diff --git a/bbs/view_image.php b/bbs/view_image.php
index bc7f8e63e..196df9f4c 100644
--- a/bbs/view_image.php
+++ b/bbs/view_image.php
@@ -4,12 +4,12 @@ include_once('./_common.php');
 $g5['title'] = '이미지 크게보기';
 include_once(G5_PATH.'/head.sub.php');
 
-$filename = preg_replace('/[^A-Za-z0-9 _ .-\/]/', '', $_GET['fn']);
+$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']);
 
 $extension = pathinfo($filename, PATHINFO_EXTENSION);
 
 if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){
-    alert_close('확장자가 이미지인것만 요청할수 있습니다.');
+    alert_close('이미지 확장자가 아닙니다.');
 }
 
 if(strpos($filename, 'data/editor')) {
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 65f555a0d..c12ff17e3 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3423,10 +3423,13 @@ function is_use_email_certify(){
 
 function get_real_client_ip(){
 
-    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
-        return $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $real_ip = $_SERVER['REMOTE_ADDR'];
 
-    return $_SERVER['REMOTE_ADDR'];
+    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_SERVER['HTTP_X_FORWARDED_FOR']) ){
+        $real_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    }
+
+    return preg_replace('/[^0-9.]/', '', $real_ip);
 }
 
 function get_call_func_cache($func, $args=array()){