skip menu and go to main content

body start

JSBoard

Resolved  외부의 link를 이용한 XSS attack 가능한 버그 3 ]

09.11.17-05:53:36

314867

Submitted by 김정균

Assignee 김정균

View1356

Priority4

http://oops.org/SERVICE/jsboard/read.php?table=jsboard_oopsQnA&no=52055&page=1 에서 김성환님이 reporing 해 주셨습니다.

개요:
외부나 커뮤니티 사이트의 게시판에, JSBoard가 존재하는 사이트의 링크를 이용하여 XSS attack을 할 수 있는 버그 존재

예제:
KLDP.org의 게시판에 다음의 링크를 걸어 놓음

http://oops.org/SERVICE/jsboard/list.php?table=jsboard_oopsQnA&page=2'"><iframe src=http://daum.net>;

이 링크를 무심코 접근했을 경우, JSBoard에서 지정된 iframe을 실행하게 되는 버그가 존재.

Hardware : All

Operating System : All

Severity : Major

Resolution : Accepted As Bug

Comments on this artfact

3 Comments

김정균

"Assigned To" was changed from "Nobody" to "김정균"
"Priority" was changed from "3" to "4"

09.11.17-06:10:34

김정균

jsboard 2.1 tree 수정 완료.

  • jsboard-2.1-xss-attack.patch (12 KB)

    • jsboard.org/act.php-3+7

      @@ -1,4 +1,5 @@
      1<?php

      2include_once "include/variable.php";
      2include_once "include/print.php";
3# GET/POST  
4parse_query_str();

      @@ -436,6 +437,9 @@ if ($o['at'] != "dn" && $o['at'] != "sm"
      436    $atc['title'] = trim($atc['title']);
437    $atc['text']  = chop($atc['text']);
438

      440    if(preg_match("/[^\xA1-\xFEa-z\. ]/i", $name))
      441      print_error ($_('reg_format_n'), 250, 150, 1);
      439    if(($o['at'] == "write" || $o['at'] == "reply") && preg_match("/^(0|4|6)$/",$board['mode']) && !$board['adm'] && $board['super'] != 1) {
440      if(!trim($atc['passwd']) && !trim($passwd)) print_error($_('act_pwm'),250,150,1);
441    }

      @@ -459,9 +463,9 @@ if ($o['at'] != "dn" && $o['at'] != "sm"
      459    if(($o['at'] == "write" || $o['at'] == "reply" || $o['at'] == "edit") && $atc['html'] == 1) {
460      check_htmltable($atc['text']);
461      check_iframe($atc['text']);

      462      $denyiframe = array("!<(iframe[^>]*)>!i","!<(/iframe)>!i");
      463      $editiframe = array("<\\1>","<\\1>");
      464      $atc['text'] = preg_replace($denyiframe,$editiframe,$atc['text']);
      466      $denysrc = array("!<((iframe|script|img)[^>]*)>!i","!<(/(iframe|script|img))>!i");
      467      $editsrc = array("<\\1>","<\\1>");
      468      $atc['text'] = preg_replace($denysrc,$editsrc,$atc['text']);
      465    }
466
467    $compare['email'] = trim($compare['email']) ? $compare['email'] : "mail check";

    • jsboard.org/admin/act.php0+4

      @@ -84,6 +84,10 @@ else if ( $mode == 'db_del' ) {
      84}
85
86else if ( $mode == 'db_create' )  {

      87  # Խ ̸ Ģ -> A-Za-z0-9_-
      88  if ( preg_match ('/[^a-z0-9_-]/i', $new_table) )
      89    print_error ($_('tb_rule'), 250, 150, 1);
      87  # θ ̸  üũ
88  table_name_check ($new_table);
89

    • jsboard.org/admin/include/admin_head.php0+1

      @@ -16,6 +16,7 @@ ini_set ('track_errors', 1);
      16
17$_ = '_lang';
18

      19include_once "$ipath/include/variable.php";
      19include_once "$ipath/include/error.php";
20include_once "$ipath/include/check.php";
21include_once "$ipath/include/get.php";

