diff --git a/_common.php b/_common.php
index 9dfa8b4d8..dff21494c 100644
--- a/_common.php
+++ b/_common.php
@@ -7,5 +7,4 @@ if(defined('G5_COMMUNITY_USE') && G5_COMMUNITY_USE === false) {
         die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 
     define('_SHOP_', true);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/_head.php b/_head.php
index 79e267fb7..2a12509c5 100644
--- a/_head.php
+++ b/_head.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
-include_once(G5_PATH.'/head.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/head.php');
\ No newline at end of file
diff --git a/_tail.php b/_tail.php
index ae47c3b51..d4b52cfec 100644
--- a/_tail.php
+++ b/_tail.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
-include_once(G5_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.php');
\ No newline at end of file
diff --git a/adm/_common.php b/adm/_common.php
index 316c629c3..a61a0623a 100644
--- a/adm/_common.php
+++ b/adm/_common.php
@@ -7,5 +7,4 @@ if( isset($token) ){
     $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
 }
 
-run_event('admin_common');
-?>
\ No newline at end of file
+run_event('admin_common');
\ No newline at end of file
diff --git a/adm/admin.head.php b/adm/admin.head.php
index 632f38253..f28edaa20 100644
--- a/adm/admin.head.php
+++ b/adm/admin.head.php
@@ -32,17 +32,23 @@ function print_menu2($key, $no='')
 {
     global $menu, $auth_menu, $is_admin, $auth, $g5, $sub_menu;
 
-    $str .= "<ul>";
+    $str = "<ul>";
     for($i=1; $i<count($menu[$key]); $i++)
     {
+        if( ! isset($menu[$key][$i]) ){
+            continue;
+        }
+
         if ($is_admin != 'super' && (!array_key_exists($menu[$key][$i][0],$auth) || !strstr($auth[$menu[$key][$i][0]], 'r')))
             continue;
+        
+        $gnb_grp_div = $gnb_grp_style = '';
 
-        if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div';
-        else $gnb_grp_div = '';
+        if (isset($menu[$key][$i][4])){
+            if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div';
 
-        if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style';
-        else $gnb_grp_style = '';
+            if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style';
+        }
 
         $current_class = '';
 
diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index 7c2ad02cb..0803e953b 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -230,6 +230,14 @@ function get_member_id_select($name, $level, $selected="", $event="")
     return $str;
 }
 
+// php8 버전 호환 권한 검사 함수
+function auth_check_menu($auth, $sub_menu, $attr, $return=false) {
+
+    $check_auth = isset($auth[$sub_menu]) ? $auth[$sub_menu] : '';
+    return auth_check($check_auth, $attr, $return);
+
+}
+
 // 권한 검사
 function auth_check($auth, $attr, $return=false)
 {
@@ -440,7 +448,7 @@ function check_admin_token()
 // 관리자 페이지 referer 체크
 function admin_referer_check($return=false)
 {
-    $referer = trim($_SERVER['HTTP_REFERER']);
+    $referer = isset($_SERVER['HTTP_REFERER']) ? trim($_SERVER['HTTP_REFERER']) : '';
     if(!$referer) {
         $msg = '정보가 올바르지 않습니다.';
 
@@ -516,7 +524,7 @@ function admin_menu_find_by($call, $search_key){
     }
 
     if( isset($cache_menu[$call]) && isset($cache_menu[$call][$search_key]) ){
-        return$cache_menu[$call][$search_key];
+        return $cache_menu[$call][$search_key];
     }
 
     return '';
@@ -556,7 +564,11 @@ if (get_session('ss_mb_key') !== $admin_key) {
     alert_close('정상적으로 로그인하여 접근하시기 바랍니다.');
 }
 
-@ksort($auth);
+if(isset($auth) && is_array($auth)) {
+    @ksort($auth);
+} else {
+    $auth = array();
+}
 
 // 가변 메뉴
 unset($auth_menu);
@@ -597,5 +609,4 @@ if ( isset($_REQUEST) && $_REQUEST ){
 }
 
 // 관리자에서는 추가 스크립트는 사용하지 않는다.
-//$config['cf_add_script'] = '';
-?>
\ No newline at end of file
+//$config['cf_add_script'] = '';
\ No newline at end of file
diff --git a/adm/admin.menu100.php b/adm/admin.menu100.php
index 6658e18c5..3f1455db5 100644
--- a/adm/admin.menu100.php
+++ b/adm/admin.menu100.php
@@ -20,5 +20,4 @@ if(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE') &&
 }
 
 $menu['menu100'][] = array('100410', 'DB업그레이드', G5_ADMIN_URL.'/dbupgrade.php', 'db_upgrade');
-$menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service');
-?>
\ No newline at end of file
+$menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service');
\ No newline at end of file
diff --git a/adm/admin.menu200.php b/adm/admin.menu200.php
index 1e41855db..eec9564e7 100644
--- a/adm/admin.menu200.php
+++ b/adm/admin.menu200.php
@@ -8,5 +8,4 @@ $menu['menu200'] = array (
     array('200820', '접속자로그삭제', G5_ADMIN_URL.'/visit_delete.php', 'mb_delete', 1),
     array('200200', '포인트관리', G5_ADMIN_URL.'/point_list.php', 'mb_point'),
     array('200900', '투표관리', G5_ADMIN_URL.'/poll_list.php', 'mb_poll')
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/adm/admin.menu300.php b/adm/admin.menu300.php
index 65f848587..4af1e15ba 100644
--- a/adm/admin.menu300.php
+++ b/adm/admin.menu300.php
@@ -9,5 +9,4 @@ $menu['menu300'] = array (
     array('300600', '내용관리', G5_ADMIN_URL.'/contentlist.php', 'scf_contents', 1),
     array('300700', 'FAQ관리', G5_ADMIN_URL.'/faqmasterlist.php', 'scf_faq', 1),
     array('300820', '글,댓글 현황', G5_ADMIN_URL.'/write_count.php', 'scf_write_count'),
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/adm/admin.menu400.shop_1of2.php b/adm/admin.menu400.shop_1of2.php
index 2d00fa31e..93abc5d37 100644
--- a/adm/admin.menu400.shop_1of2.php
+++ b/adm/admin.menu400.shop_1of2.php
@@ -18,5 +18,4 @@ $menu['menu400'] = array (
     array('400810', '쿠폰존관리', G5_ADMIN_URL.'/shop_admin/couponzonelist.php', 'scf_coupon_zone'),
     array('400750', '추가배송비관리', G5_ADMIN_URL.'/shop_admin/sendcostlist.php', 'scf_sendcost', 1),
     array('400410', '미완료주문', G5_ADMIN_URL.'/shop_admin/inorderlist.php', 'scf_inorder', 1),
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/adm/admin.menu500.shop_2of2.php b/adm/admin.menu500.shop_2of2.php
index fef0f0368..a0d6a5b6d 100644
--- a/adm/admin.menu500.shop_2of2.php
+++ b/adm/admin.menu500.shop_2of2.php
@@ -12,5 +12,4 @@ $menu['menu500'] = array (
     array('500500', '배너관리', G5_ADMIN_URL.'/shop_admin/bannerlist.php', 'scf_banner', 1),
     array('500140', '보관함현황', G5_ADMIN_URL.'/shop_admin/wishlist.php', 'sst_wish'),
     array('500210', '가격비교사이트', G5_ADMIN_URL.'/shop_admin/price.php', 'sst_compare', 1)
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/adm/admin.menu900.php b/adm/admin.menu900.php
index f8d4fb063..0d911ce1a 100644
--- a/adm/admin.menu900.php
+++ b/adm/admin.menu900.php
@@ -11,5 +11,4 @@ $menu["menu900"] = array (
     array('900700', '휴대폰번호 그룹', ''.G5_SMS5_ADMIN_URL.'/num_group.php' , 'hp_group', 1),
     array('900800', '휴대폰번호 관리', ''.G5_SMS5_ADMIN_URL.'/num_book.php', 'hp_manage', 1),
     array('900900', '휴대폰번호 파일', ''.G5_SMS5_ADMIN_URL.'/num_book_file.php' , 'hp_file', 1)
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/adm/admin.tail.php b/adm/admin.tail.php
index 1033fd2f5..3e4944a84 100644
--- a/adm/admin.tail.php
+++ b/adm/admin.tail.php
@@ -150,5 +150,4 @@ function menu_rearrange(el)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/ajax.token.php b/adm/ajax.token.php
index f6a100a1f..74744f5e0 100644
--- a/adm/ajax.token.php
+++ b/adm/ajax.token.php
@@ -10,5 +10,4 @@ if($error)
 
 $token = get_admin_token();
 
-die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
-?>
\ No newline at end of file
+die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
\ No newline at end of file
diff --git a/adm/ajax.use_captcha.php b/adm/ajax.use_captcha.php
index 8f7de32b1..750f4af07 100644
--- a/adm/ajax.use_captcha.php
+++ b/adm/ajax.use_captcha.php
@@ -3,5 +3,4 @@ include_once('./_common.php');
 
 if( isset($_POST['admin_use_captcha']) ){
     set_session('ss_admin_use_captcha', true);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/auth_list.php b/adm/auth_list.php
index fea4626e8..8391432ef 100644
--- a/adm/auth_list.php
+++ b/adm/auth_list.php
@@ -266,5 +266,4 @@ function fauthlist_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/auth_list_delete.php b/adm/auth_list_delete.php
index c378d75ec..8bce63d36 100644
--- a/adm/auth_list_delete.php
+++ b/adm/auth_list_delete.php
@@ -10,6 +10,7 @@ if ($is_admin != 'super')
 check_admin_token();
 
 $count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+$post_act_button = isset($_POST['act_button']) ? clean_xss_tags($_POST['act_button'], 1, 1) : '';
 
 if (!$count)
     alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
@@ -21,10 +22,10 @@ if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['a
 for ($i=0; $i<$count; $i++)
 {
     // 실제 번호를 넘김
-    $k = $chk[$i];
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
     
-    $mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]);
-    $au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]);
+    $mb_id = isset($_POST['mb_id'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]) : '';
+    $au_menu = isset($_POST['au_menu'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]) : '';
 
     $sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' ";
     sql_query($sql);
@@ -32,5 +33,4 @@ for ($i=0; $i<$count; $i++)
     run_event('adm_auth_delete_member', $mb_id, $au_menu);
 }
 
-goto_url('./auth_list.php?'.$qstr);
-?>
+goto_url('./auth_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/auth_update.php b/adm/auth_update.php
index 4b0a58fef..5f90a056a 100644
--- a/adm/auth_update.php
+++ b/adm/auth_update.php
@@ -3,6 +3,11 @@ $sub_menu = "100200";
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
+$au_menu = isset($_POST['au_menu']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['au_menu']) : '';
+$post_r = isset($_POST['r']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['r']) : '';
+$post_w = isset($_POST['w']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['w']) : '';
+$post_d = isset($_POST['d']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['d']) : '';
+
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
 
@@ -19,15 +24,15 @@ if (!chk_captcha()) {
 }
 
 $sql = " insert into {$g5['auth_table']}
-            set mb_id   = '{$_POST['mb_id']}',
-                au_menu = '{$_POST['au_menu']}',
-                au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}' ";
+            set mb_id   = '$mb_id',
+                au_menu = '$au_menu',
+                au_auth = '{$post_r},{$post_w},{$post_d}' ";
 $result = sql_query($sql, FALSE);
 if (!$result) {
     $sql = " update {$g5['auth_table']}
-                set au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}'
-              where mb_id   = '{$_POST['mb_id']}'
-                and au_menu = '{$_POST['au_menu']}' ";
+                set au_auth = '{$post_r},{$post_w},{$post_d}'
+              where mb_id   = '$mb_id'
+                and au_menu = '$au_menu' ";
     sql_query($sql);
 }
 
@@ -45,5 +50,4 @@ if( str_replace('-', '', G5_TIME_YMD) !== get_session('adm_auth_update') ){
 
 run_event('adm_auth_update', $mb);
 
-goto_url('./auth_list.php?'.$qstr);
-?>
+goto_url('./auth_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/board_copy.php b/adm/board_copy.php
index fb889174a..f0588585a 100644
--- a/adm/board_copy.php
+++ b/adm/board_copy.php
@@ -2,7 +2,7 @@
 $sub_menu = "300100";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $g5['title'] = '게시판 복사';
 include_once(G5_PATH.'/head.sub.php');
@@ -82,5 +82,4 @@ function fboardcopy_check(f)
 
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php
index 7a44a9c48..a0452345f 100644
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@@ -4,12 +4,12 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
-$target_table   = trim($_POST['target_table']);
-$target_subject = trim($_POST['target_subject']);
+$target_table   = isset($_POST['target_table']) ? trim($_POST['target_table']) : '';
+$target_subject = isset($_POST['target_subject']) ? trim($_POST['target_subject']) : '';
 
 $target_subject = strip_tags(clean_xss_attributes($target_subject));
 
@@ -74,6 +74,7 @@ $sql = " insert into {$g5['board_table']}
                 bo_use_ip_view = '{$board['bo_use_ip_view']}',
                 bo_use_list_view = '{$board['bo_use_list_view']}',
                 bo_use_list_content = '{$board['bo_use_list_content']}',
+                bo_use_list_file = '{$board['bo_use_list_file']}',
                 bo_table_width = '{$board['bo_table_width']}',
                 bo_subject_len = '{$board['bo_subject_len']}',
                 bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}',
@@ -220,4 +221,3 @@ delete_cache_latest($target_table);
 echo "<script>opener.document.location.reload();</script>";
 
 alert("복사에 성공 했습니다.", './board_copy.php?bo_table='.$bo_table.'&amp;'.$qstr);
-?>
\ No newline at end of file
diff --git a/adm/board_delete.inc.php b/adm/board_delete.inc.php
index e043d3555..4e1490520 100644
--- a/adm/board_delete.inc.php
+++ b/adm/board_delete.inc.php
@@ -32,5 +32,4 @@ sql_query(" delete from {$g5['board_good_table']} where bo_table = '{$tmp_bo_tab
 delete_cache_latest($tmp_bo_table);
 
 // 게시판 폴더 전체 삭제
-rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table);
-?>
\ No newline at end of file
+rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table);
\ No newline at end of file
diff --git a/adm/board_form.php b/adm/board_form.php
index ec8676883..64f8ea916 100644
--- a/adm/board_form.php
+++ b/adm/board_form.php
@@ -3,7 +3,7 @@ $sub_menu = "300100";
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $sql = " select count(*) as cnt from {$g5['group_table']} ";
 $row = sql_fetch($sql);
@@ -11,6 +11,8 @@ if (!$row['cnt'])
     alert('게시판그룹이 한개 이상 생성되어야 합니다.', './boardgroup_form.php');
 
 $html_title = '게시판';
+$reaonly = '';
+$required_valid = '';
 
 if (!isset($board['bo_device'])) {
     // 게시판 사용 필드 추가
@@ -84,6 +86,57 @@ if (!isset($board['bo_select_editor'])) {
     sql_query(" ALTER TABLE `{$g5['board_table']}` ADD `bo_select_editor` VARCHAR(50) NOT NULL DEFAULT '' AFTER `bo_use_dhtml_editor` ", false);
 }
 
+$board_default = array(
+'bo_mobile_subject'=>'',
+'bo_device'=>'',
+'bo_use_category'=>0,
+'bo_category_list'=>'',
+'bo_admin'=>'',
+'bo_list_level'=>0,
+'bo_read_level'=>0,
+'bo_write_level'=>0,
+'bo_reply_level'=>0,
+'bo_comment_level'=>0,
+'bo_link_level'=>0,
+'bo_upload_level'=>0,
+'bo_download_level'=>0,
+'bo_html_level'=>0,
+'bo_use_sideview'=>0,
+'bo_select_editor'=>'',
+'bo_use_rss_view'=>0,
+'bo_use_good'=>0,
+'bo_use_nogood'=>0,
+'bo_use_name'=>0,
+'bo_use_signature'=>0,
+'bo_use_ip_view'=>0,
+'bo_use_list_content'=>0,
+'bo_use_list_file'=>0,
+'bo_use_list_view'=>0,
+'bo_use_email'=>0,
+'bo_use_file_content'=>0,
+'bo_use_cert'=>'',
+'bo_write_min'=>0,
+'bo_write_max'=>0,
+'bo_comment_min'=>0,
+'bo_comment_max'=>0,
+'bo_use_sns'=>0,
+'bo_order'=>0,
+'bo_use_captcha'=>0,
+'bo_content_head'=>'',
+'bo_content_tail'=>'',
+'bo_mobile_content_head'=>'',
+'bo_mobile_content_tail'=>'',
+'bo_insert_content'=>'',
+'bo_sort_field'=>'',
+);
+
+for($i=0;$i<=10;$i++){
+    $board_default['bo_'.$i.'_subj'] = '';
+    $board_default['bo_'.$i] = '';
+}
+
+$board = array_merge($board_default, $board);
+
 run_event('adm_board_form_before', $board, $w);
 
 $required = "";
@@ -1439,5 +1492,4 @@ function fboardform_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index 79a882870..557a1a2a6 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -5,25 +5,27 @@ include_once('./_common.php');
 if ($w == 'u')
     check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
 $gr_id = isset($_POST['gr_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['gr_id']) : '';
 $bo_admin = isset($_POST['bo_admin']) ? preg_replace('/[^a-z0-9_\, \|\#]/i', '', $_POST['bo_admin']) : '';
+$bo_subject = isset($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'])) : '';
+$bo_mobile_subject = isset($_POST['bo_mobile_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_mobile_subject'])) : '';
 
 if (!$gr_id) { alert('그룹 ID는 반드시 선택하세요.'); }
 if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
 if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }
-if (!$_POST['bo_subject']) { alert('게시판 제목을 입력하세요.'); }
+if (!$bo_subject) { alert('게시판 제목을 입력하세요.'); }
 
 // 게시판명이 금지된 단어로 되어 있으면
 if ( $w == '' && in_array($bo_table, get_bo_table_banned_word()) ){
     alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.');
 }
 
-$bo_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_head, 0, 255));
-$bo_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_tail, 0, 255));
+$bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_head'], 0, 255)) : '';
+$bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : '';
 
 // 관리자가 자동등록방지를 사용해야 할 경우
 if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
@@ -40,7 +42,6 @@ if ($file = $bo_include_head) {
     if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
         alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
     }
-    $_POST['bo_include_head'] = $file;
 }
 
 if ($file = $bo_include_tail) {
@@ -49,7 +50,6 @@ if ($file = $bo_include_tail) {
     if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
         alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
     }
-    $_POST['bo_include_tail'] = $file;
 }
 
 if(!is_include_path_check($bo_include_head, 1)) {
@@ -73,10 +73,11 @@ $board_path = G5_DATA_PATH.'/file/'.$bo_table;
 
 // 디렉토리에 있는 파일의 목록을 보이지 않게 한다.
 $file = $board_path . '/index.php';
-$f = @fopen($file, 'w');
-@fwrite($f, '');
-@fclose($f);
-@chmod($file, G5_FILE_PERMISSION);
+if( $f = @fopen($file, 'w') ){
+    @fwrite($f, '');
+    @fclose($f);
+    @chmod($file, G5_FILE_PERMISSION);
+}
 
 // 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
 $src_char = array('&', '=');
@@ -85,108 +86,178 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
 $str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);
 
-$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject']));
-$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject']));
+$bo_use_category = isset($_POST['bo_use_category']) ? (int) $_POST['bo_use_category'] : 0;
+$bo_use_sideview = isset($_POST['bo_use_sideview']) ? (int) $_POST['bo_use_sideview'] : 0;
+$bo_use_dhtml_editor = isset($_POST['bo_use_dhtml_editor']) ? (int) $_POST['bo_use_dhtml_editor'] : 0;
+$bo_use_good = isset($_POST['bo_use_good']) ? (int) $_POST['bo_use_good'] : 0;
+$bo_use_nogood = isset($_POST['bo_use_nogood']) ? (int) $_POST['bo_use_nogood'] : 0;
+$bo_use_name = isset($_POST['bo_use_name']) ? (int) $_POST['bo_use_name'] : 0;
+$bo_use_signature = isset($_POST['bo_use_signature']) ? (int) $_POST['bo_use_signature'] : 0;
+$bo_use_ip_view = isset($_POST['bo_use_ip_view']) ? (int) $_POST['bo_use_ip_view'] : 0;
+$bo_use_list_view = isset($_POST['bo_use_list_view']) ? (int) $_POST['bo_use_list_view'] : 0;
+$bo_use_list_file = isset($_POST['bo_use_list_file']) ? (int) $_POST['bo_use_list_file'] : 0;
+$bo_use_list_content = isset($_POST['bo_use_list_content']) ? (int) $_POST['bo_use_list_content'] : 0;
+$bo_use_email = isset($_POST['bo_use_email']) ? (int) $_POST['bo_use_email'] : 0;
+$bo_use_sns = isset($_POST['bo_use_sns']) ? (int) $_POST['bo_use_sns'] : 0;
+$bo_use_captcha = isset($_POST['bo_use_captcha']) ? (int) $_POST['bo_use_captcha'] : 0;
+$bo_table_width = isset($_POST['bo_table_width']) ? (int) $_POST['bo_table_width'] : 0;
+$bo_subject_len = isset($_POST['bo_subject_len']) ? (int) $_POST['bo_subject_len'] : 0;
+$bo_mobile_subject_len = isset($_POST['bo_mobile_subject_len']) ? (int) $_POST['bo_mobile_subject_len'] : 0;
+$bo_page_rows = isset($_POST['bo_page_rows']) ? (int) $_POST['bo_page_rows'] : 0;
+$bo_mobile_page_rows = isset($_POST['bo_mobile_page_rows']) ? (int) $_POST['bo_mobile_page_rows'] : 0;
+$bo_use_rss_view = isset($_POST['bo_use_rss_view']) ? (int) $_POST['bo_use_rss_view'] : 0;
+$bo_use_secret = isset($_POST['bo_use_secret']) ? (int) $_POST['bo_use_secret'] : 0;
+$bo_use_file_content = isset($_POST['bo_use_file_content']) ? (int) $_POST['bo_use_file_content'] : 0;
+$bo_new = isset($_POST['bo_new']) ? (int) $_POST['bo_new'] : 0;
+$bo_hot = isset($_POST['bo_hot']) ? (int) $_POST['bo_hot'] : 0;
+$bo_image_width = isset($_POST['bo_image_width']) ? (int) $_POST['bo_image_width'] : 0;
+$bo_use_search = isset($_POST['bo_use_search']) ? (int) $_POST['bo_use_search'] : 0;
+$bo_use_cert = isset($_POST['bo_use_cert']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['bo_use_cert']) : '';
+$bo_device = isset($_POST['bo_device']) ? clean_xss_tags($_POST['bo_device'], 1, 1) : '';
+$bo_list_level = isset($_POST['bo_list_level']) ? (int) $_POST['bo_list_level'] : 0;
+$bo_read_level = isset($_POST['bo_read_level']) ? (int) $_POST['bo_read_level'] : 0;
+$bo_write_level = isset($_POST['bo_write_level']) ? (int) $_POST['bo_write_level'] : 0;
+$bo_reply_level = isset($_POST['bo_reply_level']) ? (int) $_POST['bo_reply_level'] : 0;
+$bo_comment_level = isset($_POST['bo_comment_level']) ? (int) $_POST['bo_comment_level'] : 0;
+$bo_html_level = isset($_POST['bo_html_level']) ? (int) $_POST['bo_html_level'] : 0;
+$bo_link_level = isset($_POST['bo_link_level']) ? (int) $_POST['bo_link_level'] : 0;
+$bo_count_modify = isset($_POST['bo_count_modify']) ? (int) $_POST['bo_count_modify'] : 0;
+$bo_count_delete = isset($_POST['bo_count_delete']) ? (int) $_POST['bo_count_delete'] : 0;
+$bo_upload_level = isset($_POST['bo_upload_level']) ? (int) $_POST['bo_upload_level'] : 0;
+$bo_download_level = isset($_POST['bo_download_level']) ? (int) $_POST['bo_download_level'] : 0;
+$bo_read_point = isset($_POST['bo_read_point']) ? (int) $_POST['bo_read_point'] : 0;
+$bo_write_point = isset($_POST['bo_write_point']) ? (int) $_POST['bo_write_point'] : 0;
+$bo_comment_point = isset($_POST['bo_comment_point']) ? (int) $_POST['bo_comment_point'] : 0;
+$bo_download_point = isset($_POST['bo_download_point']) ? (int) $_POST['bo_download_point'] : 0;
+$bo_select_editor = isset($_POST['bo_select_editor']) ? clean_xss_tags($_POST['bo_select_editor'], 1, 1) : '';
+$bo_skin = isset($_POST['bo_skin']) ? clean_xss_tags($_POST['bo_skin'], 1, 1) : '';
+$bo_mobile_skin = isset($_POST['bo_mobile_skin']) ? clean_xss_tags($_POST['bo_mobile_skin'], 1, 1) : '';
+$bo_content_head = isset($_POST['bo_content_head']) ? $_POST['bo_content_head'] : '';
+$bo_content_tail = isset($_POST['bo_content_tail']) ? $_POST['bo_content_tail'] : '';
+$bo_mobile_content_head = isset($_POST['bo_mobile_content_head']) ? $_POST['bo_mobile_content_head'] : '';
+$bo_mobile_content_tail = isset($_POST['bo_mobile_content_tail']) ? $_POST['bo_mobile_content_tail'] : '';
+$bo_insert_content = isset($_POST['bo_insert_content']) ? $_POST['bo_insert_content'] : '';
+$bo_gallery_cols = isset($_POST['bo_gallery_cols']) ? (int) $_POST['bo_gallery_cols'] : 0;
+$bo_gallery_width = isset($_POST['bo_gallery_width']) ? (int) $_POST['bo_gallery_width'] : 0;
+$bo_gallery_height = isset($_POST['bo_gallery_height']) ? (int) $_POST['bo_gallery_height'] : 0;
+$bo_mobile_gallery_width = isset($_POST['bo_mobile_gallery_width']) ? (int) $_POST['bo_mobile_gallery_width'] : 0;
+$bo_mobile_gallery_height = isset($_POST['bo_mobile_gallery_height']) ? (int) $_POST['bo_mobile_gallery_height'] : 0;
+$bo_upload_count = isset($_POST['bo_upload_count']) ? (int) $_POST['bo_upload_count'] : 0;
+$bo_upload_size = isset($_POST['bo_upload_size']) ? (int) $_POST['bo_upload_size'] : 0;
+$bo_reply_order = isset($_POST['bo_reply_order']) ? (int) $_POST['bo_reply_order'] : 0;
+$bo_order = isset($_POST['bo_order']) ? (int) $_POST['bo_order'] : 0;
+$bo_write_min = isset($_POST['bo_write_min']) ? (int) $_POST['bo_write_min'] : 0;
+$bo_write_max = isset($_POST['bo_write_max']) ? (int) $_POST['bo_write_max'] : 0;
+$bo_comment_min = isset($_POST['bo_comment_min']) ? (int) $_POST['bo_comment_min'] : 0;
+$bo_comment_max = isset($_POST['bo_comment_max']) ? (int) $_POST['bo_comment_max'] : 0;
+$bo_sort_field = isset($_POST['bo_sort_field']) ? clean_xss_tags($_POST['bo_sort_field'], 1, 1) : '';
+
+$etcs = array();
+
+for($i=1;$i<=10;$i++){
+    $etcs['bo_'.$i.'_subj'] = ${'bo_'.$i.'_subj'} = isset($_POST['bo_'.$i.'_subj']) ? $_POST['bo_'.$i.'_subj'] : '';
+    $etcs['bo_'.$i] = ${'bo_'.$i} = isset($_POST['bo_'.$i]) ? $_POST['bo_'.$i] : '';
+}
 
 $sql_common = " gr_id               = '{$gr_id}',
-                bo_subject          = '{$_POST['bo_subject']}',
-                bo_mobile_subject   = '{$_POST['bo_mobile_subject']}',
-                bo_device           = '{$_POST['bo_device']}',
+                bo_subject          = '{$bo_subject}',
+                bo_mobile_subject   = '{$bo_mobile_subject}',
+                bo_device           = '{$bo_device}',
                 bo_admin            = '{$bo_admin}',
-                bo_list_level       = '{$_POST['bo_list_level']}',
-                bo_read_level       = '{$_POST['bo_read_level']}',
-                bo_write_level      = '{$_POST['bo_write_level']}',
-                bo_reply_level      = '{$_POST['bo_reply_level']}',
-                bo_comment_level    = '{$_POST['bo_comment_level']}',
-                bo_html_level       = '{$_POST['bo_html_level']}',
-                bo_link_level       = '{$_POST['bo_link_level']}',
-                bo_count_modify     = '{$_POST['bo_count_modify']}',
-                bo_count_delete     = '{$_POST['bo_count_delete']}',
-                bo_upload_level     = '{$_POST['bo_upload_level']}',
-                bo_download_level   = '{$_POST['bo_download_level']}',
-                bo_read_point       = '{$_POST['bo_read_point']}',
-                bo_write_point      = '{$_POST['bo_write_point']}',
-                bo_comment_point    = '{$_POST['bo_comment_point']}',
-                bo_download_point   = '{$_POST['bo_download_point']}',
-                bo_use_category     = '{$_POST['bo_use_category']}',
+                bo_list_level       = '{$bo_list_level}',
+                bo_read_level       = '{$bo_read_level}',
+                bo_write_level      = '{$bo_write_level}',
+                bo_reply_level      = '{$bo_reply_level}',
+                bo_comment_level    = '{$bo_comment_level}',
+                bo_html_level       = '{$bo_html_level}',
+                bo_link_level       = '{$bo_link_level}',
+                bo_count_modify     = '{$bo_count_modify}',
+                bo_count_delete     = '{$bo_count_delete}',
+                bo_upload_level     = '{$bo_upload_level}',
+                bo_download_level   = '{$bo_download_level}',
+                bo_read_point       = '{$bo_read_point}',
+                bo_write_point      = '{$bo_write_point}',
+                bo_comment_point    = '{$bo_comment_point}',
+                bo_download_point   = '{$bo_download_point}',
+                bo_use_category     = '{$bo_use_category}',
                 bo_category_list    = '{$str_bo_category_list}',
-                bo_use_sideview     = '{$_POST['bo_use_sideview']}',
-                bo_use_file_content = '{$_POST['bo_use_file_content']}',
-                bo_use_secret       = '{$_POST['bo_use_secret']}',
-                bo_use_dhtml_editor = '{$_POST['bo_use_dhtml_editor']}',
-                bo_select_editor    = '{$_POST['bo_select_editor']}',
-                bo_use_rss_view     = '{$_POST['bo_use_rss_view']}',
-                bo_use_good         = '{$_POST['bo_use_good']}',
-                bo_use_nogood       = '{$_POST['bo_use_nogood']}',
-                bo_use_name         = '{$_POST['bo_use_name']}',
-                bo_use_signature    = '{$_POST['bo_use_signature']}',
-                bo_use_ip_view      = '{$_POST['bo_use_ip_view']}',
-                bo_use_list_view    = '{$_POST['bo_use_list_view']}',
-                bo_use_list_file    = '{$_POST['bo_use_list_file']}',
-                bo_use_list_content = '{$_POST['bo_use_list_content']}',
-                bo_use_email        = '{$_POST['bo_use_email']}',
-                bo_use_cert         = '{$_POST['bo_use_cert']}',
-                bo_use_sns          = '{$_POST['bo_use_sns']}',
-                bo_use_captcha      = '{$_POST['bo_use_captcha']}',
-                bo_table_width      = '{$_POST['bo_table_width']}',
-                bo_subject_len      = '{$_POST['bo_subject_len']}',
-                bo_mobile_subject_len      = '{$_POST['bo_mobile_subject_len']}',
-                bo_page_rows        = '{$_POST['bo_page_rows']}',
-                bo_mobile_page_rows = '{$_POST['bo_mobile_page_rows']}',
-                bo_new              = '{$_POST['bo_new']}',
-                bo_hot              = '{$_POST['bo_hot']}',
-                bo_image_width      = '{$_POST['bo_image_width']}',
-                bo_skin             = '{$_POST['bo_skin']}',
-                bo_mobile_skin      = '{$_POST['bo_mobile_skin']}',
+                bo_use_sideview     = '{$bo_use_sideview}',
+                bo_use_file_content = '{$bo_use_file_content}',
+                bo_use_secret       = '{$bo_use_secret}',
+                bo_use_dhtml_editor = '{$bo_use_dhtml_editor}',
+                bo_select_editor    = '{$bo_select_editor}',
+                bo_use_rss_view     = '{$bo_use_rss_view}',
+                bo_use_good         = '{$bo_use_good}',
+                bo_use_nogood       = '{$bo_use_nogood}',
+                bo_use_name         = '{$bo_use_name}',
+                bo_use_signature    = '{$bo_use_signature}',
+                bo_use_ip_view      = '{$bo_use_ip_view}',
+                bo_use_list_view    = '{$bo_use_list_view}',
+                bo_use_list_file    = '{$bo_use_list_file}',
+                bo_use_list_content = '{$bo_use_list_content}',
+                bo_use_email        = '{$bo_use_email}',
+                bo_use_cert         = '{$bo_use_cert}',
+                bo_use_sns          = '{$bo_use_sns}',
+                bo_use_captcha      = '{$bo_use_captcha}',
+                bo_table_width      = '{$bo_table_width}',
+                bo_subject_len      = '{$bo_subject_len}',
+                bo_mobile_subject_len      = '{$bo_mobile_subject_len}',
+                bo_page_rows        = '{$bo_page_rows}',
+                bo_mobile_page_rows = '{$bo_mobile_page_rows}',
+                bo_new              = '{$bo_new}',
+                bo_hot              = '{$bo_hot}',
+                bo_image_width      = '{$bo_image_width}',
+                bo_skin             = '{$bo_skin}',
+                bo_mobile_skin      = '{$bo_mobile_skin}',
                 ";
 
 // 최고 관리자인 경우에만 수정가능
 if ($is_admin === 'super'){
 $sql_common .= " bo_include_head     = '".$bo_include_head."',
                 bo_include_tail     = '".$bo_include_tail."',
-                bo_content_head     = '{$_POST['bo_content_head']}',
-                bo_content_tail     = '{$_POST['bo_content_tail']}',
-                bo_mobile_content_head     = '{$_POST['bo_mobile_content_head']}',
-                bo_mobile_content_tail     = '{$_POST['bo_mobile_content_tail']}',
+                bo_content_head     = '{$bo_content_head}',
+                bo_content_tail     = '{$bo_content_tail}',
+                bo_mobile_content_head     = '{$bo_mobile_content_head}',
+                bo_mobile_content_tail     = '{$bo_mobile_content_tail}',
                 ";
 }
 
-$sql_common .= " bo_insert_content   = '{$_POST['bo_insert_content']}',
-                bo_gallery_cols     = '{$_POST['bo_gallery_cols']}',
-                bo_gallery_width    = '{$_POST['bo_gallery_width']}',
-                bo_gallery_height   = '{$_POST['bo_gallery_height']}',
-                bo_mobile_gallery_width = '{$_POST['bo_mobile_gallery_width']}',
-                bo_mobile_gallery_height= '{$_POST['bo_mobile_gallery_height']}',
-                bo_upload_count     = '{$_POST['bo_upload_count']}',
-                bo_upload_size      = '{$_POST['bo_upload_size']}',
-                bo_reply_order      = '{$_POST['bo_reply_order']}',
-                bo_use_search       = '{$_POST['bo_use_search']}',
-                bo_order            = '{$_POST['bo_order']}',
-                bo_write_min        = '{$_POST['bo_write_min']}',
-                bo_write_max        = '{$_POST['bo_write_max']}',
-                bo_comment_min      = '{$_POST['bo_comment_min']}',
-                bo_comment_max      = '{$_POST['bo_comment_max']}',
-                bo_sort_field       = '{$_POST['bo_sort_field']}',
-                bo_1_subj           = '{$_POST['bo_1_subj']}',
-                bo_2_subj           = '{$_POST['bo_2_subj']}',
-                bo_3_subj           = '{$_POST['bo_3_subj']}',
-                bo_4_subj           = '{$_POST['bo_4_subj']}',
-                bo_5_subj           = '{$_POST['bo_5_subj']}',
-                bo_6_subj           = '{$_POST['bo_6_subj']}',
-                bo_7_subj           = '{$_POST['bo_7_subj']}',
-                bo_8_subj           = '{$_POST['bo_8_subj']}',
-                bo_9_subj           = '{$_POST['bo_9_subj']}',
-                bo_10_subj          = '{$_POST['bo_10_subj']}',
-                bo_1                = '{$_POST['bo_1']}',
-                bo_2                = '{$_POST['bo_2']}',
-                bo_3                = '{$_POST['bo_3']}',
-                bo_4                = '{$_POST['bo_4']}',
-                bo_5                = '{$_POST['bo_5']}',
-                bo_6                = '{$_POST['bo_6']}',
-                bo_7                = '{$_POST['bo_7']}',
-                bo_8                = '{$_POST['bo_8']}',
-                bo_9                = '{$_POST['bo_9']}',
-                bo_10               = '{$_POST['bo_10']}' ";
+$sql_common .= " bo_insert_content   = '{$bo_insert_content}',
+                bo_gallery_cols     = '{$bo_gallery_cols}',
+                bo_gallery_width    = '{$bo_gallery_width}',
+                bo_gallery_height   = '{$bo_gallery_height}',
+                bo_mobile_gallery_width = '{$bo_mobile_gallery_width}',
+                bo_mobile_gallery_height= '{$bo_mobile_gallery_height}',
+                bo_upload_count     = '{$bo_upload_count}',
+                bo_upload_size      = '{$bo_upload_size}',
+                bo_reply_order      = '{$bo_reply_order}',
+                bo_use_search       = '{$bo_use_search}',
+                bo_order            = '{$bo_order}',
+                bo_write_min        = '{$bo_write_min}',
+                bo_write_max        = '{$bo_write_max}',
+                bo_comment_min      = '{$bo_comment_min}',
+                bo_comment_max      = '{$bo_comment_max}',
+                bo_sort_field       = '{$bo_sort_field}',
+                bo_1_subj           = '{$bo_1_subj}',
+                bo_2_subj           = '{$bo_2_subj}',
+                bo_3_subj           = '{$bo_3_subj}',
+                bo_4_subj           = '{$bo_4_subj}',
+                bo_5_subj           = '{$bo_5_subj}',
+                bo_6_subj           = '{$bo_6_subj}',
+                bo_7_subj           = '{$bo_7_subj}',
+                bo_8_subj           = '{$bo_8_subj}',
+                bo_9_subj           = '{$bo_9_subj}',
+                bo_10_subj          = '{$bo_10_subj}',
+                bo_1                = '{$bo_1}',
+                bo_2                = '{$bo_2}',
+                bo_3                = '{$bo_3}',
+                bo_4                = '{$bo_4}',
+                bo_5                = '{$bo_5}',
+                bo_6                = '{$bo_6}',
+                bo_7                = '{$bo_7}',
+                bo_8                = '{$bo_8}',
+                bo_9                = '{$bo_9}',
+                bo_10               = '{$bo_10}' ";
 
 if ($w == '') {
 
@@ -355,8 +426,8 @@ if (is_checked('chk_grp_use_search'))           $grp_fields .= " , bo_use_search
 if (is_checked('chk_grp_order'))                $grp_fields .= " , bo_order = '{$bo_order}' ";
 for ($i=1; $i<=10; $i++) {
     if (is_checked('chk_grp_'.$i)) {
-        $grp_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' ";
-        $grp_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' ";
+        $grp_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
+        $grp_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
     }
 }
 
@@ -445,8 +516,8 @@ if (is_checked('chk_all_use_search'))           $all_fields .= " , bo_use_search
 if (is_checked('chk_all_order'))                $all_fields .= " , bo_order = '{$bo_order}' ";
 for ($i=1; $i<=10; $i++) {
     if (is_checked('chk_all_'.$i)) {
-        $all_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' ";
-        $all_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' ";
+        $all_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
+        $all_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
     }
 }
 
@@ -461,5 +532,4 @@ if(function_exists('get_admin_captcha_by'))
 
 run_event('admin_board_form_update', $bo_table, $w);
 
-goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");
-?>
+goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");
\ No newline at end of file
diff --git a/adm/board_list.php b/adm/board_list.php
index d4ed4282e..3d6babfa9 100644
--- a/adm/board_list.php
+++ b/adm/board_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "300100";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $sql_common = " from {$g5['board_table']} a ";
 $sql_search = " where (1) ";
@@ -63,9 +63,9 @@ $colspan = 15;
 
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_table", true); ?>>TABLE</option>
-    <option value="bo_subject"<?php echo get_selected($_GET['sfl'], "bo_subject"); ?>>제목</option>
-    <option value="a.gr_id"<?php echo get_selected($_GET['sfl'], "a.gr_id"); ?>>그룹ID</option>
+    <option value="bo_table"<?php echo get_selected($sfl, "bo_table", true); ?>>TABLE</option>
+    <option value="bo_subject"<?php echo get_selected($sfl, "bo_subject"); ?>>제목</option>
+    <option value="a.gr_id"<?php echo get_selected($sfl, "a.gr_id"); ?>>그룹ID</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -81,7 +81,7 @@ $colspan = 15;
 <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
 <input type="hidden" name="stx" value="<?php echo $stx ?>">
 <input type="hidden" name="page" value="<?php echo $page ?>">
-<input type="hidden" name="token" value="<?php echo $token ?>">
+<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
 
 <div class="tbl_head01 tbl_wrap">
     <table>
@@ -235,5 +235,4 @@ $(function(){
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/board_list_update.php b/adm/board_list_update.php
index 552f60d99..9952804fd 100644
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@@ -4,28 +4,42 @@ include_once('./_common.php');
 
 check_demo();
 
-if (!count($_POST['chk'])) {
-    alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
+$post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
+$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
+$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
+
+if (! $post_count_chk) {
+    alert($act_button." 하실 항목을 하나 이상 체크하세요.");
 }
 
 check_admin_token();
 
-$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
-$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
-$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
+if ($act_button === "선택수정") {
 
-if ($_POST['act_button'] == "선택수정") {
+    auth_check_menu($auth, $sub_menu, 'w');
 
-    auth_check($auth[$sub_menu], 'w');
-
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$post_count_chk; $i++) {
 
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+
+        $post_gr_id = isset($_POST['gr_id'][$k]) ? clean_xss_tags($_POST['gr_id'][$k], 1, 1) : '';
+        $post_bo_device = isset($_POST['bo_device'][$k]) ? clean_xss_tags($_POST['bo_device'][$k], 1, 1) : '';
+        $post_bo_skin = isset($_POST['bo_skin'][$k]) ? clean_xss_tags($_POST['bo_skin'][$k], 1, 1) : '';
+        $post_bo_mobile_skin = isset($_POST['bo_mobile_skin'][$k]) ? clean_xss_tags($_POST['bo_mobile_skin'][$k], 1, 1) : '';
+        $post_bo_read_point = isset($_POST['bo_read_point'][$k]) ? clean_xss_tags($_POST['bo_read_point'][$k], 1, 1) : '';
+        $post_bo_write_point = isset($_POST['bo_write_point'][$k]) ? clean_xss_tags($_POST['bo_write_point'][$k], 1, 1) : '';
+        $post_bo_comment_point = isset($_POST['bo_comment_point'][$k]) ? clean_xss_tags($_POST['bo_comment_point'][$k], 1, 1) : '';
+        $post_bo_download_point = isset($_POST['bo_download_point'][$k]) ? clean_xss_tags($_POST['bo_download_point'][$k], 1, 1) : '';
+        $post_bo_use_search = isset($_POST['bo_use_search'][$k]) ? clean_xss_tags($_POST['bo_use_search'][$k], 1, 1) : '';
+        $post_bo_use_sns = isset($_POST['bo_use_sns'][$k]) ? clean_xss_tags($_POST['bo_use_sns'][$k], 1, 1) : '';
+        $post_bo_order = isset($_POST['bo_order'][$k]) ? clean_xss_tags($_POST['bo_order'][$k], 1, 1) : '';
+        $post_board_table = isset($_POST['board_table'][$k]) ? clean_xss_tags($_POST['board_table'][$k], 1, 1) : '';
 
         if ($is_admin != 'super') {
             $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b
-                      where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."'
+                      where a.gr_id = '".sql_real_escape_string($post_gr_id)."'
                         and a.gr_id = b.gr_id
                         and b.gr_admin = '{$member['mb_id']}' ";
             $row = sql_fetch($sql);
@@ -36,39 +50,39 @@ if ($_POST['act_button'] == "선택수정") {
         $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';
 
         $sql = " update {$g5['board_table']}
-                    set gr_id               = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
+                    set gr_id               = '".sql_real_escape_string($post_gr_id)."',
                         bo_subject          = '".$p_bo_subject."',
-                        bo_device           = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
-                        bo_skin             = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
-                        bo_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
-                        bo_read_point       = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
-                        bo_write_point      = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
-                        bo_comment_point    = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
-                        bo_download_point   = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
-                        bo_use_search       = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
-                        bo_use_sns          = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
-                        bo_order            = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
-                  where bo_table            = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
+                        bo_device           = '".sql_real_escape_string($post_bo_device)."',
+                        bo_skin             = '".sql_real_escape_string($post_bo_skin)."',
+                        bo_mobile_skin      = '".sql_real_escape_string($post_bo_mobile_skin)."',
+                        bo_read_point       = '".sql_real_escape_string($post_bo_read_point)."',
+                        bo_write_point      = '".sql_real_escape_string($post_bo_write_point)."',
+                        bo_comment_point    = '".sql_real_escape_string($post_bo_comment_point)."',
+                        bo_download_point   = '".sql_real_escape_string($post_bo_download_point)."',
+                        bo_use_search       = '".sql_real_escape_string($post_bo_use_search)."',
+                        bo_use_sns          = '".sql_real_escape_string($post_bo_use_sns)."',
+                        bo_order            = '".sql_real_escape_string($post_bo_order)."'
+                  where bo_table            = '".sql_real_escape_string($post_board_table)."' ";
 
         sql_query($sql);
     }
 
-} else if ($_POST['act_button'] == "선택삭제") {
+} else if ($act_button === "선택삭제") {
 
     if ($is_admin != 'super')
         alert('게시판 삭제는 최고관리자만 가능합니다.');
 
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
     // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함
     define('_BOARD_DELETE_', true);
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$post_count_chk; $i++) {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
         // include 전에 $bo_table 값을 반드시 넘겨야 함
-        $tmp_bo_table = trim($_POST['board_table'][$k]);
+        $tmp_bo_table = isset($_POST['board_table'][$k]) ? trim(clean_xss_tags($_POST['board_table'][$k], 1, 1)) : '';
 
         if( preg_match("/^[A-Za-z0-9_]+$/", $tmp_bo_table) ){
             include ('./board_delete.inc.php');
@@ -80,5 +94,4 @@ if ($_POST['act_button'] == "선택수정") {
 
 run_event('admin_board_list_update', $act_button, $chk, $board_table, $qstr);
 
-goto_url('./board_list.php?'.$qstr);
-?>
+goto_url('./board_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/board_thumbnail_delete.php b/adm/board_thumbnail_delete.php
index 720cad4f9..93024ca44 100644
--- a/adm/board_thumbnail_delete.php
+++ b/adm/board_thumbnail_delete.php
@@ -2,7 +2,7 @@
 $sub_menu = '300100';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 if(!$board['bo_table'])
     alert('존재하지 않는 게시판입니다.');
@@ -48,5 +48,4 @@ if(is_dir($dir)) {
 <div class="btn_confirm01 btn_confirm"><a href="./board_form.php?w=u&amp;bo_table=<?php echo $bo_table; ?>&amp;<?php echo $qstr; ?>">게시판 수정으로 돌아가기</a></div>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/boardgroup_form.php b/adm/boardgroup_form.php
index c9e8338bd..e240e1fc6 100644
--- a/adm/boardgroup_form.php
+++ b/adm/boardgroup_form.php
@@ -2,17 +2,24 @@
 $sub_menu = "300200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
 
 $html_title = '게시판그룹';
 $gr_id_attr = '';
 $sound_only = '';
+
+if( ! isset($group['gr_id']) ){
+    $group['gr_id'] = '';
+    $group['gr_subject'] = '';
+    $group['gr_device'] = '';
+}
+
 if ($w == '') {
     $gr_id_attr = 'required';
     $sound_only = '<strong class="sound_only"> 필수</strong>';
-    $gr = array('gr_use_access' => 0);
+    $gr = array('gr_use_access' => 0, 'gr_admin'=>'');
     $html_title .= ' 생성';
 } else if ($w == 'u') {
     $gr_id_attr = 'readonly';
@@ -115,9 +122,9 @@ include_once('./admin.head.php');
         <th scope="row">여분필드<?php echo $i ?></th>
         <td class="td_extra">
             <label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
-            <input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
+            <input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo isset($group['gr_'.$i.'_subj']) ? get_text($group['gr_'.$i.'_subj']) : ''; ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
             <label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
-            <input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input">
+            <input type="text" name="gr_<?php echo $i ?>" value="<?php echo isset($gr['gr_'.$i]) ? get_sanitize_input($gr['gr_'.$i]) : ''; ?>" id="gr_<?php echo $i ?>" class="frm_input">
         </td>
     </tr>
     <?php } ?>
@@ -148,5 +155,4 @@ function fboardgroup_check(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/boardgroup_form_update.php b/adm/boardgroup_form_update.php
index 35d8843c1..41048403c 100644
--- a/adm/boardgroup_form_update.php
+++ b/adm/boardgroup_form_update.php
@@ -5,42 +5,63 @@ include_once('./_common.php');
 if ($w == 'u')
     check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
 
 check_admin_token();
 
-if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
+$gr_id = isset($_POST['gr_id']) ? $_POST['gr_id'] : '';
+
+if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $gr_id))
     alert('그룹 ID는 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (10자 이내)');
 
 if (!$gr_subject) alert('그룹 제목을 입력하세요.');
 
-$gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : '';
+$posts = array();
 
-$sql_common = " gr_subject = '{$gr_subject}',
-                gr_device = '{$_POST['gr_device']}',
-                gr_admin  = '{$_POST['gr_admin']}',
-                gr_1_subj = '{$_POST['gr_1_subj']}',
-                gr_2_subj = '{$_POST['gr_2_subj']}',
-                gr_3_subj = '{$_POST['gr_3_subj']}',
-                gr_4_subj = '{$_POST['gr_4_subj']}',
-                gr_5_subj = '{$_POST['gr_5_subj']}',
-                gr_6_subj = '{$_POST['gr_6_subj']}',
-                gr_7_subj = '{$_POST['gr_7_subj']}',
-                gr_8_subj = '{$_POST['gr_8_subj']}',
-                gr_9_subj = '{$_POST['gr_9_subj']}',
-                gr_10_subj = '{$_POST['gr_10_subj']}',
-                gr_1 = '{$_POST['gr_1']}',
-                gr_2 = '{$_POST['gr_2']}',
-                gr_3 = '{$_POST['gr_3']}',
-                gr_4 = '{$_POST['gr_4']}',
-                gr_5 = '{$_POST['gr_5']}',
-                gr_6 = '{$_POST['gr_6']}',
-                gr_7 = '{$_POST['gr_7']}',
-                gr_8 = '{$_POST['gr_8']}',
-                gr_9 = '{$_POST['gr_9']}',
-                gr_10 = '{$_POST['gr_10']}' ";
+$check_keys = array(
+'gr_subject',
+'gr_device',
+'gr_admin'
+);
+
+for($i=1;$i<=10;$i++){
+    $check_keys['gr_'.$i.'_subj'] = isset($_POST['gr_'.$i.'_subj']) ? $_POST['gr_'.$i.'_subj'] : '';
+    $check_keys['gr_'.$i] = isset($_POST['gr_'.$i]) ? $_POST['gr_'.$i] : '';
+}
+
+foreach( $check_keys as $key ){
+    if( $key === 'gr_subject' ){
+        $posts[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
+    } else {
+        $posts[$key] = isset($_POST[$key]) ? $_POST[$key] : '';
+    }
+}
+
+$sql_common = " gr_subject = '{$posts['gr_subject']}',
+                gr_device = '{$posts['gr_device']}',
+                gr_admin  = '{$posts['gr_admin']}',
+                gr_1_subj = '{$posts['gr_1_subj']}',
+                gr_2_subj = '{$posts['gr_2_subj']}',
+                gr_3_subj = '{$posts['gr_3_subj']}',
+                gr_4_subj = '{$posts['gr_4_subj']}',
+                gr_5_subj = '{$posts['gr_5_subj']}',
+                gr_6_subj = '{$posts['gr_6_subj']}',
+                gr_7_subj = '{$posts['gr_7_subj']}',
+                gr_8_subj = '{$posts['gr_8_subj']}',
+                gr_9_subj = '{$posts['gr_9_subj']}',
+                gr_10_subj = '{$posts['gr_10_subj']}',
+                gr_1 = '{$posts['gr_1']}',
+                gr_2 = '{$posts['gr_2']}',
+                gr_3 = '{$posts['gr_3']}',
+                gr_4 = '{$posts['gr_4']}',
+                gr_5 = '{$posts['gr_5']}',
+                gr_6 = '{$posts['gr_6']}',
+                gr_7 = '{$posts['gr_7']}',
+                gr_8 = '{$posts['gr_8']}',
+                gr_9 = '{$posts['gr_9']}',
+                gr_10 = '{$posts['gr_10']}' ";
 if (isset($_POST['gr_use_access']))
     $sql_common .= ", gr_use_access = '{$_POST['gr_use_access']}' ";
 else
@@ -48,13 +69,13 @@ else
 
 if ($w == '') {
 
-    $sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$_POST['gr_id']}' ";
+    $sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$gr_id}' ";
     $row = sql_fetch($sql);
     if ($row['cnt'])
         alert('이미 존재하는 그룹 ID 입니다.');
 
     $sql = " insert into {$g5['group_table']}
-                set gr_id = '{$_POST['gr_id']}',
+                set gr_id = '{$gr_id}',
                      {$sql_common} ";
     sql_query($sql);
 
@@ -62,7 +83,7 @@ if ($w == '') {
 
     $sql = " update {$g5['group_table']}
                 set {$sql_common}
-                where gr_id = '{$_POST['gr_id']}' ";
+                where gr_id = '{$gr_id}' ";
     sql_query($sql);
 
 } else {
@@ -71,5 +92,4 @@ if ($w == '') {
 
 run_event('admin_boardgroup_form_update', $gr_id, $w);
 
-goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr);
-?>
+goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr);
\ No newline at end of file
diff --git a/adm/boardgroup_list.php b/adm/boardgroup_list.php
index 08cd18382..793d5a28b 100644
--- a/adm/boardgroup_list.php
+++ b/adm/boardgroup_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "300200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 if (!isset($group['gr_device'])) {
     // 게시판 그룹 사용 필드 추가
@@ -10,7 +10,7 @@ if (!isset($group['gr_device'])) {
     // pc : pc 전용 사용
     // mobile : mobile 전용 사용
     // none : 사용 안함
-    sql_query(" ALTER TABLE  `{$g5['board_group_table']}` ADD  `gr_device` ENUM(  'both',  'pc',  'mobile' ) NOT NULL DEFAULT  'both' AFTER  `gr_subject` ", false);
+    sql_query(" ALTER TABLE  `{$g5['group_table']}` ADD  `gr_device` ENUM(  'both',  'pc',  'mobile' ) NOT NULL DEFAULT  'both' AFTER  `gr_subject` ", false);
 }
 
 $sql_common = " from {$g5['group_table']} ";
@@ -66,9 +66,9 @@ $colspan = 10;
 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="gr_subject"<?php echo get_selected($_GET['sfl'], "gr_subject"); ?>>제목</option>
-    <option value="gr_id"<?php echo get_selected($_GET['sfl'], "gr_id"); ?>>ID</option>
-    <option value="gr_admin"<?php echo get_selected($_GET['sfl'], "gr_admin"); ?>>그룹관리자</option>
+    <option value="gr_subject"<?php echo get_selected($sfl, "gr_subject"); ?>>제목</option>
+    <option value="gr_id"<?php echo get_selected($sfl, "gr_id"); ?>>ID</option>
+    <option value="gr_admin"<?php echo get_selected($sfl, "gr_admin"); ?>>그룹관리자</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" id="stx" value="<?php echo $stx ?>" required class="required frm_input">
@@ -207,5 +207,4 @@ function fboardgrouplist_submit(f)
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/boardgroup_list_update.php b/adm/boardgroup_list_update.php
index b49a673b9..94cbd96a6 100644
--- a/adm/boardgroup_list_update.php
+++ b/adm/boardgroup_list_update.php
@@ -6,7 +6,7 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
@@ -21,18 +21,21 @@ if(!$count)
 
 for ($i=0; $i<$count; $i++)
 {
-    $k     = $post_chk[$i];
+    $k     = isset($post_chk[$i]) ? (int) $post_chk[$i] : 0;
     $gr_id = preg_replace('/[^a-z0-9_]/i', '', $post_group_id[$k]);
-    $gr_subject = is_array($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
-    $gr_admin = is_array($_POST['gr_admin']) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
+    $gr_subject = isset($_POST['gr_subject'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
+    $gr_admin = isset($_POST['gr_admin'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
+    $gr_device = isset($_POST['gr_device'][$k]) ? clean_xss_tags($_POST['gr_device'][$k], 1, 1, 10) : '';
+    $gr_use_access = isset($_POST['gr_use_access'][$k]) ? (int) $_POST['gr_use_access'][$k] : 0;
+    $gr_order = isset($_POST['gr_order'][$k]) ? (int) $_POST['gr_order'][$k] : 0;
 
     if($act_button == '선택수정') {
         $sql = " update {$g5['group_table']}
                     set gr_subject    = '{$gr_subject}',
-                        gr_device     = '".sql_real_escape_string($_POST['gr_device'][$k])."',
-                        gr_admin      = '".sql_real_escape_string($_POST['gr_admin'][$k])."',
-                        gr_use_access = '".sql_real_escape_string($_POST['gr_use_access'][$k])."',
-                        gr_order      = '".sql_real_escape_string($_POST['gr_order'][$k])."'
+                        gr_device     = '".sql_real_escape_string($gr_device)."',
+                        gr_admin      = '".sql_real_escape_string($gr_admin)."',
+                        gr_use_access = '".$gr_use_access."',
+                        gr_order      = '".$gr_order."'
                   where gr_id         = '{$gr_id}' ";
         if ($is_admin != 'super')
             $sql .= " and gr_admin    = '{$gr_admin}' ";
@@ -52,5 +55,4 @@ for ($i=0; $i<$count; $i++)
 
 run_event('admin_boardgroup_list_update', $act_button, $chk, $post_group_id, $qstr);
 
-goto_url('./boardgroup_list.php?'.$qstr);
-?>
+goto_url('./boardgroup_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/boardgroupmember_form.php b/adm/boardgroupmember_form.php
index 7a8c2d11d..529d7495d 100644
--- a/adm/boardgroupmember_form.php
+++ b/adm/boardgroupmember_form.php
@@ -2,10 +2,12 @@
 $sub_menu = "300200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $mb = get_member($mb_id);
-if (!$mb['mb_id'])
+$token = isset($token) ? $token : '';
+
+if (! (isset($mb['mb_id']) && $mb['mb_id']))
     alert('존재하지 않는 회원입니다.');
 
 $g5['title'] = '접근가능그룹';
@@ -51,7 +53,7 @@ $colspan = 4;
 <input type="hidden" name="sfl" value="<?php echo $sfl ?>" id="sfl">
 <input type="hidden" name="stx" value="<?php echo $stx ?>" id="stx">
 <input type="hidden" name="page" value="<?php echo $page ?>" id="page">
-<input type="hidden" name="token" value="<?php echo $token ?>" id="token">
+<input type="hidden" name="token" value="<?php echo get_sanitize_input($token); ?>" id="token">
 <input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
 <input type="hidden" name="w" value="d" id="w">
 
@@ -128,5 +130,4 @@ function boardgroupmember_form_check(f)
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/boardgroupmember_list.php b/adm/boardgroupmember_list.php
index 8827df7f1..2cfad069d 100644
--- a/adm/boardgroupmember_list.php
+++ b/adm/boardgroupmember_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "300200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $gr = get_group($gr_id);
 if (!$gr['gr_id']) {
@@ -59,7 +59,7 @@ $colspan = 7;
 <input type="hidden" name="gr_id" value="<?php echo $gr_id ?>">
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="a.mb_id"<?php echo get_selected($_GET['sfl'], "a.mb_id") ?>>회원아이디</option>
+    <option value="a.mb_id"<?php echo get_selected($sfl, "a.mb_id") ?>>회원아이디</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -152,5 +152,4 @@ function fboardgroupmember_submit(f)
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/boardgroupmember_update.php b/adm/boardgroupmember_update.php
index 56de9c4cc..4d943b30d 100644
--- a/adm/boardgroupmember_update.php
+++ b/adm/boardgroupmember_update.php
@@ -6,7 +6,7 @@ sql_query(" ALTER TABLE {$g5['group_member_table']} CHANGE `gm_id` `gm_id` INT(
 
 if ($w == '')
 {
-    auth_check($auth[$sub_menu], 'w');
+    auth_check_menu($auth, $sub_menu, 'w');
 
     $mb = get_member($mb_id);
     if (!$mb['mb_id']) {
@@ -39,7 +39,7 @@ if ($w == '')
 }
 else if ($w == 'd' || $w == 'ld')
 {
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
     $count = count($_POST['chk']);
     if(!$count)
@@ -66,5 +66,4 @@ else if ($w == 'd' || $w == 'ld')
 if ($w == 'ld')
     goto_url('./boardgroupmember_list.php?gr_id='.$gr_id);
 else
-    goto_url('./boardgroupmember_form.php?mb_id='.$mb_id);
-?>
+    goto_url('./boardgroupmember_form.php?mb_id='.$mb_id);
\ No newline at end of file
diff --git a/adm/browscap.php b/adm/browscap.php
index 0c287c14e..d26fc6ab1 100644
--- a/adm/browscap.php
+++ b/adm/browscap.php
@@ -41,5 +41,4 @@ $(function() {
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/browscap_convert.php b/adm/browscap_convert.php
index 7c0dfc880..9f0eac4ca 100644
--- a/adm/browscap_convert.php
+++ b/adm/browscap_convert.php
@@ -8,7 +8,7 @@ if(!(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE')
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
 
-$rows = preg_replace('#[^0-9]#', '', $_GET['rows']);
+$rows = isset($_GET['rows']) ? preg_replace('#[^0-9]#', '', $_GET['rows']) : 0;
 if(!$rows)
     $rows = 100;
 
@@ -42,5 +42,4 @@ $(function() {
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/browscap_converter.php b/adm/browscap_converter.php
index f7572edb7..a89aca909 100644
--- a/adm/browscap_converter.php
+++ b/adm/browscap_converter.php
@@ -71,5 +71,4 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
 if(($total_count - $cnt) == 0 || $total_count == 0)
     echo '<div class="check_processing"></div><p>변환완료</p>';
 else
-    echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>';
-?>
\ No newline at end of file
+    echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>';
\ No newline at end of file
diff --git a/adm/browscap_update.php b/adm/browscap_update.php
index e27a73974..2e7001018 100644
--- a/adm/browscap_update.php
+++ b/adm/browscap_update.php
@@ -20,5 +20,4 @@ $browscap->updateMethod = 'cURL';
 $browscap->cacheFilename = 'browscap_cache.php';
 $browscap->updateCache();
 
-die('');
-?>
\ No newline at end of file
+die('');
\ No newline at end of file
diff --git a/adm/cache_file_delete.php b/adm/cache_file_delete.php
index 544fad52b..808842c93 100644
--- a/adm/cache_file_delete.php
+++ b/adm/cache_file_delete.php
@@ -56,5 +56,4 @@ echo '<div class="local_desc01 local_desc"><p><strong>최신글 캐시파일 '.$
 ?>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/captcha_file_delete.php b/adm/captcha_file_delete.php
index 65cb56535..e3d0f4981 100644
--- a/adm/captcha_file_delete.php
+++ b/adm/captcha_file_delete.php
@@ -49,5 +49,4 @@ echo '<div class="local_desc01 local_desc"><p><strong>캡챠파일 '.$cnt.'건
 ?>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/config_form.php b/adm/config_form.php
index 6dcf7d90d..237b83610 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -2,7 +2,7 @@
 $sub_menu = "100100";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
@@ -304,6 +304,7 @@ $pg_anchor = '<ul class="anchor">
 if (!$config['cf_icode_server_ip'])   $config['cf_icode_server_ip'] = '211.172.232.124';
 if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295';
 
+$userinfo = array('payment'=>'');
 if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
     $userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
 }
@@ -569,14 +570,14 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
             <td colspan="3">
                 <?php if (!function_exists('curl_init')) echo help('<b>경고) curl이 지원되지 않아 네이버 신디케이션을 사용할수 없습니다.</b>'); ?>
                 <?php echo help('네이버 신디케이션 연동키(token)을 입력하면 네이버 신디케이션을 사용할 수 있습니다.<br>연동키는 <a href="http://webmastertool.naver.com/" target="_blank"><u>네이버 웹마스터도구</u></a> -> 네이버 신디케이션에서 발급할 수 있습니다.') ?>
-                <input type="text" name="cf_syndi_token" value="<?php echo $config['cf_syndi_token'] ?>" id="cf_syndi_token" class="frm_input" size="70">
+                <input type="text" name="cf_syndi_token" value="<?php echo get_sanitize_input($config['cf_syndi_token']); ?>" id="cf_syndi_token" class="frm_input" size="70">
             </td>
         </tr>
         <tr>
             <th scope="row"><label for="cf_syndi_except">네이버 신디케이션 제외게시판</label></th>
             <td colspan="3">
                 <?php echo help('네이버 신디케이션 수집에서 제외할 게시판 아이디를 | 로 구분하여 입력하십시오. 예) notice|adult<br>참고로 그룹접근사용 게시판, 글읽기 권한 2 이상 게시판, 비밀글은 신디케이션 수집에서 제외됩니다.') ?>
-                <input type="text" name="cf_syndi_except" value="<?php echo $config['cf_syndi_except'] ?>" id="cf_syndi_except" class="frm_input" size="70">
+                <input type="text" name="cf_syndi_except" value="<?php echo get_sanitize_input($config['cf_syndi_except']); ?>" id="cf_syndi_except" class="frm_input" size="70">
             </td>
         </tr>
         </tbody>
@@ -1529,5 +1530,4 @@ if($config['cf_cert_use']) {
     }
 }
 
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index f7e51ae24..d2564cd8a 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -4,39 +4,33 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
 
+$cf_title = isset($_POST['cf_title']) ? strip_tags(clean_xss_attributes($_POST['cf_title'])) : '';
+$cf_admin = isset($_POST['cf_admin']) ? clean_xss_tags($_POST['cf_admin'], 1, 1) : '';
+$posts = array();
+
 $mb = get_member($cf_admin);
-if (!$mb['mb_id'])
+
+if (! (isset($mb['mb_id']) && $mb['mb_id']))
     alert('최고관리자 회원아이디가 존재하지 않습니다.');
 
 check_admin_token();
 
-// 본인확인을 사용할 경우 아이핀, 휴대폰인증 중 하나는 선택되어야 함
-if($_POST['cf_cert_use'] && !$_POST['cf_cert_ipin'] && !$_POST['cf_cert_hp'])
-    alert('본인확인을 위해 아이핀 또는 휴대폰 본인학인 서비스를 하나이상 선택해 주십시오');
-
-if(!$_POST['cf_cert_use']) {
-    $_POST['cf_cert_ipin'] = '';
-    $_POST['cf_cert_hp'] = '';
-}
-
 $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
 
-$_POST['cf_title'] = strip_tags(clean_xss_attributes($_POST['cf_title']));
-
 $check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
 
 foreach( $check_keys as $key ){
     if ( isset($_POST[$key]) && $_POST[$key] ){
-        $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
+        $posts[$key] = $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
     }
 }
 
-$_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295';
+$posts['cf_icode_server_port'] = $_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295';
 
 if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){
 
@@ -56,9 +50,134 @@ if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){
     }
 }
 
+$check_keys = array(
+'cf_use_email_certify' => 'int',
+'cf_use_homepage' => 'int',
+'cf_req_homepage' => 'int',
+'cf_use_tel' => 'int',
+'cf_req_tel' => 'int',
+'cf_use_hp' => 'int',
+'cf_req_hp' => 'int',
+'cf_use_addr' => 'int',
+'cf_req_addr' => 'int',
+'cf_use_signature' => 'int',
+'cf_req_signature' => 'int',
+'cf_use_profile' => 'int',
+'cf_req_profile' => 'int',
+'cf_register_level' => 'int',
+'cf_register_point' => 'int',
+'cf_icon_level' => 'int',
+'cf_use_recommend' => 'int',
+'cf_leave_day' => 'int',
+'cf_search_part' => 'int',
+'cf_email_use' => 'int',
+'cf_email_wr_super_admin' => 'int',
+'cf_email_wr_group_admin' => 'int',
+'cf_email_wr_board_admin' => 'int',
+'cf_email_wr_write' => 'int',
+'cf_email_wr_comment_all' => 'int',
+'cf_email_mb_super_admin' => 'int',
+'cf_email_mb_member' => 'int',
+'cf_email_po_super_admin' => 'int',
+'cf_prohibit_id' => 'text',
+'cf_prohibit_email' => 'text',
+'cf_new_del' => 'int',
+'cf_memo_del' => 'int',
+'cf_visit_del' => 'int',
+'cf_popular_del' => 'int',
+'cf_use_member_icon' => 'int',
+'cf_member_icon_size' => 'int',
+'cf_member_icon_width' => 'int',
+'cf_member_icon_height' => 'int',
+'cf_member_img_size' => 'int',
+'cf_member_img_width' => 'int',
+'cf_member_img_height' => 'int',
+'cf_login_minutes' => 'int',
+'cf_formmail_is_member' => 'int',
+'cf_page_rows' => 'int',
+'cf_mobile_page_rows' => 'int',
+'cf_social_login_use' => 'int',
+'cf_cert_req' => 'int',
+'cf_cert_use' => 'int',
+'cf_cert_ipin' => 'char',
+'cf_cert_hp' => 'char',
+'cf_admin_email' => 'char',
+'cf_admin_email_name' => 'char',
+'cf_add_script' => 'text',
+'cf_use_point' => 'int',
+'cf_point_term' => 'int',
+'cf_use_copy_log' => 'int',
+'cf_login_point' => 'int',
+'cf_cut_name' => 'int',
+'cf_nick_modify' => 'int',
+'cf_new_skin' => 'char',
+'cf_new_rows' => 'int',
+'cf_search_skin' => 'char',
+'cf_connect_skin' => 'char',
+'cf_faq_skin' => 'char',
+'cf_read_point' => 'int',
+'cf_write_point' => 'int',
+'cf_comment_point' => 'int',
+'cf_download_point' => 'int',
+'cf_write_pages' => 'int',
+'cf_mobile_pages' => 'int',
+'cf_link_target' => 'char',
+'cf_delay_sec' => 'int',
+'cf_filter' => 'text',
+'cf_possible_ip' => 'text',
+'cf_analytics' => 'text',
+'cf_add_meta' => 'text',
+'cf_member_skin' => 'char',
+'cf_image_extension' => 'char',
+'cf_flash_extension' => 'char',
+'cf_movie_extension' => 'char',
+'cf_visit' => 'char',
+'cf_stipulation' => 'text',
+'cf_privacy' => 'text',
+'cf_open_modify' => 'int',
+'cf_memo_send_point' => 'int',
+'cf_mobile_new_skin' => 'char',
+'cf_mobile_search_skin' => 'char',
+'cf_mobile_connect_skin' => 'char',
+'cf_mobile_faq_skin' => 'char',
+'cf_mobile_member_skin' => 'char',
+'cf_captcha_mp3' => 'char',
+'cf_cert_limit' => 'int',
+'cf_sms_use' => 'char',
+'cf_sms_type' => 'char',
+'cf_icode_id' => 'char',
+'cf_icode_pw' => 'char',
+'cf_icode_server_ip' => 'char',
+'cf_captcha' => 'char',
+'cf_syndi_token' => '',
+'cf_syndi_except' => ''
+);
+
+for($i=1;$i<=10;$i++){
+    $check_keys['cf_'.$i.'_subj'] = isset($_POST['cf_'.$i.'_subj']) ? $_POST['cf_'.$i.'_subj'] : '';
+    $check_keys['cf_'.$i] = isset($_POST['cf_'.$i]) ? $_POST['cf_'.$i] : '';
+}
+
+foreach( $check_keys as $k => $v ){
+    if( $v === 'int' ){
+        $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? (int) $_POST[$k] : 0;
+    } else {
+        $posts[$key] = $_POST[$k] = isset($_POST[$k]) ? $_POST[$k] : '';
+    }
+}
+
+// 본인확인을 사용할 경우 아이핀, 휴대폰인증 중 하나는 선택되어야 함
+if($_POST['cf_cert_use'] && !$_POST['cf_cert_ipin'] && !$_POST['cf_cert_hp'])
+    alert('본인확인을 위해 아이핀 또는 휴대폰 본인학인 서비스를 하나이상 선택해 주십시오');
+
+if(!$_POST['cf_cert_use']) {
+    $posts[$key] = $_POST['cf_cert_ipin'] = '';
+    $posts[$key] = $_POST['cf_cert_hp'] = '';
+}
+
 $sql = " update {$g5['config_table']}
-            set cf_title = '{$_POST['cf_title']}',
-                cf_admin = '{$_POST['cf_admin']}',
+            set cf_title = '{$cf_title}',
+                cf_admin = '{$cf_admin}',
                 cf_admin_email = '{$_POST['cf_admin_email']}',
                 cf_admin_email_name = '{$_POST['cf_admin_email_name']}',
                 cf_add_script = '{$_POST['cf_add_script']}',
@@ -217,5 +336,4 @@ run_event('admin_config_form_update');
 
 update_rewrite_rules();
 
-goto_url('./config_form.php', false);
-?>
\ No newline at end of file
+goto_url('./config_form.php', false);
\ No newline at end of file
diff --git a/adm/contentform.php b/adm/contentform.php
index 4a8eeb1c6..7aa1184f2 100644
--- a/adm/contentform.php
+++ b/adm/contentform.php
@@ -3,7 +3,9 @@ $sub_menu = '300600';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : '';
 
 // 상단, 하단 파일경로 필드 추가
 if(!sql_query(" select co_include_head from {$g5['content_table']} limit 1 ", false)) {
@@ -51,6 +53,13 @@ else
 {
     $html_title .= ' 입력';
     $co = array(
+        'co_id' => '',
+        'co_subject' => '',
+        'co_content' => '',
+        'co_mobile_content' => '',
+        'co_include_head' => '',
+        'co_include_tail' => '',
+        'co_tag_filter_use' => 1,
         'co_html' => 2,
         'co_skin' => 'basic',
         'co_mobile_skin' => 'basic'
@@ -153,6 +162,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <input type="file" name="co_himg" id="co_himg">
             <?php
             $himg = G5_DATA_PATH.'/content/'.$co['co_id'].'_h';
+            $himg_str = '';
             if (file_exists($himg)) {
                 $size = @getimagesize($himg);
                 if($size[0] && $size[0] > 750)
@@ -177,6 +187,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <input type="file" name="co_timg" id="co_timg">
             <?php
             $timg = G5_DATA_PATH.'/content/'.$co['co_id'].'_t';
+            $timg_str = '';
             if (file_exists($timg)) {
                 $size = @getimagesize($timg);
                 if($size[0] && $size[0] > 750)
@@ -284,5 +295,4 @@ function frmcontentform_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
index af8c35007..ac1be285d 100644
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@@ -6,25 +6,27 @@ if ($w == "u" || $w == "d")
     check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 if ($w == "" || $w == "u")
 {
-    if(preg_match("/[^a-z0-9_]/i", $co_id)) alert("ID 는 영문자, 숫자, _ 만 가능합니다.");
+    if(isset($_POST['co_id']) && preg_match("/[^a-z0-9_]/i", $_POST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다.");
 
     $sql = " select * from {$g5['content_table']} where co_id = '$co_id' ";
     $co_row = sql_fetch($sql);
 }
 
-$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
+$co_id = isset($_POST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['co_id']) : '';
 $co_subject = strip_tags(clean_xss_attributes($co_subject));
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
 $co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
+$co_himg_del = (isset($_POST['co_himg_del']) && $_POST['co_himg_del']) ? 1 : 0;
+$co_timg_del = (isset($_POST['co_timg_del']) && $_POST['co_timg_del']) ? 1 : 0;
 
 // 관리자가 자동등록방지를 사용해야 할 경우
 if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
@@ -145,5 +147,4 @@ if ($w == "" || $w == "u")
 else
 {
     goto_url("./contentlist.php");
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/contentlist.php b/adm/contentlist.php
index a23437423..cf4c54660 100644
--- a/adm/contentlist.php
+++ b/adm/contentlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '300600';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 if( !isset($g5['content_table']) ){
     die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'content_table\'] = G5_TABLE_PREFIX.\'content\';</strong> 를 추가해 주세요.');
@@ -94,5 +94,4 @@ $result = sql_query($sql);
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/dbupgrade.php b/adm/dbupgrade.php
index bd5be8786..70d56a304 100644
--- a/adm/dbupgrade.php
+++ b/adm/dbupgrade.php
@@ -2,7 +2,7 @@
 $sub_menu = '100410';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = 'DB 업그레이드';
 include_once('./admin.head.php');
@@ -205,5 +205,4 @@ $db_upgrade_msg = $is_check ? 'DB 업그레이드가 완료되었습니다.' : '
 </div>
 
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/faqform.php b/adm/faqform.php
index f5791df49..33024c77d 100644
--- a/adm/faqform.php
+++ b/adm/faqform.php
@@ -3,16 +3,18 @@ $sub_menu = '300700';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$fm_id = (int) $fm_id;
-$fa_id = isset($fa_id) ? (int) $fa_id : 0;
+$fm_id = isset($_GET['fm_id']) ? (int) $_GET['fm_id'] : 0;
+$fa_id = isset($_GET['fa_id']) ? (int) $_GET['fa_id'] : 0;
 
 $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
 $fm = sql_fetch($sql);
 
 $html_title = 'FAQ '.$fm['fm_subject'];
 
+$fa = array('fa_id'=>0, 'fm_id'=>0, 'fa_subject'=>'', 'fa_content'=>'', 'fa_order'=>0);
+
 if ($w == "u")
 {
     $html_title .= " 수정";
@@ -97,5 +99,4 @@ function frmfaqform_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/faqformupdate.php b/adm/faqformupdate.php
index 35b8dcb30..2b54d1879 100644
--- a/adm/faqformupdate.php
+++ b/adm/faqformupdate.php
@@ -6,12 +6,18 @@ if ($w == "u" || $w == "d")
     check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$fm_id = isset($_POST['fm_id']) ? (int) $_POST['fm_id'] : 0;
+$fa_subject = isset($_POST['fa_subject']) ? $_POST['fa_subject'] : '';
+$fa_content = isset($_POST['fa_content']) ? $_POST['fa_content'] : '';
+$fa_order = isset($_POST['fa_order']) ? (int) $_POST['fa_order'] : 0;
+$fa_id = isset($_POST['fa_id']) ? (int) $_POST['fa_id'] : 0;
+
 $sql_common = " fa_subject = '$fa_subject',
                 fa_content = '$fa_content',
                 fa_order = '$fa_order' ";
@@ -41,5 +47,4 @@ else if ($w == "d")
 if ($w == 'd')
     goto_url("./faqlist.php?fm_id=$fm_id");
 else
-    goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id");
-?>
+    goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id");
\ No newline at end of file
diff --git a/adm/faqlist.php b/adm/faqlist.php
index 6f4849bb0..eccd16772 100644
--- a/adm/faqlist.php
+++ b/adm/faqlist.php
@@ -2,11 +2,11 @@
 $sub_menu = '300700';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = 'FAQ 상세관리';
-if ($fm_subject){
-    $fm_subject = clean_xss_tags(strip_tags($fm_subject));
+if (isset($_REQUEST['fm_subject'])){
+    $fm_subject = clean_xss_tags($_REQUEST['fm_subject'], 1, 1, 255);
     $g5['title'] .= ' : '.$fm_subject;
 }
 
@@ -96,5 +96,4 @@ $result = sql_query($sql);
 
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/faqmasterform.php b/adm/faqmasterform.php
index 4ac3f6f80..5e3410615 100644
--- a/adm/faqmasterform.php
+++ b/adm/faqmasterform.php
@@ -3,11 +3,11 @@ $sub_menu = '300700';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $html_title = 'FAQ';
 
-$fm_id = preg_replace('/[^0-9]/', '', $fm_id);
+$fm_id = isset($_GET['fm_id']) ? preg_replace('/[^0-9]/', '', $_GET['fm_id']) : 0;
 
 if ($w == "u")
 {
@@ -21,7 +21,7 @@ if ($w == "u")
 else
 {
     $html_title .= ' 입력';
-    $fm = array();
+    $fm = array('fm_order'=>'', 'fm_subject'=>'', 'fm_id'=>0, 'fm_head_html'=> '', 'fm_tail_html'=> '', 'fm_mobile_head_html' => '', 'fm_mobile_tail_html' => '');
 }
 
 $g5['title'] = $html_title.' 관리';
@@ -72,6 +72,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <input type="file" name="fm_himg" id="fm_himg">
             <?php
             $himg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_h';
+            $himg_str = '';
             if (file_exists($himg)) {
                 $size = @getimagesize($himg);
                 if($size[0] && $size[0] > 750)
@@ -96,6 +97,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
             <input type="file" name="fm_timg" id="fm_timg">
             <?php
             $timg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_t';
+            $timg_str = '';
             if (file_exists($timg)) {
                 $size = @getimagesize($timg);
                 if($size[0] && $size[0] > 750)
@@ -162,5 +164,4 @@ function frmfaqmasterform_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/faqmasterformupdate.php b/adm/faqmasterformupdate.php
index 609e805b3..bdc3c39a1 100644
--- a/adm/faqmasterformupdate.php
+++ b/adm/faqmasterformupdate.php
@@ -5,21 +5,29 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
     check_demo();
 
-if ($W == 'd')
-    auth_check($auth[$sub_menu], "d");
+if ($w == 'd')
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 @mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
 @chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
 
+$fm_id = isset($_POST['fm_id']) ? (int) $_POST['fm_id'] : 0;
+$fm_himg_del = isset($_POST['fm_himg_del']) ? (int) $_POST['fm_himg_del'] : 0;
+$fm_timg_del = isset($_POST['fm_timg_del']) ? (int) $_POST['fm_timg_del'] : 0;
+$fm_subject = isset($_POST['fm_subject']) ? strip_tags(clean_xss_attributes($_POST['fm_subject'])) : '';
+$fm_head_html = isset($_POST['fm_head_html']) ? $_POST['fm_head_html'] : '';
+$fm_tail_html = isset($_POST['fm_tail_html']) ? $_POST['fm_tail_html'] : '';
+$fm_mobile_head_html = isset($_POST['fm_mobile_head_html']) ? $_POST['fm_mobile_head_html'] : '';
+$fm_mobile_tail_html = isset($_POST['fm_mobile_tail_html']) ? $_POST['fm_mobile_tail_html'] : '';
+$fm_order = isset($_POST['fm_order']) ? (int) $_POST['fm_order'] : 0;
+
 if ($fm_himg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
 if ($fm_timg_del)  @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
 
