰ charset  ϵ 
    :   notice error 
        hammerԲ ˷ ּ̽ϴ.

        lib/latest.lib.php
        lib/common.lib.php
        js/wrest.js
        cheditor/* ( )
        adm/admin.head.php

4.06.17 (06.02.17)
    :   Ϸ Լ 
    :   ׷ȸ̺ gm_id ʵ忡 auto_increment ߰
    :   calendar/2006.txt ߰
        ѽ¸Բ  ּ̽ϴ.
    :   get_sql_search() Լ  - ڸƮ  ۿ ˻ ϵ 
    :   UTF-8  ѱ   
        ÷α״Բ ˷ ּ̽ϴ.
        
        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/upgrade.php
        adm/boardgroupmember_update.php
        bbs/formmail_send.php
        bbs/calendar/2006.txt
        lib/common.lib.php
        lib/mailer.lib.php
        js/sideview.js
        skin/member/basic/register_form.skin.php

4.06.16 (06.01.31)
    :   ˻ Խ Ʈ ڰ  ǥõ ʴ Ų 
        īԲ ˷ ּ̽ϴ.
    :   ȭ ǥ   ߴ  κ ذ
          ó ڵ带 head.sub.php  tail.sub.php  ű
    :   ȸ â charset 
        Բ ˷ ּ̽ϴ.
    :   Խǰڰ   ְڿ  ι ߼۵Ǵ  ذ
    :   get_brow() Լ MSIE 7.0 ߰
    :   ±׿ ҹ  ʵ 
        ޺µԲ ˷ ּ̽ϴ.
    :   ȣ  
        ŬιԲ  ּ̽ϴ.
        
        head.sub.php
        tail.sub.php
        bbs/register_form_update.php
        bbs/write_update.php
        bbs/zip.db
        lib/common.lib.php
        lib/visit.lib.php
        skin/search/basic/search.skin.php

4.06.15 (06.01.13)
    :   Ͽ  ߼ 鵵 
        ѹ ѻԸ  ߼  ֵ 
    :   ڸƮ  ؽƮڽ  ̿ ߵ 
        ̴  Ͽϴ.
    :   ȸ ߼۽ Ż, ܵ ȸ  ߼ۿ 
        屺Բ ˷ ּ̽ϴ.
    :   bbs/delete_all.php    ڵ ġ 
    :     
    :   input ±׿ name Ȱ 
        Բ ˷ ּ̽ϴ.
    :   bbs/good.php  charset  ޼  µǵ 
    :   utf-8  ѱϸ ٿε ϸ   

        common.php
        adm/board_form.php
        adm/mail_select_list.php
        bbs/delete_all.php
        bbs/download.php
        bbs/formmail_send.php
        bbs/good.php
        skin/board/basic/view_comment.skin.php

4.06.14 (05.12.31)
    :   delete.skin.php     (α׷ ϴܿ ߾Ӻκ ġ ̵)
        淩, ÷, ޺µԲ ϼ̽ϴ.
    :   cut_str() Լ ڵ   ڸ 
        http://g4uni.winnwe.net/bbs/board.php?bo_table=g4uni_faq&wr_id=7  Mr.Learn  Ͽϴ.
    :   charset   ڵ  (ɰ   )

        common.php
        js/common.js
        bbs/delete.php
        bbs/rss.php
        lib/common.lib.php
        install/index.php
        install/install_config.php
        install/install_db.php

4.06.13 (05.12.25)
    :   [ʼġ] б Ÿ   ִ  
        淩, ÷ϴԲ ˷ ּ̽ϴ.

        bbs/write.php

4.06.12 (05.12.15)
    :   ΰ Ȯ ʾ  include  ʴ   (Ϻ  ߻)
    :   alert(), alert_close() Լ charset Ÿ± ߰
    :   latest() Լ $options  ߰ (ũ Ų ߰)
    :   ũѵǴ ֽű ߰

        adm/admin.lib.php
        lib/common.lib.php
        lib/latest.lib.php
        skin/latest/scroll/latest.lib.php

4.06.11 (05.12.6)
    :   wr_html  wr_option  
        赵Բ ˷ ּ̽ϴ.
    :   α̺ ε 
    :   ܺο    ִ װ ϹǷ б  쿡 ؾ 
        ܺο    ִ װ ϹǷ  ڸ  ؾ 
        ĴϴԲ ˷ ּ̽ϴ.

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        lib/common.lib.php
        bbs/write.php
        bbs/write_update.php
        adm/upgrade.php

4.06.10 (05.11.30)
    :   head.sub.php   ڵ  (ü ӵ ణ )
    :   Խ   ũ Ʈ  
        īԲ ˷ ּ̽ϴ.
    :   ˻ ׷ ˻  ũ ׷ Ǯ  
        Daeng`2Բ ˷ ּ̽ϴ.
    :   ȸ̺ ȸϽÿ ε ߰

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        head.sub.php
        bbs/scrap.php
        bbs/search.php
        adm/upgrade.php

4.06.09 (05.11.21)
    :   ٿε  Ų 
    :   ȸ ۾  αϿ   Ҷ ̸  ʵ 
        Բ ˷ ּ̽ϴ.
    :   ٱ   ޽    ̵ϵ 
        īԲ ˷ ּ̽ϴ.
    :   , ڸƮ  ڰ ϸ  IP  Ǵ  ذ
        淩̴Բ ˷ ּ̽ϴ.
    :   RSS  Ų ¥  ǥõ ʴ  
        ضԲ ˷ ּ̽ϴ.

        bbs/board.php
        bbs/download.php
        bbs/rss.php
        bbs/write_update.php
        bbs/write_comment_update.php
        skin/board/basic/download.skin.php

