From 0a0ff36b415b79d4227d496a1419a80eb620ea53 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Thu, 13 Jun 2013 17:01:19 +0900
Subject: [PATCH] =?UTF-8?q?=EC=97=90=EB=94=94=ED=84=B0=EC=97=90=EC=84=9C?=
 =?UTF-8?q?=20=EC=B2=A8=EB=B6=80=EB=90=9C=20=EC=95=84=EC=9D=B4=EC=BD=98=20?=
 =?UTF-8?q?=EC=9D=B4=EB=AF=B8=EC=A7=80=EA=B0=80=20=EC=8D=B8=EB=84=A4?=
 =?UTF-8?q?=EC=9D=BC=20=EC=83=9D=EC=84=B1=EB=90=98=EB=8A=94=20=EB=AC=B8?=
 =?UTF-8?q?=EC=A0=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/thumbnail.lib.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php
index 1c8b2f6e6..5daeaaab4 100644
--- a/lib/thumbnail.lib.php
+++ b/lib/thumbnail.lib.php
@@ -34,6 +34,9 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
             else
                 $data_path = $p['path'];
 
+            if(!preg_match('/^\/'.G4_DATA_DIR.'/', $data_path))
+                continue;
+
             $srcfile = G4_PATH.$data_path;
 
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $srcfile) && is_file($srcfile)) {
@@ -107,6 +110,9 @@ function get_view_thumbnail($contents)
         else
             $data_path = $p['path'];
 
+        if(!preg_match('/^\/'.G4_DATA_DIR.'/', $data_path))
+            continue;
+
         $srcfile = G4_PATH.$data_path;
 
         if(is_file($srcfile)) {