-$fm_subject = strip_tags(clean_xss_attributes($fm_subject));
-
 $sql_common = " set fm_subject = '$fm_subject',
                     fm_head_html = '$fm_head_html',
                     fm_tail_html = '$fm_tail_html',
@@ -72,5 +80,4 @@ if ($w == "" || $w == "u")
     goto_url("./faqmasterform.php?w=u&amp;fm_id=$fm_id");
 }
 else
-    goto_url("./faqmasterlist.php");
-?>
+    goto_url("./faqmasterlist.php");
\ No newline at end of file
diff --git a/adm/faqmasterlist.php b/adm/faqmasterlist.php
index 50dfc11e0..d5abfbb9d 100644
--- a/adm/faqmasterlist.php
+++ b/adm/faqmasterlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '300700';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 //dbconfig파일에 $g5['faq_table'] , $g5['faq_master_table'] 배열변수가 있는지 체크
 if( !isset($g5['faq_table']) || !isset($g5['faq_master_table']) ){
@@ -124,5 +124,4 @@ $result = sql_query($sql);
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/index.php b/adm/index.php
index 4a2020238..f6b954dc4 100644
--- a/adm/index.php
+++ b/adm/index.php
@@ -138,7 +138,7 @@ $sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['g
 
 if ($gr_id)
     $sql_common .= " and b.gr_id = '$gr_id' ";
-if ($view) {
+if (isset($view) && $view) {
     if ($view == 'w')
         $sql_common .= " and a.wr_id = a.wr_parent ";
     else if ($view == 'c')
@@ -314,5 +314,4 @@ $colspan = 7;
 </section>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/mail_delete.php b/adm/mail_delete.php
index a190802eb..a351bd879 100644
--- a/adm/mail_delete.php
+++ b/adm/mail_delete.php
@@ -4,21 +4,20 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 
 if(!$count)
     alert('삭제할 메일목록을 1개이상 선택해 주세요.');
 
 for($i=0; $i<$count; $i++) {
-    $ma_id = $_POST['chk'][$i];
+    $ma_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
     $sql = " delete from {$g5['mail_table']} where ma_id = '$ma_id' ";
     sql_query($sql);
 }
 
-goto_url('./mail_list.php');
-?>
\ No newline at end of file
+goto_url('./mail_list.php');
\ No newline at end of file
diff --git a/adm/mail_form.php b/adm/mail_form.php
index 6ee6fb95b..a7671fb3b 100644
--- a/adm/mail_form.php
+++ b/adm/mail_form.php
@@ -3,15 +3,16 @@ $sub_menu = "200300";
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $html_title = '회원메일';
 
+$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
+$ma = array('ma_id'=>0, 'ma_subject'=>'', 'ma_content'=>'');
+
 if ($w == 'u') {
     $html_title .= '수정';
     $readonly = ' readonly';
-    
-    $ma_id = (int) $ma_id;
 
     $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
     $ma = sql_fetch($sql);
@@ -82,5 +83,4 @@ document.fmailform.ma_subject.focus();
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/mail_list.php b/adm/mail_list.php
index 587a8ddb0..9e2368ff4 100644
--- a/adm/mail_list.php
+++ b/adm/mail_list.php
@@ -2,7 +2,7 @@
 $sub_menu = '200300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $sql_common = " from {$g5['mail_table']} ";
 
@@ -101,5 +101,4 @@ $(function() {
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/mail_preview.php b/adm/mail_preview.php
index 16abd479d..a13020e5c 100644
--- a/adm/mail_preview.php
+++ b/adm/mail_preview.php
@@ -3,7 +3,9 @@ $sub_menu = "200300";
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
 
 $se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");
 
diff --git a/adm/mail_select_form.php b/adm/mail_select_form.php
index a8115297d..076e3a60f 100644
--- a/adm/mail_select_form.php
+++ b/adm/mail_select_form.php
@@ -5,7 +5,9 @@ include_once('./_common.php');
 if (!$config['cf_email_use'])
     alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
 
 $sql = " select * from {$g5['mail_table']} where ma_id = '$ma_id' ";
 $ma = sql_fetch($sql);
@@ -26,8 +28,8 @@ $last_option = explode('||', $ma['ma_last_option']);
 for ($i=0; $i<count($last_option); $i++) {
     $option = explode('=', $last_option[$i]);
     // 동적변수
-    $var = $option[0];
-    $$var = $option[1];
+    $var = isset($option[0]) ? $option[0] : '';
+    if( isset($option[1]) ) $$var = $option[1];
 }
 
 if (!isset($mb_id1)) $mb_id1 = 1;
@@ -35,6 +37,10 @@ if (!isset($mb_level_from)) $mb_level_from = 1;
 if (!isset($mb_level_to)) $mb_level_to = 10;
 if (!isset($mb_mailling)) $mb_mailling = 1;
 
+$mb_id1_from = isset($mb_id1_from) ? clean_xss_tags($mb_id1_from, 1, 1, 30) : '';
+$mb_id1_to = isset($mb_id1_to) ? clean_xss_tags($mb_id1_to, 1, 1, 30) : '';
+$mb_email = isset($mb_email) ? clean_xss_tags($mb_email, 1, 1, 100) : '';
+
 $g5['title'] = '회원메일발송';
 include_once('./admin.head.php');
 ?>
@@ -55,15 +61,15 @@ include_once('./admin.head.php');
         <td>
             <input type="radio" name="mb_id1" value="1" id="mb_id1_all" <?php echo $mb_id1?"checked":""; ?>> <label for="mb_id1_all">전체</label>
             <input type="radio" name="mb_id1" value="0" id="mb_id1_section" <?php echo !$mb_id1?"checked":""; ?>> <label for="mb_id1_section">구간</label>
-            <input type="text" name="mb_id1_from" value="<?php echo $mb_id1_from ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서
-            <input type="text" name="mb_id1_to" value="<?php echo $mb_id1_to ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지
+            <input type="text" name="mb_id1_from" value="<?php echo get_sanitize_input($mb_id1_from); ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서
+            <input type="text" name="mb_id1_to" value="<?php echo get_sanitize_input($mb_id1_to); ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지
         </td>
     </tr>
     <tr>
         <th scope="row"><label for="mb_email">E-mail</label></th>
         <td>
             <?php echo help("메일 주소에 단어 포함 (예 : @".preg_replace('#^(www[^\.]*\.){1}#', '', $_SERVER['HTTP_HOST']).")") ?>
-            <input type="text" name="mb_email" value="<?php echo $mb_email ?>" id="mb_email" class="frm_input" size="50">
+            <input type="text" name="mb_email" value="<?php echo get_sanitize_input($mb_email); ?>" id="mb_email" class="frm_input" size="50">
         </td>
     </tr>
     <tr>
@@ -118,5 +124,4 @@ include_once('./admin.head.php');
 </form>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/mail_select_list.php b/adm/mail_select_list.php
index b78b55375..e08032e79 100644
--- a/adm/mail_select_list.php
+++ b/adm/mail_select_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "200300";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $ma_last_option = "";
 
@@ -117,5 +117,4 @@ include_once('./admin.head.php');
 </form>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/mail_select_update.php b/adm/mail_select_update.php
index 219e58573..4a7ba5be8 100644
--- a/adm/mail_select_update.php
+++ b/adm/mail_select_update.php
@@ -2,7 +2,7 @@
 $sub_menu = "200300";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $html_title = '회원메일 발송';
 
@@ -26,14 +26,12 @@ echo "</span>";
 
 <?php
 include_once('./admin.tail.php');
-?>
 
-<?php
 flush();
 ob_flush();
 
-$ma_id = trim($_POST['ma_id']);
-$select_member_list = trim($_POST['ma_list']);
+$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
+$select_member_list = isset($_POST['ma_list']) ? trim($_POST['ma_list']) : '';
 
 //print_r2($_POST); EXIT;
 $member_list = explode("\n", conv_unescape_nl($select_member_list));
@@ -84,4 +82,4 @@ for ($i=0; $i<count($member_list); $i++)
     }
 }
 ?>
-<script> document.all.cont.innerHTML += "<br><br>총 <?php echo number_format($cnt) ?>건 발송<br><br><font color=crimson><b>[끝]</b></font>"; document.body.scrollTop += 1000; </script>
+<script> document.all.cont.innerHTML += "<br><br>총 <?php echo number_format($cnt) ?>건 발송<br><br><font color=crimson><b>[끝]</b></font>"; document.body.scrollTop += 1000; </script>
\ No newline at end of file
diff --git a/adm/mail_test.php b/adm/mail_test.php
index bc321f545..3731a3f2a 100644
--- a/adm/mail_test.php
+++ b/adm/mail_test.php
@@ -7,7 +7,7 @@ if (!$config['cf_email_use'])
 
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_demo();
 
@@ -17,6 +17,7 @@ $name = get_text($member['mb_name']);
 $nick = $member['mb_nick'];
 $mb_id = $member['mb_id'];
 $email = $member['mb_email'];
+$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
 
 $sql = "select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
 $ma = sql_fetch($sql);
@@ -35,5 +36,4 @@ $content = $content . '<p>더 이상 정보 수신을 원치 않으시면 [<a hr
 
 mailer($config['cf_title'], $member['mb_email'], $member['mb_email'], $subject, $content, 1);
 
-alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.');
-?>
+alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.');
\ No newline at end of file
diff --git a/adm/mail_update.php b/adm/mail_update.php
index 04d04ac92..844aa4435 100644
--- a/adm/mail_update.php
+++ b/adm/mail_update.php
@@ -5,18 +5,19 @@ include_once('./_common.php');
 if ($w == 'u' || $w == 'd')
     check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
 $ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
 $ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : '';
+$ma_content = isset($_POST['ma_content']) ? $_POST['ma_content'] : '';
 
 if ($w == '')
 {
     $sql = " insert {$g5['mail_table']}
                 set ma_subject = '{$ma_subject}',
-                     ma_content = '{$_POST['ma_content']}',
+                     ma_content = '{$ma_content}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}' ";
     sql_query($sql);
@@ -25,7 +26,7 @@ else if ($w == 'u')
 {
     $sql = " update {$g5['mail_table']}
                 set ma_subject = '{$ma_subject}',
-                     ma_content = '{$_POST['ma_content']}',
+                     ma_content = '{$ma_content}',
                      ma_time = '".G5_TIME_YMDHIS."',
                      ma_ip = '{$_SERVER['REMOTE_ADDR']}'
                 where ma_id = '{$ma_id}' ";
@@ -37,5 +38,4 @@ else if ($w == 'd')
     sql_query($sql);
 }
 
-goto_url('./mail_list.php');
-?>
+goto_url('./mail_list.php');
\ No newline at end of file
diff --git a/adm/member_delete.php b/adm/member_delete.php
index e536f6c57..6f675f347 100644
--- a/adm/member_delete.php
+++ b/adm/member_delete.php
@@ -4,11 +4,11 @@ include_once("./_common.php");
 
 check_demo();
 
-auth_check($auth[$sub_menu], "d");
+auth_check_menu($auth, $sub_menu, "d");
 
-$mb = get_member($_POST['mb_id']);
+$mb = isset($_POST['mb_id']) ? get_member($_POST['mb_id']) : array();
 
-if (!$mb['mb_id'])
+if (! (isset($mb['mb_id']) && $mb['mb_id']))
     alert("회원자료가 존재하지 않습니다.");
 else if ($member['mb_id'] == $mb['mb_id'])
     alert("로그인 중인 관리자는 삭제 할 수 없습니다.");
@@ -25,5 +25,4 @@ member_delete($mb['mb_id']);
 if ($url)
     goto_url("{$url}?$qstr&amp;w=u&amp;mb_id=$mb_id");
 else
-    goto_url("./member_list.php?$qstr");
-?>
+    goto_url("./member_list.php?$qstr");
\ No newline at end of file
diff --git a/adm/member_form.php b/adm/member_form.php
index a5b249d35..470fccced 100644
--- a/adm/member_form.php
+++ b/adm/member_form.php
@@ -2,7 +2,46 @@
 $sub_menu = "200100";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
+
+$mb = array(
+'mb_certify' => null,
+'mb_adult' => null,
+'mb_sms' => null,
+'mb_intercept_date' => null,
+'mb_id' => null,
+'mb_name' => null,
+'mb_nick' => null,
+'mb_point' => null,
+'mb_email' => null,
+'mb_homepage' => null,
+'mb_hp' => null,
+'mb_tel' => null,
+'mb_zip1' => null,
+'mb_zip2' => null,
+'mb_addr1' => null,
+'mb_addr2' => null,
+'mb_addr3' => null,
+'mb_addr_jibeon' => null,
+'mb_signature' => null,
+'mb_profile' => null,
+'mb_memo' => null,
+'mb_leave_date' => null,
+'mb_1' => null,
+'mb_2' => null,
+'mb_3' => null,
+'mb_4' => null,
+'mb_5' => null,
+'mb_6' => null,
+'mb_7' => null,
+'mb_8' => null,
+'mb_9' => null,
+'mb_10' => null,
+);
+
+$sound_only = '';
+$required_mb_id_class = '';
+$required_mb_password = '';
 
 if ($w == '')
 {
@@ -26,7 +65,6 @@ else if ($w == 'u')
         alert('자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.');
 
     $required_mb_id = 'readonly';
-    $required_mb_password = '';
     $html_title = '수정';
 
     $mb['mb_name'] = get_text($mb['mb_name']);
@@ -481,5 +519,4 @@ function fmember_submit(f)
 <?php
 run_event('admin_member_form_after', $mb, $w);
 
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/member_form_update.php b/adm/member_form_update.php
index a0c87eb9d..163fbcb74 100644
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@@ -7,11 +7,14 @@ include_once(G5_LIB_PATH.'/thumbnail.lib.php');
 if ($w == 'u')
     check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
-$mb_id = trim($_POST['mb_id']);
+$mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
+$mb_certify_case = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
+$mb_certify = isset($_POST['mb_certify']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify']) : '';
+$mb_zip = isset($_POST['mb_zip']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_zip']) : '';
 
 // 휴대폰번호 체크
 $mb_hp = hyphen_hp_number($_POST['mb_hp']);
@@ -22,72 +25,101 @@ if($mb_hp) {
 }
 
 // 인증정보처리
-if($_POST['mb_certify_case'] && $_POST['mb_certify']) {
-    $mb_certify = $_POST['mb_certify_case'];
-    $mb_adult = $_POST['mb_adult'];
+if($mb_certify_case && $mb_certify) {
+    $mb_certify = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
+    $mb_adult = isset($_POST['mb_adult']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_adult']) : '';
 } else {
     $mb_certify = '';
     $mb_adult = 0;
 }
 
-$mb_zip1 = substr($_POST['mb_zip'], 0, 3);
-$mb_zip2 = substr($_POST['mb_zip'], 3);
+$mb_zip1 = substr($mb_zip, 0, 3);
+$mb_zip2 = substr($mb_zip, 3);
 
 $mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
 $mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : '';
 
 if ($msg = valid_mb_nick($mb_nick))     alert($msg, "", true, true);
 
-$sql_common = "  mb_name = '{$_POST['mb_name']}',
+$posts = array();
+$check_keys = array(
+'mb_name',
+'mb_homepage',
+'mb_tel',
+'mb_addr1',
+'mb_addr2',
+'mb_addr3',
+'mb_addr_jibeon',
+'mb_signature',
+'mb_leave_date',
+'mb_intercept_date',
+'mb_mailling',
+'mb_sms',
+'mb_open',
+'mb_profile',
+'mb_level'
+);
+
+for($i=1;$i<=10;$i++){
+    $check_keys[] = 'mb_'.$i; 
+}
+
+foreach( $check_keys as $key ){
+    $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+}
+
+$mb_memo = isset($_POST['mb_memo']) ? $_POST['mb_memo'] : '';
+
+$sql_common = "  mb_name = '{$posts['mb_name']}',
                  mb_nick = '{$mb_nick}',
                  mb_email = '{$mb_email}',
-                 mb_homepage = '{$_POST['mb_homepage']}',
-                 mb_tel = '{$_POST['mb_tel']}',
+                 mb_homepage = '{$posts['mb_homepage']}',
+                 mb_tel = '{$posts['mb_tel']}',
                  mb_hp = '{$mb_hp}',
                  mb_certify = '{$mb_certify}',
                  mb_adult = '{$mb_adult}',
                  mb_zip1 = '$mb_zip1',
                  mb_zip2 = '$mb_zip2',
-                 mb_addr1 = '{$_POST['mb_addr1']}',
-                 mb_addr2 = '{$_POST['mb_addr2']}',
-                 mb_addr3 = '{$_POST['mb_addr3']}',
-                 mb_addr_jibeon = '{$_POST['mb_addr_jibeon']}',
-                 mb_signature = '{$_POST['mb_signature']}',
-                 mb_leave_date = '{$_POST['mb_leave_date']}',
-                 mb_intercept_date='{$_POST['mb_intercept_date']}',
-                 mb_memo = '{$_POST['mb_memo']}',
-                 mb_mailling = '{$_POST['mb_mailling']}',
-                 mb_sms = '{$_POST['mb_sms']}',
-                 mb_open = '{$_POST['mb_open']}',
-                 mb_profile = '{$_POST['mb_profile']}',
-                 mb_level = '{$_POST['mb_level']}',
-                 mb_1 = '{$_POST['mb_1']}',
-                 mb_2 = '{$_POST['mb_2']}',
-                 mb_3 = '{$_POST['mb_3']}',
-                 mb_4 = '{$_POST['mb_4']}',
-                 mb_5 = '{$_POST['mb_5']}',
-                 mb_6 = '{$_POST['mb_6']}',
-                 mb_7 = '{$_POST['mb_7']}',
-                 mb_8 = '{$_POST['mb_8']}',
-                 mb_9 = '{$_POST['mb_9']}',
-                 mb_10 = '{$_POST['mb_10']}' ";
+                 mb_addr1 = '{$posts['mb_addr1']}',
+                 mb_addr2 = '{$posts['mb_addr2']}',
+                 mb_addr3 = '{$posts['mb_addr3']}',
+                 mb_addr_jibeon = '{$posts['mb_addr_jibeon']}',
+                 mb_signature = '{$posts['mb_signature']}',
+                 mb_leave_date = '{$posts['mb_leave_date']}',
+                 mb_intercept_date='{$posts['mb_intercept_date']}',
+                 mb_memo = '{$mb_memo}',
+                 mb_mailling = '{$posts['mb_mailling']}',
+                 mb_sms = '{$posts['mb_sms']}',
+                 mb_open = '{$posts['mb_open']}',
+                 mb_profile = '{$posts['mb_profile']}',
+                 mb_level = '{$posts['mb_level']}',
+                 mb_1 = '{$posts['mb_1']}',
+                 mb_2 = '{$posts['mb_2']}',
+                 mb_3 = '{$posts['mb_3']}',
+                 mb_4 = '{$posts['mb_4']}',
+                 mb_5 = '{$posts['mb_5']}',
+                 mb_6 = '{$posts['mb_6']}',
+                 mb_7 = '{$posts['mb_7']}',
+                 mb_8 = '{$posts['mb_8']}',
+                 mb_9 = '{$posts['mb_9']}',
+                 mb_10 = '{$posts['mb_10']}' ";
 
 if ($w == '')
 {
     $mb = get_member($mb_id);
-    if ($mb['mb_id'])
+    if (isset($mb['mb_id']) && $mb['mb_id'])
         alert('이미 존재하는 회원아이디입니다.\\nＩＤ : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']);
 
     // 닉네임중복체크
     $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' ";
     $row = sql_fetch($sql);
-    if ($row['mb_id'])
+    if (isset($row['mb_id']) && $row['mb_id'])
         alert('이미 존재하는 닉네임입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
 
     // 이메일중복체크
     $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' ";
     $row = sql_fetch($sql);
-    if ($row['mb_id'])
+    if (isset($row['mb_id']) && $row['mb_id'])
         alert('이미 존재하는 이메일입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
 
     sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".get_encrypt_string($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} ");
@@ -95,7 +127,7 @@ if ($w == '')
 else if ($w == 'u')
 {
     $mb = get_member($mb_id);
-    if (!$mb['mb_id'])
+    if (! (isset($mb['mb_id']) && $mb['mb_id']))
         alert('존재하지 않는 회원자료입니다.');
 
     if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level'])
@@ -105,19 +137,19 @@ else if ($w == 'u')
         alert('최고관리자의 비밀번호를 수정할수 없습니다.');
     }
 
-    if ($_POST['mb_id'] == $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
+    if ($mb_id === $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
         alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
 
     // 닉네임중복체크
     $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' ";
     $row = sql_fetch($sql);
-    if ($row['mb_id'])
+    if (isset($row['mb_id']) && $row['mb_id'])
         alert('이미 존재하는 닉네임입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
 
     // 이메일중복체크
     $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' ";
     $row = sql_fetch($sql);
-    if ($row['mb_id'])
+    if (isset($row['mb_id']) && $row['mb_id'])
         alert('이미 존재하는 이메일입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
 
     if ($mb_password)
@@ -125,7 +157,7 @@ else if ($w == 'u')
     else
         $sql_password = "";
 
-    if ($passive_certify)
+    if (isset($passive_certify) && $passive_certify)
         $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
     else
         $sql_certify = "";
@@ -146,7 +178,7 @@ if( $w == '' || $w == 'u' ){
     $mb_icon_img = get_mb_icon_name($mb_id).'.gif';
 
     // 회원 아이콘 삭제
-    if ($del_mb_icon)
+    if (isset($del_mb_icon) && $del_mb_icon)
         @unlink(G5_DATA_PATH.'/member/'.$mb_dir.'/'.$mb_icon_img);
 
     $image_regex = "/(\.(gif|jpe?g|png))$/i";
@@ -196,7 +228,7 @@ if( $w == '' || $w == 'u' ){
     $mb_img_dir .= substr($mb_id,0,2);
 
     // 회원 이미지 삭제
-    if ($del_mb_img)
+    if (isset($del_mb_img) && $del_mb_img)
         @unlink($mb_img_dir.'/'.$mb_icon_img);
 
     // 아이콘 업로드
@@ -238,5 +270,4 @@ if( $w == '' || $w == 'u' ){
 
 run_event('admin_member_form_update', $w, $mb_id);
 
-goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
-?>
\ No newline at end of file
+goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
\ No newline at end of file
diff --git a/adm/member_list.php b/adm/member_list.php
index e8bcf4611..248b62be8 100644
--- a/adm/member_list.php
+++ b/adm/member_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "200100";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $sql_common = " from {$g5['member_table']} ";
 
@@ -78,17 +78,17 @@ $colspan = 16;
 
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
-    <option value="mb_nick"<?php echo get_selected($_GET['sfl'], "mb_nick"); ?>>닉네임</option>
-    <option value="mb_name"<?php echo get_selected($_GET['sfl'], "mb_name"); ?>>이름</option>
-    <option value="mb_level"<?php echo get_selected($_GET['sfl'], "mb_level"); ?>>권한</option>
-    <option value="mb_email"<?php echo get_selected($_GET['sfl'], "mb_email"); ?>>E-MAIL</option>
-    <option value="mb_tel"<?php echo get_selected($_GET['sfl'], "mb_tel"); ?>>전화번호</option>
-    <option value="mb_hp"<?php echo get_selected($_GET['sfl'], "mb_hp"); ?>>휴대폰번호</option>
-    <option value="mb_point"<?php echo get_selected($_GET['sfl'], "mb_point"); ?>>포인트</option>
-    <option value="mb_datetime"<?php echo get_selected($_GET['sfl'], "mb_datetime"); ?>>가입일시</option>
-    <option value="mb_ip"<?php echo get_selected($_GET['sfl'], "mb_ip"); ?>>IP</option>
-    <option value="mb_recommend"<?php echo get_selected($_GET['sfl'], "mb_recommend"); ?>>추천인</option>
+    <option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
+    <option value="mb_nick"<?php echo get_selected($sfl, "mb_nick"); ?>>닉네임</option>
+    <option value="mb_name"<?php echo get_selected($sfl, "mb_name"); ?>>이름</option>
+    <option value="mb_level"<?php echo get_selected($sfl, "mb_level"); ?>>권한</option>
+    <option value="mb_email"<?php echo get_selected($sfl, "mb_email"); ?>>E-MAIL</option>
+    <option value="mb_tel"<?php echo get_selected($sfl, "mb_tel"); ?>>전화번호</option>
+    <option value="mb_hp"<?php echo get_selected($sfl, "mb_hp"); ?>>휴대폰번호</option>
+    <option value="mb_point"<?php echo get_selected($sfl, "mb_point"); ?>>포인트</option>
+    <option value="mb_datetime"<?php echo get_selected($sfl, "mb_datetime"); ?>>가입일시</option>
+    <option value="mb_ip"<?php echo get_selected($sfl, "mb_ip"); ?>>IP</option>
+    <option value="mb_recommend"<?php echo get_selected($sfl, "mb_recommend"); ?>>추천인</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -330,5 +330,4 @@ function fmemberlist_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/member_list_delete.php b/adm/member_list_delete.php
index f416a6011..eeab528f7 100644
--- a/adm/member_list_delete.php
+++ b/adm/member_list_delete.php
@@ -4,7 +4,7 @@ include_once("./_common.php");
 
 check_demo();
 
-auth_check($auth[$sub_menu], "d");
+auth_check_menu($auth, $sub_menu, "d");
 
 check_admin_token();
 
@@ -33,5 +33,4 @@ for ($i=0; $i<count($chk); $i++)
 if ($msg)
     echo "<script type='text/javascript'> alert('$msg'); </script>";
 
-goto_url("./member_list.php?$qstr");
-?>
+goto_url("./member_list.php?$qstr");
\ No newline at end of file
diff --git a/adm/member_list_update.php b/adm/member_list_update.php
index 7e250d4af..82a2db6c3 100644
--- a/adm/member_list_update.php
+++ b/adm/member_list_update.php
@@ -4,46 +4,54 @@ include_once('./_common.php');
 
 check_demo();
 
-if (!count($_POST['chk'])) {
+if (! (isset($_POST['chk']) && is_array($_POST['chk']))) {
     alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
 }
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
 $mb_datas = array();
+$msg = '';
 
 if ($_POST['act_button'] == "선택수정") {
 
     for ($i=0; $i<count($_POST['chk']); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+        
+        $post_mb_certify = (isset($_POST['mb_certify'][$k]) && $_POST['mb_certify'][$k]) ? clean_xss_tags($_POST['mb_certify'][$k], 1, 1, 20) : '';
+        $post_mb_level = isset($_POST['mb_level'][$k]) ? (int) $_POST['mb_level'][$k] : 0;
+        $post_mb_intercept_date = (isset($_POST['mb_intercept_date'][$k]) && $_POST['mb_intercept_date'][$k]) ? clean_xss_tags($_POST['mb_intercept_date'][$k], 1, 1, 8) : '';
+        $post_mb_mailling = isset($_POST['mb_mailling'][$k]) ? (int) $_POST['mb_mailling'][$k] : 0;
+        $post_mb_sms = isset($_POST['mb_sms'][$k]) ? (int) $_POST['mb_sms'][$k] : 0;
+        $post_mb_open = isset($_POST['mb_open'][$k]) ? (int) $_POST['mb_open'][$k] : 0;
 
         $mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
 
-        if (!$mb['mb_id']) {
+        if (! (isset($mb['mb_id']) && $mb['mb_id'])) {
             $msg .= $mb['mb_id'].' : 회원자료가 존재하지 않습니다.\\n';
         } else if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level']) {
             $msg .= $mb['mb_id'].' : 자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.\\n';
         } else if ($member['mb_id'] == $mb['mb_id']) {
             $msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n';
         } else {
-            if($_POST['mb_certify'][$k])
-                $mb_adult = (int) $_POST['mb_adult'][$k];
+            if($post_mb_certify)
+                $mb_adult = isset($_POST['mb_adult'][$k]) ? (int) $_POST['mb_adult'][$k] : 0;
             else
                 $mb_adult = 0;
 
             $sql = " update {$g5['member_table']}
-                        set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."',
-                            mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."',
-                            mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."',
-                            mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."',
-                            mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."',
-                            mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."',
+                        set mb_level = '".$post_mb_level."',
+                            mb_intercept_date = '".sql_real_escape_string($post_mb_intercept_date)."',
+                            mb_mailling = '".$post_mb_mailling."',
+                            mb_sms = '".$post_mb_sms."',
+                            mb_open = '".$post_mb_open."',
+                            mb_certify = '".sql_real_escape_string($post_mb_certify)."',
                             mb_adult = '{$mb_adult}'
-                        where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' ";
+                        where mb_id = '".sql_real_escape_string($mb['mb_id'])."' ";
             sql_query($sql);
         }
     }
@@ -53,7 +61,7 @@ if ($_POST['act_button'] == "선택수정") {
     for ($i=0; $i<count($_POST['chk']); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
         $mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
 
@@ -78,5 +86,4 @@ if ($msg)
 
 run_event('admin_member_list_update', $_POST['act_button'], $mb_datas);
 
-goto_url('./member_list.php?'.$qstr);
-?>
+goto_url('./member_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/menu_form.php b/adm/menu_form.php
index bb421af1c..59bbd4415 100644
--- a/adm/menu_form.php
+++ b/adm/menu_form.php
@@ -8,7 +8,7 @@ if ($is_admin != 'super')
 $g5['title'] = '메뉴 추가';
 include_once(G5_PATH.'/head.sub.php');
 
-$code = isset($code) ? preg_replace('/[^0-9a-zA-Z]/', '', strip_tags($code)) : '';
+$code = isset($_GET['code']) ? preg_replace('/[^0-9a-zA-Z]/', '', $_GET['code']) : '';
 
 // 코드
 if($new == 'new' || !$code) {
@@ -174,10 +174,10 @@ function add_menu_list(name, link, code)
     else
         $menu_last = $menulist.find("tr.menu_list:last");
 
-	if($menu_last.size() > 0) {
+	if($menu_last.length > 0) {
         $menu_last.after(list);
     } else {
-        if($menulist.find("#empty_menu_list").size() > 0)
+        if($menulist.find("#empty_menu_list").length > 0)
             $menulist.find("#empty_menu_list").remove();
 
         $menulist.find("table tbody").append(list);
@@ -193,5 +193,4 @@ function add_menu_list(name, link, code)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/menu_form_search.php b/adm/menu_form_search.php
index 497ee3ee1..bb26e26f4 100644
--- a/adm/menu_form_search.php
+++ b/adm/menu_form_search.php
@@ -4,6 +4,8 @@ include_once('./_common.php');
 if ($is_admin != 'super')
     die('최고관리자만 접근 가능합니다.');
 
+$type = isset($_REQUEST['type']) ? preg_replace('/[^0-9a-z_]/i', '', $_REQUEST['type']) : '';
+
 switch($type) {
     case 'group':
         $sql = " select gr_id as id, gr_subject as subject
@@ -24,9 +26,7 @@ switch($type) {
         $sql = '';
         break;
 }
-?>
 
-<?php
 if($sql) {
     $result = sql_query($sql);
 
@@ -123,4 +123,4 @@ if($sql) {
     <button type="button" id="add_manual" class="btn_submit btn">추가</button>
     <button type="button" class="btn_02 btn" onclick="window.close();">창닫기</button>
 </div>
-<?php } ?>
\ No newline at end of file
+<?php } // end if;
\ No newline at end of file
diff --git a/adm/menu_list.php b/adm/menu_list.php
index 4ff7db524..e15c50724 100644
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@@ -31,6 +31,7 @@ $g5['title'] = "메뉴설정";
 include_once('./admin.head.php');
 
 $colspan = 7;
+$sub_menu_info = '';
 ?>
 
 <div class="local_desc01 local_desc">
@@ -143,14 +144,14 @@ $(function() {
             return false;
 
         var $tr = $(this).closest("tr");
-        if($tr.find("td.sub_menu_class").size() > 0) {
+        if($tr.find("td.sub_menu_class").length > 0) {
             $tr.remove();
         } else {
             var code = $(this).closest("tr").find("input[name='code[]']").val().substr(0, 2);
             $("tr.menu_group_"+code).remove();
         }
 
-        if($("#menulist tr.menu_list").size() < 1) {
+        if($("#menulist tr.menu_list").length < 1) {
             var list = "<tr id=\"empty_menu_list\"><td colspan=\"<?php echo $colspan; ?>\" class=\"empty_table\">자료가 없습니다.</td></tr>\n";
             $("#menulist table tbody").append(list);
         } else {
@@ -215,5 +216,4 @@ function fmenulist_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index 528a5a42b..9a3ecd499 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -70,5 +70,4 @@ for ($i=0; $i<$count; $i++)
 
 run_event('admin_menu_list_update');
 
-goto_url('./menu_list.php');
-?>
+goto_url('./menu_list.php');
\ No newline at end of file
diff --git a/adm/newwinform.php b/adm/newwinform.php
index 9bee28483..2f535c443 100644
--- a/adm/newwinform.php
+++ b/adm/newwinform.php
@@ -3,9 +3,15 @@ $sub_menu = '100310';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$nw_id = preg_replace('/[^0-9]/', '', $nw_id);
+$nw_id = isset($_REQUEST['nw_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['nw_id']) : 0;
+$nw = array(
+'nw_begin_time'=>'',
+'nw_end_time'=>'',
+'nw_subject'=>'',
+'nw_content'=>'',
+);
 
 $html_title = "팝업레이어";
 
@@ -18,7 +24,7 @@ if ($w == "u")
     $html_title .= " 수정";
     $sql = " select * from {$g5['new_win_table']} where nw_id = '$nw_id' ";
     $nw = sql_fetch($sql);
-    if (!$nw['nw_id']) alert("등록된 자료가 없습니다.");
+    if (! (isset($nw['nw_id']) && $nw['nw_id'])) alert("등록된 자료가 없습니다.");
 }
 else
 {
@@ -162,5 +168,4 @@ function frmnewwin_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php
index 74516634c..e046fe0fa 100644
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@@ -2,31 +2,55 @@
 $sub_menu = '100310';
 include_once('./_common.php');
 
+$nw_id = isset($_POST['nw_id']) ? preg_replace('/[^0-9]/', '', $_POST['nw_id']) : 0;
+
 if ($w == "u" || $w == "d")
     check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
-
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 $nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';
+$posts = array();
 
-$sql_common = " nw_division = '{$_POST['nw_division']}',
-                nw_device = '{$_POST['nw_device']}',
-                nw_begin_time = '{$_POST['nw_begin_time']}',
-                nw_end_time = '{$_POST['nw_end_time']}',
-                nw_disable_hours = '{$_POST['nw_disable_hours']}',
-                nw_left = '{$_POST['nw_left']}',
-                nw_top = '{$_POST['nw_top']}',
-                nw_height = '{$_POST['nw_height']}',
-                nw_width = '{$_POST['nw_width']}',
+$check_keys = array(
+'nw_device'=>'str',
+'nw_begin_time'=>'str',
+'nw_end_time'=>'str',
+'nw_disable_hours'=>'int',
+'nw_left'=>'int',
+'nw_top'=>'int',
+'nw_height'=>'int',
+'nw_width'=>'int',
+'nw_content'=>'text',
+'nw_content_html'=>'text',
+);
+
+foreach($check_keys as $key=>$val){
+    if($val === 'int'){
+        $posts[$key] = isset($_POST[$key]) ? (int) $_POST[$key] : 0;
+    } else if ($val === 'str') {
+        $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : 0;
+    } else {
+        $posts[$key] = isset($_POST[$key]) ? trim($_POST[$key]) : 0;
+    }
+}
+
+$sql_common = " nw_device = '{$posts['nw_device']}',
+                nw_begin_time = '{$posts['nw_begin_time']}',
+                nw_end_time = '{$posts['nw_end_time']}',
+                nw_disable_hours = '{$posts['nw_disable_hours']}',
+                nw_left = '{$posts['nw_left']}',
+                nw_top = '{$posts['nw_top']}',
+                nw_height = '{$posts['nw_height']}',
+                nw_width = '{$posts['nw_width']}',
                 nw_subject = '{$nw_subject}',
-                nw_content = '{$_POST['nw_content']}',
-                nw_content_html = '{$_POST['nw_content_html']}' ";
+                nw_content = '{$posts['nw_content']}',
+                nw_content_html = '{$posts['nw_content_html']}' ";
 
 if($w == "")
 {
@@ -53,5 +77,4 @@ if ($w == "d")
 else
 {
     goto_url("./newwinform.php?w=u&amp;nw_id=$nw_id");
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/newwinlist.php b/adm/newwinlist.php
index 71b2fb0c2..81c25f94d 100644
--- a/adm/newwinlist.php
+++ b/adm/newwinlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '100310';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 if( !isset($g5['new_win_table']) ){
     die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'new_win_table\'] = G5_TABLE_PREFIX.\'new_win\';</strong> 를 추가해 주세요.');
@@ -115,5 +115,4 @@ $result = sql_query($sql);
 
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/phpinfo.php b/adm/phpinfo.php
index a7f01a149..6bb61c4be 100644
--- a/adm/phpinfo.php
+++ b/adm/phpinfo.php
@@ -4,7 +4,6 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
-phpinfo();
-?>
\ No newline at end of file
+phpinfo();
\ No newline at end of file
diff --git a/adm/point_list.php b/adm/point_list.php
index 7e25aec50..a8c348ad4 100644
--- a/adm/point_list.php
+++ b/adm/point_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "200200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $sql_common = " from {$g5['point_table']} ";
 
@@ -84,8 +84,8 @@ else
 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
-    <option value="po_content"<?php echo get_selected($_GET['sfl'], "po_content"); ?>>내용</option>
+    <option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
+    <option value="po_content"<?php echo get_selected($sfl, "po_content"); ?>>내용</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -190,7 +190,7 @@ else
     <input type="hidden" name="sst" value="<?php echo $sst ?>">
     <input type="hidden" name="sod" value="<?php echo $sod ?>">
     <input type="hidden" name="page" value="<?php echo $page ?>">
-    <input type="hidden" name="token" value="<?php echo $token ?>">
+    <input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
 
     <div class="tbl_frm01 tbl_wrap">
         <table>
@@ -248,5 +248,4 @@ function fpointlist_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/point_list_delete.php b/adm/point_list_delete.php
index fb064b3bf..6926ad8cd 100644
--- a/adm/point_list_delete.php
+++ b/adm/point_list_delete.php
@@ -4,11 +4,11 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 if(!$count)
     alert($_POST['act_button'].' 하실 항목을 하나 이상 체크하세요.');
 
@@ -57,5 +57,4 @@ for ($i=0; $i<$count; $i++)
     sql_query($sql);
 }
 
-goto_url('./point_list.php?'.$qstr);
-?>
\ No newline at end of file
+goto_url('./point_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/point_update.php b/adm/point_update.php
index ac1a70411..b560538dd 100644
--- a/adm/point_update.php
+++ b/adm/point_update.php
@@ -2,14 +2,14 @@
 $sub_menu = "200200";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
-$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id']));
-$po_point = strip_tags(clean_xss_attributes($_POST['po_point']));
-$po_content = strip_tags(clean_xss_attributes($_POST['po_content']));
-$expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']);
+$mb_id = isset($_POST['mb_id']) ? strip_tags(clean_xss_attributes($_POST['mb_id'])) : '';
+$po_point = isset($_POST['po_point']) ? strip_tags(clean_xss_attributes($_POST['po_point'])) : 0;
+$po_content = isset($_POST['po_content']) ? strip_tags(clean_xss_attributes($_POST['po_content'])) : '';
+$expire = isset($_POST['po_expire_term']) ? preg_replace('/[^0-9]/', '', $_POST['po_expire_term']) : '';
 
 $mb = get_member($mb_id);
 
@@ -21,5 +21,4 @@ if (($po_point < 0) && ($po_point * (-1) > $mb['mb_point']))
 
 insert_point($mb_id, $po_point, $po_content, '@passive', $mb_id, $member['mb_id'].'-'.uniqid(''), $expire);
 
-goto_url('./point_list.php?'.$qstr);
-?>
+goto_url('./point_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/poll_delete.php b/adm/poll_delete.php
index 3cae4f3cf..5827ca065 100644
--- a/adm/poll_delete.php
+++ b/adm/poll_delete.php
@@ -4,17 +4,17 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 
 if(!$count)
     alert('삭제할 투표목록을 1개이상 선택해 주세요.');
 
 for($i=0; $i<$count; $i++) {
-    $po_id = $_POST['chk'][$i];
+    $po_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
     $sql = " delete from {$g5['poll_table']} where po_id = '$po_id' ";
     sql_query($sql);
@@ -23,5 +23,4 @@ for($i=0; $i<$count; $i++) {
     sql_query($sql);
 }
 
-goto_url('./poll_list.php?'.$qstr);
-?>
\ No newline at end of file
+goto_url('./poll_list.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/poll_form.php b/adm/poll_form.php
index 3de75ddbe..f04ac7e2c 100644
--- a/adm/poll_form.php
+++ b/adm/poll_form.php
@@ -2,9 +2,15 @@
 $sub_menu = "200900";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $po_id = isset($po_id) ? (int) $po_id : 0;
+$po = array(
+'po_subject'=>'',
+'po_etc'=>'',
+'po_level'=>'',
+'po_point'=>'',
+);
 
 $html_title = '투표';
 if ($w == '')
@@ -48,7 +54,8 @@ include_once('./admin.head.php');
             $sound_only = '<strong class="sound_only">필수</strong>';
         }
 
-        $po_poll = get_text($po['po_poll'.$i]);
+        $po_poll = isset($po['po_poll'.$i]) ? get_text($po['po_poll'.$i]) : '';
+        $po_cnt = isset($po['po_cnt'.$i]) ? get_text($po['po_cnt'.$i]) : 0;
     ?>
 
     <tr>
@@ -56,7 +63,7 @@ include_once('./admin.head.php');
         <td>
             <input type="text" name="po_poll<?php echo $i ?>" value="<?php echo $po_poll ?>" id="po_poll<?php echo $i ?>" <?php echo $required ?> class="frm_input <?php echo $required ?>" maxlength="125">
             <label for="po_cnt<?php echo $i ?>">항목 <?php echo $i ?> 투표수</label>
-            <input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po['po_cnt'.$i] ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3">
+            <input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po_cnt; ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3">
        </td>
     </tr>
 
@@ -111,5 +118,4 @@ include_once('./admin.head.php');
 </form>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/poll_form_update.php b/adm/poll_form_update.php
index f5972aa8a..2c4e7c6c2 100644
--- a/adm/poll_form_update.php
+++ b/adm/poll_form_update.php
@@ -6,7 +6,7 @@ $w = $_POST['w'];
 if ($w == 'u' || $w == 'd')
     check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
@@ -99,5 +99,4 @@ sql_query(" update {$g5['config_table']} set cf_max_po_id = '{$row['max_po_id']}
 if ($w == 'd')
     goto_url('./poll_list.php?'.$qstr);
 else
-    goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr);
-?>
+    goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr);
\ No newline at end of file
diff --git a/adm/poll_list.php b/adm/poll_list.php
index 9b2123d8e..8b719c314 100644
--- a/adm/poll_list.php
+++ b/adm/poll_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "200900";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $sql_common = " from {$g5['poll_table']} ";
 
@@ -59,7 +59,7 @@ $colspan = 7;
 <div class="sch_last">
     <label for="sfl" class="sound_only">검색대상</label>
     <select name="sfl" id="sfl">
-        <option value="po_subject"<?php echo get_selected($_GET['sfl'], "po_subject"); ?>>제목</option>
+        <option value="po_subject"<?php echo get_selected($sfl, "po_subject"); ?>>제목</option>
     </select>
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
     <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -154,5 +154,4 @@ $(function() {
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/popular_list.php b/adm/popular_list.php
index 80f200be2..d55c975d7 100644
--- a/adm/popular_list.php
+++ b/adm/popular_list.php
@@ -2,7 +2,7 @@
 $sub_menu = "300300";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 // 체크된 자료 삭제
 if (isset($_POST['chk']) && is_array($_POST['chk'])) {
@@ -79,8 +79,8 @@ var list_delete_php = 'popular_list.php';
 <div class="sch_last">
     <label for="sfl" class="sound_only">검색대상</label>
     <select name="sfl" id="sfl">
-        <option value="pp_word"<?php echo get_selected($_GET['sfl'], "pp_word"); ?>>검색어</option>
-        <option value="pp_date"<?php echo get_selected($_GET['sfl'], "pp_date"); ?>>등록일</option>
+        <option value="pp_word"<?php echo get_selected($sfl, "pp_word"); ?>>검색어</option>
+        <option value="pp_date"<?php echo get_selected($sfl, "pp_date"); ?>>등록일</option>
     </select>
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
     <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -94,7 +94,7 @@ var list_delete_php = 'popular_list.php';
 <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
 <input type="hidden" name="stx" value="<?php echo $stx ?>">
 <input type="hidden" name="page" value="<?php echo $page ?>">
-<input type="hidden" name="token" value="<?php echo $token ?>">
+<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
 
 <div class="tbl_head01 tbl_wrap">
     <table>
@@ -167,5 +167,4 @@ $(function() {
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/popular_rank.php b/adm/popular_rank.php
index b39127a59..53552d627 100644
--- a/adm/popular_rank.php
+++ b/adm/popular_rank.php
@@ -2,7 +2,10 @@
 $sub_menu = "300400";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? $_REQUEST['fr_date'] : '';
+$to_date = isset($_REQUEST['to_date']) ? $_REQUEST['to_date'] : '';
 
 if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD;
 if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD;
@@ -64,7 +67,7 @@ $(function(){
 <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
 <input type="hidden" name="stx" value="<?php echo $stx ?>">
 <input type="hidden" name="page" value="<?php echo $page ?>">
-<input type="hidden" name="token" value="<?php echo $token ?>">
+<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
 
 <div class="tbl_head01 tbl_wrap">
     <table>
@@ -105,8 +108,5 @@ $(function(){
 
 <?php
 echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
-?>
 
-<?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/qa_config.php b/adm/qa_config.php
index c06a0a059..13664223b 100644
--- a/adm/qa_config.php
+++ b/adm/qa_config.php
@@ -3,7 +3,7 @@ $sub_menu = "300500";
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = '1:1문의 설정';
 include_once ('./admin.head.php');
@@ -396,5 +396,4 @@ function fqaconfigform_submit(f)
 </script>
 
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/qa_config_update.php b/adm/qa_config_update.php
index 829c78adb..9f5869073 100644
--- a/adm/qa_config_update.php
+++ b/adm/qa_config_update.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 check_admin_token();
 
@@ -107,5 +107,4 @@ if($error_msg){
     alert($error_msg, './qa_config.php');
 } else {
     goto_url('./qa_config.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/safe_check.php b/adm/safe_check.php
index 71f28f5c5..0143ddf55 100644
--- a/adm/safe_check.php
+++ b/adm/safe_check.php
@@ -13,5 +13,4 @@ function social_log_file_delete($second=0){
             unlink($social_log_file);
         }
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/sendmail_test.php b/adm/sendmail_test.php
index c0a88e600..bb7801d11 100644
--- a/adm/sendmail_test.php
+++ b/adm/sendmail_test.php
@@ -2,7 +2,7 @@
 $sub_menu = '100300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 if (!$config['cf_email_use'])
     alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
@@ -72,5 +72,4 @@ if (isset($_POST['email'])) {
 </section>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/service.php b/adm/service.php
index c47d371b1..0317c67da 100644
--- a/adm/service.php
+++ b/adm/service.php
@@ -2,7 +2,7 @@
 $sub_menu = '100400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = '부가서비스';
 include_once('./admin.head.php');
@@ -56,5 +56,4 @@ include_once('./admin.head.php');
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/session_file_delete.php b/adm/session_file_delete.php
index 0b88f8dc2..bfbbb08f3 100644
--- a/adm/session_file_delete.php
+++ b/adm/session_file_delete.php
@@ -57,5 +57,4 @@ include_once("./admin.head.php");
 ?>
 
 <?php
-include_once("./admin.tail.php");
-?>
+include_once("./admin.tail.php");
\ No newline at end of file
diff --git a/adm/shop_admin/_common.php b/adm/shop_admin/_common.php
index 35d85db39..cd6d90222 100644
--- a/adm/shop_admin/_common.php
+++ b/adm/shop_admin/_common.php
@@ -9,5 +9,4 @@ if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
 include_once('./admin.shop.lib.php');
 
-check_order_inicis_tmps();
-?>
+check_order_inicis_tmps();
\ No newline at end of file
diff --git a/adm/shop_admin/admin.shop.lib.php b/adm/shop_admin/admin.shop.lib.php
index 7130530aa..02225e029 100644
--- a/adm/shop_admin/admin.shop.lib.php
+++ b/adm/shop_admin/admin.shop.lib.php
@@ -218,5 +218,4 @@ function check_order_inicis_tmps(){
 
         set_cookie('admin_visit_time', G5_SERVER_TIME, 3600);   //1시간 간격으로 체크
     }
-}   //end function check_order_inicis_tmps
-?>
\ No newline at end of file
+}   //end function check_order_inicis_tmps;
\ No newline at end of file
diff --git a/adm/shop_admin/ajax.ca_id.php b/adm/shop_admin/ajax.ca_id.php
index 3a392a011..972eafed4 100644
--- a/adm/shop_admin/ajax.ca_id.php
+++ b/adm/shop_admin/ajax.ca_id.php
@@ -1,17 +1,16 @@
 <?php
 include_once('./_common.php');
 
-$ca_id = trim($_POST['ca_id']);
+$ca_id = isset($_POST['ca_id']) ? trim($_POST['ca_id']) : '';
 if (preg_match("/[^0-9a-z]/i", $ca_id)) {
     die("{\"error\":\"분류코드는 영문자 숫자 만 입력 가능합니다.\"}");
 }
 
 $sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '{$ca_id}' ";
 $row = sql_fetch($sql);
-if ($row['ca_name']) {
+if (isset($row['ca_name']) && $row['ca_name']) {
     $ca_name = addslashes($row['ca_name']);
     die("{\"error\":\"이미 등록된 분류코드 입니다.\\n\\n분류명 : {$ca_name}\"}");
 }
 
-die("{\"error\":\"\"}"); // 정상
-?>
\ No newline at end of file
+die("{\"error\":\"\"}"); // 정상;
\ No newline at end of file
diff --git a/adm/shop_admin/ajax.it_id.php b/adm/shop_admin/ajax.it_id.php
index 3e61847f7..eeaa30e13 100644
--- a/adm/shop_admin/ajax.it_id.php
+++ b/adm/shop_admin/ajax.it_id.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-$it_id = trim($_POST['it_id']);
+$it_id = isset($_POST['it_id']) ? trim($_POST['it_id']) : '';
 if (preg_match("/[^\w\-]/", $it_id)) { // \w : 0-9 A-Z a-z _
     die("{\"error\":\"상품코드는 영문자 숫자 _ - 만 입력 가능합니다.\"}");
 }
@@ -12,5 +12,4 @@ if ($row['it_name']) {
     die("{\"error\":\"이미 등록된 상품코드 입니다.\\n\\n상품명 : {$it_name}\"}");
 }
 
-die("{\"error\":\"\"}"); // 정상
-?>
\ No newline at end of file
+die("{\"error\":\"\"}"); // 정상;
\ No newline at end of file
diff --git a/adm/shop_admin/ajax.orderitem.php b/adm/shop_admin/ajax.orderitem.php
index 0070f699a..2cf8d85f6 100644
--- a/adm/shop_admin/ajax.orderitem.php
+++ b/adm/shop_admin/ajax.orderitem.php
@@ -2,9 +2,9 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$od_id = $_POST['od_id'];
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : 0;
 
 $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
 $od = sql_fetch($sql);
diff --git a/adm/shop_admin/ajax.skinfile.php b/adm/shop_admin/ajax.skinfile.php
index f83b1b9e7..608c1d6f8 100644
--- a/adm/shop_admin/ajax.skinfile.php
+++ b/adm/shop_admin/ajax.skinfile.php
@@ -1,7 +1,9 @@
 <?php
 include_once('./_common.php');
 
-if($type == 'mobile') {
+$type = isset($_REQUEST['type']) ? clean_xss_tags($_REQUEST['type'], 1, 1) : '';
+
+if($type === 'mobile') {
     if(preg_match('#^theme/(.+)$#', $dir, $match))
         $skin_dir = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/shop/'.$match[1];
     else
@@ -13,5 +15,4 @@ if($type == 'mobile') {
         $skin_dir = G5_PATH.'/'.G5_SKIN_DIR.'/shop/'.$dir;
 }
 
-echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval);
-?>
\ No newline at end of file
+echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval);
\ No newline at end of file
diff --git a/adm/shop_admin/bannerform.php b/adm/shop_admin/bannerform.php
index 2cda1c67a..cd7464f3e 100644
--- a/adm/shop_admin/bannerform.php
+++ b/adm/shop_admin/bannerform.php
@@ -2,9 +2,18 @@
 $sub_menu = '500500';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$bn_id = preg_replace('/[^0-9]/', '', $bn_id);
+$bn_id = isset($_REQUEST['bn_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['bn_id']) : 0;
+$bn = array(
+'bn_id'=>0,
+'bn_alt'=>'',
+'bn_device'=>'',
+'bn_position'=>'',
+'bn_border'=>'',
+'bn_new_win'=>'',
+'bn_order'=>''
+);
 
 $html_title = '배너';
 $g5['title'] = $html_title.'관리';
@@ -162,5 +171,4 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
 </form>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/bannerformupdate.php b/adm/shop_admin/bannerformupdate.php
index 0a2267a89..1b8d30cb2 100644
--- a/adm/shop_admin/bannerformupdate.php
+++ b/adm/shop_admin/bannerformupdate.php
@@ -4,20 +4,31 @@ include_once('./_common.php');
 
 check_demo();
 
-if ($W == 'd')
-    auth_check($auth[$sub_menu], "d");
+$w = isset($_POST['w']) ? $_POST['w'] : '';
+
+if ($w == 'd')
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 @mkdir(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
 @chmod(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
 
-$bn_bimg      = $_FILES['bn_bimg']['tmp_name'];
-$bn_bimg_name = $_FILES['bn_bimg']['name'];
-
-$bn_id = (int) $bn_id;
+$bn_bimg      = isset($_FILES['bn_bimg']['tmp_name']) ? $_FILES['bn_bimg']['tmp_name'] : '';
+$bn_bimg_name = isset($_FILES['bn_bimg']['name']) ? $_FILES['bn_bimg']['name'] : '';
+$bn_id = isset($_POST['bn_id']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
+$bn_bimg_del = (isset($_POST['bn_bimg_del']) && $_POST['bn_bimg_del']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
+$bn_url = isset($_POST['bn_url']) ? strip_tags(clean_xss_attributes($bn_url)) : '';
+$bn_alt = isset($_POST['bn_alt']) ? strip_tags(clean_xss_attributes($bn_alt)) : '';
+$bn_device = isset($_POST['bn_device']) ? clean_xss_tags($_POST['bn_device'], 1, 1) : '';
+$bn_position = isset($_POST['bn_position']) ? clean_xss_tags($_POST['bn_position'], 1, 1) : '';
+$bn_border = isset($_POST['bn_border']) ? (int) $_POST['bn_border'] : 0;
+$bn_new_win = isset($_POST['bn_new_win']) ? (int) $_POST['bn_new_win'] : 0;
+$bn_begin_time = isset($_POST['bn_begin_time']) ? clean_xss_tags($_POST['bn_begin_time'], 1, 1) : '';
+$bn_end_time = isset($_POST['bn_end_time']) ? clean_xss_tags($_POST['bn_end_time'], 1, 1) : '';
+$bn_order = isset($_POST['bn_order']) ? (int) $_POST['bn_order'] : 0;
 
 if ($bn_bimg_del)  @unlink(G5_DATA_PATH."/banner/$bn_id");
 
@@ -34,9 +45,6 @@ if( $bn_bimg || $bn_bimg_name ){
     }
 }
 
-$bn_url = strip_tags(clean_xss_attributes($bn_url));
-$bn_alt = strip_tags(clean_xss_attributes($bn_alt));
-
 if ($w=="")
 {
     if (!$bn_bimg_name) alert('배너 이미지를 업로드 하세요.');
@@ -91,5 +99,4 @@ if ($w == "" || $w == "u")
     goto_url("./bannerform.php?w=u&amp;bn_id=$bn_id");
 } else {
     goto_url("./bannerlist.php");
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/bannerlist.php b/adm/shop_admin/bannerlist.php
index 19891e8bc..d7868aebb 100644
--- a/adm/shop_admin/bannerlist.php
+++ b/adm/shop_admin/bannerlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '500500';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $bn_position = (isset($_GET['bn_position']) && in_array($_GET['bn_position'], array('메인', '왼쪽'))) ? $_GET['bn_position'] : '';
 $bn_device = (isset($_GET['bn_device']) && in_array($_GET['bn_device'], array('pc', 'mobile'))) ? $_GET['bn_device'] : 'both';
@@ -184,5 +184,4 @@ jQuery(function($) {
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/categoryform.php b/adm/shop_admin/categoryform.php
index 8664d7bfc..8a133d515 100644
--- a/adm/shop_admin/categoryform.php
+++ b/adm/shop_admin/categoryform.php
@@ -3,9 +3,32 @@ $sub_menu = '400200';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : '';
+$ca_id = isset($_GET['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['ca_id']) : '';
+$ca = array(
+'ca_skin_dir'=>'',
+'ca_mobile_skin_dir'=>'',
+'ca_name'=>'',
+'ca_order'=>'',
+'ca_mb_id'=>'',
+'ca_skin_dir'=>'',
+'ca_cert_use'=>0,
+'ca_adult_use'=>0,
+'ca_sell_email'=>'',
+'ca_nocoupon'=>0,
+'ca_include_head'=>'',
+'ca_include_tail'=>'',
+'ca_head_html'=>'',
+'ca_tail_html'=>'',
+'ca_mobile_head_html'=>'',
+'ca_mobile_tail_html'=>'',
+);
+
+for($i=0;$i<=10;$i++){
+    $ca['ca_'.$i.'_subj'] = '';
+    $ca['ca_'.$i] = '';
+}
 
 $sql_common = " from {$g5['g5_shop_category_table']} ";
 if ($is_admin != 'super')
@@ -69,7 +92,7 @@ else if ($w == "u")
 {
     $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
     $ca = sql_fetch($sql);
-    if (!$ca['ca_id'])
+    if (! (isset($ca['ca_id']) && $ca['ca_id']))
         alert("자료가 없습니다.");
 
     $html_title = $ca['ca_name'] . " 수정";
@@ -616,5 +639,4 @@ jQuery(function($){
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/categoryformupdate.php b/adm/shop_admin/categoryformupdate.php
index d05204169..f78169bd6 100644
--- a/adm/shop_admin/categoryformupdate.php
+++ b/adm/shop_admin/categoryformupdate.php
@@ -2,7 +2,17 @@
 $sub_menu = '400200';
 include_once('./_common.php');
 
-if ($file = $_POST['ca_include_head']) {
+auth_check_menu($auth, $sub_menu, "w");
+
+$ca_include_head = isset($_POST['ca_include_head']) ? trim($_POST['ca_include_head']) : '';
+$ca_include_tail = isset($_POST['ca_include_tail']) ? trim($_POST['ca_include_tail']) : '';
+$ca_id = isset($_REQUEST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_REQUEST['ca_id']) : '';
+
+if( ! $ca_id ){
+    alert('', G5_SHOP_URL);
+}
+
+if ($file = $ca_include_head) {
     $file_ext = pathinfo($file, PATHINFO_EXTENSION);
 
     if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
@@ -10,7 +20,7 @@ if ($file = $_POST['ca_include_head']) {
     }
 }
 
-if ($file = $_POST['ca_include_tail']) {
+if ($file = $ca_include_tail) {
     $file_ext = pathinfo($file, PATHINFO_EXTENSION);
 
     if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
@@ -18,12 +28,11 @@ if ($file = $_POST['ca_include_tail']) {
     }
 }
 
-if( isset($_POST['ca_id']) ){
-    $ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
+if( $ca_id ){
     $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
     $ca = sql_fetch($sql);
 
-    if (($ca['ca_include_head'] !== $_POST['ca_include_head'] || $ca['ca_include_tail'] !== $_POST['ca_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
+    if ($ca && ($ca['ca_include_head'] !== $ca_include_head || $ca['ca_include_tail'] !== $ca_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
         include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 
         if (!chk_captcha()) {
@@ -32,11 +41,55 @@ if( isset($_POST['ca_id']) ){
     }
 }
 
-if(!is_include_path_check($_POST['ca_include_head'], 1)) {
+$check_str_keys = array(
+'ca_order'=>'int',
+'ca_img_width'=>'int',
+'ca_img_height'=>'int',
+'ca_name'=>'str',
+'ca_mb_id'=>'str',
+'ca_nocoupon'=>'str',
+'ca_mobile_skin_dir'=>'str',
+'ca_skin'=>'str',
+'ca_mobile_skin'=>'str',
+'ca_list_mod'=>'int',
+'ca_list_row'=>'int',
+'ca_mobile_img_width'=>'int',
+'ca_mobile_img_height'=>'int',
+'ca_mobile_list_mod'=>'int',
+'ca_mobile_list_row'=>'int',
+'ca_sell_email'=>'str',
+'ca_use'=>'int',
+'ca_stock_qty'=>'int',
+'ca_explan_html'=>'int',
+'ca_cert_use'=>'int',
+'ca_adult_use'=>'int',
+'ca_skin_dir'=>'str'
+);
+
+for($i=0;$i<=10;$i++){
+    $check_str_keys['ca_'.$i.'_subj'] = 'str';
+    $check_str_keys['ca_'.$i] = 'str';
+}
+
+foreach( $check_str_keys as $key=>$val ){
+    if( $val === 'int' ){
+        $value = isset($_POST[$key]) ? (int) $_POST[$key] : 0;
+    } else {
+        $value = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+    }
+    $$key = $_POST[$key] = $value;
+}
+
+$ca_head_html = isset($_POST['ca_head_html']) ? $_POST['ca_head_html'] : '';
+$ca_tail_html = isset($_POST['ca_tail_html']) ? $_POST['ca_tail_html'] : '';
+$ca_mobile_head_html = isset($_POST['ca_mobile_head_html']) ? $_POST['ca_mobile_head_html'] : '';
+$ca_mobile_tail_html = isset($_POST['ca_mobile_tail_html']) ? $_POST['ca_mobile_tail_html'] : '';
+
+if(!is_include_path_check($ca_include_head, 1)) {
     alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
 }
 
-if(!is_include_path_check($_POST['ca_include_tail'], 1)) {
+if(!is_include_path_check($ca_include_tail, 1)) {
     alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
 }
 
@@ -48,14 +101,6 @@ foreach( $check_keys as $key ){
     }
 }
 
-$check_str_keys = array('ca_name', 'ca_mb_id', 'ca_sell_email');
-foreach( $check_str_keys as $key ){
-    $$key = $_POST[$key] = strip_tags(clean_xss_attributes($_POST[$key]));
-}
-
-$ca_include_head = $_POST['ca_include_head'];
-$ca_include_tail = $_POST['ca_include_tail'];
-
 if( function_exists('filter_input_include_path') ){
     $ca_include_head = filter_input_include_path($ca_include_head);
     $ca_include_tail = filter_input_include_path($ca_include_tail);
@@ -64,7 +109,7 @@ if( function_exists('filter_input_include_path') ){
 if ($w == "u" || $w == "d")
     check_demo();
 
-auth_check($auth[$sub_menu], "d");
+auth_check_menu($auth, $sub_menu, "d");
 
 check_admin_token();
 
@@ -158,7 +203,7 @@ else if ($w == "u")
     sql_query($sql);
 
     // 하위분류를 똑같은 설정으로 반영
-    if ($sub_category) {
+    if (isset($_POST['sub_category']) && $_POST['sub_category']) {
         $len = strlen($ca_id);
         $sql = " update {$g5['g5_shop_category_table']}
                     set $sql_common
@@ -208,5 +253,4 @@ if ($w == "" || $w == "u")
     goto_url("./categoryform.php?w=u&amp;ca_id=$ca_id&amp;$qstr");
 } else {
     goto_url("./categorylist.php?$qstr");
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/categorylist.php b/adm/shop_admin/categorylist.php
index 0189e00fb..0ab194a90 100644
--- a/adm/shop_admin/categorylist.php
+++ b/adm/shop_admin/categorylist.php
@@ -2,13 +2,16 @@
 $sub_menu = '400200';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '분류관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 
 $where = " where ";
 $sql_search = "";
+
+$sfl = in_array($sfl, array('ca_name', 'ca_id', 'ca_mb_id')) ? $sfl : '';
+
 if ($stx != "") {
     if ($sfl != "") {
         $sql_search .= " $where $sfl like '%$stx%' ";
@@ -62,9 +65,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
 
 <label for="sfl" class="sound_only">검색대상</label>
 <select name="sfl" id="sfl">
-    <option value="ca_name"<?php echo get_selected($_GET['sfl'], "ca_name", true); ?>>분류명</option>
-    <option value="ca_id"<?php echo get_selected($_GET['sfl'], "ca_id", true); ?>>분류코드</option>
-    <option value="ca_mb_id"<?php echo get_selected($_GET['sfl'], "ca_mb_id", true); ?>>회원아이디</option>
+    <option value="ca_name"<?php echo get_selected($sfl, "ca_name", true); ?>>분류명</option>
+    <option value="ca_id"<?php echo get_selected($sfl, "ca_id", true); ?>>분류코드</option>
+    <option value="ca_mb_id"<?php echo get_selected($sfl, "ca_mb_id", true); ?>>회원아이디</option>
 </select>
 
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
@@ -107,6 +110,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
     </thead>
     <tbody>
     <?php
+    $s_add = $s_vie = $s_upd = $s_del = '';
     for ($i=0; $row=sql_fetch_array($result); $i++)
     {
         $level = strlen($row['ca_id']) / 2 - 1;
@@ -283,5 +287,4 @@ $(function() {
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/categorylistupdate.php b/adm/shop_admin/categorylistupdate.php
index 66d4fea07..dbf5571b5 100644
--- a/adm/shop_admin/categorylistupdate.php
+++ b/adm/shop_admin/categorylistupdate.php
@@ -4,11 +4,13 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
-for ($i=0; $i<count($_POST['ca_id']); $i++)
+$post_ca_id_count = (isset($_POST['ca_id']) && is_array($_POST['ca_id'])) ? count($_POST['ca_id']) : 0;
+
+for ($i=0; $i<$post_ca_id_count; $i++)
 {
     $str_ca_mb_id = isset($_POST['ca_mb_id'][$i]) ? strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])) : '';
 
@@ -61,28 +63,35 @@ for ($i=0; $i<count($_POST['ca_id']); $i++)
     }
     
     $p_ca_name = is_array($_POST['ca_name']) ? strip_tags(clean_xss_attributes($_POST['ca_name'][$i])) : '';
+    
+    $posts = array();
 
+    $check_keys = array('ca_mb_id', 'ca_id', 'ca_use', 'ca_list_mod', 'ca_cert_use', 'ca_adult_use', 'ca_skin', 'ca_mobile_skin', 'ca_skin_dir', 'ca_mobile_skin_dir', 'ca_img_width', 'ca_img_height', 'ca_list_row', 'ca_mobile_list_mod', 'ca_mobile_list_row');
+
+    foreach($check_keys as $key){
+        $posts[$key] = (isset($_POST[$key]) && isset($_POST[$key][$i])) ? $_POST[$key][$i] : '';
+    }
+    
     $sql = " update {$g5['g5_shop_category_table']}
                 set ca_name             = '".$p_ca_name."',
-                    ca_mb_id            = '".sql_real_escape_string(strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])))."',
-                    ca_use              = '".sql_real_escape_string(strip_tags($_POST['ca_use'][$i]))."',
-                    ca_list_mod         = '".sql_real_escape_string(strip_tags($_POST['ca_list_mod'][$i]))."',
-                    ca_cert_use         = '".sql_real_escape_string(strip_tags($_POST['ca_cert_use'][$i]))."',
-                    ca_adult_use        = '".sql_real_escape_string(strip_tags($_POST['ca_adult_use'][$i]))."',
-                    ca_skin             = '".sql_real_escape_string(strip_tags($_POST['ca_skin'][$i]))."',
-                    ca_mobile_skin      = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_skin'][$i]))."',
-                    ca_skin_dir         = '".sql_real_escape_string(strip_tags($_POST['ca_skin_dir'][$i]))."',
-                    ca_mobile_skin_dir  = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_skin_dir'][$i]))."',
-                    ca_img_width        = '".sql_real_escape_string(strip_tags($_POST['ca_img_width'][$i]))."',
-                    ca_img_height       = '".sql_real_escape_string(strip_tags($_POST['ca_img_height'][$i]))."',
-                    ca_list_row         = '".sql_real_escape_string(strip_tags($_POST['ca_list_row'][$i]))."',
-                    ca_mobile_list_mod  = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_list_mod'][$i]))."',
-                    ca_mobile_list_row  = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_list_row'][$i]))."'
-              where ca_id = '".sql_real_escape_string($_POST['ca_id'][$i])."' ";
+                    ca_mb_id            = '".sql_real_escape_string(strip_tags(clean_xss_attributes($posts['ca_mb_id'])))."',
+                    ca_use              = '".sql_real_escape_string(strip_tags($posts['ca_use']))."',
+                    ca_list_mod         = '".sql_real_escape_string(strip_tags($posts['ca_list_mod']))."',
+                    ca_cert_use         = '".sql_real_escape_string(strip_tags($posts['ca_cert_use']))."',
+                    ca_adult_use        = '".sql_real_escape_string(strip_tags($posts['ca_adult_use']))."',
+                    ca_skin             = '".sql_real_escape_string(strip_tags($posts['ca_skin']))."',
+                    ca_mobile_skin      = '".sql_real_escape_string(strip_tags($posts['ca_mobile_skin']))."',
+                    ca_skin_dir         = '".sql_real_escape_string(strip_tags($posts['ca_skin_dir']))."',
+                    ca_mobile_skin_dir  = '".sql_real_escape_string(strip_tags($posts['ca_mobile_skin_dir']))."',
+                    ca_img_width        = '".sql_real_escape_string(strip_tags($posts['ca_img_width']))."',
+                    ca_img_height       = '".sql_real_escape_string(strip_tags($posts['ca_img_height']))."',
+                    ca_list_row         = '".sql_real_escape_string(strip_tags($posts['ca_list_row']))."',
+                    ca_mobile_list_mod  = '".sql_real_escape_string(strip_tags($posts['ca_mobile_list_mod']))."',
+                    ca_mobile_list_row  = '".sql_real_escape_string(strip_tags($posts['ca_mobile_list_row']))."'
+              where ca_id = '".sql_real_escape_string($posts['ca_id'])."' ";
 
     sql_query($sql);
 
 }
 
-goto_url("./categorylist.php?$qstr");
-?>
+goto_url("./categorylist.php?$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/codedupcheck.php b/adm/shop_admin/codedupcheck.php
index 3f92561ac..0186ef8b8 100644
--- a/adm/shop_admin/codedupcheck.php
+++ b/adm/shop_admin/codedupcheck.php
@@ -17,5 +17,4 @@ else if ($ca_id)
     $name = $row['ca_name'];
 }
 
-echo '{ "code": "' . $code . '", "name": "' . $name . '" }';
-?>
\ No newline at end of file
+echo '{ "code": "' . $code . '", "name": "' . $name . '" }';
\ No newline at end of file
diff --git a/adm/shop_admin/configform.php b/adm/shop_admin/configform.php
index c1aa55ee2..5c20dfc22 100644
--- a/adm/shop_admin/configform.php
+++ b/adm/shop_admin/configform.php
@@ -3,11 +3,12 @@ $sub_menu = '400100';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 if (!$config['cf_icode_server_ip'])   $config['cf_icode_server_ip'] = '211.172.232.124';
 if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295';
 
+$userinfo = array('payment'=>'');
 if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
     $userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
 }
@@ -1943,6 +1944,14 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
     if($default['de_pg_service'] == 'lg') {
         $log_path = G5_LGXPAY_PATH.'/lgdacom/log';
 
+        try {
+            if( ! is_dir($log_path) && is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){
+                @mkdir($log_path, G5_DIR_PERMISSION);
+                @chmod($log_path, G5_DIR_PERMISSION);
+            }
+        } catch(Exception $e) {
+        }
+
         if(!is_dir($log_path)) {
 
             if( is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){
@@ -1990,6 +1999,14 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
         }
 
         $log_path = G5_SHOP_PATH.'/inicis/log';
+        
+        try {
+            if( ! is_dir($log_path) && is_writable(G5_SHOP_PATH.'/inicis/') ){
+                @mkdir($log_path, G5_DIR_PERMISSION);
+                @chmod($log_path, G5_DIR_PERMISSION);
+            }
+        } catch(Exception $e) {
+        }
 
         if(!is_dir($log_path)) {
             echo '<script>'.PHP_EOL;
@@ -2030,5 +2047,4 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
     }
 }
 
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/configformupdate.php b/adm/shop_admin/configformupdate.php
index e271a247d..b5e1a3567 100644
--- a/adm/shop_admin/configformupdate.php
+++ b/adm/shop_admin/configformupdate.php
@@ -4,36 +4,30 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 // 대표전화번호 유효성 체크
-if(!check_vaild_callback($_POST['de_admin_company_tel']))
+if(! (isset($_POST['de_admin_company_tel']) && check_vaild_callback($_POST['de_admin_company_tel'])) )
     alert('대표전화번호를 올바르게 입력해 주세요.');
 
 // 로그인을 바로 이 주소로 하는 경우 쇼핑몰설정값이 사라지는 현상을 방지
 if (!$_POST['de_admin_company_owner']) goto_url("./configform.php");
 
-if ($_POST['logo_img_del'])  @unlink(G5_DATA_PATH."/common/logo_img");
-if ($_POST['logo_img_del2'])  @unlink(G5_DATA_PATH."/common/logo_img2");
-if ($_POST['mobile_logo_img_del'])  @unlink(G5_DATA_PATH."/common/mobile_logo_img");
-if ($_POST['mobile_logo_img_del2'])  @unlink(G5_DATA_PATH."/common/mobile_logo_img2");
+if (! empty($_POST['logo_img_del']))  @unlink(G5_DATA_PATH."/common/logo_img");
+if (! empty($_POST['logo_img_del2']))  @unlink(G5_DATA_PATH."/common/logo_img2");
+if (! empty($_POST['mobile_logo_img_del']))  @unlink(G5_DATA_PATH."/common/mobile_logo_img");
+if (! empty($_POST['mobile_logo_img_del2']))  @unlink(G5_DATA_PATH."/common/mobile_logo_img2");
 
 if ($_FILES['logo_img']['name']) upload_file($_FILES['logo_img']['tmp_name'], "logo_img", G5_DATA_PATH."/common");
 if ($_FILES['logo_img2']['name']) upload_file($_FILES['logo_img2']['tmp_name'], "logo_img2", G5_DATA_PATH."/common");
 if ($_FILES['mobile_logo_img']['name']) upload_file($_FILES['mobile_logo_img']['tmp_name'], "mobile_logo_img", G5_DATA_PATH."/common");
 if ($_FILES['mobile_logo_img2']['name']) upload_file($_FILES['mobile_logo_img2']['tmp_name'], "mobile_logo_img2", G5_DATA_PATH."/common");
 
-$de_kcp_mid = substr($_POST['de_kcp_mid'],0,3);
+$de_kcp_mid = isset($_POST['de_kcp_mid']) ? substr($_POST['de_kcp_mid'], 0, 3) : '';
 $cf_icode_server_port = isset($cf_icode_server_port) ? preg_replace('/[^0-9]/', '', $cf_icode_server_port) : '7295';
 
-// kcp 전자결제를 사용할 때 site key 입력체크
-if($_POST['de_pg_service'] == 'kcp' && !$_POST['de_card_test'] && ($_POST['de_iche_use'] || $_POST['de_vbank_use'] || $_POST['de_hp_use'] || $_POST['de_card_use'])) {
-    if(trim($_POST['de_kcp_site_key']) == '')
-        alert('NHN KCP SITE KEY를 입력해 주십시오.');
-}
-
 $de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_skin']) : 'basic';
 $de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_mobile_skin']) : 'basic';
 
@@ -244,11 +238,17 @@ $check_sanitize_keys = array(
 );
 
 foreach( $check_sanitize_keys as $key ){
-    $$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
+    $$key = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
 }
 
 $warning_msg = '';
 
+// kcp 전자결제를 사용할 때 site key 입력체크
+if($de_pg_service == 'kcp' && ! $de_card_test && ($de_iche_use || $de_vbank_use || $de_hp_use || $de_card_use)) {
+    if(! trim($de_kcp_site_key))
+        alert('NHN KCP SITE KEY를 입력해 주십시오.');
+}
+
 if( $de_kakaopay_enckey && ($de_pg_service === 'inicis' || $de_inicis_lpay_use || $de_inicis_kakaopay_use) ){
     
     $warning_msg = 'KG 이니시스 결제 또는 L.pay 또는 KG이니시스 카카오페이를 사용시 결제모듈 중복문제로 카카오페이를 활성화 할수 없습니다. \\n\\n카카오페이 사용을 비활성화 합니다.';
@@ -459,5 +459,4 @@ if( $warning_msg ){
     alert($warning_msg, "./configform.php");
 } else {
     goto_url("./configform.php");
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/shop_admin/couponform.php b/adm/shop_admin/couponform.php
index eee8f45f7..be26be6f3 100644
--- a/adm/shop_admin/couponform.php
+++ b/adm/shop_admin/couponform.php
@@ -2,7 +2,20 @@
 $sub_menu = '400800';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$cp_id = isset($_REQUEST['cp_id']) ? clean_xss_tags($_REQUEST['cp_id'], 1, 1) : '';
+$cp = array(
+'cp_method'=>'',
+'cp_subject'=>'',
+'cp_target'=>'',
+'mb_id'=>'',
+'cp_type'=>'',
+'cp_price'=>'',
+'cp_trunc'=>'',
+'cp_minimum'=>'',
+'cp_maximum'=>'',
+);
 
 $g5['title'] = '쿠폰관리';
 
@@ -279,5 +292,4 @@ function form_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponformupdate.php b/adm/shop_admin/couponformupdate.php
index 16045a893..4397010fc 100644
--- a/adm/shop_admin/couponformupdate.php
+++ b/adm/shop_admin/couponformupdate.php
@@ -2,7 +2,7 @@
 $sub_menu = '400800';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
@@ -21,6 +21,7 @@ $check_sanitize_keys = array(
 'cp_trunc',         // 절사금액
 'cp_minimum',       // 최소주문금액
 'cp_maximum',       // 최대할인금액
+'chk_all_mb'        // 전체회원 체크
 );
 
 foreach( $check_sanitize_keys as $key ){
@@ -263,5 +264,4 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) {
     }
 }
 
-goto_url('./couponlist.php');
-?>
\ No newline at end of file
+goto_url('./couponlist.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponlist.php b/adm/shop_admin/couponlist.php
index 858d65b4e..e50153ef6 100644
--- a/adm/shop_admin/couponlist.php
+++ b/adm/shop_admin/couponlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400800';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql_common = " from {$g5['g5_shop_coupon_table']} ";
 
@@ -56,9 +56,9 @@ $colspan = 9;
 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
 
 <select name="sfl" title="검색대상">
-    <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
-    <option value="cp_subject"<?php echo get_selected($_GET['sfl'], "cp_subject"); ?>>쿠폰이름</option>
-    <option value="cp_id"<?php echo get_selected($_GET['sfl'], "cp_id"); ?>>쿠폰코드</option>
+    <option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
+    <option value="cp_subject"<?php echo get_selected($sfl, "cp_subject"); ?>>쿠폰이름</option>
+    <option value="cp_id"<?php echo get_selected($sfl, "cp_id"); ?>>쿠폰코드</option>
 </select>
 <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -184,5 +184,4 @@ function fcouponlist_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponlist_delete.php b/adm/shop_admin/couponlist_delete.php
index de03e7591..9ca2ec7d9 100644
--- a/adm/shop_admin/couponlist_delete.php
+++ b/adm/shop_admin/couponlist_delete.php
@@ -4,22 +4,21 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 if(!$count)
     alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
 for ($i=0; $i<$count; $i++)
 {
     // 실제 번호를 넘김
-    $k = $_POST['chk'][$i];
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
     $sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['cp_id'][$k])."' ";
     sql_query($sql);
 }
 
-goto_url('./couponlist.php?'.$qstr);
-?>
+goto_url('./couponlist.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/shop_admin/couponmember.php b/adm/shop_admin/couponmember.php
index 0f22d5a80..7404dde38 100644
--- a/adm/shop_admin/couponmember.php
+++ b/adm/shop_admin/couponmember.php
@@ -2,7 +2,9 @@
 $sub_menu = '400800';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$mb_name = isset($_REQUEST['mb_name']) ? clean_xss_tags($_REQUEST['mb_name'], 1, 1) : '';
 
 $html_title = '회원검색';
 
@@ -94,5 +96,4 @@ function sel_member_id(id)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/coupontarget.php b/adm/shop_admin/coupontarget.php
index 91279b93a..c643c5ceb 100644
--- a/adm/shop_admin/coupontarget.php
+++ b/adm/shop_admin/coupontarget.php
@@ -2,10 +2,10 @@
 $sub_menu = '400800';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
-$sch_word   = clean_xss_tags(strip_tags($_GET['sch_word']));
+$sch_target = isset($_GET['sch_target']) ? substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1) : '';
+$sch_word   = isset($_GET['sch_word']) ? clean_xss_tags(strip_tags($_GET['sch_word'])) : '';
 
 if($_GET['sch_target'] == 1) {
     $html_title = '분류';
@@ -124,5 +124,4 @@ function sel_target_id(id)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponzoneform.php b/adm/shop_admin/couponzoneform.php
index 38b3c1535..b3b8025b4 100644
--- a/adm/shop_admin/couponzoneform.php
+++ b/adm/shop_admin/couponzoneform.php
@@ -2,9 +2,24 @@
 $sub_menu = '400810';
 include_once('./_common.php');
 
-$cz_id = (int) $cz_id;
+$cz_id = isset($_REQUEST['cz_id']) ? (int) $_REQUEST['cz_id'] : 0;
+$cp = array(
+'cp_method'=>'',
+'cz_subject'=>'',
+'cp_target'=>'',
+'cp_price'=>'',
+'cp_trunc'=>'',
+'cp_type'=>'',
+'mb_id'=>'',
+'cz_type'=>'',
+'cz_point'=>'',
+'cp_price'=>'',
+'cz_file'=>'',
+'cp_minimum'=>'',
+'cp_maximum'=>'',
+);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = '쿠폰존 쿠폰관리';
 