4.06.08 (05.11.14)
    :   ȸ SMS ſ  ʴ  
        赵Բ ˷ ּ̽ϴ.
    :   ԽǺ ,ϴ 뿡 '(ǥ)    
        JEDIԲ ˷ ּ̽ϴ.
    :   [] Խ ۾⿡ ϴ wr_id  ѱ  ش     ִ  
        sjsjinԲ ˷ ּ̽ϴ.

        bbs/register_form_update.php
        bbs/write.php
        adm/board_copy_update.php

4.06.07 (05.11.11)
    :   admin.lib.php  order_select() Լ ߰
    :   з ϰ ڸƮ ۼ  ش з Ǯ  
        livefree Բ ˷ ּ̽ϴ.
    :   ̾ Ʈ ڽ ġ 쿡 Ʈ ڽ  ʴ   (IE  )

        adm/admin.lib.php
        bbs/write_comment_update.php
        js/sideview.js

4.06.06 (05.11.01)
    :   б Ʈ  κ 
    :   view.php  $scrap_href  ùٸ  ũ 
        pardnerԲ ˷ ּ̽ϴ.
    :   ʿ bbs/visit.inc.php 
        pardnerԲ ˷ ּ̽ϴ.
    :   ȸ ۾, ̸ Ǵ 찡 . ణ ڵ 
    :   admin.head.php 
    :    ̵   goto_url() Լ
        ޺µԲ ˷ ּ̽ϴ.
    :   ȣ 2005 10 18 ߰ (postman.pe.kr dbf Ȱ)

        adm/admin.head.php
        bbs/board.php
        bbs/view.php
        bbs/write_update.php
        bbs/zip.db
        lib/common.lib.php

4.06.05 (05.10.20)
    :   ޴ȣ ٲ 쿡    ޴  (Ѽ)
    :   lib/common.lib.php  url_auto_link() Լ &nbsp;  
        ũ  ν ϴ  
    :   ȣ ˻   ѱ ϴ  
        ȣԲ ˷ ּ̽ϴ.

        adm/auth_list.php
        lib/common.lib.php
        bbs/zip.php
        skin/member/basic/zip.skin.php

4.06.04 (05.10.17)
    :     ¥ bbs/calendar/*.txt  ִٸ  ǥ ϴ  
    :   [ʼ] cheditor   ġ
        θ̴ܲԲ ˷ ּ̽ϴ.

        skin/member/basic/calendar.skin.php
        cheditor/insert_image.php

4.06.03 (05.10.12)
    :   ѱ urlencode($filename) ó Ұ '%' ٿְ Ǵµ '%'ǥô ̵÷̾ ν ϱ   ȵ˴ϴ. 
        ׷  ϸ '%'κ ָ ذ˴ϴ. 
        ޺µԲ ˷ ּ̽ϴ.
    :   ۻ ۰ ڸƮ  Ʈ  ʴ  
        Բ ˷ ּ̽ϴ.

        bbs/write_update.php
        bbs/delete.php
        bbs/delete_all.php

4.06.02 (05.10.06)
    :      ٽ $_GET[]  ѱ ϴ  
    :     ޴ д ڵ 
    :   н â α ϴ   Ǵ ڽ ̸ ٷ ۺ  
    :   ȸ Ʈκ Ŭ  
        
        adm/admin.lib.php
        adm/member_form.php
        bbs/password.php

4.06.01 (05.09.29)
    :   ׷   
    :   [] Խ Ϻ   쿡  (wr_id)  ѱ  Ⱑ    (bbs/board.php)
        ̴, zzzzԲ ˷ ּ̽ϴ.
    :   ΰ  ڽź ȸ ڽź       
        ̳ʽԲ ˷ ּ̽ϴ.
    :   ca_id -> ca_name (bbs/write.php)
        Բ ˷ ּ̽ϴ.
    :    ߼ۿ ԽǱ׷ ȸ   ֵ 
    :   ε ϴ , ۳ ũⰡ    Ѿ  ޼ 
        php.ini  post_max_size, upload_max_filesize   ֽϴ.
        
        adm/admin.menu300.php
        adm/index.php
        adm/member_list.php
        adm/boardgroupmember_form.php
        adm/mail_select_form.php
        adm/mail_select_list.php
        adm/mail_preview.php
        bbs/board.php
        bbs/write_update.php

4.06.00 (05.09.21)
    :   з Ǵ  شǴ ڸƮ з  
    :    з ѱ
    :   ÷ ߰,    ˻ ϴ  
        zzzzԲ ˷ ּ̽ϴ.
    :      
    :   ΰڰ ڽź   ȸ  ϵ 
    :    Ʈ Խǰ Ʈ  ش Խ Ⱑ ϵ 
    :   Խ ⿡ ڸƮ ̵ Ѿ   ̵ 
    :   Ʈ  Ʈ ӵ 
    :   a.mb_id -> mb_id   (js/sideview.js)
    :   Խù   ־ Ʈ ѹ ϵ 
    :   ٿε  Ʈ ִٸ ڿ Ȯ

        adm/*
        bbs/board.php
        bbs/download.php
        bbs/write_update.php
        skin/board/basic/write.skin.php
        skin/board/bisic/view.skin.php
        js/sideview.js
        lib/common.lib.php

4.05.01 (05.09.06)
    :   ҿ쿡  ν ϴ ڵ带 
    :   ˻ HTML ±װ    
    :   Խ ÿ data/file 丮 index.php 
        yesmoaԲ ˷ ּ̽ϴ.
    :   ̵/н ã⿡ ֹεϹȣ ڷḦ ã ϴ  
        ʺθԲ ˷ ּ̽ϴ.
    :   Խ , ԽǱ׷  ' ǥ ϵ 
        ոöԲ ˷ ּ̽ϴ.

        lib/common.lib.php : alert() Լ
        bbs/search.php
        bbs/password_forget2.php
        adm/board_list.php
        adm/board_form.php
        adm/boardgroup_list.php
        adm/boardgroup_form.php

4.05.00 (05.09.01)
    :   ˻ ԽǸ ֱٰԽù 
    :   Խ  ʵ庰 ׷ ϵ 
    :   Խ  Ϲ߼  ʵ ߰
    :   ˻  ˻ ̵  ְ  
    :   ȸ    ̸  ּҸ ǥϵ 
        ϳYunԲ ˷ ּ̽ϴ.

