From 605933c5168036d1cf7c1b734eb03d9a09597d7a Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Thu, 18 Jun 2015 15:49:04 +0900
Subject: [PATCH 1/7] =?UTF-8?q?lo=5Furl=20=EC=9D=98=20XSS=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/current_connect.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {

From 4d9e6be3944ec352a936fa703a6418291ca0f5ba Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Thu, 18 Jun 2015 17:33:21 +0900
Subject: [PATCH 2/7] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/current_connect.php | 1 +
 head.sub.php            | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {
diff --git a/head.sub.php b/head.sub.php
index bcfb4b9c2..96a8d8d27 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -23,8 +23,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
-$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
+    $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
+$g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';
 
 /*

From 1b8069eec8f84551653a616a661b29a650bad029 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Thu, 18 Jun 2015 17:45:00 +0900
Subject: [PATCH 3/7] =?UTF-8?q?cf=5Finclude=5Fhead=20=EC=84=A4=EC=A0=95=20?=
 =?UTF-8?q?=EC=A0=81=EC=9A=A9=20=EC=BD=94=EB=93=9C=20=EC=9C=84=EC=B9=98=20?=
 =?UTF-8?q?=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 head.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/head.php b/head.php
index c27416c4e..cccc0f2db 100644
--- a/head.php
+++ b/head.php
@@ -1,6 +1,12 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
+// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
+if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
+    include_once(G5_PATH.'/'.$config['cf_include_head']);
+    return; // 이 코드의 아래는 실행을 하지 않습니다.
+}
+
 include_once(G5_PATH.'/head.sub.php');
 include_once(G5_LIB_PATH.'/latest.lib.php');
 include_once(G5_LIB_PATH.'/outlogin.lib.php');
@@ -9,12 +15,6 @@ include_once(G5_LIB_PATH.'/visit.lib.php');
 include_once(G5_LIB_PATH.'/connect.lib.php');
 include_once(G5_LIB_PATH.'/popular.lib.php');
 
-// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
-if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
-    include_once(G5_PATH.'/'.$config['cf_include_head']);
-    return; // 이 코드의 아래는 실행을 하지 않습니다.
-}
-
 if (G5_IS_MOBILE) {
     include_once(G5_MOBILE_PATH.'/head.php');
     return;

From 4c2591af36979ac72d0bcb7d02df8c02f9813774 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Fri, 19 Jun 2015 09:48:28 +0900
Subject: [PATCH 4/7] =?UTF-8?q?xss=20=EA=B4=80=EB=A0=A8=20=ED=83=9C?=
 =?UTF-8?q?=EA=B7=B8=20=EC=A0=9C=EA=B1=B0=20=ED=95=A8=EC=88=98=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/member_confirm.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index e3f1e9ab6..9f214f289 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -14,7 +14,7 @@ else
 $g5['title'] = '회원 비밀번호 확인';
 include_once('./_head.sub.php');
 
-$url = $_GET['url'];
+$url = clean_xss_tags($_GET['url']);
 
 // url 체크
 check_url_host($url);

From cbe9c53262257ca6af297f296d8fed39e914e167 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Mon, 22 Jun 2015 17:27:16 +0900
Subject: [PATCH 5/7] =?UTF-8?q?=EB=B2=84=EC=A0=84=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index 613073dbb..ca8744855 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.0.36');
+define('G5_GNUBOARD_VER', '5.0.37');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);

From b4b24aadfd62768e55e82c6a3fb35c95d4b47c65 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Tue, 23 Jun 2015 11:01:07 +0900
Subject: [PATCH 6/7] =?UTF-8?q?PHP=5FSELF=20=EB=A5=BC=20=EC=9D=B4=EC=9A=A9?=
 =?UTF-8?q?=ED=95=9C=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php | 36 +++++++++++++++++++++++++++++++++++-
 mobile/tail.php    | 26 ++------------------------
 tail.php           | 26 ++------------------------
 3 files changed, 39 insertions(+), 49 deletions(-)

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 5ee99b547..526d36f4f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -2881,7 +2881,7 @@ function clean_query_string($query, $amp=true)
         $q = array();
 
         foreach($out as $key=>$val) {
-            $key = trim($key);
+            $key = strip_tags(trim($key));
             $val = trim($val);
 
             switch($key) {
@@ -2953,4 +2953,38 @@ function clean_query_string($query, $amp=true)
 
