Merge branch 'master' of github.com:gnuboard/g5

bbs/view_image.php

@@ -4,12 +4,12 @@ include_once('./_common.php');
 $g5['title'] = '이미지 크게보기';
 include_once(G5_PATH.'/head.sub.php');
 
-$filename = preg_replace('/[^A-Za-z0-9 _ .-\/]/', '', $_GET['fn']);
+$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']);
 
 $extension = pathinfo($filename, PATHINFO_EXTENSION);
 
 if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){
-    alert_close('확장자가 이미지인것만 요청할수 있습니다.');
+    alert_close('이미지 확장자가 아닙니다.');
 }
 
 if(strpos($filename, 'data/editor')) {

lib/common.lib.php

@@ -3423,10 +3423,13 @@ function is_use_email_certify(){
 
 function get_real_client_ip(){
 
-    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
-        return $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $real_ip = $_SERVER['REMOTE_ADDR'];
 
-    return $_SERVER['REMOTE_ADDR'];
+    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_SERVER['HTTP_X_FORWARDED_FOR']) ){
+        $real_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    }
+
+    return preg_replace('/[^0-9.]/', '', $real_ip);
 }
 
 function get_call_func_cache($func, $args=array()){