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.
    
        adm/upgrade.php
        adm/board_form.php
        adm/board_form_update.php
        bbs/new.php
        bbs/write.php
        bbs/write_update.php
        bbs/write_comment_update.php
        bbs/tb.php
        bbs/search.php
        bbs/formmail.php
        skin/search/basic/search.skin.php

4.04.00 (05.08.17)
    :   Ϲ߼  ʵ ߰
    :      ʴ  
    :   Խñ ۼ ̸ Ǵ 츦 
    :   ֱٰԽù , ڸƮ иϿ   ֵ 

        ʵ尡 ߰,  Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/upgrade.php
        adm/config_form.php
        adm/config_form_update.php
        adm/mail_test.php
        adm/sendmail_test.php
        adm/mail_form.php
        adm/mail_select_form.php
        bbs/register_form_update.php
        bbs/formmail.php
        bbs/formmail_send.php
        bbs/poll_etc_update.php
        bbs/write_update.php
        bbs/write_comment_update.php
        bbs/tb.php
        bbs/write.php
        bbs/new.php
        skin/board/basic/write.skin.php
        skin/new/basic/new.skin.php
        lib/mailer.lib.php

4.03.03 (05.08.11)
    :   ̸  ڵα   ʴ  
        g6manԲ ˷ ּ̽ϴ.
    :   member(α)Ų login_check.skin.php ߰
    :    ׷  ɼ üũ 
        2Բ ˷ ּ̽ϴ.
    :   ޷ Ų ߰
    :     Ѿ 쿡  ݿ
    :   Խ  ' ԵǸ  ߻
        Բ ˷ ּ̽ϴ.

        common.php
        adm/board_form.php
        bbs/calendar.php
        bbs/calendar/2005.txt
        bbs/write_update.php
        bbs/login_check.php
        skin/member/basic/register_form.skin.php
        skin/member/basic/login_check.skin.php
        skin/member/basic/calendar.skin.php
        skin/member/basic/img/calendar.gif
        js/common.js
        head.sub.php

4.03.02 (05.08.04)
    :   ȭ  
        adm/menu/m100900_etc.php  ϼ.
    :   Ʈ ߰
        
        adm/img/*
        adm/admin.head.php
        adm/admin.lib.php
        adm/admin.tail.php
        adm/index.php
        adm/point_clear.php
        adm/menu/m200210_point_clear.php

4.03.01 (05.08.01)
    :   ȣ DB 
        ȣ  ϸ üϸ 
    :   Խǰ ׷ڰ ׷ Ŭ  κ 
    :     üũ ȸ ۸ ̵ 
    :    α׷, ޴  
    :   common.js  menu() Լ 
    :      ݿ ʴ  
    :   ǥ 

        adm/*
        adm/menu/*
        js/common.js
        bbs/board.php
        bbs/delete.php
        bbs/delete_all.php
        bbs/poll_update.php
        bbs/zip.php
        bbs/zip.db

4.03.00 (05.07.23)
    :    Ȯ Ͽ SMS ſ ʵ带 ȸ̺ ߰
    :   ׷, Խǰڰ ־ ְڿ  ߼
    :   Խù , ̵ ׷ڰ ϴ Խ  µ ʴ  
    :   ǥ 
    :   Խ̺ wr_is_comment ʵ带 ߰Ͽ ۰ ڸƮ Ͽ   ӵ   Ŵ
    :   Խǰ, ׷ ϴ°Ϳ Էϴ° 
    :    > ȸ   ߰
    :   ȸԽ ȸ ̵ ʴ  

        ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/sql_write.sql
        adm/board_form.php
        adm/board_form_update.php
        adm/board_list.php
        adm/boardgroup_form.php
        adm/boardgroup_form_update.php
        adm/boardgroup_list.php
        adm/index.php
        adm/member_form.php
        adm/member_form_update.php
        adm/repair.php
        adm/upgrade.php
        bbs/board.php
        bbs/delete.php
        bbs/delete_all.php
        bbs/delete_comment.php
        bbs/list.php
        bbs/move.php
        bbs/move_update.php
        bbs/poll_update.php
        bbs/register_form_update.php
        bbs/rss.php
        bbs/search.php
        bbs/scrap_popin.php
        bbs/scrap_popin_update.php
        bbs/tb.php
        bbs/view.php
        bbs/view_comment.php
        bbs/write.php
        bbs/write_comment_update.php
        bbs/write_update.php
        lib/latest.lib.php
        skin/search/basic/search.skin.php
        skin/member/basic/register_form.skin.php

4.02.01 (05.07.18)
    :   ڰ ȸ̵   Ͻ Է
    :   ԽǱ׷ڰ  Խ ,      
    :   ȸ Ʈ  οϴ  ѰǸ οǴ  
    :   view_file_link() Լ 
    :    ü ,  ǥ Լ 
        get_left_pos(), get_top_pos()
    :   ˻ ڵ 

        adm/board_form.php
        adm/board_form_update.php
        adm/board_list.php
        adm/board_list_delete.php
        adm/board_delete.php
        adm/member_form_update.php
        common.lib.php
        adm/point_update.php
        bbs/search.php
        js/common.js