     return $str;
 }
+
+function get_device_change_url()
+{
+    $p = parse_url(G5_URL);
+    $href = $p['scheme'].'://'.$p['host'];
+    if(isset($p['port']) && $p['port'])
+        $href .= ':'.$p['port'];
+    $href .= $_SERVER['SCRIPT_NAME'];
+
+    $q = array();
+    $device = 'device='.(G5_IS_MOBILE ? 'pc' : 'mobile');
+
+    if($_SERVER['QUERY_STRING']) {
+        foreach($_GET as $key=>$val) {
+            if($key == 'device')
+                continue;
+
+            $key = strip_tags($key);
+            $val = strip_tags($val);
+
+            if($key && $val)
+                $q[$key] = $val;
+        }
+    }
+
+    if(!empty($q)) {
+        $query = http_build_query($q, '', '&amp;');
+        $href .= '?'.$query.'&amp;'.$device;
+    } else {
+        $href .= '?'.$device;
+    }
+
+    return $href;
+}
 ?>
\ No newline at end of file
diff --git a/mobile/tail.php b/mobile/tail.php
index ceecca3fd..44d88ff22 100644
--- a/mobile/tail.php
+++ b/mobile/tail.php
@@ -25,30 +25,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 </div>
 
 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'];
-    if(isset($p['port']) && $p['port'])
-        $href .= ':'.$p['port'];
-    $href .= $_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.$val;
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=pc';
-    else
-        $href .= '?device=pc';
-?>
-<a href="<?php echo $href; ?>" id="device_change">PC 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">PC 버전으로 보기</a>
 <?php
 }
 
diff --git a/tail.php b/tail.php
index 8418253c6..48c1e7103 100644
--- a/tail.php
+++ b/tail.php
@@ -38,30 +38,8 @@ if (G5_IS_MOBILE) {
 </div>
 
 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'];
-    if(isset($p['port']) && $p['port'])
-        $href .= ':'.$p['port'];
-    $href .= $_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.strip_tags($val);
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=mobile';
-    else
-        $href .= '?device=mobile';
-?>
-<a href="<?php echo $href; ?>" id="device_change">모바일 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">모바일 버전으로 보기</a>
 <?php
 }
 

From 808ac0f0e6baff97e9d2eceaf6fbd64622cb5cfc Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Wed, 24 Jun 2015 17:02:29 +0900
Subject: [PATCH 7/7] =?UTF-8?q?PHP=5FSELF=20=EB=A5=BC=20SCRIPT=5FNAME=20?=
 =?UTF-8?q?=EC=9C=BC=EB=A1=9C=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.lib.php                       |  1 -
 adm/auth_list.php                       |  4 +-
 adm/board_list.php                      |  4 +-
 adm/boardgroup_list.php                 |  4 +-
 adm/boardgroupmember_list.php           |  2 +-
 adm/contentlist.php                     |  4 +-
 adm/faqmasterlist.php                   |  4 +-
 adm/index.php                           |  2 +-
 adm/member_list.php                     |  2 +-
 adm/point_list.php                      |  4 +-
 adm/poll_list.php                       |  4 +-
 adm/popular_list.php                    |  6 +-
 adm/popular_rank.php                    |  4 +-
 adm/sms_admin/_common.php               |  2 +-
 adm/sms_admin/ajax.sms_write_person.php |  2 +-
 adm/sms_admin/form_list.php             |  6 +-
 adm/sms_admin/history_list.php          |  4 +-
 adm/sms_admin/history_member.php        |  4 +-
 adm/sms_admin/history_num.php           |  4 +-
 adm/sms_admin/history_view.php          |  4 +-
 adm/sms_admin/install.php               |  2 +-
 adm/sms_admin/num_book.php              |  6 +-
 adm/sms_admin/sms_write_form.php        |  2 +-
 adm/visit_list.php                      |  2 +-
 adm/visit_search.php                    |  8 +--
 bbs/search.php                          |  4 +-
 bbs/write.php                           | 10 +--
 lib/common.lib.php                      |  6 +-
 lib/mailer.lib.php                      | 96 ++++++++++++-------------
 mobile/skin/faq/basic/list.skin.php     |  2 +-
 mobile/skin/member/basic/point.skin.php |  2 +-
 skin/faq/basic/list.skin.php            |  2 +-
 skin/member/basic/point.skin.php        |  2 +-
 33 files changed, 107 insertions(+), 108 deletions(-)

diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 53410238e..38a1183f4 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -191,7 +191,6 @@ function order_select($fld, $sel='')
 // 접근 권한 검사
 if (!$member['mb_id'])
 {
-    //alert('로그인 하십시오.', '$g5['bbs_path']/login.php?url=' . urlencode('$_SERVER['PHP_SELF']?w=$w&mb_id=$mb_id'));
     alert('로그인 하십시오.', G5_BBS_URL.'/login.php?url=' . urlencode(G5_ADMIN_URL));
 }
 else if ($is_admin != 'super')
diff --git a/adm/auth_list.php b/adm/auth_list.php
index fc11f400e..3dfad19f5 100644
--- a/adm/auth_list.php
+++ b/adm/auth_list.php
@@ -45,7 +45,7 @@ $sql = " select *
             limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = "관리권한설정";
 include_once('./admin.head.php');
@@ -158,7 +158,7 @@ else
 </form>
 