    • jsboard.org/admin/language/en.lang0+1

      @@ -132,6 +132,7 @@ $en['n_meta'] = "Special Characters can'
      132$en['n_promise'] = "This name is reserved word in DB.";
133$en['n_acc'] = "Specified nonexistent board name.";
134$en['a_acc'] = "The board with this name already exists.";

      135$en['tb_rule'] = 'You can use [A-Za-z0-9_-] characters for board name.';
      135
136$en['first1'] = "Distributor";
137$en['first2'] = "After reading this, you must delete this article!";

    • jsboard.org/admin/language/ko.lang0+1

      @@ -134,6 +134,7 @@ $ko['n_meta'] = "Խ ̸ ĺ, 
      134$ko['n_promise'] = "Ͻ Խ ̸ DB ϴ Դϴ.";
135$ko['n_acc'] = "Խ   ʽϴ.";
136$ko['a_acc'] = "̹  ̸ Խ  մϴ.";

      137$ko['tb_rule'] = 'Խ ̸ [A-Za-z0-9_-] ڸ   ֽϴ.';
      137
138$ko['first1'] = "";
139$ko['first2'] = "   Ŀ  Ͻʽÿ! ";

    • jsboard.org/image.php0+1

      @@ -1,4 +1,5 @@
      1<?php

      2include_once 'include/variable.php';
      2include_once 'include/print.php';
3include_once 'include/check.php';
4include_once 'include/error.php';

    • jsboard.org/include/header.php0+1

      @@ -20,6 +20,7 @@ if ( preg_match ('!/\.+|%00$!', $table) 
      20  exit;
21}
22

      23include_once 'include/variable.php';
      23include_once "include/error.php";
24include_once "include/print.php";
25# GET/POST

    • jsboard.org/include/parse.php0+5

      @@ -593,6 +593,11 @@ function file_upload($fn,$updir) {
      593  $ufile['type'] = $_FILES[$fn]['type'];
594  $ufile['tmp_name'] = $_FILES[$fn]['tmp_name'];
595

      596  if(preg_match('/[^a-z0-9_-.]/i', $ufile['name'])) {
      597    print_error($_('upfile_rule'),250,150,1);
      598    exit;
      599  }
      596  if(is_uploaded_file($ufile['tmp_name']) && $ufile['size'] > 0) {
597    if ($ufile['size'] > $upload['maxsize']) {
598      print_error($_('act_md'),250,150,1);

    • jsboard.org/include/prelist.php0+1

      @@ -18,6 +18,7 @@ $prcode = isset ($prlist['code']) ? $prl
      18putenv ("JSLANG={$prcode}");
19
20require_once "{$prlist['path']}/language/lang.php";

      21include_once "{$prlist['path']}/include/variable.php";
      21
22include_once "{$prlist['path']}/config/global.php";
23include_once "{$prlist['path']}/include/error.php";

    • jsboard.org/include/print.php0+2

      @@ -8,6 +8,7 @@ function parse_query_str() {
      8  if(count($_GET)) {
9    foreach($_GET as $key => $value) {
10      global ${$key};

      11      confirm_variable ($key, $value);
      11      ${$key} = $value;
12    }
13  }

      @@ -15,6 +16,7 @@ function parse_query_str() {
      15  if(count($_POST)) {
16    foreach($_POST as $key => $value) {
17      global ${$key};

      19      confirm_variable ($key, $value);
      18      ${$key} = $value;
19    }
20  }