4.02.00 (05.07.13)
    :   ȸ ǥ  Ʈ  ο ʴ  
    :   ̺ ̹  ʵ ߰
        getimagesize() Լ ӵ 
        g6man Բ ϼ̽ϴ.
    :   help(), menu() ڹٽũƮ Լ 
    :   ˻   (lib/common.lib.php)
         : $pattern .= $bar . str_replace("/", "\/", quotemeta($s[$m]));
         : $pattern .= $bar . str_replace("/", "\/", quotemeta($s[$m])) . "(?![^<]*>)";
        yesmoa Բ ˷ֽð g6man Բ ذ ּ̽ϴ. ^^
    :   ġ data 丮 ؿ index.php 
        root Բ ˷ ּ̽ϴ.
    :   cheditor κ 
    :   Խǻ ԽǱ׷  ԽǱ׷ ϶ ޼ 
    :   Խǻ Խ 丮 ؿ index.php 
    :   bbs/good.php  SQL Injection   ڵ 
        root Բ ˷ ּ̽ϴ.
    :   ȸαΰ˻翡 ڵ ġ 
    :   Ʈ κ 
         : $msg = send_trackback($wr_trackback, $trackback_url, $wr_subject, $board[bo_subject], $wr_content);
         : $msg = send_trackback($wr_trackback, $trackback_url, $wr_subject, $board[bo_subject], $_POST[wr_content]);
    :   ȯ漳 E-mail  ġ 

        ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/upgrade.php
        adm/admin.head.php
        adm/board_copy_update.php
        adm/board_form.php
        adm/board_form_update.php 
        adm/config_form.php
        bbs/good.php
        bbs/login_check.php
        bbs/move_update.php
        bbs/poll_update.php
        bbs/write_update.php
        cheditor/cheditor.js
        install/install_db.php
        js/common.js
        lib/common.lib.php

4.01.00 (05.07.11)
    :   湮ڼ üϴ ڵ  
        todayis Բ ˷ ּ̽ϴ.
    :   ǥ Ų 
    :   bbs/link.php  SQL Injection   ڵ 
        root Բ ˷ ּ̽ϴ.
    :   ˻ ڵ 
    :    쿡 ڹٽũƮ   丮  
    :   E-mail  ߰  ڵ κ 
        bbs/mail_stop.php  bbs/email_stop.php  ̸ մϴ.
        
          ڰ ׷̵  쿡  email_certify.php, email_certify2.php  ٿε ϼž մϴ.

        ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/_common.php
        adm/config_form.php
        adm/config_form_update.php
        adm/mail_preview.php
        adm/mail_select_update.php
        adm/mail_test.php
        adm/member_form.php
        adm/member_list.php
        adm/upgrade.php
        bbs/link.php
        bbs/email_certify.php
        bbs/email_stop.php
        bbs/login_check.php
        bbs/register_form.php
        bbs/register_form_update.php
        bbs/register_form_update_mail1.php
        bbs/register_form_update_mail2.php
        bbs/register_form_update_mail3.php
        bbs/poll_result.php
        bbs/poll_update.php
        bbs/search.php
        bbs/visit_insert.inc.php
        lib/common.lib.php
        lib/poll.lib.php
        skin/member/basic/register_form.skin.php
        skin/member/basic/register_result.skin.php
        skin/poll_result.skin.php
        head.sub.php

4.00.20 (05.07.06)
    :   lib/common.lib.php  get_yoil() Լ ߰
    :   bbs/download.php  ߺ ڵ 
        prosper Բ ˷ ּ̽ϴ.

    :   ѱƮ SWͿ    PHP, SQL Injection  óϱ  ڵ 
        ѱƮ Źμ, ö, б , 
        A3 Security consulting ٴ, 赿, ѳб ǻͰа ֹμ,
        , INetCop Security ƴ  帳ϴ.

        common.php
        adm/board_form.php
        bbs/download.php
        bbs/link.php
        bbs/formmail.php
        bbs/formmail_send.php
        bbs/write_update.php
        lib/popular.lib.php
        lib/common.lib.php

4.00.19 (05.07.05)
    :   ߺ ǥ ϴ  
        Gatzz Բ ˷ ּ̽ϴ.
    :   delete_point() Լ Ʈ  ݿ
        jjuni Բ ˷ ּ̽ϴ.
    :   ȸԽ  õ  ִ  
        Ʋ Բ ˷ ּ̽ϴ.

        bbs/poll_update.php
        bbs/register_form_update.php
        lib/common.lib.php
        skin/member/basic/register_form.skin.php

4.00.18 (05.07.04)
    :   ġ data/cheditor 丮 
    :    Ͽ  Ʋ  
    :    "    ȵǴ  
        yesmoa,  Բ ˷ ּ̽ϴ.
    :   Խ  Խ  Է ϰ 
    :   Ʈ ο õ   
        ([ڸƮ] [ڸƮ]Ʈ ο ڵ )
        (ٿε ѹ Ʈ ο)
    :   丮 m000 ̸ ϸ  ޴ ҷ ϴ  
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/board_copy.php
        adm/board_copy_update.php
        adm/point_update.php
        adm/menu/*
        bbs/board.php
        bbs/delete.php
        bbs/delete_all.php
        bbs/delete_comment.php
        bbs/download.php
        bbs/poll_update.php
        bbs/register_form_update.php
        bbs/scrap_popin_update.php
        bbs/write.php
        bbs/write_comment_update.php
        bbs/write_update.php
        common.php
        lib/common.lib.php
        skin/member/basic/register_form.skin.php
        install/install_db.php
        cheditor/insert_image.php
        cheditor/imageupload-class.php

4.00.17 (05.06.29)
    :   Ȯ  ߰
        (korone) , Ծƺ(eagletalon)Բ  ּ̽ϴ.
    :   ԽǼ  ׷쵿 и
    :   cheditor  κ κ 
    :   common.lib.php  goto_url() 
    :   , ũ, ȣ, ̵/н ã, ȸȸ  
         Ų ü (skin/member/basic/*)
    :   ǥ ȸ Ͽ ι̻ ǥ  ϵ 
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.
        
