From 02b085b4be32584b80ae2e17ff8e34e554bdf9ab Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 20 Nov 2020 13:52:27 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-0797]=20=EC=98=81=EC=B9=B4=ED=8A=B8?=
 =?UTF-8?q?=20SQL=20=EC=9D=B8=EC=A0=9D=EC=85=98=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 5a6629d61..29ce6d4b6 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3819,7 +3819,7 @@ function is_include_path_check($path='', $is_input='')
             if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){
                 return false;
             }
-            if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) ){
+            if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) || (preg_match('/search\.skin\.php/i', $replace_path) ) ){
                 return false;
             }
             if( substr_count($replace_path, './') > 5 ){