 <?php
-$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page=');
+$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page=');
 echo $pagelist;
 ?>
 
diff --git a/adm/board_list.php b/adm/board_list.php
index 1c51da1d2..ade37535c 100644
--- a/adm/board_list.php
+++ b/adm/board_list.php
@@ -46,7 +46,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = '게시판관리';
 include_once('./admin.head.php');
@@ -208,7 +208,7 @@ $colspan = 15;
 
 </form>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>
 
 <script>
 function fboardlist_submit(f)
diff --git a/adm/boardgroup_list.php b/adm/boardgroup_list.php
index 8d5e109d9..7fe391650 100644
--- a/adm/boardgroup_list.php
+++ b/adm/boardgroup_list.php
@@ -50,7 +50,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">처음</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">처음</a>';
 
 $g5['title'] = '게시판그룹설정';
 include_once('./admin.head.php');
@@ -190,7 +190,7 @@ $colspan = 10;
 </div>
 
 <?php
-$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page=');
+$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page=');
 echo $pagelist;
 ?>
 
diff --git a/adm/boardgroupmember_list.php b/adm/boardgroupmember_list.php
index 9692b976c..8827df7f1 100644
--- a/adm/boardgroupmember_list.php
+++ b/adm/boardgroupmember_list.php
@@ -137,7 +137,7 @@ $colspan = 7;
 </div>
 </form>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;gr_id=$gr_id&page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;gr_id=$gr_id&page="); ?>
 
 <script>
 function fboardgroupmember_submit(f)
diff --git a/adm/contentlist.php b/adm/contentlist.php
index 9f668507c..7f8ce87ca 100644
--- a/adm/contentlist.php
+++ b/adm/contentlist.php
@@ -50,7 +50,7 @@ $result = sql_query($sql);
 ?>
 
 <div class="local_ov01 local_ov">
-    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['PHP_SELF']; ?>">처음으로</a><?php } ?>
+    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>">처음으로</a><?php } ?>
     <span>전체 내용 <?php echo $total_count; ?>건</span>
 </div>
 
@@ -91,7 +91,7 @@ $result = sql_query($sql);
     </table>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
 include_once (G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/faqmasterlist.php b/adm/faqmasterlist.php
index bf6f24039..c21ea47e2 100644
--- a/adm/faqmasterlist.php
+++ b/adm/faqmasterlist.php
@@ -64,7 +64,7 @@ $result = sql_query($sql);
 ?>
 
 <div class="local_ov01 local_ov">
-    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['PHP_SELF']; ?>">처음으로</a><?php } ?>
+    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>">처음으로</a><?php } ?>
     <span>전체 FAQ <?php echo $total_count; ?>건</span>
 </div>
 
@@ -121,7 +121,7 @@ $result = sql_query($sql);
     </table>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
 include_once (G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/index.php b/adm/index.php
index f5a1b2f79..a579ad851 100644
--- a/adm/index.php
+++ b/adm/index.php
@@ -84,7 +84,7 @@ $colspan = 12;
             else
             {
                 $s_mod = '<a href="./member_form.php?$qstr&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
-                $s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['PHP_SELF'].'\');">삭제</a>';
+                $s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'\');">삭제</a>';
             }
             $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';
 
diff --git a/adm/member_list.php b/adm/member_list.php
index 3b773a5f7..ea3c6e4c6 100644
--- a/adm/member_list.php
+++ b/adm/member_list.php
@@ -56,7 +56,7 @@ $sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_intercept_dat
 $row = sql_fetch($sql);
 $intercept_count = $row['cnt'];
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = '회원관리';
 include_once('./admin.head.php');
diff --git a/adm/point_list.php b/adm/point_list.php
index 084c5ad09..eaed7aaff 100644
--- a/adm/point_list.php
+++ b/adm/point_list.php
@@ -48,7 +48,7 @@ $sql = " select *
             limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $mb = array();
 if ($sfl == 'mb_id' && $stx)
@@ -181,7 +181,7 @@ else
 