        adm/version.php
        adm/menu/m100960_version.php
        adm/board_form.php
        adm/board_form_update.php
        adm/poll_form.php
        adm/upgrade.php
        bbs/formmail.php
        bbs/memo.php
        bbs/memo_form.php
        bbs/memo_view.php
        bbs/password_forget.php
        bbs/password_forget2.php
        bbs/password_forget3.php
        bbs/poll_update.php
        bbs/profile.php
        bbs/scrap.php
        bbs/scrap_popin.php
        bbs/write_update.php
        bbs/zip.php
        lib/common.lib.php
        lib/cheditor.lib.php
        cheditor/cheditor.js
        cheditor/cheditorSimple.js
        skin/board/cheditor/*
        skin/member/basic/*

4.00.16 (05.06.28)
    :     б   ū    ʰ ˻ǰ 
        ƲʴԲ ˷ ּ̽ϴ.
    :   DHTML Editor (cheditor : http://chsoft.co.kr) ⺻ ž
    :   ҿ쿡 ۵Ͻ б Ѿ ʴ  
    :   config.php  Ʒ   ߰ϼ
        $g4[editor]         = "cheditor";
        $g4[editor_path]    = $g4[path] . "/" . $g4[editor];

        bbs/search.php
        bbs/write_update.php
        cheditor/*
        lib/cheditor.lib.php

4.00.15 (05.06.21)
    :   ڸƮ   Խù  ޽   
    :   ȸ ߼۽ Ϻκ ڵ  
    :   Ʈ  Ͽ  ˻ ߰
    :   Ϸ  ڸƮ ٷΰ ũ 
    :   ڸƮ Է,   ڸƮ ̵
    :   admin.tail.php ϴܿ ִ ڹٽũƮ admin.js  и
    :   [Ȱ] ٸ ȸ    ִ  
        
        bbs/write_comment_update.php
        adm/mail_select_list.php
        adm/point_list.php
        adm/admin.tail.php
        adm/admin.js
        bbs/memo_form.php

4.00.14 (05.06.20)
    :    ϱ⿡  ֱ
    :   ԽǺ ۾ ̵ ʵ  ʴ 
    :     help() Լ  Ÿ Ʈ ߰
    :   js/common.js  check_byte() Լ cnt  return

        bbs/memo_form.php
        adm/board_copy_update.php
        adm/_common.php
        adm/admin.head.php
        js/common.js

4.00.13 (05.06.18)
    :     üũ ʴ  
    :   Ǹ ϶ ڸƮ  ԷµǴ  
    :   ȸ  Խ Ѻ  ׷ ֽűۿ ش Խ  
    :   ׿ ټ

        bbs/write.php
        bbs/write_update.php
        bbs/write_comment_update.php
        bbs/group.php
        adm/admin.head.php
        adm/board_form.php
        adm/boardgroupmember_form.php
        adm/member_form.php

4.00.12 (05.06.17)
    :   ۺ, ̵ Խ â  Ŭص üũǵ 
    :   Խ Ų ڵ ȭ
    :   [ie ] 
        Խ ۳  <form> ٷ Ʒ <input hidden  ϳ 
          ߻ϴ 찡 ֽϴ. (׷  찡  ׿)
        ̰ ذϴ  <form> ± ٷ Ʒ 
        <input hidden=null>   ߰ ָ ˴ϴ.
    :   RSS ũ ߰

        bbs/move.php
        bbs/list.php
        skin/board/basic/*

4.00.11 (05.06.15)
    :   ۴亯  ε   Ǵ  
    :   common.lib.php get_sideview() Լ ڵ ణ 
    :   common.lib.php get_file() Լ  path ߰
    :   Ͽ ÷ν ȮŬϸ  ߼۵ ʴ  
    :   ̺   ȭ α׷ ߰
    :   ׿ ټ

        adm/auth_update.php
        adm/board_form_update.php
        adm/boardgroup_form_update.php
        adm/boardgroupmember_update.php
        adm/config_form_update.php
        adm/mail_update.php
        adm/member_form_update.php
        adm/point_update.php
        adm/poll_form_update.php
        adm/repair.php
        adm/upgrade.php        
        adm/menu/m100991_repair.php
        bbs/formmail.php
        bbs/write_update.php
        lib/common.lib.php

4.00.10 (05.06.14)
    :     ǵ 
    :   ùα κ ڵ 
    :   б Ʈ ο 
    :   ڸƮ 亯ϴ   ڸƮ Ǵ   

        bbs/board.php
        bbs/view.php
        bbs/write_comment_update.php
        skin/board/basic/view.skin.php
        common.php

4.00.09 (05.06.13)
    :   Է½ ׿  ʴ  
    :   , ڸƮ, б⿡ ڵ Ʈ 
    :   ̵    ڸƮ ̸ ̵ µǴ  
    :   ε ʵ尡 ƴϸ Ŀ   ڵ 

        bbs/write_update.php
        bbs/write_comment_update.php
        bbs/board.php
        bbs/view_comment.php
        bbs/list.php

4.00.08 (05.06.10)
    :   ˻ 
    :   ֱٰԽù 
    :   Խǰ Ʈ   ( а ...  úκ )
    :   ڸƮ Է üũ ƾ ߰
    :   ȸ, ۾, ڸƮÿ ̸ ±    

        adm/board_list.php
        bbs/search.php
        bbs/new.php
        bbs/register_form_update.php
        bbs/write_update.php
        bbs/write_comment_update.php
        skin/new/basic/new.skin.php
        skin/board/basic/view_comment.skin.php

