From 752ccd8502161654ffba10598d7ed25fd3baa11b Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Mon, 10 Feb 2014 10:52:58 +0900
Subject: [PATCH 1/2] =?UTF-8?q?member=5Fconfirm=20=ED=8C=8C=EC=9D=BC=20url?=
 =?UTF-8?q?=20=EB=A6=AC=EB=8B=A4=EC=9D=B4=EB=A0=89=EC=85=98=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95=20-=20=EA=B9=80?=
 =?UTF-8?q?=ED=9A=A8=EC=A2=85=EB=8B=98=20=EB=B3=B4=EA=B3=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/member_confirm.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index bdacb1d9b..d55c6d14a 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -14,6 +14,15 @@ else
 $g5['title'] = '회원 비밀번호 확인';
 include_once('./_head.sub.php');
 
+$url = $_GET['url'];
+
+$p = parse_url($url);
+if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
+    //print_r2($p);
+    if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
+        alert('url에 타 도메인을 지정할 수 없습니다.');
+}
+
 include_once($member_skin_path.'/member_confirm.skin.php');
 
 include_once('./_tail.sub.php');

From e4a17902fde97c1e1506571e82ee3ff2438f0575 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Mon, 10 Feb 2014 11:02:39 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=EC=8D=B8=EB=84=A4=EC=9D=BC=20=EC=83=9D?=
 =?UTF-8?q?=EC=84=B1=EC=8B=9C=20alt=20=EC=86=8D=EC=84=B1=20=EC=82=AC?=
 =?UTF-8?q?=EB=9D=BC=EC=A7=80=EB=8A=94=20=EB=B2=84=EA=B7=B8=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/thumbnail.lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php
index 3f71de35a..fcc9b7cc3 100644
--- a/lib/thumbnail.lib.php
+++ b/lib/thumbnail.lib.php
@@ -100,6 +100,8 @@ function get_view_thumbnail($contents, $thumb_width=0)
         $width = $m[1];
         preg_match("/height:\s*(\d+)px/", $style, $m);
         $height = $m[1];
+        preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $img, $m);
+        $alt = get_text($m[1]);
 
         // 이미지 path 구함
         $p = parse_url($src);
@@ -165,8 +167,6 @@ function get_view_thumbnail($contents, $thumb_width=0)
             else
                 $thumb_file = $filename;
 
-            preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $img_tag, $malt);
-            $alt = get_text($malt[1]);
             if ($width) {
                 $thumb_tag = '<img src="'.G5_URL.str_replace($filename, $thumb_file, $data_path).'" alt="'.$alt.'" width="'.$width.'" height="'.$height.'"/>';
             } else {