    • jsboard.org/include/variable.php0+74

      @@ -0,0 +1,74 @@
      1<?php
      2$jsvari = (object) array (
      3  'atc'     => (object) array (
      4    'ckeyv' => '/[^[:alnum:]]/',
      5    'ckey' => '/[^0-9]/',
      6    'reno' => '/[^0-9]/',
      7    'html' => '/[^0-9]/',
      8    'no'   => '/[^0-9]/',
      9    'delete_dir' => '/[^a-z0-9\/_-]/i',
      10    'delete_filename' => '/[^a-z0-9_-.]/i',
      11  ),
      12  'cenable' => (object) array (
      13    'ore' => '/[^0-9]/',
      14  ),
      15  'check'   => '/[^0-9]/',
      16  'goaway'  => '/[^0-9]/',
      17  'lu'      => '/[^\xA1-\xFEa-z0-9.]/',
      18  'm'       => '/[^[:alpha:]]/',
      19  'nd'      => '/[^0-9]/',
      20  'no'      => '/[^0-9]/',
      21  'o'       => (object) array (
      22    'at'  => '/[^[:alpha:]]/',
      23    'er'  => '/[^[:alpha:]]/',
      24    'sc'  => '/[^[:alpha:]]/',
      25    'sct' => '/[^[:alpha:]]/',
      26    'stt' => '/[^[:alpha:]]/',
      27    'st'  => '/[^[:alpha:]]/',
      28    'y1'  => '/[^0-9]/',
      29    'y2'  => '/[^0-9]/',
      30    'm1'  => '/[^0-9]/',
      31    'm2'  => '/[^0-9]/',
      32    'd1'  => '/[^0-9]/',
      33    'd2'  => '/[^0-9]/'
      34  ),
      35  'page'    => '/[^0-9]/',
      36  't'       => '/[^[:alpha:]]/',
      37  'table'   => '/[^A-Za-z0-9_-]/',
      38  'type'    => '/[^[:alpha:]]/',
      39);
      40function fatal_error ($msg) {
      41  echo <<<EOF
      42<script type="text/javascript">
      43  alert('$msg');
      44</script>
      45EOF;
      46  exit;
      47}
      48function confirm_variable ($key, $value) {
      49  global $jsvari;
      50  if (!isset($jsvari->$key))
      51    return;
      52  if (is_array($value)) {
      53    foreach ($value as $k => $v) {
      54      if (!isset($jsvari->$key->$k)) continue;
      55      if (preg_match($jsvari->$key->$k,$v)) {
      56        $msg = sprintf('You can not access with %s[%s]=%s', $key, $k, $v);
      57        fatal_error($msg);
      58        exit;
      59      }
      60    }
      61	return;
      62  }
      63  if (preg_match($jsvari->$key,$value)) {
      64    $msg = sprintf('You can\\\'t access with %s=%s', $key, $value);
      65    fatal_error($msg);
      66    exit;
      67  }
      68  return;
      69}
      70?>

    • jsboard.org/language/en.lang-1+2

      @@ -56,6 +56,7 @@ $en['act_s'] = "Denied due to spamming";
      56$en['act_same'] = "Please don't post duplicate article.";
57$en['act_dc'] = "Nothing is changed.";
58$en['act_complete'] = "Updated successfully";

      59$en['upfile_rule'] = 'You can use [A-Za-z0-9_-.] characters for upload file name.';
      59
60# list.ph message
61$en['ln_re'] = "Reply";

      @@ -141,7 +142,7 @@ $en['u_no'] = "No such user.";
      141$en['u_print'] = "User info";
142$en['chk_id_y'] = "You can use this ID.";
143$en['chk_id_n'] = "This ID already exists.";

      144$en['chk_id_s'] = "ID should be alphanumeric or Korean only.";
      145$en['chk_id_s'] = "ID should be alphanumeric or Korean or dot only.";
      145$en['reg']      = 'Regist';
146$en['back']     = 'BACK';
147

    • jsboard.org/language/ko.lang-1+2

      @@ -57,6 +57,7 @@ $ko['act_s'] = " ǴܵǾ ۾
      57$ko['act_same'] = "Ȱ  ι ø ʽÿ.";
58$ko['act_dc'] = "ٲ  ϴ.";
59$ko['act_complete'] = " ϷǾϴ";