4.00.07 (05.06.09)
    :   ڴ б, ۾, ڸƮ, ٿε Ʈ  
        nascaԲ ˷ ּ̽ϴ.
    :   ȸϹ߼ۿ ߸  ٷ 
        smile4uԲ ˷ ּ̽ϴ.
    :   ԽǽŲ ߸ ּ ٷ 
        ϴԲ ˷ ּ̽ϴ.
    :   ԽǽŲ ̺(500->100%) 
        wanieԲ ˷ ּ̽ϴ.

        adm/mail_select_update.php
        adm/mail_test.php
        bbs/board.php
        bbs/write_comment_update.php
        bbs/write.php
        bbs/write_update.php
        skin/board/basic/view.skin.php
        skin/board/basic/list.skin.php

4.00.06 (05.06.07)
    :   ȯ漳̺ ʵ 10 ߰
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/config_form.php
        adm/config_form_update.php
        adm/upgrade.php

4.00.05 (05.06.06)
    :   bbs/member_confirm.php  Ųȭ
    :   login Ų register Ų  member Ų 
    :   login Ų register Ų 
    :   µǴ  get_text() Լ  (ũƮ  ȭ)
    :   ׿ ټ
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/config_form.php
        adm/config_form_update.php
        adm/upgrade.php
        bbs/register_form.php
        bbs/member_confirm.php
        bbs/register_result.php
        bbs/register_form_update.php
        bbs/register.php
        bbs/good.php
        bbs/scrap.php
        bbs/scrap_popin.php
        bbs/login.php
        skin/member/*
        

4.00.04 (05.06.03)
    :   ٸ 丮  ߱ Ͽ  ߰
        _common.php , _head.php , _tail.php

        _common.php
        _head.php
        _tail.php
        index.php


4.00.03 (05.06.01)
    :   [Ȱ] PHPSESSID  Ʋ α׾ƿѴ.
    :   data  ڵǴ 丮  index.php 
        (   ش 丮  ̴°  )
    :   $g4[url]  κ 

        common.php
        install/install_db.php

4.00.02 (05.05.31)
    :   ˻  µ ʴ  

        skin/search/basic/search.skin.php

4.00.01 (05.05.30)
    :    > Խǰ > ԽǺÿ   ߻

        adm/board_copy_update.php

4.00.00 (05.05.30)
    :    

05.05.30
    :   α  Ų   ְ 
    :   ׿ ټ
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/board_copy_update.php
        adm/config_form.php
        adm/config_form_update.php
        adm/member_form_update.php
        adm/upgrade.php
        bbs/login.php
        bbs/password.php
        bbs/register_form_update.php
        skin/login/*

05.05.28
    :    Ų 
    :   ׿ ټ
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

        adm/upgrade.php
        adm/config_form_update.php
        adm/config_form.php
        bbs/current_connect.php
        bbs/view_comment.php
        skin/new/*
        skin/connect/*
        lib/connect.lib.php

05.05.27
    :   ۻ ֱٰԽù ڸƮ  ʴ  
        rootԲ ˷ ּ̽ϴ.

        bbs/delete.php
        bbs/delete_all.php

05.05.26
    :    ̺   ʵ ߰
         > ԽǼ   뿡 üũϽʽÿ.
    :   ڱҰ  ڽź   ڴ ϰ     
        Ȳ.comԲ ˷ ּ̽ϴ.
    :     ߺ ȸ̵, ̸    
        rootԲ ˷ ּ̽ϴ. top.document -> parent.document
    :   gallery  Ų ߰
         Ų   Ų Ѱ     Ͽϴ.
         > ԽǼ Ʒ  ݵ Է ּ.
        ʵ 1 ࿡ ϴ ̹  
        ʵ 2 ̹  ȼ 

    adm/board_form_update.php
    adm/board_form.php
    adm/upgrade.php
    bbs/write.php
    bbs/member_email_check.php
    bbs/member_nick_check.php
    bbs/write_update.php
    bbs/view.php
    bbs/profile.php
    lib/common.lib.php
    skin/board/basic/view.skin.php
    skin/board/basic/write.skin.php
    skin/board/gallery/*

05.05.25
    :   ˻ Ų 
    :   ڷα , α˻   ߰
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

    config.php
    adm/config_form.php
    adm/config_form_update.php
    adm/index.php
    adm/upgrade.php
    bbs/search.php
    skin/search/*

05.05.24
    :   Խǰ > ԽǺ Ҷ   ȵǴ  
    :   ֱٰԽù Ų 
    :   ׿ ټ
    :   ʵ尡 ߰ Ǿ adm/upgrade.php  ѹ ̻ Ͽ ֽʽÿ.

    install/install_db.php
    adm/board_copy_update.php
    adm/config_form.php
    adm/config_form_update.php
    adm/index.php
    adm/upgrade.php
    bbs/board.php
    bbs/current_connect.php
    bbs/delete_comment.php
    bbs/download.php
    bbs/new.php
    bbs/search.php
    bbs/tb.php
    bbs/view_comment.php
    bbs/write.php
    bbs/write_comment_update.php
    bbs/write_update.php
    lib/common.lib.php
    skin/new/*

05.05.23
    :   (provision -> stipulation) ʵ 
    :   ֱٰԽù ڸƮ ۼ, ð   
        rootԲ ˷ ּ̽ϴ.
    :   OPTIMIZER TABLE ߰
    :   ״3 ǥȭ  

    adm/auth_update.php
    adm/board_form_update.php
    adm/boardgroup_form_update.php
    adm/boardgroupmember_update.php
    adm/config_form.php
    adm/config_form_update.php
    adm/mail_update.php
    adm/member_form_update.php
    adm/point_update.php
    adm/poll_form_update.php
    adm/upgrade.php
    bbs/new.php
    skin/register/basic/register.skin.php
    convert/g3_vote.php