 </form>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <section id="point_mng">
     <h2 class="h2_frm">개별회원 포인트 증감 설정</h2>
diff --git a/adm/poll_list.php b/adm/poll_list.php
index 0408f00ad..2de51e514 100644
--- a/adm/poll_list.php
+++ b/adm/poll_list.php
@@ -44,7 +44,7 @@ $sql = " select *
             limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = '투표관리';
 include_once('./admin.head.php');
@@ -138,7 +138,7 @@ $colspan = 7;
 </div>
 </form>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <script>
 $(function() {
diff --git a/adm/popular_list.php b/adm/popular_list.php
index 725039337..8033a5692 100644
--- a/adm/popular_list.php
+++ b/adm/popular_list.php
@@ -57,7 +57,7 @@ $sql = " select *
             limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = '인기검색어관리';
 include_once('./admin.head.php');
@@ -123,7 +123,7 @@ var list_delete_php = 'popular_list.php';
             <label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $word ?></label>
             <input type="checkbox" name="chk[]" value="<?php echo $row['pp_id'] ?>" id="chk_<?php echo $i ?>">
         </td>
-        <td><a href="<?php echo $_SERVER['PHP_SELF'] ?>?sfl=pp_word&amp;stx=<?php echo $word ?>"><?php echo $word ?></a></td>
+        <td><a href="<?php echo $_SERVER['SCRIPT_NAME'] ?>?sfl=pp_word&amp;stx=<?php echo $word ?>"><?php echo $word ?></a></td>
         <td><?php echo $row['pp_date'] ?></td>
         <td><?php echo $row['pp_ip'] ?></td>
     </tr>
@@ -147,7 +147,7 @@ var list_delete_php = 'popular_list.php';
 
 </form>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <script>
 $(function() {
diff --git a/adm/popular_rank.php b/adm/popular_rank.php
index 4c47720c2..e2bdd737d 100644
--- a/adm/popular_rank.php
+++ b/adm/popular_rank.php
@@ -26,7 +26,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select pp_word, count(*) as cnt {$sql_common} {$sql_search} {$sql_group} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);
 
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';
 
 $g5['title'] = '인기검색어순위';
 include_once('./admin.head.php');
@@ -104,7 +104,7 @@ $(function(){
 </form>
 
 <?php
-echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page=");
+echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
 ?>
 
 <?php
diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
index c2c148c40..e44e58e4d 100644
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@@ -3,7 +3,7 @@ define('G5_IS_ADMIN', true);
 include_once ('../../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
 
-if (!strstr($_SERVER['PHP_SELF'], 'install.php')) {
+if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
     if(!mysql_num_rows(mysql_query(" show tables like '{$g5['sms5_config_table']}' ")))
         goto_url('install.php');
 
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index 98eba4a5a..97dedc14c 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -131,7 +131,7 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
     <span class="pg" id="person_pg"></span>
 </nav>
 
-<form name="search_form" id="sms_person_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="search_form" id="sms_person_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="total_pg" value="<?php echo $total_page?>">
 <input type="hidden" name="page" value="<?php echo $page?>">
 
diff --git a/adm/sms_admin/form_list.php b/adm/sms_admin/form_list.php
index 008405441..6766b699d 100644
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@@ -109,7 +109,7 @@ function multi_update(sel)
 <div class="local_sch01 local_sch sms_preset_sch">
     <form>
     <label for="fg_no" class="sound_only">그룹명</label>
-    <select name="fg_no" onchange="location.href='<?php echo $_SERVER['PHP_SELF']?>?fg_no='+this.value;">
+    <select name="fg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?fg_no='+this.value;">
         <option value="" <?php echo $fg_no?'':'selected'?>> 전체 </option>
         <option value="0" <?php echo $fg_no=='0'?'selected':''?>> 미분류 (<?php echo number_format($no_count)?>) </option>
         <?php for($i=0; $i<count($group); $i++) {?>
@@ -118,7 +118,7 @@ function multi_update(sel)
     </select>
     </form>
 
-    <form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+    <form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
     <input type="hidden" name="fg_no" value="<?php echo $fg_no;?>">
     <label for="st" class="sound_only">검색대상</label>
     <select name="st" id="st">
@@ -231,7 +231,7 @@ function select_copy(sw, f) {
 }
 </script>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/history_list.php b/adm/sms_admin/history_list.php
index 193937878..bf6d1afd0 100644
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
-<form name="search_form" id="search_form" action=<?php echo $_SERVER['PHP_SELF'];?> class="local_sch01 local_sch" method="get">
+<form name="search_form" id="search_form" action=<?php echo $_SERVER['SCRIPT_NAME'];?> class="local_sch01 local_sch" method="get">
 