      60$ko['upfile_rule'] = 'ε ̸ [A-Za-z0-9_-.] ڸ   ֽϴ.';
      60
61# list.ph message
62$ko['ln_re'] = "";

      @@ -143,7 +144,7 @@ $ko['u_no'] = "ϵ  ϴ.";
      143$ko['u_print'] = "";
144$ko['chk_id_y'] = "Ҽ ִ ID Դϴ.";
145$ko['chk_id_n'] = "ID ̹ մϴ.";

      146$ko['chk_id_s'] = "ID ѱ, , ĸ Ҽ ֽϴ.";
      147$ko['chk_id_s'] = "ID ѱ, , , ħǥ Ҽ ֽϴ.";
      147$ko['reg']      = '';
148$ko['back']     = 'ڷ';
149

    • jsboard.org/login.php-5+6

      @@ -1,9 +1,10 @@
      1<?php

      2require_once "./include/version.php";
      3require_once "./include/print.php";
      4require_once "./include/get.php";
      5require_once "./include/check.php";
      6require_once "./include/error.php";
      2require_once './include/variable.php';
      3require_once './include/version.php';
      4require_once './include/print.php';
      5require_once './include/get.php';
      6require_once './include/check.php';
      7require_once './include/error.php';
      7parse_query_str ();
8
9$agent = get_agent ();

    • jsboard.org/regist.php0+1

      @@ -26,6 +26,7 @@ if ( $m == 'act' ) {
      26  $email = check_email ($email);
27  $url   = check_url ($url);
28

      29  if ( preg_match ("/[^\xA1-\xFEa-z0-9.]/i", $id) ) print_error ($_('chk_id_s'), 250, 150, 1);
      29  if ( preg_match ("/[^\xA1-\xFEa-z\. ]/i", $name) ) print_error ($_('reg_format_n'), 250, 150, 1);
30  if ( ! $email ) print_error ($_('reg_format_e'), 250, 150, 1);
31  $url = str_replace('http://', '', $url);

    • jsboard.org/session.php0+1

      @@ -1,4 +1,5 @@
      1<?php

      2include_once "include/variable.php";
      2include_once "include/print.php";
3parse_query_str ();
4

    • jsboard.org/whois.php-1+2

      @@ -1,5 +1,6 @@
      1<?php

      2include "include/print.php";
      2include 'include/variable.php';
      3include 'include/print.php';
      3# register_globals ɼ   ʱ  Լ
4parse_query_str();
5

09.11.17-06:10:34

김정균

jsboard 2.0.x tree patch 파일 등록

  • jsboard-2-xss-attack.patch (14 KB)

    • act.php-3+7

      @@ -1,4 +1,5 @@
      1<?php

      2include_once 'include/variable.php';
      2include_once "include/print.php";
3# GET/POST  
4parse_query_str();

      @@ -434,6 +435,9 @@
      434    $atc['title'] = trim($atc['title']);
435    $atc['text']  = chop($atc['text']);
436

      438    if(preg_match("/[^\xA1-\xFEa-z\. ]/i", $name))
      439      print_error ($langs['reg_format_n'], 250, 150, 1);
      437    if(($o['at'] == "write" || $o['at'] == "reply") && preg_match("/^(0|4|6)$/",$board['mode']) && !$board['adm'] && $board['super'] != 1) {
438      if(!trim($atc['passwd']) && !trim($passwd)) print_error($langs['act_pwm'],250,150,1);
439    }

      @@ -453,9 +457,9 @@
      453    if(($o['at'] == "write" || $o['at'] == "reply" || $o['at'] == "edit") && $atc['html'] == 1) {
454      check_htmltable($atc['text']);
455      check_iframe($atc['text']);