@@ -303,5 +318,4 @@ function form_check(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponzoneformupdate.php b/adm/shop_admin/couponzoneformupdate.php
index eafbe1d23..e65457d93 100644
--- a/adm/shop_admin/couponzoneformupdate.php
+++ b/adm/shop_admin/couponzoneformupdate.php
@@ -2,7 +2,7 @@
 $sub_menu = '400810';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
@@ -150,5 +150,4 @@ if($_FILES['cp_img']['tmp_name']) {
     sql_query($sql);
 }
 
-goto_url('./couponzonelist.php?'.$qstr);
-?>
\ No newline at end of file
+goto_url('./couponzonelist.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/shop_admin/couponzonelist.php b/adm/shop_admin/couponzonelist.php
index bab3d7b40..f4200540c 100644
--- a/adm/shop_admin/couponzonelist.php
+++ b/adm/shop_admin/couponzonelist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400810';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql_common = " from {$g5['g5_shop_coupon_zone_table']} ";
 
@@ -174,5 +174,4 @@ function fcouponzonelist_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/couponzonelist_delete.php b/adm/shop_admin/couponzonelist_delete.php
index 3c6681e56..4ea41c447 100644
--- a/adm/shop_admin/couponzonelist_delete.php
+++ b/adm/shop_admin/couponzonelist_delete.php
@@ -4,23 +4,22 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 if(!$count)
     alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
 for ($i=0; $i<$count; $i++)
 {
     // 실제 번호를 넘김
-    $k = $_POST['chk'][$i];
-    $ccz_id = (int) $_POST['cz_id'][$k];
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+    $ccz_id = isset($_POST['cz_id'][$k]) ? (int) $_POST['cz_id'][$k] : 0;
 
     $sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$ccz_id}' ";
     sql_query($sql);
 }
 
-goto_url('./couponzonelist.php?'.$qstr);
-?>
+goto_url('./couponzonelist.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/shop_admin/index.php b/adm/shop_admin/index.php
index 8d6fbd10d..e9b23bf9d 100644
--- a/adm/shop_admin/index.php
+++ b/adm/shop_admin/index.php
@@ -280,6 +280,7 @@ function get_max_value($arr)
             $option_noti = (int)$row['cnt'];
 
             // SMS 정보
+            $userinfo = array('coin'=>0);
             if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
                 $userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
             }
@@ -341,10 +342,11 @@ function get_max_value($arr)
         <tbody>
         <?php
         $case = array('신용카드', '계좌이체', '가상계좌', '무통장', '휴대폰', '포인트', '쿠폰');
-
+        
+        $val_cnt = 0;
         foreach($case as $val)
         {
-            $val_cnt ++;
+            $val_cnt++;
         ?>
         <tr>
             <th scope="row" id="th_val_<?php echo $val_cnt; ?>" class="td_category"><?php echo $val; ?></th>
@@ -538,5 +540,4 @@ function graph_draw()
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/inorderform.php b/adm/shop_admin/inorderform.php
index 7dec0eef9..83c649460 100644
--- a/adm/shop_admin/inorderform.php
+++ b/adm/shop_admin/inorderform.php
@@ -2,7 +2,9 @@
 $sub_menu = '400410';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
 
 $g5['title'] = "미완료주문 내역";
 include_once(G5_ADMIN_PATH.'/admin.head.php');
@@ -33,7 +35,7 @@ $tot_cp_price = 0;
 if($od['mb_id']) {
     // 상품쿠폰
     $tot_it_cp_price = $tot_od_cp_price = 0;
-    $it_cp_cnt = count($data['cp_id']);
+    $it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
     $arr_it_cp_prc = array();
     for($i=0; $i<$it_cp_cnt; $i++) {
         $cid = $data['cp_id'][$i];
@@ -44,7 +46,7 @@ if($od['mb_id']) {
                       and mb_id IN ( '{$od['mb_id']}', '전체회원' )
                       and cp_method IN ( 0, 1 ) ";
         $cp = sql_fetch($sql);
-        if(!$cp['cp_id'])
+        if(! (isset($cp['cp_id']) && $cp['cp_id']))
             continue;
 
         // 사용한 쿠폰인지
@@ -96,7 +98,7 @@ if($od['mb_id']) {
     $tot_od_price -= $tot_it_cp_price;
 
     // 주문쿠폰
-    if($data['od_cp_id']) {
+    if(isset($data['od_cp_id']) && $data['od_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$data['od_cp_id']}'
@@ -163,10 +165,10 @@ if($od['mb_id'] && $od_send_cost > 0) {
 }
 
 // 추가배송비
-$od_send_cost2 = (int)$data['od_send_cost2'];
+$od_send_cost2 = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
 
 // 포인트
-$od_temp_point = (int)$data['od_temp_point'];
+$od_temp_point = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
 
 $order_price   = $tot_od_price + $od_send_cost + $od_send_cost2 - $tot_sc_cp_price - $od_temp_point;
 
@@ -258,7 +260,7 @@ $pg_anchor = '<ul class="anchor">
                 $ct_point['stotal'] = $opt['ct_point'] * $opt['ct_qty'];
 
                 if($k == 0)
-                    $opt_cp_price = (int)$arr_it_cp_prc[$row['it_id']];
+                    $opt_cp_price = isset($arr_it_cp_prc[$row['it_id']]) ? (int) $arr_it_cp_prc[$row['it_id']] : 0;
                 else
                     $opt_cp_price = 0;
             ?>
@@ -266,7 +268,7 @@ $pg_anchor = '<ul class="anchor">
                 <?php if($k == 0) { ?>
                 <td rowspan="<?php echo $rowspan; ?>">
                     <?php echo $image; ?> <?php echo stripslashes($row['it_name']); ?>
-                    <?php if($od['od_tax_flag'] && $row['ct_notax']) echo '[비과세상품]'; ?>
+                    <?php if(isset($od['od_tax_flag']) && $od['od_tax_flag'] && $row['ct_notax']) echo '[비과세상품]'; ?>
                 </td>
                 <?php } ?>
                 <td><?php echo $opt['ct_option']; ?></td>
@@ -569,5 +571,4 @@ function del_confirm()
 </script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/inorderformupdate.php b/adm/shop_admin/inorderformupdate.php
index f9810af69..5d902ffec 100644
--- a/adm/shop_admin/inorderformupdate.php
+++ b/adm/shop_admin/inorderformupdate.php
@@ -5,18 +5,20 @@ include_once('./_common.php');
 check_demo();
 
 if($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
+
 //------------------------------------------------------------------------------
 // 주문서 정보
 //------------------------------------------------------------------------------
 $sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$od_id' ";
 $od = sql_fetch($sql);
-if (!$od['od_id']) {
+if (! (isset($od['od_id']) && $od['od_id'])) {
     alert("해당 주문번호로 미완료 주문서가 존재하지 않습니다.");
 }
 
@@ -37,18 +39,18 @@ $row = sql_fetch($sql);
 $tot_ct_price  = $row['od_price'];
 $cart_count    = $row['cart_count'];
 $tot_od_price  = $tot_ct_price;
-$i_price       = (int)$data['od_price'];
-$i_send_cost   = (int)$data['od_send_cost'];
-$i_send_cost2  = (int)$data['od_send_cost2'];
-$i_send_coupon = (int)$data['od_send_coupon'];
-$i_temp_point  = (int)$data['od_temp_point'];
+$i_price       = isset($data['od_price']) ? (int) $data['od_price'] : 0;
+$i_send_cost   = isset($data['od_send_cost']) ? (int) $data['od_send_cost'] : 0;
+$i_send_cost2  = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
+$i_send_coupon = isset($data['od_send_coupon']) ? (int) $data['od_send_coupon'] : 0;
+$i_temp_point  = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
 
 // 쿠폰금액
 $tot_cp_price = 0;
 if($od['mb_id']) {
     // 상품쿠폰
     $tot_it_cp_price = $tot_od_cp_price = 0;
-    $it_cp_cnt = count($data['cp_id']);
+    $it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
     $arr_it_cp_prc = array();
     for($i=0; $i<$it_cp_cnt; $i++) {
         $cid = $data['cp_id'][$i];
@@ -59,7 +61,7 @@ if($od['mb_id']) {
                       and mb_id IN ( '{$od['mb_id']}', '전체회원' )
                       and cp_method IN ( 0, 1 ) ";
         $cp = sql_fetch($sql);
-        if(!$cp['cp_id'])
+        if(! (isset($cp['cp_id']) && $cp['cp_id']))
             continue;
 
         // 사용한 쿠폰인지
@@ -111,7 +113,7 @@ if($od['mb_id']) {
     $tot_od_price -= $tot_it_cp_price;
 
     // 주문쿠폰
-    if($data['od_cp_id']) {
+    if(isset($data['od_cp_id']) && $data['od_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$data['od_cp_id']}'
@@ -178,10 +180,10 @@ if($od['mb_id'] && $od_send_cost > 0) {
 }
 
 // 추가배송비
-$od_send_cost2 = (int)$data['od_send_cost2'];
+$od_send_cost2 = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
 
 // 포인트
-$od_temp_point = (int)$data['od_temp_point'];
+$od_temp_point = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
 
 $i_price     = $i_price + $i_send_cost + $i_send_cost2 - $i_temp_point - $i_send_coupon;
 $order_price = $tot_od_price + $od_send_cost + $od_send_cost2 - $tot_sc_cp_price - $od_temp_point;
@@ -238,6 +240,10 @@ $od_receipt_point = $od_temp_point;
 $od_receipt_time  = $od['dt_time'];
 $od_misu          = 0;
 $od_status        = '입금';
+$od_bank_account  = isset($data['od_bank_account']) ? clean_xss_tags($data['od_bank_account'], 1, 1) : '';
+$od_tno = '';
+$od_app_no = '';
+$od_hope_date = isset($data['od_hope_date']) ? clean_xss_tags($data['od_hope_date'], 1, 1) : '';
 
 // 주문서에 입력
 $sql = " insert {$g5['g5_shop_order_table']}
@@ -287,7 +293,7 @@ $sql = " insert {$g5['g5_shop_order_table']}
                 od_free_mny       = '$od_free_mny',
                 od_status         = '$od_status',
                 od_shop_memo      = '',
-                od_hope_date      = '{$data['od_hope_date']}',
+                od_hope_date      = '{$od_hope_date}',
                 od_time           = '{$od['dt_time']}',
                 od_ip             = '{$data['od_ip']}',
                 od_settle_case    = '{$data['od_settle_case']}',
@@ -313,11 +319,11 @@ if ($od['mb_id'] && $od_receipt_point)
 
 // 쿠폰사용내역기록
 if($od['mb_id']) {
-    $it_cp_cnt = count($data['cp_id']);
+    $it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
     for($i=0; $i<$it_cp_cnt; $i++) {
         $cid = $data['cp_id'][$i];
         $cp_it_id = $data['it_id'][$i];
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
+        $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;
 
         if(trim($cid)) {
             $sql = " insert into {$g5['g5_shop_coupon_log_table']}
@@ -330,7 +336,6 @@ if($od['mb_id']) {
         }
 
         // 쿠폰사용금액 cart에 기록
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
         $sql = " update {$g5['g5_shop_cart_table']}
                     set cp_price = '$cp_prc'
                     where od_id = '$od_id'
@@ -341,7 +346,7 @@ if($od['mb_id']) {
         sql_query($sql);
     }
 
-    if($data['od_cp_id']) {
+    if(isset($data['od_cp_id']) && $data['od_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$data['od_cp_id']}',
                         mb_id       = '{$od['mb_id']}',
@@ -351,7 +356,7 @@ if($od['mb_id']) {
         sql_query($sql);
     }
 
-    if($data['sc_cp_id']) {
+    if(isset($data['sc_cp_id']) && $data['sc_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$data['sc_cp_id']}',
                         mb_id       = '{$od['mb_id']}',
@@ -385,5 +390,4 @@ echo 'if(confirm("복구하신 주문 상세페이지로 이동하시겠습니
 echo 'document.location.href = "./orderform.php?od_id='.$od_id.'";'.PHP_EOL;
 echo 'else'.PHP_EOL;
 echo 'document.location.href = "./inorderlist.php?'.str_replace('&amp;', '&', $qstr).'";'.PHP_EOL;
-echo '</script>'.PHP_EOL;
-?>
\ No newline at end of file
+echo '</script>'.PHP_EOL;
\ No newline at end of file
diff --git a/adm/shop_admin/inorderlist.php b/adm/shop_admin/inorderlist.php
index 40d29289a..8ecbdc8e7 100644
--- a/adm/shop_admin/inorderlist.php
+++ b/adm/shop_admin/inorderlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400410';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql_common = " from {$g5['g5_shop_order_data_table']} ";
 
@@ -57,7 +57,7 @@ $colspan = 10;
 
 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
     <select name="sfl" title="검색대상">
-        <option value="od_id"<?php echo get_selected($_GET['sfl'], "od_id"); ?>>주문번호</option>
+        <option value="od_id"<?php echo get_selected($sfl, "od_id"); ?>>주문번호</option>
     </select>
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
     <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -172,5 +172,4 @@ function finorderlist_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/inorderlistdelete.php b/adm/shop_admin/inorderlistdelete.php
index a4b75cef1..5e5670bc8 100644
--- a/adm/shop_admin/inorderlistdelete.php
+++ b/adm/shop_admin/inorderlistdelete.php
@@ -4,22 +4,21 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 if(!$count)
     alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
 for ($i=0; $i<$count; $i++)
 {
     // 실제 번호를 넘김
-    $k = $_POST['chk'][$i];
-
-    $sql = " delete from {$g5['g5_shop_order_data_table']} where od_id = '{$_POST['od_id'][$k]}' ";
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+    $od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
+    $sql = " delete from {$g5['g5_shop_order_data_table']} where od_id = '{$od_id}' ";
     sql_query($sql);
 }
 
-goto_url('./inorderlist.php');
-?>
\ No newline at end of file
+goto_url('./inorderlist.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemcopy.php b/adm/shop_admin/itemcopy.php
index a3ca5c939..f1b8cd9ba 100644
--- a/adm/shop_admin/itemcopy.php
+++ b/adm/shop_admin/itemcopy.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 
 $ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '상품 복사';
 include_once(G5_PATH.'/head.sub.php');
@@ -51,5 +51,4 @@ function _copy(link)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemcopyupdate.php b/adm/shop_admin/itemcopyupdate.php
index 549721d71..b647a08b3 100644
--- a/adm/shop_admin/itemcopyupdate.php
+++ b/adm/shop_admin/itemcopyupdate.php
@@ -2,7 +2,7 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
@@ -161,5 +161,4 @@ sql_query($sql);
 
 $qstr = "ca_id=$ca_id&amp;sfl=$sfl&amp;sca=$sca&amp;page=$page&amp;stx=".urlencode($stx)."&amp;save_stx=".urlencode($save_stx);
 
-goto_url("itemlist.php?$qstr");
-?>
\ No newline at end of file
+goto_url("itemlist.php?$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/itemdelete.inc.php b/adm/shop_admin/itemdelete.inc.php
index 0f345e6f7..17e8bb0d6 100644
--- a/adm/shop_admin/itemdelete.inc.php
+++ b/adm/shop_admin/itemdelete.inc.php
@@ -111,5 +111,4 @@ if (!function_exists("itemdelete")) {
 
 run_event('shop_admin_delete_item_file', $it_id);
 
-itemdelete($it_id);
-?>
\ No newline at end of file
+itemdelete($it_id);
\ No newline at end of file
diff --git a/adm/shop_admin/itemevent.php b/adm/shop_admin/itemevent.php
index 7ca1fb55c..12fd9deec 100644
--- a/adm/shop_admin/itemevent.php
+++ b/adm/shop_admin/itemevent.php
@@ -2,7 +2,7 @@
 $sub_menu = '500300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '이벤트관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -85,5 +85,4 @@ function itemeventwin(ev_id)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventform.php b/adm/shop_admin/itemeventform.php
index a2f9d6a37..b4e2c15ae 100644
--- a/adm/shop_admin/itemeventform.php
+++ b/adm/shop_admin/itemeventform.php
@@ -3,9 +3,18 @@ $sub_menu = '500300';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
+$ev_id = isset($_REQUEST['ev_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['ev_id']) : '';
+$ev = array(
+'ev_subject'=>'',
+'ev_subject_strong'=>'',
+'ev_id'=>'',
+'ev_head_html'=>'',
+'ev_tail_html'=>''
+);
+
+$res_item = null;
 
 $html_title = "이벤트";
 $g5['title'] = $html_title.' 관리';
@@ -232,6 +241,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
                 <span class="srel_pad"></span>
                 <div id="reg_item_list" class="srel_sel">
                     <?php
+                    if( $res_item ) {
                     for($i=0; $row=sql_fetch_array($res_item); $i++) {
                         $it_name = get_it_image($row['it_id'], 50, 50).' '.$row['it_name'];
 
@@ -244,8 +254,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
                             <div class="list_item_btn"><button type="button" class="del_item btn_frmline">삭제</button></div>
                         </li>
                     <?php
-                    }
-
+                    }   // end for
+                    }   // end if
                     if($i > 0)
                         echo '</ul>';
                     else
@@ -392,7 +402,7 @@ $(function() {
         }
 
         var cont = "<li>"+$li.html().replace("add_item", "del_item").replace("추가", "삭제")+"</li>";
-        var count = $("#reg_item_list li").size();
+        var count = $("#reg_item_list li").length;
 
         if(count > 0) {
             $("#reg_item_list li:last").after(cont);
@@ -409,7 +419,7 @@ $(function() {
 
         $(this).closest("li").remove();
 
-        var count = $("#reg_item_list li").size();
+        var count = $("#reg_item_list li").length;
         if(count < 1)
             $("#reg_item_list").html("<p>등록된 상품이 없습니다.</p>");
     });
@@ -443,5 +453,4 @@ function feventform_check(f)
 
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventformupdate.php b/adm/shop_admin/itemeventformupdate.php
index c4d0da73c..181f60408 100644
--- a/adm/shop_admin/itemeventformupdate.php
+++ b/adm/shop_admin/itemeventformupdate.php
@@ -6,15 +6,37 @@ if ($w == "u" || $w == "d")
     check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
 @mkdir(G5_DATA_PATH."/event", G5_DIR_PERMISSION);
 @chmod(G5_DATA_PATH."/event", G5_DIR_PERMISSION);
 
+$ev_mimg_del = isset($_POST['ev_mimg_del']) ? (int) $_POST['ev_mimg_del'] : 0;
+$ev_himg_del = isset($_POST['ev_himg_del']) ? (int) $_POST['ev_himg_del'] : 0;
+$ev_timg_del = isset($_POST['ev_timg_del']) ? (int) $_POST['ev_timg_del'] : 0;
+
+$ev_skin = isset($_POST['ev_skin']) ? clean_xss_tags($_POST['ev_skin'], 1, 1) : '';
+$ev_mobile_skin = isset($_POST['ev_mobile_skin']) ? clean_xss_tags($_POST['ev_mobile_skin'], 1, 1) : '';
+
+$ev_img_width = isset($_POST['ev_img_width']) ? (int) $_POST['ev_img_width'] : 0;
+$ev_img_height = isset($_POST['ev_img_height']) ? (int) $_POST['ev_img_height'] : 0;
+$ev_list_mod = isset($_POST['ev_list_mod']) ? (int) $_POST['ev_list_mod'] : 0;
+$ev_list_row = isset($_POST['ev_list_row']) ? (int) $_POST['ev_list_row'] : 0;
+$ev_mobile_img_width = isset($_POST['ev_mobile_img_width']) ? (int) $_POST['ev_mobile_img_width'] : 0;
+$ev_mobile_img_height = isset($_POST['ev_mobile_img_height']) ? (int) $_POST['ev_mobile_img_height'] : 0;
+$ev_mobile_list_mod = isset($_POST['ev_mobile_list_mod']) ? (int) $_POST['ev_mobile_list_mod'] : 0;
+$ev_mobile_list_row = isset($_POST['ev_mobile_list_row']) ? (int) $_POST['ev_mobile_list_row'] : 0;
+$ev_use = isset($_POST['ev_use']) ? (int) $_POST['ev_use'] : 0;
+$ev_subject_strong = isset($_POST['ev_subject_strong']) ? (int) $_POST['ev_subject_strong'] : 0;
+
+$ev_subject = isset($_POST['ev_subject']) ? clean_xss_tags($_POST['ev_subject'], 1, 1) : '';
+$ev_head_html = isset($_POST['ev_head_html']) ? $_POST['ev_head_html'] : '';
+$ev_tail_html = isset($_POST['ev_tail_html']) ? $_POST['ev_tail_html'] : '';
+
 if ($ev_mimg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
 if ($ev_himg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
 if ($ev_timg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
@@ -90,7 +112,7 @@ if ($w == "" || $w == "u")
     $count = count($item);
 
     for($i=0; $i<$count; $i++) {
-        $it_id = $item[$i];
+        $it_id = isset($item[$i]) ? $item[$i] : '';
         if($it_id) {
             $sql = " insert into {$g5['g5_shop_event_item_table']}
                         set ev_id = '$ev_id',
@@ -104,5 +126,4 @@ if ($w == "" || $w == "u")
 else
 {
     goto_url("./itemevent.php");
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventlist.php b/adm/shop_admin/itemeventlist.php
index 61b093744..ce1f81695 100644
--- a/adm/shop_admin/itemeventlist.php
+++ b/adm/shop_admin/itemeventlist.php
@@ -2,15 +2,15 @@
 $sub_menu = '500310';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
-$sort1 = strip_tags($sort1);
-if (!in_array($sort1, array('a.it_id', 'it_name'))) $sort1 = "a.it_id";
-$sel_field = in_array($sel_field, array('a.it_id', 'it_name')) ? strip_tags($sel_field) : 'it_name';
-$sel_ca_id = get_search_string($sel_ca_id);
-$search = get_search_string($search);
-$ev_title = isset($ev_title) ? strip_tags($ev_title) : '';
+$ev_id = isset($_GET['ev_id']) ? preg_replace('/[^0-9]/', '', $_GET['ev_id']) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('a.it_id', 'it_name'))) ? $_GET['sort1'] : 'a.it_id';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
+$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('a.it_id', 'it_name')) ) ? $_GET['sel_field'] : 'it_name';
+$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
+$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
+$ev_title = isset($ev_title) ? clean_xss_tags($ev_title, 1, 1) : '';
 
 $g5['title'] = '이벤트일괄처리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -212,5 +212,4 @@ function fitemeventlistupdatecheck(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventlistupdate.php b/adm/shop_admin/itemeventlistupdate.php
index 7ed95504f..e55174c04 100644
--- a/adm/shop_admin/itemeventlistupdate.php
+++ b/adm/shop_admin/itemeventlistupdate.php
@@ -4,11 +4,13 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-for ($i=0; $i<count($_POST['it_id']); $i++)
+$post_it_id_count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
+for ($i=0; $i<$post_it_id_count; $i++)
 {
-    $iit_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]);
+    $iit_id = isset($_POST['it_id'][$i]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]) : '';
 
     $sql = " delete from {$g5['g5_shop_event_item_table']}
               where ev_id = '$ev_id'
@@ -25,5 +27,4 @@ for ($i=0; $i<count($_POST['it_id']); $i++)
 
 }
 
-goto_url('./itemeventlist.php?ev_id='.$ev_id.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;sel_ca_id='.$sel_ca_id.'&amp;sel_field='.$sel_field.'&amp;search='.$search.'&amp;page='.$page);
-?>
+goto_url('./itemeventlist.php?ev_id='.$ev_id.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;sel_ca_id='.$sel_ca_id.'&amp;sel_field='.$sel_field.'&amp;search='.$search.'&amp;page='.$page);
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventsearch.php b/adm/shop_admin/itemeventsearch.php
index 617c5c305..67734dd24 100644
--- a/adm/shop_admin/itemeventsearch.php
+++ b/adm/shop_admin/itemeventsearch.php
@@ -2,7 +2,7 @@
 $sub_menu = '500300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $ca_id = trim($ca_id);
 $it_name = trim(strip_tags($it_name));
@@ -45,5 +45,4 @@ if($list)
 else
     $list = '<p>등록된 상품이 없습니다.</p>';
 
-echo $list;
-?>
\ No newline at end of file
+echo $list;
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventwin.php b/adm/shop_admin/itemeventwin.php
index 7f9d9ebb6..4a128fc89 100644
--- a/adm/shop_admin/itemeventwin.php
+++ b/adm/shop_admin/itemeventwin.php
@@ -2,7 +2,7 @@
 $sub_menu = '500300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql = " select ev_subject from {$g5['g5_shop_event_table']} where ev_id = '$ev_id' ";
 $ev = sql_fetch($sql);
@@ -61,5 +61,4 @@ include_once(G5_PATH.'/head.sub.php');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemeventwindel.php b/adm/shop_admin/itemeventwindel.php
index 64e603623..11614be40 100644
--- a/adm/shop_admin/itemeventwindel.php
+++ b/adm/shop_admin/itemeventwindel.php
@@ -4,10 +4,12 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "d");
+auth_check_menu($auth, $sub_menu, "d");
+
+$ev_id = isset($_REQUEST['ev_id']) ? (int) $_REQUEST['ev_id'] : 0;
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
 
 $sql = " delete from {$g5['g5_shop_event_item_table']} where ev_id = '$ev_id' and it_id = '$it_id' ";
 sql_query($sql);
 
-goto_url("./itemeventwin.php?ev_id=$ev_id");
-?>
+goto_url("./itemeventwin.php?ev_id=$ev_id");
\ No newline at end of file
diff --git a/adm/shop_admin/itemexcel.php b/adm/shop_admin/itemexcel.php
index b3dc3dc39..91aef05b4 100644
--- a/adm/shop_admin/itemexcel.php
+++ b/adm/shop_admin/itemexcel.php
@@ -2,7 +2,7 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = '엑셀파일로 상품 일괄 등록';
 include_once(G5_PATH.'/head.sub.php');
@@ -41,5 +41,4 @@ include_once(G5_PATH.'/head.sub.php');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemexcelupdate.php b/adm/shop_admin/itemexcelupdate.php
index b900b2c0d..9555710a2 100644
--- a/adm/shop_admin/itemexcelupdate.php
+++ b/adm/shop_admin/itemexcelupdate.php
@@ -6,67 +6,29 @@ include_once('./_common.php');
 set_time_limit ( 0 );
 ini_set('memory_limit', '50M');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 function only_number($n)
 {
     return preg_replace('/[^0-9]/', '', $n);
 }
 
-if($_FILES['excelfile']['tmp_name']) {
+$is_upload_file = (isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) ? 1 : 0;
+
+if( ! $is_upload_file){
+    alert("엑셀 파일을 업로드해 주세요.");
+}
+
+if($is_upload_file) {
     $file = $_FILES['excelfile']['tmp_name'];
 
-    include_once(G5_LIB_PATH.'/Excel/reader.php');
+    include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
 
-    $data = new Spreadsheet_Excel_Reader();
+    $objPHPExcel = PHPExcel_IOFactory::load($file);
+    $sheet = $objPHPExcel->getSheet(0);
 
-    // Set output Encoding.
-    $data->setOutputEncoding('UTF-8');
-
-    /***
-    * if you want you can change 'iconv' to mb_convert_encoding:
-    * $data->setUTFEncoder('mb');
-    *
-    **/
-
-    /***
-    * By default rows & cols indeces start with 1
-    * For change initial index use:
-    * $data->setRowColOffset(0);
-    *
-    **/
-
-
-
-    /***
-    *  Some function for formatting output.
-    * $data->setDefaultFormat('%.2f');
-    * setDefaultFormat - set format for columns with unknown formatting
-    *
-    * $data->setColumnFormat(4, '%.3f');
-    * setColumnFormat - set format for column (apply only to number fields)
-    *
-    **/
-
-    $data->read($file);
-
-    /*
-
-
-     $data->sheets[0]['numRows'] - count rows
-     $data->sheets[0]['numCols'] - count columns
-     $data->sheets[0]['cells'][$i][$j] - data from $i-row $j-column
-
-     $data->sheets[0]['cellsInfo'][$i][$j] - extended info about cell
-
-        $data->sheets[0]['cellsInfo'][$i][$j]['type'] = "date" | "number" | "unknown"
-            if 'type' == "unknown" - use 'raw' value, because  cell contain value with format '0.00';
-        $data->sheets[0]['cellsInfo'][$i][$j]['raw'] = value if cell without format
-        $data->sheets[0]['cellsInfo'][$i][$j]['colspan']
-        $data->sheets[0]['cellsInfo'][$i][$j]['rowspan']
-    */
-
-    error_reporting(E_ALL ^ E_NOTICE);
+    $num_rows = $sheet->getHighestRow();
+    $highestColumn = $sheet->getHighestColumn();
 
     $dup_it_id = array();
     $fail_it_id = array();
@@ -75,51 +37,56 @@ if($_FILES['excelfile']['tmp_name']) {
     $fail_count = 0;
     $succ_count = 0;
 
-    for ($i = 3; $i <= $data->sheets[0]['numRows']; $i++) {
+    for ($i = 3; $i <= $num_rows; $i++) {
         $total_count++;
 
-        $j = 1;
+        $j = 0;
 
-        $it_id              = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $ca_id              = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $ca_id2             = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $ca_id3             = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_name            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_maker           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_origin          = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_brand           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_model           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_type1           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_type2           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_type3           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_type4           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_type5           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_basic           = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_explan          = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_mobile_explan   = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_cust_price      = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_price           = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_tel_inq         = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_point           = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_point_type      = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_sell_email      = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_use             = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_stock_qty       = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_noti_qty        = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_buy_min_qty     = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_buy_max_qty     = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_notax           = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_order           = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
-        $it_img1            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img2            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img3            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img4            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img5            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img6            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img7            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img8            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img9            = addslashes($data->sheets[0]['cells'][$i][$j++]);
-        $it_img10           = addslashes($data->sheets[0]['cells'][$i][$j++]);
+        $rowData = $sheet->rangeToArray('A' . $i . ':' . $highestColumn . $i,
+                                            NULL,
+                                            TRUE,
+                                            FALSE);
+
+        $it_id              = addslashes($rowData[0][$j++]);
+        $ca_id              = addslashes($rowData[0][$j++]);
+        $ca_id2             = addslashes($rowData[0][$j++]);
+        $ca_id3             = addslashes($rowData[0][$j++]);
+        $it_name            = addslashes($rowData[0][$j++]);
+        $it_maker           = addslashes($rowData[0][$j++]);
+        $it_origin          = addslashes($rowData[0][$j++]);
+        $it_brand           = addslashes($rowData[0][$j++]);
+        $it_model           = addslashes($rowData[0][$j++]);
+        $it_type1           = addslashes($rowData[0][$j++]);
+        $it_type2           = addslashes($rowData[0][$j++]);
+        $it_type3           = addslashes($rowData[0][$j++]);
+        $it_type4           = addslashes($rowData[0][$j++]);
+        $it_type5           = addslashes($rowData[0][$j++]);
+        $it_basic           = addslashes($rowData[0][$j++]);
+        $it_explan          = addslashes($rowData[0][$j++]);
+        $it_mobile_explan   = addslashes($rowData[0][$j++]);
+        $it_cust_price      = addslashes(only_number($rowData[0][$j++]));
+        $it_price           = addslashes(only_number($rowData[0][$j++]));
+        $it_tel_inq         = addslashes($rowData[0][$j++]);
+        $it_point           = addslashes(only_number($rowData[0][$j++]));
+        $it_point_type      = addslashes(only_number($rowData[0][$j++]));
+        $it_sell_email      = addslashes($rowData[0][$j++]);
+        $it_use             = addslashes($rowData[0][$j++]);
+        $it_stock_qty       = addslashes(only_number($rowData[0][$j++]));
+        $it_noti_qty        = addslashes(only_number($rowData[0][$j++]));
+        $it_buy_min_qty     = addslashes(only_number($rowData[0][$j++]));
+        $it_buy_max_qty     = addslashes(only_number($rowData[0][$j++]));
+        $it_notax           = addslashes(only_number($rowData[0][$j++]));
+        $it_order           = addslashes(only_number($rowData[0][$j++]));
+        $it_img1            = addslashes($rowData[0][$j++]);
+        $it_img2            = addslashes($rowData[0][$j++]);
+        $it_img3            = addslashes($rowData[0][$j++]);
+        $it_img4            = addslashes($rowData[0][$j++]);
+        $it_img5            = addslashes($rowData[0][$j++]);
+        $it_img6            = addslashes($rowData[0][$j++]);
+        $it_img7            = addslashes($rowData[0][$j++]);
+        $it_img8            = addslashes($rowData[0][$j++]);
+        $it_img9            = addslashes($rowData[0][$j++]);
+        $it_img10           = addslashes($rowData[0][$j++]);
         $it_explan2         = strip_tags(trim($it_explan));
 
         if(!$it_id || !$ca_id || !$it_name) {
@@ -130,7 +97,7 @@ if($_FILES['excelfile']['tmp_name']) {
         // it_id 중복체크
         $sql2 = " select count(*) as cnt from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
         $row2 = sql_fetch($sql2);
-        if($row2['cnt']) {
+        if(isset($row2['cnt']) && $row2['cnt']) {
             $fail_it_id[] = $it_id;
             $dup_it_id[] = $it_id;
             $dup_count++;
@@ -141,7 +108,7 @@ if($_FILES['excelfile']['tmp_name']) {
         // 기본분류체크
         $sql2 = " select count(*) as cnt from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
         $row2 = sql_fetch($sql2);
-        if(!$row2['cnt']) {
+        if(! (isset($row2['cnt']) && $row2['cnt'])) {
             $fail_it_id[] = $it_id;
             $fail_count++;
             continue;
@@ -190,6 +157,7 @@ if($_FILES['excelfile']['tmp_name']) {
                          it_img8 = '$it_img8',
                          it_img9 = '$it_img9',
                          it_img10 = '$it_img10' ";
+
         sql_query($sql);
 
         $succ_count++;
@@ -233,5 +201,4 @@ include_once(G5_PATH.'/head.sub.php');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemform.php b/adm/shop_admin/itemform.php
index d2fe1f165..cffc307ce 100644
--- a/adm/shop_admin/itemform.php
+++ b/adm/shop_admin/itemform.php
@@ -4,10 +4,73 @@ include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $html_title = "상품 ";
 
+$it = array(
+'it_id'=>'',
+'it_skin'=>'',
+'it_mobile_skin'=>'',
+'it_name'=>'',
+'it_basic'=>'',
+'it_order'=>0,
+'it_type1'=>0,
+'it_type2'=>0,
+'it_type3'=>0,
+'it_type4'=>0,
+'it_type5'=>0,
+'it_brand'=>'',
+'it_model'=>'',
+'it_tel_inq'=>0,
+'it_use'=>0,
+'it_nocoupon'=>0,
+'ec_mall_pid'=>'',
+'it_mobile_explan'=>'',
+'it_sell_email'=>'',
+'it_shop_memo'=>'',
+'it_info_gubun'=>'',
+'it_explan'=>'',
+'it_point_type'=>0,
+'it_cust_price'=>0,
+'it_option_subject'=>'',
+'it_price'=>0,
+'it_point'=>0,
+'it_supply_point'=>0,
+'it_soldout'=>0,
+'it_stock_sms'=>0,
+'it_stock_qty'=>0,
+'it_noti_qty'=>0,
+'it_buy_min_qty'=>0,
+'it_buy_max_qty'=>0,
+'it_notax'=>0,
+'it_supply_subject'=>'',
+'it_sc_type'=>0,
+'it_sc_method'=>0,
+'it_sc_price'=>0,
+'it_sc_minimum'=>0,
+'it_sc_qty'=>0,
+'it_img1'=>'',
+'it_img2'=>'',
+'it_img3'=>'',
+'it_img4'=>'',
+'it_img5'=>'',
+'it_img6'=>'',
+'it_img7'=>'',
+'it_img8'=>'',
+'it_img9'=>'',
+'it_img10'=>'',
+'it_head_html'=>'',
+'it_tail_html'=>'',
+'it_mobile_head_html'=>'',
+'it_mobile_tail_html'=>'',
+);
+
+for($i=0;$i<=10;$i++){
+    $it['it_'.$i.'_subj'] = '';
+    $it['it_'.$i] = '';
+}
+
 if ($w == "")
 {
     $html_title .= "입력";
@@ -21,7 +84,7 @@ if ($w == "")
     {
         $sql = " select ca_id from {$g5['g5_shop_category_table']} order by ca_order, ca_id limit 1 ";
         $row = sql_fetch($sql);
-        if (!$row['ca_id'])
+        if (! (isset($row['ca_id']) && $row['ca_id']))
             alert("등록된 분류가 없습니다. 우선 분류를 등록하여 주십시오.", './categorylist.php');
         $it['ca_id'] = $row['ca_id'];
     }
@@ -50,7 +113,7 @@ else if ($w == "u")
     if(!$it)
         alert('상품정보가 존재하지 않습니다.');
 
-    if (!$ca_id)
+    if (! (isset($ca_id) && $ca_id))
         $ca_id = $it['ca_id'];
 
     $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
@@ -711,7 +774,7 @@ $(function(){
                     <tr>
                         <th scope="row">
                             <label for="opt1_subject">옵션1</label>
-                            <input type="text" name="opt1_subject" value="<?php echo $opt_subject[0]; ?>" id="opt1_subject" class="frm_input" size="15">
+                            <input type="text" name="opt1_subject" value="<?php echo isset($opt_subject[0]) ? $opt_subject[0] : ''; ?>" id="opt1_subject" class="frm_input" size="15">
                         </th>
                         <td>
                             <label for="opt1"><b>옵션1 항목</b></label>
@@ -721,7 +784,7 @@ $(function(){
                     <tr>
                         <th scope="row">
                             <label for="opt2_subject">옵션2</label>
-                            <input type="text" name="opt2_subject" value="<?php echo $opt_subject[1]; ?>" id="opt2_subject" class="frm_input" size="15">
+                            <input type="text" name="opt2_subject" value="<?php echo isset($opt_subject[1]) ? $opt_subject[1] : ''; ?>" id="opt2_subject" class="frm_input" size="15">
                         </th>
                         <td>
                             <label for="opt2"><b>옵션2 항목</b></label>
@@ -731,7 +794,7 @@ $(function(){
                      <tr>
                         <th scope="row">
                             <label for="opt3_subject">옵션3</label>
-                            <input type="text" name="opt3_subject" value="<?php echo $opt_subject[2]; ?>" id="opt3_subject" class="frm_input" size="15">
+                            <input type="text" name="opt3_subject" value="<?php echo isset($opt_subject[2]) ? $opt_subject[2] : ''; ?>" id="opt3_subject" class="frm_input" size="15">
                         </th>
                         <td>
                             <label for="opt3"><b>옵션3 항목</b></label>
@@ -814,7 +877,7 @@ $(function(){
                     // 선택삭제
                     $(document).on("click", "#sel_option_delete", function() {
                         var $el = $("input[name='opt_chk[]']:checked");
-                        if($el.size() < 1) {
+                        if($el.length < 1) {
                             alert("삭제하려는 옵션을 하나 이상 선택해 주십시오.");
                             return false;
                         }
@@ -824,7 +887,7 @@ $(function(){
 
                     // 일괄적용
                     $(document).on("click", "#opt_value_apply", function() {
-                        if($(".opt_com_chk:checked").size() < 1) {
+                        if($(".opt_com_chk:checked").length < 1) {
                             alert("일괄 수정할 항목을 하나이상 체크해 주십시오.");
                             return false;
                         }
@@ -836,7 +899,7 @@ $(function(){
                         var $el = $("input[name='opt_chk[]']:checked");
 
                         // 체크된 옵션이 있으면 체크된 것만 적용
-                        if($el.size() > 0) {
+                        if($el.length > 0) {
                             var $tr;
                             $el.each(function() {
                                 $tr = $(this).closest("tr");
@@ -1020,7 +1083,7 @@ $(function(){
                     // 선택삭제
                     $(document).on("click", "#sel_supply_delete", function() {
                         var $el = $("input[name='spl_chk[]']:checked");
-                        if($el.size() < 1) {
+                        if($el.length < 1) {
                             alert("삭제하려는 옵션을 하나 이상 선택해 주십시오.");
                             return false;
                         }
@@ -1030,7 +1093,7 @@ $(function(){
 
                     // 일괄적용
                     $(document).on("click", "#spl_value_apply", function() {
-                        if($(".spl_com_chk:checked").size() < 1) {
+                        if($(".spl_com_chk:checked").length < 1) {
                             alert("일괄 수정할 항목을 하나이상 체크해 주십시오.");
                             return false;
                         }
@@ -1042,7 +1105,7 @@ $(function(){
                         var $el = $("input[name='spl_chk[]']:checked");
 
                         // 체크된 옵션이 있으면 체크된 것만 적용
-                        if($el.size() > 0) {
+                        if($el.length > 0) {
                             var $tr;
                             $el.each(function() {
                                 $tr = $(this).closest("tr");
@@ -1382,7 +1445,7 @@ $(function(){
                     }
 
                     var cont = "<li>"+$li.html().replace("add_item", "del_item").replace("추가", "삭제")+"</li>";
-                    var count = $("#reg_relation li").size();
+                    var count = $("#reg_relation li").length;
 
                     if(count > 0) {
                         $("#reg_relation li:last").after(cont);
@@ -1399,7 +1462,7 @@ $(function(){
 
                     $(this).closest("li").remove();
 
-                    var count = $("#reg_relation li").size();
+                    var count = $("#reg_relation li").length;
                     if(count < 1)
                         $("#reg_relation").html("<p>선택된 상품이 없습니다.</p>");
                 });
@@ -1501,7 +1564,7 @@ $(function(){
                     }
 
                     var cont = "<li>"+$li.html().replace("add_event", "del_event").replace("추가", "삭제")+"</li>";
-                    var count = $("#reg_event_list li").size();
+                    var count = $("#reg_event_list li").length;
 
                     if(count > 0) {
                         $("#reg_event_list li:last").after(cont);
@@ -1516,7 +1579,7 @@ $(function(){
 
                     $(this).closest("li").remove();
 
-                    var count = $("#reg_event_list li").size();
+                    var count = $("#reg_event_list li").length;
                     if(count < 1)
                         $("#reg_event_list").html("<p>선택된 이벤트가 없습니다.</p>");
                 });
@@ -1863,5 +1926,4 @@ categorychange(document.fitemform);
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemformrelation.php b/adm/shop_admin/itemformrelation.php
index 0d7e541cf..e343fdaa4 100644
--- a/adm/shop_admin/itemformrelation.php
+++ b/adm/shop_admin/itemformrelation.php
@@ -2,7 +2,7 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $ca_id = trim($ca_id);
 $it_name = trim(strip_tags($it_name));
@@ -44,5 +44,4 @@ if($list)
 else
     $list = '<p>등록된 상품이 없습니다.';
 
-echo $list;
-?>
\ No newline at end of file
+echo $list;
\ No newline at end of file
diff --git a/adm/shop_admin/itemformupdate.php b/adm/shop_admin/itemformupdate.php
index 0cd784a29..fffc794bd 100644
--- a/adm/shop_admin/itemformupdate.php
+++ b/adm/shop_admin/itemformupdate.php
@@ -6,9 +6,9 @@ if ($w == "u" || $w == "d")
     check_demo();
 
 if ($w == '' || $w == 'u')
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 else if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 
 check_admin_token();
 
@@ -18,9 +18,9 @@ check_admin_token();
 // input vars 체크
 check_input_vars();
 
-$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : '';
-$ca_id2 = isset($ca_id2) ? preg_replace('/[^0-9a-z]/i', '', $ca_id2) : '';
-$ca_id3 = isset($ca_id3) ? preg_replace('/[^0-9a-z]/i', '', $ca_id3) : '';
+$ca_id = isset($_POST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id']) : '';
+$ca_id2 = isset($_POST['ca_id2']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id2']) : '';
+$ca_id3 = isset($_POST['ca_id3']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id3']) : '';
 
 if ($is_admin != 'super') {     // 최고관리자가 아니면 체크
     $sql = "select b.ca_mb_id from {$g5['g5_shop_item_table']} a , {$g5['g5_shop_category_table']} b where (a.ca_id = b.ca_id) and a.it_id = '$it_id'";
@@ -31,6 +31,7 @@ if ($is_admin != 'super') {     // 최고관리자가 아니면 체크
     }
 }
 
+$it_img1 = $it_img2 = $it_img3 = $it_img4 = $it_img5 = $it_img6 = $it_img7 = $it_img8 = $it_img9 = $it_img10 = '';
 // 파일정보
 if($w == "u") {
     $sql = " select it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10
@@ -52,6 +53,10 @@ if($w == "u") {
 
 $it_img_dir = G5_DATA_PATH.'/item';
 
+for($i=0;$i<=10;$i++){
+    ${'it_img'.$i.'_del'} = ! empty($_POST['it_img1_del']) ? 1 : 0;
+}
+
 // 파일삭제
 if ($it_img1_del) {
     $file_img1 = $it_img_dir.'/'.$it_img1;
@@ -223,18 +228,21 @@ sql_query(" delete from {$g5['g5_shop_event_item_table']} where it_id = '$it_id'
 sql_query(" delete from {$g5['g5_shop_item_option_table']} where io_type = '0' and it_id = '$it_id' "); // 기존선택옵션삭제
 
 $option_count = (isset($_POST['opt_id']) && is_array($_POST['opt_id'])) ? count($_POST['opt_id']) : array();
+$it_option_subject = '';
+$it_supply_subject = '';
+
 if($option_count) {
     // 옵션명
     $opt1_cnt = $opt2_cnt = $opt3_cnt = 0;
     for($i=0; $i<$option_count; $i++) {
-        $_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i]));
+        $post_opt_id = isset($_POST['opt_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i])) : '';
 
-        $opt_val = explode(chr(30), $_POST['opt_id'][$i]);
-        if($opt_val[0])
+        $opt_val = explode(chr(30), $post_opt_id);
+        if(isset($opt_val[0]) && $opt_val[0])
             $opt1_cnt++;
-        if($opt_val[1])
+        if(isset($opt_val[1]) && $opt_val[1])
             $opt2_cnt++;
-        if($opt_val[2])
+        if(isset($opt_val[2]) && $opt_val[2])
             $opt3_cnt++;
     }
 
@@ -255,9 +263,9 @@ if($supply_count) {
     // 추가옵션명
     $arr_spl = array();
     for($i=0; $i<$supply_count; $i++) {
-        $_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i]));
+        $post_spl_id = isset($_POST['spl_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i])) : '';
 
-        $spl_val = explode(chr(30), $_POST['spl_id'][$i]);
+        $spl_val = explode(chr(30), $post_spl_id);
         if(!in_array($spl_val[0], $arr_spl))
             $arr_spl[] = $spl_val[0];
     }
@@ -267,9 +275,10 @@ if($supply_count) {
 
 // 상품요약정보
 $value_array = array();
-for($i=0; $i<count($_POST['ii_article']); $i++) {
-    $key = $_POST['ii_article'][$i];
-    $val = $_POST['ii_value'][$i];
+$count_ii_article = (isset($_POST['ii_article']) && is_array($_POST['ii_article'])) ? count($_POST['ii_article']) : 0;
+for($i=0; $i<$count_ii_article; $i++) {
+    $key = isset($_POST['ii_article'][$i]) ? $_POST['ii_article'][$i] : '';
+    $val = isset($_POST['ii_value'][$i]) ? $_POST['ii_value'][$i] : '';
     $value_array[$key] = $val;
 }
 $it_info_value = addslashes(serialize($value_array));
@@ -278,7 +287,7 @@ $it_info_value = addslashes(serialize($value_array));
 if(($it_point_type == 1 || $it_point_type == 2) && $it_point > 99)
     alert("포인트 비율을 0과 99 사이의 값으로 입력해 주십시오.");
 
-$it_name = strip_tags(clean_xss_attributes(trim($_POST['it_name'])));
+$it_name = isset($_POST['it_name']) ? strip_tags(clean_xss_attributes(trim($_POST['it_name']))) : '';
 
 // KVE-2019-0708
 $check_sanitize_keys = array(
@@ -314,6 +323,7 @@ foreach( $check_sanitize_keys as $key ){
 }
 
 $it_basic = preg_replace('#<script(.*?)>(.*?)<\/script>#is', '', $it_basic);
+$it_explan = isset($_POST['it_explan']) ? $_POST['it_explan'] : '';
 
 if ($it_name == "")
     alert("상품명을 입력해 주십시오.");
@@ -337,7 +347,7 @@ $sql_common = " ca_id               = '$ca_id',
                 it_type5            = '$it_type5',
                 it_basic            = '$it_basic',
                 it_explan           = '$it_explan',
-                it_explan2          = '".strip_tags(trim(clean_xss_attributes($_POST['it_explan'])))."',
+                it_explan2          = '".strip_tags(trim(clean_xss_attributes($it_explan)))."',
                 it_mobile_explan    = '$it_mobile_explan',
                 it_cust_price       = '$it_cust_price',
                 it_price            = '$it_price',
@@ -404,7 +414,7 @@ $sql_common = " ca_id               = '$ca_id',
 
 if ($w == "")
 {
-    $it_id = $_POST['it_id'];
+    $it_id = isset($_POST['it_id']) ? $_POST['it_id'] : '';
 
     if (!trim($it_id)) {
         alert('상품 코드가 없으므로 상품을 추가하실 수 없습니다.');
diff --git a/adm/shop_admin/iteminfo.php b/adm/shop_admin/iteminfo.php
index a04889aca..fddc110d9 100644
--- a/adm/shop_admin/iteminfo.php
+++ b/adm/shop_admin/iteminfo.php
@@ -2,15 +2,19 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
-if($it['it_id']) {
+if(isset($it['it_id']) && $it['it_id']) {
     //$it_id = $it['it_id'];
     $gubun = $it['it_info_gubun'];
 } else {
-    $it_id = trim($_POST['it_id']);
-    $gubun = $_POST['gubun'] ? $_POST['gubun'] : 'wear';
-
-    $sql = " select it_id, it_info_gubun, it_info_value from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
-    $it = sql_fetch($sql);
+    $it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
+    $gubun = isset($_POST['gubun']) ? clean_xss_tags($_POST['gubun'], 1, 1) : 'wear';
+    
+    if ( $it_id ){
+        $sql = " select it_id, it_info_gubun, it_info_value from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
+        if( $items = sql_fetch($sql) ) {
+            $it = $items;
+        }
+    }
 }
 ?>
 
@@ -24,20 +28,23 @@ if($it['it_id']) {
     </colgroup>
     <tbody>
     <?php
-    if($it['it_info_value'])
+    if(isset($it['it_info_value']) && $it['it_info_value'])
         $info_value = unserialize($it['it_info_value']);
-    $article = $item_info[$gubun]['article'];
+
+    $article = isset($item_info[$gubun]['article']) ? $item_info[$gubun]['article'] : array();
     if ($article) {
         // $el_no : 분류적용, 전체적용을 한번만 넣기 위해, $el_length : 수직병합할 셀 값 - 지운아빠 2013-05-20
         $el_no = 0;
         $el_length = count($article);
+        $it_info_gubun = isset($it['it_info_gubun']) ? $it['it_info_gubun'] : '';
+
         foreach($article as $key=>$value) {
             $el_name    = $key;
             $el_title   = $value[0];
             $el_example = $value[1];
             $el_value = '상품페이지 참고';
 
-            if($gubun == $it['it_info_gubun'] && $info_value[$key])
+            if($gubun == $it_info_gubun && isset($info_value[$key]))
                 $el_value = $info_value[$key];
     ?>
 
diff --git a/adm/shop_admin/itemlist.php b/adm/shop_admin/itemlist.php
index ecc9c7d92..288b1a18f 100644
--- a/adm/shop_admin/itemlist.php
+++ b/adm/shop_admin/itemlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400300';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '상품관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -296,5 +296,4 @@ function excelform(url)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemlistupdate.php b/adm/shop_admin/itemlistupdate.php
index 303e3a899..720a4979a 100644
--- a/adm/shop_admin/itemlistupdate.php
+++ b/adm/shop_admin/itemlistupdate.php
@@ -6,36 +6,39 @@ check_demo();
 
 check_admin_token();
 
-if (!count($_POST['chk'])) {
-    alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+$post_act_button = isset($_POST['act_button']) ? $_POST['act_button'] : '';
+
+if (! $count_post_chk) {
+    alert($post_act_button." 하실 항목을 하나 이상 체크하세요.");
 }
 
-if ($_POST['act_button'] == "선택수정") {
+if ($post_act_button == "선택수정") {
 
-    auth_check($auth[$sub_menu], 'w');
+    auth_check_menu($auth, $sub_menu, 'w');
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i< $count_post_chk; $i++) {
 
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
-        if( ! $_POST['ca_id'][$k]) {
+        if( ! (isset($_POST['ca_id'][$k]) && $_POST['ca_id'][$k])) {
             alert("기본분류는 반드시 선택해야 합니다.");
         }
 
-        $p_ca_id = is_array($_POST['ca_id']) ? strip_tags($_POST['ca_id'][$k]) : '';
-        $p_ca_id2 = is_array($_POST['ca_id2']) ? strip_tags($_POST['ca_id2'][$k]) : '';
-        $p_ca_id3 = is_array($_POST['ca_id3']) ? strip_tags($_POST['ca_id3'][$k]) : '';
-        $p_it_name = is_array($_POST['it_name']) ? strip_tags(clean_xss_attributes($_POST['it_name'][$k])) : '';
-        $p_it_cust_price = is_array($_POST['it_cust_price']) ? strip_tags($_POST['it_cust_price'][$k]) : '';
-        $p_it_price = is_array($_POST['it_price']) ? strip_tags($_POST['it_price'][$k]) : '';
-        $p_it_stock_qty = is_array($_POST['it_stock_qty']) ? strip_tags($_POST['it_stock_qty'][$k]) : '';
-        $p_it_skin = is_array($_POST['it_skin']) ? strip_tags($_POST['it_skin'][$k]) : '';
-        $p_it_mobile_skin = is_array($_POST['it_mobile_skin']) ? strip_tags($_POST['it_mobile_skin'][$k]) : '';
-        $p_it_use = is_array($_POST['it_use']) ? strip_tags($_POST['it_use'][$k]) : '';
-        $p_it_soldout = is_array($_POST['it_soldout']) ? strip_tags($_POST['it_soldout'][$k]) : '';
-        $p_it_order = is_array($_POST['it_order']) ? strip_tags($_POST['it_order'][$k]) : '';
-        $p_it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
+        $p_ca_id = (isset($_POST['ca_id']) && is_array($_POST['ca_id'])) ? strip_tags($_POST['ca_id'][$k]) : '';
+        $p_ca_id2 = (isset($_POST['ca_id2']) && is_array($_POST['ca_id2'])) ? strip_tags($_POST['ca_id2'][$k]) : '';
+        $p_ca_id3 = (isset($_POST['ca_id3']) && is_array($_POST['ca_id3'])) ? strip_tags($_POST['ca_id3'][$k]) : '';
+        $p_it_name = (isset($_POST['it_name']) && is_array($_POST['it_name'])) ? strip_tags(clean_xss_attributes($_POST['it_name'][$k])) : '';
+        $p_it_cust_price = (isset($_POST['it_cust_price']) && is_array($_POST['it_cust_price'])) ? strip_tags($_POST['it_cust_price'][$k]) : '';
+        $p_it_price = (isset($_POST['it_price']) && is_array($_POST['it_price'])) ? strip_tags($_POST['it_price'][$k]) : '';
+        $p_it_stock_qty = (isset($_POST['it_stock_qty']) && is_array($_POST['it_stock_qty'])) ? strip_tags($_POST['it_stock_qty'][$k]) : '';
+        $p_it_skin = (isset($_POST['it_skin']) && is_array($_POST['it_skin'])) ? strip_tags($_POST['it_skin'][$k]) : '';
+        $p_it_mobile_skin = (isset($_POST['it_mobile_skin']) && is_array($_POST['it_mobile_skin'])) ? strip_tags($_POST['it_mobile_skin'][$k]) : '';
+        $p_it_use = (isset($_POST['it_use']) && is_array($_POST['it_use'])) ? strip_tags($_POST['it_use'][$k]) : '';
+        $p_it_soldout = (isset($_POST['it_soldout']) && is_array($_POST['it_soldout'])) ? strip_tags($_POST['it_soldout'][$k]) : '';
+        $p_it_order = (isset($_POST['it_order']) && is_array($_POST['it_order'])) ? strip_tags($_POST['it_order'][$k]) : '';
+        $p_it_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
 
         if ($is_admin != 'super') {     // 최고관리자가 아니면 체크
             $sql = "select a.it_id, b.ca_mb_id from {$g5['g5_shop_item_table']} a , {$g5['g5_shop_category_table']} b where (a.ca_id = b.ca_id) and a.it_id = '$p_it_id'";
@@ -66,25 +69,24 @@ if ($_POST['act_button'] == "선택수정") {
 
 		if( function_exists('shop_seo_title_update') ) shop_seo_title_update($p_it_id, true);
     }
-} else if ($_POST['act_button'] == "선택삭제") {
+} else if ($post_act_button == "선택삭제") {
 
     if ($is_admin != 'super')
         alert('상품 삭제는 최고관리자만 가능합니다.');
 
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
     // _ITEM_DELETE_ 상수를 선언해야 itemdelete.inc.php 가 정상 작동함
     define('_ITEM_DELETE_', true);
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$count_post_chk; $i++) {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
         // include 전에 $it_id 값을 반드시 넘겨야 함
-        $it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
+        $it_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
         include ('./itemdelete.inc.php');
     }
 }
 
-goto_url("./itemlist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
-?>
+goto_url("./itemlist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/itemoption.php b/adm/shop_admin/itemoption.php
index 69df38bcb..8b70c1601 100644
--- a/adm/shop_admin/itemoption.php
+++ b/adm/shop_admin/itemoption.php
@@ -3,24 +3,24 @@ include_once('./_common.php');
 
 $po_run = false;
 
-if($it['it_id']) {
+if(isset($it['it_id']) && $it['it_id']) {
     $opt_subject = explode(',', $it['it_option_subject']);
-    $opt1_subject = $opt_subject[0];
-    $opt2_subject = $opt_subject[1];
-    $opt3_subject = $opt_subject[2];
+    $opt1_subject = isset($opt_subject[0]) ? $opt_subject[0] : '';
+    $opt2_subject = isset($opt_subject[1]) ? $opt_subject[1] : '';
+    $opt3_subject = isset($opt_subject[2]) ? $opt_subject[2] : '';
 
     $sql = " select * from {$g5['g5_shop_item_option_table']} where io_type = '0' and it_id = '{$it['it_id']}' order by io_no asc ";
     $result = sql_query($sql);
     if(sql_num_rows($result))
         $po_run = true;
 } else if(!empty($_POST)) {
-    $opt1_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject'])));
-    $opt2_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject'])));
-    $opt3_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject'])));
+    $opt1_subject = isset($_POST['opt1_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject']))) : '';
+    $opt2_subject = isset($_POST['opt2_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject']))) : '';
+    $opt3_subject = isset($_POST['opt3_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject']))) : '';
 
-    $opt1_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1'])));
-    $opt2_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2'])));
-    $opt3_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3'])));
+    $opt1_val = isset($_POST['opt1']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1']))) : '';
+    $opt2_val = isset($_POST['opt2']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2']))) : '';
+    $opt3_val = isset($_POST['opt3']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3']))) : '';
 
     if(!$opt1_subject || !$opt1_val) {
         echo '옵션1과 옵션1 항목을 입력해 주십시오.';
@@ -68,13 +68,13 @@ if($po_run) {
     </thead>
     <tbody>
     <?php
-    if($it['it_id']) {
+    if(isset($it['it_id']) && $it['it_id']) {
         for($i=0; $row=sql_fetch_array($result); $i++) {
             $opt_id = $row['io_id'];
             $opt_val = explode(chr(30), $opt_id);
             $opt_1 = $opt_val[0];
-            $opt_2 = $opt_val[1];
-            $opt_3 = $opt_val[2];
+            $opt_2 = isset($opt_val[1]) ? $opt_val[1] : '';
+            $opt_3 = isset($opt_val[2]) ? $opt_val[2] : '';
             $opt_2_len = strlen($opt_2);
             $opt_3_len = strlen($opt_3);
             $opt_price = $row['io_price'];
@@ -112,14 +112,18 @@ if($po_run) {
     <?php
         } // for
     } else {
+        
+        $w = isset($_POST['w']) ? $_POST['w'] : '';
+        $post_it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
+
         for($i=0; $i<$opt1_count; $i++) {
             $j = 0;
             do {
                 $k = 0;
                 do {
-                    $opt_1 = strip_tags(trim($opt1[$i]));
-                    $opt_2 = strip_tags(trim($opt2[$j]));
-                    $opt_3 = strip_tags(trim($opt3[$k]));
+                    $opt_1 = isset($opt1[$i]) ? strip_tags(trim($opt1[$i])) : '';
+                    $opt_2 = isset($opt2[$j]) ? strip_tags(trim($opt2[$j])) : '';
+                    $opt_3 = isset($opt3[$k]) ? strip_tags(trim($opt3[$k])) : '';
 
                     $opt_2_len = strlen($opt_2);
                     $opt_3_len = strlen($opt_3);
@@ -135,10 +139,10 @@ if($po_run) {
                     $opt_use = 1;
 
                     // 기존에 설정된 값이 있는지 체크
-                    if($_POST['w'] == 'u') {
+                    if($w === 'u') {
                         $sql = " select io_price, io_stock_qty, io_noti_qty, io_use
                                     from {$g5['g5_shop_item_option_table']}
-                                    where it_id = '{$_POST['it_id']}'
+                                    where it_id = '{$post_it_id}'
                                       and io_id = '$opt_id'
                                       and io_type = '0' ";
                         $row = sql_fetch($sql);
@@ -216,5 +220,4 @@ if($po_run) {
     <button type="button" id="opt_value_apply" class="btn_frmline">일괄적용</button>
 </fieldset>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/shop_admin/itemqaform.php b/adm/shop_admin/itemqaform.php
index 0891294a8..6e655a46c 100644
--- a/adm/shop_admin/itemqaform.php
+++ b/adm/shop_admin/itemqaform.php
@@ -3,7 +3,7 @@ $sub_menu = '400660';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $sql = " select *
            from {$g5['g5_shop_item_qa_table']} a
@@ -92,5 +92,4 @@ function fitemqaform_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemqaformupdate.php b/adm/shop_admin/itemqaformupdate.php
index 2df1bc3e6..a23ded782 100644
--- a/adm/shop_admin/itemqaformupdate.php
+++ b/adm/shop_admin/itemqaformupdate.php
@@ -5,9 +5,9 @@ include_once('./_common.php');
 check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
@@ -84,5 +84,4 @@ if ($w == "u")
 }
 else {
     alert();
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/itemqalist.php b/adm/shop_admin/itemqalist.php
index f526c57f7..d1d14cfbb 100644
--- a/adm/shop_admin/itemqalist.php
+++ b/adm/shop_admin/itemqalist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400660';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '상품문의';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -204,5 +204,4 @@ $(function(){
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemqalistupdate.php b/adm/shop_admin/itemqalistupdate.php
index 9b129e09e..247d7dab9 100644
--- a/adm/shop_admin/itemqalistupdate.php
+++ b/adm/shop_admin/itemqalistupdate.php
@@ -6,23 +6,24 @@ check_demo();
 
 check_admin_token();
 
-if (!count($_POST['chk'])) {
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+
+if (! $count_post_chk) {
     alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
 }
 
 if ($_POST['act_button'] == "선택삭제") {
 
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$count_post_chk; $i++) {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $iiq_id = (int) $_POST['iq_id'][$k];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+        $iiq_id = isset($_POST['iq_id'][$i]) ? (int) $_POST['iq_id'][$k] : 0;
 
         $sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$iiq_id}' ";
         sql_query($sql);
     }
 }
 
-goto_url("./itemqalist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
-?>
+goto_url("./itemqalist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/itemsellrank.php b/adm/shop_admin/itemsellrank.php
index 5476f1d5a..d9522381d 100644
--- a/adm/shop_admin/itemsellrank.php
+++ b/adm/shop_admin/itemsellrank.php
@@ -2,23 +2,20 @@
 $sub_menu = '500100';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '상품판매순위';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
-if (!$to_date) $to_date = date("Ymd", time());
+$fr_date = (isset($_GET['fr_date']) && preg_match("/[0-9]/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
+$to_date = (isset($_GET['to_date']) && preg_match("/[0-9]/", $_GET['to_date'])) ? $_GET['to_date'] : date("Ymd", time());
 
-if ($sort1 == "") $sort1 = "ct_status_sum";
-if (!in_array($sort1, array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) $sort1 = "ct_status_sum";
-if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) ? $_GET['sort1'] : 'ct_status_sum';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
 
-$doc = strip_tags($doc);
-$sort1 = strip_tags($sort1);
-
-if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
-if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
+$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
 
 $sql  = " select a.it_id,
                  b.*,
@@ -179,5 +176,4 @@ $(function() {
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemstocklist.php b/adm/shop_admin/itemstocklist.php
index 131af1e2f..8f3aeb43b 100644
--- a/adm/shop_admin/itemstocklist.php
+++ b/adm/shop_admin/itemstocklist.php
@@ -2,14 +2,14 @@
 $sub_menu = '400620';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$doc = strip_tags($doc);
-$sort1 = in_array($sort1, array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms')) ? $sort1 : '';
-$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
-$sel_ca_id = get_search_string($sel_ca_id);
-$sel_field = get_search_string($sel_field);
-$search = get_search_string($search);
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms'))) ? $_GET['sort1'] : '';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
+$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms')) ) ? $_GET['sel_field'] : '';
+$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
+$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
 
 $g5['title'] = '상품재고관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -48,7 +48,8 @@ $sql  = " select it_id,
                  it_stock_qty,
                  it_stock_sms,
                  it_noti_qty,
-                 it_soldout
+                 it_soldout,
+                 ca_id
            $sql_common
           order by $sort1 $sort2
           limit $from_record, $rows ";
@@ -213,5 +214,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemstocklistupdate.php b/adm/shop_admin/itemstocklistupdate.php
index 84da671ca..4da745435 100644
--- a/adm/shop_admin/itemstocklistupdate.php
+++ b/adm/shop_admin/itemstocklistupdate.php
@@ -4,22 +4,36 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_ca_id = isset($_REQUEST['sel_ca_id']) ? clean_xss_tags($_REQUEST['sel_ca_id'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+
 // 재고 일괄수정
-for ($i=0; $i<count($_POST['it_id']); $i++)
+for ($i=0; $i<$count_post_it_id; $i++)
 {
+    $it_stock_qty = isset($_POST['it_stock_qty'][$i]) ? (int) $_POST['it_stock_qty'][$i] : 0;
+    $it_noti_qty = isset($_POST['it_noti_qty'][$i]) ? (int) $_POST['it_noti_qty'][$i] : 0;
+    $it_use = isset($_POST['it_use'][$i]) ? (int) $_POST['it_use'][$i] : 0;
+    $it_soldout = isset($_POST['it_soldout'][$i]) ? (int) $_POST['it_soldout'][$i] : 0;
+    $it_stock_sms = isset($_POST['it_stock_sms'][$i]) ? (int) $_POST['it_stock_sms'][$i] : 0;
+    $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+
     $sql = "update {$g5['g5_shop_item_table']}
-               set it_stock_qty    = '".sql_real_escape_string($_POST['it_stock_qty'][$i])."',
-                   it_noti_qty     = '".sql_real_escape_string($_POST['it_noti_qty'][$i])."',
-                   it_use          = '".sql_real_escape_string($_POST['it_use'][$i])."',
-                   it_soldout      = '".sql_real_escape_string($_POST['it_soldout'][$i])."',
-                   it_stock_sms    = '".sql_real_escape_string($_POST['it_stock_sms'][$i])."'
-             where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
+               set it_stock_qty    = '".$it_stock_qty."',
+                   it_noti_qty     = '".$it_noti_qty."',
+                   it_use          = '".$it_use."',
+                   it_soldout      = '".$it_soldout."',
+                   it_stock_sms    = '".$it_stock_sms."'
+             where it_id = '".$it_id."' ";
     sql_query($sql);
 }
 
-goto_url("./itemstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
-?>
+goto_url("./itemstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/itemstocksms.php b/adm/shop_admin/itemstocksms.php
index 21e620ba4..0a3d54474 100644
--- a/adm/shop_admin/itemstocksms.php
+++ b/adm/shop_admin/itemstocksms.php
@@ -2,7 +2,7 @@
 $sub_menu = '500400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '재입고SMS 알림';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -24,15 +24,11 @@ if(!sql_query(" select ss_id from {$g5['g5_shop_item_stocksms_table']} limit 1",
                 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 ", true);
 }
 
-$doc = strip_tags($doc);
-$sort1 = strip_tags($sort1);
-$sel_field = strip_tags($sel_field);
-$search = get_search_string($search);
-
-$sel_field = in_array($sel_field, array('it_id', 'ss_hp', 'ss_send')) ? $sel_field : 'it_id';
-if ($sort1 == "") $sort1 = "ss_send";
-if (!in_array($sort1, array('it_id', 'ss_hp', 'ss_send', 'ss_send_time', 'ss_datetime'))) $sort1 = "ss_send";
-if ($sort2 == "" || $sort2 != "desc") $sort2 = "asc";
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('it_id', 'ss_hp', 'ss_send', 'ss_send_time', 'ss_datetime'))) ? $_GET['sort1'] : 'ss_send';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'asc';
+$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('it_id', 'ss_hp', 'ss_send')) ) ? $_GET['sel_field'] : 'it_id';
+$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
 
 $sql_search = " where 1 ";
 if ($search != "") {
@@ -185,5 +181,4 @@ function fitemstocksms_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemstocksmsupdate.php b/adm/shop_admin/itemstocksmsupdate.php
index 60b4acee1..27cbde6d9 100644
--- a/adm/shop_admin/itemstocksmsupdate.php
+++ b/adm/shop_admin/itemstocksmsupdate.php
@@ -6,25 +6,27 @@ check_demo();
 
 check_admin_token();
 
-if (!count($_POST['chk'])) {
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+
+if (! $count_post_chk) {
     alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
 }
 
 if ($_POST['act_button'] == "선택SMS전송") {
 
-    auth_check($auth[$sub_menu], 'w');
+    auth_check_menu($auth, $sub_menu, 'w');
 
     $sms_messages = array();
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$count_post_chk; $i++) {
 
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $sss_id = (int) $_POST['ss_id'][$k];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+        $ss_id = isset($_POST['ss_id'][$k]) ? (int) $_POST['ss_id'][$k] : 0;
 
         $sql = " select a.ss_id, a.ss_hp, a.ss_send, b.it_id, b.it_name
                     from {$g5['g5_shop_item_stocksms_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )
-                    where a.ss_id = '$sss_id' ";
+                    where a.ss_id = '$ss_id' ";
         $row = sql_fetch($sql);
 
         if(!$row['ss_id'] || !$row['it_id'] || $row['ss_send'])
@@ -44,7 +46,7 @@ if ($_POST['act_button'] == "선택SMS전송") {
         $sql = " update {$g5['g5_shop_item_stocksms_table']}
                     set ss_send = '1',
                         ss_send_time = '".G5_TIME_YMDHIS."'
-                    where ss_id = '{$sss_id}' ";
+                    where ss_id = '{$ss_id}' ";
         sql_query($sql);
     }
 
@@ -101,14 +103,14 @@ if ($_POST['act_button'] == "선택SMS전송") {
     if ($is_admin != 'super')
         alert('자료의 삭제는 최고관리자만 가능합니다.');
 
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
-    for ($i=0; $i<count($_POST['chk']); $i++) {
+    for ($i=0; $i<$count_post_chk; $i++) {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $sss_id = (int) $_POST['ss_id'][$k];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+        $ss_id = isset($_POST['ss_id'][$k]) ? (int) $_POST['ss_id'][$k] : 0;
 
-        $sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$sss_id}' ";
+        $sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$ss_id}' ";
         sql_query($sql);
     }
 }
@@ -117,5 +119,4 @@ if ($_POST['act_button'] == "선택SMS전송") {
 $qstr1 = 'sel_field='.$sel_field.'&amp;search='.$search;
 $qstr = $qstr1.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;page='.$page;
 
-goto_url('./itemstocksms.php?'.$qstr);
-?>
+goto_url('./itemstocksms.php?'.$qstr);
\ No newline at end of file
diff --git a/adm/shop_admin/itemsupply.php b/adm/shop_admin/itemsupply.php
index 739105ee2..7abd56334 100644
--- a/adm/shop_admin/itemsupply.php
+++ b/adm/shop_admin/itemsupply.php
@@ -2,15 +2,16 @@
 include_once('./_common.php');
 
 $ps_run = false;
+$post_it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
 
-if($it['it_id']) {
+if(isset($it['it_id']) && $it['it_id']) {
     $sql = " select * from {$g5['g5_shop_item_option_table']} where io_type = '1' and it_id = '{$it['it_id']}' order by io_no asc ";
     $result = sql_query($sql);
     if(sql_num_rows($result))
         $ps_run = true;
 } else if(!empty($_POST)) {
-    $subject_count = count($_POST['subject']);
-    $supply_count = count($_POST['supply']);
+    $subject_count = (isset($_POST['subject']) && is_array($_POST['subject'])) ? count($_POST['subject']) : 0;
+    $supply_count = (isset($_POST['supply']) && is_array($_POST['supply'])) ? count($_POST['supply']) : 0;
 
     if(!$subject_count || !$supply_count) {
         echo '추가옵션명과 추가옵션항목을 입력해 주십시오.';
@@ -41,7 +42,7 @@ if($ps_run) {
     </thead>
     <tbody>
     <?php
-    if($it['it_id']) {
+    if(isset($it['it_id']) && $it['it_id']) {
         for($i=0; $row=sql_fetch_array($result); $i++) {
             $spl_id = $row['io_id'];
             $spl_val = explode(chr(30), $spl_id);
@@ -84,12 +85,12 @@ if($ps_run) {
         } // for
     } else {
         for($i=0; $i<$subject_count; $i++) {
-            $spl_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i])));
-            $spl_val = explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i]))));
+            $spl_subject = isset($_POST['subject'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i]))) : '';
+            $spl_val = isset($_POST['supply'][$i]) ? explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i])))) : '';
             $spl_count = count($spl_val);
 
             for($j=0; $j<$spl_count; $j++) {
-                $spl = strip_tags(trim($spl_val[$j]));
+                $spl = isset($spl_val[$j]) ? strip_tags(trim($spl_val[$j])) : '';
                 if($spl_subject && strlen($spl)) {
                     $spl_id = $spl_subject.chr(30).$spl;
                     $spl_price = 0;
@@ -98,10 +99,10 @@ if($ps_run) {
                     $spl_use = 1;
 
                     // 기존에 설정된 값이 있는지 체크
-                    if($_POST['w'] == 'u') {
+                    if(isset($_POST['w']) && $_POST['w'] === 'u') {
                         $sql = " select io_price, io_stock_qty, io_noti_qty, io_use
                                     from {$g5['g5_shop_item_option_table']}
-                                    where it_id = '{$_POST['it_id']}'
+                                    where it_id = '{$post_it_id}'
                                       and io_id = '$spl_id'
                                       and io_type = '1' ";
                         $row = sql_fetch($sql);
@@ -176,5 +177,4 @@ if($ps_run) {
     <button type="button" id="spl_value_apply" class="btn_frmline">일괄적용</button>
 </fieldset>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/shop_admin/itemtypelist.php b/adm/shop_admin/itemtypelist.php
index 7e87078e4..7317e141d 100644
--- a/adm/shop_admin/itemtypelist.php
+++ b/adm/shop_admin/itemtypelist.php
@@ -2,9 +2,10 @@
 $sub_menu = '400610';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$doc = strip_tags($doc);
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sfl = in_array($sfl, array('it_name', 'it_id')) ? $sfl : '';
 
 $g5['title'] = '상품유형관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -66,7 +67,8 @@ $sql  = " select it_id,
                  it_type2,
                  it_type3,
                  it_type4,
-                 it_type5
+                 it_type5,
+                 ca_id
           $sql_common
           $sql_order
           limit $from_record, $rows ";
@@ -190,5 +192,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemtypelistupdate.php b/adm/shop_admin/itemtypelistupdate.php
index 2946077eb..6a68a54d7 100644
--- a/adm/shop_admin/itemtypelistupdate.php
+++ b/adm/shop_admin/itemtypelistupdate.php
@@ -4,22 +4,30 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
-for ($i=0; $i<count($_POST['it_id']); $i++)
+$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
+for ($i=0; $i<$count_post_it_id; $i++)
 {
+    $it_type1 = isset($_POST['it_type1'][$i]) ? (int) $_POST['it_type1'][$i] : 0;
+    $it_type2 = isset($_POST['it_type2'][$i]) ? (int) $_POST['it_type2'][$i] : 0;
+    $it_type3 = isset($_POST['it_type3'][$i]) ? (int) $_POST['it_type3'][$i] : 0;
+    $it_type4 = isset($_POST['it_type4'][$i]) ? (int) $_POST['it_type4'][$i] : 0;
+    $it_type5 = isset($_POST['it_type5'][$i]) ? (int) $_POST['it_type5'][$i] : 0;
+
+    $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+
     $sql = "update {$g5['g5_shop_item_table']}
-               set it_type1 = '".sql_real_escape_string($_POST['it_type1'][$i])."',
-                   it_type2 = '".sql_real_escape_string($_POST['it_type2'][$i])."',
-                   it_type3 = '".sql_real_escape_string($_POST['it_type3'][$i])."',
-                   it_type4 = '".sql_real_escape_string($_POST['it_type4'][$i])."',
-                   it_type5 = '".sql_real_escape_string($_POST['it_type5'][$i])."'
-             where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
+               set it_type1 = '".$it_type1."',
+                   it_type2 = '".$it_type2."',
+                   it_type3 = '".$it_type3."',
+                   it_type4 = '".$it_type4."',
+                   it_type5 = '".$it_type5."'
+             where it_id = '".$it_id."' ";
     sql_query($sql);
 }
 
-//goto_url("./itemtypelist.php?sort1=$sort&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
-goto_url("itemtypelist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
-?>
+goto_url("itemtypelist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/itemuseform.php b/adm/shop_admin/itemuseform.php
index ce879271a..494e6645a 100644
--- a/adm/shop_admin/itemuseform.php
+++ b/adm/shop_admin/itemuseform.php
@@ -3,9 +3,9 @@ $sub_menu = '400650';
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
-$is_id = preg_replace('/[^0-9]/', '', $is_id);
+$is_id = isset($_GET['is_id']) ? preg_replace('/[^0-9]/', '', $_GET['is_id']) : 0;
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $sql = " select *
            from {$g5['g5_shop_item_use_table']} a
@@ -117,5 +117,4 @@ function fitemuseform_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemuseformupdate.php b/adm/shop_admin/itemuseformupdate.php
index 7d86fb773..c4ebc34f6 100644
--- a/adm/shop_admin/itemuseformupdate.php
+++ b/adm/shop_admin/itemuseformupdate.php
@@ -5,31 +5,39 @@ include_once('./_common.php');
 check_demo();
 
 if ($w == 'd')
-    auth_check($auth[$sub_menu], "d");
+    auth_check_menu($auth, $sub_menu, "d");
 else
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$posts = array();
+$check_keys = array('is_subject', 'is_content', 'is_confirm', 'is_reply_subject', 'is_reply_content', 'is_id');
+
+foreach($check_keys as $key){
+    $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+}
+
 if ($w == "u")
 {
     $sql = "update {$g5['g5_shop_item_use_table']}
-               set is_subject = '$is_subject',
-                   is_content = '$is_content',
-                   is_confirm = '$is_confirm',
-                   is_reply_subject = '$is_reply_subject',
-                   is_reply_content = '$is_reply_content',
+               set is_subject = '".$posts['is_subject']."',
+                   is_content = '".$posts['is_content']."',
+                   is_confirm = '".$posts['is_confirm']."',
+                   is_reply_subject = '".$posts['is_reply_subject']."',
+                   is_reply_content = '".$posts['is_reply_content']."',
                    is_reply_name = '".$member['mb_nick']."'
-             where is_id = '$is_id' ";
+             where is_id = '".$posts['is_id']."'";
     sql_query($sql);
 
-    update_use_cnt($_POST['it_id']);
-    update_use_avg($_POST['it_id']);
+    if( isset($_POST['it_id']) ) {
+        update_use_cnt($_POST['it_id']);
+        update_use_avg($_POST['it_id']);
+    }
 
     goto_url("./itemuseform.php?w=$w&amp;is_id=$is_id&amp;sca=$sca&amp;$qstr");
 }
 else
 {
     alert();
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/itemuselist.php b/adm/shop_admin/itemuselist.php
index 2a4cd79a3..989af468d 100644
--- a/adm/shop_admin/itemuselist.php
+++ b/adm/shop_admin/itemuselist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400650';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '사용후기';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -213,5 +213,4 @@ $(function(){
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/itemuselistupdate.php b/adm/shop_admin/itemuselistupdate.php
index b35a2e840..df911beee 100644
--- a/adm/shop_admin/itemuselistupdate.php
+++ b/adm/shop_admin/itemuselistupdate.php
@@ -6,21 +6,23 @@ check_demo();
 
 check_admin_token();
 
-if (!count($_POST['chk'])) {
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+
+if (! $count_post_chk) {
     alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
 }
 
-if ($_POST['act_button'] == "선택수정") {
-    auth_check($auth[$sub_menu], 'w');
-} else if ($_POST['act_button'] == "선택삭제") {
-    auth_check($auth[$sub_menu], 'd');
+if ($_POST['act_button'] === "선택수정") {
+    auth_check_menu($auth, $sub_menu, 'w');
+} else if ($_POST['act_button'] === "선택삭제") {
+    auth_check_menu($auth, $sub_menu, 'd');
 } else {
     alert("선택수정이나 선택삭제 작업이 아닙니다.");
 }
 
-for ($i=0; $i<count($_POST['chk']); $i++)
+for ($i=0; $i<$count_post_chk; $i++)
 {
-    $k = $_POST['chk'][$i]; // 실제 번호를 넘김
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0; // 실제 번호를 넘김
     $iit_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
     $iis_id = isset($_POST['is_id'][$k]) ? (int) $_POST['is_id'][$k] : 0;
     $iis_score = isset($_POST['is_score'][$k]) ? (int) $_POST['is_score'][$k] : 0;
@@ -46,5 +48,4 @@ for ($i=0; $i<count($_POST['chk']); $i++)
     }
 }
 
-goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
-?>
+goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/optionstocklist.php b/adm/shop_admin/optionstocklist.php
index 1cb8a0884..a86af50b4 100644
--- a/adm/shop_admin/optionstocklist.php
+++ b/adm/shop_admin/optionstocklist.php
@@ -2,14 +2,14 @@
 $sub_menu = '400500';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$doc = strip_tags($doc);
-$sort1 = strip_tags($sort1);
-$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
-$sel_ca_id = get_search_string($sel_ca_id);
-$sel_field = get_search_string($sel_field);
-$search = get_search_string($search);
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('b.it_name', 'a.io_stock_qty', 'a.io_use'))) ? $_GET['sort1'] : '';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'asc';
+$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
+$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('b.it_name', 'a.it_id')) ) ? $_GET['sel_field'] : '';
+$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
 
 $g5['title'] = '상품옵션재고관리';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -50,7 +50,8 @@ $sql  = " select a.it_id,
                  a.io_noti_qty,
                  a.io_use,
                  b.it_name,
-                 b.it_option_subject
+                 b.it_option_subject,
+                 b.ca_id
            $sql_common
           order by $sort1 $sort2
           limit $from_record, $rows ";
@@ -227,5 +228,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/optionstocklistupdate.php b/adm/shop_admin/optionstocklistupdate.php
index c6ea9c1a4..3c146dc6a 100644
--- a/adm/shop_admin/optionstocklistupdate.php
+++ b/adm/shop_admin/optionstocklistupdate.php
@@ -4,22 +4,36 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+$sel_ca_id = isset($_REQUEST['sel_ca_id']) ? clean_xss_tags($_REQUEST['sel_ca_id'], 1, 1) : '';
+
 // 재고 일괄수정
-for ($i=0; $i<count($_POST['it_id']); $i++)
+for ($i=0; $i<$count_post_it_id; $i++)
 {
+    $it_stock_qty = isset($_POST['it_stock_qty'][$i]) ? (int) $_POST['it_stock_qty'][$i] : 0;
+    $it_noti_qty = isset($_POST['it_noti_qty'][$i]) ? (int) $_POST['it_noti_qty'][$i] : 0;
+    $it_use = isset($_POST['it_use'][$i]) ? (int) $_POST['it_use'][$i] : 0;
+    $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+    $io_id = isset($_POST['io_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$i]) : '';
+    $io_type = isset($_POST['io_type'][$i]) ? (int) $_POST['io_type'][$i] : 0;
+
     $sql = "update {$g5['g5_shop_item_option_table']}
-               set io_stock_qty    = '".sql_real_escape_string($_POST['io_stock_qty'][$i])."',
-                   io_noti_qty     = '".sql_real_escape_string($_POST['io_noti_qty'][$i])."',
-                   io_use = '".sql_real_escape_string($_POST['io_use'][$i])."'
-             where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."'
-               and io_id = '".sql_real_escape_string($_POST['io_id'][$i])."'
-               and io_type = '".sql_real_escape_string($_POST['io_type'][$i])."' ";
+               set io_stock_qty    = '".$it_stock_qty."',
+                   io_noti_qty     = '".$it_noti_qty."',
+                   io_use = '".$it_use."'
+             where it_id = '".$it_id."'
+               and io_id = '".sql_real_escape_string($io_id)."'
+               and io_type = '".$io_type."' ";
     sql_query($sql);
 }
 
-goto_url("./optionstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
-?>
+goto_url("./optionstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
\ No newline at end of file
diff --git a/adm/shop_admin/orderdelivery.php b/adm/shop_admin/orderdelivery.php
index 5ae0289e5..178a0996a 100644
--- a/adm/shop_admin/orderdelivery.php
+++ b/adm/shop_admin/orderdelivery.php
@@ -2,7 +2,7 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = '엑셀 배송일괄처리';
 include_once(G5_PATH.'/head.sub.php');
@@ -51,5 +51,4 @@ include_once(G5_PATH.'/head.sub.php');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderdeliveryexcel.php b/adm/shop_admin/orderdeliveryexcel.php
index 7cd027287..dcb3d37a4 100644
--- a/adm/shop_admin/orderdeliveryexcel.php
+++ b/adm/shop_admin/orderdeliveryexcel.php
@@ -2,7 +2,7 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 // 주문정보
 $sql = " select *
@@ -15,7 +15,11 @@ $result = sql_query($sql);
 if(!@sql_num_rows($result))
     alert_close('배송처리할 주문 내역이 없습니다.');
 
-function column_char($i) { return chr( 65 + $i ); }
+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}
 
 if (phpversion() >= '5.2.0') {
     include_once(G5_LIB_PATH.'/PHPExcel.php');
@@ -24,6 +28,7 @@ if (phpversion() >= '5.2.0') {
     $widths  = array(18, 15, 15, 15, 15, 15, 15, 50, 20, 20);
     $header_bgcolor = 'FFABCDEF';
     $last_char = column_char(count($headers) - 1);
+    $rows = array();
 
     for($i=1; $row=sql_fetch_array($result); $i++) {
         $rows[] = 
@@ -96,5 +101,4 @@ if (phpversion() >= '5.2.0') {
     $fh=fopen($fname, "rb");
     fpassthru($fh);
     unlink($fname);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/shop_admin/orderdeliveryupdate.php b/adm/shop_admin/orderdeliveryupdate.php
index e1ddad45b..3030de506 100644
--- a/adm/shop_admin/orderdeliveryupdate.php
+++ b/adm/shop_admin/orderdeliveryupdate.php
@@ -4,67 +4,23 @@ include_once('./_common.php');
 include_once('./admin.shop.lib.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 define("_ORDERMAIL_", true);
 
 $sms_count = 0;
 $sms_messages = array();
 
-if($_FILES['excelfile']['tmp_name']) {
+if(isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) {
     $file = $_FILES['excelfile']['tmp_name'];
 
-    include_once(G5_LIB_PATH.'/Excel/reader.php');
+    include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
 
-    $data = new Spreadsheet_Excel_Reader();
+    $objPHPExcel = PHPExcel_IOFactory::load($file);
+    $sheet = $objPHPExcel->getSheet(0);
 
-    // Set output Encoding.
-    $data->setOutputEncoding('UTF-8');
-
-    /***
-    * if you want you can change 'iconv' to mb_convert_encoding:
-    * $data->setUTFEncoder('mb');
-    *
-    **/
-
-    /***
-    * By default rows & cols indeces start with 1
-    * For change initial index use:
-    * $data->setRowColOffset(0);
-    *
-    **/
-
-
-
-    /***
-    *  Some function for formatting output.
-    * $data->setDefaultFormat('%.2f');
-    * setDefaultFormat - set format for columns with unknown formatting
-    *
-    * $data->setColumnFormat(4, '%.3f');
-    * setColumnFormat - set format for column (apply only to number fields)
-    *
-    **/
-
-    $data->read($file);
-
-    /*
-
-
-     $data->sheets[0]['numRows'] - count rows
-     $data->sheets[0]['numCols'] - count columns
-     $data->sheets[0]['cells'][$i][$j] - data from $i-row $j-column
-
-     $data->sheets[0]['cellsInfo'][$i][$j] - extended info about cell
-
-        $data->sheets[0]['cellsInfo'][$i][$j]['type'] = "date" | "number" | "unknown"
-            if 'type' == "unknown" - use 'raw' value, because  cell contain value with format '0.00';
-        $data->sheets[0]['cellsInfo'][$i][$j]['raw'] = value if cell without format
-        $data->sheets[0]['cellsInfo'][$i][$j]['colspan']
-        $data->sheets[0]['cellsInfo'][$i][$j]['rowspan']
-    */
-
-    error_reporting(E_ALL ^ E_NOTICE);
+    $num_rows = $sheet->getHighestRow();
+    $highestColumn = $sheet->getHighestColumn();
 
     $fail_od_id = array();
     $total_count = 0;
@@ -72,12 +28,17 @@ if($_FILES['excelfile']['tmp_name']) {
     $succ_count = 0;
 
     // $i 사용시 ordermail.inc.php의 $i 때문에 무한루프에 빠짐
-    for ($k = 2; $k <= $data->sheets[0]['numRows']; $k++) {
+    for ($k = 2; $k <= $num_rows; $k++) {
         $total_count++;
 
-        $od_id               = addslashes(trim($data->sheets[0]['cells'][$k][1]));
-        $od_delivery_company = addslashes($data->sheets[0]['cells'][$k][9]);
-        $od_invoice          = addslashes($data->sheets[0]['cells'][$k][10]);
+        $rowData = $sheet->rangeToArray('A' . $k . ':' . $highestColumn . $k,
+                                            NULL,
+                                            TRUE,
+                                            FALSE);
+
+        $od_id               = isset($rowData[0][0]) ? addslashes(trim($rowData[0][0])) : '';
+        $od_delivery_company = isset($rowData[0][8]) ? addslashes($rowData[0][8]) : '';
+        $od_invoice          = isset($rowData[0][9]) ? addslashes($rowData[0][9]) : '';
 
         if(!$od_id || !$od_delivery_company || !$od_invoice) {
             $fail_count++;
@@ -108,9 +69,13 @@ if($_FILES['excelfile']['tmp_name']) {
         change_status($od_id, '준비', '배송');
 
         $succ_count++;
+        
+        $send_sms = isset($_POST['send_sms']) ? clean_xss_tags($_POST['send_sms'], 1, 1) : '';
+        $od_send_mail = isset($_POST['od_send_mail']) ? clean_xss_tags($_POST['od_send_mail'], 1, 1) : '';
+        $send_escrow = isset($_POST['send_escrow']) ? clean_xss_tags($_POST['send_escrow'], 1, 1) : '';
 
         // SMS
-        if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use5']) {
+        if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use5']) {
             $sms_contents = conv_sms_contents($od_id, $default['de_sms_cont5']);
             if($sms_contents) {
                 $receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']);	// 수신자번호
@@ -122,11 +87,11 @@ if($_FILES['excelfile']['tmp_name']) {
         }
 
         // 메일
-        if($config['cf_email_use'] && $_POST['od_send_mail'])
+        if($config['cf_email_use'] && $od_send_mail)
             include './ordermail.inc.php';
 
         // 에스크로 배송
-        if($_POST['send_escrow'] && $od['od_tno'] && $od['od_escrow']) {
+        if($send_escrow && $od['od_tno'] && $od['od_escrow']) {
             $escrow_tno  = $od['od_tno'];
             $escrow_numb = $od_invoice;
             $escrow_corp = $od_delivery_company;
@@ -216,5 +181,4 @@ include_once(G5_PATH.'/head.sub.php');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderform.php b/adm/shop_admin/orderform.php
index ec2a598e3..6d4637e80 100644
--- a/adm/shop_admin/orderform.php
+++ b/adm/shop_admin/orderform.php
@@ -5,11 +5,27 @@ include_once('./_common.php');
 $cart_title3 = '주문번호';
 $cart_title4 = '배송완료';
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = "주문 내역 수정";
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : '';
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : '';
+$od_status = isset($_REQUEST['od_status']) ? clean_xss_tags($_REQUEST['od_status'], 1, 1) : '';
+$od_settle_case = isset($_REQUEST['od_settle_case']) ? clean_xss_tags($_REQUEST['od_settle_case'], 1, 1) : '';
+$od_misu = isset($_REQUEST['od_misu']) ? clean_xss_tags($_REQUEST['od_misu'], 1, 1) : '';
+$od_cancel_price = isset($_REQUEST['od_cancel_price']) ? clean_xss_tags($_REQUEST['od_cancel_price'], 1, 1) : '';
+$od_refund_price = isset($_REQUEST['od_refund_price']) ? clean_xss_tags($_REQUEST['od_refund_price'], 1, 1) : '';
+$od_receipt_point = isset($_REQUEST['od_receipt_point']) ? clean_xss_tags($_REQUEST['od_receipt_point'], 1, 1) : '';
+$od_coupon = isset($_REQUEST['od_coupon']) ? clean_xss_tags($_REQUEST['od_coupon'], 1, 1) : '';
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
+$od_escrow = isset($_REQUEST['od_escrow']) ? clean_xss_tags($_REQUEST['od_escrow'], 1, 1) : ''; 
+
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
 
 // 완료된 주문에 포인트를 적립한다.
 save_order_point("완료");
@@ -281,7 +297,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
 <?php if($od['od_pg'] === 'inicis' && !$od['od_test']) {
     $sql = "select P_TID from {$g5['g5_shop_inicis_log_table']} where oid = '$od_id' and P_STATUS = 'cancel' ";
     $tmp_row = sql_fetch($sql);
-    if($tmp_row['P_TID']){
+    if(isset($tmp_row['P_TID']) && $tmp_row['P_TID']){
 ?>
 <div class="od_test_caution">주의) 이 주문은 결제취소된 내역이 있습니다. 이니시스 관리자 상점에서 반드시 재확인을 해 주세요.</div>
 <?php 
@@ -645,7 +661,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
                 {
                     // 은행계좌를 배열로 만든후
                     $str = explode("\n", $default['de_bank_account']);
-                    $bank_account .= '<select name="od_bank_account" id="od_bank_account">'.PHP_EOL;
+                    $bank_account = '<select name="od_bank_account" id="od_bank_account">'.PHP_EOL;
                     $bank_account .= '<option value="">선택하십시오</option>'.PHP_EOL;
                     for ($i=0; $i<count($str); $i++) {
                         $str[$i] = str_replace("\r", "", $str[$i]);
@@ -1062,8 +1078,8 @@ function form_submit(f)
     <?php if($od['od_settle_case'] == '신용카드' || $od['od_settle_case'] == 'KAKAOPAY' || $od['od_settle_case'] == '간편결제' || ($od['od_pg'] == 'inicis' && is_inicis_order_pay($od['od_settle_case']) )) { ?>
     if(status == "취소" || status == "반품" || status == "품절") {
         var $ct_chk = $("input[name^=ct_chk]");
-        var chk_cnt = $ct_chk.size();
-        var chked_cnt = $ct_chk.filter(":checked").size();
+        var chk_cnt = $ct_chk.length;
+        var chked_cnt = $ct_chk.filter(":checked").length;
         <?php if($od['od_pg'] == 'KAKAOPAY') { ?>
         var cancel_pg = "카카오페이";
         <?php } else { ?>
@@ -1124,5 +1140,4 @@ function chk_receipt_price()
 </script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderformcartupdate.php b/adm/shop_admin/orderformcartupdate.php
index d6b3e14fd..f2a6d90dc 100644
--- a/adm/shop_admin/orderformcartupdate.php
+++ b/adm/shop_admin/orderformcartupdate.php
@@ -2,11 +2,11 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
-$ct_chk_count = count($_POST['ct_chk']);
+$ct_chk_count = isset($_POST['ct_chk']) ? count($_POST['ct_chk']) : 0;
 if(!$ct_chk_count)
     alert('처리할 자료를 하나 이상 선택해 주십시오.');
 
@@ -19,14 +19,19 @@ if (in_array($_POST['ct_status'], $status_normal) || in_array($_POST['ct_status'
     alert('변경할 상태가 올바르지 않습니다.');
 }
 
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+
 $mod_history = '';
-$cnt = count($_POST['ct_id']);
+$cnt = (isset($_POST['ct_id']) && is_array($_POST['ct_id'])) ? count($_POST['ct_id']) : 0;
 $arr_it_id = array();
 
 for ($i=0; $i<$cnt; $i++)
 {
-    $k = $_POST['ct_chk'][$i];
-    $ct_id = $_POST['ct_id'][$k];
+    $k = isset($_POST['ct_chk'][$i]) ? (int) $_POST['ct_chk'][$i] : 0;
+    $ct_id = isset($_POST['ct_id'][$k]) ? (int) $_POST['ct_id'][$k] : 0;
 
     if(!$ct_id)
         continue;
@@ -37,7 +42,7 @@ for ($i=0; $i<$cnt; $i++)
         continue;
 
     // 수량이 변경됐다면
-    $ct_qty = $_POST['ct_qty'][$k];
+    $ct_qty = isset($_POST['ct_qty'][$k]) ? (int) $_POST['ct_qty'][$k] : 0;
     if($ct['ct_qty'] != $ct_qty) {
         $diff_qty = $ct['ct_qty'] - $ct_qty;
 
@@ -273,7 +278,8 @@ if (in_array($_POST['ct_status'], $status_cancel)) {
                         $c_PayPlus = new C_PP_CLI_T;
 
                         $c_PayPlus->mf_clear();
-
+                        
+                        $ordr_idxx = $od['od_id'];
                         $tno = $od['od_tno'];
                         $tran_cd = '00200000';
                         $cancel_msg = iconv_euckr('쇼핑몰 운영자 승인 취소');
@@ -344,7 +350,7 @@ if ($mod_history) { // 주문변경 히스토리 기록
 if($cancel_change) {
     $sql .= " , od_status = '취소' "; // 주문상품 모두 취소, 반품, 품절이면 주문 취소
 } else {
-    if (in_array($_POST['ct_status'], $status_normal)) { // 정상인 주문상태만 기록
+    if (isset($_POST['ct_status']) && in_array($_POST['ct_status'], $status_normal)) { // 정상인 주문상태만 기록
         $sql .= " , od_status = '{$_POST['ct_status']}' ";
     }
 }
@@ -366,5 +372,4 @@ if($pg_cancel == 1 && $pg_res_cd && $pg_res_msg) {
         alert("포인트로 결제한 주문은,\\n\\n주문상태 변경으로 인해 포인트의 가감이 발생하는 경우\\n\\n회원관리 > 포인트관리에서 수작업으로 포인트를 맞추어 주셔야 합니다.", $url);
     else
         goto_url($url);
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/orderformreceiptupdate.php b/adm/shop_admin/orderformreceiptupdate.php
index f26fa09cf..7bfb6b787 100644
--- a/adm/shop_admin/orderformreceiptupdate.php
+++ b/adm/shop_admin/orderformreceiptupdate.php
@@ -4,33 +4,65 @@ include_once('./_common.php');
 include_once('./admin.shop.lib.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
+
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+
+$check_keys = array(
+'od_deposit_name',
+'od_bank_account',
+'od_receipt_time',
+'od_receipt_price',
+'od_receipt_point',
+'od_refund_price',
+'od_delivery_company',
+'od_invoice',
+'od_invoice_time',
+'od_send_cost',
+'od_send_cost2',
+'od_tno',
+'od_escrow',
+'od_send_mail'
+);
+
+$posts = array();
+
+foreach($check_keys as $key){
+    $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
+}
+
+$od_send_mail = $posts['od_send_mail'];
+
 $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
 $od  = sql_fetch($sql);
-if(!$od['od_id'])
+if(! (isset($od['od_id']) && $od['od_id']))
     alert('주문자료가 존재하지 않습니다.');
 
-if ($od_receipt_time) {
-    if (check_datetime($od_receipt_time) == false)
+if ($posts['od_receipt_time']) {
+    if (check_datetime($posts['od_receipt_time']) == false)
         alert('결제일시 오류입니다.');
 }
 
 // 결제정보 반영
 $sql = " update {$g5['g5_shop_order_table']}
-            set od_deposit_name    = '{$_POST['od_deposit_name']}',
-                od_bank_account    = '{$_POST['od_bank_account']}',
-                od_receipt_time    = '{$_POST['od_receipt_time']}',
-                od_receipt_price   = '{$_POST['od_receipt_price']}',
-                od_receipt_point   = '{$_POST['od_receipt_point']}',
-                od_refund_price    = '{$_POST['od_refund_price']}',
-                od_delivery_company= '{$_POST['od_delivery_company']}',
-                od_invoice         = '{$_POST['od_invoice']}',
-                od_invoice_time    = '{$_POST['od_invoice_time']}',
-                od_send_cost       = '{$_POST['od_send_cost']}',
-                od_send_cost2      = '{$_POST['od_send_cost2']}'
+            set od_deposit_name    = '{$posts['od_deposit_name']}',
+                od_bank_account    = '{$posts['od_bank_account']}',
+                od_receipt_time    = '{$posts['od_receipt_time']}',
+                od_receipt_price   = '{$posts['od_receipt_price']}',
+                od_receipt_point   = '{$posts['od_receipt_point']}',
+                od_refund_price    = '{$posts['od_refund_price']}',
+                od_delivery_company= '{$posts['od_delivery_company']}',
+                od_invoice         = '{$posts['od_invoice']}',
+                od_invoice_time    = '{$posts['od_invoice_time']}',
+                od_send_cost       = '{$posts['od_send_cost']}',
+                od_send_cost2      = '{$posts['od_send_cost2']}'
             where od_id = '$od_id' ";
 sql_query($sql);
 
@@ -51,16 +83,16 @@ if($info['od_misu'] == 0 && $od['od_status'] == '주문')
 
 // 배송정보가 있으면 주문상태 배송으로 변경
 $order_status = array('입금', '준비');
-if($_POST['od_delivery_company'] && $_POST['od_invoice'] && in_array($od['od_status'], $order_status))
+if($posts['od_delivery_company'] && $posts['od_invoice'] && in_array($od['od_status'], $order_status))
 {
     $od_status = '배송';
     $cart_status = true;
 }
 
 // 미수금액
-$od_misu = ( $od['od_cart_price'] - $od['od_cancel_price'] + $_POST['od_send_cost'] + $_POST['od_send_cost2'] )
+$od_misu = ( $od['od_cart_price'] - $od['od_cancel_price'] + (int) $posts['od_send_cost'] + (int) $posts['od_send_cost2'] )
            - ( $od['od_cart_coupon'] + $od['od_coupon'] + $od['od_send_coupon'] )
-           - ( $_POST['od_receipt_price'] + $_POST['od_receipt_point'] - $_POST['od_refund_price'] );
+           - ( (int) $posts['od_receipt_price'] + (int) $posts['od_receipt_point'] - (int) $posts['od_refund_price'] );
 
 // 미수금 정보 등 반영
 $sql = " update {$g5['g5_shop_order_table']}
@@ -131,11 +163,11 @@ include "./ordersms.inc.php";
 
 
 // 에스크로 배송처리
-if($_POST['od_tno'] && $_POST['od_escrow'] == 1)
+if($posts['od_tno'] && $posts['od_escrow'] == 1)
 {
-    $escrow_tno  = $_POST['od_tno'];
-    $escrow_corp = $_POST['od_delivery_company'];
-    $escrow_numb = $_POST['od_invoice'];
+    $escrow_tno  = $posts['od_tno'];
+    $escrow_corp = $posts['od_delivery_company'];
+    $escrow_numb = $posts['od_invoice'];
 
     include(G5_SHOP_PATH.'/'.$od['od_pg'].'/escrow.register.php');
 }
@@ -143,5 +175,4 @@ if($_POST['od_tno'] && $_POST['od_escrow'] == 1)
 
 $qstr = "sort1=$sort1&amp;sort2=$sort2&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page";
 
-goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
-?>
+goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/orderformupdate.php b/adm/shop_admin/orderformupdate.php
index c9c6fbc3a..da5b33e7a 100644
--- a/adm/shop_admin/orderformupdate.php
+++ b/adm/shop_admin/orderformupdate.php
@@ -4,14 +4,35 @@ include_once('./_common.php');
 
 check_admin_token();
 
-$od_shop_memo = strip_tags($od_shop_memo);
+$od_shop_memo = isset($_POST['od_shop_memo']) ? strip_tags($_POST['od_shop_memo']) : '';
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
-if($_POST['mod_type'] == 'info') {
-    $od_zip1   = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3));
-    $od_zip2   = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3));
-    $od_b_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3));
-    $od_b_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3));
-    $od_email = strip_tags(clean_xss_attributes($od_email));
+$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
+$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
+$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
+$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
+
+if(isset($_POST['mod_type']) && $_POST['mod_type'] === 'info') {
+    $od_zip1   = isset($_POST['od_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3)) : '';
+    $od_zip2   = isset($_POST['od_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3)) : '';
+    $od_b_zip1 = isset($_POST['od_b_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3)) : '';
+    $od_b_zip2 = isset($_POST['od_b_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3)) : '';
+    $od_email = isset($_POST['od_email']) ? strip_tags(clean_xss_attributes($_POST['od_email'])) : '';
+    $od_name = isset($_POST['od_name']) ? clean_xss_tags($_POST['od_name'], 1, 1) : '';
+    $od_tel = isset($_POST['od_tel']) ? clean_xss_tags($_POST['od_tel'], 1, 1) : '';
+    $od_hp = isset($_POST['od_hp']) ? clean_xss_tags($_POST['od_hp'], 1, 1) : '';
+    $od_addr1 = isset($_POST['od_addr1']) ? clean_xss_tags($_POST['od_addr1'], 1, 1) : '';
+    $od_addr2 = isset($_POST['od_addr2']) ? clean_xss_tags($_POST['od_addr2'], 1, 1) : '';
+    $od_addr3 = isset($_POST['od_addr3']) ? clean_xss_tags($_POST['od_addr3'], 1, 1) : '';
+    $od_addr_jibeon = isset($_POST['od_addr_jibeon']) ? clean_xss_tags($_POST['od_addr_jibeon'], 1, 1) : '';
+    $od_b_name = isset($_POST['od_b_name']) ? clean_xss_tags($_POST['od_b_name'], 1, 1) : '';
+    $od_b_tel = isset($_POST['od_b_tel']) ? clean_xss_tags($_POST['od_b_tel'], 1, 1) : '';
+    $od_b_hp = isset($_POST['od_b_hp']) ? clean_xss_tags($_POST['od_b_hp'], 1, 1) : '';
+    $od_b_addr1 = isset($_POST['od_b_addr1']) ? clean_xss_tags($_POST['od_b_addr1'], 1, 1) : '';
+    $od_b_addr2 = isset($_POST['od_b_addr2']) ? clean_xss_tags($_POST['od_b_addr2'], 1, 1) : '';
+    $od_b_addr3 = isset($_POST['od_b_addr3']) ? clean_xss_tags($_POST['od_b_addr3'], 1, 1) : '';
+    $od_b_addr_jibeon = isset($_POST['od_b_addr_jibeon']) ? clean_xss_tags($_POST['od_b_addr_jibeon'], 1, 1) : '';
+    $od_hope_date = isset($_POST['od_hope_date']) ? clean_xss_tags($_POST['od_hope_date'], 1, 1) : '';
 
     $sql = " update {$g5['g5_shop_order_table']}
                 set od_name = '$od_name',
@@ -45,5 +66,4 @@ sql_query($sql);
 
 $qstr = "sort1=$sort1&amp;sort2=$sort2&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page";
 
-goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
-?>
+goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/orderlist.php b/adm/shop_admin/orderlist.php
index d1f179860..4c7e5938b 100644
--- a/adm/shop_admin/orderlist.php
+++ b/adm/shop_admin/orderlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '주문내역';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -10,24 +10,25 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
 $where = array();
 
-$doc = strip_tags($doc);
-$sort1 = in_array($sort1, array('od_id', 'od_cart_price', 'od_receipt_price', 'od_cancel_price', 'od_misu', 'od_cash')) ? $sort1 : '';
-$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
-$sel_field = get_search_string($sel_field);
-if( !in_array($sel_field, array('od_id', 'mb_id', 'od_name', 'od_tel', 'od_hp', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_deposit_name', 'od_invoice')) ){   //검색할 필드 대상이 아니면 값을 제거
-    $sel_field = '';
-}
-$od_status = get_search_string($od_status);
-$search = get_search_string($search);
-if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
-if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('od_id', 'od_cart_price', 'od_receipt_price', 'od_cancel_price', 'od_misu', 'od_cash'))) ? $_GET['sort1'] : '';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
+$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('od_id', 'mb_id', 'od_name', 'od_tel', 'od_hp', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_deposit_name', 'od_invoice')) ) ? $_GET['sel_field'] : ''; 
+$od_status = isset($_GET['od_status']) ? get_search_string($_GET['od_status']) : '';
+$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
 
-$od_misu = preg_replace('/[^0-9a-z]/i', '', $od_misu);
-$od_cancel_price = preg_replace('/[^0-9a-z]/i', '', $od_cancel_price);
-$od_refund_price = preg_replace('/[^0-9a-z]/i', '', $od_refund_price);
-$od_receipt_point = preg_replace('/[^0-9a-z]/i', '', $od_receipt_point);
-$od_coupon = preg_replace('/[^0-9a-z]/i', '', $od_coupon); 
+$fr_date = (isset($_GET['fr_date']) && preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
+$to_date = (isset($_GET['to_date']) && preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_GET['to_date'])) ? $_GET['to_date'] : '';
 
+$od_misu = isset($_GET['od_misu']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_misu']) : '';
+$od_cancel_price = isset($_GET['od_cancel_price']) ? preg_replace('/[^0-9a-z]/', '', $_GET['od_cancel_price']) : '';
+$od_refund_price = isset($_GET['od_refund_price']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_refund_price']) : '';
+$od_receipt_point = isset($_GET['od_receipt_point']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_receipt_point']) : '';
+$od_coupon = isset($_GET['od_coupon']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_coupon']) : ''; 
+$od_settle_case = isset($_GET['od_settle_case']) ? clean_xss_tags($_GET['od_settle_case'], 1, 1) : ''; 
+$od_escrow = isset($_GET['od_escrow']) ? clean_xss_tags($_GET['od_escrow'], 1, 1) : ''; 
+
+$tot_itemcount = $tot_orderprice = $tot_receiptprice = $tot_ordercancel = $tot_misu = $tot_couponprice = 0;
 $sql_search = "";
 if ($search != "") {
     if ($sel_field != "") {
@@ -506,7 +507,7 @@ $(function(){
         var $this = $(this);
         var od_id = $this.text().replace(/[^0-9]/g, "");
 
-        if($this.next("#orderitemlist").size())
+        if($this.next("#orderitemlist").length)
             return false;
 
         $("#orderitemlist").remove();
@@ -679,5 +680,4 @@ function forderlist_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderlistdelete.php b/adm/shop_admin/orderlistdelete.php
index 8a0e0512a..3a0f9e62f 100644
--- a/adm/shop_admin/orderlistdelete.php
+++ b/adm/shop_admin/orderlistdelete.php
@@ -6,11 +6,25 @@ include_once('./_common.php');
 
 check_admin_token();
 
-for ($i=0; $i<count($_POST['chk']); $i++)
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+
+$sort1 = isset($_POST['sort1']) ? clean_xss_tags($_POST['sort1'], 1, 1) : '';
+$sort2 = isset($_POST['sort2']) ? clean_xss_tags($_POST['sort2'], 1, 1) : '';
+$sel_field = isset($_POST['sel_field']) ? clean_xss_tags($_POST['sel_field'], 1, 1) : '';
+$od_status = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
+$od_settle_case = isset($_POST['od_settle_case']) ? clean_xss_tags($_POST['od_settle_case'], 1, 1) : '';
+$od_misu = isset($_POST['od_misu']) ? clean_xss_tags($_POST['od_misu'], 1, 1) : '';
+$od_cancel_price = isset($_POST['od_cancel_price']) ? clean_xss_tags($_POST['od_cancel_price'], 1, 1) : '';
+$od_receipt_price = isset($_POST['od_receipt_price']) ? clean_xss_tags($_POST['od_receipt_price'], 1, 1) : '';
+$od_receipt_point = isset($_POST['od_receipt_point']) ? clean_xss_tags($_POST['od_receipt_point'], 1, 1) : '';
+$od_receipt_coupon = isset($_POST['od_receipt_coupon']) ? clean_xss_tags($_POST['od_receipt_coupon'], 1, 1) : '';
+$search = isset($_POST['search']) ? get_search_string($_POST['search']) : '';
+
+for ($i=0; $i<$count_post_chk; $i++)
 {
     // 실제 번호를 넘김
-    $k     = $_POST['chk'][$i];
-    $od_id = $_POST['od_id'][$k];
+    $k     = isset($_POST['chk'][$i]) ? $_POST['chk'][$i] : 0;
+    $od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
 
     $od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
     if (!$od) continue;
@@ -40,5 +54,4 @@ $qstr .= "&amp;od_receipt_price=$od_receipt_price";
 $qstr .= "&amp;od_receipt_point=$od_receipt_point";
 $qstr .= "&amp;od_receipt_coupon=$od_receipt_coupon";
 
-goto_url("./orderlist.php?$qstr");
-?>
\ No newline at end of file
+goto_url("./orderlist.php?$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/orderlistupdate.php b/adm/shop_admin/orderlistupdate.php
index 1b05970f3..20929a3b1 100644
--- a/adm/shop_admin/orderlistupdate.php
+++ b/adm/shop_admin/orderlistupdate.php
@@ -13,15 +13,32 @@ define("_ORDERMAIL_", true);
 $sms_count = 0;
 $sms_messages = array();
 
-for ($i=0; $i<count($_POST['chk']); $i++)
+$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
+$send_sms = isset($_POST['send_sms']) ? clean_xss_tags($_POST['send_sms'], 1, 1) : '';
+$od_send_mail = isset($_POST['od_send_mail']) ? clean_xss_tags($_POST['od_send_mail'], 1, 1) : '';
+$send_escrow = isset($_POST['send_escrow']) ? clean_xss_tags($_POST['send_escrow'], 1, 1) : '';
+
+$sort1 = isset($_POST['sort1']) ? clean_xss_tags($_POST['sort1'], 1, 1) : '';
+$sort2 = isset($_POST['sort2']) ? clean_xss_tags($_POST['sort2'], 1, 1) : '';
+$sel_field = isset($_POST['sel_field']) ? clean_xss_tags($_POST['sel_field'], 1, 1) : '';
+$od_status = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
+$od_settle_case = isset($_POST['od_settle_case']) ? clean_xss_tags($_POST['od_settle_case'], 1, 1) : '';
+$od_misu = isset($_POST['od_misu']) ? clean_xss_tags($_POST['od_misu'], 1, 1) : '';
+$od_cancel_price = isset($_POST['od_cancel_price']) ? clean_xss_tags($_POST['od_cancel_price'], 1, 1) : '';
+$od_receipt_price = isset($_POST['od_receipt_price']) ? clean_xss_tags($_POST['od_receipt_price'], 1, 1) : '';
+$od_receipt_point = isset($_POST['od_receipt_point']) ? clean_xss_tags($_POST['od_receipt_point'], 1, 1) : '';
+$od_receipt_coupon = isset($_POST['od_receipt_coupon']) ? clean_xss_tags($_POST['od_receipt_coupon'], 1, 1) : '';
+$search = isset($_POST['search']) ? get_search_string($_POST['search']) : '';
+
+for ($i=0; $i<$count_post_chk; $i++)
 {
     // 실제 번호를 넘김
-    $k     = $_POST['chk'][$i];
-    $od_id = $_POST['od_id'][$k];
+    $k     = isset($_POST['chk'][$i]) ? $_POST['chk'][$i] : 0;
+    $od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
 
-    $invoice      = $_POST['od_invoice'][$k];
-    $invoice_time = $_POST['od_invoice_time'][$k];
-    $delivery_company = $_POST['od_delivery_company'][$k];
+    $invoice      = isset($_POST['od_invoice'][$k]) ? clean_xss_tags($_POST['od_invoice'][$k], 1, 1) : '';
+    $invoice_time = isset($_POST['od_invoice_time'][$k]) ? safe_replace_regex($_POST['od_invoice_time'][$k], 'time') : '';
+    $delivery_company = isset($_POST['od_delivery_company'][$k]) ? clean_xss_tags($_POST['od_delivery_company'][$k], 1, 1) : '';
 
     $od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
     if (!$od) continue;
@@ -30,18 +47,18 @@ for ($i=0; $i<count($_POST['chk']); $i++)
     //echo $od_id . "<br>";
 
     $current_status = $od['od_status'];
-    $change_status  = $_POST['od_status'];
+    $change_status  = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
 
     switch ($current_status)
     {
         case '주문' :
-            if ($change_status != '입금') continue;
-            if ($od['od_settle_case'] != '무통장') continue;
+            if ($change_status != '입금') continue 2;
+            if ($od['od_settle_case'] != '무통장') continue 2;
             change_status($od_id, '주문', '입금');
             order_update_receipt($od_id);
 
             // SMS
-            if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use4']) {
+            if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use4']) {
                 $sms_contents = conv_sms_contents($od_id, $default['de_sms_cont4']);
                 if($sms_contents) {
                     $receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']);	// 수신자번호
@@ -53,18 +70,18 @@ for ($i=0; $i<count($_POST['chk']); $i++)
             }
 
             // 메일
-            if($config['cf_email_use'] && $_POST['od_send_mail'])
+            if($config['cf_email_use'] && $od_send_mail)
                 include './ordermail.inc.php';
 
             break;
 
         case '입금' :
-            if ($change_status != '준비') continue;
+            if ($change_status != '준비') continue 2;
             change_status($od_id, '입금', '준비');
             break;
 
         case '준비' :
-            if ($change_status != '배송') continue;
+            if ($change_status != '배송') continue 2;
 
             $delivery['invoice'] = $invoice;
             $delivery['invoice_time'] = $invoice_time;
@@ -74,7 +91,7 @@ for ($i=0; $i<count($_POST['chk']); $i++)
             change_status($od_id, '준비', '배송');
 
             // SMS
-            if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use5']) {
+            if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use5']) {
                 $sms_contents = conv_sms_contents($od_id, $default['de_sms_cont5']);
                 if($sms_contents) {
                     $receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']);	// 수신자번호
@@ -86,11 +103,11 @@ for ($i=0; $i<count($_POST['chk']); $i++)
             }
 
             // 메일
-            if($config['cf_email_use'] && $_POST['od_send_mail'])
+            if($config['cf_email_use'] && $od_send_mail)
                 include './ordermail.inc.php';
 
             // 에스크로 배송
-            if($_POST['send_escrow'] && $od['od_tno'] && $od['od_escrow']) {
+            if($send_escrow && $od['od_tno'] && $od['od_escrow']) {
                 $escrow_tno  = $od['od_tno'];
                 $escrow_numb = $invoice;
                 $escrow_corp = $delivery_company;
@@ -101,7 +118,7 @@ for ($i=0; $i<count($_POST['chk']); $i++)
             break;
 
         case '배송' :
-            if ($change_status != '완료') continue;
+            if ($change_status != '완료') continue 2;
             change_status($od_id, '배송', '완료');
 
             // 완료인 경우에만 상품구입 합계수량을 상품테이블에 저장한다.
@@ -203,5 +220,4 @@ $qstr .= "&amp;od_receipt_coupon=$od_receipt_coupon";
 
 //exit;
 
-goto_url("./orderlist.php?$qstr");
-?>
\ No newline at end of file
+goto_url("./orderlist.php?$qstr");
\ No newline at end of file
diff --git a/adm/shop_admin/ordermail.inc.php b/adm/shop_admin/ordermail.inc.php
index 235111915..9e3bccd3e 100644
--- a/adm/shop_admin/ordermail.inc.php
+++ b/adm/shop_admin/ordermail.inc.php
@@ -9,13 +9,13 @@ if ($od_send_mail)
 {
     $od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
 
-    $addmemo = nl2br(stripslashes($addmemo));
+    $addmemo = isset($addmemo) ? nl2br(stripslashes($addmemo)) : '';
 
-    unset($cart_list);
-    unset($card_list);
-    unset($bank_list);
-    unset($point_list);
-    unset($delivery_list);
+    $cart_list = array();
+    $card_list = array();
+    $bank_list = array();
+    $point_list = array();
+    $delivery_list = array();
 
     $sql = " select *
                from {$g5['g5_shop_cart_table']}
@@ -105,5 +105,4 @@ if ($od_send_mail)
 
         mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $email, $title, $content, 1);
     }
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/orderpartcancel.php b/adm/shop_admin/orderpartcancel.php
index 55df2c5a3..a3648a36d 100644
--- a/adm/shop_admin/orderpartcancel.php
+++ b/adm/shop_admin/orderpartcancel.php
@@ -2,12 +2,14 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
 
 $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
 $od = sql_fetch($sql);
 
-if(!$od['od_id'])
+if(! (isset($od['od_id']) && $od['od_id']))
     alert_close('주문정보가 존해하지 않습니다.');
 
 if($od['od_pg'] == 'inicis' && $od['od_settle_case'] == '계좌이체')
@@ -102,5 +104,4 @@ function form_check(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderpartcancelupdate.php b/adm/shop_admin/orderpartcancelupdate.php
index 69e997c6f..2269f42bc 100644
--- a/adm/shop_admin/orderpartcancelupdate.php
+++ b/adm/shop_admin/orderpartcancelupdate.php
@@ -2,10 +2,10 @@
 $sub_menu = '400400';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$tax_mny = preg_replace('/[^0-9]/', '', $_POST['mod_tax_mny']);
-$free_mny = preg_replace('/[^0-9]/', '', $_POST['mod_free_mny']);
+$tax_mny = isset($_POST['mod_tax_mny']) ? preg_replace('/[^0-9]/', '', $_POST['mod_tax_mny']) : 0;
+$free_mny = isset($_POST['mod_free_mny']) ? preg_replace('/[^0-9]/', '', $_POST['mod_free_mny']) : 0;
 
 if(!$tax_mny && !$free_mny)
     alert('과세 취소금액 또는 비과세 취소금액을 입력해 주십시오.');
@@ -17,7 +17,7 @@ if(!trim($mod_memo))
 $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
 $od = sql_fetch($sql);
 
-if(!$od['od_id'])
+if(! (isset($od['od_id']) && $od['od_id']))
     alert_close('주문정보가 존재하지 않습니다.');
 
 if($od['od_settle_case'] == '계좌이체' && substr($od['od_receipt_time'], 0, 10) >= G5_TIME_YMD)
@@ -48,5 +48,4 @@ self.close();
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderprint.php b/adm/shop_admin/orderprint.php
index 396c0cfdf..70524db4f 100644
--- a/adm/shop_admin/orderprint.php
+++ b/adm/shop_admin/orderprint.php
@@ -2,7 +2,7 @@
 $sub_menu = '500120';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '주문내역출력';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -106,5 +106,4 @@ function forderprintcheck(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/orderprintresult.php b/adm/shop_admin/orderprintresult.php
index e489589c6..906eac729 100644
--- a/adm/shop_admin/orderprintresult.php
+++ b/adm/shop_admin/orderprintresult.php
@@ -2,10 +2,17 @@
 $sub_menu = '500120';
 include_once('./_common.php');
 
-$fr_date = preg_replace('/[^0-9_\-]/', '', $fr_date);
-$to_date = preg_replace('/[^0-9_\-]/', '', $to_date);
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_date']) : '';
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_date']) : '';
+$fr_od_id = isset($_REQUEST['fr_od_id']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['fr_od_id']) : '';
+$to_od_id = isset($_REQUEST['to_od_id']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['to_od_id']) : '';
 
-auth_check($auth[$sub_menu], "r");
+$csv = isset($_REQUEST['csv']) ? clean_xss_tags($_REQUEST['csv'], 1, 1) : '';
+
+$tot_tot_qty = 0;
+$tot_tot_price = 0;
+
+auth_check_menu($auth, $sub_menu, "r");
 
 //print_r2($_GET); exit;
 
@@ -134,6 +141,12 @@ if ($csv == 'csv')
     exit;
 }
 
+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}
+
 // MS엑셀 XLS 데이터로 다운로드 받음
 if ($csv == 'xls')
 {
@@ -155,94 +168,176 @@ if ($csv == 'xls')
     if (!$cnt)
         alert("출력할 내역이 없습니다.");
 
-    /*================================================================================
-    php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
-    =================================================================================*/
+    if (phpversion() >= '5.2.0') {
+        include_once(G5_LIB_PATH.'/PHPExcel.php');
 
-    include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
-    include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
+        $headers = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
+        $widths  = array(10, 30, 10, 15, 15, 15, 10, 10, 20, 15, 20, 20, 50);
+        $header_bgcolor = 'FFABCDEF';
+        $last_char = column_char(count($headers) - 1);
 
-    $fname = tempnam(G5_DATA_PATH, "tmp-orderlist.xls");
-    $workbook = new writeexcel_workbook($fname);
-    $worksheet = $workbook->addworksheet();
+        for($i=1; $row=sql_fetch_array($result); $i++) {
 
-    // Put Excel data
-    $data = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
-    $data = array_map('iconv_euckr', $data);
+            $pull_address = print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']);
+            
+            $save_it_id = '';
+            $ct_send_cost = '';
+            if($save_it_id != $row['it_id']) {
+                // 합계금액 계산
+                $sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
+                                SUM(ct_qty) as qty
+                            from {$g5['g5_shop_cart_table']}
+                            where it_id = '{$row['it_id']}'
+                              and od_id = '{$row['od_id']}' ";
+                $sum = sql_fetch($sql);
 
-    $col = 0;
-    foreach($data as $cell) {
-        $worksheet->write(0, $col++, $cell);
-    }
+                switch($row['ct_send_cost'])
+                {
+                    case 1:
+                        $ct_send_cost = '착불';
+                        break;
+                    case 2:
+                        $ct_send_cost = '무료';
+                        break;
+                    default:
+                        $ct_send_cost = '선불';
+                        break;
+                }
 
-    $save_it_id = '';
-    for($i=1; $row=sql_fetch_array($result); $i++)
-    {
-        if($save_it_id != $row['it_id']) {
-            // 합계금액 계산
-            $sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
-                            SUM(ct_qty) as qty
-                        from {$g5['g5_shop_cart_table']}
-                        where it_id = '{$row['it_id']}'
-                          and od_id = '{$row['od_id']}' ";
-            $sum = sql_fetch($sql);
+                // 조건부무료
+                if($row['it_sc_type'] == 2) {
+                    $sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
 
-            switch($row['ct_send_cost'])
-            {
-                case 1:
-                    $ct_send_cost = '착불';
-                    break;
-                case 2:
-                    $ct_send_cost = '무료';
-                    break;
-                default:
-                    $ct_send_cost = '선불';
-                    break;
+                    if($sendcost == 0)
+                        $ct_send_cost = '무료';
+                }
+
+                $save_it_id = $row['it_id'];
+
+                $ct_send_cost = $ct_send_cost;
             }
 
-            // 조건부무료
-            if($row['it_sc_type'] == 2) {
-                $sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
-
-                if($sendcost == 0)
-                    $ct_send_cost = '무료';
-            }
-
-            $save_it_id = $row['it_id'];
-
-            $ct_send_cost = iconv_euckr($ct_send_cost);
+            $rows[] = array(' '.$row['od_b_zip1'].$row['od_b_zip2'],
+                            $pull_address,
+                            $row['od_b_name'], 
+                            ' '.conv_telno($row['od_b_tel']), 
+                            ' '.conv_telno($row['od_b_hp']), 
+                            preg_replace("/\"/", "&#034;", $row['it_name']), 
+                            ' '.$row['ct_qty'], 
+                            $row['ct_option'], 
+                            $ct_send_cost,
+                            ' '.$row['it_id'],
+                            ' '.$row['od_id'],
+                            ' '.$row['od_invoice'],
+                            preg_replace("/\"/", "&#034;", $row['od_memo']));
         }
 
-        $pull_address = iconv('UTF-8', 'UHC', print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']));
+        $data = array_merge(array($headers), $rows);
 
-        $row = array_map('iconv_euckr', $row);
+        $excel = new PHPExcel();
+        $excel->setActiveSheetIndex(0)->getStyle( "A1:${last_char}1" )->getFill()->setFillType(PHPExcel_Style_Fill::FILL_SOLID)->getStartColor()->setARGB($header_bgcolor);
+        $excel->setActiveSheetIndex(0)->getStyle( "A:$last_char" )->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_CENTER)->setWrapText(true);
+        foreach($widths as $i => $w) $excel->setActiveSheetIndex(0)->getColumnDimension( column_char($i) )->setWidth($w);
+        $excel->getActiveSheet()->fromArray($data,NULL,'A1');
 
-        $worksheet->write($i, 0, ' '.$row['od_b_zip1'].$row['od_b_zip2']);
-        $worksheet->write($i, 1, $pull_address);
-        $worksheet->write($i, 2, $row['od_b_name']);
-        $worksheet->write($i, 3, ' '.$row['od_b_tel']);
-        $worksheet->write($i, 4, ' '.$row['od_b_hp']);
-        $worksheet->write($i, 5, $row['it_name']);
-        $worksheet->write($i, 6, $row['ct_qty']);
-        $worksheet->write($i, 7, $row['ct_option']);
-        $worksheet->write($i, 8, $ct_send_cost);
-        $worksheet->write($i, 9, ' '.$row['it_id']);
-        $worksheet->write($i, 10, ' '.$row['od_id']);
-        $worksheet->write($i, 11, $row['od_invoice']);
-        $worksheet->write($i, 12, $row['od_memo']);
-    }
+        header("Content-Type: application/octet-stream");
+        header("Content-Disposition: attachment; filename=\"orderlist-".date("ymd", time()).".xls\"");
+        header("Cache-Control: max-age=0");
 
-    $workbook->close();
+        $writer = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
+        $writer->save('php://output');
 
-    header("Content-Type: application/x-msexcel; name=\"orderlist-".date("ymd", time()).".xls\"");
-    header("Content-Disposition: inline; filename=\"orderlist-".date("ymd", time()).".xls\"");
-    $fh=fopen($fname, "rb");
-    fpassthru($fh);
-    unlink($fname);
+    } else {
+        /*================================================================================
+        php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
+        =================================================================================*/
 
-    exit;
+        include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
+        include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
+
+        $fname = tempnam(G5_DATA_PATH, "tmp-orderlist.xls");
+        $workbook = new writeexcel_workbook($fname);
+        $worksheet = $workbook->addworksheet();
+
+        // Put Excel data
+        $data = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
+        $data = array_map('iconv_euckr', $data);
+
+        $col = 0;
+        foreach($data as $cell) {
+            $worksheet->write(0, $col++, $cell);
+        }
+
+        $save_it_id = '';
+        for($i=1; $row=sql_fetch_array($result); $i++)
+        {
+            if($save_it_id != $row['it_id']) {
+                // 합계금액 계산
+                $sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
+                                SUM(ct_qty) as qty
+                            from {$g5['g5_shop_cart_table']}
+                            where it_id = '{$row['it_id']}'
+                              and od_id = '{$row['od_id']}' ";
+                $sum = sql_fetch($sql);
+
+                switch($row['ct_send_cost'])
+                {
+                    case 1:
+                        $ct_send_cost = '착불';
+                        break;
+                    case 2:
+                        $ct_send_cost = '무료';
+                        break;
+                    default:
+                        $ct_send_cost = '선불';
+                        break;
+                }
+
+                // 조건부무료
+                if($row['it_sc_type'] == 2) {
+                    $sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
+
+                    if($sendcost == 0)
+                        $ct_send_cost = '무료';
+                }
+
+                $save_it_id = $row['it_id'];
+
+                $ct_send_cost = iconv_euckr($ct_send_cost);
+            }
+
+            $pull_address = iconv('UTF-8', 'UHC', print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']));
+
+            $row = array_map('iconv_euckr', $row);
+
+            $worksheet->write($i, 0, ' '.$row['od_b_zip1'].$row['od_b_zip2']);
+            $worksheet->write($i, 1, $pull_address);
+            $worksheet->write($i, 2, $row['od_b_name']);
+            $worksheet->write($i, 3, ' '.$row['od_b_tel']);
+            $worksheet->write($i, 4, ' '.$row['od_b_hp']);
+            $worksheet->write($i, 5, $row['it_name']);
+            $worksheet->write($i, 6, $row['ct_qty']);
+            $worksheet->write($i, 7, $row['ct_option']);
+            $worksheet->write($i, 8, $ct_send_cost);
+            $worksheet->write($i, 9, ' '.$row['it_id']);
+            $worksheet->write($i, 10, ' '.$row['od_id']);
+            $worksheet->write($i, 11, $row['od_invoice']);
+            $worksheet->write($i, 12, $row['od_memo']);
+        }
+
+        $workbook->close();
+
+        header("Content-Type: application/x-msexcel; name=\"orderlist-".date("ymd", time()).".xls\"");
+        header("Content-Disposition: inline; filename=\"orderlist-".date("ymd", time()).".xls\"");
+        $fh=fopen($fname, "rb");
+        fpassthru($fh);
+        unlink($fname);
+
+        exit;
+    }   //end if php 5.2.0
 }
 
+
 function get_order($od_id)
 {
     global $g5;
@@ -271,6 +366,7 @@ else
 if ($ct_status)
     $sql .= " and b.ct_status = '$ct_status' ";
 $sql .= " order by a.od_id ";
+
 $result = sql_query($sql);
 if (sql_num_rows($result) == 0)
 {
diff --git a/adm/shop_admin/ordersms.inc.php b/adm/shop_admin/ordersms.inc.php
index 58db9bc72..b6c57c1c3 100644
--- a/adm/shop_admin/ordersms.inc.php
+++ b/adm/shop_admin/ordersms.inc.php
@@ -87,5 +87,4 @@ if ($config['cf_sms_use']) {
             $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
         }
     }
-}
-?>
+}
\ No newline at end of file
diff --git a/adm/shop_admin/personalpaycopy.php b/adm/shop_admin/personalpaycopy.php
index 3fdf22ff0..09ef7d0e9 100644
--- a/adm/shop_admin/personalpaycopy.php
+++ b/adm/shop_admin/personalpaycopy.php
@@ -2,7 +2,7 @@
 $sub_menu = '400440';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $g5['title'] = '개인결제 복사';
 include_once(G5_PATH.'/head.sub.php');
@@ -64,5 +64,4 @@ function form_check(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/personalpaycopyupdate.php b/adm/shop_admin/personalpaycopyupdate.php
index a755fe6d1..deb032ef3 100644
--- a/adm/shop_admin/personalpaycopyupdate.php
+++ b/adm/shop_admin/personalpaycopyupdate.php
@@ -2,7 +2,7 @@
 $sub_menu = '400440';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'w');
+auth_check_menu($auth, $sub_menu, 'w');
 
 $_POST = array_map('trim', $_POST);
 
@@ -50,5 +50,4 @@ self.close();
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/shop_admin/personalpayform.php b/adm/shop_admin/personalpayform.php
index f86816fd9..a4274d04b 100644
--- a/adm/shop_admin/personalpayform.php
+++ b/adm/shop_admin/personalpayform.php
@@ -2,10 +2,16 @@
 $sub_menu = '400440';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = '개인결제 관리';
 
+$pp_id = isset($_REQUEST['pp_id']) ? safe_replace_regex($_REQUEST['pp_id'], 'pp_id') : '';
+$popup = isset($_REQUEST['popup']) ? clean_xss_tags($_REQUEST['popup'], 1, 1) : '';
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
+
+$pp = array('pp_name'=>'', 'pp_price'=>0, 'od_id'=>'', 'pp_content'=>'', 'pp_settle_case'=>'', 'pp_receipt_time'=>'', 'pp_receipt_price'=>0, 'pp_shop_memo'=>'');
+
 if ($w == 'u') {
     $html_title = '개인결제 수정';
 
@@ -274,5 +280,4 @@ if($popup == 'yes') {
     include_once(G5_PATH.'/tail.sub.php');
 } else {
     include_once (G5_ADMIN_PATH.'/admin.tail.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/shop_admin/personalpayformupdate.php b/adm/shop_admin/personalpayformupdate.php
index 9fecf1cd1..6cac54d61 100644
--- a/adm/shop_admin/personalpayformupdate.php
+++ b/adm/shop_admin/personalpayformupdate.php
@@ -4,51 +4,56 @@ include_once('./_common.php');
 
 check_admin_token();
 
-if( isset($_POST['pp_name']) ){
-	$_POST['pp_name'] = strip_tags(clean_xss_attributes($_POST['pp_name']));
-}
+$pp_name = isset($_POST['pp_name']) ? strip_tags(clean_xss_attributes($_POST['pp_name'])) : '';
+$pp_id = isset($_REQUEST['pp_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_id']) : 0;
+$pp_price = isset($_POST['pp_price']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_price']) : 0;
 
 if($w == 'd') {
-    auth_check($auth[$sub_menu], 'd');
+    auth_check_menu($auth, $sub_menu, 'd');
 
-    $sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_GET['pp_id']}' ";
+    $sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ";
     $row = sql_fetch($sql);
     if(!$row['pp_id'])
         alert('삭제하시려는 자료가 존재하지 않습니다.');
 
-    sql_query(" delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_GET['pp_id']}' ");
+    sql_query(" delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ");
 
     goto_url('./personalpaylist.php?'.$qstr);
 } else {
-    auth_check($auth[$sub_menu], 'w');
+    auth_check_menu($auth, $sub_menu, 'w');
 
-    $_POST = array_map('trim', $_POST);
-
-    if(!$_POST['pp_name'])
+    if(! $pp_name)
         alert('이름을 입력해 주십시오.');
-    if(!$_POST['pp_price'])
+    if(! $pp_price)
         alert('주문금액을 입력해 주십시오.');
-    if(preg_match('/[^0-9]/', $_POST['pp_price']))
+    if(preg_match('/[^0-9]/', $pp_price))
         alert('주문금액은 숫자만 입력해 주십시오.');
 
-    $od_id = preg_replace('/[^0-9]/', '', $_POST['od_id']);
+    $od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
-    if($_POST['od_id']) {
+    if($od_id) {
         $sql = " select od_id from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
         $row = sql_fetch($sql);
-        if(!$row['od_id'])
+        if(! (isset($row['od_id']) && $row['od_id']))
             alert('입력하신 주문번호는 존재하지 않는 주문 자료입니다.');
     }
 
-    $sql_common = " pp_name             = '{$_POST['pp_name']}',
-                    pp_price            = '{$_POST['pp_price']}',
+    $post_pp_content = isset($_POST['pp_content']) ? $_POST['pp_content'] : '';
+    $post_pp_receipt_price = isset($_POST['pp_receipt_price']) ? (int) $_POST['pp_receipt_price'] : 0;
+    $post_pp_settle_case = isset($_POST['pp_settle_case']) ? clean_xss_tags($_POST['pp_settle_case'], 1, 1) : '';
+    $post_pp_receipt_time = isset($_POST['pp_receipt_time']) ? clean_xss_tags($_POST['pp_receipt_time'], 1, 1) : '';
+    $post_pp_shop_memo = isset($_POST['pp_shop_memo']) ? $_POST['pp_shop_memo'] : '';
+    $post_pp_use = isset($_POST['pp_use']) ? (int) $_POST['pp_use'] : 0;
+
+    $sql_common = " pp_name             = '{$pp_name}',
+                    pp_price            = '{$pp_price}',
                     od_id               = '$od_id',
-                    pp_content          = '{$_POST['pp_content']}',
-                    pp_receipt_price    = '{$_POST['pp_receipt_price']}',
-                    pp_settle_case      = '{$_POST['pp_settle_case']}',
-                    pp_receipt_time     = '{$_POST['pp_receipt_time']}',
-                    pp_shop_memo        = '{$_POST['pp_shop_memo']}',
-                    pp_use              = '{$_POST['pp_use']}' ";
+                    pp_content          = '{$post_pp_content}',
+                    pp_receipt_price    = '{$post_pp_receipt_price}',
+                    pp_settle_case      = '{$post_pp_settle_case}',
+                    pp_receipt_time     = '{$post_pp_receipt_time}',
+                    pp_shop_memo        = '{$post_pp_shop_memo}',
+                    pp_use              = '{$post_pp_use}' ";
 }
 
 if($w == '') {
@@ -60,19 +65,18 @@ if($w == '') {
                     pp_time = '".G5_TIME_YMDHIS."' ";
     sql_query($sql);
 } else if($w == 'u') {
-    $sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id']}' ";
+    $sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ";
     $row = sql_fetch($sql);
     if(!$row['pp_id'])
         alert('수정하시려는 자료가 존재하지 않습니다.');
 
     $sql = " update {$g5['g5_shop_personalpay_table']}
                 set $sql_common
-                where pp_id = '{$_POST['pp_id']}' ";
+                where pp_id = '{$pp_id}' ";
     sql_query($sql);
 }
 
 if($popup == 'yes')
     alert_close('개인결제가 추가됐습니다.');
 else
-    goto_url('./personalpayform.php?w=u&amp;pp_id='.$pp_id.'&amp;'.$qstr);
-?>
\ No newline at end of file
+    goto_url('./personalpayform.php?w=u&amp;pp_id='.$pp_id.'&amp;'.$qstr);
\ No newline at end of file
diff --git a/adm/shop_admin/personalpaylist.php b/adm/shop_admin/personalpaylist.php
index 9153ccce1..b3ce61a72 100644
--- a/adm/shop_admin/personalpaylist.php
+++ b/adm/shop_admin/personalpaylist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400440';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql_common = " from {$g5['g5_shop_personalpay_table']} ";
 
@@ -60,9 +60,9 @@ $colspan = 10;
 
 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
     <select name="sfl" title="검색대상">
-        <option value="pp_id"<?php echo get_selected($_GET['sfl'], "pp_id"); ?>>개인결제번호</option>
-        <option value="pp_name"<?php echo get_selected($_GET['sfl'], "pp_name"); ?>>이름</option>
-        <option value="od_id"<?php echo get_selected($_GET['sfl'], "od_id"); ?>>주문번호</option>
+        <option value="pp_id"<?php echo get_selected($sfl, "pp_id"); ?>>개인결제번호</option>
+        <option value="pp_name"<?php echo get_selected($sfl, "pp_name"); ?>>이름</option>
+        <option value="od_id"<?php echo get_selected($sfl, "od_id"); ?>>주문번호</option>
     </select>
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
     <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@@ -175,5 +175,4 @@ function fpersonalpaylist_submit(f)
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/personalpaylistdelete.php b/adm/shop_admin/personalpaylistdelete.php
index 1e1d073ee..cf1763aee 100644
--- a/adm/shop_admin/personalpaylistdelete.php
+++ b/adm/shop_admin/personalpaylistdelete.php
@@ -4,23 +4,22 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 check_admin_token();
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) ? 0;
 if(!$count)
     alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
 for ($i=0; $i<$count; $i++)
 {
     // 실제 번호를 넘김
-    $k = $_POST['chk'][$i];
-    $ppp_id = (int) $_POST['pp_id'][$k];
+    $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+    $ppp_id = isset($_POST['pp_id'][$i]) ? (int) $_POST['pp_id'][$k] : 0;
 
     $sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' ";
     sql_query($sql);
 }
 
-goto_url('./personalpaylist.php');
-?>
\ No newline at end of file
+goto_url('./personalpaylist.php');
\ No newline at end of file
diff --git a/adm/shop_admin/price.php b/adm/shop_admin/price.php
index d72647303..067852bba 100644
--- a/adm/shop_admin/price.php
+++ b/adm/shop_admin/price.php
@@ -2,7 +2,7 @@
 $sub_menu = '500210';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '가격비교사이트';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -54,5 +54,4 @@ $pg_anchor = '<ul class="anchor">
 </section>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sale1.php b/adm/shop_admin/sale1.php
index b67da753a..66b9da142 100644
--- a/adm/shop_admin/sale1.php
+++ b/adm/shop_admin/sale1.php
@@ -2,7 +2,7 @@
 $sub_menu = '500110';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '매출현황';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -69,5 +69,4 @@ $(function() {
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sale1date.php b/adm/shop_admin/sale1date.php
index 7acd44ab2..eecb19376 100644
--- a/adm/shop_admin/sale1date.php
+++ b/adm/shop_admin/sale1date.php
@@ -2,10 +2,10 @@
 $sub_menu = '500110';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$fr_date = preg_replace('/[^0-9]/i', '', $fr_date);
-$to_date = preg_replace('/[^0-9]/i', '', $to_date);
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_date']) : '';
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_date']) : '';
 
 $fr_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $fr_date);
 $to_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $to_date);
@@ -75,8 +75,9 @@ $result = sql_query($sql);
     </thead>
     <tbody>
     <?php
-    unset($save);
-    unset($tot);
+    $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+    $tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+
     for ($i=0; $row=sql_fetch_array($result); $i++)
     {
         if ($i == 0)
@@ -84,7 +85,7 @@ $result = sql_query($sql);
 
         if ($save['od_date'] != $row['od_date']) {
             print_line($save);
-            unset($save);
+            $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
             $save['od_date'] = $row['od_date'];
         }
 
@@ -156,5 +157,4 @@ $result = sql_query($sql);
 </div>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sale1month.php b/adm/shop_admin/sale1month.php
index b3eddc508..c26cf4989 100644
--- a/adm/shop_admin/sale1month.php
+++ b/adm/shop_admin/sale1month.php
@@ -2,10 +2,10 @@
 $sub_menu = '500110';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$fr_month = preg_replace('/[^0-9]/i', '', $fr_month);
-$to_month = preg_replace('/[^0-9]/i', '', $to_month);
+$fr_month = isset($_REQUEST['fr_month']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_month']) : '';
+$to_month = isset($_REQUEST['to_month']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_month']) : '';
 
 $fr_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $fr_month);
 $to_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $to_month);
@@ -76,8 +76,9 @@ $result = sql_query($sql);
     </thead>
     <tbody>
     <?php
-    unset($save);
-    unset($tot);
+    $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+    $tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+
     for ($i=0; $row=sql_fetch_array($result); $i++)
     {
         if ($i == 0)
@@ -85,7 +86,7 @@ $result = sql_query($sql);
 
         if ($save['od_date'] != $row['od_date']) {
             print_line($save);
-            unset($save);
+            $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
             $save['od_date'] = $row['od_date'];
         }
 
@@ -158,5 +159,4 @@ $result = sql_query($sql);
 
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sale1today.php b/adm/shop_admin/sale1today.php
index 1af2b4b31..47214ed75 100644
--- a/adm/shop_admin/sale1today.php
+++ b/adm/shop_admin/sale1today.php
@@ -2,10 +2,22 @@
 $sub_menu = '500110';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
-
-$date = preg_replace('/[^0-9]/i', '', $date);
+auth_check_menu($auth, $sub_menu, "r");
 
+$date = isset($_GET['date']) ? preg_replace('/[^0-9]/i', '', $_GET['date']) : '';
+$tot = array(
+'orderprice'=>0,
+'coupon'=>0,
+'receipt_bank'=>0,
+'receipt_vbank'=>0,
+'receipt_iche'=>0,
+'receipt_card'=>0,
+'receipt_easy'=>0,
+'receipt_hp'=>0,
+'receipt_point'=>0,
+'ordercancel'=>0,
+'misu'=>0,
+);
 $date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $date);
 
 $g5['title'] = "$date 일 매출현황";
@@ -50,7 +62,6 @@ $result = sql_query($sql);
     </thead>
     <tbody>
     <?php
-    unset($tot);
     for ($i=0; $row=sql_fetch_array($result); $i++)
     {
         if ($row['mb_id'] == '') { // 비회원일 경우는 주문자로 링크
@@ -128,5 +139,4 @@ $result = sql_query($sql);
 </div>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sale1year.php b/adm/shop_admin/sale1year.php
index 8e749c035..4257884bd 100644
--- a/adm/shop_admin/sale1year.php
+++ b/adm/shop_admin/sale1year.php
@@ -2,10 +2,10 @@
 $sub_menu = '500110';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-$fr_year = preg_replace('/[^0-9]/i', '', $fr_year);
-$to_year = preg_replace('/[^0-9]/i', '', $to_year);
+$fr_year = isset($_REQUEST['fr_year']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_year']) : '';
+$to_year = isset($_REQUEST['to_year']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_year']) : '';
 
 $g5['title'] = $fr_year.' ~ '.$to_year.' 연간 매출현황';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
@@ -70,8 +70,9 @@ $result = sql_query($sql);
     </thead>
     <tbody>
     <?php
-    unset($save);
-    unset($tot);
+    $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+    $tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
+
     for ($i=0; $row=sql_fetch_array($result); $i++)
     {
         if ($i == 0)
@@ -79,7 +80,7 @@ $result = sql_query($sql);
 
         if ($save['od_date'] != $row['od_date']) {
             print_line($save);
-            unset($save);
+            $save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
             $save['od_date'] = $row['od_date'];
         }
 
@@ -151,5 +152,4 @@ $result = sql_query($sql);
 </div>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sendcostlist.php b/adm/shop_admin/sendcostlist.php
index 69a5e0290..b99cba3ee 100644
--- a/adm/shop_admin/sendcostlist.php
+++ b/adm/shop_admin/sendcostlist.php
@@ -2,7 +2,7 @@
 $sub_menu = '400750';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $sql_common = " from {$g5['g5_shop_sendcost_table']} ";
 
@@ -151,5 +151,4 @@ function fsendcost_submit(f)
 </script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/shop_admin/sendcostupdate.php b/adm/shop_admin/sendcostupdate.php
index 121943189..c048f9976 100644
--- a/adm/shop_admin/sendcostupdate.php
+++ b/adm/shop_admin/sendcostupdate.php
@@ -4,28 +4,28 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
-$w = $_POST['w'];
+$w = isset($_POST['w']) ? $_POST['w'] : '';
 
 if($w == 'd') {
-    $count = count($_POST['chk']);
+    $count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
     if(!$count)
         alert('삭제하실 항목을 하나이상 선택해 주십시오.');
 
     for($i=0; $i<$count; $i++) {
-        $k = $_POST['chk'][$i];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
 
-        $sc_id = (int) $_POST['sc_id'][$k];
+        $sc_id = isset($_POST['sc_id'][$i]) ? (int) $_POST['sc_id'][$k] : 0;
         sql_query(" delete from {$g5['g5_shop_sendcost_table']} where sc_id = '$sc_id' ");
     }
 } else {
-    $sc_name = trim(strip_tags(clean_xss_attributes($_POST['sc_name'])));
-    $sc_zip1 = preg_replace('/[^0-9]/', '', $_POST['sc_zip1']);
-    $sc_zip2 = preg_replace('/[^0-9]/', '', $_POST['sc_zip2']);
-    $sc_price = preg_replace('/[^0-9]/', '', $_POST['sc_price']);
+    $sc_name = isset($_POST['sc_name']) ? trim(strip_tags(clean_xss_attributes($_POST['sc_name']))) : '';
+    $sc_zip1 = isset($_POST['sc_zip1']) ? preg_replace('/[^0-9]/', '', $_POST['sc_zip1']) : '';
+    $sc_zip2 = isset($_POST['sc_zip2']) ? preg_replace('/[^0-9]/', '', $_POST['sc_zip2']) : '';
+    $sc_price = isset($_POST['sc_price']) ? preg_replace('/[^0-9]/', '', $_POST['sc_price']) : '';
 
     if(!$sc_name)
         alert('지역명을 입력해 주십시오.');
@@ -43,5 +43,4 @@ if($w == 'd') {
     sql_query($sql);
 }
 
-goto_url('./sendcostlist.php?page='.$page);
-?>
\ No newline at end of file
+goto_url('./sendcostlist.php?page='.$page);
\ No newline at end of file
diff --git a/adm/shop_admin/wishlist.php b/adm/shop_admin/wishlist.php
index 87ff7dc15..712faeedf 100644
--- a/adm/shop_admin/wishlist.php
+++ b/adm/shop_admin/wishlist.php
@@ -2,24 +2,20 @@
 $sub_menu = '500140';
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '보관함현황';
 include_once (G5_ADMIN_PATH.'/admin.head.php');
 include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
 
-if (!$to_date) $to_date = date("Ymd", time());
+$fr_date = (isset($_GET['fr_date']) && preg_match("/[0-9]/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
+$to_date = (isset($_GET['to_date']) && preg_match("/[0-9]/", $_GET['to_date'])) ? $_GET['to_date'] : '';
 
-$doc = strip_tags($doc);
-$sort1 = strip_tags($sort1);
-$sel_ca_id = get_search_string($sel_ca_id);
+$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
+$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) ? $_GET['sort1'] : 'it_id_cnt';
+$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
 
-if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
-if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
-
-if ($sort1 == "") $sort1 = "it_id_cnt";
-if (!in_array($sort1, array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) $sort1 = "it_id_cnt";
-if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
+$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
 
 $sql  = " select a.it_id,
                  b.it_name,
@@ -149,5 +145,4 @@ $(function() {
 </script>
 
 <?php
-include_once (G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once (G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
index 3c53259a8..e295daf97 100644
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@@ -19,5 +19,4 @@ if( isset($token) ){
     $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
 }
 
-add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
-?>
\ No newline at end of file
+add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
\ No newline at end of file
diff --git a/adm/sms_admin/ajax.hp_chk.php b/adm/sms_admin/ajax.hp_chk.php
index b1c303565..4634817b3 100644
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@@ -10,12 +10,14 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");
 
 $err = '';
 $arr_ajax_msg = array();
 $exist_hplist = array();
 
+$bk_hp = isset($_REQUEST['bk_hp']) ? clean_xss_tags($_REQUEST['bk_hp'], 1, 1) : '';
+
 if( !$bk_hp )
     $err = '휴대폰번호를 입력해 주십시오.';
 
@@ -46,6 +48,4 @@ if(!$row['cnt'] && $w == 'u') {
 $arr_ajax_msg['error'] = $err;
 $arr_ajax_msg['exist'] = $exist_hplist;
 
-die( json_encode($arr_ajax_msg) );
-
-?>
\ No newline at end of file
+die( json_encode($arr_ajax_msg) );
\ No newline at end of file
diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index 82a02b22a..8514179e4 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -10,7 +10,9 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");
+
+$fg_no = isset($_REQUEST['fg_no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['fg_no']) : '';
 
 $page_size = 6;
 
@@ -82,5 +84,4 @@ $arr_ajax_msg = array(
 'total_page'=>$total_page
 );
 
-die( json_encode($arr_ajax_msg) );
-?>
\ No newline at end of file
+die( json_encode($arr_ajax_msg) );
\ No newline at end of file
diff --git a/adm/sms_admin/ajax.sms_write_group.php b/adm/sms_admin/ajax.sms_write_group.php
index 702357183..5b10312e3 100644
--- a/adm/sms_admin/ajax.sms_write_group.php
+++ b/adm/sms_admin/ajax.sms_write_group.php
@@ -4,7 +4,7 @@ include_once("./_common.php");
 
 $colspan = 3;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $no_group = sql_fetch("select * from {$g5['sms5_book_group_table']} where bg_no=1");
 
diff --git a/adm/sms_admin/ajax.sms_write_level.php b/adm/sms_admin/ajax.sms_write_level.php
index d17fcd54b..b36cf1d18 100644
--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@@ -10,7 +10,7 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");
 
 $lev = array();
 
@@ -26,6 +26,7 @@ while ($row = sql_fetch_array($qry))
     $lev[$row['mb_level']] = $row['cnt'];
 }
 $str_json = array();
+$line = 0;
 $tmp_str = '';
 $tmp_str .= '
 <div class="tbl_head01 tbl_wrap">
@@ -53,5 +54,4 @@ $tmp_str .= '
 </div>';
 
 $str_json['html'] = $tmp_str;
-echo json_encode($str_json);
-?>
\ No newline at end of file
+echo json_encode($str_json);
\ No newline at end of file
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index c37b70058..26a90c3b7 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -5,7 +5,11 @@ include_once("./_common.php");
 $page_size = 10;
 $colspan = 5;
 
-auth_check($auth[$sub_menu], "r");
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$ap = isset($_REQUEST['ap']) ? (int) $_REQUEST['ap'] : 0;
+$no_hp = isset($_REQUEST['no_hp']) ? clean_xss_tags($_REQUEST['no_hp'], 1, 1) : '';
+
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "휴대폰번호 관리";
 
diff --git a/adm/sms_admin/config.php b/adm/sms_admin/config.php
index a8e89543e..dc2d28467 100644
--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@@ -2,7 +2,7 @@
 $sub_menu = "900100";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "SMS 기본설정";
 
@@ -25,7 +25,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw'])
 if (!$config['cf_icode_id'])
     $config['cf_icode_id'] = 'sir_';
 
-if (!$sms5['cf_skin'])
+if (! (isset($sms5['cf_skin']) && $sms5['cf_skin']))
     $sms5['cf_skin'] = 'basic';
 
 include_once(G5_ADMIN_PATH.'/admin.head.php');
@@ -117,7 +117,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
         <th scope="row"><label for="cf_phone">회신번호<strong class="sound_only"> 필수</strong></label></th>
         <td>
             <?php echo help("회신받을 휴대폰 번호를 입력하세요. 회신번호는 발신번호로 사전등록된 번호와 동일해야 합니다.<br>예) 010-123-4567"); ?>
-            <input type="text" name="cf_phone" value="<?php echo $sms5['cf_phone']; ?>" id="cf_phone" required class="frm_input required" size="13">
+            <input type="text" name="cf_phone" value="<?php echo isset($sms5['cf_phone']) ? get_sanitize_input($sms5['cf_phone']) : ''; ?>" id="cf_phone" required class="frm_input required" size="13">
         </td>
     </tr>
     </tbody>
@@ -144,5 +144,4 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
 <?php } ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/config_update.php b/adm/sms_admin/config_update.php
index 236d56e74..da708f998 100644
--- a/adm/sms_admin/config_update.php
+++ b/adm/sms_admin/config_update.php
@@ -2,7 +2,7 @@
 $sub_menu = "900100";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_demo();
 
@@ -10,6 +10,15 @@ check_admin_token();
 
 $g5['title'] = "SMS 기본설정";
 
+$cf_phone = isset($_REQUEST['cf_phone']) ? clean_xss_tags($_REQUEST['cf_phone'], 1, 1) : '';
+$cf_sms_use = isset($_REQUEST['cf_sms_use']) ? clean_xss_tags($_REQUEST['cf_sms_use'], 1, 1) : '';
+$cf_sms_type = isset($_REQUEST['cf_sms_type']) ? clean_xss_tags($_REQUEST['cf_sms_type'], 1, 1) : '';
+$cf_icode_id = isset($_REQUEST['cf_icode_id']) ? clean_xss_tags($_REQUEST['cf_icode_id'], 1, 1) : '';
+$cf_icode_pw = isset($_REQUEST['cf_icode_pw']) ? clean_xss_tags($_REQUEST['cf_icode_pw'], 1, 1) : '';
+$cf_icode_server_ip = isset($_REQUEST['cf_icode_server_ip']) ? clean_xss_tags($_REQUEST['cf_icode_server_ip'], 1, 1) : '';
+$cf_icode_server_port = isset($_REQUEST['cf_icode_server_port']) ? clean_xss_tags($_REQUEST['cf_icode_server_port'], 1, 1) : '';
+$cf_icode_token_key = isset($_REQUEST['cf_icode_token_key']) ? clean_xss_tags($_REQUEST['cf_icode_token_key'], 1, 1) : '';
+
 // 회신번호 체크
 if(!check_vaild_callback($cf_phone))
     alert('회신번호가 올바르지 않습니다.');
@@ -42,5 +51,4 @@ $sql = " update {$g5['config_table']}
                 cf_icode_token_key      = '$cf_icode_token_key'";
 sql_query($sql);
 
-goto_url("./config.php");
-?>
\ No newline at end of file
+goto_url("./config.php");
\ No newline at end of file
diff --git a/adm/sms_admin/emoticon_move.php b/adm/sms_admin/emoticon_move.php
index 4e04cf496..7c1db6eb3 100644
--- a/adm/sms_admin/emoticon_move.php
+++ b/adm/sms_admin/emoticon_move.php
@@ -6,7 +6,7 @@ if ($sw != 'move'){
     alert('sw 값이 제대로 넘어오지 않았습니다.');
 }
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '이모티콘그룹 이동';
 include_once(G5_PATH.'/head.sub.php');
@@ -111,5 +111,4 @@ function fboardmoveall_submit(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/sms_admin/emoticon_move_update.php b/adm/sms_admin/emoticon_move_update.php
index 8fe03b539..30a6bf330 100644
--- a/adm/sms_admin/emoticon_move_update.php
+++ b/adm/sms_admin/emoticon_move_update.php
@@ -1,12 +1,14 @@
 <?php
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-if(!count($_POST['chk_fg_no']))
+$post_chk_fg_no = (isset($_POST['chk_fg_no']) && is_array($_POST['chk_fg_no'])) ? $_POST['chk_fg_no'] : array();
+
+if(!count($post_chk_fg_no))
     alert('이모티콘을 이동할 그룹을 한개 이상 선택해 주십시오.', $url);
 
-$fo_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $fo_no_list);
+$fo_no_list = isset($_POST['fo_no_list']) ? preg_replace('/[^a-zA-Z0-9\, ]/', '', $_POST['fo_no_list']) : '';
 
 $sql = "select * from {$g5['sms5_form_table']} where fo_no in ($fo_no_list) order by fo_no desc ";
 $result = sql_query($sql);
@@ -14,9 +16,9 @@ $save = array();
 for ($kk=0;$row = sql_fetch_array($result);$kk++)
 {
     $fo_no = $row['fo_no'];
-    for ($i=0; $i<count($_POST['chk_fg_no']); $i++)
+    for ($i=0; $i<count($post_chk_fg_no); $i++)
     {
-        $fg_no = $_POST['chk_fg_no'][$i];
+        $fg_no = $post_chk_fg_no[$i];
         if( !$fg_no ) continue;
         $group = sql_fetch("select * from {$g5['sms5_form_group_table']} where fg_no = '$fg_no'");
         $sql = " insert into {$g5['sms5_form_table']}
@@ -58,5 +60,4 @@ window.close();
 </p>
 <a href="$opener_href">돌아가기</a>
 </noscript>
-HEREDOC;
-?>
\ No newline at end of file
+HEREDOC;
\ No newline at end of file
diff --git a/adm/sms_admin/form_group.php b/adm/sms_admin/form_group.php
index d91d061ac..4fb6cedc0 100644
--- a/adm/sms_admin/form_group.php
+++ b/adm/sms_admin/form_group.php
@@ -4,7 +4,7 @@ include_once("./_common.php");
 
 $colspan = 5;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "이모티콘 그룹";
 
@@ -67,8 +67,8 @@ function grouplist_submit(f)
 
 </script>
 
-<form name="group<?php echo $res['fg_no']?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
-<input type="hidden" name="fg_no" value="<?php echo $res['fg_no']?>">
+<form name="group<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
+<input type="hidden" name="fg_no" value="<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>">
 <div>
     <label for="fg_name">그룹명<strong class="sound_only"> 필수</strong></label>
     <input type="text" id="fg_name" name="fg_name" required class="required frm_input">
@@ -83,7 +83,7 @@ function grouplist_submit(f)
     <p>그룹명순으로 정렬됩니다.</p>
 </div>
 
-<form name="group<?php echo $group[$i]['fg_no']?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
+<form name="group<?php echo isset($group[$i]['fg_no']) ? $group[$i]['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
 <input type="hidden" name="w" value="u">
 
 <div class="tbl_head01 tbl_wrap">
@@ -173,5 +173,4 @@ function grouplist_submit(f)
 </form>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/form_group_move.php b/adm/sms_admin/form_group_move.php
index 27faa14d1..5b430a830 100644
--- a/adm/sms_admin/form_group_move.php
+++ b/adm/sms_admin/form_group_move.php
@@ -3,7 +3,10 @@
 $sub_menu = "900500";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
+$move_no = isset($_REQUEST['move_no']) ? (int) $_REQUEST['move_no'] : 0;
 
 if ($fg_no) 
 {
@@ -26,5 +29,4 @@ $group = sql_fetch("select * from {$g5['sms5_form_group_table']} where fg_no = '
 
 sql_query("update {$g5['sms5_form_table']} set fg_no = '$move_no', fg_member = '{$group['fg_member']}' where fg_no = '$fg_no'");
 