 <label for="st" class="sound_only">검색대상</label>
 <input type="hidden" name="st" id="st" value="wr_message" >
@@ -91,7 +91,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     </table>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/history_member.php b/adm/sms_admin/history_member.php
index 21fe0c84e..1de0755ff 100644
--- a/adm/sms_admin/history_member.php
+++ b/adm/sms_admin/history_member.php
@@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
-<form name="search_form" method="get" action="<?php echo $_SEVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SEVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
     <option value="mb_id"<?php echo get_selected('mh_name', $st); ?>>아이디</option>
@@ -83,7 +83,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     </table>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php
index 04f6c7ed2..a2de1b2b3 100644
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
-<form name="search_form" method="get" action="<?echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch" >
+<form name="search_form" method="get" action="<?echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
     <option value="hs_name"<?php echo get_selected('hs_name', $st); ?>>이름</option>
@@ -100,7 +100,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     </table>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 8acd6396b..fced00ba2 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -63,7 +63,7 @@ function all_send()
 }
 </script>
 
-<form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <input type="hidden" name="wr_no" value="<?php echo $wr_no?>">
 <input type="hidden" name="wr_renum" value="<?php echo $wr_renum?>">
 <input type="hidden" name="page" value="<?php echo $page?>">
@@ -244,7 +244,7 @@ function all_send()
     </div>
 </div>
 
-<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
+<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['SCRIPT_NAME']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/install.php b/adm/sms_admin/install.php
index 1d63070be..27e72da67 100644
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@@ -10,7 +10,7 @@ $setup = $_POST['setup'];
 
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
-<form name="hidden_form" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="hidden_form" method="post" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="setup">
 </form>
 <?php
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index 9813ea938..39c1182e8 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -107,7 +107,7 @@ function no_hp_click(val)
     <span class="ov_listall">거부 <?php echo number_format($reject_count)?>명</span>
 </div>
 
-<form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <input type="hidden" name="bg_no" value="<?php echo $bg_no?>" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
@@ -122,7 +122,7 @@ function no_hp_click(val)
 
 <form name="search_form" class="local_sch01 local_sch">
 <label for="bg_no" class="sound_only">그룹명</label>
-<select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['PHP_SELF']?>?bg_no='+this.value;">
+<select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?bg_no='+this.value;">
     <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
     <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
     <?php for($i=0; $i<count($group); $i++) {?>
@@ -256,7 +256,7 @@ function select_copy(sw, f) {
 }
 </script>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php
index 23435005a..fdbf64c91 100644
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@@ -23,7 +23,7 @@ $no_count = $res['cnt'];
 <ul class="emo_list">
 </ul>
 
-<form name="emo_sch" id="emo_sch" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="emo_sch" id="emo_sch" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="fg_no" value="<?php echo $fg_no?>">
 <input type="hidden" name="page" id="hidden_page" >
 <input type="hidden" name="fg_no" id="hidden_fg_no" >
diff --git a/adm/visit_list.php b/adm/visit_list.php
index f4934488a..afc950164 100644
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@@ -102,7 +102,7 @@ if (isset($domain))
     $qstr .= "&amp;domain=$domain";
 $qstr .= "&amp;page=";
 
-$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr");
+$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr");
 echo $pagelist;
 
 include_once('./admin.tail.php');
diff --git a/adm/visit_search.php b/adm/visit_search.php
index fb52d05f2..23f1af471 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -10,7 +10,7 @@ include_once('./admin.head.php');
 include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
 $colspan = 5;
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음으로 (초기화용도)
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처음으로 (초기화용도)
 ?>
 
 <div class="local_sch local_sch01">
@@ -98,11 +98,11 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
         $bg = 'bg'.($i%2);
     ?>
     <tr class="<?php echo $bg; ?>">
-        <td class="td_id"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sfl=vi_ip&amp;stx=<?php echo $ip; ?>"><?php echo $ip; ?></a></td>
+        <td class="td_id"><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>?sfl=vi_ip&amp;stx=<?php echo $ip; ?>"><?php echo $ip; ?></a></td>
         <td><?php echo $link.$title; ?></a></td>
         <td class="td_idsmall"><?php echo $brow; ?></td>
         <td class="td_idsmall"><?php echo $os; ?></td>
-        <td class="td_datetime"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sfl=vi_date&amp;stx=<?php echo $row['vi_date']; ?>"><?php echo $row['vi_date']; ?></a> <?php echo $row['vi_time']; ?></td>
+        <td class="td_datetime"><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>?sfl=vi_date&amp;stx=<?php echo $row['vi_date']; ?>"><?php echo $row['vi_date']; ?></a> <?php echo $row['vi_time']; ?></td>
     </tr>
     <?php } ?>
     <?php if ($i == 0) echo '<tr><td colspan="'.$colspan.'" class="empty_table">자료가 없습니다.</td></tr>'; ?>
@@ -111,7 +111,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
 </div>
 