05.05.22
    :   RSS 
    :   亯ִ ڸƮ ,  Ұ
    :   ڼ Է  Խ    ְ 
        ʵ尡 ߰ ǾǷ adm/upgrade.php ݵ ѹ ̻ ϼ.
    :    ũ ְڿԸ 
    :   ˻ Խ ũ ˻  
    :   ڸƮ  ۵ 
        torryԲ ˷ ּ̽ϴ.
    :   Ʈ κ ڵ 
    :   ġ ְ ȸ  
        hepburnstyleԲ ˷ ּ̽ϴ.

    bbs/download.php
    bbs/board.php
    bbs/write_comment_update.php
    bbs/write.php
    bbs/write_update.php
    bbs/search.php
    bbs/delete_comment.php
    bbs/current_connect.php
    bbs/view_comment.php
    bbs/list.php
    bbs/rss.php
    adm/index.php
    adm/board_form_update.php
    adm/board_form.php
    adm/upgrade.php
    install/install_db.php

05.05.21
    :   б ˻ 
        zzzzԲ ˷ ּ̽ϴ.
        bbs/search.php

    :   Խ ˻ α˻ 
        rootԲ ˷ ּ̽ϴ.
        lib/common.lib.php

05.05.20
    :   α˻  ߰
        adm/upgrade.php 
        bbs/search.php
        lib/popular.lib.php
        skin/popular/*
        common.php
        config.php

    :    ޴ 
        adm/*

    :   ǥ  Ʈ ο
        adm/poll_form.php
        adm/poll_form_update.php
        bbs/poll_update.php

    :   ֽűۿ ڸƮ 
        bbs/new.php
        bbs/write_comment_update.php
        bbs/write_update.php
        bbs/tb.php
        bbs/scrap_popin_update.php

    :   ̵ ֽڸƮ ̵
        bbs/move_update.php

    :   RSS ߰
        bbs/rss.php

05.05.17
    :   Խù , ̵ ڸƮ 亯  , ̵ ǵ 
        bbs/move_update.php

    :   ڸƮ ,   
        bbs/write_comment_update.php
        bbs/delete_commnet.php

05.05.16
    :   admin 丮 adm  
        tomcat ġ 浹 ̿ 
        config.php

    :   ڸƮ 亯  ߰
        ʵ尡 ߰ ǾǷ adm/upgrade.php  ѹ ̻ ϼž մϴ.
        *

    :   config.php  $g4[url]   Է  ֵ 
        windows   θ     Է  ֵ Ͽϴ.
        config.php

05.05.15
    :   Խù ̵   ʴ Խù  
        ׿ ټ
        adm/board_delete.inc.php
        adm/config_form.php
        adm/board_form.php
        bbs/move_update.php
        bbs/write.php

05.05.14
    :     ڸ޴  µǵ 
        adm/menu/*

    :      ,    , Żȸ ڵ  ƾ
        adm/index.php  Űϴ.

    :   , ̵ α   ߰
        ʵ尡 ߰ ǾǷ adm/upgrade.php  ѹ ̻ ϼž մϴ.
        adm/config_form.php
        adm/config_form_update.php
        bbs/move_update.php

    :   ̵ ֽűۿ  Խù  
        torryԲ ˷ ּ̽ϴ.
        bbs/new.php
        bbs/move_update.php

    :   ̵信 Ȩ Ŭ  ̵ ʴ  
        ź(sehonet)Բ ˷ ּ̽ϴ.
        lib/common.lib.php

    :   ڸƮ â  üũ ʾ  ֽűۿ ڸƮ Ŭ  
        bbkingԲ ˷ ּ̽ϴ.
        skin/latest/basic/latest.skin.php

    :   ȸϿ ̸  ߰
        NARU(kingljm)Բ ˷ ּ̽ϴ.
        adm/mail_list.php
        adm/mail_preview.php

    :   ڰ   ȸ α  ʴ  
        н Է  ʰ ־
        (chung96)Բ ˷ ּ̽ϴ.
        adm/member_form_update.php

    :   Խ ׷ Է½  ʵ Էµ ʴ  
        NARU(kingljm)Բ ˷ ּ̽ϴ.
        boardgroup_form_update.php

05.05.13
    : ڼ ּ/ϴ ڵ ߰
      skin/board/basic/write.skin.php
      skin/board/basic/view_comment.skin.php

    : ȸ Ų  
      ʵ尡 ߰ ǾǷ adm/upgrade.php  ѹ ̻ ϼž մϴ.
      adm/config_*
      skin/register/*
      bbs/member_*_check.php
      bbs/register_*

    :  亯   ޼   
      bbs/write_update.php

    : ˻ 
      head.php

05.05.12
    : ڰ  ȸ  ϵ 
      adm/member_list.php
      adm/member_form.php
      adm/member_form_update.php

    : ϳ ӵ Ұ
      bbs/write_update.php
      bbs/write_comment_update.php

    :  ̵ ũ ̵ϵ 
      bbs/move_update.php

    : ۾ ̵   ߰
      ʵ尡 ߰ ǾǷ adm/upgrade.php  ѹ ̻ ϼž մϴ.
      adm/board_form.php
      adm/board_form_update.php

05.05.11
    : Խǰ >   κе 
      adm/board_form.php
      adm/board_form_update.php

    : ҿ쿡 alphanumeric  alphanumeric_   ν ϴ  
      alphanumeric_  alphanumericunderline  
      js/wrest.js

    : bbs , admin path ü 
      *

05.05.10
    :   ϴ Ÿ DB    ִ  õ ʾ
       ġ Ϸ  ҽϴ.
      install/*
      common.php
      config.php

    : php  ( Ƿ   Ʈ)   ڵ带 ߰
      prosper Բ ˷ ּ̽ϴ.
      common.php

    : ȸϹ߼ ߰
      ȸ ̺ ߰  α׷ 
      http:////adm/upgrade.php  ѹ ̻ ְ   ֽʽÿ.

