From 166bbe8da8cd0640650335aff834ba70a486f7a8 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 8 Jun 2017 13:40:50 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9B=90=EA=B2=A9=EC=BD=94=EB=93=9C=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=2017-354=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/_common.php                     |  4 ++++
 adm/shop_admin/bannerformupdate.php | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/adm/_common.php b/adm/_common.php
index cd443b18e..074ed3b51 100644
--- a/adm/_common.php
+++ b/adm/_common.php
@@ -2,4 +2,8 @@
 define('G5_IS_ADMIN', true);
 include_once ('../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
+
+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
 ?>
\ No newline at end of file
diff --git a/adm/shop_admin/bannerformupdate.php b/adm/shop_admin/bannerformupdate.php
index c448da220..662483813 100644
--- a/adm/shop_admin/bannerformupdate.php
+++ b/adm/shop_admin/bannerformupdate.php
@@ -19,6 +19,19 @@ $bn_bimg_name = $_FILES['bn_bimg']['name'];
 
 if ($bn_bimg_del)  @unlink(G5_DATA_PATH."/banner/$bn_id");
 
+//파일이 이미지인지 체크합니다.
+if( $bn_bimg || $bn_bimg_name ){
+
+    if( !preg_match('/\.(gif|jpe?g|bmp|png)$/i', $bn_bimg_name) ){
+        alert("이미지 파일만 업로드 할수 있습니다.");
+    }
+
+    $timg = @getimagesize($bn_bimg);
+    if ($timg['2'] < 1 || $timg['2'] > 16){
+        alert("이미지 파일만 업로드 할수 있습니다.");
+    }
+}
+
 if ($w=="")
 {
     if (!$bn_bimg_name) alert('배너 이미지를 업로드 하세요.');