      456      $denyiframe = array("!<(iframe[^>]*)>!i","!<(/iframe)>!i");
      457      $editiframe = array("<\\1>","<\\1>");
      458      $atc['text'] = preg_replace($denyiframe,$editiframe,$atc['text']);
      460      $denysrc = array("!<((iframe|script|img)[^>]*)>!i","!<(/(iframe|script|img))>!i");
      461      $editsrc = array("<\\1>","<\\1>");
      462      $atc['text'] = preg_replace($denysrc,$editsrc,$atc['text']);
      459    }
460
461    $compare['email'] = trim($compare['email']) ? $compare['email'] : "mail check";

    • image.php-3+4

      @@ -1,7 +1,8 @@
      1<?php

      2include "include/print.php";
      3include "include/check.php";
      4include "include/error.php";
      2include_once 'include/variable.php';
      3include_once 'include/print.php';
      4include_once 'include/check.php';
      5include_once 'include/error.php';
      5parse_query_str();
6
7$ImgPath = rawurldecode($path);

    • login.php-5+6

      @@ -1,9 +1,10 @@
      1<?php

      2include "./include/version.php";
      3include "./include/print.php";
      4include "./include/get.php";
      5include "./include/check.php";
      6include "./include/error.php";
      2require_once './include/variable.php';
      3require_once './include/version.php';
      4require_once './include/print.php';
      5require_once './include/get.php';
      6require_once './include/check.php';
      7require_once './include/error.php';
      7parse_query_str();
8
9$agent = get_agent();

    • regist.php0+1

      @@ -26,6 +26,7 @@
      26  $email = check_email($email);
27  $url   = check_url($url);
28

      29  if (preg_match("/[^\xA1-\xFEa-z0-9.]/i", $id)) print_error ($langs['chk_id_s'], 250, 150, 1);
      29  if(preg_match("/[^\xA1-\xFEa-z\. ]/i",$name)) print_error($langs['reg_format_n'],250,150,1);
30  if(!$email) print_error($langs['reg_format_e'],250,150,1);
31  $url = str_replace("http://","",$url);

    • session.php0+1

      @@ -1,4 +1,5 @@
      1<?php

      2include_once 'include/variable.php';
      2include_once "include/print.php";
3parse_query_str();
4

    • whois.php-1+2

      @@ -1,5 +1,6 @@
      1<?php

      2include "include/print.php";
      2include 'include/variable.php';
      3include 'include/print.php';
      3# register_globals ɼ   ʱ  Լ
4parse_query_str();
5

    • admin/act.php0+4

      @@ -92,6 +92,10 @@
      92else if($mode == 'db_create')  {
93  $tbl_list = mysql_list_tables($db['name']);
94

      95  # Խ ̸ Ģ -> A-Za-z0-9_-
      96  if ( preg_match ('/[^a-z0-9_-]/i', $new_table) )
      97    print_error ($langs['tb_rule'], 250, 150, 1);
      95  # θ ̸  üũ
96  table_name_check($new_table);
97  # table list   üũ

    • admin/include/admin_head.php0+1

      @@ -12,6 +12,7 @@
      12ini_set(magic_quotes_gpc,1);
13ini_set(magic_quotes_sybase,0);
14

      15include_once "$ipath/include/variable.php";
      15include_once "$ipath/include/error.php";
16include_once "$ipath/include/check.php";
17include_once "$ipath/include/get.php";

    • doc/en/Changelog0+4

      @@ -18,6 +18,10 @@
      18Version   : jsboard 2.0.15
19
20

      21Tue, Nov, 17 2009
      22by JoungKyun.Kim
      23	- fixed external XSS attack
      21Sat, Nov, 14 2009
22by JoungKyun.Kim
23	- defenced xss attack on error popup windows

    • doc/ko/Changelog0+4

      @@ -19,6 +19,10 @@
      19   : jsboard 2.0.15
20
21

      222009.11.17
      23  by 
      24	- ܺ ũ ̿ XSS  
      222009.11.14
23  by 
24	-  ޽ popupâ XSS ɼ

    • include/header.php0+1

      @@ -16,6 +16,7 @@
      16  exit;
17}
18

      19include_once 'include/variable.php';
      19include_once "include/error.php";
20include_once "include/print.php";
21# GET/POST

