KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /home/queenjbs/jaejoong_X/admin/Proc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/queenjbs/jaejoong_X/admin/Proc/multimedia_proc.php
<?include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php";?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?//include $_SERVER['DOCUMENT_ROOT']."/class/i.inc";?>
<?

$todayfull = date("YmdHis");
$subject = addslashes($subject); //특수문자db에 들어가게..
$contents = addslashes($mediasource); //특수문자db에 들어가게..
//----이미지 저장-----------------------------------//
if ($thumnail_name) {
	if($_FILES['thumnail_name']['size'] > "11162773"){
	
		?>
		<SCRIPT LANGUAGE="JavaScript">
		<!--
			alert("10mb以下で保存することが可能です。");
			history.back(-1);
		//-->
		</SCRIPT>
		<? 
	}
	$savedir 	= $_SERVER['DOCUMENT_ROOT']."/files/muti/thump";
	$thumnail_name_ext = strtolower(substr($thumnail_name,-3)); // 확장자
	if($thumnail_name_ext!="com" or $thumnail_name_ext!="exe" or $thumnail_name_ext!="php" or $thumnail_name_ext!="htm") { //소문자.. 대문자.. 구분가능.. 
		$vName = $division."".$todayfull.".".$thumnail_name_ext; //화명명 변경 예)20061212_6437210.jpg
		$realName = $thumnail_name;
		$file_count = 1;
		//echo"$savedir/$vName";
		if(!copy($thumnail, "$savedir/$vName")) {
			//echo("upload fail");
			?>
					<SCRIPT LANGUAGE="JavaScript">
					<!--
						//alert("upload fail.");
						//history.back(-1);
					//-->
					</SCRIPT>
			<? 
						exit;
		}
		unlink($thumnail);
	}else{
?>
		<SCRIPT LANGUAGE="JavaScript">
		<!--
			alert("添付ファイルはファイル(exe,com,php,html)のみアップロード可能です.");
			history.back(-1);
		//-->
		</SCRIPT>
<? 
	}
}
//--동영상 저장-->
if ($convdo_name) {
	$savedir 	= $_SERVER['DOCUMENT_ROOT']."/files/muti/video";
	$convdo_name_ext = strtolower(substr($convdo_name,-3)); // 확장자
	if($convdo_name_ext!="com" or $convdo_name_ext!="exe" or $convdo_name_ext!="php" or $convdo_name_ext!="htm") { //소문자.. 대문자.. 구분가능.. 
		$movfile = $division."_".$todayfull.".".$convdo_name_ext; //화명명 변경 예)20061212_6437210.jpg
		$realName1 = $convdo_name;
		$file_count = 1;
		if(!copy($convdo, "$savedir/$realName1")) {
			//echo("upload fail");
			?>
					<SCRIPT LANGUAGE="JavaScript">
					<!--
						alert("upload fail.");
						history.back();
					//-->
					</SCRIPT>
			<? 
		}
		unlink($convdo);
	}else{
?>
		<SCRIPT LANGUAGE="JavaScript">
		<!--
			alert("添付ファイルはファイル(exe,com,php,html)のみアップロード可能です.");
			history.back();
		//-->
		</SCRIPT>
<? 
	}
}
//----이미지 저장-----------------------------------//
if($is_secret == "") $is_secret ='N';
if($idx){
	if($mode == "proc"){
			if($vName){
				$fileName = get_db("select file_name from files where module_name='$division' and module_no = '$idx' and order_by= 1");
				
				$del_file="/files/muti/thump/".$fileName;
				if($fileName && is_file($del_file)) unlink($del_file);
				
				$tmpvName		= $vName;
				$tmpRealName	= $realName;
				if(!$fileName){
					$file_query = "INSERT INTO files (module_no,module_name,original_name,file_name,file_type,order_by,reg_date) VALUES ('$idx','$division', '$tmpRealName','$tmpvName','$thumnail_name_ext','1',now())";
				}else{
					$file_query = "update files set original_name='$tmpRealName',file_name='$tmpvName',file_type='$thumnail_name_ext',reg_date=now() where module_name='$division' and module_no = '$idx' and order_by= 1";
					