 <?php
-$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;domain='.$domain.'&amp;page=');
+$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;domain='.$domain.'&amp;page=');
 if ($pagelist) {
     echo $pagelist;
 }
diff --git a/bbs/search.php b/bbs/search.php
index ed0058d54..9548bfae7 100644
--- a/bbs/search.php
+++ b/bbs/search.php
@@ -135,7 +135,7 @@ if ($stx) {
             $sch_all = "";
             if ($onetable == $g5_search['tables'][$i]) $sch_class = "class=sch_on";
             else $sch_all = "class=sch_on";
-            $str_board_list .= '<li><a href="'.$_SERVER['PHP_SELF'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;onetable='.$g5_search['tables'][$i].'" '.$sch_class.'><strong>'.$row2['bo_subject'].'</strong><span class="cnt_cmt">'.$row['cnt'].'</span></a></li>';
+            $str_board_list .= '<li><a href="'.$_SERVER['SCRIPT_NAME'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;onetable='.$g5_search['tables'][$i].'" '.$sch_class.'><strong>'.$row2['bo_subject'].'</strong><span class="cnt_cmt">'.$row['cnt'].'</span></a></li>';
         }
     }
 
@@ -217,7 +217,7 @@ if ($stx) {
         $from_record = 0;
     }
 
-    $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;srows='.$srows.'&amp;onetable='.$onetable.'&amp;page=');
+    $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;srows='.$srows.'&amp;onetable='.$onetable.'&amp;page=');
 }
 
 $group_select = '<label for="gr_id" class="sound_only">게시판 그룹선택</label><select name="gr_id" id="gr_id" class="select"><option value="">전체 분류';
diff --git a/bbs/write.php b/bbs/write.php
index 6f4149aad..3f026298a 100644
--- a/bbs/write.php
+++ b/bbs/write.php
@@ -40,7 +40,7 @@ if ($w == '') {
         if ($member['mb_id']) {
             alert('글을 쓸 권한이 없습니다.');
         } else {
-            alert("글을 쓸 권한이 없습니다.\\n회원이시라면 로그인 후 이용해 보십시오.", './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert("글을 쓸 권한이 없습니다.\\n회원이시라면 로그인 후 이용해 보십시오.", './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
         }
     }
 
@@ -62,7 +62,7 @@ if ($w == '') {
         if ($member['mb_id']) {
             alert('글을 수정할 권한이 없습니다.');
         } else {
-            alert('글을 수정할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert('글을 수정할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
         }
     }
 
@@ -95,7 +95,7 @@ if ($w == '') {
         if ($member['mb_id'])
             alert('글을 답변할 권한이 없습니다.');
         else
-            alert('답변글을 작성할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert('답변글을 작성할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
     }
 
     $tmp_point = isset($member['mb_point']) ? $member['mb_point'] : 0;
@@ -165,7 +165,7 @@ if ($w == '') {
 // 그룹접근 가능
 if (!empty($group['gr_use_access'])) {
     if ($is_guest) {
-        alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+        alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
     }
 
     if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) {
@@ -183,7 +183,7 @@ if (!empty($group['gr_use_access'])) {
 if ($config['cf_cert_use'] && !$is_admin) {
     // 인증된 회원만 가능
     if ($board['bo_use_cert'] != '' && $is_guest) {
-        alert('이 게시판은 본인확인 하신 회원님만 글쓰기가 가능합니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+        alert('이 게시판은 본인확인 하신 회원님만 글쓰기가 가능합니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
     }
 
     if ($board['bo_use_cert'] == 'cert' && !$member['mb_certify']) {
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 526d36f4f..2d82d02d0 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -745,7 +745,7 @@ function subject_sort_link($col, $query_string='', $flag='asc')
     $arr_query[] = 'page='.$page;
     $qstr = implode("&amp;", $arr_query);
 
-    return "<a href=\"{$_SERVER['PHP_SELF']}?{$qstr}\">";
+    return "<a href=\"{$_SERVER['SCRIPT_NAME']}?{$qstr}\">";
 }
 
 
@@ -1454,7 +1454,7 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
     $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);
 
     if ($error)
-        $result = @mysql_query($sql, $g5['connect_db']) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['PHP_SELF']}");
+        $result = @mysql_query($sql, $g5['connect_db']) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['SCRIPT_NAME']}");
     else
         $result = @mysql_query($sql, $g5['connect_db']);
 
@@ -1466,7 +1466,7 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
 function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR)
 {
     $result = sql_query($sql, $error);
-    //$row = @sql_fetch_array($result) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER['PHP_SELF']");
+    //$row = @sql_fetch_array($result) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER['SCRIPT_NAME']");
     $row = sql_fetch_array($result);
     return $row;
 }
diff --git a/lib/mailer.lib.php b/lib/mailer.lib.php
index a149931b7..42593a3c3 100644
--- a/lib/mailer.lib.php
+++ b/lib/mailer.lib.php
@@ -5,16 +5,16 @@ include_once(G5_PHPMAILER_PATH.'/class.phpmailer.php');
 