-goto_url('./form_group.php');
-?>
\ No newline at end of file
+goto_url('./form_group.php');
\ No newline at end of file
diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php
index d5257dcea..7daebb063 100644
--- a/adm/sms_admin/form_group_update.php
+++ b/adm/sms_admin/form_group_update.php
@@ -2,15 +2,17 @@
 $sub_menu = "900500";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$post_cnk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
 
 if ($w == 'u') // 업데이트
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
         $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
         $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
 
@@ -34,11 +36,11 @@ if ($w == 'u') // 업데이트
 }
 else if ($w == 'de') // 그룹삭제
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
 
         if (!is_numeric($fg_no))
             alert('그룹 고유번호가 없습니다.');
@@ -53,11 +55,11 @@ else if ($w == 'de') // 그룹삭제
 }
 else if ($w == 'em') 
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
 
         if ($fg_no == 'no') $fg_no = 0;
 
@@ -92,5 +94,4 @@ else // 등록
     sql_query("insert into {$g5['sms5_form_group_table']} set fg_name = '$fg_name'");
 }
 
-goto_url('./form_group.php');
-?>
\ No newline at end of file
+goto_url('./form_group.php');
\ No newline at end of file
diff --git a/adm/sms_admin/form_list.php b/adm/sms_admin/form_list.php
index dca08fb51..64b771ae3 100644
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 12;
 $colspan = 2;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $token = get_token();
 
@@ -13,7 +13,7 @@ $g5['title'] = "이모티콘 관리";
 
 if ($page < 1) $page = 1;
 
-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
 
 if (is_numeric($fg_no))
     $sql_group = " and fg_no='$fg_no' ";
@@ -237,5 +237,4 @@ function select_copy(sw, f) {
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/form_multi_update.php b/adm/sms_admin/form_multi_update.php
index f321a1577..d90793829 100644
--- a/adm/sms_admin/form_multi_update.php
+++ b/adm/sms_admin/form_multi_update.php
@@ -2,19 +2,22 @@
 $sub_menu = "900600";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
+$post_fo_no = (isset($_POST['fo_no']) && is_array($_POST['fo_no'])) ? $_POST['fo_no'] : array();
+$atype = isset($_POST['atype']) ? clean_xss_tags($_POST['atype'], 1, 1) : '';
+
 if($atype == "del"){
-    $count = count($_POST['fo_no']);
+    $count = count($post_fo_no);
     if(!$count)
         alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
 
     for ($i=0; $i<$count; $i++)
     {
         // 실제 번호를 넘김
-        $fo_no = (int) $_POST['fo_no'][$i];
+        $fo_no = (int) $post_fo_no[$i];
         if (!trim($fo_no)) continue;
 
         $res = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
diff --git a/adm/sms_admin/form_update.php b/adm/sms_admin/form_update.php
index 1eb78101a..3236eeee5 100644
--- a/adm/sms_admin/form_update.php
+++ b/adm/sms_admin/form_update.php
@@ -2,10 +2,11 @@
 $sub_menu = "900600";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
-$fo_name = isset($fo_name) ? strip_tags(clean_xss_attributes($fo_name)) : '';
-$fo_content = isset($fo_content) ? strip_tags(clean_xss_attributes($fo_content)) : '';
+$fo_name = isset($_REQUEST['fo_name']) ? strip_tags(clean_xss_attributes($_REQUEST['fo_name'])) : '';
+$fo_content = isset($_REQUEST['fo_content']) ? strip_tags(clean_xss_attributes($_REQUEST['fo_content'])) : '';
+$fo_receipt = isset($_REQUEST['fo_receipt']) ? clean_xss_tags($_REQUEST['fo_receipt'], 1, 1) : '';
 
 $g5['title'] = "이모티콘 업데이트";
 
@@ -77,5 +78,4 @@ else // 등록
 }
 
 $go_url = './form_list.php?page='.$page.'&amp;fg_no='.$get_fg_no;
-goto_url($go_url);
-?>
\ No newline at end of file
+goto_url($go_url);
\ No newline at end of file
diff --git a/adm/sms_admin/form_write.php b/adm/sms_admin/form_write.php
index b8e4913f7..a28671f38 100644
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@@ -2,11 +2,19 @@
 $sub_menu = "900600";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = "이모티콘 ";
 
-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fo_no = isset($_REQUEST['fo_no']) ? (int) $_REQUEST['fo_no'] : 0;
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : '';
+
+$write = array(
+'fg_no'=>null,
+'fo_no'=>null,
+'fo_name'=>'',
+'fo_content'=>''
+);
 
 if ($w == 'u' && is_numeric($fo_no)) {
     $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
@@ -14,6 +22,7 @@ if ($w == 'u' && is_numeric($fo_no)) {
 }
 else  {
     $write['fg_no'] = $fg_no;
+    $write['fo_no'] = $fo_no;
     $g5['title'] .= '추가';
 }
 
@@ -23,7 +32,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="book_form" method="post" action="form_update.php">
 <input type="hidden" name="w" value="<?php echo $w?>">
 <input type="hidden" name="page" value="<?php echo $page?>">
-<input type="hidden" name="fo_no" value="<?php echo $write['fo_no']?>">
+<input type="hidden" name="fo_no" value="<?php echo $write['fo_no']; ?>">
 <input type="hidden" name="get_fg_no" value="<?php echo $fg_no?>">
 
     <div class="tbl_frm01 tbl_wrap">
@@ -231,5 +240,4 @@ $(function(){
 </script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/history_list.php b/adm/sms_admin/history_list.php
index d3edc13e9..467cc33db 100644
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 20;
 $colspan = 11;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "문자전송 내역";
 
@@ -23,7 +23,7 @@ $total_page = (int)($total_count/$page_size) + ($total_count%$page_size==0 ? 0 :
 $page_start = $page_size * ( $page - 1 );
 
 $vnum = $total_count - (($page-1) * $page_size);
-
+$line = 0;
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
@@ -68,7 +68,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     while($res = sql_fetch_array($qry)) {
         $bg = 'bg'.($line++%2);
         $tmp_wr_memo = @unserialize($res['wr_memo']);
-        $dupli_count = $tmp_wr_memo['total'] ? $tmp_wr_memo['total'] : 0;
+        $dupli_count = (isset($tmp_wr_memo['total']) && $tmp_wr_memo['total']) ? (int) $tmp_wr_memo['total'] : 0;
     ?>
     <tr class="<?php echo $bg; ?>">
         <td class="td_numsmall"><?php echo $vnum--?></td>
@@ -94,5 +94,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php
index 043fdd3f0..6fe344a35 100644
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@@ -5,12 +5,14 @@ include_once('./_common.php');
 $page_size = 20;
 $colspan = 10;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "문자전송 내역 (번호별)";
 
 if ($page < 1) $page = 1;
 
+$line = 0;
+
 if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
     $st = '';
 }
@@ -107,5 +109,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/history_send.php b/adm/sms_admin/history_send.php
index 9b4f29600..12d51f0be 100644
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@@ -2,7 +2,9 @@
 $sub_menu = "900400";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;
 
 $g5['title'] = "문자전송중";
 
@@ -229,5 +231,4 @@ if($config['cf_sms_type'] == 'LMS') {
 location.href = 'history_view.php?wr_no=<?php echo $wr_no?>&wr_renum=<?php echo $new_wr_renum?>';
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 4ea64a885..1cf76df57 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -6,8 +6,12 @@ $spage_size = 20;
 $colspan = 10;
 $re_text = '';
 
-$st = isset($st) ? strip_tags($st) : '';
-$ssv = isset($ssv) ? strip_tags($ssv) : '';
+$st = isset($_REQUEST['st']) ? clean_xss_tags($_REQUEST['st'], 1, 1) : '';
+$ssv = isset($_REQUEST['ssv']) ? clean_xss_tags($_REQUEST['ssv'], 1, 1) : '';
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;
+$wr_renum = isset($_REQUEST['wr_renum']) ? (int) $_REQUEST['wr_renum'] : 0;
+$spage = isset($_REQUEST['spage']) ? (int) $_REQUEST['spage'] : 0;
+$line = 0;
 
 if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
     $st = '';
@@ -17,7 +21,7 @@ if( $sst && !in_array($sst, array('mb_id', 'bk_no', 'hs_name', 'hs_hp', 'hs_date
     $sst = '';
 }
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "문자전송 상세내역";
 
@@ -261,5 +265,4 @@ function all_send()
 <?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['SCRIPT_NAME']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/install.php b/adm/sms_admin/install.php
index 025ecda8e..c5405c3d2 100644
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@@ -2,11 +2,11 @@
 $sub_menu = "900000";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = "SMS5 솔루션 설치";
 
-$setup = $_POST['setup'];
+$setup = (isset($_POST['setup']) && $_POST['setup']) ? 1 : 0;
 
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
@@ -83,5 +83,4 @@ flush(); usleep(50000);
 <script>document.getElementById('sms5_btn_next').focus();</script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/member_update.php b/adm/sms_admin/member_update.php
index cf90a404e..0008c794f 100644
--- a/adm/sms_admin/member_update.php
+++ b/adm/sms_admin/member_update.php
@@ -2,7 +2,7 @@
 $sub_menu = "900200";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "회원정보 업데이트";
 
@@ -19,7 +19,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
     </div>
     <div class="local_desc01 local_desc">
         <p>
-            마지막 업데이트 일시 : <span id="datetime"><?php echo $sms5['cf_datetime']?></span> <br>
+            마지막 업데이트 일시 : <span id="datetime"><?php echo isset($sms5['cf_datetime']) ? get_sanitize_input($sms5['cf_datetime']) : ''; ?></span> <br>
         </p>
     </div>
 
@@ -64,5 +64,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 </script>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php
index 94efc229c..aeea60f48 100644
--- a/adm/sms_admin/member_update_run.php
+++ b/adm/sms_admin/member_update_run.php
@@ -3,6 +3,8 @@ $sub_menu = "900200";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
+$mtype = isset($_REQUEST['mtype']) ? clean_xss_tags($_REQUEST['mtype'], 1, 1) : '';
+
 if(empty($config['cf_sms_use'])){
     if( $mtype == "json" ){
         die("{\"error\":\"환경 설정의 SMS 사용에서 아이코드를 사용설정해 주셔야 실행할수 있습니다.\"}");
@@ -19,9 +21,9 @@ if( !function_exists('json_encode') ) {
 }
 
 if( $mtype == "json" ){
-    ajax_auth_check($auth[$sub_menu], "w");
+    ajax_auth_check_menu($auth, $sub_menu, "w");
 } else {
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 }
 
 $count      = 0;
@@ -126,5 +128,4 @@ if( $mtype == "json" ){
     die( json_encode($json_msg) );
 } else {
     die( $msg );
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index d6a658567..4e89db11f 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 20;
 $colspan = 9;
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $token = get_token();
 
@@ -13,8 +13,8 @@ $g5['title'] = "휴대폰번호 관리";
 
 if ($page < 1) $page = 1;
 
-$bg_no = isset($bg_no) ? preg_replace('/[^0-9]/i', '', $bg_no) : '';
-$st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';
+$bg_no = isset($_REQUEST['bg_no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['bg_no']) : '';
+$st = isset($_REQUEST['st']) ? preg_replace('/[^a-z0-9]/i', '', $_REQUEST['st']) : '';
 
 $sql_korean = $sql_group = $sql_search = $sql_no_hp = '';
 
@@ -33,6 +33,9 @@ if ($st == 'all') {
     $sql_search = '';
 }
 
+$ap = isset($_GET['ap']) ? (int) $_GET['ap'] : 0;
+$no_hp = isset($_GET['no_hp']) ? preg_replace('/[^0-9a-z_]/i', '', $_GET['no_hp']) : 0;
+
 if ($ap > 0)
     $sql_korean = korean_index('bk_name', $ap-1);
 else {
@@ -104,7 +107,7 @@ function no_hp_click(val)
 </script>
 
 <div class="local_ov01 local_ov">
-    <span class="btn_ov01"><span class="ov_txt">업데이트 </span><span class="ov_num"><?php echo $sms5['cf_datetime']?></span></span>
+    <span class="btn_ov01"><span class="ov_txt">업데이트 </span><span class="ov_num"><?php echo isset($sms5['cf_datetime']) ? $sms5['cf_datetime'] : ''; ?></span></span>
     <span class="btn_ov01"><span class="ov_txt"> 건수  </span><span class="ov_num"><?php echo number_format($total_count)?>명</span></span>
     <span class="btn_ov01"><span class="ov_txt"> 회원  </span><span class="ov_num"> <?php echo number_format($member_count)?>명</span></span>
     <span class="btn_ov01"><span class="ov_txt"> 비회원  </span><span class="ov_num"> <?php echo number_format($no_member_count)?>명</span></span>
@@ -262,5 +265,4 @@ function select_copy(sw, f) {
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_file.php b/adm/sms_admin/num_book_file.php
index ed4f6f35b..abaa1912a 100644
--- a/adm/sms_admin/num_book_file.php
+++ b/adm/sms_admin/num_book_file.php
@@ -2,7 +2,7 @@
 $sub_menu = "900900";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "휴대폰번호 파일";
 
@@ -154,5 +154,4 @@ function download()
 }
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_file_download.php b/adm/sms_admin/num_book_file_download.php
index 65c1bdaa1..55d8e6f0d 100644
--- a/adm/sms_admin/num_book_file_download.php
+++ b/adm/sms_admin/num_book_file_download.php
@@ -2,7 +2,10 @@
 $sub_menu = "900900";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+$bg_no = isset($_REQUEST['bg_no']) ? clean_xss_tags($_REQUEST['bg_no'], 1, 1) : '';
+$no_hp = isset($_REQUEST['no_hp']) ? clean_xss_tags($_REQUEST['no_hp'], 1, 1) : '';
+
+auth_check_menu($auth, $sub_menu, "r");
 
 if ($bg_no != 'all' && $bg_no < 1)
     alert_just('다운로드 할 휴대폰번호 그룹을 선택해주세요.');
@@ -18,50 +21,49 @@ if (!$total['cnt']) alert_just('데이터가 없습니다.');
 
 $qry = sql_query("select * from {$g5['sms5_book_table']} where 1 $sql_bg $sql_hp order by bk_name");
 
-/*================================================================================
-php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
-=================================================================================*/
+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}
 
-include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
-include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
+include_once(G5_LIB_PATH.'/PHPExcel.php');
+$excel = new PHPExcel();
 
-$fname = tempnam(G5_DATA_PATH, "tmp.xls");
-$workbook = new writeexcel_workbook($fname);
-$worksheet = $workbook->addworksheet();
-
-$num2_format =& $workbook->addformat(array(num_format => '\0#'));
-
-// Put Excel data
-$data = array('이름', '전화번호');
-$data = array_map('iconv_euckr', $data);
+$headers = array('이름', '전화번호');
+$widths  = array(18, 25);
+$header_bgcolor = 'FFABCDEF';
+$last_char = column_char(count($headers) - 1);
+$rows = array();
 
 $col = 0;
-foreach($data as $cell) {
-    $worksheet->write(0, $col++, $cell);
-}
 
 for($i=1; $res=sql_fetch_array($qry); $i++)
 {
-    $res = array_map('iconv_euckr', $res);
+    //$res = array_map('iconv_euckr', $res);
 
     $hp = get_hp($res['bk_hp'], $hyphen);
 
     if ($no_hp && $res['bk_hp'] != '' && !$hp) continue;
 
-    $worksheet->write($i, 0, $res['bk_name']);
-    $worksheet->write($i, 1, $hp, $num2_format);
+    $rows[] = array($res['bk_name'], ' '.$hp);
 }
 
-$workbook->close();
+$data = array_merge(array($headers), $rows);
+
+$excel->setActiveSheetIndex(0)->getStyle( "A1:${last_char}1" )->getFill()->setFillType(PHPExcel_Style_Fill::FILL_SOLID)->getStartColor()->setARGB($header_bgcolor);
+$excel->setActiveSheetIndex(0)->getStyle( "A:$last_char" )->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_CENTER)->setWrapText(true);
+foreach($widths as $i => $w) $excel->setActiveSheetIndex(0)->getColumnDimension( column_char($i) )->setWidth($w);
+$excel->getActiveSheet()->fromArray($data,NULL,'A1');
 
 $filename = "휴대폰번호목록-".date("ymd", time()).".xls";
 if( is_ie() ) $filename = utf2euc($filename);
 
-header("Content-Type: application/x-msexcel; name=".$filename);
-header("Content-Disposition: inline; filename=".$filename);
-$fh=fopen($fname, "rb");
-fpassthru($fh);
-unlink($fname);
+header("Content-Type: application/octet-stream");
+header("Content-Disposition: attachment; filename=".$filename);
+header("Cache-Control: max-age=0");
 
-exit;
-?>
\ No newline at end of file
+$writer = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
+$writer->save('php://output');
+
+exit;
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_file_upload.php b/adm/sms_admin/num_book_file_upload.php
index c1fa4cdda..0c07d9ea9 100644
--- a/adm/sms_admin/num_book_file_upload.php
+++ b/adm/sms_admin/num_book_file_upload.php
@@ -2,14 +2,17 @@
 $sub_menu = "900900";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$upload_bg_no = isset($_REQUEST['upload_bg_no']) ? clean_xss_tags($_REQUEST['upload_bg_no'], 1, 1) : '';
+$confirm = isset($_REQUEST['confirm']) ? clean_xss_tags($_REQUEST['confirm'], 1, 1) : '';
 
 if (!$upload_bg_no)
     alert_after('그룹을 선택해주세요.');
 
 $bg_no = $upload_bg_no;
 
-if (!$_FILES['csv']['size']) 
+if (! (isset($_FILES['csv']['size']) && $_FILES['csv']['size'])) 
     alert_after('파일을 선택해주세요.');
 
 $file = $_FILES['csv']['tmp_name'];
@@ -18,6 +21,12 @@ $filename = $_FILES['csv']['name'];
 $pos = strrpos($filename, '.');
 $ext = strtolower(substr($filename, $pos, strlen($filename)));
 
+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}
+
 switch ($ext) {
     case '.csv' :
         $data = file($file);
@@ -36,16 +45,17 @@ switch ($ext) {
         }
         break;
     case '.xls' :
-        include_once(G5_LIB_PATH.'/Excel/reader.php');
-        $data = new Spreadsheet_Excel_Reader();
+    case '.xlsx' :
+        include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
+        $objPHPExcel = PHPExcel_IOFactory::load($file);
+        $sheet = $objPHPExcel->getSheet(0);
+
+        $num_rows = $sheet->getHighestRow();
+        $highestColumn = $sheet->getHighestColumn();
 
-        // Set output Encoding.
-        $data->setOutputEncoding('UTF-8');
-        $data->read($file);
-        $num_rows = $data->sheets[0]['numRows'];
         break;
     default :
-        alert_after('xls파일과 csv파일만 허용합니다.');
+        alert_after('xls파일 xlsx파일과 csv파일만 허용합니다.');
 }
 
 $counter = 0;
@@ -54,6 +64,8 @@ $failure = 0;
 $inner_overlap = 0;
 $overlap = 0;
 $arr_hp = array();
+$dupl_hp = array();
+$regi_hp = array();
 $encode = array('ASCII','UTF-8','EUC-KR');
 
 for ($i = 1; $i <= $num_rows; $i++) {
@@ -71,18 +83,25 @@ for ($i = 1; $i <= $num_rows; $i++) {
             $hp   = addslashes($csv[$i][1]);
             break;
         case '.xls' :
-            $name = addslashes($data->sheets[0]['cells'][$i][$j++]);
-            $str_encode = @mb_detect_encoding($name, $encode);
-            if( $str_encode == "EUC-KR" ){
-                $name = iconv_utf8( $name );
+        case '.xlsx' :
+            $rowData = $sheet->rangeToArray('A' . $i . ':' . $highestColumn . $i,
+                                                NULL,
+                                                TRUE,
+                                                FALSE);
+            $name = isset($rowData[0][0]) ? addslashes($rowData[0][0]) : '';
+            if( $name ){
+                $str_encode = @mb_detect_encoding($name, $encode);
+                if( $str_encode == "EUC-KR" ){
+                    $name = iconv_utf8( $name );
+                }
             }
-            $hp   = addslashes(get_hp($data->sheets[0]['cells'][$i][$j++]));
+            $hp   = isset($rowData[0][1]) ? addslashes(get_hp($rowData[0][1])) : '';
             break;
     }
+
     if (!(strlen($name)&&$hp))
     {
         $failure++;
-
     } else {
         if (in_array($hp, $arr_hp))
         {
@@ -92,15 +111,17 @@ for ($i = 1; $i <= $num_rows; $i++) {
             array_push($arr_hp, $hp);
 
             $res = sql_fetch("select * from {$g5['sms5_book_table']} where bk_hp='$hp'");
-            if ($res) 
+
+            if (isset($res['bk_hp']) && $res['bk_hp']) 
             {
+                array_push($dupl_hp, $hp);
                 $overlap++;
-            } 
-            else if (!$confirm && $hp) 
-            {
+            } else if (!$confirm && $hp) {
                 sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($name)."', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
                 sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, bg_receipt = bg_receipt + 1 where bg_no='$bg_no'");
                 $success++;
+            } else {
+                array_push($regi_hp, $hp);
             }
         }
     }
@@ -127,7 +148,7 @@ html += \"<li>중복번호 ".number_format($overlap)." 건<div id=\\\"overlap\\\
 if ($result)
 {
     if ($confirm) {
-        echo "html += \"<li class=\\\"sms5_txt_success\\\">등록가능 ".number_format($result)." 건\";";
+        echo "html += \"<li class=\\\"sms5_txt_success\\\">등록가능 ".number_format($result)." 건<div id=\\\"regi_hps\\\" class=\\\"local_desc01 local_desc\\\"></div>\";";
         echo "html += \"<br><button type=\\\"button\\\" id=\\\"btn_fileup\\\" class=\\\"btn_submit\\\" onclick=\\\"upload(1)\\\">등록하기</button>\";";
     }
     else
@@ -143,16 +164,27 @@ parent.document.getElementById('uploading').style.display = 'none';
 parent.document.getElementById('register').style.display = 'none';
 
 info.style.display = 'block';
-info.innerHTML = html;
+info.innerHTML = html;";
 
-parent.document.getElementById('overlap').innerHTML = '<p><b>중복번호 목록</b><br>';";
+if( $dupl_hp ) {
+    echo "parent.document.getElementById('overlap').innerHTML = '<p><b>중복번호 목록</b><br>';";
 
-for ($i=0; $i<count($arr_hp); $i++){
-echo "parent.document.getElementById('overlap').innerHTML += '".$arr_hp[$i]."<br>';\n";
+    for ($i=0; $i<count($dupl_hp); $i++){
+        echo "parent.document.getElementById('overlap').innerHTML += '".$dupl_hp[$i]."<br>';\n";
+    }
+    echo "parent.document.getElementById('overlap').innerHTML += '</p>';\n";
 }
-echo "parent.document.getElementById('overlap').innerHTML += '</p>';\n";
-echo "</script>";
 
+if( $regi_hp ) {
+    echo "parent.document.getElementById('regi_hps').innerHTML = '<p><b>등록가능 목록</b><br>';";
+
+    for ($i=0; $i<count($regi_hp); $i++){
+        echo "parent.document.getElementById('regi_hps').innerHTML += '".$regi_hp[$i]."<br>';\n";
+    }
+    echo "parent.document.getElementById('regi_hps').innerHTML += '</p>';\n";
+}
+
+echo "</script>";
 
 function alert_after($str) {
     echo "<script>
@@ -162,5 +194,4 @@ function alert_after($str) {
     parent.document.getElementById('upload_info').style.display = 'none';
     </script>";
     alert_just($str);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_move.php b/adm/sms_admin/num_book_move.php
index f69248d89..e59013fb1 100644
--- a/adm/sms_admin/num_book_move.php
+++ b/adm/sms_admin/num_book_move.php
@@ -11,12 +11,12 @@ if ($sw == 'move'){
     alert('sw 값이 제대로 넘어오지 않았습니다.');
 }
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = '번호그룹 ' . $act;
 include_once(G5_PATH.'/head.sub.php');
 
-$bk_no_list = implode(',', $_POST['bk_no']);
+$bk_no_list = isset($_POST['bk_no']) ? implode(',', $_POST['bk_no']) : '';
 
 $sql = " select * from {$g5['sms5_book_group_table']} order by bg_no ";
 $result = sql_query($sql);
@@ -124,5 +124,4 @@ function fboardmoveall_submit(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_multi_update.php b/adm/sms_admin/num_book_multi_update.php
index 5919a7f61..e1f579e76 100644
--- a/adm/sms_admin/num_book_multi_update.php
+++ b/adm/sms_admin/num_book_multi_update.php
@@ -2,13 +2,15 @@
 $sub_menu = "900800";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = "전화번호부";
 
-for ($i=0; $i<count($_POST['bk_no']); $i++) 
+$post_bk_no = (isset($_POST['bk_no']) && is_array($_POST['bk_no'])) ? $_POST['bk_no'] : array();
+
+for ($i=0; $i<count($post_bk_no); $i++) 
 {
-    $bk_no = $_POST['bk_no'][$i];
+    $bk_no = $post_bk_no[$i];
     if (!trim($bk_no)) continue;
 
     $res = sql_fetch("select * from {$g5['sms5_book_table']} where bk_no='$bk_no'");
@@ -59,5 +61,4 @@ for ($i=0; $i<count($_POST['bk_no']); $i++)
 if( $str_query ){
     $str_query = '?'.$str_query;
 }
-goto_url('./num_book.php'.$str_query);
-?>
\ No newline at end of file
+goto_url('./num_book.php'.$str_query);
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php
index 079c5eae1..6358e2017 100644
--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@@ -2,7 +2,7 @@
 $sub_menu = "900800";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $g5['title'] = "휴대폰번호 업데이트";
 
@@ -10,10 +10,11 @@ $g5['sms5_demo'] = 0;
 
 $is_hp_exist = false;
 
-$bk_hp = get_hp($bk_hp);
+$bk_hp = isset($_REQUEST['bk_hp']) ? get_hp($_REQUEST['bk_hp']) : '';
 
-$bk_memo = strip_tags($bk_memo);
-$bk_name = strip_tags($bk_name);
+$bk_memo = isset($_REQUEST['bk_memo']) ? strip_tags($_REQUEST['bk_memo']) : '';
+$bk_name = isset($_REQUEST['bk_name']) ? strip_tags($_REQUEST['bk_name']) : '';
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
 
 if ($w=='u') // 업데이트
 {
@@ -54,7 +55,7 @@ if ($w=='u') // 업데이트
         // 휴대폰번호 중복체크
         $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
         $mb_hp_exist = sql_fetch($sql);
-        if ($mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
+        if (isset($mb_hp_exist['mb_id']) && $mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
             $is_hp_exist = true;
         } else {
              sql_query("update {$g5['member_table']} set mb_name='".addslashes($bk_name)."', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
@@ -136,5 +137,4 @@ else // 등록
 }
 
 $go_url = './num_book.php?page='.$page.'&amp;bg_no='.$get_bg_no.'&amp;ap='.$ap;
-goto_url($go_url);
-?>
\ No newline at end of file
+goto_url($go_url);
\ No newline at end of file
diff --git a/adm/sms_admin/num_book_write.php b/adm/sms_admin/num_book_write.php
index 665673472..7890ee90f 100644
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@@ -3,8 +3,11 @@ $sub_menu = "900800";
 include_once("./_common.php");
 
 $colspan = 4;
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$ap = isset($_REQUEST['ap']) ? clean_xss_tags($_REQUEST['ap'], 1, 1) : '';
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "휴대폰번호 ";
 
@@ -184,12 +187,12 @@ function book_submit(){
                 var $check_msg = $("#hp_check_el");
 
                 if( !list_text ){ // 중복 휴대폰 번호가 없다면 submit
-                    if($check_msg.size()> 0)
+                    if($check_msg.length > 0)
                         $check_msg.remove();
 
                     is_submit = true;
                 } else {
-                    if($check_msg.size() < 1)
+                    if($check_msg.length < 1)
                         $("input#bk_hp").after("<div id=\"hp_check_el\"><h3>이 번호를 쓰는 회원 정보</h3><ul></ul></div>");
 
                     $("#hp_check_el").find("ul").html( list_text );
@@ -210,5 +213,4 @@ function book_submit(){
 }
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_group.php b/adm/sms_admin/num_group.php
index 2da088f9c..880774b2e 100644
--- a/adm/sms_admin/num_group.php
+++ b/adm/sms_admin/num_group.php
@@ -2,7 +2,7 @@
 $sub_menu = "900700";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
 $g5['title'] = "휴대폰번호 그룹";
 
@@ -77,8 +77,8 @@ function num_group_submit(f)
     <span class="btn_ov01"><span class="ov_txt">건수</span><span class="ov_num"> <?php echo $total_count; ?>건 </span></span>
 </div>
 
-<form name="group<?php echo $res['bg_no']?>" method="get" action="./num_group_update.php" class="local_sch02 local_sch">
-<input type="hidden" name="bg_no" value="<?php echo $res['bg_no']?>">
+<form name="group<?php echo isset($res['bg_no']) ? $res['bg_no'] : ''; ?>" method="get" action="./num_group_update.php" class="local_sch02 local_sch">
+<input type="hidden" name="bg_no" value="<?php echo isset($res['bg_no']) ? $res['bg_no'] : ''; ?>">
 
 <div>
     <label for="bg_name" class="sound_only">그룹추가<strong class="sound_only"> 필수</strong></label>
@@ -185,5 +185,4 @@ function num_group_submit(f)
 
 </form>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_group_move.php b/adm/sms_admin/num_group_move.php
index 733585c16..689fdcd37 100644
--- a/adm/sms_admin/num_group_move.php
+++ b/adm/sms_admin/num_group_move.php
@@ -3,12 +3,18 @@
 $sub_menu = "900700";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$move_no = isset($_REQUEST['move_no']) ? (int) $_REQUEST['move_no'] : 0;
+
+auth_check_menu($auth, $sub_menu, "w");
 
 $res = sql_fetch("select * from {$g5['sms5_book_group_table']} where bg_no='$bg_no'");
-sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + {$res['bg_count']}, bg_member = bg_member + {$res['bg_member']}, bg_nomember = bg_nomember + {$res['bg_nomember']}, bg_receipt = bg_receipt + {$res['bg_receipt']}, bg_reject = bg_reject + {$res['bg_reject']} where bg_no='$move_no'");
-sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
-sql_query("update {$g5['sms5_book_table']} set bg_no='$move_no' where bg_no='$bg_no'");
 
-goto_url('./num_group.php');
-?>
\ No newline at end of file
+if( $res ) {
+    sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + {$res['bg_count']}, bg_member = bg_member + {$res['bg_member']}, bg_nomember = bg_nomember + {$res['bg_nomember']}, bg_receipt = bg_receipt + {$res['bg_receipt']}, bg_reject = bg_reject + {$res['bg_reject']} where bg_no='$move_no'");
+    sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$move_no' where bg_no='$bg_no'");
+}
+
+goto_url('./num_group.php');
\ No newline at end of file
diff --git a/adm/sms_admin/num_group_update.php b/adm/sms_admin/num_group_update.php
index dffeab6ee..abd3407b0 100644
--- a/adm/sms_admin/num_group_update.php
+++ b/adm/sms_admin/num_group_update.php
@@ -2,16 +2,18 @@
 $sub_menu = "900700";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+$post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
+
+auth_check_menu($auth, $sub_menu, "w");
 
 if ($w == 'u') // 업데이트
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
-        $bg_name = strip_tags(clean_xss_attributes($_POST['bg_name'][$k]));
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;
+        $bg_name = isset($_POST['bg_name'][$k]) ? strip_tags(clean_xss_attributes($_POST['bg_name'][$k])) : '';
 
         if (!is_numeric($bg_no))
             alert('그룹 고유번호가 없습니다.');
@@ -32,11 +34,11 @@ if ($w == 'u') // 업데이트
 }
 else if ($w == 'de') // 그룹삭제
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;
 
         if (!is_numeric($bg_no))
             alert('그룹 고유번호가 없습니다.');
@@ -51,11 +53,11 @@ else if ($w == 'de') // 그룹삭제
 }
 else if ($w == 'em') // 비우기
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
     {
         // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;
 
         sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
         sql_query("delete from {$g5['sms5_book_table']} where bg_no='$bg_no'");
@@ -63,7 +65,7 @@ else if ($w == 'em') // 비우기
 }
 else // 등록
 {
-    $bg_name = strip_tags(clean_xss_attributes($bg_name));
+    $bg_name = isset($_POST['bg_name']) ? strip_tags(clean_xss_attributes($_POST['bg_name'])) : '';
 
     if (!strlen(trim($bg_name)))
         alert('그룹명을 입력해주세요');
@@ -75,5 +77,4 @@ else // 등록
     sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
 }
 
-goto_url('./num_group.php');
-?>
\ No newline at end of file
+goto_url('./num_group.php');
\ No newline at end of file
diff --git a/adm/sms_admin/number_move_update.php b/adm/sms_admin/number_move_update.php
index 76ad32fcb..f1925645f 100644
--- a/adm/sms_admin/number_move_update.php
+++ b/adm/sms_admin/number_move_update.php
@@ -1,12 +1,14 @@
 <?php
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
 
-if(!count($_POST['chk_bg_no']))
+$post_chk_bg_no = isset($_POST['chk_bg_no']) ? $_POST['chk_bg_no'] : array();
+
+if(!count($post_chk_bg_no))
     alert('번호를 '.$act.'할 그룹을 한개 이상 선택해 주십시오.', $url);
 
-$bk_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $bk_no_list);
+$bk_no_list = isset($_POST['bk_no_list']) ? preg_replace('/[^a-zA-Z0-9\, ]/', '', $_POST['bk_no_list']) : '';
 
 $sql = "select * from {$g5['sms5_book_table']} where bk_no in ($bk_no_list) order by bk_no desc ";
 $result = sql_query($sql);
@@ -16,9 +18,9 @@ $save_group = array();
 for ($kk=0;$row = sql_fetch_array($result);$kk++)
 {
     $bk_no = $row['bk_no'];
-    for ($i=0; $i<count($_POST['chk_bg_no']); $i++)
+    for ($i=0; $i<count($post_chk_bg_no); $i++)
     {
-        $bg_no = $_POST['chk_bg_no'][$i];
+        $bg_no = $post_chk_bg_no[$i];
         if( !$bg_no ) continue;
 
         $sql = " insert into {$g5['sms5_book_table']}
@@ -82,5 +84,4 @@ window.close();
 </p>
 <a href="$opener_href">돌아가기</a>
 </noscript>
-HEREDOC;
-?>
\ No newline at end of file
+HEREDOC;
\ No newline at end of file
diff --git a/adm/sms_admin/sms_write.php b/adm/sms_admin/sms_write.php
index 77754a97c..c09090e2a 100644
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@@ -2,7 +2,11 @@
 $sub_menu = "900300";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
+
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$fo_no = isset($_REQUEST['fo_no']) ? (int) $_REQUEST['fo_no'] : 0;
 
 $g5['title'] = "문자 보내기";
 
@@ -10,7 +14,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
 
 <div class="local_ov01 local_ov">
-    회원정보 최근 업데이트 : <?php echo $sms5['cf_datetime']?>
+    회원정보 최근 업데이트 : <?php echo isset($sms5['cf_datetime']) ? $sms5['cf_datetime'] : ''; ?>
 </div>
 
 <?php
@@ -114,7 +118,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
 
         <div id="write_reply">
             <label for="wr_reply">회신<strong class="sound_only"> 필수</strong></label>
-            <input type="text" name="wr_reply" value="<?php echo $sms5['cf_phone']?>" id="wr_reply" required class="frm_input required" size="17" maxlength="20" readonly="readonly">
+            <input type="text" name="wr_reply" value="<?php echo isset($sms5['cf_phone']) ? get_sanitize_input($sms5['cf_phone']) : ''; ?>" id="wr_reply" required class="frm_input required" size="17" maxlength="20" readonly="readonly">
         </div>
 
         <div id="write_recv" class="write_inner">
@@ -831,5 +835,4 @@ var sms_obj={
 <?php } ?>
 
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php
index 103535b5e..f9421d9f4 100644
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@@ -6,9 +6,9 @@ $qry = sql_query("select * from {$g5['sms5_form_group_table']} order by fg_name"
 while ($res = sql_fetch_array($qry)) array_push($group, $res);
 
 $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
-$no_count = $res['cnt'];
+$no_count = isset($res['cnt']) ? $res['cnt'] : 0;
 
-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
 ?>
 
 <form name="emo_frm">
diff --git a/adm/sms_admin/sms_write_overlap_check.php b/adm/sms_admin/sms_write_overlap_check.php
index 100ed6ba3..8dc7f7722 100644
--- a/adm/sms_admin/sms_write_overlap_check.php
+++ b/adm/sms_admin/sms_write_overlap_check.php
@@ -2,12 +2,14 @@
 $sub_menu = "900300";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 $list = $hps = array();
 
 $overlap = 0;
 
+$send_list = isset($_REQUEST['send_list']) ? clean_xss_tags($_REQUEST['send_list'], 1, 1) : '';
+
 if( !$send_list ){
     die("넘어온 데이터 값이 없습니다.");
 }
@@ -65,5 +67,4 @@ while ($row = array_shift($send_list))
 if ($overlap)
     die("중복되는 휴대폰번호가 $overlap 건 있습니다. ");
 else
-    die("중복되는 휴대폰번호가 없습니다. ");
-?>
\ No newline at end of file
+    die("중복되는 휴대폰번호가 없습니다. ");
\ No newline at end of file
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index e88bdae46..9cd072f08 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -2,7 +2,7 @@
 $sub_menu = "900300";
 include_once("./_common.php");
 
-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
 
 check_admin_token();
 
@@ -24,8 +24,15 @@ if ( ! (($config['cf_icode_id'] && $config['cf_icode_pw']) || $config['cf_icode_
     alert('아이코드 설정값이 존재하지 않습니다.');
 }
 
-$wr_reply   = preg_replace('#[^0-9\-]#', '', trim($wr_reply));
-$wr_message = clean_xss_tags(trim($wr_message));
+$wr_reply   = isset($_REQUEST['wr_reply']) ? preg_replace('#[^0-9\-]#', '', trim($_REQUEST['wr_reply'])) : '';
+$wr_message = isset($_REQUEST['wr_message']) ? clean_xss_tags(trim($_REQUEST['wr_message'])) : '';
+$send_list = isset($_REQUEST['send_list']) ? clean_xss_tags(trim($_REQUEST['send_list']), 1, 1) : '';
+
+$wr_by = isset($_REQUEST['wr_by']) ? clean_xss_tags(trim($_REQUEST['wr_by']), 1, 1) : '';
+$wr_bm = isset($_REQUEST['wr_bm']) ? clean_xss_tags(trim($_REQUEST['wr_bm']), 1, 1) : '';
+$wr_bd = isset($_REQUEST['wr_bd']) ? clean_xss_tags(trim($_REQUEST['wr_bd']), 1, 1) : '';
+$wr_bh = isset($_REQUEST['wr_bh']) ? clean_xss_tags(trim($_REQUEST['wr_bh']), 1, 1) : '';
+$wr_bi = isset($_REQUEST['wr_bi']) ? clean_xss_tags(trim($_REQUEST['wr_bi']), 1, 1) : '';
 
 if (!$wr_reply)
     win_close_alert('회신 번호를 숫자, - 로 입력해주세요.');
@@ -359,5 +366,4 @@ function win_close_alert($msg) {
 location.href = 'history_view.php?wr_no=<?php echo $wr_no?>';
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
\ No newline at end of file
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
\ No newline at end of file
diff --git a/adm/theme.php b/adm/theme.php
index 32eb294eb..ceeea78c5 100644
--- a/adm/theme.php
+++ b/adm/theme.php
@@ -75,5 +75,4 @@ include_once('./admin.head.php');
 <?php } ?>
 
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/theme_config_load.php b/adm/theme_config_load.php
index 8b23356d3..074b93354 100644
--- a/adm/theme_config_load.php
+++ b/adm/theme_config_load.php
@@ -6,7 +6,7 @@ include_once(G5_LIB_PATH.'/json.lib.php');
 $data = array();
 $data['error'] = '';
 
-$data['error'] = auth_check($auth[$sub_menu], 'w', true);
+$data['error'] = auth_check_menu($auth, $sub_menu, 'w', true);
 if($data['error'])
     die(json_encode($data));
 
@@ -182,5 +182,4 @@ if($type == 'board') {
         $data['error'] = '적용할 테마 설정이 없습니다.';
 }
 
-die(json_encode($data));
-?>
\ No newline at end of file
+die(json_encode($data));
\ No newline at end of file
diff --git a/adm/theme_preview.php b/adm/theme_preview.php
index 9255dc179..4ec2521ab 100644
--- a/adm/theme_preview.php
+++ b/adm/theme_preview.php
@@ -11,7 +11,8 @@ if(!$theme || !in_array($theme, $theme_dir))
 $info = get_theme_info($theme);
 
 $arr_mode = array('index', 'list', 'view', 'shop', 'ca_list', 'item');
-$mode = substr(strip_tags($_GET['mode']), 0, 20);
+$mode = isset($_GET['mode']) ? substr(strip_tags($_GET['mode']), 0, 20) : '';
+
 if(!in_array($mode, $arr_mode))
     $mode = 'index';
 
@@ -195,5 +196,4 @@ require_once(G5_PATH.'/head.sub.php');
 </section>
 
 <?php
-require_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+require_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/adm/theme_update.php b/adm/theme_update.php
index 5eeb69dba..b866f5603 100644
--- a/adm/theme_update.php
+++ b/adm/theme_update.php
@@ -7,10 +7,13 @@ if ($is_admin != 'super')
 
 admin_referer_check();
 
-$theme = trim($_POST['theme']);
+$theme = isset($_POST['theme']) ? trim($_POST['theme']) : '';
+$post_type = isset($_POST['type']) ? clean_xss_tags($_POST['type'], 1, 1) : '';
+$post_set_default_skin = isset($_POST['set_default_skin']) ? clean_xss_tags($_POST['set_default_skin'], 1, 1) : '';
+
 $theme_dir = get_theme_dir();
 
-if($_POST['type'] == 'reset') {
+if($post_type == 'reset') {
     $sql = " update {$g5['config_table']} set cf_theme = '' ";
     sql_query($sql);
     die('');
@@ -24,7 +27,7 @@ $sql = " update {$g5['config_table']} set cf_theme = '$theme' ";
 sql_query($sql);
 
 // 테마 설정 스킨 적용
-if($_POST['set_default_skin'] == 1) {
+if($post_set_default_skin == 1) {
     $keys = 'set_default_skin, cf_member_skin, cf_mobile_member_skin, cf_new_skin, cf_mobile_new_skin, cf_search_skin, cf_mobile_search_skin, cf_connect_skin, cf_mobile_connect_skin, cf_faq_skin, cf_mobile_faq_skin, qa_skin, qa_mobile_skin, de_shop_skin, de_shop_mobile_skin';
 
     $tconfig = get_theme_config_value($theme, $keys);
@@ -88,7 +91,6 @@ if($_POST['set_default_skin'] == 1) {
     }
 }
 
-run_event('adm_theme_update', $theme, $_POST['set_default_skin']);
+run_event('adm_theme_update', $theme, $post_set_default_skin);
 
-die('');
-?>
\ No newline at end of file
+die('');
\ No newline at end of file
diff --git a/adm/thumbnail_file_delete.php b/adm/thumbnail_file_delete.php
index 47f40c918..edbb7a610 100644
--- a/adm/thumbnail_file_delete.php
+++ b/adm/thumbnail_file_delete.php
@@ -68,5 +68,4 @@ echo '<div class="local_desc01 local_desc"><p><strong>썸네일 '.$cnt.'건의 
 ?>
 
 <?php
-include_once('./admin.tail.php');
-?>
\ No newline at end of file
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/view.php b/adm/view.php
index 777bd326e..057eea104 100644
--- a/adm/view.php
+++ b/adm/view.php
@@ -24,5 +24,4 @@ include_once ('./admin.head.php');
 
 run_event('admin_get_page_'.$call, $arr_query, $token);
 
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_browser.php b/adm/visit_browser.php
index 15cc0c297..6b2737e5c 100644
--- a/adm/visit_browser.php
+++ b/adm/visit_browser.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '브라우저별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 5;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select * from {$g5['visit_table']}
             where vi_date between '{$fr_date}' and '{$to_date}' ";
 $result = sql_query($sql);
@@ -19,7 +24,11 @@ while ($row=sql_fetch_array($result)) {
     if(!$s)
         $s = get_brow($row['vi_agent']);
 
-    $arr[$s]++;
+    if( isset($arr[$s]) ){
+        $arr[$s]++;
+    } else {
+        $arr[$s] = 1;
+    }
 
     if ($arr[$s] > $max) $max = $arr[$s];
 
@@ -93,5 +102,4 @@ while ($row=sql_fetch_array($result)) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_date.php b/adm/visit_date.php
index 967f4e8e9..3b552cda5 100644
--- a/adm/visit_date.php
+++ b/adm/visit_date.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '일별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 4;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select vs_date, vs_count as cnt
             from {$g5['visit_sum_table']}
             where vs_date between '{$fr_date}' and '{$to_date}'
@@ -82,5 +87,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_delete.php b/adm/visit_delete.php
index 99fe62e49..16390c3ee 100644
--- a/adm/visit_delete.php
+++ b/adm/visit_delete.php
@@ -2,7 +2,7 @@
 $sub_menu = "200820";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = '접속자로그삭제';
 include_once('./admin.head.php');
@@ -91,5 +91,4 @@ function form_submit(f)
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_delete_update.php b/adm/visit_delete_update.php
index 716eec63f..d19006981 100644
--- a/adm/visit_delete_update.php
+++ b/adm/visit_delete_update.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'd');
+auth_check_menu($auth, $sub_menu, 'd');
 
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
@@ -56,5 +56,4 @@ $sql = " select count(*) as cnt from {$g5['visit_table']} ";
 $row = sql_fetch($sql);
 $total_count2 = $row['cnt'];
 
-alert('총 '.number_format($total_count).'건 중 '.number_format($total_count - $total_count2).'건 삭제 완료', './visit_delete.php');
-?>
\ No newline at end of file
+alert('총 '.number_format($total_count).'건 중 '.number_format($total_count - $total_count2).'건 삭제 완료', './visit_delete.php');
\ No newline at end of file
diff --git a/adm/visit_device.php b/adm/visit_device.php
index df2362bcd..2fed093dc 100644
--- a/adm/visit_device.php
+++ b/adm/visit_device.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '기기별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 5;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select * from {$g5['visit_table']}
           where vi_date between '$fr_date' and '$to_date' ";
 $result = sql_query($sql);
@@ -19,7 +24,11 @@ while ($row=sql_fetch_array($result)) {
     if(!$s)
         $s = '기타';
 
-    $arr[$s]++;
+    if( isset($arr[$s]) ){
+        $arr[$s]++;
+    } else {
+        $arr[$s] = 1;
+    }
 
     if ($arr[$s] > $max) $max = $arr[$s];
 
@@ -97,5 +106,4 @@ while ($row=sql_fetch_array($result)) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_domain.php b/adm/visit_domain.php
index 348a87c63..81e9b6801 100644
--- a/adm/visit_domain.php
+++ b/adm/visit_domain.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '도메인별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,15 +14,22 @@ $colspan = 5;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select * from {$g5['visit_table']}
             where vi_date between '{$fr_date}' and '{$to_date}' ";
 $result = sql_query($sql);
 while ($row=sql_fetch_array($result)) {
     $str = $row['vi_referer'];
     preg_match("/^http[s]*:\/\/([\.\-\_0-9a-zA-Z]*)\//", $str, $match);
-    $s = $match[1];
+    $s = isset($match[1]) ? $match[1] : 0;
     $s = preg_replace("/^(www\.|search\.|dirsearch\.|dir\.search\.|dir\.|kr\.search\.|myhome\.)(.*)/", "\\2", $s);
-    $arr[$s]++;
+
+    if( isset($arr[$s]) ){
+        $arr[$s]++;
+    } else {
+        $arr[$s] = 1;
+    }
 
     if ($arr[$s] > $max) $max = $arr[$s];
 
@@ -100,5 +110,4 @@ while ($row=sql_fetch_array($result)) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_hour.php b/adm/visit_hour.php
index ba4f13479..e13392221 100644
--- a/adm/visit_hour.php
+++ b/adm/visit_hour.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '시간별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 4;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select SUBSTRING(vi_time,1,2) as vi_hour, count(vi_id) as cnt
             from {$g5['visit_table']}
             where vi_date between '{$fr_date}' and '{$to_date}'
@@ -50,7 +55,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
     if ($i) {
         for ($i=0; $i<24; $i++) {
             $hour = sprintf("%02d", $i);
-            $count = (int)$arr[$hour];
+            $count = isset($arr[$hour]) ? (int) $arr[$hour] : 0;
 
             $rate = ($count / $sum_count * 100);
             $s_rate = number_format($rate, 1);
@@ -78,5 +83,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_list.php b/adm/visit_list.php
index 46744e99f..54a313edf 100644
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '접속자집계';
 include_once('./visit.sub.php');
@@ -114,5 +117,4 @@ $qstr .= "&amp;page=";
 $pagelist = get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr");
 echo $pagelist;
 
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_month.php b/adm/visit_month.php
index 5524f74c0..390419f1c 100644
--- a/adm/visit_month.php
+++ b/adm/visit_month.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '월별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 4;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select SUBSTRING(vs_date,1,7) as vs_month, SUM(vs_count) as cnt
             from {$g5['visit_sum_table']}
             where vs_date between '{$fr_date}' and '{$to_date}'
@@ -86,5 +91,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_os.php b/adm/visit_os.php
index 183604ab5..17fb7ed13 100644
--- a/adm/visit_os.php
+++ b/adm/visit_os.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = 'OS별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 5;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select * from {$g5['visit_table']}
           where vi_date between '$fr_date' and '$to_date' ";
 $result = sql_query($sql);
@@ -19,7 +24,11 @@ while ($row=sql_fetch_array($result)) {
     if(!$s)
         $s = get_os($row['vi_agent']);
 
-    $arr[$s]++;
+    if( isset($arr[$s]) ){
+        $arr[$s]++;
+    } else {
+        $arr[$s] = 1;
+    }
 
     if ($arr[$s] > $max) $max = $arr[$s];
 
@@ -97,5 +106,4 @@ while ($row=sql_fetch_array($result)) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_search.php b/adm/visit_search.php
index 524f2026f..21b803d4e 100644
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@@ -3,7 +3,7 @@ $sub_menu = '200810';
 include_once('./_common.php');
 include_once(G5_PATH.'/lib/visit.lib.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = '접속자검색';
 include_once('./admin.head.php');
@@ -122,6 +122,7 @@ if(isset($sfl) && $sfl && !in_array($sfl, array('vi_ip','vi_date','vi_time','vi_
 </div>
 
 <?php
+$domain = isset($domain) ? $domain : '';
 $pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;domain='.$domain.'&amp;page=');
 if ($pagelist) {
     echo $pagelist;
@@ -150,5 +151,4 @@ function fvisit_submit(f)
 </script>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_week.php b/adm/visit_week.php
index 5ebccac2d..036e20844 100644
--- a/adm/visit_week.php
+++ b/adm/visit_week.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '요일별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 4;
 $weekday = array ('월', '화', '수', '목', '금', '토', '일');
 
 $sum_count = 0;
+$arr = array();
+
 $sql = " select WEEKDAY(vs_date) as weekday_date, SUM(vs_count) as cnt
             from {$g5['visit_sum_table']}
             where vs_date between '{$fr_date}' and '{$to_date}'
@@ -47,7 +52,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
     $k = 0;
     if ($i) {
         for ($i=0; $i<7; $i++) {
-            $count = (int)$arr[$i];
+            $count = isset($arr[$i]) ? (int) $arr[$i] : 0;
 
             $rate = ($count / $sum_count * 100);
             $s_rate = number_format($rate, 1);
@@ -77,5 +82,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/visit_year.php b/adm/visit_year.php
index 1d42e1512..226fe962c 100644
--- a/adm/visit_year.php
+++ b/adm/visit_year.php
@@ -2,7 +2,10 @@
 $sub_menu = "200800";
 include_once('./_common.php');
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
+
+$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : G5_TIME_YMD;
+$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : G5_TIME_YMD;
 
 $g5['title'] = '연도별 접속자집계';
 include_once('./visit.sub.php');
@@ -11,6 +14,8 @@ $colspan = 4;
 
 $max = 0;
 $sum_count = 0;
+$arr = array();
+
 $sql = " select SUBSTRING(vs_date,1,4) as vs_year, SUM(vs_count) as cnt
             from {$g5['visit_sum_table']}
             where vs_date between '{$fr_date}' and '{$to_date}'
@@ -82,5 +87,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 </div>
 
 <?php
-include_once('./admin.tail.php');
-?>
+include_once('./admin.tail.php');
\ No newline at end of file
diff --git a/adm/write_count.php b/adm/write_count.php
index c37271627..fe6f12732 100644
--- a/adm/write_count.php
+++ b/adm/write_count.php
@@ -4,11 +4,14 @@ include_once('./_common.php');
 
 check_demo();
 
-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');
 
 $g5['title'] = '글,댓글 현황';
 include_once ('./admin.head.php');
 
+$graph = isset($_GET['graph']) ? clean_xss_tags($_GET['graph'], 1, 1) : '';
+$period = isset($_GET['period']) ? clean_xss_tags($_GET['period'], 1, 1) : '';
+
 // http://www.jqplot.com/
 add_stylesheet('<link rel="stylesheet" href="'.G5_PLUGIN_URL.'/jqplot/jquery.jqplot.css">', 1);
 add_javascript('<script src="'.G5_PLUGIN_URL.'/jqplot/jquery.jqplot.js"></script>', 1);
@@ -75,6 +78,8 @@ $sql_bo_table = '';
 if ($bo_table)
     $sql_bo_table = "and bo_table = '$bo_table'";
 
+$line1 = $line2 = array();
+
 switch ($day) {
     case '시간' :
         $sql = " select substr(bn_datetime,6,8) as hours, sum(if(wr_id=wr_parent,1,0)) as wcount, sum(if(wr_id=wr_parent,0,1)) as ccount from {$g5['board_new_table']} where substr(bn_datetime,1,10) between '$from' and '$to' {$sql_bo_table} group by hours order by bn_datetime ";
@@ -175,8 +180,8 @@ if (empty($line1) || empty($line2)) {
 <div id="chart1" style="height:500px; width:100%;"></div>
 <script>
 $(document).ready(function(){
-    var line1 = [<?php echo implode($line1, ','); ?>];
-    var line2 = [<?php echo implode($line2, ','); ?>];
+    var line1 = [<?php echo implode(',', $line1); ?>];
+    var line2 = [<?php echo implode(',', $line2); ?>];
     var plot1 = $.jqplot ('chart1', [line1, line2], {
             seriesDefaults: {
                 <?php if ($graph == 'bar') { ?>
@@ -205,5 +210,4 @@ $(document).ready(function(){
 ?>
 </div>
 <?php
-include_once ('./admin.tail.php');
-?>
\ No newline at end of file
+include_once ('./admin.tail.php');
\ No newline at end of file
diff --git a/bbs/_common.php b/bbs/_common.php
index c30dfcc0f..52d973b77 100644
--- a/bbs/_common.php
+++ b/bbs/_common.php
@@ -7,5 +7,4 @@ if(defined('G5_COMMUNITY_USE') && G5_COMMUNITY_USE === false) {
         die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 
     define('_SHOP_', true);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/_head.php b/bbs/_head.php
index c9bf5a4fb..800dc49c0 100644
--- a/bbs/_head.php
+++ b/bbs/_head.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
-include_once(G5_PATH.'/_head.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/_head.php');
\ No newline at end of file
diff --git a/bbs/_head.sub.php b/bbs/_head.sub.php
index dc569a49e..1194083c5 100644
--- a/bbs/_head.sub.php
+++ b/bbs/_head.sub.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
-include_once(G5_PATH.'/head.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/head.sub.php');
\ No newline at end of file
diff --git a/bbs/_tail.php b/bbs/_tail.php
index ab638fe9c..d7cff79b4 100644
--- a/bbs/_tail.php
+++ b/bbs/_tail.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
-include_once(G5_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/bbs/_tail.sub.php b/bbs/_tail.sub.php
index 7d695a4aa..fd6db23b8 100644
--- a/bbs/_tail.sub.php
+++ b/bbs/_tail.sub.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php
index cb31f0451..1e01c798a 100644
--- a/bbs/ajax.autosave.php
+++ b/bbs/ajax.autosave.php
@@ -3,9 +3,9 @@ include_once('./_common.php');
 
 if (!$is_member) die('0');
 
-$uid     = trim($_REQUEST['uid']);
-$subject = trim($_REQUEST['subject']);
-$content = trim($_REQUEST['content']);
+$uid     = isset($_REQUEST['uid']) ? preg_replace('/[^0-9]/', '', $_REQUEST['uid']) : 0;
+$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
+$content = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : '';
 
 if ($subject && $content) {
     $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";
@@ -16,5 +16,4 @@ if ($subject && $content) {
 
         echo autosave_count($member['mb_id']);
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/ajax.autosavedel.php b/bbs/ajax.autosavedel.php
index 1742fd408..27cd2d1e5 100644
--- a/bbs/ajax.autosavedel.php
+++ b/bbs/ajax.autosavedel.php
@@ -3,7 +3,7 @@ include_once("./_common.php");
 
 if (!$is_member) die("0");
 
-$as_id = (int)$_REQUEST['as_id'];
+$as_id = isset($_REQUEST['as_id']) ? (int)$_REQUEST['as_id'] : 0;
 
 $sql = " delete from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_id = {$as_id} ";
 $result = sql_query($sql);
@@ -11,5 +11,4 @@ if (!$result) {
     echo "-1";
 }
 
-echo autosave_count($member['mb_id']);
-?>
\ No newline at end of file
+echo autosave_count($member['mb_id']);
\ No newline at end of file
diff --git a/bbs/ajax.autosavelist.php b/bbs/ajax.autosavelist.php
index b0ef3d1f9..e3b3e1da7 100644
--- a/bbs/ajax.autosavelist.php
+++ b/bbs/ajax.autosavelist.php
@@ -17,5 +17,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
     echo "<datetime>{$datetime}</datetime>\n";
     echo "</item>\n";
 }
-echo "</list>";
-?>
\ No newline at end of file
+echo "</list>";
\ No newline at end of file
diff --git a/bbs/ajax.autosaveload.php b/bbs/ajax.autosaveload.php
index 2e291990b..ae2b4e087 100644
--- a/bbs/ajax.autosaveload.php
+++ b/bbs/ajax.autosaveload.php
@@ -3,7 +3,7 @@ include_once('./_common.php');
 
 if (!$is_member) die('');
 
-$as_id = (int)$_REQUEST['as_id'];
+$as_id = isset($_REQUEST['as_id']) ? (int) $_REQUEST['as_id'] : 0;
 
 $sql = " select as_subject, as_content from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_id = {$as_id} ";
 $row = sql_fetch($sql);
@@ -14,5 +14,4 @@ echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
 echo "<item>\n";
 echo "<subject><![CDATA[{$subject}]]></subject>\n";
 echo "<content><![CDATA[{$content}]]></content>\n";
-echo "</item>\n";
-?>
\ No newline at end of file
+echo "</item>\n";
\ No newline at end of file
diff --git a/bbs/ajax.comment_token.php b/bbs/ajax.comment_token.php
index c90b09b9e..bc3974d41 100644
--- a/bbs/ajax.comment_token.php
+++ b/bbs/ajax.comment_token.php
@@ -10,5 +10,4 @@ $token = _token();
 
 set_session($ss_name, $token);
 
-die(json_encode(array('token'=>$token)));
-?>
\ No newline at end of file
+die(json_encode(array('token'=>$token)));
\ No newline at end of file
diff --git a/bbs/ajax.filter.php b/bbs/ajax.filter.php
index c210de889..05d7bc4c6 100644
--- a/bbs/ajax.filter.php
+++ b/bbs/ajax.filter.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$subject = strip_tags($_POST['subject']);
-$content = strip_tags($_POST['content']);
+$subject = isset($_POST['subject']) ? strip_tags($_POST['subject']) : '';
+$content = isset($_POST['content']) ? strip_tags($_POST['content']) : '';
 
 //$filter = explode(",", strtolower(trim($config['cf_filter'])));
 // strtolower 에 의한 한글 변형으로 아래 코드로 대체 (곱슬최씨님이 알려 주셨습니다.)
@@ -27,5 +27,4 @@ for ($i=0; $i<count($filter); $i++) {
     }
 }
 
-die("{\"subject\":\"$subj\",\"content\":\"$cont\"}");
-?>
\ No newline at end of file
+die("{\"subject\":\"$subj\",\"content\":\"$cont\"}");
\ No newline at end of file
diff --git a/bbs/ajax.mb_email.php b/bbs/ajax.mb_email.php
index 21a7df62c..f3572b619 100644
--- a/bbs/ajax.mb_email.php
+++ b/bbs/ajax.mb_email.php
@@ -2,8 +2,8 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/register.lib.php');
 
-$mb_email = trim($_POST['reg_mb_email']);
-$mb_id    = trim($_POST['reg_mb_id']);
+$mb_email = isset($_POST['reg_mb_email']) ? trim($_POST['reg_mb_email']) : '';
+$mb_id    = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
 
 set_session('ss_check_mb_email', '');
 
@@ -12,5 +12,4 @@ if ($msg = valid_mb_email($mb_email)) die($msg);
 if ($msg = prohibit_mb_email($mb_email)) die($msg);
 if ($msg = exist_mb_email($mb_email, $mb_id)) die($msg);
 
-set_session('ss_check_mb_email', $mb_email);
-?>
\ No newline at end of file
+set_session('ss_check_mb_email', $mb_email);
\ No newline at end of file
diff --git a/bbs/ajax.mb_hp.php b/bbs/ajax.mb_hp.php
index eeeef8816..ab9e57570 100644
--- a/bbs/ajax.mb_hp.php
+++ b/bbs/ajax.mb_hp.php
@@ -2,9 +2,8 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/register.lib.php');
 
-$mb_hp   = trim($_POST['reg_mb_hp']);
-$mb_id   = trim($_POST['reg_mb_id']);
+$mb_hp   = isset($_POST['reg_mb_hp']) ? trim($_POST['reg_mb_hp']) : '';
+$mb_id   = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
 
 if ($msg = valid_mb_hp($mb_hp)) die($msg);
-//if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg);
-?>
\ No newline at end of file
+//if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg);
\ No newline at end of file
diff --git a/bbs/ajax.mb_id.php b/bbs/ajax.mb_id.php
index 6ab21cb3f..85498ae87 100644
--- a/bbs/ajax.mb_id.php
+++ b/bbs/ajax.mb_id.php
@@ -2,7 +2,7 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/register.lib.php');
 
-$mb_id = trim($_POST['reg_mb_id']);
+$mb_id = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
 
 set_session('ss_check_mb_id', '');
 
@@ -12,5 +12,4 @@ if ($msg = count_mb_id($mb_id))     die($msg);
 if ($msg = exist_mb_id($mb_id))     die($msg);
 if ($msg = reserve_mb_id($mb_id))   die($msg);
 
-set_session('ss_check_mb_id', $mb_id);
-?>
\ No newline at end of file
+set_session('ss_check_mb_id', $mb_id);
\ No newline at end of file
diff --git a/bbs/ajax.mb_nick.php b/bbs/ajax.mb_nick.php
index 74a289444..1bfe08642 100644
--- a/bbs/ajax.mb_nick.php
+++ b/bbs/ajax.mb_nick.php
@@ -2,8 +2,8 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/register.lib.php');
 
-$mb_nick = trim($_POST['reg_mb_nick']);
-$mb_id   = trim($_POST['reg_mb_id']);
+$mb_nick = isset($_POST['reg_mb_nick']) ? trim($_POST['reg_mb_nick']) : '';
+$mb_id   = isset($_POST['reg_mb_id']) ? trim($_POST['reg_mb_id']) : '';
 
 set_session('ss_check_mb_nick', '');
 
@@ -13,5 +13,4 @@ if ($msg = count_mb_nick($mb_nick)) die($msg);
 if ($msg = exist_mb_nick($mb_nick, $mb_id)) die($msg);
 if ($msg = reserve_mb_nick($mb_nick)) die($msg);
 
-set_session('ss_check_mb_nick', $mb_nick);
-?>
\ No newline at end of file
+set_session('ss_check_mb_nick', $mb_nick);
\ No newline at end of file
diff --git a/bbs/ajax.mb_recommend.php b/bbs/ajax.mb_recommend.php
index c19470fa0..c42af0c6e 100644
--- a/bbs/ajax.mb_recommend.php
+++ b/bbs/ajax.mb_recommend.php
@@ -2,12 +2,11 @@
 include_once("./_common.php");
 include_once(G5_LIB_PATH."/register.lib.php");
 
-$mb_recommend = trim($_POST["reg_mb_recommend"]);
+$mb_recommend = isset($_POST["reg_mb_recommend"]) ? trim($_POST["reg_mb_recommend"]) : '';
 
 if ($msg = valid_mb_id($mb_recommend)) {
     die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요.");
 }
 if (!($msg = exist_mb_id($mb_recommend))) {
     die("입력하신 추천인은 존재하지 않는 아이디 입니다.");
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/alert.php b/bbs/alert.php
index 18d5053c2..26c3700a5 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -31,8 +31,8 @@ include_once(G5_PATH.'/head.sub.php');
 $msg = isset($msg) ? strip_tags($msg) : '';
 $msg2 = str_replace("\\n", "<br>", $msg);
 
-$url = clean_xss_tags($url, 1);
-if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER'], 1);
+$url = isset($url) ? clean_xss_tags($url, 1) : '';
+if (!$url) $url = isset($_SERVER['HTTP_REFERER']) ? clean_xss_tags($_SERVER['HTTP_REFERER'], 1) : '';
 
 $url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
 $url = preg_replace('/\r\n|\r|\n|[^\x20-\x7e]/','', $url);
@@ -113,5 +113,4 @@ history.back();
 </noscript>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/alert_close.php b/bbs/alert_close.php
index 67b072f48..c0853330d 100644
--- a/bbs/alert_close.php
+++ b/bbs/alert_close.php
@@ -59,5 +59,4 @@ window.close();
 </noscript>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/board.php b/bbs/board.php
index b131a8e9f..15a969289 100644
--- a/bbs/board.php
+++ b/bbs/board.php
@@ -176,6 +176,8 @@ if ((isset($wr_id) && $wr_id) || (isset($wr_seo_title) && $wr_seo_title)) {
     $g5['title'] = $g5['board_title'].' '.$page.' 페이지';
 }
 
+$is_auth = $is_admin ? true : false;
+
 include_once(G5_PATH.'/head.sub.php');
 
 $width = $board['bo_table_width'];
@@ -240,5 +242,4 @@ include_once(G5_BBS_PATH.'/board_tail.php');
 
 echo "\n<!-- 사용스킨 : ".(G5_IS_MOBILE ? $board['bo_mobile_skin'] : $board['bo_skin'])." -->\n";
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/board_head.php b/bbs/board_head.php
index a62706a28..96508e75d 100644
--- a/bbs/board_head.php
+++ b/bbs/board_head.php
@@ -13,5 +13,4 @@ if (G5_IS_MOBILE) {
         include_once(G5_BBS_PATH.'/_head.php');
     }
     echo html_purifier(stripslashes($board['bo_content_head']));
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/board_list_update.php b/bbs/board_list_update.php
index a43924024..df04f7f37 100644
--- a/bbs/board_list_update.php
+++ b/bbs/board_list_update.php
@@ -1,21 +1,21 @@
 <?php
 include_once('./_common.php');
 
-$count = count($_POST['chk_wr_id']);
+$count = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? count($_POST['chk_wr_id']) : 0;
+$post_btn_submit = isset($_POST['btn_submit']) ? clean_xss_tags($_POST['btn_submit'], 1, 1) : '';
 
 if(!$count) {
-    alert($_POST['btn_submit'].' 하실 항목을 하나 이상 선택하세요.');
+    alert(addcslashes($post_btn_submit, '"\\/').' 하실 항목을 하나 이상 선택하세요.');
 }
 
-if($_POST['btn_submit'] == '선택삭제') {
+if($post_btn_submit === '선택삭제') {
     include './delete_all.php';
-} else if($_POST['btn_submit'] == '선택복사') {
+} else if($post_btn_submit === '선택복사') {
     $sw = 'copy';
     include './move.php';
-} else if($_POST['btn_submit'] == '선택이동') {
+} else if($post_btn_submit === '선택이동') {
     $sw = 'move';
     include './move.php';
 } else {
     alert('올바른 방법으로 이용해 주세요.');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/board_tail.php b/bbs/board_tail.php
index 436e2cc3b..9358c1b3f 100644
--- a/bbs/board_tail.php
+++ b/bbs/board_tail.php
@@ -13,5 +13,4 @@ if (G5_IS_MOBILE) {
     } else {    //파일경로가 올바르지 않으면 기본파일을 가져옴
         include_once(G5_BBS_PATH.'/_tail.php');
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/confirm.php b/bbs/confirm.php
index 1d54d1384..ffdc3f738 100644
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@@ -5,13 +5,16 @@ include_once(G5_PATH.'/head.sub.php');
 $pattern1 = "/[\<\>\'\"\\\'\\\"\(\)]/";
 $pattern2 = "/\r\n|\r|\n|[^\x20-\x7e]/";
 
-$url1 = preg_replace($pattern1, "", clean_xss_tags($url1, 1));
+$url1 = isset($url1) ? preg_replace($pattern1, "", clean_xss_tags($url1, 1)) : '';
 $url1 = preg_replace($pattern2, "", $url1);
-$url2 = preg_replace($pattern1, "", clean_xss_tags($url2, 1));
+$url2 = isset($url2) ? preg_replace($pattern1, "", clean_xss_tags($url2, 1)) : '';
 $url2 = preg_replace($pattern2, "", $url2);
-$url3 = preg_replace($pattern1, "", clean_xss_tags($url3, 1));
+$url3 = isset($url3) ? preg_replace($pattern1, "", clean_xss_tags($url3, 1)) : '';
 $url3 = preg_replace($pattern2, "", $url3);
 
+$msg = isset($msg) ? $msg : '';
+$header = isset($header) ? $msg : '';
+
 // url 체크
 check_url_host($url1);
 check_url_host($url2);
@@ -46,5 +49,4 @@ if (confirm(conf)) {
 </noscript>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/content.php b/bbs/content.php
index b2d8abdf2..40ab666d6 100644
--- a/bbs/content.php
+++ b/bbs/content.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
+$co_id = isset($_GET['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_GET['co_id']) : 0;
 
 //dbconfig파일에 $g5['content_table'] 배열변수가 있는지 체크
 if( !isset($g5['content_table']) ){
@@ -40,35 +40,35 @@ $co['co_tag_filter_use'] = 1;
 $str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']);
 
 // $src 를 $dst 로 변환
-unset($src);
-unset($dst);
+$src = $dst = array();
 $src[] = "/{{쇼핑몰명}}|{{홈페이지제목}}/";
 $dst[] = $config['cf_title'];
-$src[] = "/{{회사명}}|{{상호}}/";
-$dst[] = $default['de_admin_company_name'];
-$src[] = "/{{대표자명}}/";
-$dst[] = $default['de_admin_company_owner'];
-$src[] = "/{{사업자등록번호}}/";
-$dst[] = $default['de_admin_company_saupja_no'];
-$src[] = "/{{대표전화번호}}/";
-$dst[] = $default['de_admin_company_tel'];
-$src[] = "/{{팩스번호}}/";
-$dst[] = $default['de_admin_company_fax'];
-$src[] = "/{{통신판매업신고번호}}/";
-$dst[] = $default['de_admin_company_tongsin_no'];
-$src[] = "/{{사업장우편번호}}/";
-$dst[] = $default['de_admin_company_zip'];
-$src[] = "/{{사업장주소}}/";
-$dst[] = $default['de_admin_company_addr'];
-$src[] = "/{{운영자명}}|{{관리자명}}/";
-$dst[] = $default['de_admin_name'];
-$src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
-$dst[] = $default['de_admin_email'];
-$src[] = "/{{정보관리책임자명}}/";
-$dst[] = $default['de_admin_info_name'];
-$src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
-$dst[] = $default['de_admin_info_email'];
-
+if(isset($default) && isset($default['de_admin_company_name'])){
+    $src[] = "/{{회사명}}|{{상호}}/";
+    $dst[] = $default['de_admin_company_name'];
+    $src[] = "/{{대표자명}}/";
+    $dst[] = $default['de_admin_company_owner'];
+    $src[] = "/{{사업자등록번호}}/";
+    $dst[] = $default['de_admin_company_saupja_no'];
+    $src[] = "/{{대표전화번호}}/";
+    $dst[] = $default['de_admin_company_tel'];
+    $src[] = "/{{팩스번호}}/";
+    $dst[] = $default['de_admin_company_fax'];
+    $src[] = "/{{통신판매업신고번호}}/";
+    $dst[] = $default['de_admin_company_tongsin_no'];
+    $src[] = "/{{사업장우편번호}}/";
+    $dst[] = $default['de_admin_company_zip'];
+    $src[] = "/{{사업장주소}}/";
+    $dst[] = $default['de_admin_company_addr'];
+    $src[] = "/{{운영자명}}|{{관리자명}}/";
+    $dst[] = $default['de_admin_name'];
+    $src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
+    $dst[] = $default['de_admin_email'];
+    $src[] = "/{{정보관리책임자명}}/";
+    $dst[] = $default['de_admin_info_name'];
+    $src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
+    $dst[] = $default['de_admin_info_email'];
+}
 $str = preg_replace($src, $dst, $str);
 
 // 스킨경로
@@ -101,5 +101,4 @@ if(is_file($skin_file)) {
 if ($co['co_include_tail'] && is_include_path_check($co['co_include_tail']))
     @include_once($co['co_include_tail']);
 else
-    include_once('./_tail.php');
-?>
+    include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 5ad0e2a4e..38650a622 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -29,5 +29,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 
 include_once($connect_skin_path.'/current_connect.skin.php');
 
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/db_table.optimize.php b/bbs/db_table.optimize.php
index 97a2fd8fa..58345832d 100644
--- a/bbs/db_table.optimize.php
+++ b/bbs/db_table.optimize.php
@@ -65,5 +65,4 @@ if($captcha_mp3 && is_array($captcha_mp3)) {
 // 실행일 기록
 if(isset($config['cf_optimize_date'])) {
     sql_query(" update {$g5['config_table']} set cf_optimize_date = '".G5_TIME_YMD."' ");
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/delete.php b/bbs/delete.php
index 1c28e9fcd..720174e61 100644
--- a/bbs/delete.php
+++ b/bbs/delete.php
@@ -140,5 +140,4 @@ delete_cache_latest($bo_table);
 
 run_event('bbs_delete', $write, $board);
 
-goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
-?>
+goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
\ No newline at end of file
diff --git a/bbs/delete_all.php b/bbs/delete_all.php
index 178cca355..10a3f302e 100644
--- a/bbs/delete_all.php
+++ b/bbs/delete_all.php
@@ -14,7 +14,7 @@ $tmp_array = array();
 if ($wr_id) // 건별삭제
     $tmp_array[0] = $wr_id;
 else // 일괄삭제
-    $tmp_array = $_POST['chk_wr_id'];
+    $tmp_array = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? $_POST['chk_wr_id'] : array();
 
 $chk_count = count($tmp_array);
 
@@ -161,5 +161,4 @@ delete_cache_latest($bo_table);
 
 run_event('bbs_delete_all', $tmp_array, $board);
 
-goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
-?>
+goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;page='.$page.$qstr));
\ No newline at end of file
diff --git a/bbs/delete_comment.php b/bbs/delete_comment.php
index 44a6c1387..c23412939 100644
--- a/bbs/delete_comment.php
+++ b/bbs/delete_comment.php
@@ -2,7 +2,7 @@
 // 코멘트 삭제
 include_once('./_common.php');
 
-$comment_id = (int) $comment_id;
+$comment_id = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0;
 
 $delete_comment_token = get_session('ss_delete_comment_'.$comment_id.'_token');
 set_session('ss_delete_comment_'.$comment_id.'_token', '');
@@ -88,5 +88,4 @@ delete_cache_latest($bo_table);
 
 run_event('bbs_delete_comment', $comment_id, $board);
 
-goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr));
-?>
+goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;wr_id='.$write['wr_parent'].'&amp;page='.$page. $qstr));
\ No newline at end of file
diff --git a/bbs/download.php b/bbs/download.php
index 60e0a7dc2..504595b74 100644
--- a/bbs/download.php
+++ b/bbs/download.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 // clean the output buffer
 ob_end_clean();
 
-$no = (int)$no;
+$no = isset($_REQUEST['no']) ? (int) $_REQUEST['no'] : 0;
 
 @include_once($board_skin_path.'/download.head.skin.php');
 
@@ -26,7 +26,7 @@ if (!$file['bf_file'])
 if($js != 'on' && $board['bo_download_point'] < 0) {
     $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
     $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';
-    $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);
+    $url2 = isset($_SERVER['HTTP_REFERER']) ? clean_xss_tags($_SERVER['HTTP_REFERER']) : '';
     
     if( $url2 && stripos($url2, $_SERVER['REQUEST_URI']) !== false ){
         $url2 = G5_BBS_URL.'/board.php?'.clean_query_string($_SERVER['QUERY_STRING'], false);
@@ -150,5 +150,4 @@ while(!feof($fp)) {
     usleep(1000);
 }
 fclose ($fp);
-flush();
-?>
+flush();
\ No newline at end of file
diff --git a/bbs/email_certify.php b/bbs/email_certify.php
index 83465e706..e314ff24e 100644
--- a/bbs/email_certify.php
+++ b/bbs/email_certify.php
@@ -4,8 +4,8 @@ include_once('./_common.php');
 // 봇의 메일 링크 크롤링을 방지합니다.
 if(function_exists('check_mail_bot')){ check_mail_bot($_SERVER['REMOTE_ADDR']); }
 
-$mb_id  = trim($_GET['mb_id']);
-$mb_md5 = trim($_GET['mb_md5']);
+$mb_id  = isset($_GET['mb_id']) ? trim($_GET['mb_id']) : '';
+$mb_md5 = isset($_GET['mb_md5']) ? trim($_GET['mb_md5']) : '';
 
 $sql = " select mb_id, mb_email_certify2, mb_leave_date, mb_intercept_date from {$g5['member_table']} where mb_id = '{$mb_id}' ";
 $row = sql_fetch($sql);
@@ -33,5 +33,4 @@ if ($mb_md5)
     }
 }
 
-alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
-?>
\ No newline at end of file
+alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
\ No newline at end of file
diff --git a/bbs/email_stop.php b/bbs/email_stop.php
index 3635bb361..0a17ec707 100644
--- a/bbs/email_stop.php
+++ b/bbs/email_stop.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$mb_id = isset($_REQUEST['mb_id']) ? clean_xss_tags($_REQUEST['mb_id'], 1, 1) : '';
+
 $sql = " select mb_id, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' ";
 $row = sql_fetch($sql);
 if (!$row['mb_id'])
@@ -15,5 +17,4 @@ if ($mb_md5) {
     }
 }
 
-alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
-?>
\ No newline at end of file
+alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
\ No newline at end of file
diff --git a/bbs/faq.php b/bbs/faq.php
index ce6ea356d..d34da00f2 100644
--- a/bbs/faq.php
+++ b/bbs/faq.php
@@ -13,11 +13,11 @@ $result = sql_query($sql);
 while ($row=sql_fetch_array($result))
 {
     $key = $row['fm_id'];
-    if (!$fm_id) $fm_id = $key;
+    if (!isset($fm_id)) $fm_id = $key;
     $faq_master_list[$key] = $row;
 }
 
-if ($fm_id){
+if (isset($fm_id) && $fm_id){
     $qstr .= '&amp;fm_id=' . $fm_id; // 마스터faq key_id
 }
 
@@ -94,5 +94,4 @@ if(is_file($skin_file)) {
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
 }
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/formmail.php b/bbs/formmail.php
index 3415623a5..d7f434c25 100644
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@@ -52,5 +52,4 @@ $type_checked[$type] = 'checked';
 
 include_once($member_skin_path.'/formmail.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/formmail_send.php b/bbs/formmail_send.php
index b36feed06..76fab9eea 100644
--- a/bbs/formmail_send.php
+++ b/bbs/formmail_send.php
@@ -55,5 +55,4 @@ include_once(G5_PATH.'/head.sub.php');
 
 alert_close('메일을 정상적으로 발송하였습니다.');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/good.php b/bbs/good.php
index 6f82443f3..7627c5aa3 100644
--- a/bbs/good.php
+++ b/bbs/good.php
@@ -159,5 +159,4 @@ if(isset($_POST['js']) && $_POST['js'] === "on") {
 
 run_event('bbs_good_after', $bo_table, $wr_id, $good);
 
-@include_once($board_skin_path.'/good.tail.skin.php');
-?>
\ No newline at end of file
+@include_once($board_skin_path.'/good.tail.skin.php');
\ No newline at end of file
diff --git a/bbs/group.php b/bbs/group.php
index 62ede7705..d202a181e 100644
--- a/bbs/group.php
+++ b/bbs/group.php
@@ -55,5 +55,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 </div>
 <?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/link.php b/bbs/link.php
index e74536ca9..7fbc19a4a 100644
--- a/bbs/link.php
+++ b/bbs/link.php
@@ -3,6 +3,8 @@ include_once('./_common.php');
 
 $html_title = '링크 &gt; '.conv_subject($write['wr_subject'], 255);
 
+$no = isset($_REQUEST['no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['no']) : '';
+
 if (!($bo_table && $wr_id && $no))
     alert_close('값이 제대로 넘어오지 않았습니다.');
 
@@ -23,5 +25,4 @@ if (empty($_SESSION[$ss_name]))
     set_session($ss_name, true);
 }
 
-goto_url(set_http($write['wr_link'.$no]));
-?>
\ No newline at end of file
+goto_url(set_http($write['wr_link'.$no]));
\ No newline at end of file
diff --git a/bbs/list.php b/bbs/list.php
index 58961c364..bbe61e3e6 100644
--- a/bbs/list.php
+++ b/bbs/list.php
@@ -104,7 +104,7 @@ if (!$is_search_bbs) {
 
         $list[$i] = get_list($row, $board, $board_skin_url, G5_IS_MOBILE ? $board['bo_mobile_subject_len'] : $board['bo_subject_len']);
         $list[$i]['is_notice'] = true;
-
+        $list[$i]['num'] = 0;
         $i++;
         $notice_count++;
 
@@ -252,5 +252,4 @@ if ($board['bo_use_rss_view']) {
 }
 
 $stx = get_text(stripslashes($stx));
-include_once($board_skin_path.'/list.skin.php');
-?>
+include_once($board_skin_path.'/list.skin.php');
\ No newline at end of file
diff --git a/bbs/login.php b/bbs/login.php
index 3bfb79390..43a5b24e5 100644
--- a/bbs/login.php
+++ b/bbs/login.php
@@ -8,7 +8,8 @@ if( function_exists('social_check_login_before') ){
 $g5['title'] = '로그인';
 include_once('./_head.sub.php');
 