    • include/parse.php0+5

      @@ -590,6 +590,11 @@
      590  $ufile['type'] = $_FILES[$fn]['type'];
591  $ufile['tmp_name'] = $_FILES[$fn]['tmp_name'];
592

      593  if(preg_match('/[^a-z0-9_-.]/i', $ufile['name'])) {
      594    print_error($langs['upfile_rule'],250,150,1);
      595    exit;
      596  }
      593  if(is_uploaded_file($ufile['tmp_name']) && $ufile['size'] > 0) {
594    if ($ufile['size'] > $upload['maxsize']) {
595      print_error($langs['act_md'],250,150,1);

    • include/prelist.php0+1

      @@ -13,6 +13,7 @@
      13$prlist['wpath'] = "http:///jsboard-version";
14
15include_once "{$prlist['path']}/config/global.php";

      16include_once "{$prlist['path']}/include/variable.php";
      16include_once "{$prlist['path']}/include/error.php";
17include_once "{$prlist['path']}/include/parse.php";
18include_once "{$prlist['path']}/include/check.php";

    • include/print.php0+2

      @@ -55,6 +55,7 @@
      55  if(count($_GET)) {
56    foreach($_GET as $key => $value) {
57      global ${$key};

      58      confirm_variable ($key, $value);
      58      ${$key} = $value;
59    }
60  }

      @@ -62,6 +63,7 @@
      62  if(count($_POST)) {
63    foreach($_POST as $key => $value) {
64      global ${$key};

      66      confirm_variable ($key, $value);
      65      ${$key} = $value;
66    }
67  }

    • include/variable.php0+76

      @@ -0,0 +1,76 @@
      1<?php
      2# $Id: $
      3$jsvari = (object) array (
      4  'atc'     => (object) array (
      5    'ckeyv' => '/[^[:alnum:]]/',
      6    'ckey' => '/[^0-9]/',
      7    'reno' => '/[^0-9]/',
      8    'html' => '/[^0-9]/',
      9    'no'   => '/[^0-9]/',
      10    'delete_dir' => '/[^a-z0-9\/_-]/i',
      11    'delete_filename' => '/[^a-z0-9_-.]/i',
      12  ),
      13  'cenable' => (object) array (
      14    'ore' => '/[^0-9]/',
      15  ),
      16  'check'   => '/[^0-9]/',
      17  'goaway'  => '/[^0-9]/',
      18  'lu'      => '/[^\xA1-\xFEa-z0-9.]/',
      19  'm'       => '/[^[:alpha:]]/',
      20  'nd'      => '/[^0-9]/',
      21  'no'      => '/[^0-9]/',
      22  'o'       => (object) array (
      23    'at'  => '/[^[:alpha:]]/',
      24    'er'  => '/[^[:alpha:]]/',
      25    'sc'  => '/[^[:alpha:]]/',
      26    'sct' => '/[^[:alpha:]]/',
      27    'stt' => '/[^[:alpha:]]/',
      28    'st'  => '/[^[:alpha:]]/',
      29    'y1'  => '/[^0-9]/',
      30    'y2'  => '/[^0-9]/',
      31    'm1'  => '/[^0-9]/',
      32    'm2'  => '/[^0-9]/',
      33    'd1'  => '/[^0-9]/',
      34    'd2'  => '/[^0-9]/'
      35  ),
      36  'page'    => '/[^0-9]/',
      37  't'       => '/[^[:alpha:]]/',
      38  'table'   => '/[^A-Za-z0-9_-]/',
      39  'type'    => '/[^[:alpha:]]/',
      40);
      41function fatal_error ($msg) {
      42  echo <<<EOF
      43<script type="text/javascript">
      44  alert('$msg');
      45</script>
      46EOF;
      47  exit;
      48}
      49function confirm_variable ($key, $value) {
      50  global $jsvari;
      51  if (!isset($jsvari->$key))
      52    return;
      53  if (is_array($value)) {
      54    foreach ($value as $k => $v) {
      55      if (!isset($jsvari->$key->$k)) continue;
      56      if (preg_match($jsvari->$key->$k,$v)) {
      57        $msg = sprintf('You can not access with %s[%s]=%s', $key, $k, $v);
      58        fatal_error($msg);
      59        exit;
      60      }
      61    }
      62    return;
      63  }
      64  if (preg_match($jsvari->$key,$value)) {
      65    $msg = sprintf('You can\\\'t access with %s=%s', $key, $value);
      66    fatal_error($msg);
      67    exit;
      68  }
      69  return;
      70}
      71?>