 // 메일 보내기 (파일 여러개 첨부 가능)
 // type : text=0, html=1, text+html=2
-function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="") 
-{ 
-    global $config; 
-    global $g5; 
+function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="")
+{
+    global $config;
+    global $g5;
 
-    // 메일발송 사용을 하지 않는다면 
-    if (!$config['cf_email_use']) return; 
+    // 메일발송 사용을 하지 않는다면
+    if (!$config['cf_email_use']) return;
 
-    if ($type != 1) 
-        $content = nl2br($content); 
+    if ($type != 1)
+        $content = nl2br($content);
 
     $mail = new PHPMailer(); // defaults to using php "mail()"
     if (defined('G5_SMTP') && G5_SMTP) {
@@ -27,13 +27,13 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=
     $mail->AltBody = ""; // optional, comment out and test
     $mail->MsgHTML($content);
     $mail->AddAddress($to);
-    if ($cc) 
+    if ($cc)
         $mail->AddCC($cc);
-    if ($bcc) 
+    if ($bcc)
         $mail->AddBCC($bcc);
     //print_r2($file); exit;
-    if ($file != "") { 
-        foreach ($file as $f) { 
+    if ($file != "") {
+        foreach ($file as $f) {
             $mail->AddAttachment($f['path'], $f['name']);
         }
     }
@@ -61,27 +61,27 @@ function attach_file($filename, $tmp_name)
 /*
 // 메일 보내기 (파일 여러개 첨부 가능)
 // type : text=0, html=1, text+html=2
-function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="") 
-{ 
-    global $config; 
-    global $g5; 
+function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="")
+{
+    global $config;
+    global $g5;
 
-    // 메일발송 사용을 하지 않는다면 
-    if (!$config['cf_email_use']) return; 
+    // 메일발송 사용을 하지 않는다면
+    if (!$config['cf_email_use']) return;
 
-    $boundary = uniqid(time()); 
+    $boundary = uniqid(time());
 
     $header = "Message-ID: <".generate_mail_id(preg_replace("/@.+$/i","",$to)).">\r\n".
               "From:=?utf-8?B?".base64_encode($fname)."?=<$fmail>\r\n";
-    if ($cc)  $header .= "Cc: $cc\n"; 
-    if ($bcc) $header .= "Bcc: $bcc\n"; 
-    $header .= "MIME-Version: 1.0\n"; 
-    $header .= "X-Mailer: SIR Mailer 0.94 : {$_SERVER['SERVER_ADDR']} : {$_SERVER['REMOTE_ADDR']} : ".G5_URL." : {$_SERVER['PHP_SELF']} : {$_SERVER['HTTP_REFERER']} \n"; 
+    if ($cc)  $header .= "Cc: $cc\n";
+    if ($bcc) $header .= "Bcc: $bcc\n";
+    $header .= "MIME-Version: 1.0\n";
+    $header .= "X-Mailer: SIR Mailer 0.94 : {$_SERVER['SERVER_ADDR']} : {$_SERVER['REMOTE_ADDR']} : ".G5_URL." : {$_SERVER['SCRIPT_NAME']} : {$_SERVER['HTTP_REFERER']} \n";
     $header .= "Date: ".date ("D, j M Y H:i:s T",time())."\r\n".
                "To: $to\r\n".
                "Subject: =?utf-8?B?".base64_encode($subject)."?=\r\n";
 
-    if ($file == "") { 
+    if ($file == "") {
         $header .= "Content-Type: MULTIPART/ALTERNATIVE;\n".
                    "              BOUNDARY=\"$boundary\"\n\n";
     } else {
@@ -89,39 +89,39 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=
                    "              BOUNDARY=\"$boundary\"\n\n";
     }
 
-    if ($type == 2) 
-        $content = nl2br($content); 
+    if ($type == 2)
+        $content = nl2br($content);
 
     $strip_content  = stripslashes(trim($content));
     $encode_content = chunk_split(base64_encode($strip_content));
 
     $body = "";
     $body .= "\n--$boundary\n";
-    $body .= "Content-Type: TEXT/PLAIN; charset=utf-8\n"; 
-    $body .= "Content-Transfer-Encoding: BASE64\n\n"; 
-    $body .= $encode_content; 
+    $body .= "Content-Type: TEXT/PLAIN; charset=utf-8\n";
+    $body .= "Content-Transfer-Encoding: BASE64\n\n";
+    $body .= $encode_content;
     $body .= "\n--$boundary\n";
 