-$url = strip_tags($_GET['url']);
+$url = isset($_GET['url']) ? strip_tags($_GET['url']) : '';
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
 // url 체크
 check_url_host($url);
@@ -33,5 +34,4 @@ include_once($member_skin_path.'/login.skin.php');
 
 run_event('member_login_tail', $login_url, $login_action_url, $member_skin_path, $url);
 
-include_once('./_tail.sub.php');
-?>
+include_once('./_tail.sub.php');
\ No newline at end of file
diff --git a/bbs/login_check.php b/bbs/login_check.php
index 23a8ed7e6..38b216542 100644
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@@ -3,8 +3,8 @@ include_once('./_common.php');
 
 $g5['title'] = "로그인 검사";
 
-$mb_id       = trim($_POST['mb_id']);
-$mb_password = trim($_POST['mb_password']);
+$mb_id       = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
+$mb_password = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
 
 run_event('member_login_check_before', $mb_id);
 
@@ -31,7 +31,7 @@ if(function_exists('social_is_login_check')){
 // 가입된 회원이 아니다. 비밀번호가 틀리다. 라는 메세지를 따로 보여주지 않는 이유는
 // 회원아이디를 입력해 보고 맞으면 또 비밀번호를 입력해보는 경우를 방지하기 위해서입니다.
 // 불법사용자의 경우 회원아이디가 틀린지, 비밀번호가 틀린지를 알기까지는 많은 시간이 소요되기 때문입니다.
-if (!$is_social_password_check && (!$mb['mb_id'] || !login_password_check($mb, $mb_password, $mb['mb_password'])) ) {
+if (!$is_social_password_check && (! (isset($mb['mb_id']) && $mb['mb_id']) || !login_password_check($mb, $mb_password, $mb['mb_password'])) ) {
 
     run_event('password_is_wrong', 'login', $mb);
 
@@ -75,7 +75,7 @@ if($config['cf_use_point']) {
 
 // 3.26
 // 아이디 쿠키에 한달간 저장
-if ($auto_login) {
+if (isset($auto_login) && $auto_login) {
     // 3.27
     // 자동로그인 ---------------------------
     // 쿠키 한달간 저장
@@ -159,5 +159,4 @@ if( is_admin($mb['mb_id']) && is_dir(G5_DATA_PATH.'/tmp/') ){
     }
 }
 
-goto_url($link);
-?>
+goto_url($link);
\ No newline at end of file
diff --git a/bbs/logout.php b/bbs/logout.php
index 1d3399354..a6e33a2c9 100644
--- a/bbs/logout.php
+++ b/bbs/logout.php
@@ -39,5 +39,4 @@ if ($url) {
 
 run_event('member_logout', $link);
 
-goto_url($link);
-?>
+goto_url($link);
\ No newline at end of file
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index dcfbfec7a..4c2f104a1 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -11,7 +11,7 @@ else
     $urlencode = urlencode($_SERVER[REQUEST_URI]);
 */
 
-$url = clean_xss_tags($_GET['url']);
+$url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
 
 //소셜 로그인 한 경우
 if( function_exists('social_member_comfirm_redirect') && (! $url || $url === 'register_form.php' || (function_exists('social_is_edit_page') && social_is_edit_page($url) ) ) ){    
@@ -37,5 +37,4 @@ $url = get_text($url);
 
 include_once($member_skin_path.'/member_confirm.skin.php');
 
-include_once('./_tail.sub.php');
-?>
+include_once('./_tail.sub.php');
\ No newline at end of file
diff --git a/bbs/member_leave.php b/bbs/member_leave.php
index 139fb1a0a..bda999408 100644
--- a/bbs/member_leave.php
+++ b/bbs/member_leave.php
@@ -7,7 +7,9 @@ if (!$member['mb_id'])
 if ($is_admin == 'super')
     alert('최고 관리자는 탈퇴할 수 없습니다');
 
-if (!($_POST['mb_password'] && check_password($_POST['mb_password'], $member['mb_password'])))
+$post_mb_password = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
+
+if (!($post_mb_password && check_password($post_mb_password, $member['mb_password'])))
     alert('비밀번호가 틀립니다.');
 
 // 회원탈퇴일을 저장
@@ -26,5 +28,4 @@ if(function_exists('social_member_link_delete')){
     social_member_link_delete($member['mb_id']);
 }
 
-alert(''.$member['mb_nick'].'님께서는 '. date("Y년 m월 d일") .'에 회원에서 탈퇴 하셨습니다.', $url);
-?>
+alert(''.$member['mb_nick'].'님께서는 '. date("Y년 m월 d일") .'에 회원에서 탈퇴 하셨습니다.', $url);
\ No newline at end of file
diff --git a/bbs/memo.php b/bbs/memo.php
index 7de13908b..8dc446c13 100644
--- a/bbs/memo.php
+++ b/bbs/memo.php
@@ -9,7 +9,7 @@ set_session('ss_memo_delete_token', $token = uniqid(time()));
 $g5['title'] = '내 쪽지함';
 include_once(G5_PATH.'/head.sub.php');
 
-$kind = $kind ? clean_xss_tags(strip_tags($kind)) : 'recv';
+$kind = isset($_GET['kind']) ? clean_xss_tags($_GET['kind'], 0, 1) : 'recv';
 
 if ($kind == 'recv')
     $unkind = 'send';
@@ -83,5 +83,4 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c
 
 include_once($member_skin_path.'/memo.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/memo_delete.php b/bbs/memo_delete.php
index 4d5278e59..81f195ac7 100644
--- a/bbs/memo_delete.php
+++ b/bbs/memo_delete.php
@@ -10,7 +10,7 @@ set_session('ss_memo_delete_token', '');
 if (!($token && $delete_token == $token))
     alert('토큰 에러로 삭제 불가합니다.');
 
-$me_id = (int)$_REQUEST['me_id'];
+$me_id = isset($_REQUEST['me_id']) ? (int) $_REQUEST['me_id'] : 0;
 
 $sql = " select * from {$g5['memo_table']} where me_id = '{$me_id}' ";
 $row = sql_fetch($sql);
@@ -34,5 +34,4 @@ if (!$row['me_read_datetime'][0]) // 메모 받기전이면
 
 run_event('memo_delete', $me_id, $row);
 
-goto_url('./memo.php?kind='.$kind);
-?>
+goto_url('./memo.php?kind='.$kind);
\ No newline at end of file
diff --git a/bbs/memo_form.php b/bbs/memo_form.php
index 4ada2ccc3..7c46e98bc 100644
--- a/bbs/memo_form.php
+++ b/bbs/memo_form.php
@@ -9,6 +9,8 @@ if (!$member['mb_open'] && $is_admin != 'super' && $member['mb_id'] != $mb_id)
     alert_close("자신의 정보를 공개하지 않으면 다른분에게 쪽지를 보낼 수 없습니다. 정보공개 설정은 회원정보수정에서 하실 수 있습니다.");
 
 $content = "";
+$me_recv_mb_id = isset($_GET['me_recv_mb_id']) ? clean_xss_tags($_GET['me_recv_mb_id'], 1, 1) : '';
+
 // 탈퇴한 회원에게 쪽지 보낼 수 없음
 if ($me_recv_mb_id)
 {
@@ -38,5 +40,4 @@ include_once(G5_PATH.'/head.sub.php');
 $memo_action_url = G5_HTTPS_BBS_URL."/memo_form_update.php";
 include_once($member_skin_path.'/memo_form.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/memo_form_update.php b/bbs/memo_form_update.php
index f95526e76..42263fce5 100644
--- a/bbs/memo_form_update.php
+++ b/bbs/memo_form_update.php
@@ -9,7 +9,7 @@ if (!chk_captcha()) {
     alert('자동등록방지 숫자가 틀렸습니다.');
 }
 
-$recv_list = explode(',', trim($_POST['me_recv_mb_id']));
+$recv_list = isset($_POST['me_recv_mb_id']) ? explode(',', trim($_POST['me_recv_mb_id'])) : array();
 $str_nick_list = '';
 $msg = '';
 $error_list  = array();
@@ -104,5 +104,4 @@ if ($member_list) {
     run_event('memo_form_update_failed', $member_list, $redirect_url, $_POST['me_memo']);
 
     alert("회원아이디 오류 같습니다.", $redirect_url, false);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/memo_view.php b/bbs/memo_view.php
index be6bebc4f..441f05291 100644
--- a/bbs/memo_view.php
+++ b/bbs/memo_view.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 if (!$is_member)
     alert('회원만 이용하실 수 있습니다.');
 
-$me_id = (int)$_REQUEST['me_id'];
+$me_id = isset($_REQUEST['me_id']) ? (int) $_REQUEST['me_id'] : 0;
 
 if ($kind == 'recv')
 {
@@ -46,7 +46,7 @@ include_once(G5_PATH.'/head.sub.php');
 $sql = " select me.*, a.rownum from `{$g5['memo_table']}` as me inner join ( select me_id , (@rownum:=@rownum+1) as rownum from `{$g5['memo_table']}` as memo, (select @rownum:=0) tmp where me_{$kind}_mb_id = '{$member['mb_id']}' and memo.me_type = '$kind' order by me_id desc ) as a on a.me_id = me.me_id where me.me_id < '$me_id' and me.me_{$kind}_mb_id = '{$member['mb_id']}' and me.me_type = '$kind' order by me.me_id desc limit 1 ";
 
 $prev = sql_fetch($sql);
-if ($prev['me_id']) {
+if (isset($prev['me_id']) && $prev['me_id']) {
     $prev_link = './memo_view.php?kind='.$kind.'&amp;me_id='.$prev['me_id'];
     $prev['page']  = ceil( (int)$prev['rownum'] / $config['cf_page_rows']);  // 이동할 페이지 계산
     if( (int)$prev['page'] > 0 ) $prev_link .= "&amp;page=".$prev['page'];
@@ -58,7 +58,7 @@ if ($prev['me_id']) {
 $sql = " select me.*, a.rownum from `{$g5['memo_table']}` as me inner join ( select me_id , (@rownum:=@rownum+1) as rownum from `{$g5['memo_table']}` as memo, (select @rownum:=0) tmp where me_{$kind}_mb_id = '{$member['mb_id']}' and memo.me_type = '$kind' order by me_id asc ) as a on a.me_id = me.me_id where me.me_id > '$me_id' and me.me_{$kind}_mb_id = '{$member['mb_id']}' and me.me_type = '$kind' order by me.me_id asc limit 1 ";
 
 $next = sql_fetch($sql);
-if ($next['me_id']) {
+if (isset($next['me_id']) && $next['me_id']) {
     $next_link = './memo_view.php?kind='.$kind.'&amp;me_id='.$next['me_id'];
     $next['page']  = ceil( (int)$next['rownum'] / $config['cf_page_rows']);  // 이동할 페이지 계산
     if( (int)$next['page'] > 0 ) $next_link .= "&amp;page=".$next['page'];
@@ -78,5 +78,4 @@ if(isset($page) && $page){
 
 include_once($member_skin_path.'/memo_view.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/move.php b/bbs/move.php
index 1dfb5c02b..8ace121a3 100644
--- a/bbs/move.php
+++ b/bbs/move.php
@@ -1,9 +1,11 @@
 <?php
 include_once('./_common.php');
 
-if ($sw == 'move')
+$sw = isset($_REQUEST['sw']) ? clean_xss_tags($_REQUEST['sw'], 1, 1) : '';
+
+if ($sw === 'move')
     $act = '이동';
-else if ($sw == 'copy')
+else if ($sw === 'copy')
     $act = '복사';
 else
     alert('sw 값이 제대로 넘어오지 않았습니다.');
@@ -20,8 +22,12 @@ if ($wr_id)
     $wr_id_list = $wr_id;
 else {
     $comma = '';
-    for ($i=0; $i<count($_POST['chk_wr_id']); $i++) {
-        $wr_id_list .= $comma . $_POST['chk_wr_id'][$i];
+
+    $count_chk_wr_id = (isset($_POST['chk_wr_id']) && is_array($_POST['chk_wr_id'])) ? count($_POST['chk_wr_id']) : 0;
+
+    for ($i=0; $i<count($count_chk_wr_id); $i++) {
+        $wr_id_val = isset($_POST['chk_wr_id'][$i]) ? preg_replace('/[^0-9]/', '', $_POST['chk_wr_id'][$i]) : 0;
+        $wr_id_list .= $comma . $wr_id_val;
         $comma = ',';
     }
 }
@@ -157,5 +163,4 @@ function fboardmoveall_submit(f)
 
 <?php
 run_event('move_html_footer');
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/move_update.php b/bbs/move_update.php
index 0b5f85508..4e2e253e3 100644
--- a/bbs/move_update.php
+++ b/bbs/move_update.php
@@ -2,6 +2,7 @@
 include_once('./_common.php');
 
 $act = isset($act) ? strip_tags($act) : '';
+$count_chk_bo_table = (isset($_POST['chk_bo_table']) && is_array($_POST['chk_bo_table'])) ? count($_POST['chk_bo_table']) : 0;
 
 // 게시판 관리자 이상 복사, 이동 가능
 if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
@@ -10,7 +11,7 @@ if ($is_admin != 'board' && $is_admin != 'group' && $is_admin != 'super')
 if ($sw != 'move' && $sw != 'copy')
     alert('sw 값이 제대로 넘어오지 않았습니다.');
 
-if(!count($_POST['chk_bo_table']))
+if(! $count_chk_bo_table)
     alert('게시물을 '.$act.'할 게시판을 한개 이상 선택해 주십시오.', $url);
 
 // 원본 파일 디렉토리
@@ -21,7 +22,7 @@ $save_count_write = 0;
 $save_count_comment = 0;
 $cnt = 0;
 
-$wr_id_list = preg_replace('/[^0-9\,]/', '', $_POST['wr_id_list']);
+$wr_id_list = isset($_POST['wr_id_list']) ? preg_replace('/[^0-9\,]/', '', $_POST['wr_id_list']) : '';
 
 $sql = " select distinct wr_num from $write_table where wr_id in ({$wr_id_list}) order by wr_id ";
 $result = sql_query($sql);
@@ -30,9 +31,9 @@ while ($row = sql_fetch_array($result))
     $save[$cnt]['wr_contents'] = array();
 
     $wr_num = $row['wr_num'];
-    for ($i=0; $i<count($_POST['chk_bo_table']); $i++)
+    for ($i=0; $i<$count_chk_bo_table; $i++)
     {
-        $move_bo_table = preg_replace('/[^a-z0-9_]/i', '', $_POST['chk_bo_table'][$i]);
+        $move_bo_table = isset($_POST['chk_bo_table'][$i]) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['chk_bo_table'][$i]) : '';
 
         // 취약점 18-0075 참고
         $sql = "select * from {$g5['board_table']} where bo_table = '".sql_real_escape_string($move_bo_table)."' ";
@@ -255,5 +256,4 @@ window.close();
 </p>
 <a href="$opener_href">돌아가기</a>
 </noscript>
-HEREDOC;
-?>
+HEREDOC;
\ No newline at end of file
diff --git a/bbs/new.php b/bbs/new.php
index 708d2ffac..e439b9fe2 100644
--- a/bbs/new.php
+++ b/bbs/new.php
@@ -112,5 +112,4 @@ $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['c
 
 include_once($new_skin_path.'/new.skin.php');
 
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/new_delete.php b/bbs/new_delete.php
index 035653915..dd74f0178 100644
--- a/bbs/new_delete.php
+++ b/bbs/new_delete.php
@@ -6,14 +6,16 @@ include_once('./_common.php');
 if ($is_admin != 'super')
     alert("최고관리자만 접근이 가능합니다.");
 
-$board = array();
+$board = array('bo_table'=>'');
 $save_bo_table = array();
 $save_wr_id = array();
+$count_chk_bn_id = (isset($_POST['chk_bn_id']) && is_array($_POST['chk_bn_id'])) ? count($_POST['chk_bn_id']) : 0;
+$count_write = 0;
 
-for($i=0;$i<count($_POST['chk_bn_id']);$i++)
+for($i=0;$i<$count_chk_bn_id;$i++)
 {
     // 실제 번호를 넘김
-    $k = $_POST['chk_bn_id'][$i];
+    $k = isset($_POST['chk_bn_id'][$i]) ? (int) $_POST['chk_bn_id'][$i] : 0;
 
     $bo_table = isset($_POST['bo_table'][$k]) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['bo_table'][$k]) : '';
     $wr_id    = isset($_POST['wr_id'][$k]) ? preg_replace('/[^0-9]/i', '', $_POST['wr_id'][$k]) : 0;
@@ -145,5 +147,4 @@ foreach ($save_bo_table as $key=>$value) {
 
 run_event('bbs_new_delete', $chk_bn_id, $save_bo_table, $save_wr_id);
 
-goto_url("new.php?sfl=$sfl&stx=$stx&page=$page");
-?>
\ No newline at end of file
+goto_url("new.php?sfl=$sfl&stx=$stx&page=$page");
\ No newline at end of file
diff --git a/bbs/newwin.inc.php b/bbs/newwin.inc.php
index 64aca2ce5..c2e2c05ab 100644
--- a/bbs/newwin.inc.php
+++ b/bbs/newwin.inc.php
@@ -22,7 +22,7 @@ $result = sql_query($sql, false);
 for ($i=0; $nw=sql_fetch_array($result); $i++)
 {
     // 이미 체크 되었다면 Continue
-    if ($_COOKIE["hd_pops_{$nw['nw_id']}"])
+    if (isset($_COOKIE["hd_pops_{$nw['nw_id']}"]) && $_COOKIE["hd_pops_{$nw['nw_id']}"])
         continue;
 ?>
 
diff --git a/bbs/password.php b/bbs/password.php
index 54209e9d3..31e807881 100644
--- a/bbs/password.php
+++ b/bbs/password.php
@@ -3,9 +3,7 @@ include_once('./_common.php');
 
 $g5['title'] = '비밀번호 입력';
 
-if( isset($comment_id) ){
-    $comment_id = (int) $comment_id;
-}
+$comment_id = isset($_REQUEST['comment_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['comment_id']) : 0;
 
 switch ($w) {
     case 'u' :
@@ -64,5 +62,4 @@ include_once($member_skin_path.'/password.skin.php');
 //if ($board['bo_content_tail']) { echo html_purifier(stripslashes($board['bo_content_tail'])); }
 //if ($board['bo_include_tail'] && is_include_path_check($board['bo_content_tail'])) { @include ($board['bo_include_tail']); }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/password_check.php b/bbs/password_check.php
index 9eab6e5fe..cde4c408c 100644
--- a/bbs/password_check.php
+++ b/bbs/password_check.php
@@ -47,5 +47,4 @@ if ($w == 's') {
 } else
     alert('w 값이 제대로 넘어오지 않았습니다.');
 
-goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?'.$qstr));
-?>
+goto_url(short_url_clean(G5_HTTP_BBS_URL.'/board.php?'.$qstr));
\ No newline at end of file
diff --git a/bbs/password_lost.php b/bbs/password_lost.php
index 1e70ecf8d..c8f93f352 100644
--- a/bbs/password_lost.php
+++ b/bbs/password_lost.php
@@ -12,5 +12,4 @@ include_once(G5_PATH.'/head.sub.php');
 $action_url = G5_HTTPS_BBS_URL."/password_lost2.php";
 include_once($member_skin_path.'/password_lost.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php
index 96f57c7f9..9f8ec56da 100644
--- a/bbs/password_lost2.php
+++ b/bbs/password_lost2.php
@@ -73,5 +73,4 @@ mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb['mb_email'
 
 run_event('password_lost2_after', $mb, $mb_nonce, $mb_lost_certify);
 
-alert_close($email.' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.');
-?>
+alert_close($email.' 메일로 회원아이디와 비밀번호를 인증할 수 있는 메일이 발송 되었습니다.\\n\\n메일을 확인하여 주십시오.');
\ No newline at end of file
diff --git a/bbs/password_lost_certify.php b/bbs/password_lost_certify.php
index b71cfc5d7..92aed20c2 100644
--- a/bbs/password_lost_certify.php
+++ b/bbs/password_lost_certify.php
@@ -8,8 +8,8 @@ run_event('password_lost_certify_before');
 
 // 오류시 공히 Error 라고 처리하는 것은 회원정보가 있는지? 비밀번호가 틀린지? 를 알아보려는 해킹에 대비한것
 
-$mb_no = preg_replace('#[^0-9]#', '', trim($_GET['mb_no']));
-$mb_nonce = trim($_GET['mb_nonce']);
+$mb_no = isset($_GET['mb_no']) ? preg_replace('#[^0-9]#', '', trim($_GET['mb_no'])) : 0;
+$mb_nonce = isset($_GET['mb_nonce']) ? trim($_GET['mb_nonce']) : '';
 
 // 회원아이디가 아닌 회원고유번호로 회원정보를 구한다.
 $sql = " select mb_id, mb_lost_certify from {$g5['member_table']} where mb_no = '$mb_no' ";
@@ -31,5 +31,4 @@ if ($mb_nonce === substr($mb['mb_lost_certify'], 0, 32)) {
 }
 else {
     die("Error");
-}
-?>
+}
\ No newline at end of file
diff --git a/bbs/point.php b/bbs/point.php
index e37fe67bc..e67002ce8 100644
--- a/bbs/point.php
+++ b/bbs/point.php
@@ -23,5 +23,4 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 
 include_once($member_skin_path.'/point.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/poll_etc_update.php b/bbs/poll_etc_update.php
index 14bf55553..772826872 100644
--- a/bbs/poll_etc_update.php
+++ b/bbs/poll_etc_update.php
@@ -4,9 +4,9 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
 
 if ($w == '')
 {
-    $po_id   = $_POST['po_id'];
-    $pc_name = $_POST['pc_name'];
-    $pc_idea = $_POST['pc_idea'];
+    $po_id   = isset($_POST['po_id']) ? (int) $_POST['po_id'] : '';
+    $pc_name = isset($_POST['pc_name']) ? clean_xss_tags($_POST['pc_name'], 1, 1) : '';
+    $pc_idea = isset($_POST['pc_idea']) ? clean_xss_tags($_POST['pc_idea'], 1, 1) : '';
 
     $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
     if (!$po['po_id'])
@@ -55,5 +55,4 @@ else if ($w == 'd')
     }
 }
 
-goto_url('./poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);
-?>
+goto_url('./poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);
\ No newline at end of file
diff --git a/bbs/poll_result.php b/bbs/poll_result.php
index 939758de6..01e43773f 100644
--- a/bbs/poll_result.php
+++ b/bbs/poll_result.php
@@ -2,6 +2,8 @@
 include_once('./_common.php');
 include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 
+$po_id   = isset($_REQUEST['po_id']) ? (int) $_REQUEST['po_id'] : '';
+
 $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
 if (!$po['po_id'])
     alert('설문조사 정보가 없습니다.');
@@ -15,9 +17,11 @@ $po_subject = $po['po_subject'];
 
 $max = 1;
 $total_po_cnt = 0;
-for ($i=1; $i<=9; $i++) {
+$poll_max_count = 9;
+
+for ($i=1; $i<=$poll_max_count; $i++) {
     $poll = $po['po_poll'.$i];
-    if ($poll == '') break;
+    if (! $poll) break;
 
     $count = $po['po_cnt'.$i];
     $total_po_cnt += $count;
@@ -29,12 +33,14 @@ $nf_total_po_cnt = number_format($total_po_cnt);
 
 $list = array();
 
-for ($i=1; $i<=9; $i++) {
+for ($i=1; $i<=$poll_max_count; $i++) {
     $poll = $po['po_poll'.$i];
-    if ($poll == '') { break; }
+    if (! $poll) { break; }
 
     $list[$i]['content'] = $poll;
     $list[$i]['cnt'] = $po['po_cnt'.$i];
+    $list[$i]['rate'] = 0;
+
     if ($total_po_cnt > 0)
         $list[$i]['rate'] = ($list[$i]['cnt'] / $total_po_cnt) * 100;
 
@@ -111,5 +117,4 @@ include_once(G5_PATH.'/head.sub.php');
 if (!file_exists($poll_skin_path.'/poll_result.skin.php')) die('skin error');
 include_once ($poll_skin_path.'/poll_result.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/poll_update.php b/bbs/poll_update.php
index 292e3ae7b..cca29431b 100644
--- a/bbs/poll_update.php
+++ b/bbs/poll_update.php
@@ -1,14 +1,16 @@
 <?php
 include_once('./_common.php');
 
+$po_id = isset($_POST['po_id']) ? preg_replace('/[^0-9]/', '', $_POST['po_id']) : 0;
+
 $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$_POST['po_id']}' ");
-if (!$po['po_id'])
+if (! (isset($po['po_id']) && $po['po_id']))
     alert('po_id 값이 제대로 넘어오지 않았습니다.');
 
 if ($member['mb_level'] < $po['po_level'])
     alert_close('권한 '.$po['po_level'].' 이상 회원만 투표에 참여하실 수 있습니다.');
 
-$gb_poll = preg_replace('/[^0-9]/', '', $gb_poll);
+$gb_poll = isset($_POST['gb_poll']) ? preg_replace('/[^0-9]/', '', $_POST['gb_poll']) : 0;
 if(!$gb_poll)
     alert_close('항목을 선택하세요.');
 
@@ -35,7 +37,8 @@ if($is_member) {
     }
 }
 
-$result_url = G5_BBS_URL."/poll_result.php?po_id=$po_id&skin_dir={$_POST['skin_dir']}";
+$post_skin_dir = isset($_POST['skin_dir']) ? clean_xss_tags($_POST['skin_dir'], 1, 1) : '';
+$result_url = G5_BBS_URL."/poll_result.php?po_id=$po_id&skin_dir={$post_skin_dir}";
 
 // 없다면 선택한 투표항목을 1증가 시키고 ip, id를 저장
 if (!($search_ip || $search_mb_id)) {
@@ -50,12 +53,11 @@ if (!($search_ip || $search_mb_id)) {
 
     sql_query($sql);
 } else {
-    alert($po['po_subject'].'에 이미 참여하셨습니다.', $result_url);
+    alert(addcslashes($po['po_subject'], '"\\/').'에 이미 참여하셨습니다.', $result_url);
 }
 
 if (!$search_mb_id)
     insert_point($member['mb_id'], $po['po_point'], $po['po_id'] . '. ' . cut_str($po['po_subject'],20) . ' 투표 참여 ', '@poll', $po['po_id'], '투표');
 
 //goto_url($g5['bbs_url'].'/poll_result.php?po_id='.$po_id.'&amp;skin_dir='.$skin_dir);
-goto_url($result_url);
-?>
+goto_url($result_url);
\ No newline at end of file
diff --git a/bbs/profile.php b/bbs/profile.php
index d10ba16b8..b0f967dfa 100644
--- a/bbs/profile.php
+++ b/bbs/profile.php
@@ -32,5 +32,4 @@ $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'],0) : '소개 
 
 include_once($member_skin_path.'/profile.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/qadelete.php b/bbs/qadelete.php
index 09e7b82cc..fa6036f9e 100644
--- a/bbs/qadelete.php
+++ b/bbs/qadelete.php
@@ -15,7 +15,7 @@ $tmp_array = array();
 if ($qa_id) // 건별삭제
     $tmp_array[0] = $qa_id;
 else // 일괄삭제
-    $tmp_array = $_POST['chk_qa_id'];
+    $tmp_array = (isset($_POST['chk_qa_id']) && is_array($_POST['chk_qa_id'])) ? $_POST['chk_qa_id'] : array();
 
 $count = count($tmp_array);
 if(!$count)
@@ -79,5 +79,4 @@ for($i=0; $i<$count; $i++) {
     sql_query(" delete from {$g5['qa_content_table']} where qa_id = '$qa_id' ");
 }
 
-goto_url(G5_BBS_URL.'/qalist.php'.preg_replace('/^&amp;/', '?', $qstr));
-?>
\ No newline at end of file
+goto_url(G5_BBS_URL.'/qalist.php'.preg_replace('/^&amp;/', '?', $qstr));
\ No newline at end of file
diff --git a/bbs/qadownload.php b/bbs/qadownload.php
index b6f163ed7..93cf8e210 100644
--- a/bbs/qadownload.php
+++ b/bbs/qadownload.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 // clean the output buffer
 ob_end_clean();
 
-$no = (int)$no;
+$no = isset($_REQUEST['no']) ? (int) $_REQUEST['no'] : 0;
 
 // 쿠키에 저장된 ID값과 넘어온 ID값을 비교하여 같지 않을 경우 오류 발생
 // 다른곳에서 링크 거는것을 방지하기 위한 코드
@@ -71,5 +71,4 @@ while(!feof($fp)) {
     usleep(1000);
 }
 fclose ($fp);
-flush();
-?>
+flush();
\ No newline at end of file
diff --git a/bbs/qahead.php b/bbs/qahead.php
index 976f4d524..256cd0058 100644
--- a/bbs/qahead.php
+++ b/bbs/qahead.php
@@ -14,5 +14,4 @@ if (G5_IS_MOBILE) {
     else
         include ('./_head.php');
     echo conv_content($qaconfig['qa_content_head'], 1);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/qalist.php b/bbs/qalist.php
index 4d404c610..6b8da8cfb 100644
--- a/bbs/qalist.php
+++ b/bbs/qalist.php
@@ -10,6 +10,7 @@ $g5['title'] = $qaconfig['qa_title'];
 include_once('./qahead.php');
 
 $skin_file = $qa_skin_path.'/list.skin.php';
+$is_auth = $is_admin ? true : false;
 
 $category_option = '';
 if ($qaconfig['qa_category']) {
@@ -120,5 +121,4 @@ if(is_file($skin_file)) {
     echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
 }
 
-include_once('./qatail.php');
-?>
\ No newline at end of file
+include_once('./qatail.php');
\ No newline at end of file
diff --git a/bbs/qatail.php b/bbs/qatail.php
index 8b22bcf66..1fb3cf646 100644
--- a/bbs/qatail.php
+++ b/bbs/qatail.php
@@ -11,5 +11,4 @@ if (G5_IS_MOBILE) {
         @include ($qaconfig['qa_include_tail']);
     else
         include ('./_tail.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/qaview.php b/bbs/qaview.php
index 1bdbd48f3..7ff48b628 100644
--- a/bbs/qaview.php
+++ b/bbs/qaview.php
@@ -2,10 +2,13 @@
 include_once('./_common.php');
 include_once(G5_EDITOR_LIB);
 
+$qa_id = isset($_REQUEST['qa_id']) ? (int) $_REQUEST['qa_id'] : 0;
+
 if($is_guest)
     alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qaview.php?qa_id='.$qa_id));
 
 $qaconfig = get_qa_config();
+$content = '';
 
 $g5['title'] = $qaconfig['qa_title'];
 include_once('./qahead.php');
@@ -20,7 +23,7 @@ if(is_file($skin_file)) {
 
     $view = sql_fetch($sql);
 
-    if(!$view['qa_id'])
+    if(!(isset($view['qa_id']) && $view['qa_id']))
         alert('게시글이 존재하지 않습니다.\\n삭제되었거나 자신의 글이 아닌 경우입니다.');
 
     $subject_len = G5_IS_MOBILE ? $qaconfig['qa_mobile_subject_len'] : $qaconfig['qa_subject_len'];
@@ -168,10 +171,19 @@ if(is_file($skin_file)) {
         }
     }
 
+    $html_value = '';
+    $html_checked = '';
+    if (isset($view['qa_html']) && $view['qa_html']) {
+        $html_checked = 'checked';
+        $html_value = $view['qa_html'];
+
+        if($view['qa_html'] == 1 && !$is_dhtml_editor)
+            $html_value = 2;
+    }
+
     include_once($skin_file);
 } else {
     echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
 }
 
-include_once('./qatail.php');
-?>
\ No newline at end of file
+include_once('./qatail.php');
\ No newline at end of file
diff --git a/bbs/qawrite.php b/bbs/qawrite.php
index 484f271b5..86d65d037 100644
--- a/bbs/qawrite.php
+++ b/bbs/qawrite.php
@@ -6,6 +6,9 @@ if($w != '' && $w != 'u' && $w != 'r') {
     alert('올바른 방법으로 이용해 주십시오.');
 }
 
+$qa_id = isset($_REQUEST['qa_id']) ? (int) $_REQUEST['qa_id'] : 0;
+$write = array('qa_email_recv'=>'', 'qa_subject'=>'', 'qa_category'=>'');
+
 if($is_guest)
     alert('회원이시라면 로그인 후 이용해 보십시오.', './login.php?url='.urlencode(G5_BBS_URL.'/qalist.php'));
 
@@ -90,7 +93,7 @@ if(is_file($skin_file)) {
     $upload_max_filesize = number_format($qaconfig['qa_upload_size']) . ' 바이트';
 
     $html_value = '';
-    if ($write['qa_html']) {
+    if (isset($write['qa_html']) && $write['qa_html']) {
         $html_checked = 'checked';
         $html_value = $write['qa_html'];
 
@@ -137,5 +140,4 @@ if(is_file($skin_file)) {
     echo '<div>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</div>';
 }
 
-include_once('./qatail.php');
-?>
\ No newline at end of file
+include_once('./qatail.php');
\ No newline at end of file
diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php
index 02ebd1cef..9b4416cc7 100644
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@@ -14,7 +14,7 @@ $msg = array();
 
 // 1:1문의 설정값
 $qaconfig = get_qa_config();
-$qa_id = isset($qa_id) ? (int) $qa_id : 0;
+$qa_id = isset($_POST['qa_id']) ? (int) $_POST['qa_id'] : 0;
 
 if(trim($qaconfig['qa_category'])) {
     if($w != 'a') {
@@ -57,8 +57,7 @@ if (!empty($msg)) {
     alert($msg);
 }
 
-if($qa_hp)
-    $qa_hp = preg_replace('/[^0-9\-]/', '', strip_tags($qa_hp));
+$qa_hp = isset($_POST['qa_hp']) ? preg_replace('/[^0-9\-]/', '', $_POST['qa_hp']) : '';
 
 // 090710
 if (substr_count($qa_content, '&#') > 50) {
@@ -72,6 +71,13 @@ if (empty($_POST)) {
     alert("파일 또는 글내용의 크기가 서버에서 설정한 값을 넘어 오류가 발생하였습니다.\\npost_max_size=".ini_get('post_max_size')." , upload_max_filesize=".$upload_max_filesize."\\n게시판관리자 또는 서버관리자에게 문의 바랍니다.");
 }
 
+$qa_type = 0;
+$qa_parent = 0;
+$qa_related = 0;
+$qa_email_recv = (isset($_POST['qa_email_recv']) && $_POST['qa_email_recv']) ? 1 : 0;
+$qa_sms_recv = (isset($_POST['qa_sms_recv']) && $_POST['qa_sms_recv']) ? 1 : 0;
+$qa_status = 0;
+
 for ($i=1; $i<=5; $i++) {
     $var = "qa_$i";
     $$var = "";
@@ -115,7 +121,7 @@ if($w == 'u' || $w == 'a' || $w == 'r') {
 
 // 파일개수 체크
 $file_count   = 0;
-$upload_count = count($_FILES['bf_file']['name']);
+$upload_count = isset($_FILES['bf_file']['name']) ? count($_FILES['bf_file']['name']) : 0;
 
 for ($i=1; $i<=$upload_count; $i++) {
     if($_FILES['bf_file']['name'][$i] && is_uploaded_file($_FILES['bf_file']['tmp_name'][$i]))
@@ -134,7 +140,7 @@ $chars_array = array_merge(range(0,9), range('a','z'), range('A','Z'));
 // 가변 파일 업로드
 $file_upload_msg = '';
 $upload = array();
-for ($i=1; $i<=count($_FILES['bf_file']['name']); $i++) {
+for ($i=1; $i<=$upload_count; $i++) {
     $upload[$i]['file']     = '';
     $upload[$i]['source']   = '';
     $upload[$i]['del_check'] = false;
@@ -234,6 +240,11 @@ if($w == '' || $w == 'a' || $w == 'r') {
         $qa_status = 1;
     }
 
+    $insert_qa_file1 = isset($upload[1]['file']) ? $upload[1]['file'] : '';
+    $insert_qa_source1 = isset($upload[1]['source']) ? $upload[1]['source'] : '';
+    $insert_qa_file2 = isset($upload[2]['file']) ? $upload[2]['file'] : '';
+    $insert_qa_source2 = isset($upload[2]['source']) ? $upload[2]['source'] : '';
+
     $sql = " insert into {$g5['qa_content_table']}
                 set qa_num          = '$qa_num',
                     mb_id           = '{$member['mb_id']}',
@@ -250,10 +261,10 @@ if($w == '' || $w == 'a' || $w == 'r') {
                     qa_subject      = '$qa_subject',
                     qa_content      = '$qa_content',
                     qa_status       = '$qa_status',
-                    qa_file1        = '{$upload[1]['file']}',
-                    qa_source1      = '{$upload[1]['source']}',
-                    qa_file2        = '{$upload[2]['file']}',
-                    qa_source2      = '{$upload[2]['source']}',
+                    qa_file1        = '{$insert_qa_file1}',
+                    qa_source1      = '{$insert_qa_source1}',
+                    qa_file2        = '{$insert_qa_file2}',
+                    qa_source2      = '{$insert_qa_source2}',
                     qa_ip           = '{$_SERVER['REMOTE_ADDR']}',
                     qa_datetime     = '".G5_TIME_YMDHIS."',
                     qa_1            = '$qa_1',
@@ -450,5 +461,4 @@ else
 if ($file_upload_msg)
     alert($file_upload_msg, $result_url);
 else
-    goto_url($result_url);
-?>
\ No newline at end of file
+    goto_url($result_url);
\ No newline at end of file
diff --git a/bbs/register.php b/bbs/register.php
index e6fbb31a3..b417534c6 100644
--- a/bbs/register.php
+++ b/bbs/register.php
@@ -15,5 +15,4 @@ include_once('./_head.php');
 $register_action_url = G5_BBS_URL.'/register_form.php';
 include_once($member_skin_path.'/register.skin.php');
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/register_email.php b/bbs/register_email.php
index 2d83f2c72..54ab2f6f7 100644
--- a/bbs/register_email.php
+++ b/bbs/register_email.php
@@ -5,14 +5,19 @@ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 $g5['title'] = '메일인증 메일주소 변경';
 include_once('./_head.php');
 
-$mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20);
-$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' ";
+$mb_id = isset($_GET['mb_id']) ? substr(clean_xss_tags($_GET['mb_id']), 0, 20) : '';
+$sql = " select mb_email, mb_datetime, mb_ip, mb_email_certify, mb_id from {$g5['member_table']} where mb_id = '{$mb_id}' ";
 $mb = sql_fetch($sql);
+
+if(! (isset($mb['mb_id']) && $mb['mb_id'])){
+    alert("해당 회원이 존재하지 않습니다.", G5_URL);
+}
+
 if (substr($mb['mb_email_certify'],0,1)!=0) {
     alert("이미 메일인증 하신 회원입니다.", G5_URL);
 }
 
-$ckey = trim($_GET['ckey']);
+$ckey = isset($_GET['ckey']) ? trim($_GET['ckey']) : '';
 $key  = md5($mb['mb_ip'].$mb['mb_datetime']);
 
 if(!$ckey || $ckey != $key)
@@ -54,5 +59,4 @@ function fregister_email_submit(f)
 }
 </script>
 <?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php
index ec6a5672d..0dda117d9 100644
--- a/bbs/register_email_update.php
+++ b/bbs/register_email_update.php
@@ -3,8 +3,8 @@ include_once('./_common.php');
 include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-$mb_id = substr(clean_xss_tags($_POST['mb_id']), 0, 20);
-$mb_email = get_email_address(trim($_POST['mb_email']));
+$mb_id = isset($_POST['mb_id']) ? substr(clean_xss_tags($_POST['mb_id']), 0, 20) : '';
+$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
 
 if(!$mb_id || !$mb_email)
     alert('올바른 방법으로 이용해 주십시오.', G5_URL);
@@ -47,5 +47,4 @@ mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $su
 $sql = " update {$g5['member_table']} set mb_email = '$mb_email' where mb_id = '$mb_id' ";
 sql_query($sql);
 
-alert("인증메일을 {$mb_email} 메일로 다시 보내 드렸습니다.\\n\\n잠시후 {$mb_email} 메일을 확인하여 주십시오.", G5_URL);
-?>
\ No newline at end of file
+alert("인증메일을 {$mb_email} 메일로 다시 보내 드렸습니다.\\n\\n잠시후 {$mb_email} 메일을 확인하여 주십시오.", G5_URL);
\ No newline at end of file
diff --git a/bbs/register_form.php b/bbs/register_form.php
index 86af1e78c..6f94d9cac 100644
--- a/bbs/register_form.php
+++ b/bbs/register_form.php
@@ -14,7 +14,7 @@ set_session("ss_cert_type", "");
 
 $is_social_login_modify = false;
 
-if( $provider && function_exists('social_nonce_is_valid') ){   //모바일로 소셜 연결을 했다면
+if( isset($_REQUEST['provider']) && $_REQUEST['provider']  && function_exists('social_nonce_is_valid') ){   //모바일로 소셜 연결을 했다면
     if( social_nonce_is_valid(get_session("social_link_token"), $provider) ){  //토큰값이 유효한지 체크
         $w = 'u';   //회원 수정으로 처리
         $_POST['mb_id'] = $member['mb_id'];
@@ -87,7 +87,7 @@ if ($w == "") {
 
     if (isset($_POST['mb_password'])) {
         // 수정된 정보를 업데이트후 되돌아 온것이라면 비밀번호가 암호화 된채로 넘어온것임
-        if ($_POST['is_update']) {
+        if (isset($_POST['is_update']) && $_POST['is_update']) {
             $tmp_password = $_POST['mb_password'];
             $pass_check = ($member['mb_password'] === $tmp_password);
         } else {
@@ -144,8 +144,8 @@ $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) &
 $required = ($w=='') ? 'required' : '';
 $readonly = ($w=='u') ? 'readonly' : '';
 
-$agree  = preg_replace('#[^0-9]#', '', $agree);
-$agree2 = preg_replace('#[^0-9]#', '', $agree2);
+$agree  = isset($_REQUEST['agree']) ? preg_replace('#[^0-9]#', '', $_REQUEST['agree']) : '';
+$agree2 = isset($_REQUEST['agree2']) ? preg_replace('#[^0-9]#', '', $_REQUEST['agree2']) : '';
 
 // add_javascript('js 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 if ($config['cf_use_addr'])
@@ -155,5 +155,4 @@ include_once($member_skin_path.'/register_form.skin.php');
 
 run_event('register_form_after', $w, $agree, $agree2);
 
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php
index 8b1ecc32a..f3950cf30 100644
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@@ -24,18 +24,18 @@ if (!chk_captcha()) {
 if($w == 'u')
     $mb_id = isset($_SESSION['ss_mb_id']) ? trim($_SESSION['ss_mb_id']) : '';
 else if($w == '')
-    $mb_id = trim($_POST['mb_id']);
+    $mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
 else
     alert('잘못된 접근입니다', G5_URL);
 
 if(!$mb_id)
     alert('회원아이디 값이 없습니다. 올바른 방법으로 이용해 주십시오.');
 
-$mb_password    = trim($_POST['mb_password']);
-$mb_password_re = trim($_POST['mb_password_re']);
-$mb_name        = trim($_POST['mb_name']);
-$mb_nick        = trim($_POST['mb_nick']);
-$mb_email       = trim($_POST['mb_email']);
+$mb_password    = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
+$mb_password_re = isset($_POST['mb_password_re']) ? trim($_POST['mb_password_re']) : '';
+$mb_name        = isset($_POST['mb_name']) ? trim($_POST['mb_name']) : '';
+$mb_nick        = isset($_POST['mb_name']) ? trim($_POST['mb_nick']) : '';
+$mb_email       = isset($_POST['mb_name']) ? trim($_POST['mb_email']) : '';
 $mb_sex         = isset($_POST['mb_sex'])           ? trim($_POST['mb_sex'])         : "";
 $mb_birth       = isset($_POST['mb_birth'])         ? trim($_POST['mb_birth'])       : "";
 $mb_homepage    = isset($_POST['mb_homepage'])      ? trim($_POST['mb_homepage'])    : "";
@@ -127,7 +127,8 @@ if ($w == '' || $w == 'u') {
 
         // 본인확인 체크
         if($config['cf_cert_use'] && $config['cf_cert_req']) {
-            if(trim($_POST['cert_no']) != $_SESSION['ss_cert_no'] || !$_SESSION['ss_cert_no'])
+            $post_cert_no = isset($_POST['cert_no']) ? trim($_POST['cert_no']) : '';
+            if($post_cert_no !== get_session('ss_cert_no') || ! get_session('ss_cert_no'))
                 alert("회원가입을 위해서는 본인확인을 해주셔야 합니다.");
         }
 
@@ -161,9 +162,9 @@ if ($w == '' || $w == 'u') {
 //  본인확인
 //---------------------------------------------------------------
 $mb_hp = hyphen_hp_number($mb_hp);
-if($config['cf_cert_use'] && $_SESSION['ss_cert_type'] && $_SESSION['ss_cert_dupinfo']) {
+if($config['cf_cert_use'] && get_session('ss_cert_type') && get_session('ss_cert_dupinfo')) {
     // 중복체크
-    $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$_SESSION['ss_cert_dupinfo']}' ";
+    $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
     $row = sql_fetch($sql);
     if ($row['mb_id']) {
         alert("입력하신 본인확인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : ".$row['mb_id']);
@@ -171,17 +172,17 @@ if($config['cf_cert_use'] && $_SESSION['ss_cert_type'] && $_SESSION['ss_cert_dup
 }
 
 $sql_certify = '';
-$md5_cert_no = $_SESSION['ss_cert_no'];
-$cert_type = $_SESSION['ss_cert_type'];
+$md5_cert_no = get_session('ss_cert_no');
+$cert_type = get_session('ss_cert_type');
 if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
     // 해시값이 같은 경우에만 본인확인 값을 저장한다.
-    if ($_SESSION['ss_cert_hash'] == md5($mb_name.$cert_type.$_SESSION['ss_cert_birth'].$md5_cert_no)) {
+    if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
         $sql_certify .= " , mb_hp = '{$mb_hp}' ";
         $sql_certify .= " , mb_certify  = '{$cert_type}' ";
-        $sql_certify .= " , mb_adult = '{$_SESSION['ss_cert_adult']}' ";
-        $sql_certify .= " , mb_birth = '{$_SESSION['ss_cert_birth']}' ";
-        $sql_certify .= " , mb_sex = '{$_SESSION['ss_cert_sex']}' ";
-        $sql_certify .= " , mb_dupinfo = '{$_SESSION['ss_cert_dupinfo']}' ";
+        $sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
+        $sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
+        $sql_certify .= " , mb_sex = '".get_session('ss_cert_sex')."' ";
+        $sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
         if($w == 'u')
             $sql_certify .= " , mb_name = '{$mb_name}' ";
     } else {
@@ -304,7 +305,7 @@ if ($w == '') {
     set_session('ss_mb_reg', $mb_id);
 
 } else if ($w == 'u') {
-    if (!trim($_SESSION['ss_mb_id']))
+    if (!trim(get_session('ss_mb_id')))
         alert('로그인 되어 있지 않습니다.');
 
     if (trim($_POST['mb_id']) != $mb_id)
@@ -553,11 +554,11 @@ if($w == '' && $default['de_member_reg_coupon_use'] && $default['de_member_reg_c
 // 사용자 코드 실행
 @include_once ($member_skin_path.'/register_form_update.tail.skin.php');
 
-unset($_SESSION['ss_cert_type']);
-unset($_SESSION['ss_cert_no']);
-unset($_SESSION['ss_cert_hash']);
-unset($_SESSION['ss_cert_birth']);
-unset($_SESSION['ss_cert_adult']);
+if(isset($_SESSION['ss_cert_type'])) unset($_SESSION['ss_cert_type']);
+if(isset($_SESSION['ss_cert_no'])) unset($_SESSION['ss_cert_no']);
+if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_hash']);
+if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_birth']);
+if(isset($_SESSION['ss_cert_hash'])) unset($_SESSION['ss_cert_adult']);
 
 if ($msg)
     echo '<script>alert(\''.$msg.'\');</script>';
@@ -594,5 +595,4 @@ if ($w == '') {
         </body>
         </html>';
     }
-}
-?>
+}
\ No newline at end of file
diff --git a/bbs/register_result.php b/bbs/register_result.php
index cc27753cd..cc7523794 100644
--- a/bbs/register_result.php
+++ b/bbs/register_result.php
@@ -11,5 +11,4 @@ if (!$mb['mb_id'])
 $g5['title'] = '회원가입 완료';
 include_once('./_head.php');
 include_once($member_skin_path.'/register_result.skin.php');
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/rss.php b/bbs/rss.php
index 9d6def1d0..bde5af31f 100644
--- a/bbs/rss.php
+++ b/bbs/rss.php
@@ -86,5 +86,4 @@ $date = date('r', strtotime($date));
 }
 
 echo '</channel>'."\n";
-echo '</rss>'."\n";
-?>
+echo '</rss>'."\n";
\ No newline at end of file
diff --git a/bbs/scrap.php b/bbs/scrap.php
index 20644214a..bc4ff4673 100644
--- a/bbs/scrap.php
+++ b/bbs/scrap.php
@@ -56,5 +56,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 
 include_once($member_skin_path.'/scrap.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/scrap_delete.php b/bbs/scrap_delete.php
index 64f83ca0a..6859caaf9 100644
--- a/bbs/scrap_delete.php
+++ b/bbs/scrap_delete.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$ms_id = isset($_REQUEST['ms_id']) ? (int) $_REQUEST['ms_id'] : 0;
+
 if (!$is_member)
     alert('회원만 이용하실 수 있습니다.');
 
@@ -10,5 +12,4 @@ sql_query($sql);
 $sql = " update `{$g5['member_table']}` set mb_scrap_cnt = '".get_scrap_totals($member['mb_id'])."' where mb_id = '{$member['mb_id']}' ";
 sql_query($sql);
 
-goto_url('./scrap.php?page='.$page);
-?>
+goto_url('./scrap.php?page='.$page);
\ No newline at end of file
diff --git a/bbs/scrap_popin.php b/bbs/scrap_popin.php
index 13e5b4cac..3ab5bef64 100644
--- a/bbs/scrap_popin.php
+++ b/bbs/scrap_popin.php
@@ -59,5 +59,4 @@ HEREDOC;
 
 include_once($member_skin_path.'/scrap_popin.skin.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/scrap_popin_update.php b/bbs/scrap_popin_update.php
index c1fb89399..5287d7652 100644
--- a/bbs/scrap_popin_update.php
+++ b/bbs/scrap_popin_update.php
@@ -36,7 +36,7 @@ if ($row['cnt'])
     exit;
 }
 
-$wr_content = trim($_POST['wr_content']);
+$wr_content = isset($_POST['wr_content']) ? trim($_POST['wr_content']) : '';
 
 // 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
 if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
@@ -117,5 +117,4 @@ echo <<<HEREDOC
 <p>이 글을 스크랩 하였습니다.</p>
 <a href="./scrap.php">스크랩 확인하기</a>
 </noscript>
-HEREDOC;
-?>
+HEREDOC;
\ No newline at end of file
diff --git a/bbs/search.php b/bbs/search.php
index 33f786bc9..3b1affbf3 100644
--- a/bbs/search.php
+++ b/bbs/search.php
@@ -228,7 +228,7 @@ $group_select = '<label for="gr_id" class="sound_only">게시판 그룹선택</l
 $sql = " select gr_id, gr_subject from {$g5['group_table']} order by gr_id ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++)
-    $group_select .= "<option value=\"".$row['gr_id']."\"".get_selected($_GET['gr_id'], $row['gr_id']).">".$row['gr_subject']."</option>";
+    $group_select .= "<option value=\"".$row['gr_id']."\"".get_selected($gr_id, $row['gr_id']).">".$row['gr_subject']."</option>";
 $group_select .= '</select>';
 
 if (!$sfl) $sfl = 'wr_subject';
@@ -236,5 +236,4 @@ if (!$sop) $sop = 'or';
 
 include_once($search_skin_path.'/search.skin.php');
 
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/bbs/sns_send.php b/bbs/sns_send.php
index 972d16257..0593f23a6 100644
--- a/bbs/sns_send.php
+++ b/bbs/sns_send.php
@@ -1,13 +1,16 @@
 <?php
 include_once("./_common.php");
 
-$title    =  urlencode(str_replace('\"', '"',$_REQUEST['title']));
-$short_url = googl_short_url($_REQUEST['longurl']);
+$title    =  isset($_REQUEST['title']) ? urlencode(str_replace('\"', '"', $_REQUEST['title'])) : '';
+$short_url = isset($_REQUEST['longurl']) ? googl_short_url($_REQUEST['longurl']) : '';
+$sns = isset($_REQUEST['sns']) ? $_REQUEST['sns'] : '';
+
 if(!$short_url)
-    $short_url = urlencode($_REQUEST['longurl']);
+    $short_url = isset($_REQUEST['longurl']) ? urlencode($_REQUEST['longurl']) : '';
+
 $title_url = $title.' : '.$short_url;
 
-switch($_REQUEST['sns']) {
+switch($sns) {
     case 'facebook' :
         header("Location:http://www.facebook.com/sharer/sharer.php?s=100&u=".$short_url."&p=".$title);
         break;
@@ -19,5 +22,4 @@ switch($_REQUEST['sns']) {
         break;
     default :
         echo 'Error';
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/view.php b/bbs/view.php
index bea95be85..719f18476 100644
--- a/bbs/view.php
+++ b/bbs/view.php
@@ -28,7 +28,7 @@ if (!$board['bo_use_list_view']) {
     $sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num = '{$write['wr_num']}' and wr_reply < '{$write['wr_reply']}' {$sql_search} order by wr_num desc, wr_reply desc limit 1 ";
     $prev = sql_fetch($sql);
     // 위의 쿼리문으로 값을 얻지 못했다면
-    if (!$prev['wr_id'])     {
+    if (isset($prev['wr_id']) && !$prev['wr_id'])     {
         $sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num < '{$write['wr_num']}' {$sql_search} order by wr_num desc, wr_reply desc limit 1 ";
         $prev = sql_fetch($sql);
     }
@@ -37,7 +37,7 @@ if (!$board['bo_use_list_view']) {
     $sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num = '{$write['wr_num']}' and wr_reply > '{$write['wr_reply']}' {$sql_search} order by wr_num, wr_reply limit 1 ";
     $next = sql_fetch($sql);
     // 위의 쿼리문으로 값을 얻지 못했다면
-    if (!$next['wr_id']) {
+    if (isset($next['wr_id']) && !$next['wr_id']) {
         $sql = " select wr_id, wr_subject, wr_datetime from {$write_table} where wr_is_comment = 0 and wr_num > '{$write['wr_num']}' {$sql_search} order by wr_num, wr_reply limit 1 ";
         $next = sql_fetch($sql);
     }
@@ -142,5 +142,4 @@ if ($board['bo_use_signature'] && $view['mb_id']) {
 
 include_once($board_skin_path.'/view.skin.php');
 
-@include_once($board_skin_path.'/view.tail.skin.php');
-?>
+@include_once($board_skin_path.'/view.tail.skin.php');
\ No newline at end of file
diff --git a/bbs/view_comment.php b/bbs/view_comment.php
index 795780110..f7cb5d087 100644
--- a/bbs/view_comment.php
+++ b/bbs/view_comment.php
@@ -7,6 +7,9 @@ if ($is_guest && $board['bo_comment_level'] < 2) {
     $captcha_html = captcha_html('_comment');
 }
 
+$c_id = isset($_GET['c_id']) ? clean_xss_tags($_GET['c_id'], 1, 1) : '';
+$c_wr_content = '';
+
 @include_once($board_skin_path.'/view_comment.head.skin.php');
 
 $list = array();
@@ -126,5 +129,4 @@ include_once($board_skin_path.'/view_comment.skin.php');
 if (!$member['mb_id']) // 비회원일 경우에만
     echo '<script src="'.G5_JS_URL.'/md5.js"></script>'."\n";
 
-@include_once($board_skin_path.'/view_comment.tail.skin.php');
-?>
\ No newline at end of file
+@include_once($board_skin_path.'/view_comment.tail.skin.php');
\ No newline at end of file
diff --git a/bbs/view_image.php b/bbs/view_image.php
index ba3d9ba7b..6be5aedd0 100644
--- a/bbs/view_image.php
+++ b/bbs/view_image.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 $g5['title'] = '이미지 크게보기';
 include_once(G5_PATH.'/head.sub.php');
 
-$filename = preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']);
+$filename = isset($_GET['fn']) ? preg_replace('/[^A-Za-z0-9 _ .\-\/]/', '', $_GET['fn']) : '';
 
 if(function_exists('clean_relative_paths')){
     $filename = clean_relative_paths($filename);
@@ -145,5 +145,4 @@ $.fn.imgLoad = function(callback) {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/visit_browscap.inc.php b/bbs/visit_browscap.inc.php
index 7bfd0db38..7b1f99de4 100644
--- a/bbs/visit_browscap.inc.php
+++ b/bbs/visit_browscap.inc.php
@@ -17,5 +17,4 @@ if(defined('G5_VISIT_BROWSCAP_USE') && G5_VISIT_BROWSCAP_USE && is_file(G5_DATA_
     $vi_browser = $info->Comment;
     $vi_os = $info->Platform;
     $vi_device = $info->Device_Type;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index b8154e215..4aa235bd3 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -41,22 +41,22 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
         // 오늘
         $sql = " select vs_count as cnt from {$g5['visit_sum_table']} where vs_date = '".G5_TIME_YMD."' ";
         $row = sql_fetch($sql);
-        $vi_today = $row['cnt'];
+        $vi_today = isset($row['cnt']) ? $row['cnt'] : 0;
 
         // 어제
         $sql = " select vs_count as cnt from {$g5['visit_sum_table']} where vs_date = DATE_SUB('".G5_TIME_YMD."', INTERVAL 1 DAY) ";
         $row = sql_fetch($sql);
-        $vi_yesterday = $row['cnt'];
+        $vi_yesterday = isset($row['cnt']) ? $row['cnt'] : 0;
 
         // 최대
         $sql = " select max(vs_count) as cnt from {$g5['visit_sum_table']} ";
         $row = sql_fetch($sql);
-        $vi_max = $row['cnt'];
+        $vi_max = isset($row['cnt']) ? $row['cnt'] : 0;
 
         // 전체
         $sql = " select sum(vs_count) as total from {$g5['visit_sum_table']} ";
         $row = sql_fetch($sql);
-        $vi_sum = $row['total'];
+        $vi_sum = isset($row['total']) ? $row['total'] : 0;
 
         $visit = '오늘:'.$vi_today.',어제:'.$vi_yesterday.',최대:'.$vi_max.',전체:'.$vi_sum;
 
@@ -65,5 +65,4 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
         // 쿼리의 수를 상당부분 줄임
         sql_query(" update {$g5['config_table']} set cf_visit = '{$visit}' ");
     }
-}
-?>
+}
\ No newline at end of file
diff --git a/bbs/write.php b/bbs/write.php
index f8da422d8..e9c253cbb 100644
--- a/bbs/write.php
+++ b/bbs/write.php
@@ -340,8 +340,16 @@ if ($w == '') {
     }
 
     $file = get_file($bo_table, $wr_id);
-    if($file_count < $file['count'])
+    if($file_count < $file['count']) {
         $file_count = $file['count'];
+    }
+
+    for($i=0;$i<$file_count;$i++){
+        if(! isset($file[$i])) {
+            $file[$i] = array('file'=>null, 'source'=>null, 'size'=>null);
+        }
+    }
+
 } else if ($w == 'r') {
     if (strstr($write['wr_option'], 'secret')) {
         $is_secret = true;
@@ -355,8 +363,8 @@ if ($w == '') {
     }
 }
 
-set_session('ss_bo_table', $_REQUEST['bo_table']);
-set_session('ss_wr_id', $_REQUEST['wr_id']);
+set_session('ss_bo_table', $bo_table);
+set_session('ss_wr_id', $wr_id);
 
 $subject = "";
 if (isset($write['wr_subject'])) {
@@ -433,5 +441,4 @@ include_once ($board_skin_path.'/write.skin.php');
 
 include_once('./board_tail.php');
 @include_once ($board_skin_path.'/write.tail.skin.php');
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php
index cdf1b1679..71e7c5c50 100644
--- a/bbs/write_comment_update.php
+++ b/bbs/write_comment_update.php
@@ -6,7 +6,7 @@ include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 // 토큰체크
 $comment_token = trim(get_session('ss_comment_token'));
 set_session('ss_comment_token', '');
-if(!trim($_POST['token']) || !$comment_token || $comment_token != $_POST['token'])
+if(empty($_POST['token']) || !$comment_token || $comment_token != $_POST['token'])
     alert('올바른 방법으로 이용해 주십시오.');
 
 // 090710
@@ -15,16 +15,31 @@ if (substr_count($wr_content, "&#") > 50) {
     exit;
 }
 
-@include_once($board_skin_path.'/write_comment_update.head.skin.php');
-
-$w = $_POST["w"];
-$wr_name  = trim($_POST['wr_name']);
-$wr_email = '';
+$w = isset($_POST['w']) ? clean_xss_tags($_POST['w']) : '';
+$wr_name  = isset($_POST['wr_name']) ? clean_xss_tags(trim($_POST['wr_name'])) : '';
+$wr_secret = isset($_POST['wr_secret']) ? clean_xss_tags($_POST['wr_secret']) : '';
+$wr_email = $wr_subject = '';
 $reply_array = array();
 
+$wr_1 = isset($_POST['wr_1']) ? $_POST['wr_1'] : '';
+$wr_2 = isset($_POST['wr_2']) ? $_POST['wr_2'] : '';
+$wr_3 = isset($_POST['wr_3']) ? $_POST['wr_3'] : '';
+$wr_4 = isset($_POST['wr_4']) ? $_POST['wr_4'] : '';
+$wr_5 = isset($_POST['wr_5']) ? $_POST['wr_5'] : '';
+$wr_6 = isset($_POST['wr_6']) ? $_POST['wr_6'] : '';
+$wr_7 = isset($_POST['wr_7']) ? $_POST['wr_7'] : '';
+$wr_8 = isset($_POST['wr_8']) ? $_POST['wr_8'] : '';
+$wr_9 = isset($_POST['wr_9']) ? $_POST['wr_9'] : '';
+$wr_10 = isset($_POST['wr_10']) ? $_POST['wr_10'] : '';
+$wr_facebook_user = isset($_POST['wr_facebook_user']) ? clean_xss_tags($_POST['wr_facebook_user'], 1, 1) : '';
+$wr_twitter_user = isset($_POST['wr_twitter_user']) ? clean_xss_tags($_POST['wr_twitter_user'], 1, 1) : '';
+$wr_homepage = isset($_POST['wr_homepage']) ? clean_xss_tags($_POST['wr_homepage'], 1, 1) : '';
+
 if (!empty($_POST['wr_email']))
     $wr_email = get_email_address(trim($_POST['wr_email']));
 
+@include_once($board_skin_path.'/write_comment_update.head.skin.php');
+
 // 비회원의 경우 이름이 누락되는 경우가 있음
 if ($is_guest) {
     if ($wr_name == '')
@@ -42,7 +57,7 @@ else
 
 // 세션의 시간 검사
 // 4.00.15 - 댓글 수정시 연속 게시물 등록 메시지로 인한 오류 수정
-if ($w == 'c' && $_SESSION['ss_datetime'] >= (G5_SERVER_TIME - $config['cf_delay_sec']) && !$is_admin)
+if ($w == 'c' && !$is_admin && isset($_SESSION['ss_datetime']) && $_SESSION['ss_datetime'] >= (G5_SERVER_TIME - $config['cf_delay_sec']))
     alert('너무 빠른 시간내에 게시물을 연속해서 올릴 수 없습니다.');
 
 set_session('ss_datetime', G5_SERVER_TIME);
@@ -325,11 +340,11 @@ else if ($w == 'cu') // 댓글 수정
                      wr_7 = '$wr_7',
                      wr_8 = '$wr_8',
                      wr_9 = '$wr_9',
-                     wr_10 = '$wr_10',
-                     wr_option = '$wr_option'
+                     wr_10 = '$wr_10'
                      $sql_ip
                      $sql_secret
               where wr_id = '$comment_id' ";
+
     sql_query($sql);
 }
 
@@ -343,5 +358,4 @@ $redirect_url = short_url_clean(G5_HTTP_BBS_URL.'/board.php?bo_table='.$bo_table
 
 run_event('comment_update_after', $board, $wr_id, $w, $qstr, $redirect_url, $comment_id, $reply_array);
 
-goto_url($redirect_url);
-?>
+goto_url($redirect_url);
\ No newline at end of file
diff --git a/bbs/write_comment_update.sns.php b/bbs/write_comment_update.sns.php
index 0b3a0754b..cca0fdb05 100644
--- a/bbs/write_comment_update.sns.php
+++ b/bbs/write_comment_update.sns.php
@@ -10,7 +10,7 @@ set_cookie('ck_twitter_checked' , false, 86400*31);
 // 페이스북
 //----------------------------------------------------------------------------
 $wr_facebook_user = "";
-if ($_POST['facebook_checked']) {
+if (! empty($_POST['facebook_checked'])) {
     include_once(G5_SNS_PATH."/facebook/src/facebook.php");
 
     $facebook = new Facebook(array(
@@ -48,7 +48,7 @@ if ($_POST['facebook_checked']) {
 // 트위터
 //----------------------------------------------------------------------------
 $wr_twitter_user = "";
-if ($_POST['twitter_checked']) {
+if (! empty($_POST['twitter_checked'])) {
     include_once(G5_SNS_PATH."/twitter/twitteroauth/twitteroauth.php");
     include_once(G5_SNS_PATH."/twitter/twitterconfig.php");
 
@@ -68,5 +68,4 @@ if ($_POST['twitter_checked']) {
 
     $wr_twitter_user = get_session("ss_twitter_user");
 }
-//============================================================================
-?>
\ No newline at end of file
+//============================================================================;
\ No newline at end of file
diff --git a/bbs/write_token.php b/bbs/write_token.php
index e8578ef7e..b14245b5d 100644
--- a/bbs/write_token.php
+++ b/bbs/write_token.php
@@ -9,5 +9,4 @@ set_session('ss_write_'.$bo_table.'_token', '');
 
 $token = get_write_token($bo_table);
 
-die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
-?>
\ No newline at end of file
+die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
\ No newline at end of file
diff --git a/bbs/write_update.php b/bbs/write_update.php
index b12a4beb8..8e01109a8 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -9,9 +9,10 @@ check_write_token($bo_table);
 $g5['title'] = '게시글 저장';
 
 $msg = array();
+$uid = isset($_POST['uid']) ? preg_replace('/[^0-9]/', '', $_POST['uid']) : 0;
 
 if($board['bo_use_category']) {
-    $ca_name = trim($_POST['ca_name']);
+    $ca_name = isset($_POST['ca_name']) ? trim($_POST['ca_name']) : '';
     if(!$ca_name) {
         $msg[] = '<strong>분류</strong>를 선택하세요.';
     } else {
@@ -76,6 +77,11 @@ if (empty($_POST)) {
 }
 
 $notice_array = explode(",", $board['bo_notice']);
+$wr_password = isset($_POST['wr_password']) ? $_POST['wr_password'] : '';
+$bf_content = isset($_POST['bf_content']) ? (array) $_POST['bf_content'] : array();
+$_POST['html'] = isset($_POST['html']) ? clean_xss_tags($_POST['html'], 1, 1) : '';
+$_POST['secret'] = isset($_POST['secret']) ? clean_xss_tags($_POST['secret'], 1, 1) : '';
+$_POST['mail'] = isset($_POST['mail']) ? clean_xss_tags($_POST['mail'], 1, 1) : '';
 
 if ($w == 'u' || $w == 'r') {
     $wr = get_write($write_table, $wr_id);
@@ -537,14 +543,16 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) {
             if ($w == 'u') {
                 // 존재하는 파일이 있다면 삭제합니다.
                 $row = sql_fetch(" select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' ");
-
-                $delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row['bf_file']), $row);
-                if( file_exists($delete_file) ){
-                    @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']);
-                }
-                // 이미지파일이면 썸네일삭제
-                if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) {
-                    delete_board_thumbnail($bo_table, $row['bf_file']);
+                
+                if(isset($row['bf_file']) && $row['bf_file']){
+                    $delete_file = run_replace('delete_file_path', G5_DATA_PATH.'/file/'.$bo_table.'/'.str_replace('../', '', $row['bf_file']), $row);
+                    if( file_exists($delete_file) ){
+                        @unlink(G5_DATA_PATH.'/file/'.$bo_table.'/'.$row['bf_file']);
+                    }
+                    // 이미지파일이면 썸네일삭제
+                    if(preg_match("/\.({$config['cf_image_extension']})$/i", $row['bf_file'])) {
+                        delete_board_thumbnail($bo_table, $row['bf_file']);
+                    }
                 }
             }
 
@@ -578,9 +586,11 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) {
 // 나중에 테이블에 저장하는 이유는 $wr_id 값을 저장해야 하기 때문입니다.
 for ($i=0; $i<count($upload); $i++)
 {
-    if (!get_magic_quotes_gpc()) {
-        $upload[$i]['source'] = addslashes($upload[$i]['source']);
-    }
+    $upload[$i]['source'] = sql_real_escape_string($upload[$i]['source']);
+    $bf_content[$i] = isset($bf_content[$i]) ? sql_real_escape_string($bf_content[$i]) : '';
+    $bf_width = isset($upload[$i]['image'][0]) ? (int) $upload[$i]['image'][0] : 0;
+    $bf_height = isset($upload[$i]['image'][1]) ? (int) $upload[$i]['image'][1] : 0;
+    $bf_type = isset($upload[$i]['image'][2]) ? (int) $upload[$i]['image'][2] : 0;
 
     $row = sql_fetch(" select count(*) as cnt from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
     if ($row['cnt'])
@@ -597,9 +607,9 @@ for ($i=0; $i<count($upload); $i++)
                              bf_thumburl = '{$upload[$i]['thumburl']}',
                              bf_storage = '{$upload[$i]['storage']}',
                              bf_filesize = '".(int)$upload[$i]['filesize']."',
-                             bf_width = '".(int)$upload[$i]['image'][0]."',
-                             bf_height = '".(int)$upload[$i]['image'][1]."',
-                             bf_type = '".(int)$upload[$i]['image'][2]."',
+                             bf_width = '".$bf_width."',
+                             bf_height = '".$bf_height."',
+                             bf_type = '".$bf_type."',
                              bf_datetime = '".G5_TIME_YMDHIS."'
                       where bo_table = '{$bo_table}'
                                 and wr_id = '{$wr_id}'
@@ -630,9 +640,9 @@ for ($i=0; $i<count($upload); $i++)
                          bf_storage = '{$upload[$i]['storage']}',
                          bf_download = 0,
                          bf_filesize = '".(int)$upload[$i]['filesize']."',
-                         bf_width = '".(int)$upload[$i]['image'][0]."',
-                         bf_height = '".(int)$upload[$i]['image'][1]."',
-                         bf_type = '".(int)$upload[$i]['image'][2]."',
+                         bf_width = '".$bf_width."',
+                         bf_height = '".$bf_height."',
+                         bf_type = '".$bf_type."',
                          bf_datetime = '".G5_TIME_YMDHIS."' ";
         sql_query($sql);
 
@@ -740,5 +750,4 @@ run_event('write_update_after', $board, $wr_id, $w, $qstr, $redirect_url);
 if ($file_upload_msg)
     alert($file_upload_msg, $redirect_url);
 else
-    goto_url($redirect_url);
-?>
+    goto_url($redirect_url);
\ No newline at end of file
diff --git a/common.php b/common.php
index 29b35c712..37f3c74c8 100644
--- a/common.php
+++ b/common.php
@@ -123,10 +123,10 @@ $_REQUEST = array_map_deep(G5_ESCAPE_FUNCTION,  $_REQUEST);
 // 완두콩님이 알려주신 보안관련 오류 수정
 // $member 에 값을 직접 넘길 수 있음
 $config = array();
-$member = array();
-$board  = array();
-$group  = array();
-$g5     = array();
+$member = array('mb_id'=>'', 'mb_level'=> 1, 'mb_name'=> '', 'mb_point'=> 0, 'mb_certify'=>'', 'mb_email'=>'', 'mb_open'=>'', 'mb_homepage'=>'', 'mb_tel'=>'', 'mb_hp'=>'', 'mb_zip1'=>'', 'mb_zip2'=>'', 'mb_addr1'=>'', 'mb_addr2'=>'', 'mb_addr3'=>'', 'mb_addr_jibeon'=>'', 'mb_signature'=>'', 'mb_profile'=>'');
+$board  = array('bo_table'=>'', 'bo_skin'=>'', 'bo_mobile_skin'=>'', 'bo_upload_count' => 0, 'bo_use_dhtml_editor'=>'', 'bo_subject'=>'', 'bo_image_width'=>0);
+$group  = array('gr_device'=>'', 'gr_subject'=>'');
+$g5     = array('title'=>'');
 $qaconfig = array();
 $g5_debug = array('php'=>array(),'sql'=>array());
 
@@ -430,7 +430,7 @@ if (isset($_REQUEST['wr_id'])) {
     $wr_id = 0;
 }
 
-if (isset($_REQUEST['bo_table'])) {
+if (isset($_REQUEST['bo_table']) && ! is_array($_REQUEST['bo_table'])) {
     $bo_table = preg_replace('/[^a-z0-9_]/i', '', trim($_REQUEST['bo_table']));
     $bo_table = substr($bo_table, 0, 20);
 } else {
@@ -461,7 +461,7 @@ if (isset($_REQUEST['gr_id'])) {
 
 
 // 자동로그인 부분에서 첫로그인에 포인트 부여하던것을 로그인중일때로 변경하면서 코드도 대폭 수정하였습니다.
-if ($_SESSION['ss_mb_id']) { // 로그인중이라면
+if (isset($_SESSION['ss_mb_id']) && $_SESSION['ss_mb_id']) { // 로그인중이라면
     $member = get_member($_SESSION['ss_mb_id']);
 
     // 차단된 회원이면 ss_mb_id 초기화
@@ -487,7 +487,7 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면
 
         $tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
         // 최고관리자는 자동로그인 금지
-        if (strtolower($tmp_mb_id) != strtolower($config['cf_admin'])) {
+        if (strtolower($tmp_mb_id) !== strtolower($config['cf_admin'])) {
             $sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
             $row = sql_fetch($sql);
             if($row['mb_password']){
@@ -517,10 +517,10 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면
 
 
 $write = array();
-$write_table = "";
+$write_table = '';
 if ($bo_table) {
     $board = get_board_db($bo_table, true);
-    if ($board['bo_table']) {
+    if (isset($board['bo_table']) && $board['bo_table']) {
         set_cookie("ck_bo_table", $board['bo_table'], 86400 * 1);
         $gr_id = $board['gr_id'];
         $write_table = $g5['write_prefix'] . $bo_table; // 게시판 테이블 전체이름
@@ -554,7 +554,7 @@ if ($config['cf_editor']) {
 // 회원, 비회원 구분
 $is_member = $is_guest = false;
 $is_admin = '';
-if ($member['mb_id']) {
+if (isset($member['mb_id']) && $member['mb_id']) {
     $is_member = true;
     $is_admin = is_admin($member['mb_id']);
     $member['mb_dir'] = substr($member['mb_id'],0,2);
@@ -607,7 +607,7 @@ if ($is_admin != 'super') {
 
 // 테마경로
 if(defined('_THEME_PREVIEW_') && _THEME_PREVIEW_ === true)
-    $config['cf_theme'] = trim($_GET['theme']);
+    $config['cf_theme'] = isset($_GET['theme']) ? trim($_GET['theme']) : '';
 
 if(isset($config['cf_theme']) && trim($config['cf_theme'])) {
     $theme_path = G5_PATH.'/'.G5_THEME_DIR.'/'.$config['cf_theme'];
@@ -682,9 +682,9 @@ if(defined('G5_SET_DEVICE') && $set_device) {
 // G5_MOBILE_AGENT : config.php 에서 선언
 //------------------------------------------------------------------------------
 if (G5_USE_MOBILE && $set_device) {
-    if ($_REQUEST['device']=='pc')
+    if (isset($_REQUEST['device']) && $_REQUEST['device']=='pc')
         $is_mobile = false;
-    else if ($_REQUEST['device']=='mobile')
+    else if (isset($_REQUEST['device']) && $_REQUEST['device']=='mobile')
         $is_mobile = true;
     else if (isset($_SESSION['ss_is_mobile']))
         $is_mobile = $_SESSION['ss_is_mobile'];
@@ -698,7 +698,7 @@ $_SESSION['ss_is_mobile'] = $is_mobile;
 define('G5_IS_MOBILE', $is_mobile);
 define('G5_DEVICE_BUTTON_DISPLAY', $set_device);
 if (G5_IS_MOBILE) {
-    $g5['mobile_path'] = G5_PATH.'/'.$g5['mobile_dir'];
+    $g5['mobile_path'] = G5_PATH.'/'.G5_MOBILE_DIR;
 }
 //==============================================================================
 
@@ -776,5 +776,4 @@ header('Pragma: no-cache'); // HTTP/1.0
 
 run_event('common_header');
 
-$html_process = new html_process();
-?>
+$html_process = new html_process();
\ No newline at end of file
diff --git a/config.php b/config.php
index 0129e92c9..738c40d58 100644
--- a/config.php
+++ b/config.php
@@ -232,5 +232,4 @@ if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') {   //https 통신일때
     define('G5_POSTCODE_JS', '<script src="https://spi.maps.daum.net/imap/map_js_init/postcode.v2.js"></script>');
 } else {  //http 통신일때 daum 주소 js
     define('G5_POSTCODE_JS', '<script src="http://dmaps.daum.net/map_js_init/postcode.v2.js"></script>');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/extend/debugbar.extend.php b/extend/debugbar.extend.php
index 757b9e16e..2d49596ed 100644
--- a/extend/debugbar.extend.php
+++ b/extend/debugbar.extend.php
@@ -17,5 +17,4 @@ function show_debug_bar() {
     $php_run_time = get_microtime()-$g5_debug['php']['begin_time'];
 
     include_once( G5_PLUGIN_PATH.'/debugbar/debugbar.php' );
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/extend/default.config.php b/extend/default.config.php
index d655b148a..0df67714a 100644
--- a/extend/default.config.php
+++ b/extend/default.config.php
@@ -7,5 +7,4 @@ define('G5_NO_PROFILE_IMG', '<span class="profile_img"><img src="'.G5_IMG_URL.'/
 define('G5_USE_MEMBER_IMAGE_FILETIME', TRUE);
 
 // 썸네일 처리 방식, 비율유지 하지 않고 썸네일을 생성하려면 주석을 풀고 값은 false 입력합니다. ( true 또는 주석으로 된 경우에는 비율 유지합니다. )
-//define('G5_USE_THUMB_RATIO', false);
-?>
\ No newline at end of file
+//define('G5_USE_THUMB_RATIO', false);
\ No newline at end of file
diff --git a/extend/g5_54version_update.extend.php b/extend/g5_54version_update.extend.php
index e90d9fa0e..b3188ac77 100644
--- a/extend/g5_54version_update.extend.php
+++ b/extend/g5_54version_update.extend.php
@@ -66,5 +66,4 @@ function g54_user_memo_insert($kind, $unkind, $page=1){
         sql_query($sql);
     }
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/extend/shop.extend.php b/extend/shop.extend.php
index 86f69f05e..c0feded8a 100644
--- a/extend/shop.extend.php
+++ b/extend/shop.extend.php
@@ -78,5 +78,4 @@ add_replace('false_short_url_clean', 'shop_short_url_clean', 10, 4);
 add_replace('add_nginx_conf_rules', 'add_shop_nginx_conf_rules', 10, 3);
 add_replace('add_mod_rewrite_rules', 'add_shop_mod_rewrite_rules', 10, 3);
 add_replace('admin_dbupgrade', 'add_shop_admin_dbupgrade', 10, 3);
-add_replace('exist_check_seo_title', 'shop_exist_check_seo_title', 10, 4);
-?>
\ No newline at end of file
+add_replace('exist_check_seo_title', 'shop_exist_check_seo_title', 10, 4);
\ No newline at end of file
diff --git a/extend/smarteditor_upload_extend.php b/extend/smarteditor_upload_extend.php
index 80a3203e9..1f0a28421 100644
--- a/extend/smarteditor_upload_extend.php
+++ b/extend/smarteditor_upload_extend.php
@@ -7,5 +7,4 @@ define('SMARTEDITOR_UPLOAD_RESIZE', 0);  // 스마트에디터 업로드 이미
 define('SMARTEDITOR_UPLOAD_MAX_WIDTH', 1200);  // 스마트에디터 업로드 이미지 리사이즈 제한 width
 define('SMARTEDITOR_UPLOAD_MAX_HEIGHT', 2800);  // 스마트에디터 업로드 이미지 리사이즈 제한 height
 define('SMARTEDITOR_UPLOAD_SIZE_LIMIT', 20);  // 스마트에디터 업로드 사이즈 제한 ( 기본 20MB )
-define('SMARTEDITOR_UPLOAD_IMAGE_QUALITY', 98);  // 썸네일 이미지 JPG, PNG 압축률
-?>
\ No newline at end of file
+define('SMARTEDITOR_UPLOAD_IMAGE_QUALITY', 98);  // 썸네일 이미지 JPG, PNG 압축률;
\ No newline at end of file
diff --git a/extend/sms5.extend.php b/extend/sms5.extend.php
index cae7e38a3..3c0212d42 100644
--- a/extend/sms5.extend.php
+++ b/extend/sms5.extend.php
@@ -29,7 +29,7 @@ $g5['sms5_book_group_table']      = $g5['sms5_prefix'] . 'book_group';
 $g5['sms5_form_table']            = $g5['sms5_prefix'] . 'form';
 $g5['sms5_form_group_table']      = $g5['sms5_prefix'] . 'form_group';
 
-$sms5 = array();
+$sms5 = array('cf_skin'=>'', 'cf_datetime'=>'', 'cf_phone'=>'');
 
 if (!empty($config['cf_sms_use'])) {
 
@@ -44,5 +44,4 @@ if (!empty($config['cf_sms_use'])) {
         // 아이코드에 실제로 보내지 않고 가상(Random)으로 전송결과를 저장합니다.
         $g5['sms5_demo_send'] = true;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/extend/social_login.extend.php b/extend/social_login.extend.php
index fd851f6b4..8b8872b22 100644
--- a/extend/social_login.extend.php
+++ b/extend/social_login.extend.php
@@ -44,5 +44,4 @@ define('G5_SOCIAL_CERTIFY_MAIL', false);
 // 소셜 DEBUG 관련 설정, 기본값은 false, true 로 설정시 data/tmp/social_anystring.log 파일이 생성됩니다.
 define('G5_SOCIAL_IS_DEBUG', false);
 