    • include/LANG/en.php-1+3

      @@ -56,6 +56,7 @@
      56$langs['act_same'] = "Please don't post duplicate article.";
57$langs['act_dc'] = "Nothing is changed.";
58$langs['act_complete'] = "Updated successfully";

      59$langs['upfile_rule'] = 'You can use [A-Za-z0-9_-.] characters for upload file name.';
      59
60# list.ph message
61$langs['ln_re'] = "Reply";

      @@ -254,6 +255,7 @@
      254$langs['n_promise'] = "This name is reserved word in DB.";
255$langs['n_acc'] = "Specified nonexistent board name.";
256$langs['a_acc'] = "The board with this name already exists.";

      258$langs['tb_rule'] = 'You can use [A-Za-z0-9_-] characters for board name.';
      257
258$langs['first1'] = "Distributor";
259$langs['first2'] = "After reading this, you must delete this article!";

      @@ -356,7 +358,7 @@
      356$langs['u_print'] = "User info";
357$langs['chk_id_y'] = "You can use this ID.";
358$langs['chk_id_n'] = "This ID already exists.";

      359$langs['chk_id_s'] = "ID should be alphanumeric or Korean only.";
      361$langs['chk_id_s'] = "ID should be alphanumeric or Korean or dot only.";
      360
361$langs['reg_id'] = "Specify ID";
362$langs['reg_name'] = "Specify name";

    • include/LANG/ko.php-1+3

      @@ -57,6 +57,7 @@
      57$langs['act_same'] = "Ȱ  ι ø ʽÿ.";
58$langs['act_dc'] = "ٲ  ϴ.";
59$langs['act_complete'] = " ϷǾϴ";

      60$langs['upfile_rule'] = 'ε ̸ [A-Za-z0-9_-.] ڸ   ֽϴ.';
      60
61# list.ph message
62$langs['ln_re'] = "";

      @@ -257,6 +258,7 @@
      257$langs['n_promise'] = "Ͻ Խ ̸ DB ϴ Դϴ.";
258$langs['n_acc'] = "Խ   ʽϴ.";
259$langs['a_acc'] = "̹  ̸ Խ  մϴ.";

      261$langs['tb_rule'] = 'Խ ̸ [A-Za-z0-9_-] ڸ   ֽϴ.';
      260
261$langs['first1'] = "";
262$langs['first2'] = "   Ŀ  Ͻʽÿ!";

      @@ -359,7 +361,7 @@
      359$langs['u_print'] = "";
360$langs['chk_id_y'] = "Ҽ ִ ID Դϴ.";
361$langs['chk_id_n'] = "ID ̹ մϴ.";

      362$langs['chk_id_s'] = "ID ѱ, , ĸ Ҽ ֽϴ.";
      364$langs['chk_id_s'] = "ID ѱ, , , ħǥ Ҽ ֽϴ.";
      363
364$langs['reg_id'] = "ID   ֽʽÿ";
365$langs['reg_name'] = "̸  ֽʽÿ";

09.11.17-06:31:35

김정균

"State" was changed from "Open" to "Closed"

09.11.21-01:28:17

김정균

CVS commit 완료 및 1.3.15/2.0.15 release

09.11.21-01:28:17

김정균

Set to Notice

09.11.21-01:28:51

Monitor View list