-    if ($type) { 
-        $body .= "Content-Type: TEXT/HTML; charset=utf-8\n"; 
-        $body .= "Content-Transfer-Encoding: BASE64\n\n"; 
-        $body .= $encode_content; 
+    if ($type) {
+        $body .= "Content-Type: TEXT/HTML; charset=utf-8\n";
+        $body .= "Content-Transfer-Encoding: BASE64\n\n";
+        $body .= $encode_content;
         $body .= "\n--$boundary\n";
     }
 
-    if ($file != "") { 
-        foreach ($file as $f) { 
-            $body .= "n--$boundary\n"; 
-            $body .= "Content-Type: APPLICATION/OCTET-STREAM; name=$fname\n"; 
-            $body .= "Content-Transfer-Encoding: BASE64\n"; 
-            $body .= "Content-Disposition: inline; filename=$fname\n"; 
+    if ($file != "") {
+        foreach ($file as $f) {
+            $body .= "n--$boundary\n";
+            $body .= "Content-Type: APPLICATION/OCTET-STREAM; name=$fname\n";
+            $body .= "Content-Transfer-Encoding: BASE64\n";
+            $body .= "Content-Disposition: inline; filename=$fname\n";
 
-            $body .= "\n"; 
-            $body .= chunk_split(base64_encode($f['data'])); 
-            $body .= "\n"; 
-        } 
-        $body .= "--$boundary--\n"; 
-    } 
+            $body .= "\n";
+            $body .= chunk_split(base64_encode($f['data']));
+            $body .= "\n";
+        }
+        $body .= "--$boundary--\n";
+    }
 
     $mails['to'] = $to;
     $mails['from'] = $fmail;
@@ -129,7 +129,7 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=
 
     if (defined(G5_SMTP)) {
         ini_set('SMTP', G5_SMTP);
-        @mail($to, $subject, $body, $header, "-f $fmail"); 
+        @mail($to, $subject, $body, $header, "-f $fmail");
     } else {
         new maildaemon($mails);
     }
@@ -306,7 +306,7 @@ class maildaemon {
   #  $t -> 1 (debug of socket open,close)
   #        0 (regular smtp message)
   #  $p -> 1 (print detail debug)
-  # 
+  #
   # return 1 -> success
   # return 0 -> failed
   #
@@ -381,7 +381,7 @@ function generate_mail_id($uid) {
 function mail_header($to,$from,$title,$mta=0) {
   global $langs,$boundary;
 
-  # mail header 를 작성 
+  # mail header 를 작성
   $boundary = get_boundary_msg();
   $header = "Message-ID: <".generate_mail_id(preg_replace("/@.+$/i","",$to)).">\r\n".
             "From:=?utf-8?B?".base64_encode('보내는사람')."?=<$from>\r\n".
diff --git a/mobile/skin/faq/basic/list.skin.php b/mobile/skin/faq/basic/list.skin.php
index d64a533a1..f625ff36a 100644
--- a/mobile/skin/faq/basic/list.skin.php
+++ b/mobile/skin/faq/basic/list.skin.php
@@ -73,7 +73,7 @@ if( count($faq_master_list) ){
     ?>
 </div>
 
-<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>
 
 <?php
 // 하단 HTML
diff --git a/mobile/skin/member/basic/point.skin.php b/mobile/skin/member/basic/point.skin.php
index 93ce40a91..bc0ff54b7 100644
--- a/mobile/skin/member/basic/point.skin.php
+++ b/mobile/skin/member/basic/point.skin.php
@@ -75,7 +75,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         </div>
     </div>
 
-    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>
 
     <div class="win_btn"><button type="button" onclick="javascript:window.close();">창닫기</button></div>
 </div>
\ No newline at end of file
diff --git a/skin/faq/basic/list.skin.php b/skin/faq/basic/list.skin.php
index 5149fd1fe..86def35fd 100644
--- a/skin/faq/basic/list.skin.php
+++ b/skin/faq/basic/list.skin.php
@@ -79,7 +79,7 @@ if( count($faq_master_list) ){
     ?>
 </div>
 
-<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>
 
 <?php
 // 하단 HTML
diff --git a/skin/member/basic/point.skin.php b/skin/member/basic/point.skin.php
index 4e108db80..d0e754fba 100644
--- a/skin/member/basic/point.skin.php
+++ b/skin/member/basic/point.skin.php
@@ -82,7 +82,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         </table>
     </div>
 
-    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>
 
     <div class="win_btn"><button type="button" onclick="javascript:window.close();">창닫기</button></div>
 </div>
\ No newline at end of file