-include_once(G5_SOCIAL_LOGIN_PATH.'/includes/functions.php');
-?>
\ No newline at end of file
+include_once(G5_SOCIAL_LOGIN_PATH.'/includes/functions.php');
\ No newline at end of file
diff --git a/extend/user.config.php b/extend/user.config.php
index b7dbae41b..106b2a847 100644
--- a/extend/user.config.php
+++ b/extend/user.config.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/extend/version.extend.php b/extend/version.extend.php
index 1d8089d83..f8837d05d 100644
--- a/extend/version.extend.php
+++ b/extend/version.extend.php
@@ -2,5 +2,4 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 define('G5_JS_VER',  '191202');
-define('G5_CSS_VER', '191202');
-?>
\ No newline at end of file
+define('G5_CSS_VER', '191202');
\ No newline at end of file
diff --git a/g4_import.php b/g4_import.php
index 86a8745bd..0bb6c23bd 100644
--- a/g4_import.php
+++ b/g4_import.php
@@ -58,5 +58,4 @@ function fimport_submit(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.php');
\ No newline at end of file
diff --git a/g4_import_run.php b/g4_import_run.php
index a0515bbaa..2c25383f2 100644
--- a/g4_import_run.php
+++ b/g4_import_run.php
@@ -22,7 +22,7 @@ if(get_session('tables_copied') == 'done')
 if($is_admin != 'super')
     alert('최고관리자로 로그인 후 실행해 주십시오.', G5_URL);
 
-$g4_config_file = trim($_POST['file_path']);
+$g4_config_file = isset($_POST['file_path']) ? trim($_POST['file_path']) : '';
 
 if(!$g4_config_file)
     alert('config.php 파일의 경로를 입력해 주십시오.');
@@ -90,7 +90,7 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     // 중복체크
     $sql2 = " select count(*) as cnt from {$g5['member_table']} where mb_id = '{$row['mb_id']}' ";
     $row2 = sql_fetch($sql2);
-    if($row2['cnt'])
+    if(isset($row2['cnt']) && $row2['cnt'])
         continue;
 
     $comma = '';
@@ -148,7 +148,7 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     // 중복체크
     $sql2 = " select count(*) as cnt from {$g5['login_table']} where lo_ip = '{$row['lo_ip']}' ";
     $row2 = sql_fetch($sql2);
-    if($row2['cnt'])
+    if(isset($row2['cnt']) && $row2['cnt'])
         continue;
 
     $comma = '';
@@ -240,7 +240,7 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     // 중복체크
     $sql2 = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$row['gr_id']}' ";
     $row2 = sql_fetch($sql2);
-    if($row2['cnt'])
+    if(isset($row2['cnt']) && $row2['cnt'])
         continue;
 
     $comma = '';
@@ -274,7 +274,7 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     // 중복체크
     $sql2 = " select count(*) as cnt from {$g5['board_table']} where bo_table = '{$row['bo_table']}' ";
     $row2 = sql_fetch($sql2);
-    if($row2['cnt'])
+    if(isset($row2['cnt']) && $row2['cnt'])
         continue;
 
     $comma = '';
@@ -434,5 +434,4 @@ set_session('tables_copied', 'done');
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.php');
\ No newline at end of file
diff --git a/head.php b/head.php
index f348dbd6f..04ff8c8fa 100644
--- a/head.php
+++ b/head.php
@@ -214,4 +214,4 @@ include_once(G5_LIB_PATH.'/popular.lib.php');
     <div id="container_wr">
    
     <div id="container">
-        <?php if (!defined("_INDEX_")) { ?><h2 id="container_title"><span title="<?php echo get_text($g5['title']); ?>"><?php echo get_head_title($g5['title']); ?></span></h2><?php } ?>
+        <?php if (!defined("_INDEX_")) { ?><h2 id="container_title"><span title="<?php echo get_text($g5['title']); ?>"><?php echo get_head_title($g5['title']); ?></span></h2><?php }
\ No newline at end of file
diff --git a/head.sub.php b/head.sub.php
index 314dcdea3..fecc36c04 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -116,5 +116,4 @@ if ($is_member) { // 회원이라면 로그인 중이라는 메세지를 출력
 
     echo '<div id="hd_login_msg">'.$sr_admin_msg.get_text($member['mb_nick']).'님 로그인 중 ';
     echo '<a href="'.G5_BBS_URL.'/logout.php">로그아웃</a></div>';
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/index.php b/index.php
index 6eb147847..653c0bc69 100644
--- a/index.php
+++ b/index.php
@@ -70,5 +70,4 @@ include_once(G5_PATH.'/head.php');
     <!-- } 최신글 끝 -->
 </div>
 <?php
-include_once(G5_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.php');
\ No newline at end of file
diff --git a/install/ajax.install.check.php b/install/ajax.install.check.php
index bdfaaab2a..a754bee72 100644
--- a/install/ajax.install.check.php
+++ b/install/ajax.install.check.php
@@ -15,20 +15,20 @@ if (file_exists($dbconfig_file)) {
     die(install_json_msg('프로그램이 이미 설치되어 있습니다.'));
 }
 
-if (preg_match("/[^0-9a-z_]+/i", $_POST['table_prefix']) ) {
+if (isset($_POST['table_prefix']) && preg_match("/[^0-9a-z_]+/i", $_POST['table_prefix']) ) {
     die(install_json_msg('TABLE명 접두사는 영문자, 숫자, _ 만 입력하세요.'));
 }
 
-$mysql_host  = safe_install_string_check($_POST['mysql_host'], 'json');
-$mysql_user  = safe_install_string_check($_POST['mysql_user'], 'json');
-$mysql_pass  = safe_install_string_check($_POST['mysql_pass'], 'json');
-$mysql_db    = safe_install_string_check($_POST['mysql_db'], 'json');
-$table_prefix= safe_install_string_check(preg_replace('/[^a-zA-Z0-9_]/', '_', $_POST['table_prefix']));
+$mysql_host  = isset($_POST['mysql_host']) ? safe_install_string_check($_POST['mysql_host'], 'json') : '';
+$mysql_user  = isset($_POST['mysql_user']) ? safe_install_string_check($_POST['mysql_user'], 'json') : '';
+$mysql_pass  = isset($_POST['mysql_pass']) ? safe_install_string_check($_POST['mysql_pass'], 'json') : '';
+$mysql_db    = isset($_POST['mysql_db']) ? safe_install_string_check($_POST['mysql_db'], 'json') : '';
+$table_prefix= isset($_POST['table_prefix']) ? safe_install_string_check(preg_replace('/[^a-zA-Z0-9_]/', '_', $_POST['table_prefix'])) : '';
 
 $tmp_str = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
 $ajax_token = md5($tmp_str.$_SERVER['REMOTE_ADDR'].dirname(dirname(__FILE__).'/'));
 
-$bool_ajax_token = ($ajax_token == $_POST['ajax_token']) ? true : false;
+$bool_ajax_token = (isset($_POST['ajax_token']) && ($ajax_token == $_POST['ajax_token'])) ? true : false;
 
 if( !($mysql_host && $mysql_user && $mysql_pass && $mysql_db && $table_prefix && $bool_ajax_token) ){
     die(install_json_msg('잘못된 요청입니다.'));
@@ -56,5 +56,4 @@ if(sql_query("DESCRIBE `{$table_prefix}config`", G5_DISPLAY_SQL_ERROR, $dblink))
     die(install_json_msg('주의! 이미 테이블이 존재하므로, 기존 DB 자료가 망실됩니다. 계속 진행하겠습니까?', 'exists'));
 }
 
-die(install_json_msg('ok', 'success'));
-?>
\ No newline at end of file
+die(install_json_msg('ok', 'success'));
\ No newline at end of file
diff --git a/install/index.php b/install/index.php
index 990b5938a..809079367 100644
--- a/install/index.php
+++ b/install/index.php
@@ -50,5 +50,4 @@ function frm_submit(f)
 ?>
 
 <?php
-include_once ('./install.inc2.php');
-?>
+include_once ('./install.inc2.php');
\ No newline at end of file
diff --git a/install/install.function.php b/install/install.function.php
index 4739e9bc4..775d8b6a7 100644
--- a/install/install.function.php
+++ b/install/install.function.php
@@ -1,6 +1,26 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
+if( ! function_exists('array_map_deep') ){
+    // multi-dimensional array에 사용자지정 함수적용
+    function array_map_deep($fn, $array)
+    {
+        if(is_array($array)) {
+            foreach($array as $key => $value) {
+                if(is_array($value)) {
+                    $array[$key] = array_map_deep($fn, $value);
+                } else {
+                    $array[$key] = call_user_func($fn, $value);
+                }
+            }
+        } else {
+            $array = call_user_func($fn, $array);
+        }
+
+        return $array;
+    }
+}
+
 if( ! function_exists('safe_install_string_check') ){
     function safe_install_string_check( $str, $is_json=false ) {
         $is_check = false;
@@ -23,7 +43,7 @@ if( ! function_exists('safe_install_string_check') ){
             die($msg);
         }
 
-        return $str;
+        return array_map_deep('stripslashes', $str);
     }
 }
 
@@ -36,5 +56,4 @@ if( ! function_exists('install_json_msg') ){
 
         return json_encode(array('error'=>$error_msg, 'success'=>$success_msg, 'exists'=>$exists_msg));
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/install/install.inc.php b/install/install.inc.php
index 7177d6a1c..1b1cdcc42 100644
--- a/install/install.inc.php
+++ b/install/install.inc.php
@@ -2,9 +2,7 @@
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 $data_path = '../'.G5_DATA_DIR;
 
-
-if (!$title) $title = G5_VERSION." 설치";
-
+if (! (isset($title) && $title)) $title = G5_VERSION." 설치";
 ?>
 <!doctype html>
 <html lang="ko">
@@ -94,5 +92,4 @@ if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
             $write_data_dir = false;
         }
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/install/install_config.php b/install/install_config.php
index 29d022fc3..c6005d61a 100644
--- a/install/install_config.php
+++ b/install/install_config.php
@@ -221,5 +221,4 @@ function frm_install_submit(f)
 </script>
 
 <?php
-include_once ('./install.inc2.php');
-?>
+include_once ('./install.inc2.php');
\ No newline at end of file
diff --git a/install/install_db.php b/install/install_db.php
index 50f86f287..757e38040 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -23,22 +23,17 @@ include_once ('./install.inc.php');
 
 //print_r($_POST); exit;
 
-$mysql_host  = safe_install_string_check($_POST['mysql_host']);
-$mysql_user  = safe_install_string_check($_POST['mysql_user']);
-$mysql_pass  = safe_install_string_check($_POST['mysql_pass']);
-$mysql_db    = safe_install_string_check($_POST['mysql_db']);
-$table_prefix= safe_install_string_check($_POST['table_prefix']);
-$admin_id    = $_POST['admin_id'];
-$admin_pass  = $_POST['admin_pass'];
-$admin_name  = $_POST['admin_name'];
-$admin_email = $_POST['admin_email'];
-$g5_install = 0;
-if (isset($_POST['g5_install']))
-    $g5_install  = $_POST['g5_install'];
-$g5_shop_prefix = safe_install_string_check($_POST['g5_shop_prefix']);
-$g5_shop_install= $_POST['g5_shop_install'];
+$mysql_host  = isset($_POST['mysql_host']) ? safe_install_string_check($_POST['mysql_host']) : '';
+$mysql_user  = isset($_POST['mysql_user']) ? safe_install_string_check($_POST['mysql_user']) : '';
+$mysql_pass  = isset($_POST['mysql_pass']) ? safe_install_string_check($_POST['mysql_pass']) : '';
+$mysql_db    = isset($_POST['mysql_db']) ? safe_install_string_check($_POST['mysql_db']) : '';
+$table_prefix= isset($_POST['table_prefix']) ? safe_install_string_check($_POST['table_prefix']) : '';
+$admin_id    = isset($_POST['admin_id']) ? $_POST['admin_id'] : '';
+$admin_pass  = isset($_POST['admin_pass']) ? $_POST['admin_pass'] : '';
+$admin_name  = isset($_POST['admin_name']) ? $_POST['admin_name'] : '';
+$admin_email = isset($_POST['admin_email']) ? $_POST['admin_email'] : '';
 
-if (preg_match("/[^0-9a-z_]+/i", $table_prefix) || preg_match("/[^0-9a-z_]+/i", $g5_shop_prefix)) {
+if (preg_match("/[^0-9a-z_]+/i", $table_prefix) ) {
     die('<div class="ins_inner"><p>TABLE명 접두사는 영문자, 숫자, _ 만 입력하세요.</p><div class="inner_btn"><a href="./install_config.php">뒤로가기</a></div></div>');
 }
 
@@ -46,6 +41,10 @@ if (preg_match("/[^0-9a-z_]+/i", $admin_id)) {
     die('<div class="ins_inner"><p>관리자 아이디는 영문자, 숫자, _ 만 입력하세요.</p><div class="inner_btn"><a href="./install_config.php">뒤로가기</a></div></div>');
 }
 
+$g5_install = isset($_POST['g5_install']) ? (int) $_POST['g5_install'] : 0;
+$g5_shop_prefix = isset($_POST['g5_shop_prefix']) ? safe_install_string_check($_POST['g5_shop_prefix']) : 'yc5_';
+$g5_shop_install = isset($_POST['g5_shop_install']) ? (int) $_POST['g5_shop_install'] : 0;
+
 $dblink = sql_connect($mysql_host, $mysql_user, $mysql_pass, $mysql_db);
 if (!$dblink) {
 ?>
@@ -663,5 +662,4 @@ if($g5_shop_install) {
 </div>
 
 <?php
-include_once ('./install.inc2.php');
-?>
+include_once ('./install.inc2.php');
\ No newline at end of file
diff --git a/install/library.check.php b/install/library.check.php
index c01d9643e..1adebf557 100644
--- a/install/library.check.php
+++ b/install/library.check.php
@@ -5,5 +5,4 @@ if(!extension_loaded('gd') || !function_exists('gd_info')) {
     echo '<script>'.PHP_EOL;
     echo 'alert("'.G5_VERSION.'의 정상적인 사용을 위해서는 GD 라이브러리가 필요합니다.\nGD 라이브러리가 없을 경우 자동등록방지 문자와 썸네일 기능이 작동하지 않습니다.");'.PHP_EOL;
     echo '</script>'.PHP_EOL;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/js/certify.js b/js/certify.js
index bcf4f9ed8..214c50561 100644
--- a/js/certify.js
+++ b/js/certify.js
@@ -18,13 +18,13 @@ function certify_win_open(type, url, event)
     }
     else if(type == 'kcp-hp')
     {
-        if($("input[name=veri_up_hash]").size() < 1)
+        if($("input[name=veri_up_hash]").length < 1)
                 $("input[name=cert_no]").after('<input type="hidden" name="veri_up_hash" value="">');
 
         if( navigator.userAgent.indexOf("Android") > - 1 || navigator.userAgent.indexOf("iPhone") > - 1 )
         {
             var $frm = $(event.target.form);
-            if($("#kcp_cert").size() < 1) {
+            if($("#kcp_cert").length < 1) {
                 $frm.wrap('<div id="cert_info"></div>');
 
                 $("#cert_info").append('<form name="form_temp" method="post">');
@@ -66,7 +66,7 @@ function certify_win_open(type, url, event)
             var $frm = $(event.target.form),
                 lgu_cert = "lgu_cert";
 
-            if($("#lgu_cert").size() < 1) {
+            if($("#lgu_cert").length < 1) {
                 $frm.wrap('<div id="cert_info"></div>');
 
                 $("#cert_info").append('<form name="form_temp" method="post">');
diff --git a/js/jquery.fancylist.js b/js/jquery.fancylist.js
index 242a39733..1fbfb29c5 100644
--- a/js/jquery.fancylist.js
+++ b/js/jquery.fancylist.js
@@ -18,7 +18,7 @@
         var $element = this.find(cfg.element);
         var $this = this;
 
-        if($element.size() < 1)
+        if($element.length < 1)
             return;
 
         function item_arrange()
diff --git a/js/jquery.menu.js b/js/jquery.menu.js
index a05b03de6..87cc26017 100644
--- a/js/jquery.menu.js
+++ b/js/jquery.menu.js
@@ -89,7 +89,7 @@ function menu_rearrange(el)
         $gnb_1dli = $(".gnb_1dli:eq("+i+")");
         w1 = $gnb_1dli.outerWidth();
 
-        if($gnb_1dli.find(".gnb_2dul").size())
+        if($gnb_1dli.find(".gnb_2dul").length)
             w2 = $gnb_1dli.find(".gnb_2dli > a").outerWidth(true);
         else
             w2 = w1;
diff --git a/js/shop.js b/js/shop.js
index 66e19a9fd..f1281f4c3 100644
--- a/js/shop.js
+++ b/js/shop.js
@@ -8,7 +8,7 @@ $(function() {
     /* 가상커서 ctrl keyup 이베트 대응 */
     /*
     $(document).on("keyup", "select.it_option", function(e) {
-        var sel_count = $("select.it_option").size();
+        var sel_count = $("select.it_option").length;
         var idx = $("select.it_option").index($(this));
         var code = e.keyCode;
         var val = $(this).val();
@@ -25,7 +25,7 @@ $(function() {
 
     /* 키보드 접근 후 옵션 선택 Enter keydown 이벤트 대응 */
     $(document).on("keydown", "select.it_option", function(e) {
-        var sel_count = $("select.it_option").size();
+        var sel_count = $("select.it_option").length;
         var idx = $("select.it_option").index($(this));
         var code = e.keyCode;
         var val = $(this).val();
@@ -52,7 +52,7 @@ $(function() {
     }
 
     $(document).on("change", "select.it_option", function() {
-        var sel_count = $("select.it_option").size(),
+        var sel_count = $("select.it_option").length,
             idx = $("select.it_option").index($(this)),
             val = $(this).val(),
             it_id = $("input[name='it_id[]']").val(),
@@ -215,10 +215,10 @@ $(function() {
                     var $el = $(this).closest("li");
                     var del_exec = true;
 
-                    if($("#sit_sel_option .sit_spl_list").size() > 0) {
+                    if($("#sit_sel_option .sit_spl_list").length > 0) {
                         // 선택옵션이 하나이상인지
                         if($el.hasClass("sit_opt_list")) {
-                            if($(".sit_opt_list").size() <= 1)
+                            if($(".sit_opt_list").length <= 1)
                                 del_exec = false;
                         }
                     }
@@ -406,25 +406,25 @@ function add_sel_option(type, id, option, price, stock)
     opt += "<button type=\"button\" class=\"sit_opt_del btn_frmline\">삭제</button></div>";
     opt += "</li>";
 
-    if($("#sit_sel_option > ul").size() < 1) {
+    if($("#sit_sel_option > ul").length < 1) {
         $("#sit_sel_option").html("<ul id=\"sit_opt_added\"></ul>");
         $("#sit_sel_option > ul").html(opt);
     } else{
         if(type) {
-            if($("#sit_sel_option .sit_spl_list").size() > 0) {
+            if($("#sit_sel_option .sit_spl_list").length > 0) {
                 $("#sit_sel_option .sit_spl_list:last").after(opt);
             } else {
-                if($("#sit_sel_option .sit_opt_list").size() > 0) {
+                if($("#sit_sel_option .sit_opt_list").length > 0) {
                     $("#sit_sel_option .sit_opt_list:last").after(opt);
                 } else {
                     $("#sit_sel_option > ul").html(opt);
                 }
             }
         } else {
-            if($("#sit_sel_option .sit_opt_list").size() > 0) {
+            if($("#sit_sel_option .sit_opt_list").length > 0) {
                 $("#sit_sel_option .sit_opt_list:last").after(opt);
             } else {
-                if($("#sit_sel_option .sit_spl_list").size() > 0) {
+                if($("#sit_sel_option .sit_spl_list").length > 0) {
                     $("#sit_sel_option .sit_spl_list:first").before(opt);
                 } else {
                     $("#sit_sel_option > ul").html(opt);
diff --git a/js/shop.list.action.js b/js/shop.list.action.js
index 7c23d7e38..0fa68fd73 100644
--- a/js/shop.list.action.js
+++ b/js/shop.list.action.js
@@ -46,7 +46,7 @@ jQuery(function ($) {
         var id = "";
         var value, info, sel_opt, item, price, stock, run_error = false;
         var option = sep = "";
-        var count = $sel.size();
+        var count = $sel.length;
 
         if(count > 0) {
             $sel.each(function(index) {
@@ -241,7 +241,7 @@ jQuery(function ($) {
     $(document).on("change", "select.it_option", function() {
         var $frm = $(this).closest("form");
         var $sel = $frm.find("select.it_option");
-        var sel_count = $sel.size();
+        var sel_count = $sel.length;
         var idx = $sel.index($(this));
         var val = $(this).val();
         var it_id = $frm.find("input[name='it_id[]']").val();
diff --git a/js/shop.list.js b/js/shop.list.js
index 3f8fac3d8..ddbfb9710 100644
--- a/js/shop.list.js
+++ b/js/shop.list.js
@@ -1,7 +1,7 @@
 $.fn.listType = function(type)
 {
     var $el = this.find("li.sct_li");
-    var count = $el.size();
+    var count = $el.length;
     if(count < 1)
         return;
 
diff --git a/js/shop.mobile.list.js b/js/shop.mobile.list.js
index d39939b51..2dbeecdaa 100644
--- a/js/shop.mobile.list.js
+++ b/js/shop.mobile.list.js
@@ -29,7 +29,7 @@ $(function() {
                 }
 
                 var $items = $(data.item).find("li");
-                var cnt = $items.size();
+                var cnt = $items.length;
 
                 if(cnt < 1) {
                     alert("등록된 상품이 더 이상없습니다.");
diff --git a/js/shop.mobile.main.js b/js/shop.mobile.main.js
index b02e93d25..6b07f0230 100644
--- a/js/shop.mobile.main.js
+++ b/js/shop.mobile.main.js
@@ -24,7 +24,7 @@
         var $btns;
 
         var idx = cfg.startSlide;
-        var count = $slides.size();
+        var count = $slides.length;
         var width, height;
         var tab = null;
 
@@ -118,7 +118,7 @@
         var $btns = this.find(""+cfg.buttons+"");
 
         var idx = cfg.startSlide;
-        var count = $slides.size();
+        var count = $slides.length;
         var width, outerW;
 
         if(count < 1)
diff --git a/js/shop.override.js b/js/shop.override.js
index 960bc35b6..a7f272958 100644
--- a/js/shop.override.js
+++ b/js/shop.override.js
@@ -88,25 +88,25 @@ jQuery(function($){
                     opt += "<button type=\"button\" class=\"sit_opt_del\"><i class=\"fa fa-times\" aria-hidden=\"true\"></i><span class=\"sound_only\">삭제</span></button></div>";
                     opt += "</li>";
 
-                    if($("#sit_sel_option > ul").size() < 1) {
+                    if($("#sit_sel_option > ul").length < 1) {
                         $("#sit_sel_option").html("<ul id=\"sit_opt_added\"></ul>");
                         $("#sit_sel_option > ul").html(opt);
                     } else{
                         if(type) {
-                            if($("#sit_sel_option .sit_spl_list").size() > 0) {
+                            if($("#sit_sel_option .sit_spl_list").length > 0) {
                                 $("#sit_sel_option .sit_spl_list:last").after(opt);
                             } else {
-                                if($("#sit_sel_option .sit_opt_list").size() > 0) {
+                                if($("#sit_sel_option .sit_opt_list").length > 0) {
                                     $("#sit_sel_option .sit_opt_list:last").after(opt);
                                 } else {
                                     $("#sit_sel_option > ul").html(opt);
                                 }
                             }
                         } else {
-                            if($("#sit_sel_option .sit_opt_list").size() > 0) {
+                            if($("#sit_sel_option .sit_opt_list").length > 0) {
                                 $("#sit_sel_option .sit_opt_list:last").after(opt);
                             } else {
-                                if($("#sit_sel_option .sit_spl_list").size() > 0) {
+                                if($("#sit_sel_option .sit_spl_list").length > 0) {
                                     $("#sit_sel_option .sit_spl_list:first").before(opt);
                                 } else {
                                     $("#sit_sel_option > ul").html(opt);
diff --git a/lib/Cache/FileCache.class.php b/lib/Cache/FileCache.class.php
index e220f6282..ccfe4aa59 100644
--- a/lib/Cache/FileCache.class.php
+++ b/lib/Cache/FileCache.class.php
@@ -199,5 +199,4 @@ class FileCache
     {
         return unserialize(base64_decode($data));
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/Cache/obj.class.php b/lib/Cache/obj.class.php
index b82ee39f9..b75cf0980 100644
--- a/lib/Cache/obj.class.php
+++ b/lib/Cache/obj.class.php
@@ -87,6 +87,4 @@ Class G5_object_cache {
         return true;
     }
 
-}   //end Class
-
-?>
\ No newline at end of file
+}   //end Class;
\ No newline at end of file
diff --git a/lib/Excel/oleread.inc.php b/lib/Excel/oleread.inc.php
index c7241aa86..c169b6025 100644
--- a/lib/Excel/oleread.inc.php
+++ b/lib/Excel/oleread.inc.php
@@ -267,5 +267,4 @@ class OLERead {
     	}
     }
     
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_biffwriter.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_biffwriter.inc.php
index 04f90fbbc..93bdefd48 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_biffwriter.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_biffwriter.inc.php
@@ -204,6 +204,4 @@ class writeexcel_biffwriter {
         return $tmp;
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_format.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_format.inc.php
index 15435c049..b24f4223f 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_format.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_format.inc.php
@@ -690,6 +690,4 @@ class writeexcel_format {
         $this->_right_color=$this->_get_color($color);
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_formula.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_formula.inc.php
index 7a04fd63a..b1a321f50 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_formula.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_formula.inc.php
@@ -153,7 +153,7 @@ function parse_formula() {
 
     $this->_formula	 = $formula;
     $this->_current_char = 0;
-    $this->_lookahead    = $this->_formula{1};
+    $this->_lookahead    = $this->_formula[1];
     $this->_advance($formula);
     $parsetree = $this->_condition();
 
@@ -1005,7 +1005,7 @@ function _cellToRowcol($cell)
     $col    = 0;
     for ($i=0; $i < strlen($col_ref); $i++)
  {
-        $col += (ord($col_ref{$i}) - ord('A') + 1) * pow(26, $expn);
+        $col += (ord($col_ref[$i]) - ord('A') + 1) * pow(26, $expn);
         $expn--;
     }
 
@@ -1027,19 +1027,19 @@ function _advance()
     // eat up white spaces
     if ($i < strlen($this->_formula))
  {
-        while ($this->_formula{$i} == " ") {
+        while ($this->_formula[$i] == " ") {
             $i++;
         }
         if ($i < strlen($this->_formula) - 1) {
-            $this->_lookahead = $this->_formula{$i+1};
+            $this->_lookahead = $this->_formula[$i+1];
         }
         $token = "";
     }
     while ($i < strlen($this->_formula))
  {
-        $token .= $this->_formula{$i};
+        $token .= $this->_formula[$i];
         if ($i < strlen($this->_formula) - 1) {
-            $this->_lookahead = $this->_formula{$i+1};
+            $this->_lookahead = $this->_formula[$i+1];
         }
  else {
             $this->_lookahead = '';
@@ -1054,7 +1054,7 @@ function _advance()
             return 1;
         }
         if ($i < strlen($this->_formula) - 2) {
-            $this->_lookahead = $this->_formula{$i+2};
+            $this->_lookahead = $this->_formula[$i+2];
         }
  else {
         // if we run out of characters _lookahead becomes empty
@@ -1195,7 +1195,7 @@ function parse($formula)
  {
     $this->_current_char = 0;
     $this->_formula      = $formula;
-    $this->_lookahead    = $formula{1};
+    $this->_lookahead    = $formula[1];
     $this->_advance();
     $this->_parse_tree   = $this->_condition();
     if ($this->isError($this->_parse_tree)) {
@@ -1604,7 +1604,4 @@ function toReversePolish($tree = array())
     return $polish;
 }
 
-}
-
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_olewriter.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_olewriter.inc.php
index 133a1b501..184149520 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_olewriter.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_olewriter.inc.php
@@ -348,6 +348,4 @@ class writeexcel_olewriter {
         }
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_workbook.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_workbook.inc.php
index 11c7c0e2b..be13fb2d8 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_workbook.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_workbook.inc.php
@@ -1144,6 +1144,4 @@ function _store_codepage() {
     $this->_append($header.$data);
 }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_workbookbig.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_workbookbig.inc.php
index 3fb2f61d1..d705cb268 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_workbookbig.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_workbookbig.inc.php
@@ -50,6 +50,4 @@ class writeexcel_workbookbig extends writeexcel_workbook {
         $ole->save($this->_filename);
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php b/lib/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php
index 9860cbf7e..5127cf21c 100644
--- a/lib/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php
+++ b/lib/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php
@@ -2963,6 +2963,4 @@ function insert_bitmap() {
         $this->_append($header . $data);
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/lib/Excel/reader.php b/lib/Excel/reader.php
index 72836d5c0..02cdfc32f 100644
--- a/lib/Excel/reader.php
+++ b/lib/Excel/reader.php
@@ -1079,6 +1079,4 @@ class Spreadsheet_Excel_Reader
  * c-basic-offset: 4
  * c-hanging-comment-ender-p: nil
  * End:
- */
-
-?>
+ */;
\ No newline at end of file
diff --git a/lib/Hook/hook.class.php b/lib/Hook/hook.class.php
index 70452b041..600ab9009 100644
--- a/lib/Hook/hook.class.php
+++ b/lib/Hook/hook.class.php
@@ -322,6 +322,4 @@ class Hook
 
         return array();
     }
-}
-
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/Hook/hook.extends.class.php b/lib/Hook/hook.extends.class.php
index 47e9e4348..4ebdb4a89 100644
--- a/lib/Hook/hook.extends.class.php
+++ b/lib/Hook/hook.extends.class.php
@@ -159,6 +159,4 @@ Class GML_Hook extends Hook {
     }
 }
 
-// end  Hook Class
-
-?>
\ No newline at end of file
+// end  Hook Class;
\ No newline at end of file
diff --git a/lib/PHPExcel/Calculation.php b/lib/PHPExcel/Calculation.php
index 20b1ec3f5..0c754daf7 100644
--- a/lib/PHPExcel/Calculation.php
+++ b/lib/PHPExcel/Calculation.php
@@ -2548,7 +2548,7 @@ class PHPExcel_Calculation
     public static function unwrapResult($value)
     {
         if (is_string($value)) {
-            if ((isset($value{0})) && ($value{0} == '"') && (substr($value, -1) == '"')) {
+            if ((isset($value[0])) && ($value[0] == '"') && (substr($value, -1) == '"')) {
                 return substr($value, 1, -1);
             }
         //    Convert numeric errors to NaN error
@@ -2669,11 +2669,11 @@ class PHPExcel_Calculation
         //    Basic validation that this is indeed a formula
         //    We return an empty array if not
         $formula = trim($formula);
-        if ((!isset($formula{0})) || ($formula{0} != '=')) {
+        if ((!isset($formula[0])) || ($formula[0] != '=')) {
             return array();
         }
         $formula = ltrim(substr($formula, 1));
-        if (!isset($formula{0})) {
+        if (!isset($formula[0])) {
             return array();
         }
 
@@ -2761,11 +2761,11 @@ class PHPExcel_Calculation
         //    Basic validation that this is indeed a formula
         //    We simply return the cell value if not
         $formula = trim($formula);
-        if ($formula{0} != '=') {
+        if ($formula[0] != '=') {
             return self::wrapResult($formula);
         }
         $formula = ltrim(substr($formula, 1));
-        if (!isset($formula{0})) {
+        if (!isset($formula[0])) {
             return self::wrapResult($formula);
         }
 
@@ -2777,7 +2777,7 @@ class PHPExcel_Calculation
             return $cellValue;
         }
 
-        if (($wsTitle{0} !== "\x00") && ($this->cyclicReferenceStack->onStack($wsCellReference))) {
+        if (($wsTitle[0] !== "\x00") && ($this->cyclicReferenceStack->onStack($wsCellReference))) {
             if ($this->cyclicFormulaCount <= 0) {
                 $this->cyclicFormulaCell = '';
                 return $this->raiseFormulaError('Cyclic Reference in Formula');
@@ -3031,7 +3031,7 @@ class PHPExcel_Calculation
             } else {
                 if ($value == '') {
                     return 'an empty string';
-                } elseif ($value{0} == '#') {
+                } elseif ($value[0] == '#') {
                     return 'a '.$value.' error';
                 } else {
                     $typeString = 'a string';
@@ -3163,10 +3163,10 @@ class PHPExcel_Calculation
         //    Loop through the formula extracting each operator and operand in turn
         while (true) {
 //echo 'Assessing Expression '.substr($formula, $index), PHP_EOL;
-            $opCharacter = $formula{$index};    //    Get the first character of the value at the current index position
+            $opCharacter = $formula[$index];    //    Get the first character of the value at the current index position
 //echo 'Initial character of expression block is '.$opCharacter, PHP_EOL;
-            if ((isset(self::$comparisonOperators[$opCharacter])) && (strlen($formula) > $index) && (isset(self::$comparisonOperators[$formula{$index+1}]))) {
-                $opCharacter .= $formula{++$index};
+            if ((isset(self::$comparisonOperators[$opCharacter])) && (strlen($formula) > $index) && (isset(self::$comparisonOperators[$formula[$index+1]]))) {
+                $opCharacter .= $formula[++$index];
 //echo 'Initial character of expression block is comparison operator '.$opCharacter.PHP_EOL;
             }
 
@@ -3454,11 +3454,11 @@ class PHPExcel_Calculation
                 }
             }
             //    Ignore white space
-            while (($formula{$index} == "\n") || ($formula{$index} == "\r")) {
+            while (($formula[$index] == "\n") || ($formula[$index] == "\r")) {
                 ++$index;
             }
-            if ($formula{$index} == ' ') {
-                while ($formula{$index} == ' ') {
+            if ($formula[$index] == ' ') {
+                while ($formula[$index] == ' ') {
                     ++$index;
                 }
                 //    If we're expecting an operator, but only have a space between the previous and next operands (and both are
@@ -3888,7 +3888,7 @@ class PHPExcel_Calculation
 //                    echo 'Token is a PHPExcel constant: '.$excelConstant.'<br />';
                     $stack->push('Constant Value', self::$excelConstants[$excelConstant]);
                     $this->_debugLog->writeDebugLog('Evaluating Constant ', $excelConstant, ' as ', $this->showTypeDetails(self::$excelConstants[$excelConstant]));
-                } elseif ((is_numeric($token)) || ($token === null) || (is_bool($token)) || ($token == '') || ($token{0} == '"') || ($token{0} == '#')) {
+                } elseif ((is_numeric($token)) || ($token === null) || (is_bool($token)) || ($token == '') || ($token[0] == '"') || ($token[0] == '#')) {
 //                    echo 'Token is a number, boolean, string, null or an Excel error<br />';
                     $stack->push('Value', $token);
                 // if the token is a named range, push the named range name onto the stack
@@ -3933,13 +3933,13 @@ class PHPExcel_Calculation
         if (is_string($operand)) {
             //    We only need special validations for the operand if it is a string
             //    Start by stripping off the quotation marks we use to identify true excel string values internally
-            if ($operand > '' && $operand{0} == '"') {
+            if ($operand > '' && $operand[0] == '"') {
                 $operand = self::unwrapResult($operand);
             }
             //    If the string is a numeric value, we treat it as a numeric, so no further testing
             if (!is_numeric($operand)) {
                 //    If not a numeric, test to see if the value is an Excel error, and so can't be used in normal binary operations
-                if ($operand > '' && $operand{0} == '#') {
+                if ($operand > '' && $operand[0] == '#') {
                     $stack->push('Value', $operand);
                     $this->_debugLog->writeDebugLog('Evaluation Result is ', $this->showTypeDetails($operand));
                     return false;
@@ -3995,10 +3995,10 @@ class PHPExcel_Calculation
         }
 
         //    Simple validate the two operands if they are string values
-        if (is_string($operand1) && $operand1 > '' && $operand1{0} == '"') {
+        if (is_string($operand1) && $operand1 > '' && $operand1[0] == '"') {
             $operand1 = self::unwrapResult($operand1);
         }
-        if (is_string($operand2) && $operand2 > '' && $operand2{0} == '"') {
+        if (is_string($operand2) && $operand2 > '' && $operand2[0] == '"') {
             $operand2 = self::unwrapResult($operand2);
         }
 
diff --git a/lib/PHPExcel/Calculation/Engineering.php b/lib/PHPExcel/Calculation/Engineering.php
index 75e278474..4e8d53064 100644
--- a/lib/PHPExcel/Calculation/Engineering.php
+++ b/lib/PHPExcel/Calculation/Engineering.php
@@ -768,7 +768,7 @@ class PHPExcel_Calculation_Engineering
         //    Split the input into its Real and Imaginary components
         $leadingSign = 0;
         if (strlen($workString) > 0) {
-            $leadingSign = (($workString{0} == '+') || ($workString{0} == '-')) ? 1 : 0;
+            $leadingSign = (($workString[0] == '+') || ($workString[0] == '-')) ? 1 : 0;
         }
         $power = '';
         $realNumber = strtok($workString, '+-');
@@ -809,16 +809,16 @@ class PHPExcel_Calculation_Engineering
      */
     private static function cleanComplex($complexNumber)
     {
-        if ($complexNumber{0} == '+') {
+        if ($complexNumber[0] == '+') {
             $complexNumber = substr($complexNumber, 1);
         }
-        if ($complexNumber{0} == '0') {
+        if ($complexNumber[0] == '0') {
             $complexNumber = substr($complexNumber, 1);
         }
-        if ($complexNumber{0} == '.') {
+        if ($complexNumber[0] == '.') {
             $complexNumber = '0'.$complexNumber;
         }
-        if ($complexNumber{0} == '+') {
+        if ($complexNumber[0] == '+') {
             $complexNumber = substr($complexNumber, 1);
         }
         return $complexNumber;
diff --git a/lib/PHPExcel/Calculation/FormulaParser.php b/lib/PHPExcel/Calculation/FormulaParser.php
index 893f19e94..03340e699 100644
--- a/lib/PHPExcel/Calculation/FormulaParser.php
+++ b/lib/PHPExcel/Calculation/FormulaParser.php
@@ -159,7 +159,7 @@ class PHPExcel_Calculation_FormulaParser
 
         // Check if the formula has a valid starting =
         $formulaLength = strlen($this->formula);
-        if ($formulaLength < 2 || $this->formula{0} != '=') {
+        if ($formulaLength < 2 || $this->formula[0] != '=') {
             return;
         }
 
diff --git a/lib/PHPExcel/Calculation/Functions.php b/lib/PHPExcel/Calculation/Functions.php
index 5a1e5ee5a..773ce1ad0 100644
--- a/lib/PHPExcel/Calculation/Functions.php
+++ b/lib/PHPExcel/Calculation/Functions.php
@@ -318,10 +318,10 @@ class PHPExcel_Calculation_Functions
     public static function ifCondition($condition)
     {
         $condition    = PHPExcel_Calculation_Functions::flattenSingleValue($condition);
-        if (!isset($condition{0})) {
+        if (!isset($condition[0])) {
             $condition = '=""';
         }
-        if (!in_array($condition{0}, array('>', '<', '='))) {
+        if (!in_array($condition[0], array('>', '<', '='))) {
             if (!is_numeric($condition)) {
                 $condition = PHPExcel_Calculation::wrapResult(strtoupper($condition));
             }
@@ -559,7 +559,7 @@ class PHPExcel_Calculation_Functions
                 return (integer) $value;
             case 'string':
                 //    Errors
-                if ((strlen($value) > 0) && ($value{0} == '#')) {
+                if ((strlen($value) > 0) && ($value[0] == '#')) {
                     return $value;
                 }
                 break;
@@ -609,7 +609,7 @@ class PHPExcel_Calculation_Functions
                 return 64;
         } elseif (is_string($value)) {
             //    Errors
-            if ((strlen($value) > 0) && ($value{0} == '#')) {
+            if ((strlen($value) > 0) && ($value[0] == '#')) {
                 return 16;
             }
             return 2;
diff --git a/lib/PHPExcel/Calculation/TextData.php b/lib/PHPExcel/Calculation/TextData.php
index 6461d0601..b5eeec7f2 100644
--- a/lib/PHPExcel/Calculation/TextData.php
+++ b/lib/PHPExcel/Calculation/TextData.php
@@ -40,19 +40,19 @@ class PHPExcel_Calculation_TextData
 
     private static function unicodeToOrd($c)
     {
-        if (ord($c{0}) >=0 && ord($c{0}) <= 127) {
-            return ord($c{0});
-        } elseif (ord($c{0}) >= 192 && ord($c{0}) <= 223) {
-            return (ord($c{0})-192)*64 + (ord($c{1})-128);
-        } elseif (ord($c{0}) >= 224 && ord($c{0}) <= 239) {
-            return (ord($c{0})-224)*4096 + (ord($c{1})-128)*64 + (ord($c{2})-128);
-        } elseif (ord($c{0}) >= 240 && ord($c{0}) <= 247) {
-            return (ord($c{0})-240)*262144 + (ord($c{1})-128)*4096 + (ord($c{2})-128)*64 + (ord($c{3})-128);
-        } elseif (ord($c{0}) >= 248 && ord($c{0}) <= 251) {
-            return (ord($c{0})-248)*16777216 + (ord($c{1})-128)*262144 + (ord($c{2})-128)*4096 + (ord($c{3})-128)*64 + (ord($c{4})-128);
-        } elseif (ord($c{0}) >= 252 && ord($c{0}) <= 253) {
-            return (ord($c{0})-252)*1073741824 + (ord($c{1})-128)*16777216 + (ord($c{2})-128)*262144 + (ord($c{3})-128)*4096 + (ord($c{4})-128)*64 + (ord($c{5})-128);
-        } elseif (ord($c{0}) >= 254 && ord($c{0}) <= 255) {
+        if (ord($c[0]) >=0 && ord($c[0]) <= 127) {
+            return ord($c[0]);
+        } elseif (ord($c[0]) >= 192 && ord($c[0]) <= 223) {
+            return (ord($c[0])-192)*64 + (ord($c[1])-128);
+        } elseif (ord($c[0]) >= 224 && ord($c[0]) <= 239) {
+            return (ord($c[0])-224)*4096 + (ord($c[1])-128)*64 + (ord($c[2])-128);
+        } elseif (ord($c[0]) >= 240 && ord($c[0]) <= 247) {
+            return (ord($c[0])-240)*262144 + (ord($c[1])-128)*4096 + (ord($c[2])-128)*64 + (ord($c[3])-128);
+        } elseif (ord($c[0]) >= 248 && ord($c[0]) <= 251) {
+            return (ord($c[0])-248)*16777216 + (ord($c[1])-128)*262144 + (ord($c[2])-128)*4096 + (ord($c[3])-128)*64 + (ord($c[4])-128);
+        } elseif (ord($c[0]) >= 252 && ord($c[0]) <= 253) {
+            return (ord($c[0])-252)*1073741824 + (ord($c[1])-128)*16777216 + (ord($c[2])-128)*262144 + (ord($c[3])-128)*4096 + (ord($c[4])-128)*64 + (ord($c[5])-128);
+        } elseif (ord($c[0]) >= 254 && ord($c[0]) <= 255) {
             // error
             return PHPExcel_Calculation_Functions::VALUE();
         }
diff --git a/lib/PHPExcel/Cell.php b/lib/PHPExcel/Cell.php
index c99a3c8b1..4b1437f55 100644
--- a/lib/PHPExcel/Cell.php
+++ b/lib/PHPExcel/Cell.php
@@ -809,19 +809,19 @@ class PHPExcel_Cell
 
         //    We also use the language construct isset() rather than the more costly strlen() function to match the length of $pString
         //        for improved performance
-        if (isset($pString{0})) {
-            if (!isset($pString{1})) {
+        if (isset($pString[0])) {
+            if (!isset($pString[1])) {
                 $_indexCache[$pString] = $_columnLookup[$pString];
                 return $_indexCache[$pString];
-            } elseif (!isset($pString{2})) {
-                $_indexCache[$pString] = $_columnLookup[$pString{0}] * 26 + $_columnLookup[$pString{1}];
+            } elseif (!isset($pString[2])) {
+                $_indexCache[$pString] = $_columnLookup[$pString[0]] * 26 + $_columnLookup[$pString[1]];
                 return $_indexCache[$pString];
-            } elseif (!isset($pString{3})) {
-                $_indexCache[$pString] = $_columnLookup[$pString{0}] * 676 + $_columnLookup[$pString{1}] * 26 + $_columnLookup[$pString{2}];
+            } elseif (!isset($pString[3])) {
+                $_indexCache[$pString] = $_columnLookup[$pString[0]] * 676 + $_columnLookup[$pString[1]] * 26 + $_columnLookup[$pString[2]];
                 return $_indexCache[$pString];
             }
         }
-        throw new PHPExcel_Exception("Column string index can not be " . ((isset($pString{0})) ? "longer than 3 characters" : "empty"));
+        throw new PHPExcel_Exception("Column string index can not be " . ((isset($pString[0])) ? "longer than 3 characters" : "empty"));
     }
 
     /**
diff --git a/lib/PHPExcel/Cell/DefaultValueBinder.php b/lib/PHPExcel/Cell/DefaultValueBinder.php
index dc19e6c45..d1501b8c2 100644
--- a/lib/PHPExcel/Cell/DefaultValueBinder.php
+++ b/lib/PHPExcel/Cell/DefaultValueBinder.php
@@ -79,7 +79,7 @@ class PHPExcel_Cell_DefaultValueBinder implements PHPExcel_Cell_IValueBinder
             return PHPExcel_Cell_DataType::TYPE_STRING;
         } elseif ($pValue instanceof PHPExcel_RichText) {
             return PHPExcel_Cell_DataType::TYPE_INLINE;
-        } elseif ($pValue{0} === '=' && strlen($pValue) > 1) {
+        } elseif ($pValue[0] === '=' && strlen($pValue) > 1) {
             return PHPExcel_Cell_DataType::TYPE_FORMULA;
         } elseif (is_bool($pValue)) {
             return PHPExcel_Cell_DataType::TYPE_BOOL;
@@ -87,7 +87,7 @@ class PHPExcel_Cell_DefaultValueBinder implements PHPExcel_Cell_IValueBinder
             return PHPExcel_Cell_DataType::TYPE_NUMERIC;
         } elseif (preg_match('/^[\+\-]?([0-9]+\\.?[0-9]*|[0-9]*\\.?[0-9]+)([Ee][\-\+]?[0-2]?\d{1,3})?$/', $pValue)) {
             $tValue = ltrim($pValue, '+-');
-            if (is_string($pValue) && $tValue{0} === '0' && strlen($tValue) > 1 && $tValue{1} !== '.') {
+            if (is_string($pValue) && $tValue[0] === '0' && strlen($tValue) > 1 && $tValue[1] !== '.') {
                 return PHPExcel_Cell_DataType::TYPE_STRING;
             } elseif ((strpos($pValue, '.') === false) && ($pValue > PHP_INT_MAX)) {
                 return PHPExcel_Cell_DataType::TYPE_STRING;
diff --git a/lib/PHPExcel/Chart/Renderer/PHP_Charting_Libraries.txt b/lib/PHPExcel/Chart/Renderer/PHP Charting Libraries.txt
similarity index 95%
rename from lib/PHPExcel/Chart/Renderer/PHP_Charting_Libraries.txt
rename to lib/PHPExcel/Chart/Renderer/PHP Charting Libraries.txt
index a088989e9..9334f684e 100644
--- a/lib/PHPExcel/Chart/Renderer/PHP_Charting_Libraries.txt
+++ b/lib/PHPExcel/Chart/Renderer/PHP Charting Libraries.txt	
@@ -1,20 +1,20 @@
-ChartDirector
-	http://www.advsofteng.com/cdphp.html
-
-GraPHPite
-	http://graphpite.sourceforge.net/
-
-JpGraph
-	http://www.aditus.nu/jpgraph/
-
-LibChart
-	http://naku.dohcrew.com/libchart/pages/introduction/
-
-pChart
-	http://pchart.sourceforge.net/
-
-TeeChart
-	http://www.steema.com/products/teechart/overview.html
-
-PHPGraphLib
+ChartDirector
+	http://www.advsofteng.com/cdphp.html
+
+GraPHPite
+	http://graphpite.sourceforge.net/
+
+JpGraph
+	http://www.aditus.nu/jpgraph/
+
+LibChart
+	http://naku.dohcrew.com/libchart/pages/introduction/
+
+pChart
+	http://pchart.sourceforge.net/
+
+TeeChart
+	http://www.steema.com/products/teechart/overview.html
+
+PHPGraphLib
     http://www.ebrueggeman.com/phpgraphlib
\ No newline at end of file
diff --git a/lib/PHPExcel/Reader/Excel2003XML.php b/lib/PHPExcel/Reader/Excel2003XML.php
index c007f9bbc..3e21c9d91 100644
--- a/lib/PHPExcel/Reader/Excel2003XML.php
+++ b/lib/PHPExcel/Reader/Excel2003XML.php
@@ -689,7 +689,7 @@ class PHPExcel_Reader_Excel2003XML extends PHPExcel_Reader_Abstract implements P
                                                     $rowReference = $rowID;
                                                 }
                                                 //    Bracketed R references are relative to the current row
-                                                if ($rowReference{0} == '[') {
+                                                if ($rowReference[0] == '[') {
                                                     $rowReference = $rowID + trim($rowReference, '[]');
                                                 }
                                                 $columnReference = $cellReference[4][0];
@@ -698,7 +698,7 @@ class PHPExcel_Reader_Excel2003XML extends PHPExcel_Reader_Abstract implements P
                                                     $columnReference = $columnNumber;
                                                 }
                                                 //    Bracketed C references are relative to the current column
-                                                if ($columnReference{0} == '[') {
+                                                if ($columnReference[0] == '[') {
                                                     $columnReference = $columnNumber + trim($columnReference, '[]');
                                                 }
                                                 $A1CellReference = PHPExcel_Cell::stringFromColumnIndex($columnReference-1).$rowReference;
diff --git a/lib/PHPExcel/Reader/Excel5.php b/lib/PHPExcel/Reader/Excel5.php
index 62e971d2e..7190bdbf7 100644
--- a/lib/PHPExcel/Reader/Excel5.php
+++ b/lib/PHPExcel/Reader/Excel5.php
@@ -1925,7 +1925,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
         // offset: 0; size: 2; 0 = base 1900, 1 = base 1904
         PHPExcel_Shared_Date::setExcelCalendar(PHPExcel_Shared_Date::CALENDAR_WINDOWS_1900);
-        if (ord($recordData{0}) == 1) {
+        if (ord($recordData[0]) == 1) {
             PHPExcel_Shared_Date::setExcelCalendar(PHPExcel_Shared_Date::CALENDAR_MAC_1904);
         }
     }
@@ -1988,7 +1988,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
             }
 
             // offset: 10; size: 1; underline type
-            $underlineType = ord($recordData{10});
+            $underlineType = ord($recordData[10]);
             switch ($underlineType) {
                 case 0x00:
                     break; // no underline
@@ -2125,7 +2125,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
             // offset:  6; size: 1; Alignment and text break
             // bit 2-0, mask 0x07; horizontal alignment
-            $horAlign = (0x07 & ord($recordData{6})) >> 0;
+            $horAlign = (0x07 & ord($recordData[6])) >> 0;
             switch ($horAlign) {
                 case 0:
                     $objStyle->getAlignment()->setHorizontal(PHPExcel_Style_Alignment::HORIZONTAL_GENERAL);
@@ -2150,7 +2150,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                     break;
             }
             // bit 3, mask 0x08; wrap text
-            $wrapText = (0x08 & ord($recordData{6})) >> 3;
+            $wrapText = (0x08 & ord($recordData[6])) >> 3;
             switch ($wrapText) {
                 case 0:
                     $objStyle->getAlignment()->setWrapText(false);
@@ -2160,7 +2160,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                     break;
             }
             // bit 6-4, mask 0x70; vertical alignment
-            $vertAlign = (0x70 & ord($recordData{6})) >> 4;
+            $vertAlign = (0x70 & ord($recordData[6])) >> 4;
             switch ($vertAlign) {
                 case 0:
                     $objStyle->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_TOP);
@@ -2178,7 +2178,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
             if ($this->version == self::XLS_BIFF8) {
                 // offset:  7; size: 1; XF_ROTATION: Text rotation angle
-                $angle = ord($recordData{7});
+                $angle = ord($recordData[7]);
                 $rotation = 0;
                 if ($angle <= 90) {
                     $rotation = $angle;
@@ -2191,11 +2191,11 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
                 // offset:  8; size: 1; Indentation, shrink to cell size, and text direction
                 // bit: 3-0; mask: 0x0F; indent level
-                $indent = (0x0F & ord($recordData{8})) >> 0;
+                $indent = (0x0F & ord($recordData[8])) >> 0;
                 $objStyle->getAlignment()->setIndent($indent);
 
                 // bit: 4; mask: 0x10; 1 = shrink content to fit into cell
-                $shrinkToFit = (0x10 & ord($recordData{8})) >> 4;
+                $shrinkToFit = (0x10 & ord($recordData[8])) >> 4;
                 switch ($shrinkToFit) {
                     case 0:
                         $objStyle->getAlignment()->setShrinkToFit(false);
@@ -2275,7 +2275,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                 // BIFF5
 
                 // offset: 7; size: 1; Text orientation and flags
-                $orientationAndFlags = ord($recordData{7});
+                $orientationAndFlags = ord($recordData[7]);
 
                 // bit: 1-0; mask: 0x03; XF_ORIENTATION: Text orientation
                 $xfOrientation = (0x03 & $orientationAndFlags) >> 0;
@@ -2399,7 +2399,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2414,7 +2414,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2429,7 +2429,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2444,7 +2444,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2459,7 +2459,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2474,7 +2474,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2489,7 +2489,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2504,7 +2504,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         $xclrValue = substr($extData, 4, 4); // color value (value based on color type)
 
                         if ($xclfType == 2) {
-                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue{0}), ord($xclrValue{1}), ord($xclrValue{2}));
+                            $rgb = sprintf('%02X%02X%02X', ord($xclrValue[0]), ord($xclrValue[1]), ord($xclrValue[2]));
 
                             // modify the relevant style property
                             if (isset($this->mapCellXfIndex[$ixfe])) {
@@ -2546,7 +2546,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
             if ($isBuiltIn) {
                 // offset: 2; size: 1; identifier for built-in style
-                $builtInId = ord($recordData{2});
+                $builtInId = ord($recordData[2]);
 
                 switch ($builtInId) {
                     case 0x00:
@@ -2611,7 +2611,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
         $this->pos += 4 + $length;
 
         // offset: 4; size: 1; sheet state
-        switch (ord($recordData{4})) {
+        switch (ord($recordData[4])) {
             case 0x00:
                 $sheetState = PHPExcel_Worksheet::SHEETSTATE_VISIBLE;
                 break;
@@ -2627,7 +2627,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
         }
 
         // offset: 5; size: 1; sheet type
-        $sheetType = ord($recordData{5});
+        $sheetType = ord($recordData[5]);
 
         // offset: 6; size: var; sheet name
         if ($this->version == self::XLS_BIFF8) {
@@ -2805,7 +2805,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
             // offset: 2; size: 1; keyboard shortcut
 
             // offset: 3; size: 1; length of the name (character count)
-            $nlen = ord($recordData{3});
+            $nlen = ord($recordData[3]);
 
             // offset: 4; size: 2; size of the formula data (it can happen that this is zero)
             // note: there can also be additional data, this is not included in $flen
@@ -2888,7 +2888,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
             $pos += 2;
 
             // option flags
-            $optionFlags = ord($recordData{$pos});
+            $optionFlags = ord($recordData[$pos]);
             ++$pos;
 
             // bit: 0; mask: 0x01; 0 = compressed; 1 = uncompressed
@@ -2955,7 +2955,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
                     // repeated option flags
                     // OpenOffice.org documentation 5.21
-                    $option = ord($recordData{$pos});
+                    $option = ord($recordData[$pos]);
                     ++$pos;
 
                     if ($isCompressed && ($option == 0)) {
@@ -2977,7 +2977,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                         // this fragment compressed
                         $len = min($charsLeft, $limitpos - $pos);
                         for ($j = 0; $j < $len; ++$j) {
-                            $retstr .= $recordData{$pos + $j} . chr(0);
+                            $retstr .= $recordData[$pos + $j] . chr(0);
                         }
                         $charsLeft -= $len;
                         $isCompressed = false;
@@ -3883,7 +3883,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
         // We can apparently not rely on $isPartOfSharedFormula. Even when $isPartOfSharedFormula = true
         // the formula data may be ordinary formula data, therefore we need to check
         // explicitly for the tExp token (0x01)
-        $isPartOfSharedFormula = $isPartOfSharedFormula && ord($formulaStructure{2}) == 0x01;
+        $isPartOfSharedFormula = $isPartOfSharedFormula && ord($formulaStructure[2]) == 0x01;
 
         if ($isPartOfSharedFormula) {
             // part of shared formula which means there will be a formula with a tExp token and nothing else
@@ -3906,7 +3906,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
             $xfIndex = self::getInt2d($recordData, 4);
 
             // offset: 6; size: 8; result of the formula
-            if ((ord($recordData{6}) == 0) && (ord($recordData{12}) == 255) && (ord($recordData{13}) == 255)) {
+            if ((ord($recordData[6]) == 0) && (ord($recordData[12]) == 255) && (ord($recordData[13]) == 255)) {
                 // String formula. Result follows in appended STRING record
                 $dataType = PHPExcel_Cell_DataType::TYPE_STRING;
 
@@ -3918,21 +3918,21 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
                 // read STRING record
                 $value = $this->readString();
-            } elseif ((ord($recordData{6}) == 1)
-                && (ord($recordData{12}) == 255)
-                && (ord($recordData{13}) == 255)) {
+            } elseif ((ord($recordData[6]) == 1)
+                && (ord($recordData[12]) == 255)
+                && (ord($recordData[13]) == 255)) {
                 // Boolean formula. Result is in +2; 0=false, 1=true
                 $dataType = PHPExcel_Cell_DataType::TYPE_BOOL;
-                $value = (bool) ord($recordData{8});
-            } elseif ((ord($recordData{6}) == 2)
-                && (ord($recordData{12}) == 255)
-                && (ord($recordData{13}) == 255)) {
+                $value = (bool) ord($recordData[8]);
+            } elseif ((ord($recordData[6]) == 2)
+                && (ord($recordData[12]) == 255)
+                && (ord($recordData[13]) == 255)) {
                 // Error formula. Error code is in +2
                 $dataType = PHPExcel_Cell_DataType::TYPE_ERROR;
-                $value = PHPExcel_Reader_Excel5_ErrorCode::lookup(ord($recordData{8}));
-            } elseif ((ord($recordData{6}) == 3)
-                && (ord($recordData{12}) == 255)
-                && (ord($recordData{13}) == 255)) {
+                $value = PHPExcel_Reader_Excel5_ErrorCode::lookup(ord($recordData[8]));
+            } elseif ((ord($recordData[6]) == 3)
+                && (ord($recordData[12]) == 255)
+                && (ord($recordData[13]) == 255)) {
                 // Formula result is a null string
                 $dataType = PHPExcel_Cell_DataType::TYPE_NULL;
                 $value = '';
@@ -3996,7 +3996,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
         // offset: 6, size: 1; not used
 
         // offset: 7, size: 1; number of existing FORMULA records for this shared formula
-        $no = ord($recordData{7});
+        $no = ord($recordData[7]);
 
         // offset: 8, size: var; Binary token array of the shared formula
         $formula = substr($recordData, 8);
@@ -4062,10 +4062,10 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
             $xfIndex = self::getInt2d($recordData, 4);
 
             // offset: 6; size: 1; the boolean value or error value
-            $boolErr = ord($recordData{6});
+            $boolErr = ord($recordData[6]);
 
             // offset: 7; size: 1; 0=boolean; 1=error
-            $isError = ord($recordData{7});
+            $isError = ord($recordData[7]);
 
             $cell = $this->phpSheet->getCell($columnString . ($row + 1));
             switch ($isError) {
@@ -4447,7 +4447,7 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
 
         if (!$this->readDataOnly) {
             // offset: 0; size: 1; pane identifier
-            $paneId = ord($recordData{0});
+            $paneId = ord($recordData[0]);
 
             // offset: 1; size: 2; index to row of the active cell
             $r = self::getInt2d($recordData, 1);
@@ -4598,9 +4598,9 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
                 $hyperlinkType = 'UNC';
             } elseif (!$isFileLinkOrUrl) {
                 $hyperlinkType = 'workbook';
-            } elseif (ord($recordData{$offset}) == 0x03) {
+            } elseif (ord($recordData[$offset]) == 0x03) {
                 $hyperlinkType = 'local';
-            } elseif (ord($recordData{$offset}) == 0xE0) {
+            } elseif (ord($recordData[$offset]) == 0xE0) {
                 $hyperlinkType = 'URL';
             }
 
@@ -6886,10 +6886,10 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
         $lr = self::getInt2d($subData, 2) + 1;
 
         // offset: 4; size: 1; index to first column
-        $fc = ord($subData{4});
+        $fc = ord($subData[4]);
 
         // offset: 5; size: 1; index to last column
-        $lc = ord($subData{5});
+        $lc = ord($subData[5]);
 
         // check values
         if ($fr > $lr || $fc > $lc) {
@@ -7294,13 +7294,13 @@ class PHPExcel_Reader_Excel5 extends PHPExcel_Reader_Abstract implements PHPExce
     private static function readRGB($rgb)
     {
         // offset: 0; size 1; Red component
-        $r = ord($rgb{0});
+        $r = ord($rgb[0]);
 
         // offset: 1; size: 1; Green component
-        $g = ord($rgb{1});
+        $g = ord($rgb[1]);
 
         // offset: 2; size: 1; Blue component
-        $b = ord($rgb{2});
+        $b = ord($rgb[2]);
 
         // HEX notation, e.g. 'FF00FC'
         $rgb = sprintf('%02X%02X%02X', $r, $g, $b);
diff --git a/lib/PHPExcel/Reader/SYLK.php b/lib/PHPExcel/Reader/SYLK.php
index eb7ef1afb..e232be65e 100644
--- a/lib/PHPExcel/Reader/SYLK.php
+++ b/lib/PHPExcel/Reader/SYLK.php
@@ -161,7 +161,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
             if ($dataType == 'C') {
                 //  Read cell value data
                 foreach ($rowData as $rowDatum) {
-                    switch ($rowDatum{0}) {
+                    switch ($rowDatum[0]) {
                         case 'C':
                         case 'X':
                             $columnIndex = substr($rowDatum, 1) - 1;
@@ -249,7 +249,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
             if ($dataType == 'P') {
                 $formatArray = array();
                 foreach ($rowData as $rowDatum) {
-                    switch ($rowDatum{0}) {
+                    switch ($rowDatum[0]) {
                         case 'P':
                             $formatArray['numberformat']['code'] = str_replace($fromFormats, $toFormats, substr($rowDatum, 1));
                             break;
@@ -263,7 +263,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                         case 'S':
                             $styleSettings = substr($rowDatum, 1);
                             for ($i=0; $i<strlen($styleSettings); ++$i) {
-                                switch ($styleSettings{$i}) {
+                                switch ($styleSettings[$i]) {
                                     case 'I':
                                         $formatArray['font']['italic'] = true;
                                         break;
@@ -293,7 +293,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                 $hasCalculatedValue = false;
                 $cellData = $cellDataFormula = '';
                 foreach ($rowData as $rowDatum) {
-                    switch ($rowDatum{0}) {
+                    switch ($rowDatum[0]) {
                         case 'C':
                         case 'X':
                             $column = substr($rowDatum, 1);
@@ -327,7 +327,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                                             $rowReference = $row;
                                         }
                                         //    Bracketed R references are relative to the current row
-                                        if ($rowReference{0} == '[') {
+                                        if ($rowReference[0] == '[') {
                                             $rowReference = $row + trim($rowReference, '[]');
                                         }
                                         $columnReference = $cellReference[4][0];
@@ -336,7 +336,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                                             $columnReference = $column;
                                         }
                                         //    Bracketed C references are relative to the current column
-                                        if ($columnReference{0} == '[') {
+                                        if ($columnReference[0] == '[') {
                                             $columnReference = $column + trim($columnReference, '[]');
                                         }
                                         $A1CellReference = PHPExcel_Cell::stringFromColumnIndex($columnReference-1).$rowReference;
@@ -366,7 +366,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                 $formatStyle = $columnWidth = $styleSettings = '';
                 $styleData = array();
                 foreach ($rowData as $rowDatum) {
-                    switch ($rowDatum{0}) {
+                    switch ($rowDatum[0]) {
                         case 'C':
                         case 'X':
                             $column = substr($rowDatum, 1);
@@ -384,7 +384,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                         case 'S':
                             $styleSettings = substr($rowDatum, 1);
                             for ($i=0; $i<strlen($styleSettings); ++$i) {
-                                switch ($styleSettings{$i}) {
+                                switch ($styleSettings[$i]) {
                                     case 'I':
                                         $styleData['font']['italic'] = true;
                                         break;
@@ -433,7 +433,7 @@ class PHPExcel_Reader_SYLK extends PHPExcel_Reader_Abstract implements PHPExcel_
                 }
             } else {
                 foreach ($rowData as $rowDatum) {
-                    switch ($rowDatum{0}) {
+                    switch ($rowDatum[0]) {
                         case 'C':
                         case 'X':
                             $column = substr($rowDatum, 1);
diff --git a/lib/PHPExcel/ReferenceHelper.php b/lib/PHPExcel/ReferenceHelper.php
index 7d7de93be..bdede7733 100644
--- a/lib/PHPExcel/ReferenceHelper.php
+++ b/lib/PHPExcel/ReferenceHelper.php
@@ -881,8 +881,8 @@ class PHPExcel_ReferenceHelper
             list($newColumn, $newRow) = PHPExcel_Cell::coordinateFromString($pCellReference);
 
             // Verify which parts should be updated
-            $updateColumn = (($newColumn{0} != '$') && ($beforeColumn{0} != '$') && (PHPExcel_Cell::columnIndexFromString($newColumn) >= PHPExcel_Cell::columnIndexFromString($beforeColumn)));
-            $updateRow = (($newRow{0} != '$') && ($beforeRow{0} != '$') && $newRow >= $beforeRow);
+            $updateColumn = (($newColumn[0] != '$') && ($beforeColumn[0] != '$') && (PHPExcel_Cell::columnIndexFromString($newColumn) >= PHPExcel_Cell::columnIndexFromString($beforeColumn)));
+            $updateRow = (($newRow[0] != '$') && ($beforeRow[0] != '$') && $newRow >= $beforeRow);
 