				}
					$result = mysql_query($file_query,$db_con);

			}
				
			if($movfile){
				$vName1 = $movfile;
				$fileName = get_db("select file_name from files where module_name='$division' and module_no = '$idx' and order_by= 2");
				
				$tmpvName		= $vName1;
				$tmpRealName	= $realName1;
				if(!$fileName){
					$update_query = "INSERT INTO files (module_no,module_name,original_name,file_name,file_type,order_by,reg_date) 
					VALUES 
					('$idx','$division', '$tmpRealName','$tmpvName','$convdo_name_ext','2',now())";
				}else{
					$update_query = "update files set original_name='$tmpRealName',file_name='$tmpvName',file_type='$convdo_name_ext',reg_date=now() where module_name='$division' and module_no = '$idx' and order_by= 2";
				}
				
				$result = mysql_query($update_query,$db_con);
			}
			
			
		 $queryupok = "update photo_$division set subject='$subject',contents='$mediasource',user_name='$user_name',contentUrl='$contentUrl',start_date='$usedate' ,modify_date=now(),inputtype='$inputtype',is_secret='$is_secret',general_setting='$m_chk' where no = '$idx'";
		$boardNo= $idx;
	}else if($mode == "del"){
		//3개 찾고 기존 파일 삭제
		$QUERY  = "select * from files where module_name='$division' and module_no = '$idx' order by no";
		$result= mysql_query($QUERY,$db_con);
		$total = mysql_affected_rows();

			for($j=1; $i<= $total; $i++){
			$row = mysql_fetch_array($result);
					$fileName = $row[file_name];
					if($fileName){
						//echo $fileName;
						$del_file="/files/muti/thump/".$fileName;
						if($fileName && is_file($del_file)) unlink($del_file);
					}
					$fileName =""; //파일 초기화
			}//for end
			$delqry =  mysql_query("DELETE FROM files where module_name='$division' and module_no = '$idx'",$db_con);
		
			$queryupok = "DELETE FROM photo_$division where no = '$idx'";
	}
	
	$queryupok_result = mysql_query($queryupok,$db_con);	
}else{
	$file_count = 2;
	$query = "INSERT INTO photo_$division
									(division,user_no,user_id,user_name,start_date,reg_date,modify_date,is_secret,subject,general_setting,contents,contentUrl,files_count,inputtype,hit,ip)
								VALUES
									('$division', '$user_no','$userid','$user_name','$usedate',now(),now(),'$is_secret','$subject','$m_chk','$mediasource','$contentUrl','$file_count','$inputtype','0','$REMOTE_ADDR')";
	
	//echo $query;
	$result = mysql_query($query,$db_con);
	$boardNo = get_db("select max(no) from photo_$division");
	if($thumnail_name){
		
		$orderBy = '1';
		$file_query = "INSERT INTO files
										(module_no,module_name,original_name,file_name,file_type,order_by,reg_date)
									VALUES
										('$boardNo','$division', '$realName','$vName','$thumnail_name_ext','$orderBy',now())";

		//echo $file_query;
		$result = mysql_query($file_query,$db_con);
	}
	if($movfile){
		$orderBy = '2';
		$vName1 = $movfile;
		$file_query = "INSERT INTO files
										(module_no,module_name,original_name,file_name,file_type,order_by,reg_date)
									VALUES
										('$boardNo','$division', '$realName1','$realName1','$convdo_name_ext','$orderBy',now())";

		//echo $file_query;
		$result = mysql_query($file_query,$db_con);
	}
}
if($mode == "del"){
	$modePath = "list";
	$alertName = "削除";
	$linkULR = "	../video.php";
	
}else{
	$modePath = "view";
	$alertName = "保存";
	$linkULR = "	../video_view.php";
}
mysql_close();
?>
<form name="form" method="post" action="<?=$linkULR?>" onsubmit="return validate();" enctype="multipart/form-data">
<input type="hidden" name="mode" value="<?=$mode?>">
<input type="hidden" name="idx" value="<?=$boardNo?>">
</form>
<script>
alert("<?=$alertName?> OK");
document.form.submit();
</script>

Anon7 - 2021