      adm/*
      common.php
      config.php

05.05.09
    : dbconfig.php   ְ common.php  mysql  ִ  Ͽϴ.
       ڵ ϴ dbconfig.php   иǾ    ϴ Ÿ 
       ο  ϴ.
      Ÿο mysql  ˷ ʴ  Ϻ(?)ϰ DB ϰ ȣ   ֽϴ.
      common.php
      config.php
      install/*

    :  ʵ ڵ  
      輱(sucjin)Բ ˷ ּ̽ϴ.
      adm/board_form.php
      adm/boardgroup_form.php
      adm/member_form.php

    : ȸ  ̵  Ұ 
      bbs/register_form.hp

    : ġ ۹̼ Ȯ ڵ 
      install/index.php

    : sql_zip.sql  admin 丮 ̵

05.05.06
    : ڸƮ Է½  ʵ Էµǵ 
      bbs/write_comment_update.php

    : ٱ(ΰ)   ߰
       ߰Ǵ α׷  
      r : б , w : Է,  , d : 
      config.php
      adm/*

05.05.04
    :   ڸ 
      輱(sucjin)Բ ˷ ּ̽ϴ.
      bbs/list.php 
    : ڸƮ     
      lib/common.lib.php
      skin/board/*/list.skin.php
    :  ޴ 
      adm/*

05.05.03
    : ԽǱ׷켳 ɼ Է ϰ 
      adm/boardgroup_form.php
      adm/boardgroup_form_update.php

    : ڸ޴ DHTML ޴ 
      adm/*

05.05.02
    : ԽǼ >  bo_image_size ʵ    
      adm/board_form_update.php
    
    : ֽű ڼ ǥ   
      get_list() Լ $len => $subject_len  
      輱(sucjin)Բ ˷ ּ̽ϴ.
      lib/common.lib.php 
    
    : get_view() Լ 
      lib/common.lib.php 
    
    : url_auto_list() Լ 
      lib/common.lib.php 
    
    :  Խ ȯ ߰
      convert/g3_dabsagi.php

05.04.30
    : ȸԽ  0 ̳  ȵ κ 
      bbs/register_form.php

05.04.29
    : ҿ쿡  Ŭ ڹٽũƮ ܼâ ߴ° 
      js/sideview.js

    : ü˻ ڹٽũƮ  
      bbs/search.php

    : ȸڽ ڸƮ     
      bbs/delete_comment.php

    : ԽǼ >  Ų丮  ʴ  
      adm/board_form.php

    :   
      head.sub.php

    :  ʴ Խ   
      bbs/board.php

    : FireFox   ε  ʴ  
      輱(sucjin)Բ ˷ ּ̽ϴ.
      <!-- 輱 2005.4 - FF(ҿ)  innerHTML   <table> Ʒ  ν մϴ. --> 
      ԽǽŲ write.skin.php

    : ԽǼ >     
      adm/board_form_update.php

    : ǥƮ ũ 
      ڱԼ(nosty)Բ ˷ ּ̽ϴ.
      adm/poll_list.php

    : ԽǼ >  ̹ ʵ  
      ȣ(namo)Բ ˷ ּ̽ϴ.
      adm/board_form_update.php

    : ԽǼ HTML   
      ٸ(koxel)Բ ˷ ּ̽ϴ.
      adm/board_form.php

    : ԽǼ Ų 丮 ݵ ϵ 
      adm/board_form.php

    : allow_url_fopen = Off   Ʈ  κ  ( )
      lib/trackback.lib.php

05.04.28
    : Ʈ ȯ  
      convert/g3_member.php

05.04.28
    : Ĺ  ( ƴ)

05.04.28
    : ҿ쿡 ȸ  ϴ 
    : ״3 Խڷ ȯ α׷ ߰
      convert/g3_board.php
    : MySQL  phpMyAdmin 2.6.2 ž

05.04.27
    : ġ implode() μ   
    : ״3 ȸڷ ȯ α׷ ߰
      convert/g3_member.php

05.04.26
    : ڸƮ  ̻ Ͻ  ,  Ұ  ߰
    : Խ   ߰
    : Խǿ , ϴ ̹ ε  ߰
    :        ϴ  ߰
    :  Ʈ з˻  ߰
    : ü˻ з˻  ߰

05.04.25
    : bbs/zip2.php  (â ּҸ Է¹ )

05.04.24
    : ī24  ġ  ʴ  ġ Unknown table 'g4_board'  

05.04.22    
    : ׷ 뿡  ۸    ߰
    : ׷ 뿡  ˻   ߰
    : ְڴ Ʈ ߰   

05.04.21    
    : Խ ̺ wr_option  set(html, htmlbr)  set(html1, html2)  
    :  > ȸ   
    : ȸԽ õ ̵ Է κ 
    : common.lib.php  insert_point() Լ ȸ̵ ã  return 
    : ü ˻ 
    : Խ ˻ ˻  
    : common.lib.php  search_font() Լ ˻   return 

05.04.21     Ÿ 2 

05.03.29    Ÿ 1 

״4 ̷ 


================================================================================
״4 ֿ
--------------------------------------------------------------------------------
    1.   ε 
    2.    ޴ ߰ 
    3.  ޴  
    4. Ʈ 
    5. ֱٰԽù  Խ Ƶ  Ȯ  
    6. κ  ۾  
    7. RSS
    8. ԽǺ Ʈ  ٸ ο  
    9. ȸԽ ̸  
   10. ׿ ټ
--------------------------------------------------------------------------------
˷ 
--------------------------------------------------------------------------------
    1. ڸƮ ˻ Ե  Ͽ (ȸ )   ʽϴ.
================================================================================