             // Create new column reference
             if ($updateColumn) {
diff --git a/lib/PHPExcel/Shared/OLE.php b/lib/PHPExcel/Shared/OLE.php
index 42a3c529f..1d3532a1f 100644
--- a/lib/PHPExcel/Shared/OLE.php
+++ b/lib/PHPExcel/Shared/OLE.php
@@ -285,7 +285,7 @@ class PHPExcel_Shared_OLE
                     $pps = new PHPExcel_Shared_OLE_PPS_File($name);
                     break;
                 default:
-                    continue;
+                    continue 2;
             }
             fseek($fh, 1, SEEK_CUR);
             $pps->Type    = $type;
@@ -443,7 +443,7 @@ class PHPExcel_Shared_OLE
     {
         $rawname = '';
         for ($i = 0; $i < strlen($ascii); ++$i) {
-            $rawname .= $ascii{$i} . "\x00";
+            $rawname .= $ascii[$i] . "\x00";
         }
         return $rawname;
     }
diff --git a/lib/PHPExcel/Shared/PCLZip/gnu-lgpl.txt b/lib/PHPExcel/Shared/PCLZip/gnu-lgpl.txt
index cbee875ba..b1e3f5a26 100644
--- a/lib/PHPExcel/Shared/PCLZip/gnu-lgpl.txt
+++ b/lib/PHPExcel/Shared/PCLZip/gnu-lgpl.txt
@@ -1,504 +1,504 @@
-		  GNU LESSER GENERAL PUBLIC LICENSE
-		       Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
-     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL.  It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
-  This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it.  You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
-
-  When we speak of free software, we are referring to freedom of use,
-not price.  Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
-  To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights.  These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
-  For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you.  You must make sure that they, too, receive or can get the source
-code.  If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it.  And you must show them these terms so they know their rights.
-
-  We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
-  To protect each distributor, we want to make it very clear that
-there is no warranty for the free library.  Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-
-  Finally, software patents pose a constant threat to the existence of
-any free program.  We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder.  Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
-  Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License.  This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License.  We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
-  When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library.  The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom.  The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
-  We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License.  It also provides other free software developers Less
-of an advantage over competing non-free programs.  These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries.  However, the Lesser license provides advantages in certain
-special circumstances.
-
-  For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard.  To achieve this, non-free programs must be
-allowed to use the library.  A more frequent case is that a free
-library does the same job as widely used non-free libraries.  In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
-  In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software.  For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
-  Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.  Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library".  The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-
-		  GNU LESSER GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
-  A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
-  The "Library", below, refers to any such software library or work
-which has been distributed under these terms.  A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language.  (Hereinafter, translation is
-included without limitation in the term "modification".)
-
-  "Source code" for a work means the preferred form of the work for
-making modifications to it.  For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
-
-  Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it).  Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-  
-  1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
-  You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-
-  2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) The modified work must itself be a software library.
-
-    b) You must cause the files modified to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    c) You must cause the whole of the work to be licensed at no
-    charge to all third parties under the terms of this License.
-
-    d) If a facility in the modified Library refers to a function or a
-    table of data to be supplied by an application program that uses
-    the facility, other than as an argument passed when the facility
-    is invoked, then you must make a good faith effort to ensure that,
-    in the event an application does not supply such function or
-    table, the facility still operates, and performs whatever part of
-    its purpose remains meaningful.
-
-    (For example, a function in a library to compute square roots has
-    a purpose that is entirely well-defined independent of the
-    application.  Therefore, Subsection 2d requires that any
-    application-supplied function or table used by this function must
-    be optional: if the application does not supply it, the square
-    root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library.  To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License.  (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.)  Do not make any other change in
-these notices.
-
-  Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
-  This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
-  4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
-  If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library".  Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
-  However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library".  The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
-  When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library.  The
-threshold for this to be true is not precisely defined by law.
-
-  If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work.  (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
-  Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-
-  6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
-  You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License.  You must supply a copy of this License.  If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License.  Also, you must do one
-of these things:
-
-    a) Accompany the work with the complete corresponding
-    machine-readable source code for the Library including whatever
-    changes were used in the work (which must be distributed under
-    Sections 1 and 2 above); and, if the work is an executable linked
-    with the Library, with the complete machine-readable "work that
-    uses the Library", as object code and/or source code, so that the
-    user can modify the Library and then relink to produce a modified
-    executable containing the modified Library.  (It is understood
-    that the user who changes the contents of definitions files in the
-    Library will not necessarily be able to recompile the application
-    to use the modified definitions.)
-
-    b) Use a suitable shared library mechanism for linking with the
-    Library.  A suitable mechanism is one that (1) uses at run time a
-    copy of the library already present on the user's computer system,
-    rather than copying library functions into the executable, and (2)
-    will operate properly with a modified version of the library, if
-    the user installs one, as long as the modified version is
-    interface-compatible with the version that the work was made with.
-
-    c) Accompany the work with a written offer, valid for at
-    least three years, to give the same user the materials
-    specified in Subsection 6a, above, for a charge no more
-    than the cost of performing this distribution.
-
-    d) If distribution of the work is made by offering access to copy
-    from a designated place, offer equivalent access to copy the above
-    specified materials from the same place.
-
-    e) Verify that the user has already received a copy of these
-    materials or that you have already sent this user a copy.
-
-  For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it.  However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
-  It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system.  Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-
-  7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
-    a) Accompany the combined library with a copy of the same work
-    based on the Library, uncombined with any other library
-    facilities.  This must be distributed under the terms of the
-    Sections above.
-
-    b) Give prominent notice with the combined library of the fact
-    that part of it is a work based on the Library, and explaining
-    where to find the accompanying uncombined form of the same work.
-
-  8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License.  Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License.  However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
-  9. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Library or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
-  10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-
-  11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded.  In such case, this License incorporates the limitation as if
-written in the body of this License.
-
-  13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation.  If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-
-  14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission.  For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this.  Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
-			    NO WARRANTY
-
-  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-           How to Apply These Terms to Your New Libraries
-
-  If you develop a new library, and you want it to be of the greatest
-possible use to the public, we recommend making it free software that
-everyone can redistribute and change.  You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms of the
-ordinary General Public License).
-
-  To apply these terms, attach the following notices to the library.  It is
-safest to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the library's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This library is free software; you can redistribute it and/or
-    modify it under the terms of the GNU Lesser General Public
-    License as published by the Free Software Foundation; either
-    version 2.1 of the License, or (at your option) any later version.
-
-    This library is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the
-  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
-
-  <signature of Ty Coon>, 1 April 1990
-  Ty Coon, President of Vice
-
-That's all there is to it!
-
-
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+           How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.  It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2.1 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
+
+
diff --git a/lib/PHPExcel/Shared/PCLZip/readme.txt b/lib/PHPExcel/Shared/PCLZip/readme.txt
index 6ed883947..d1b11e258 100644
--- a/lib/PHPExcel/Shared/PCLZip/readme.txt
+++ b/lib/PHPExcel/Shared/PCLZip/readme.txt
@@ -1,421 +1,421 @@
-// --------------------------------------------------------------------------------
-// PclZip 2.8.2 - readme.txt
-// --------------------------------------------------------------------------------
-// License GNU/LGPL - August 2009
-// Vincent Blavet - vincent@phpconcept.net
-// http://www.phpconcept.net
-// --------------------------------------------------------------------------------
-// $Id: readme.txt,v 1.60 2009/09/30 20:35:21 vblavet Exp $
-// --------------------------------------------------------------------------------
-
-
-
-0 - Sommaire
-============
-    1 - Introduction
-    2 - What's new
-    3 - Corrected bugs
-    4 - Known bugs or limitations
-    5 - License
-    6 - Warning
-    7 - Documentation
-    8 - Author
-    9 - Contribute
-
-1 - Introduction
-================
-
-  PclZip is a library that allow you to manage a Zip archive.
-
-  Full documentation about PclZip can be found here : http://www.phpconcept.net/pclzip
-
-2 - What's new
-==============
-
-  Version 2.8.2 :
-    - PCLZIP_CB_PRE_EXTRACT and PCLZIP_CB_POST_EXTRACT are now supported with 
-      extraction as a string (PCLZIP_OPT_EXTRACT_AS_STRING). The string
-      can also be modified in the post-extract call back.
-    **Bugs correction :
-    - PCLZIP_OPT_REMOVE_ALL_PATH was not working correctly    
-    - Remove use of eval() and do direct call to callback functions
-    - Correct support of 64bits systems (Thanks to WordPress team)
-
-  Version 2.8.1 :
-    - Move option PCLZIP_OPT_BY_EREG to PCLZIP_OPT_BY_PREG because ereg() is
-      deprecated in PHP 5.3. When using option PCLZIP_OPT_BY_EREG, PclZip will
-      automatically replace it by PCLZIP_OPT_BY_PREG.
-  
-  Version 2.8 :
-    - Improve extraction of zip archive for large files by using temporary files
-      This feature is working like the one defined in r2.7.
-      Options are renamed : PCLZIP_OPT_TEMP_FILE_ON, PCLZIP_OPT_TEMP_FILE_OFF,
-      PCLZIP_OPT_TEMP_FILE_THRESHOLD
-    - Add a ratio constant PCLZIP_TEMPORARY_FILE_RATIO to configure the auto
-      sense of temporary file use.
-    - Bug correction : Reduce filepath in returned file list to remove ennoying
-      './/' preambule in file path.
-
-  Version 2.7 :
-    - Improve creation of zip archive for large files :
-      PclZip will now autosense the configured memory and use temporary files
-      when large file is suspected.
-      This feature can also ne triggered by manual options in create() and add()
-      methods. 'PCLZIP_OPT_ADD_TEMP_FILE_ON' force the use of temporary files,
-      'PCLZIP_OPT_ADD_TEMP_FILE_OFF' disable the autosense technic, 
-      'PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD' allow for configuration of a size
-      threshold to use temporary files.
-      Using "temporary files" rather than "memory" might take more time, but
-      might give the ability to zip very large files :
-      Tested on my win laptop with a 88Mo file :
-        Zip "in-memory" : 18sec (max_execution_time=30, memory_limit=180Mo)
-        Zip "tmporary-files" : 23sec (max_execution_time=30, memory_limit=30Mo)
-    - Replace use of mktime() by time() to limit the E_STRICT error messages.
-    - Bug correction : When adding files with full windows path (drive letter)
-      PclZip is now working. Before, if the drive letter is not the default
-      path, PclZip was not able to add the file.
-
-  Version 2.6 :
-    - Code optimisation
-    - New attributes PCLZIP_ATT_FILE_COMMENT gives the ability to
-      add a comment for a specific file. (Don't really know if this is usefull)
-    - New attribute PCLZIP_ATT_FILE_CONTENT gives the ability to add a string 
-      as a file.
-    - New attribute PCLZIP_ATT_FILE_MTIME modify the timestamp associated with
-      a file.
-    - Correct a bug. Files archived with a timestamp with 0h0m0s were extracted
-      with current time
-    - Add CRC value in the informations returned back for each file after an
-      action.
-    - Add missing closedir() statement.
-    - When adding a folder, and removing the path of this folder, files were
-      incorrectly added with a '/' at the beginning. Which means files are 
-      related to root in unix systems. Corrected.
-    - Add conditional if before constant definition. This will allow users
-      to redefine constants without changing the file, and then improve
-      upgrade of pclzip code for new versions.
-  
-  Version 2.5 :
-    - Introduce the ability to add file/folder with individual properties (file descriptor).
-      This gives for example the ability to change the filename of a zipped file.
-      . Able to add files individually
-      . Able to change full name
-      . Able to change short name
-      . Compatible with global options
-    - New attributes : PCLZIP_ATT_FILE_NAME, PCLZIP_ATT_FILE_NEW_SHORT_NAME, PCLZIP_ATT_FILE_NEW_FULL_NAME
-    - New error code : PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE
-    - Add a security control feature. PclZip can extract any file in any folder
-      of a system. People may use this to upload a zip file and try to override
-      a system file. The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION will give the
-      ability to forgive any directory transversal behavior.
-    - New PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : check extraction path
-    - New error code : PCLZIP_ERR_DIRECTORY_RESTRICTION
-    - Modification in PclZipUtilPathInclusion() : dir and path beginning with ./ will be prepend
-      by current path (getcwd())
-  
-  Version 2.4 :
-    - Code improvment : try to speed up the code by removing unusefull call to pack()
-    - Correct bug in delete() : delete() should be called with no argument. This was not
-      the case in 2.3. This is corrected in 2.4.
-    - Correct a bug in path_inclusion function. When the path has several '../../', the
-      result was bad.
-    - Add a check for magic_quotes_runtime configuration. If enabled, PclZip will 
-      disable it while working and det it back to its original value.
-      This resolve a lots of bad formated archive errors.
-    - Bug correction : PclZip now correctly unzip file in some specific situation,
-      when compressed content has same size as uncompressed content.
-    - Bug correction : When selecting option 'PCLZIP_OPT_REMOVE_ALL_PATH', 
-      directories are not any more created.
-    - Code improvment : correct unclosed opendir(), better handling of . and .. in
-      loops.
-
-
-  Version 2.3 :
-    - Correct a bug with PHP5 : affecting the value 0xFE49FFE0 to a variable does not
-      give the same result in PHP4 and PHP5 ....
-
-  Version 2.2 :
-    - Try development of PCLZIP_OPT_CRYPT .....
-      However this becomes to a stop. To crypt/decrypt I need to multiply 2 long integers,
-      the result (greater than a long) is not supported by PHP. Even the use of bcmath
-      functions does not help. I did not find yet a solution ...;
-    - Add missing '/' at end of directory entries
-    - Check is a file is encrypted or not. Returns status 'unsupported_encryption' and/or
-      error code PCLZIP_ERR_UNSUPPORTED_ENCRYPTION.
-    - Corrected : Bad "version need to extract" field in local file header
-    - Add private method privCheckFileHeaders() in order to check local and central
-      file headers. PclZip is now supporting purpose bit flag bit 3. Purpose bit flag bit 3 gives
-      the ability to have a local file header without size, compressed size and crc filled.
-    - Add a generic status 'error' for file status
-    - Add control of compression type. PclZip only support deflate compression method.
-      Before v2.2, PclZip does not check the compression method used in an archive while
-      extracting. With v2.2 PclZip returns a new error status for a file using an unsupported
-      compression method. New status is "unsupported_compression". New error code is
-      PCLZIP_ERR_UNSUPPORTED_COMPRESSION.
-    - Add optional attribute PCLZIP_OPT_STOP_ON_ERROR. This will stop the extract of files
-      when errors like 'a folder with same name exists' or 'a newer file exists' or
-      'a write protected file' exists, rather than set a status for the concerning file
-      and resume the extract of the zip.
-    - Add optional attribute PCLZIP_OPT_REPLACE_NEWER. This will force, during an extract' the
-      replacement of the file, even if a  newer version of the file exists.
-      Note that today if a file with the same name already exists but is older it will be
-      replaced by the extracted one.
-    - Improve PclZipUtilOption()
-    - Support of zip archive with trailing bytes. Before 2.2, PclZip checks that the central
-      directory structure is the last data in the archive. Crypt encryption/decryption of
-      zip archive put trailing 0 bytes after decryption. PclZip is now supporting this.
-
-  Version 2.1 :
-    - Add the ability to abort the extraction by using a user callback function.
-      The user can now return the value '2' in its callback which indicates to stop the
-      extraction. For a pre call-back extract is stopped before the extration of the current
-      file. For a post call back, the extraction is stopped after.
-    - Add the ability to extract a file (or several files) directly in the standard output.
-      This is done by the new parameter PCLZIP_OPT_EXTRACT_IN_OUTPUT with method extract().
-    - Add support for parameters PCLZIP_OPT_COMMENT, PCLZIP_OPT_ADD_COMMENT,
-      PCLZIP_OPT_PREPEND_COMMENT. This will create, replace, add, or prepend comments
-      in the zip archive.
-    - When merging two archives, the comments are not any more lost, but merged, with a 
-      blank space separator.
-    - Corrected bug : Files are not deleted when all files are asked to be deleted.
-    - Corrected bug : Folders with name '0' made PclZip to abort the create or add feature.
-
-
-  Version 2.0 :
-    ***** Warning : Some new features may break the backward compatibility for your scripts.
-                    Please carefully read the readme file.
-    - Add the ability to delete by Index, name and regular expression. This feature is 
-      performed by the method delete(), which uses the optional parameters
-      PCLZIP_OPT_BY_INDEX, PCLZIP_OPT_BY_NAME, PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG.
-    - Add the ability to extract by regular expression. To extract by regexp you must use the method
-      extract(), with the option PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG 
-      (depending if you want to use ereg() or preg_match() syntax) followed by the 
-      regular expression pattern.
-    - Add the ability to extract by index, directly with the extract() method. This is a
-      code improvment of the extractByIndex() method.
-    - Add the ability to extract by name. To extract by name you must use the method
-      extract(), with the option PCLZIP_OPT_BY_NAME followed by the filename to
-      extract or an array of filenames to extract. To extract all a folder, use the folder
-      name rather than the filename with a '/' at the end.
-    - Add the ability to add files without compression. This is done with a new attribute
-      which is PCLZIP_OPT_NO_COMPRESSION.
-    - Add the attribute PCLZIP_OPT_EXTRACT_AS_STRING, which allow to extract a file directly
-      in a string without using any file (or temporary file).
-    - Add constant PCLZIP_SEPARATOR for static configuration of filename separators in a single string.
-      The default separator is now a comma (,) and not any more a blank space.
-      THIS BREAK THE BACKWARD COMPATIBILITY : Please check if this may have an impact with
-      your script.
-    - Improve algorythm performance by removing the use of temporary files when adding or 
-      extracting files in an archive.
-    - Add (correct) detection of empty filename zipping. This can occurs when the removed
-      path is the same
-      as a zipped dir. The dir is not zipped (['status'] = filtered), only its content.
-    - Add better support for windows paths (thanks for help from manus@manusfreedom.com).
-    - Corrected bug : When the archive file already exists with size=0, the add() method
-      fails. Corrected in 2.0.
-    - Remove the use of OS_WINDOWS constant. Use php_uname() function rather.
-    - Control the order of index ranges in extract by index feature.
-    - Change the internal management of folders (better handling of internal flag).
-
-
-  Version 1.3 :
-    - Removing the double include check. This is now done by include_once() and require_once()
-      PHP directives.
-    - Changing the error handling mecanism : Remove the use of an external error library.
-      The former PclError...() functions are replaced by internal equivalent methods.
-      By changing the environment variable PCLZIP_ERROR_EXTERNAL you can still use the former library.
-      Introducing the use of constants for error codes rather than integer values. This will help
-      in futur improvment.
-      Introduction of error handling functions like errorCode(), errorName() and errorInfo().
-    - Remove the deprecated use of calling function with arguments passed by reference.
-    - Add the calling of extract(), extractByIndex(), create() and add() functions
-      with variable options rather than fixed arguments.
-    - Add the ability to remove all the file path while extracting or adding,
-      without any need to specify the path to remove.
-      This is available for extract(), extractByIndex(), create() and add() functionS by using
-      the new variable options parameters :
-      - PCLZIP_OPT_REMOVE_ALL_PATH : by indicating this option while calling the fct.
-    - Ability to change the mode of a file after the extraction (chmod()).
-      This is available for extract() and extractByIndex() functionS by using
-      the new variable options parameters.
-      - PCLZIP_OPT_SET_CHMOD : by setting the value of this option.
-    - Ability to definition call-back options. These call-back will be called during the adding,
-      or the extracting of file (extract(), extractByIndex(), create() and add() functions) :
-      - PCLZIP_CB_PRE_EXTRACT : will be called before each extraction of a file. The user
-        can trigerred the change the filename of the extracted file. The user can triggered the
-        skip of the extraction. This is adding a 'skipped' status in the file list result value.
-      - PCLZIP_CB_POST_EXTRACT : will be called after each extraction of a file.
-        Nothing can be triggered from that point.
-      - PCLZIP_CB_PRE_ADD : will be called before each add of a file. The user
-        can trigerred the change the stored filename of the added file. The user can triggered the
-        skip of the add. This is adding a 'skipped' status in the file list result value.
-      - PCLZIP_CB_POST_ADD : will be called after each add of a file.
-        Nothing can be triggered from that point.
-    - Two status are added in the file list returned as function result : skipped & filename_too_long
-      'skipped' is used when a call-back function ask for skipping the file.
-      'filename_too_long' is used while adding a file with a too long filename to archive (the file is
-      not added)
-    - Adding the function PclZipUtilPathInclusion(), that check the inclusion of a path into
-      a directory.
-    - Add a check of the presence of the archive file before some actions (like list, ...)
-    - Add the initialisation of field "index" in header array. This means that by
-      default index will be -1 when not explicitly set by the methods.
-
-  Version 1.2 :
-    - Adding a duplicate function.
-    - Adding a merge function. The merge function is a "quick merge" function,
-      it just append the content of an archive at the end of the first one. There
-      is no check for duplicate files or more recent files.
-    - Improve the search of the central directory end.
-
-  Version 1.1.2 :
-
-    - Changing the license of PclZip. PclZip is now released under the GNU / LGPL license
-      (see License section).
-    - Adding the optional support of a static temporary directory. You will need to configure
-      the constant PCLZIP_TEMPORARY_DIR if you want to use this feature.
-    - Improving the rename() function. In some cases rename() does not work (different
-      Filesystems), so it will be replaced by a copy() + unlink() functions.
-
-  Version 1.1.1 :
-
-    - Maintenance release, no new feature.
-
-  Version 1.1 :
-
-    - New method Add() : adding files in the archive
-    - New method ExtractByIndex() : partial extract of the archive, files are identified by
-      their index in the archive
-    - New method DeleteByIndex() : delete some files/folder entries from the archive,
-      files are identified by their index in the archive.
-    - Adding a test of the zlib extension presence. If not present abort the script.
-
-  Version 1.0.1 :
-
-    - No new feature
-
-
-3 - Corrected bugs
-==================
-
-  Corrected in Version 2.0 :
-    - Corrected : During an extraction, if a call-back fucntion is used and try to skip
-                  a file, all the extraction process is stopped. 
-
-  Corrected in Version 1.3 :
-    - Corrected : Support of static synopsis for method extract() is broken.
-    - Corrected : invalid size of archive content field (0xFF) should be (0xFFFF).
-    - Corrected : When an extract is done with a remove_path parameter, the entry for
-      the directory with exactly the same path is not skipped/filtered.
-    - Corrected : extractByIndex() and deleteByIndex() were not managing index in the
-      right way. For example indexes '1,3-5,11' will only extract files 1 and 11. This
-      is due to a sort of the index resulting table that puts 11 before 3-5 (sort on
-      string and not interger). The sort is temporarilly removed, this means that
-      you must provide a sorted list of index ranges.
-
-  Corrected in Version 1.2 :
-
-    - Nothing.
-
-  Corrected in Version 1.1.2 :
-
-    - Corrected : Winzip is unable to delete or add new files in a PclZip created archives.
-
-  Corrected in Version 1.1.1 :
-
-    - Corrected : When archived file is not compressed (0% compression), the
-      extract method fails.
-
-  Corrected in Version 1.1 :
-
-    - Corrected : Adding a complete tree of folder may result in a bad archive
-      creation.
-
-  Corrected in Version 1.0.1 :
-
-    - Corrected : Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024).
-
-
-4 - Known bugs or limitations
-=============================
-
-  Please publish bugs reports in SourceForge :
-    http://sourceforge.net/tracker/?group_id=40254&atid=427564
-
-  In Version 2.x :
-    - PclZip does only support file uncompressed or compressed with deflate (compression method 8)
-    - PclZip does not support password protected zip archive
-    - Some concern were seen when changing mtime of a file while archiving. 
-      Seems to be linked to Daylight Saving Time (PclTest_changing_mtime).
-
-  In Version 1.2 :
-
-    - merge() methods does not check for duplicate files or last date of modifications.
-
-  In Version 1.1 :
-
-    - Limitation : Using 'extract' fields in the file header in the zip archive is not supported.
-    - WinZip is unable to delete a single file in a PclZip created archive. It is also unable to
-      add a file in a PclZip created archive. (Corrected in v.1.2)
-
-  In Version 1.0.1 :
-
-    - Adding a complete tree of folder may result in a bad archive
-      creation. (Corrected in V.1.1).
-    - Path given to methods must be in the unix format (/) and not the Windows format (\).
-      Workaround : Use only / directory separators.
-    - PclZip is using temporary files that are sometime the name of the file with a .tmp or .gz
-      added suffix. Files with these names may already exist and may be overwritten.
-      Workaround : none.
-    - PclZip does not check if the zlib extension is present. If it is absent, the zip
-      file is not created and the lib abort without warning.
-      Workaround : enable the zlib extension on the php install
-
-  In Version 1.0 :
-
-    - Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024).
-      (Corrected in v.1.0.1)
-    - Limitation : Multi-disk zip archive are not supported.
-
-
-5 - License
-===========
-
-  Since version 1.1.2, PclZip Library is released under GNU/LGPL license.
-  This library is free, so you can use it at no cost.
-
-  HOWEVER, if you release a script, an application, a library or any kind of
-  code using PclZip library (or a part of it), YOU MUST :
-  - Indicate in the documentation (or a readme file), that your work
-    uses PclZip Library, and make a reference to the author and the web site
-    http://www.phpconcept.net
-  - Gives the ability to the final user to update the PclZip libary.
-
-  I will also appreciate that you send me a mail (vincent@phpconcept.net), just to
-  be aware that someone is using PclZip.
-
-  For more information about GNU/LGPL license : http://www.gnu.org
-
-6 - Warning
-=================
-
-  This library and the associated files are non commercial, non professional work.
-  It should not have unexpected results. However if any damage is caused by this software
-  the author can not be responsible.
-  The use of this software is at the risk of the user.
-
-7 - Documentation
-=================
-  PclZip User Manuel is available in English on PhpConcept : http://www.phpconcept.net/pclzip/man/en/index.php
-  A Russian translation was done by Feskov Kuzma : http://php.russofile.ru/ru/authors/unsort/zip/
-
-8 - Author
-==========
-
-  This software was written by Vincent Blavet (vincent@phpconcept.net) on its leasure time.
-
-9 - Contribute
-==============
-  If you want to contribute to the development of PclZip, please contact vincent@phpconcept.net.
-  If you can help in financing PhpConcept hosting service, please go to
-  http://www.phpconcept.net/soutien.php
+// --------------------------------------------------------------------------------
+// PclZip 2.8.2 - readme.txt
+// --------------------------------------------------------------------------------
+// License GNU/LGPL - August 2009
+// Vincent Blavet - vincent@phpconcept.net
+// http://www.phpconcept.net
+// --------------------------------------------------------------------------------
+// $Id: readme.txt,v 1.60 2009/09/30 20:35:21 vblavet Exp $
+// --------------------------------------------------------------------------------
+
+
+
+0 - Sommaire
+============
+    1 - Introduction
+    2 - What's new
+    3 - Corrected bugs
+    4 - Known bugs or limitations
+    5 - License
+    6 - Warning
+    7 - Documentation
+    8 - Author
+    9 - Contribute
+
+1 - Introduction
+================
+
+  PclZip is a library that allow you to manage a Zip archive.
+
+  Full documentation about PclZip can be found here : http://www.phpconcept.net/pclzip
+
+2 - What's new
+==============
+
+  Version 2.8.2 :
+    - PCLZIP_CB_PRE_EXTRACT and PCLZIP_CB_POST_EXTRACT are now supported with 
+      extraction as a string (PCLZIP_OPT_EXTRACT_AS_STRING). The string
+      can also be modified in the post-extract call back.
+    **Bugs correction :
+    - PCLZIP_OPT_REMOVE_ALL_PATH was not working correctly    
+    - Remove use of eval() and do direct call to callback functions
+    - Correct support of 64bits systems (Thanks to WordPress team)
+
+  Version 2.8.1 :
+    - Move option PCLZIP_OPT_BY_EREG to PCLZIP_OPT_BY_PREG because ereg() is
+      deprecated in PHP 5.3. When using option PCLZIP_OPT_BY_EREG, PclZip will
+      automatically replace it by PCLZIP_OPT_BY_PREG.
+  
+  Version 2.8 :
+    - Improve extraction of zip archive for large files by using temporary files
+      This feature is working like the one defined in r2.7.
+      Options are renamed : PCLZIP_OPT_TEMP_FILE_ON, PCLZIP_OPT_TEMP_FILE_OFF,
+      PCLZIP_OPT_TEMP_FILE_THRESHOLD
+    - Add a ratio constant PCLZIP_TEMPORARY_FILE_RATIO to configure the auto
+      sense of temporary file use.
+    - Bug correction : Reduce filepath in returned file list to remove ennoying
+      './/' preambule in file path.
+
+  Version 2.7 :
+    - Improve creation of zip archive for large files :
+      PclZip will now autosense the configured memory and use temporary files
+      when large file is suspected.
+      This feature can also ne triggered by manual options in create() and add()
+      methods. 'PCLZIP_OPT_ADD_TEMP_FILE_ON' force the use of temporary files,
+      'PCLZIP_OPT_ADD_TEMP_FILE_OFF' disable the autosense technic, 
+      'PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD' allow for configuration of a size
+      threshold to use temporary files.
+      Using "temporary files" rather than "memory" might take more time, but
+      might give the ability to zip very large files :
+      Tested on my win laptop with a 88Mo file :
+        Zip "in-memory" : 18sec (max_execution_time=30, memory_limit=180Mo)
+        Zip "tmporary-files" : 23sec (max_execution_time=30, memory_limit=30Mo)
+    - Replace use of mktime() by time() to limit the E_STRICT error messages.
+    - Bug correction : When adding files with full windows path (drive letter)
+      PclZip is now working. Before, if the drive letter is not the default
+      path, PclZip was not able to add the file.
+
+  Version 2.6 :
+    - Code optimisation
+    - New attributes PCLZIP_ATT_FILE_COMMENT gives the ability to
+      add a comment for a specific file. (Don't really know if this is usefull)
+    - New attribute PCLZIP_ATT_FILE_CONTENT gives the ability to add a string 
+      as a file.
+    - New attribute PCLZIP_ATT_FILE_MTIME modify the timestamp associated with
+      a file.
+    - Correct a bug. Files archived with a timestamp with 0h0m0s were extracted
+      with current time
+    - Add CRC value in the informations returned back for each file after an
+      action.
+    - Add missing closedir() statement.
+    - When adding a folder, and removing the path of this folder, files were
+      incorrectly added with a '/' at the beginning. Which means files are 
+      related to root in unix systems. Corrected.
+    - Add conditional if before constant definition. This will allow users
+      to redefine constants without changing the file, and then improve
+      upgrade of pclzip code for new versions.
+  
+  Version 2.5 :
+    - Introduce the ability to add file/folder with individual properties (file descriptor).
+      This gives for example the ability to change the filename of a zipped file.
+      . Able to add files individually
+      . Able to change full name
+      . Able to change short name
+      . Compatible with global options
+    - New attributes : PCLZIP_ATT_FILE_NAME, PCLZIP_ATT_FILE_NEW_SHORT_NAME, PCLZIP_ATT_FILE_NEW_FULL_NAME
+    - New error code : PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE
+    - Add a security control feature. PclZip can extract any file in any folder
+      of a system. People may use this to upload a zip file and try to override
+      a system file. The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION will give the
+      ability to forgive any directory transversal behavior.
+    - New PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : check extraction path
+    - New error code : PCLZIP_ERR_DIRECTORY_RESTRICTION
+    - Modification in PclZipUtilPathInclusion() : dir and path beginning with ./ will be prepend
+      by current path (getcwd())
+  
+  Version 2.4 :
+    - Code improvment : try to speed up the code by removing unusefull call to pack()
+    - Correct bug in delete() : delete() should be called with no argument. This was not
+      the case in 2.3. This is corrected in 2.4.
+    - Correct a bug in path_inclusion function. When the path has several '../../', the
+      result was bad.
+    - Add a check for magic_quotes_runtime configuration. If enabled, PclZip will 
+      disable it while working and det it back to its original value.
+      This resolve a lots of bad formated archive errors.
+    - Bug correction : PclZip now correctly unzip file in some specific situation,
+      when compressed content has same size as uncompressed content.
+    - Bug correction : When selecting option 'PCLZIP_OPT_REMOVE_ALL_PATH', 
+      directories are not any more created.
+    - Code improvment : correct unclosed opendir(), better handling of . and .. in
+      loops.
+
+
+  Version 2.3 :
+    - Correct a bug with PHP5 : affecting the value 0xFE49FFE0 to a variable does not
+      give the same result in PHP4 and PHP5 ....
+
+  Version 2.2 :
+    - Try development of PCLZIP_OPT_CRYPT .....
+      However this becomes to a stop. To crypt/decrypt I need to multiply 2 long integers,
+      the result (greater than a long) is not supported by PHP. Even the use of bcmath
+      functions does not help. I did not find yet a solution ...;
+    - Add missing '/' at end of directory entries
+    - Check is a file is encrypted or not. Returns status 'unsupported_encryption' and/or
+      error code PCLZIP_ERR_UNSUPPORTED_ENCRYPTION.
+    - Corrected : Bad "version need to extract" field in local file header
+    - Add private method privCheckFileHeaders() in order to check local and central
+      file headers. PclZip is now supporting purpose bit flag bit 3. Purpose bit flag bit 3 gives
+      the ability to have a local file header without size, compressed size and crc filled.
+    - Add a generic status 'error' for file status
+    - Add control of compression type. PclZip only support deflate compression method.
+      Before v2.2, PclZip does not check the compression method used in an archive while
+      extracting. With v2.2 PclZip returns a new error status for a file using an unsupported
+      compression method. New status is "unsupported_compression". New error code is
+      PCLZIP_ERR_UNSUPPORTED_COMPRESSION.
+    - Add optional attribute PCLZIP_OPT_STOP_ON_ERROR. This will stop the extract of files
+      when errors like 'a folder with same name exists' or 'a newer file exists' or
+      'a write protected file' exists, rather than set a status for the concerning file
+      and resume the extract of the zip.
+    - Add optional attribute PCLZIP_OPT_REPLACE_NEWER. This will force, during an extract' the
+      replacement of the file, even if a  newer version of the file exists.
+      Note that today if a file with the same name already exists but is older it will be
+      replaced by the extracted one.
+    - Improve PclZipUtilOption()
+    - Support of zip archive with trailing bytes. Before 2.2, PclZip checks that the central
+      directory structure is the last data in the archive. Crypt encryption/decryption of
+      zip archive put trailing 0 bytes after decryption. PclZip is now supporting this.
+
+  Version 2.1 :
+    - Add the ability to abort the extraction by using a user callback function.
+      The user can now return the value '2' in its callback which indicates to stop the
+      extraction. For a pre call-back extract is stopped before the extration of the current
+      file. For a post call back, the extraction is stopped after.
+    - Add the ability to extract a file (or several files) directly in the standard output.
+      This is done by the new parameter PCLZIP_OPT_EXTRACT_IN_OUTPUT with method extract().
+    - Add support for parameters PCLZIP_OPT_COMMENT, PCLZIP_OPT_ADD_COMMENT,
+      PCLZIP_OPT_PREPEND_COMMENT. This will create, replace, add, or prepend comments
+      in the zip archive.
+    - When merging two archives, the comments are not any more lost, but merged, with a 
+      blank space separator.
+    - Corrected bug : Files are not deleted when all files are asked to be deleted.
+    - Corrected bug : Folders with name '0' made PclZip to abort the create or add feature.
+
+
+  Version 2.0 :
+    ***** Warning : Some new features may break the backward compatibility for your scripts.
+                    Please carefully read the readme file.
+    - Add the ability to delete by Index, name and regular expression. This feature is 
+      performed by the method delete(), which uses the optional parameters
+      PCLZIP_OPT_BY_INDEX, PCLZIP_OPT_BY_NAME, PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG.
+    - Add the ability to extract by regular expression. To extract by regexp you must use the method
+      extract(), with the option PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG 
+      (depending if you want to use ereg() or preg_match() syntax) followed by the 
+      regular expression pattern.
+    - Add the ability to extract by index, directly with the extract() method. This is a
+      code improvment of the extractByIndex() method.
+    - Add the ability to extract by name. To extract by name you must use the method
+      extract(), with the option PCLZIP_OPT_BY_NAME followed by the filename to
+      extract or an array of filenames to extract. To extract all a folder, use the folder
+      name rather than the filename with a '/' at the end.
+    - Add the ability to add files without compression. This is done with a new attribute
+      which is PCLZIP_OPT_NO_COMPRESSION.
+    - Add the attribute PCLZIP_OPT_EXTRACT_AS_STRING, which allow to extract a file directly
+      in a string without using any file (or temporary file).
+    - Add constant PCLZIP_SEPARATOR for static configuration of filename separators in a single string.
+      The default separator is now a comma (,) and not any more a blank space.
+      THIS BREAK THE BACKWARD COMPATIBILITY : Please check if this may have an impact with
+      your script.
+    - Improve algorythm performance by removing the use of temporary files when adding or 
+      extracting files in an archive.
+    - Add (correct) detection of empty filename zipping. This can occurs when the removed
+      path is the same
+      as a zipped dir. The dir is not zipped (['status'] = filtered), only its content.
+    - Add better support for windows paths (thanks for help from manus@manusfreedom.com).
+    - Corrected bug : When the archive file already exists with size=0, the add() method
+      fails. Corrected in 2.0.
+    - Remove the use of OS_WINDOWS constant. Use php_uname() function rather.
+    - Control the order of index ranges in extract by index feature.
+    - Change the internal management of folders (better handling of internal flag).
+
+
+  Version 1.3 :
+    - Removing the double include check. This is now done by include_once() and require_once()
+      PHP directives.
+    - Changing the error handling mecanism : Remove the use of an external error library.
+      The former PclError...() functions are replaced by internal equivalent methods.
+      By changing the environment variable PCLZIP_ERROR_EXTERNAL you can still use the former library.
+      Introducing the use of constants for error codes rather than integer values. This will help
+      in futur improvment.
+      Introduction of error handling functions like errorCode(), errorName() and errorInfo().
+    - Remove the deprecated use of calling function with arguments passed by reference.
+    - Add the calling of extract(), extractByIndex(), create() and add() functions
+      with variable options rather than fixed arguments.
+    - Add the ability to remove all the file path while extracting or adding,
+      without any need to specify the path to remove.
+      This is available for extract(), extractByIndex(), create() and add() functionS by using
+      the new variable options parameters :
+      - PCLZIP_OPT_REMOVE_ALL_PATH : by indicating this option while calling the fct.
+    - Ability to change the mode of a file after the extraction (chmod()).
+      This is available for extract() and extractByIndex() functionS by using
+      the new variable options parameters.
+      - PCLZIP_OPT_SET_CHMOD : by setting the value of this option.
+    - Ability to definition call-back options. These call-back will be called during the adding,
+      or the extracting of file (extract(), extractByIndex(), create() and add() functions) :
+      - PCLZIP_CB_PRE_EXTRACT : will be called before each extraction of a file. The user
+        can trigerred the change the filename of the extracted file. The user can triggered the
+        skip of the extraction. This is adding a 'skipped' status in the file list result value.
+      - PCLZIP_CB_POST_EXTRACT : will be called after each extraction of a file.
+        Nothing can be triggered from that point.
+      - PCLZIP_CB_PRE_ADD : will be called before each add of a file. The user
+        can trigerred the change the stored filename of the added file. The user can triggered the
+        skip of the add. This is adding a 'skipped' status in the file list result value.
+      - PCLZIP_CB_POST_ADD : will be called after each add of a file.
+        Nothing can be triggered from that point.
+    - Two status are added in the file list returned as function result : skipped & filename_too_long
+      'skipped' is used when a call-back function ask for skipping the file.
+      'filename_too_long' is used while adding a file with a too long filename to archive (the file is
+      not added)
+    - Adding the function PclZipUtilPathInclusion(), that check the inclusion of a path into
+      a directory.
+    - Add a check of the presence of the archive file before some actions (like list, ...)
+    - Add the initialisation of field "index" in header array. This means that by
+      default index will be -1 when not explicitly set by the methods.
+
+  Version 1.2 :
+    - Adding a duplicate function.
+    - Adding a merge function. The merge function is a "quick merge" function,
+      it just append the content of an archive at the end of the first one. There
+      is no check for duplicate files or more recent files.
+    - Improve the search of the central directory end.
+
+  Version 1.1.2 :
+
+    - Changing the license of PclZip. PclZip is now released under the GNU / LGPL license
+      (see License section).
+    - Adding the optional support of a static temporary directory. You will need to configure
+      the constant PCLZIP_TEMPORARY_DIR if you want to use this feature.
+    - Improving the rename() function. In some cases rename() does not work (different
+      Filesystems), so it will be replaced by a copy() + unlink() functions.
+
+  Version 1.1.1 :
+
+    - Maintenance release, no new feature.
+
+  Version 1.1 :
+
+    - New method Add() : adding files in the archive
+    - New method ExtractByIndex() : partial extract of the archive, files are identified by
+      their index in the archive
+    - New method DeleteByIndex() : delete some files/folder entries from the archive,
+      files are identified by their index in the archive.
+    - Adding a test of the zlib extension presence. If not present abort the script.
+
+  Version 1.0.1 :
+
+    - No new feature
+
+
+3 - Corrected bugs
+==================
+
+  Corrected in Version 2.0 :
+    - Corrected : During an extraction, if a call-back fucntion is used and try to skip
+                  a file, all the extraction process is stopped. 
+
+  Corrected in Version 1.3 :
+    - Corrected : Support of static synopsis for method extract() is broken.
+    - Corrected : invalid size of archive content field (0xFF) should be (0xFFFF).
+    - Corrected : When an extract is done with a remove_path parameter, the entry for
+      the directory with exactly the same path is not skipped/filtered.
+    - Corrected : extractByIndex() and deleteByIndex() were not managing index in the
+      right way. For example indexes '1,3-5,11' will only extract files 1 and 11. This
+      is due to a sort of the index resulting table that puts 11 before 3-5 (sort on
+      string and not interger). The sort is temporarilly removed, this means that
+      you must provide a sorted list of index ranges.
+
+  Corrected in Version 1.2 :
+
+    - Nothing.
+
+  Corrected in Version 1.1.2 :
+
+    - Corrected : Winzip is unable to delete or add new files in a PclZip created archives.
+
+  Corrected in Version 1.1.1 :
+
+    - Corrected : When archived file is not compressed (0% compression), the
+      extract method fails.
+
+  Corrected in Version 1.1 :
+
+    - Corrected : Adding a complete tree of folder may result in a bad archive
+      creation.
+
+  Corrected in Version 1.0.1 :
+
+    - Corrected : Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024).
+
+
+4 - Known bugs or limitations
+=============================
+
+  Please publish bugs reports in SourceForge :
+    http://sourceforge.net/tracker/?group_id=40254&atid=427564
+
+  In Version 2.x :
+    - PclZip does only support file uncompressed or compressed with deflate (compression method 8)
+    - PclZip does not support password protected zip archive
+    - Some concern were seen when changing mtime of a file while archiving. 
+      Seems to be linked to Daylight Saving Time (PclTest_changing_mtime).
+
+  In Version 1.2 :
+
+    - merge() methods does not check for duplicate files or last date of modifications.
+
+  In Version 1.1 :
+
+    - Limitation : Using 'extract' fields in the file header in the zip archive is not supported.
+    - WinZip is unable to delete a single file in a PclZip created archive. It is also unable to
+      add a file in a PclZip created archive. (Corrected in v.1.2)
+
+  In Version 1.0.1 :
+
+    - Adding a complete tree of folder may result in a bad archive
+      creation. (Corrected in V.1.1).
+    - Path given to methods must be in the unix format (/) and not the Windows format (\).
+      Workaround : Use only / directory separators.
+    - PclZip is using temporary files that are sometime the name of the file with a .tmp or .gz
+      added suffix. Files with these names may already exist and may be overwritten.
+      Workaround : none.
+    - PclZip does not check if the zlib extension is present. If it is absent, the zip
+      file is not created and the lib abort without warning.
+      Workaround : enable the zlib extension on the php install
+
+  In Version 1.0 :
+
+    - Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024).
+      (Corrected in v.1.0.1)
+    - Limitation : Multi-disk zip archive are not supported.
+
+
+5 - License
+===========
+
+  Since version 1.1.2, PclZip Library is released under GNU/LGPL license.
+  This library is free, so you can use it at no cost.
+
+  HOWEVER, if you release a script, an application, a library or any kind of
+  code using PclZip library (or a part of it), YOU MUST :
+  - Indicate in the documentation (or a readme file), that your work
+    uses PclZip Library, and make a reference to the author and the web site
+    http://www.phpconcept.net
+  - Gives the ability to the final user to update the PclZip libary.
+
+  I will also appreciate that you send me a mail (vincent@phpconcept.net), just to
+  be aware that someone is using PclZip.
+
+  For more information about GNU/LGPL license : http://www.gnu.org
+
+6 - Warning
+=================
+
+  This library and the associated files are non commercial, non professional work.
+  It should not have unexpected results. However if any damage is caused by this software
+  the author can not be responsible.
+  The use of this software is at the risk of the user.
+
+7 - Documentation
+=================
+  PclZip User Manuel is available in English on PhpConcept : http://www.phpconcept.net/pclzip/man/en/index.php
+  A Russian translation was done by Feskov Kuzma : http://php.russofile.ru/ru/authors/unsort/zip/
+
+8 - Author
+==========
+
+  This software was written by Vincent Blavet (vincent@phpconcept.net) on its leasure time.
+
+9 - Contribute
+==============
+  If you want to contribute to the development of PclZip, please contact vincent@phpconcept.net.
+  If you can help in financing PhpConcept hosting service, please go to
+  http://www.phpconcept.net/soutien.php
diff --git a/lib/PHPExcel/Shared/String.php b/lib/PHPExcel/Shared/String.php
index fa1a64e05..10e38d20d 100644
--- a/lib/PHPExcel/Shared/String.php
+++ b/lib/PHPExcel/Shared/String.php
@@ -523,8 +523,8 @@ class PHPExcel_Shared_String
         if (strlen($str) < 2) {
             return $str;
         }
-        $c0 = ord($str{0});
-        $c1 = ord($str{1});
+        $c0 = ord($str[0]);
+        $c1 = ord($str[1]);
         if ($c0 == 0xfe && $c1 == 0xff) {
             $str = substr($str, 2);
         } elseif ($c0 == 0xff && $c1 == 0xfe) {
@@ -535,11 +535,11 @@ class PHPExcel_Shared_String
         $newstr = '';
         for ($i=0; $i<$len; $i+=2) {
             if ($bom_be) {
-                $val = ord($str{$i})   << 4;
-                $val += ord($str{$i+1});
+                $val = ord($str[$i])   << 4;
+                $val += ord($str[$i+1]);
             } else {
-                $val = ord($str{$i+1}) << 4;
-                $val += ord($str{$i});
+                $val = ord($str[$i+1]) << 4;
+                $val += ord($str[$i]);
             }
             $newstr .= ($val == 0x228) ? "\n" : chr($val);
         }
diff --git a/lib/PHPExcel/Shared/ZipStreamWrapper.php b/lib/PHPExcel/Shared/ZipStreamWrapper.php
index 2e0324ce7..c6cbd0dd8 100644
--- a/lib/PHPExcel/Shared/ZipStreamWrapper.php
+++ b/lib/PHPExcel/Shared/ZipStreamWrapper.php
@@ -76,7 +76,7 @@ class PHPExcel_Shared_ZipStreamWrapper
     public function stream_open($path, $mode, $options, &$opened_path)
     {
         // Check for mode
-        if ($mode{0} != 'r') {
+        if ($mode[0] != 'r') {
             throw new PHPExcel_Reader_Exception('Mode ' . $mode . ' is not supported. Only read mode is supported.');
         }
 
diff --git a/lib/PHPExcel/Worksheet/AutoFilter.php b/lib/PHPExcel/Worksheet/AutoFilter.php
index 6ec8a4466..1bc312bda 100644
--- a/lib/PHPExcel/Worksheet/AutoFilter.php
+++ b/lib/PHPExcel/Worksheet/AutoFilter.php
@@ -717,7 +717,7 @@ class PHPExcel_Worksheet_AutoFilter
                             );
                         } else {
                             //    Date based
-                            if ($dynamicRuleType{0} == 'M' || $dynamicRuleType{0} == 'Q') {
+                            if ($dynamicRuleType[0] == 'M' || $dynamicRuleType[0] == 'Q') {
                                 //    Month or Quarter
                                 sscanf($dynamicRuleType, '%[A-Z]%d', $periodType, $period);
                                 if ($periodType == 'M') {
diff --git a/lib/PHPExcel/Writer/Excel5/Parser.php b/lib/PHPExcel/Writer/Excel5/Parser.php
index 0cf1c1d65..781996f46 100644
--- a/lib/PHPExcel/Writer/Excel5/Parser.php
+++ b/lib/PHPExcel/Writer/Excel5/Parser.php
@@ -1020,7 +1020,7 @@ class PHPExcel_Writer_Excel5_Parser
         $col  = 0;
         $col_ref_length = strlen($col_ref);
         for ($i = 0; $i < $col_ref_length; ++$i) {
-            $col += (ord($col_ref{$i}) - 64) * pow(26, $expn);
+            $col += (ord($col_ref[$i]) - 64) * pow(26, $expn);
             --$expn;
         }
 
@@ -1042,28 +1042,28 @@ class PHPExcel_Writer_Excel5_Parser
         $formula_length = strlen($this->formula);
         // eat up white spaces
         if ($i < $formula_length) {
-            while ($this->formula{$i} == " ") {
+            while ($this->formula[$i] == " ") {
                 ++$i;
             }
 
             if ($i < ($formula_length - 1)) {
-                $this->lookAhead = $this->formula{$i+1};
+                $this->lookAhead = $this->formula[$i+1];
             }
             $token = '';
         }
 
         while ($i < $formula_length) {
-            $token .= $this->formula{$i};
+            $token .= $this->formula[$i];
 
             if ($i < ($formula_length - 1)) {
-                $this->lookAhead = $this->formula{$i+1};
+                $this->lookAhead = $this->formula[$i+1];
             } else {
                 $this->lookAhead = '';
             }
 
             if ($this->match($token) != '') {
                 //if ($i < strlen($this->formula) - 1) {
-                //    $this->lookAhead = $this->formula{$i+1};
+                //    $this->lookAhead = $this->formula[$i+1];
                 //}
                 $this->currentCharacter = $i + 1;
                 $this->currentToken = $token;
@@ -1071,7 +1071,7 @@ class PHPExcel_Writer_Excel5_Parser
             }
 
             if ($i < ($formula_length - 2)) {
-                $this->lookAhead = $this->formula{$i+2};
+                $this->lookAhead = $this->formula[$i+2];
             } else { // if we run out of characters lookAhead becomes empty
                 $this->lookAhead = '';
             }
@@ -1172,7 +1172,7 @@ class PHPExcel_Writer_Excel5_Parser
     {
         $this->currentCharacter = 0;
         $this->formula      = $formula;
-        $this->lookAhead    = isset($formula{1}) ? $formula{1} : '';
+        $this->lookAhead    = isset($formula[1]) ? $formula[1] : '';
         $this->advance();
         $this->parseTree   = $this->condition();
         return true;
diff --git a/lib/PHPExcel/Writer/Excel5/Workbook.php b/lib/PHPExcel/Writer/Excel5/Workbook.php
index 8b0684375..5a0cca515 100644
--- a/lib/PHPExcel/Writer/Excel5/Workbook.php
+++ b/lib/PHPExcel/Writer/Excel5/Workbook.php
@@ -664,7 +664,7 @@ class PHPExcel_Writer_Excel5_Workbook extends PHPExcel_Writer_Excel5_BIFFwriter
                     $formulaData = $this->parser->toReversePolish();
 
                     // make sure tRef3d is of type tRef3dR (0x3A)
-                    if (isset($formulaData{0}) and ($formulaData{0} == "\x7A" or $formulaData{0} == "\x5A")) {
+                    if (isset($formulaData[0]) and ($formulaData[0] == "\x7A" or $formulaData[0] == "\x5A")) {
                         $formulaData = "\x3A" . substr($formulaData, 1);
                     }
 
diff --git a/lib/PHPExcel/Writer/Excel5/Worksheet.php b/lib/PHPExcel/Writer/Excel5/Worksheet.php
index be965e23d..5ff0806bc 100644
--- a/lib/PHPExcel/Writer/Excel5/Worksheet.php
+++ b/lib/PHPExcel/Writer/Excel5/Worksheet.php
@@ -876,7 +876,7 @@ class PHPExcel_Writer_Excel5_Worksheet extends PHPExcel_Writer_Excel5_BIFFwriter
         $unknown    = 0x0000;            // Must be zero
 
         // Strip the '=' or '@' sign at the beginning of the formula string
-        if ($formula{0} == '=') {
+        if ($formula[0] == '=') {
             $formula = substr($formula, 1);
         } else {
             // Error handling
diff --git a/lib/PHPExcel/locale/pt/br/functions b/lib/PHPExcel/locale/pt/br/functions
index f3ba3a352..a062a7fad 100644
--- a/lib/PHPExcel/locale/pt/br/functions
+++ b/lib/PHPExcel/locale/pt/br/functions
@@ -1,408 +1,408 @@
-##
-##	Add-in and Automation functions			Funções Suplemento e Automação
-##
-GETPIVOTDATA		= INFODADOSTABELADINÂMICA	##	Retorna os dados armazenados em um relatório de tabela dinâmica
-
-
-##
-##	Cube functions					Funções de Cubo
-##
-CUBEKPIMEMBER		= MEMBROKPICUBO			##	Retorna o nome de um KPI (indicador de desempenho-chave), uma propriedade e uma medida e exibe o nome e a propriedade na célula. Um KPI é uma medida quantificável, como o lucro bruto mensal ou a rotatividade trimestral dos funcionários, usada para monitorar o desempenho de uma organização.
-CUBEMEMBER		= MEMBROCUBO			##	Retorna um membro ou tupla em uma hierarquia de cubo. Use para validar se o membro ou tupla existe no cubo.
-CUBEMEMBERPROPERTY	= PROPRIEDADEMEMBROCUBO		##	Retorna o valor da propriedade de um membro no cubo. Usada para validar a existência do nome do membro no cubo e para retornar a propriedade especificada para esse membro.
-CUBERANKEDMEMBER	= MEMBROCLASSIFICADOCUBO	##	Retorna o enésimo membro, ou o membro ordenado, em um conjunto. Use para retornar um ou mais elementos em um conjunto, assim como o melhor vendedor ou os dez melhores alunos.
-CUBESET			= CONJUNTOCUBO			##	Define um conjunto calculado de membros ou tuplas enviando uma expressão do conjunto para o cubo no servidor, que cria o conjunto e o retorna para o Microsoft Office Excel.
-CUBESETCOUNT		= CONTAGEMCONJUNTOCUBO		##	Retorna o número de itens em um conjunto.
-CUBEVALUE		= VALORCUBO			##	Retorna um valor agregado de um cubo.
-
-
-##
-##	Database functions				Funções de banco de dados
-##
-DAVERAGE		= BDMÉDIA			##	Retorna a média das entradas selecionadas de um banco de dados
-DCOUNT			= BDCONTAR			##	Conta as células que contêm números em um banco de dados
-DCOUNTA			= BDCONTARA			##	Conta células não vazias em um banco de dados
-DGET			= BDEXTRAIR			##	Extrai de um banco de dados um único registro que corresponde a um critério específico
-DMAX			= BDMÁX				##	Retorna o valor máximo de entradas selecionadas de um banco de dados
-DMIN			= BDMÍN				##	Retorna o valor mínimo de entradas selecionadas de um banco de dados
-DPRODUCT		= BDMULTIPL			##	Multiplica os valores em um campo específico de registros que correspondem ao critério em um banco de dados
-DSTDEV			= BDEST				##	Estima o desvio padrão com base em uma amostra de entradas selecionadas de um banco de dados
-DSTDEVP			= BDDESVPA			##	Calcula o desvio padrão com base na população inteira de entradas selecionadas de um banco de dados
-DSUM			= BDSOMA			##	Adiciona os números à coluna de campos de registros do banco de dados que correspondem ao critério
-DVAR			= BDVAREST			##	Estima a variância com base em uma amostra de entradas selecionadas de um banco de dados
-DVARP			= BDVARP			##	Calcula a variância com base na população inteira de entradas selecionadas de um banco de dados
-
-
-##
-##	Date and time functions				Funções de data e hora
-##
-DATE			= DATA				##	Retorna o número de série de uma data específica
-DATEVALUE		= DATA.VALOR			##	Converte uma data na forma de texto para um número de série
-DAY			= DIA				##	Converte um número de série em um dia do mês
-DAYS360			= DIAS360			##	Calcula o número de dias entre duas datas com base em um ano de 360 dias
-EDATE			= DATAM				##	Retorna o número de série da data que é o número indicado de meses antes ou depois da data inicial
-EOMONTH			= FIMMÊS			##	Retorna o número de série do último dia do mês antes ou depois de um número especificado de meses
-HOUR			= HORA				##	Converte um número de série em uma hora
-MINUTE			= MINUTO			##	Converte um número de série em um minuto
-MONTH			= MÊS				##	Converte um número de série em um mês
-NETWORKDAYS		= DIATRABALHOTOTAL		##	Retorna o número de dias úteis inteiros entre duas datas
-NOW			= AGORA				##	Retorna o número de série seqüencial da data e hora atuais
-SECOND			= SEGUNDO			##	Converte um número de série em um segundo
-TIME			= HORA				##	Retorna o número de série de uma hora específica
-TIMEVALUE		= VALOR.TEMPO			##	Converte um horário na forma de texto para um número de série
-TODAY			= HOJE				##	Retorna o número de série da data de hoje
-WEEKDAY			= DIA.DA.SEMANA			##	Converte um número de série em um dia da semana
-WEEKNUM			= NÚMSEMANA			##	Converte um número de série em um número que representa onde a semana cai numericamente em um ano
-WORKDAY			= DIATRABALHO			##	Retorna o número de série da data antes ou depois de um número específico de dias úteis
-YEAR			= ANO				##	Converte um número de série em um ano
-YEARFRAC		= FRAÇÃOANO			##	Retorna a fração do ano que representa o número de dias entre data_inicial e data_final
-
-
-##
-##	Engineering functions				Funções de engenharia
-##
-BESSELI			= BESSELI			##	Retorna a função de Bessel In(x) modificada
-BESSELJ			= BESSELJ			##	Retorna a função de Bessel Jn(x)
-BESSELK			= BESSELK			##	Retorna a função de Bessel Kn(x) modificada
-BESSELY			= BESSELY			##	Retorna a função de Bessel Yn(x)
-BIN2DEC			= BIN2DEC			##	Converte um número binário em decimal
-BIN2HEX			= BIN2HEX			##	Converte um número binário em hexadecimal
-BIN2OCT			= BIN2OCT			##	Converte um número binário em octal
-COMPLEX			= COMPLEX			##	Converte coeficientes reais e imaginários e um número complexo
-CONVERT			= CONVERTER			##	Converte um número de um sistema de medida para outro
-DEC2BIN			= DECABIN			##	Converte um número decimal em binário
-DEC2HEX			= DECAHEX			##	Converte um número decimal em hexadecimal
-DEC2OCT			= DECAOCT			##	Converte um número decimal em octal
-DELTA			= DELTA				##	Testa se dois valores são iguais
-ERF			= FUNERRO			##	Retorna a função de erro
-ERFC			= FUNERROCOMPL			##	Retorna a função de erro complementar
-GESTEP			= DEGRAU			##	Testa se um número é maior do que um valor limite
-HEX2BIN			= HEXABIN			##	Converte um número hexadecimal em binário
-HEX2DEC			= HEXADEC			##	Converte um número hexadecimal em decimal
-HEX2OCT			= HEXAOCT			##	Converte um número hexadecimal em octal
-IMABS			= IMABS				##	Retorna o valor absoluto (módulo) de um número complexo
-IMAGINARY		= IMAGINÁRIO			##	Retorna o coeficiente imaginário de um número complexo
-IMARGUMENT		= IMARG				##	Retorna o argumento teta, um ângulo expresso em radianos
-IMCONJUGATE		= IMCONJ			##	Retorna o conjugado complexo de um número complexo
-IMCOS			= IMCOS				##	Retorna o cosseno de um número complexo
-IMDIV			= IMDIV				##	Retorna o quociente de dois números complexos
-IMEXP			= IMEXP				##	Retorna o exponencial de um número complexo
-IMLN			= IMLN				##	Retorna o logaritmo natural de um número complexo
-IMLOG10			= IMLOG10			##	Retorna o logaritmo de base 10 de um número complexo
-IMLOG2			= IMLOG2			##	Retorna o logaritmo de base 2 de um número complexo
-IMPOWER			= IMPOT				##	Retorna um número complexo elevado a uma potência inteira
-IMPRODUCT		= IMPROD			##	Retorna o produto de números complexos
-IMREAL			= IMREAL			##	Retorna o coeficiente real de um número complexo
-IMSIN			= IMSENO			##	Retorna o seno de um número complexo
-IMSQRT			= IMRAIZ			##	Retorna a raiz quadrada de um número complexo
-IMSUB			= IMSUBTR			##	Retorna a diferença entre dois números complexos
-IMSUM			= IMSOMA			##	Retorna a soma de números complexos
-OCT2BIN			= OCTABIN			##	Converte um número octal em binário
-OCT2DEC			= OCTADEC			##	Converte um número octal em decimal
-OCT2HEX			= OCTAHEX			##	Converte um número octal em hexadecimal
-
-
-##
-##	Financial functions				Funções financeiras
-##
-ACCRINT			= JUROSACUM			##	Retorna a taxa de juros acumulados de um título que paga uma taxa periódica de juros
-ACCRINTM		= JUROSACUMV			##	Retorna os juros acumulados de um título que paga juros no vencimento
-AMORDEGRC		= AMORDEGRC			##	Retorna a depreciação para cada período contábil usando o coeficiente de depreciação
-AMORLINC		= AMORLINC			##	Retorna a depreciação para cada período contábil
-COUPDAYBS		= CUPDIASINLIQ			##	Retorna o número de dias do início do período de cupom até a data de liquidação
-COUPDAYS		= CUPDIAS			##	Retorna o número de dias no período de cupom que contém a data de quitação
-COUPDAYSNC		= CUPDIASPRÓX			##	Retorna o número de dias da data de liquidação até a data do próximo cupom
-COUPNCD			= CUPDATAPRÓX			##	Retorna a próxima data de cupom após a data de quitação
-COUPNUM			= CUPNÚM			##	Retorna o número de cupons pagáveis entre as datas de quitação e vencimento
-COUPPCD			= CUPDATAANT			##	Retorna a data de cupom anterior à data de quitação
-CUMIPMT			= PGTOJURACUM			##	Retorna os juros acumulados pagos entre dois períodos
-CUMPRINC		= PGTOCAPACUM			##	Retorna o capital acumulado pago sobre um empréstimo entre dois períodos
-DB			= BD				##	Retorna a depreciação de um ativo para um período especificado, usando o método de balanço de declínio fixo
-DDB			= BDD				##	Retorna a depreciação de um ativo com relação a um período especificado usando o método de saldos decrescentes duplos ou qualquer outro método especificado por você
-DISC			= DESC				##	Retorna a taxa de desconto de um título
-DOLLARDE		= MOEDADEC			##	Converte um preço em formato de moeda, na forma fracionária, em um preço na forma decimal
-DOLLARFR		= MOEDAFRA			##	Converte um preço, apresentado na forma decimal, em um preço apresentado na forma fracionária
-DURATION		= DURAÇÃO			##	Retorna a duração anual de um título com pagamentos de juros periódicos
-EFFECT			= EFETIVA			##	Retorna a taxa de juros anual efetiva
-FV			= VF				##	Retorna o valor futuro de um investimento
-FVSCHEDULE		= VFPLANO			##	Retorna o valor futuro de um capital inicial após a aplicação de uma série de taxas de juros compostas
-INTRATE			= TAXAJUROS			##	Retorna a taxa de juros de um título totalmente investido
-IPMT			= IPGTO				##	Retorna o pagamento de juros para um investimento em um determinado período
-IRR			= TIR				##	Retorna a taxa interna de retorno de uma série de fluxos de caixa
-ISPMT			= ÉPGTO				##	Calcula os juros pagos durante um período específico de um investimento
-MDURATION		= MDURAÇÃO			##	Retorna a duração de Macauley modificada para um título com um valor de paridade equivalente a R$ 100
-MIRR			= MTIR				##	Calcula a taxa interna de retorno em que fluxos de caixa positivos e negativos são financiados com diferentes taxas
-NOMINAL			= NOMINAL			##	Retorna a taxa de juros nominal anual
-NPER			= NPER				##	Retorna o número de períodos de um investimento
-NPV			= VPL				##	Retorna o valor líquido atual de um investimento com base em uma série de fluxos de caixa periódicos e em uma taxa de desconto
-ODDFPRICE		= PREÇOPRIMINC			##	Retorna o preço por R$ 100 de valor nominal de um título com um primeiro período indefinido
-ODDFYIELD		= LUCROPRIMINC			##	Retorna o rendimento de um título com um primeiro período indefinido
-ODDLPRICE		= PREÇOÚLTINC			##	Retorna o preço por R$ 100 de valor nominal de um título com um último período de cupom indefinido
-ODDLYIELD		= LUCROÚLTINC			##	Retorna o rendimento de um título com um último período indefinido
-PMT			= PGTO				##	Retorna o pagamento periódico de uma anuidade
-PPMT			= PPGTO				##	Retorna o pagamento de capital para determinado período de investimento
-PRICE			= PREÇO				##	Retorna a preço por R$ 100,00 de valor nominal de um título que paga juros periódicos
-PRICEDISC		= PREÇODESC			##	Retorna o preço por R$ 100,00 de valor nominal de um título descontado
-PRICEMAT		= PREÇOVENC			##	Retorna o preço por R$ 100,00 de valor nominal de um título que paga juros no vencimento
-PV			= VP				##	Retorna o valor presente de um investimento
-RATE			= TAXA				##	Retorna a taxa de juros por período de uma anuidade
-RECEIVED		= RECEBER			##	Retorna a quantia recebida no vencimento de um título totalmente investido
-SLN			= DPD				##	Retorna a depreciação em linha reta de um ativo durante um período
-SYD			= SDA				##	Retorna a depreciação dos dígitos da soma dos anos de um ativo para um período especificado
-TBILLEQ			= OTN				##	Retorna o rendimento de um título equivalente a uma obrigação do Tesouro
-TBILLPRICE		= OTNVALOR			##	Retorna o preço por R$ 100,00 de valor nominal de uma obrigação do Tesouro
-TBILLYIELD		= OTNLUCRO			##	Retorna o rendimento de uma obrigação do Tesouro
-VDB			= BDV				##	Retorna a depreciação de um ativo para um período especificado ou parcial usando um método de balanço declinante
-XIRR			= XTIR				##	Fornece a taxa interna de retorno para um programa de fluxos de caixa que não é necessariamente periódico
-XNPV			= XVPL				##	Retorna o valor presente líquido de um programa de fluxos de caixa que não é necessariamente periódico
-YIELD			= LUCRO				##	Retorna o lucro de um título que paga juros periódicos
-YIELDDISC		= LUCRODESC			##	Retorna o rendimento anual de um título descontado. Por exemplo, uma obrigação do Tesouro
-YIELDMAT		= LUCROVENC			##	Retorna o lucro anual de um título que paga juros no vencimento
-
-
-##
-##	Information functions				Funções de informação
-##
-CELL			= CÉL				##	Retorna informações sobre formatação, localização ou conteúdo de uma célula
-ERROR.TYPE		= TIPO.ERRO			##	Retorna um número correspondente a um tipo de erro
-INFO			= INFORMAÇÃO			##	Retorna informações sobre o ambiente operacional atual
-ISBLANK			= ÉCÉL.VAZIA			##	Retorna VERDADEIRO se o valor for vazio
-ISERR			= ÉERRO				##	Retorna VERDADEIRO se o valor for um valor de erro diferente de #N/D
-ISERROR			= ÉERROS			##	Retorna VERDADEIRO se o valor for um valor de erro
-ISEVEN			= ÉPAR				##	Retorna VERDADEIRO se o número for par
-ISLOGICAL		= ÉLÓGICO			##	Retorna VERDADEIRO se o valor for um valor lógico
-ISNA			= É.NÃO.DISP			##	Retorna VERDADEIRO se o valor for o valor de erro #N/D
-ISNONTEXT		= É.NÃO.TEXTO			##	Retorna VERDADEIRO se o valor for diferente de texto
-ISNUMBER		= ÉNÚM				##	Retorna VERDADEIRO se o valor for um número
-ISODD			= ÉIMPAR			##	Retorna VERDADEIRO se o número for ímpar
-ISREF			= ÉREF				##	Retorna VERDADEIRO se o valor for uma referência
-ISTEXT			= ÉTEXTO			##	Retorna VERDADEIRO se o valor for texto
-N			= N				##	Retorna um valor convertido em um número
-NA			= NÃO.DISP			##	Retorna o valor de erro #N/D
-TYPE			= TIPO				##	Retorna um número indicando o tipo de dados de um valor
-
-
-##
-##	Logical functions				Funções lógicas
-##
-AND			= E				##	Retorna VERDADEIRO se todos os seus argumentos forem VERDADEIROS
-FALSE			= FALSO				##	Retorna o valor lógico FALSO
-IF			= SE				##	Especifica um teste lógico a ser executado
-IFERROR			= SEERRO			##	Retornará um valor que você especifica se uma fórmula for avaliada para um erro; do contrário, retornará o resultado da fórmula
-NOT			= NÃO				##	Inverte o valor lógico do argumento
-OR			= OU				##	Retorna VERDADEIRO se um dos argumentos for VERDADEIRO
-TRUE			= VERDADEIRO			##	Retorna o valor lógico VERDADEIRO
-
-
-##
-##	Lookup and reference functions			Funções de pesquisa e referência
-##
-ADDRESS			= ENDEREÇO			##	Retorna uma referência como texto para uma única célula em uma planilha
-AREAS			= ÁREAS				##	Retorna o número de áreas em uma referência
-CHOOSE			= ESCOLHER			##	Escolhe um valor a partir de uma lista de valores
-COLUMN			= COL				##	Retorna o número da coluna de uma referência
-COLUMNS			= COLS				##	Retorna o número de colunas em uma referência
-HLOOKUP			= PROCH				##	Procura na linha superior de uma matriz e retorna o valor da célula especificada
-HYPERLINK		= HYPERLINK			##	Cria um atalho ou salto que abre um documento armazenado em um servidor de rede, uma intranet ou na Internet
-INDEX			= ÍNDICE			##	Usa um índice para escolher um valor de uma referência ou matriz
-INDIRECT		= INDIRETO			##	Retorna uma referência indicada por um valor de texto
-LOOKUP			= PROC				##	Procura valores em um vetor ou em uma matriz
-MATCH			= CORRESP			##	Procura valores em uma referência ou em uma matriz
-OFFSET			= DESLOC			##	Retorna um deslocamento de referência com base em uma determinada referência
-ROW			= LIN				##	Retorna o número da linha de uma referência
-ROWS			= LINS				##	Retorna o número de linhas em uma referência
-RTD			= RTD				##	Recupera dados em tempo real de um programa que ofereça suporte a automação COM (automação: uma forma de trabalhar com objetos de um aplicativo a partir de outro aplicativo ou ferramenta de desenvolvimento. Chamada inicialmente de automação OLE, a automação é um padrão industrial e um recurso do modelo de objeto componente (COM).)
-TRANSPOSE		= TRANSPOR			##	Retorna a transposição de uma matriz
-VLOOKUP			= PROCV				##	Procura na primeira coluna de uma matriz e move ao longo da linha para retornar o valor de uma célula
-
-
-##
-##	Math and trigonometry functions			Funções matemáticas e trigonométricas
-##
-ABS			= ABS				##	Retorna o valor absoluto de um número
-ACOS			= ACOS				##	Retorna o arco cosseno de um número
-ACOSH			= ACOSH				##	Retorna o cosseno hiperbólico inverso de um número
-ASIN			= ASEN				##	Retorna o arco seno de um número
-ASINH			= ASENH				##	Retorna o seno hiperbólico inverso de um número
-ATAN			= ATAN				##	Retorna o arco tangente de um número
-ATAN2			= ATAN2				##	Retorna o arco tangente das coordenadas x e y especificadas
-ATANH			= ATANH				##	Retorna a tangente hiperbólica inversa de um número
-CEILING			= TETO				##	Arredonda um número para o inteiro mais próximo ou para o múltiplo mais próximo de significância
-COMBIN			= COMBIN			##	Retorna o número de combinações de um determinado número de objetos
-COS			= COS				##	Retorna o cosseno de um número
-COSH			= COSH				##	Retorna o cosseno hiperbólico de um número
-DEGREES			= GRAUS				##	Converte radianos em graus
-EVEN			= PAR				##	Arredonda um número para cima até o inteiro par mais próximo
-EXP			= EXP				##	Retorna e elevado à potência de um número especificado
-FACT			= FATORIAL			##	Retorna o fatorial de um número
-FACTDOUBLE		= FATDUPLO			##	Retorna o fatorial duplo de um número
-FLOOR			= ARREDMULTB			##	Arredonda um número para baixo até zero
-GCD			= MDC				##	Retorna o máximo divisor comum
-INT			= INT				##	Arredonda um número para baixo até o número inteiro mais próximo
-LCM			= MMC				##	Retorna o mínimo múltiplo comum
-LN			= LN				##	Retorna o logaritmo natural de um número
-LOG			= LOG				##	Retorna o logaritmo de um número de uma base especificada
-LOG10			= LOG10				##	Retorna o logaritmo de base 10 de um número
-MDETERM			= MATRIZ.DETERM			##	Retorna o determinante de uma matriz de uma variável do tipo matriz
-MINVERSE		= MATRIZ.INVERSO		##	Retorna a matriz inversa de uma matriz
-MMULT			= MATRIZ.MULT			##	Retorna o produto de duas matrizes
-MOD			= RESTO				##	Retorna o resto da divisão
-MROUND			= MARRED			##	Retorna um número arredondado ao múltiplo desejado
-MULTINOMIAL		= MULTINOMIAL			##	Retorna o multinomial de um conjunto de números
-ODD			= ÍMPAR				##	Arredonda um número para cima até o inteiro ímpar mais próximo
-PI			= PI				##	Retorna o valor de Pi
-POWER			= POTÊNCIA			##	Fornece o resultado de um número elevado a uma potência
-PRODUCT			= MULT				##	Multiplica seus argumentos
-QUOTIENT		= QUOCIENTE			##	Retorna a parte inteira de uma divisão
-RADIANS			= RADIANOS			##	Converte graus em radianos
-RAND			= ALEATÓRIO			##	Retorna um número aleatório entre 0 e 1
-RANDBETWEEN		= ALEATÓRIOENTRE		##	Retorna um número aleatório entre os números especificados
-ROMAN			= ROMANO			##	Converte um algarismo arábico em romano, como texto
-ROUND			= ARRED				##	Arredonda um número até uma quantidade especificada de dígitos
-ROUNDDOWN		= ARREDONDAR.PARA.BAIXO		##	Arredonda um número para baixo até zero
-ROUNDUP			= ARREDONDAR.PARA.CIMA		##	Arredonda um número para cima, afastando-o de zero
-SERIESSUM		= SOMASEQÜÊNCIA			##	Retorna a soma de uma série polinomial baseada na fórmula
-SIGN			= SINAL				##	Retorna o sinal de um número
-SIN			= SEN				##	Retorna o seno de um ângulo dado
-SINH			= SENH				##	Retorna o seno hiperbólico de um número
-SQRT			= RAIZ				##	Retorna uma raiz quadrada positiva
-SQRTPI			= RAIZPI			##	Retorna a raiz quadrada de (núm* pi)
-SUBTOTAL		= SUBTOTAL			##	Retorna um subtotal em uma lista ou em um banco de dados
-SUM			= SOMA				##	Soma seus argumentos
-SUMIF			= SOMASE			##	Adiciona as células especificadas por um determinado critério
-SUMIFS			= SOMASE			##	Adiciona as células em um intervalo que atende a vários critérios
-SUMPRODUCT		= SOMARPRODUTO			##	Retorna a soma dos produtos de componentes correspondentes de matrizes
-SUMSQ			= SOMAQUAD			##	Retorna a soma dos quadrados dos argumentos
-SUMX2MY2		= SOMAX2DY2			##	Retorna a soma da diferença dos quadrados dos valores correspondentes em duas matrizes
-SUMX2PY2		= SOMAX2SY2			##	Retorna a soma da soma dos quadrados dos valores correspondentes em duas matrizes
-SUMXMY2			= SOMAXMY2			##	Retorna a soma dos quadrados das diferenças dos valores correspondentes em duas matrizes
-TAN			= TAN				##	Retorna a tangente de um número
-TANH			= TANH				##	Retorna a tangente hiperbólica de um número
-TRUNC			= TRUNCAR			##	Trunca um número para um inteiro
-
-
-##
-##	Statistical functions				Funções estatísticas
-##
-AVEDEV			= DESV.MÉDIO			##	Retorna a média aritmética dos desvios médios dos pontos de dados a partir de sua média
-AVERAGE			= MÉDIA				##	Retorna a média dos argumentos
-AVERAGEA		= MÉDIAA			##	Retorna a média dos argumentos, inclusive números, texto e valores lógicos
-AVERAGEIF		= MÉDIASE			##	Retorna a média (média aritmética) de todas as células em um intervalo que atendem a um determinado critério
-AVERAGEIFS		= MÉDIASES			##	Retorna a média (média aritmética) de todas as células que atendem a múltiplos critérios.
-BETADIST		= DISTBETA			##	Retorna a função de distribuição cumulativa beta
-BETAINV			= BETA.ACUM.INV			##	Retorna o inverso da função de distribuição cumulativa para uma distribuição beta especificada
-BINOMDIST		= DISTRBINOM			##	Retorna a probabilidade de distribuição binomial do termo individual
-CHIDIST			= DIST.QUI			##	Retorna a probabilidade unicaudal da distribuição qui-quadrada
-CHIINV			= INV.QUI			##	Retorna o inverso da probabilidade uni-caudal da distribuição qui-quadrada
-CHITEST			= TESTE.QUI			##	Retorna o teste para independência
-CONFIDENCE		= INT.CONFIANÇA			##	Retorna o intervalo de confiança para uma média da população
-CORREL			= CORREL			##	Retorna o coeficiente de correlação entre dois conjuntos de dados
-COUNT			= CONT.NÚM			##	Calcula quantos números há na lista de argumentos
-COUNTA			= CONT.VALORES			##	Calcula quantos valores há na lista de argumentos
-COUNTBLANK		= CONTAR.VAZIO			##	Conta o número de células vazias no intervalo especificado
-COUNTIF			= CONT.SE			##	Calcula o número de células não vazias em um intervalo que corresponde a determinados critérios
-COUNTIFS		= CONT.SES			##	Conta o número de células dentro de um intervalo que atende a múltiplos critérios
-COVAR			= COVAR				##	Retorna a covariância, a média dos produtos dos desvios pares
-CRITBINOM		= CRIT.BINOM			##	Retorna o menor valor para o qual a distribuição binomial cumulativa é menor ou igual ao valor padrão
-DEVSQ			= DESVQ				##	Retorna a soma dos quadrados dos desvios
-EXPONDIST		= DISTEXPON			##	Retorna a distribuição exponencial
-FDIST			= DISTF				##	Retorna a distribuição de probabilidade F
-FINV			= INVF				##	Retorna o inverso da distribuição de probabilidades F
-FISHER			= FISHER			##	Retorna a transformação Fisher
-FISHERINV		= FISHERINV			##	Retorna o inverso da transformação Fisher
-FORECAST		= PREVISÃO			##	Retorna um valor ao longo de uma linha reta
-FREQUENCY		= FREQÜÊNCIA			##	Retorna uma distribuição de freqüência como uma matriz vertical
-FTEST			= TESTEF			##	Retorna o resultado de um teste F
-GAMMADIST		= DISTGAMA			##	Retorna a distribuição gama
-GAMMAINV		= INVGAMA			##	Retorna o inverso da distribuição cumulativa gama
-GAMMALN			= LNGAMA			##	Retorna o logaritmo natural da função gama, G(x)
-GEOMEAN			= MÉDIA.GEOMÉTRICA		##	Retorna a média geométrica
-GROWTH			= CRESCIMENTO			##	Retorna valores ao longo de uma tendência exponencial
-HARMEAN			= MÉDIA.HARMÔNICA		##	Retorna a média harmônica
-HYPGEOMDIST		= DIST.HIPERGEOM		##	Retorna a distribuição hipergeométrica
-INTERCEPT		= INTERCEPÇÃO			##	Retorna a intercepção da linha de regressão linear
-KURT			= CURT				##	Retorna a curtose de um conjunto de dados
-LARGE			= MAIOR				##	Retorna o maior valor k-ésimo de um conjunto de dados
-LINEST			= PROJ.LIN			##	Retorna os parâmetros de uma tendência linear
-LOGEST			= PROJ.LOG			##	Retorna os parâmetros de uma tendência exponencial
-LOGINV			= INVLOG			##	Retorna o inverso da distribuição lognormal
-LOGNORMDIST		= DIST.LOGNORMAL		##	Retorna a distribuição lognormal cumulativa
-MAX			= MÁXIMO			##	Retorna o valor máximo em uma lista de argumentos
-MAXA			= MÁXIMOA			##	Retorna o maior valor em uma lista de argumentos, inclusive números, texto e valores lógicos
-MEDIAN			= MED				##	Retorna a mediana dos números indicados
-MIN			= MÍNIMO			##	Retorna o valor mínimo em uma lista de argumentos
-MINA			= MÍNIMOA			##	Retorna o menor valor em uma lista de argumentos, inclusive números, texto e valores lógicos
-MODE			= MODO				##	Retorna o valor mais comum em um conjunto de dados
-NEGBINOMDIST		= DIST.BIN.NEG			##	Retorna a distribuição binomial negativa
-NORMDIST		= DIST.NORM			##	Retorna a distribuição cumulativa normal
-NORMINV			= INV.NORM			##	Retorna o inverso da distribuição cumulativa normal
-NORMSDIST		= DIST.NORMP			##	Retorna a distribuição cumulativa normal padrão
-NORMSINV		= INV.NORMP			##	Retorna o inverso da distribuição cumulativa normal padrão
-PEARSON			= PEARSON			##	Retorna o coeficiente de correlação do momento do produto Pearson
-PERCENTILE		= PERCENTIL			##	Retorna o k-ésimo percentil de valores em um intervalo
-PERCENTRANK		= ORDEM.PORCENTUAL		##	Retorna a ordem percentual de um valor em um conjunto de dados
-PERMUT			= PERMUT			##	Retorna o número de permutações de um determinado número de objetos
-POISSON			= POISSON			##	Retorna a distribuição Poisson
-PROB			= PROB				##	Retorna a probabilidade de valores em um intervalo estarem entre dois limites
-QUARTILE		= QUARTIL			##	Retorna o quartil do conjunto de dados
-RANK			= ORDEM				##	Retorna a posição de um número em uma lista de números
-RSQ			= RQUAD				##	Retorna o quadrado do coeficiente de correlação do momento do produto de Pearson
-SKEW			= DISTORÇÃO			##	Retorna a distorção de uma distribuição
-SLOPE			= INCLINAÇÃO			##	Retorna a inclinação da linha de regressão linear
-SMALL			= MENOR				##	Retorna o menor valor k-ésimo do conjunto de dados
-STANDARDIZE		= PADRONIZAR			##	Retorna um valor normalizado
-STDEV			= DESVPAD			##	Estima o desvio padrão com base em uma amostra
-STDEVA			= DESVPADA			##	Estima o desvio padrão com base em uma amostra, inclusive números, texto e valores lógicos
-STDEVP			= DESVPADP			##	Calcula o desvio padrão com base na população total
-STDEVPA			= DESVPADPA			##	Calcula o desvio padrão com base na população total, inclusive números, texto e valores lógicos
-STEYX			= EPADYX			##	Retorna o erro padrão do valor-y previsto para cada x da regressão
-TDIST			= DISTT				##	Retorna a distribuição t de Student
-TINV			= INVT				##	Retorna o inverso da distribuição t de Student
-TREND			= TENDÊNCIA			##	Retorna valores ao longo de uma tendência linear
-TRIMMEAN		= MÉDIA.INTERNA			##	Retorna a média do interior de um conjunto de dados
-TTEST			= TESTET			##	Retorna a probabilidade associada ao teste t de Student
-VAR			= VAR				##	Estima a variância com base em uma amostra
-VARA			= VARA				##	Estima a variância com base em uma amostra, inclusive números, texto e valores lógicos
-VARP			= VARP				##	Calcula a variância com base na população inteira
-VARPA			= VARPA				##	Calcula a variância com base na população total, inclusive números, texto e valores lógicos
-WEIBULL			= WEIBULL			##	Retorna a distribuição Weibull
-ZTEST			= TESTEZ			##	Retorna o valor de probabilidade uni-caudal de um teste-z
-
-
-##
-##	Text functions			Funções de texto
-##
-ASC			= ASC				##	Altera letras do inglês ou katakana de largura total (bytes duplos) dentro de uma seqüência de caracteres para caracteres de meia largura (byte único)
-BAHTTEXT		= BAHTTEXT			##	Converte um número em um texto, usando o formato de moeda ß (baht)
-CHAR			= CARACT			##	Retorna o caractere especificado pelo número de código
-CLEAN			= TIRAR				##	Remove todos os caracteres do texto que não podem ser impressos
-CODE			= CÓDIGO			##	Retorna um código numérico para o primeiro caractere de uma seqüência de caracteres de texto
-CONCATENATE		= CONCATENAR			##	Agrupa vários itens de texto em um único item de texto
-DOLLAR			= MOEDA				##	Converte um número em texto, usando o formato de moeda $ (dólar)
-EXACT			= EXATO				##	Verifica se dois valores de texto são idênticos
-FIND			= PROCURAR			##	Procura um valor de texto dentro de outro (diferencia maiúsculas de minúsculas)
-FINDB			= PROCURARB			##	Procura um valor de texto dentro de outro (diferencia maiúsculas de minúsculas)
-FIXED			= DEF.NÚM.DEC			##	Formata um número como texto com um número fixo de decimais
-JIS			= JIS				##	Altera letras do inglês ou katakana de meia largura (byte único) dentro de uma seqüência de caracteres para caracteres de largura total (bytes duplos)
-LEFT			= ESQUERDA			##	Retorna os caracteres mais à esquerda de um valor de texto
-LEFTB			= ESQUERDAB			##	Retorna os caracteres mais à esquerda de um valor de texto
-LEN			= NÚM.CARACT			##	Retorna o número de caracteres em uma seqüência de texto
-LENB			= NÚM.CARACTB			##	Retorna o número de caracteres em uma seqüência de texto
-LOWER			= MINÚSCULA			##	Converte texto para minúsculas
-MID			= EXT.TEXTO			##	Retorna um número específico de caracteres de uma seqüência de texto começando na posição especificada
-MIDB			= EXT.TEXTOB			##	Retorna um número específico de caracteres de uma seqüência de texto começando na posição especificada
-PHONETIC		= FONÉTICA			##	Extrai os caracteres fonéticos (furigana) de uma seqüência de caracteres de texto
-PROPER			= PRI.MAIÚSCULA			##	Coloca a primeira letra de cada palavra em maiúscula em um valor de texto
-REPLACE			= MUDAR				##	Muda os caracteres dentro do texto
-REPLACEB		= MUDARB			##	Muda os caracteres dentro do texto
-REPT			= REPT				##	Repete o texto um determinado número de vezes
-RIGHT			= DIREITA			##	Retorna os caracteres mais à direita de um valor de texto
-RIGHTB			= DIREITAB			##	Retorna os caracteres mais à direita de um valor de texto
-SEARCH			= LOCALIZAR			##	Localiza um valor de texto dentro de outro (não diferencia maiúsculas de minúsculas)
-SEARCHB			= LOCALIZARB			##	Localiza um valor de texto dentro de outro (não diferencia maiúsculas de minúsculas)
-SUBSTITUTE		= SUBSTITUIR			##	Substitui um novo texto por um texto antigo em uma seqüência de texto
-T			= T				##	Converte os argumentos em texto
-TEXT			= TEXTO				##	Formata um número e o converte em texto
-TRIM			= ARRUMAR			##	Remove espaços do texto
-UPPER			= MAIÚSCULA			##	Converte o texto em maiúsculas
-VALUE			= VALOR				##	Converte um argumento de texto em um número
+##
+##	Add-in and Automation functions			Funções Suplemento e Automação
+##
+GETPIVOTDATA		= INFODADOSTABELADINÂMICA	##	Retorna os dados armazenados em um relatório de tabela dinâmica
+
+
+##
+##	Cube functions					Funções de Cubo
+##
+CUBEKPIMEMBER		= MEMBROKPICUBO			##	Retorna o nome de um KPI (indicador de desempenho-chave), uma propriedade e uma medida e exibe o nome e a propriedade na célula. Um KPI é uma medida quantificável, como o lucro bruto mensal ou a rotatividade trimestral dos funcionários, usada para monitorar o desempenho de uma organização.
+CUBEMEMBER		= MEMBROCUBO			##	Retorna um membro ou tupla em uma hierarquia de cubo. Use para validar se o membro ou tupla existe no cubo.
+CUBEMEMBERPROPERTY	= PROPRIEDADEMEMBROCUBO		##	Retorna o valor da propriedade de um membro no cubo. Usada para validar a existência do nome do membro no cubo e para retornar a propriedade especificada para esse membro.
+CUBERANKEDMEMBER	= MEMBROCLASSIFICADOCUBO	##	Retorna o enésimo membro, ou o membro ordenado, em um conjunto. Use para retornar um ou mais elementos em um conjunto, assim como o melhor vendedor ou os dez melhores alunos.
+CUBESET			= CONJUNTOCUBO			##	Define um conjunto calculado de membros ou tuplas enviando uma expressão do conjunto para o cubo no servidor, que cria o conjunto e o retorna para o Microsoft Office Excel.
+CUBESETCOUNT		= CONTAGEMCONJUNTOCUBO		##	Retorna o número de itens em um conjunto.
+CUBEVALUE		= VALORCUBO			##	Retorna um valor agregado de um cubo.
+
+
+##
+##	Database functions				Funções de banco de dados
+##
+DAVERAGE		= BDMÉDIA			##	Retorna a média das entradas selecionadas de um banco de dados
+DCOUNT			= BDCONTAR			##	Conta as células que contêm números em um banco de dados
+DCOUNTA			= BDCONTARA			##	Conta células não vazias em um banco de dados
+DGET			= BDEXTRAIR			##	Extrai de um banco de dados um único registro que corresponde a um critério específico
+DMAX			= BDMÁX				##	Retorna o valor máximo de entradas selecionadas de um banco de dados
+DMIN			= BDMÍN				##	Retorna o valor mínimo de entradas selecionadas de um banco de dados
+DPRODUCT		= BDMULTIPL			##	Multiplica os valores em um campo específico de registros que correspondem ao critério em um banco de dados
+DSTDEV			= BDEST				##	Estima o desvio padrão com base em uma amostra de entradas selecionadas de um banco de dados
+DSTDEVP			= BDDESVPA			##	Calcula o desvio padrão com base na população inteira de entradas selecionadas de um banco de dados
+DSUM			= BDSOMA			##	Adiciona os números à coluna de campos de registros do banco de dados que correspondem ao critério
+DVAR			= BDVAREST			##	Estima a variância com base em uma amostra de entradas selecionadas de um banco de dados
+DVARP			= BDVARP			##	Calcula a variância com base na população inteira de entradas selecionadas de um banco de dados
+
+
+##
+##	Date and time functions				Funções de data e hora
+##
+DATE			= DATA				##	Retorna o número de série de uma data específica
+DATEVALUE		= DATA.VALOR			##	Converte uma data na forma de texto para um número de série
+DAY			= DIA				##	Converte um número de série em um dia do mês
+DAYS360			= DIAS360			##	Calcula o número de dias entre duas datas com base em um ano de 360 dias
+EDATE			= DATAM				##	Retorna o número de série da data que é o número indicado de meses antes ou depois da data inicial
+EOMONTH			= FIMMÊS			##	Retorna o número de série do último dia do mês antes ou depois de um número especificado de meses
+HOUR			= HORA				##	Converte um número de série em uma hora
+MINUTE			= MINUTO			##	Converte um número de série em um minuto
+MONTH			= MÊS				##	Converte um número de série em um mês
+NETWORKDAYS		= DIATRABALHOTOTAL		##	Retorna o número de dias úteis inteiros entre duas datas
+NOW			= AGORA				##	Retorna o número de série seqüencial da data e hora atuais
+SECOND			= SEGUNDO			##	Converte um número de série em um segundo
+TIME			= HORA				##	Retorna o número de série de uma hora específica
+TIMEVALUE		= VALOR.TEMPO			##	Converte um horário na forma de texto para um número de série
+TODAY			= HOJE				##	Retorna o número de série da data de hoje
+WEEKDAY			= DIA.DA.SEMANA			##	Converte um número de série em um dia da semana
+WEEKNUM			= NÚMSEMANA			##	Converte um número de série em um número que representa onde a semana cai numericamente em um ano
+WORKDAY			= DIATRABALHO			##	Retorna o número de série da data antes ou depois de um número específico de dias úteis
+YEAR			= ANO				##	Converte um número de série em um ano
+YEARFRAC		= FRAÇÃOANO			##	Retorna a fração do ano que representa o número de dias entre data_inicial e data_final
+
+
+##
+##	Engineering functions				Funções de engenharia
+##
+BESSELI			= BESSELI			##	Retorna a função de Bessel In(x) modificada
+BESSELJ			= BESSELJ			##	Retorna a função de Bessel Jn(x)
+BESSELK			= BESSELK			##	Retorna a função de Bessel Kn(x) modificada
+BESSELY			= BESSELY			##	Retorna a função de Bessel Yn(x)
+BIN2DEC			= BIN2DEC			##	Converte um número binário em decimal
+BIN2HEX			= BIN2HEX			##	Converte um número binário em hexadecimal
+BIN2OCT			= BIN2OCT			##	Converte um número binário em octal
+COMPLEX			= COMPLEX			##	Converte coeficientes reais e imaginários e um número complexo
+CONVERT			= CONVERTER			##	Converte um número de um sistema de medida para outro
+DEC2BIN			= DECABIN			##	Converte um número decimal em binário
+DEC2HEX			= DECAHEX			##	Converte um número decimal em hexadecimal
+DEC2OCT			= DECAOCT			##	Converte um número decimal em octal
+DELTA			= DELTA				##	Testa se dois valores são iguais
+ERF			= FUNERRO			##	Retorna a função de erro
+ERFC			= FUNERROCOMPL			##	Retorna a função de erro complementar
+GESTEP			= DEGRAU			##	Testa se um número é maior do que um valor limite
+HEX2BIN			= HEXABIN			##	Converte um número hexadecimal em binário
+HEX2DEC			= HEXADEC			##	Converte um número hexadecimal em decimal
+HEX2OCT			= HEXAOCT			##	Converte um número hexadecimal em octal
+IMABS			= IMABS				##	Retorna o valor absoluto (módulo) de um número complexo
+IMAGINARY		= IMAGINÁRIO			##	Retorna o coeficiente imaginário de um número complexo
+IMARGUMENT		= IMARG				##	Retorna o argumento teta, um ângulo expresso em radianos
+IMCONJUGATE		= IMCONJ			##	Retorna o conjugado complexo de um número complexo
+IMCOS			= IMCOS				##	Retorna o cosseno de um número complexo
+IMDIV			= IMDIV				##	Retorna o quociente de dois números complexos
+IMEXP			= IMEXP				##	Retorna o exponencial de um número complexo
+IMLN			= IMLN				##	Retorna o logaritmo natural de um número complexo
+IMLOG10			= IMLOG10			##	Retorna o logaritmo de base 10 de um número complexo
+IMLOG2			= IMLOG2			##	Retorna o logaritmo de base 2 de um número complexo
+IMPOWER			= IMPOT				##	Retorna um número complexo elevado a uma potência inteira
+IMPRODUCT		= IMPROD			##	Retorna o produto de números complexos
+IMREAL			= IMREAL			##	Retorna o coeficiente real de um número complexo
+IMSIN			= IMSENO			##	Retorna o seno de um número complexo
+IMSQRT			= IMRAIZ			##	Retorna a raiz quadrada de um número complexo
+IMSUB			= IMSUBTR			##	Retorna a diferença entre dois números complexos
+IMSUM			= IMSOMA			##	Retorna a soma de números complexos
+OCT2BIN			= OCTABIN			##	Converte um número octal em binário
+OCT2DEC			= OCTADEC			##	Converte um número octal em decimal
+OCT2HEX			= OCTAHEX			##	Converte um número octal em hexadecimal
+
+
+##
+##	Financial functions				Funções financeiras
+##
+ACCRINT			= JUROSACUM			##	Retorna a taxa de juros acumulados de um título que paga uma taxa periódica de juros
+ACCRINTM		= JUROSACUMV			##	Retorna os juros acumulados de um título que paga juros no vencimento
+AMORDEGRC		= AMORDEGRC			##	Retorna a depreciação para cada período contábil usando o coeficiente de depreciação
+AMORLINC		= AMORLINC			##	Retorna a depreciação para cada período contábil
+COUPDAYBS		= CUPDIASINLIQ			##	Retorna o número de dias do início do período de cupom até a data de liquidação
+COUPDAYS		= CUPDIAS			##	Retorna o número de dias no período de cupom que contém a data de quitação
+COUPDAYSNC		= CUPDIASPRÓX			##	Retorna o número de dias da data de liquidação até a data do próximo cupom
+COUPNCD			= CUPDATAPRÓX			##	Retorna a próxima data de cupom após a data de quitação
+COUPNUM			= CUPNÚM			##	Retorna o número de cupons pagáveis entre as datas de quitação e vencimento
+COUPPCD			= CUPDATAANT			##	Retorna a data de cupom anterior à data de quitação
+CUMIPMT			= PGTOJURACUM			##	Retorna os juros acumulados pagos entre dois períodos
+CUMPRINC		= PGTOCAPACUM			##	Retorna o capital acumulado pago sobre um empréstimo entre dois períodos
+DB			= BD				##	Retorna a depreciação de um ativo para um período especificado, usando o método de balanço de declínio fixo
+DDB			= BDD				##	Retorna a depreciação de um ativo com relação a um período especificado usando o método de saldos decrescentes duplos ou qualquer outro método especificado por você
+DISC			= DESC				##	Retorna a taxa de desconto de um título
+DOLLARDE		= MOEDADEC			##	Converte um preço em formato de moeda, na forma fracionária, em um preço na forma decimal
+DOLLARFR		= MOEDAFRA			##	Converte um preço, apresentado na forma decimal, em um preço apresentado na forma fracionária
+DURATION		= DURAÇÃO			##	Retorna a duração anual de um título com pagamentos de juros periódicos
+EFFECT			= EFETIVA			##	Retorna a taxa de juros anual efetiva
+FV			= VF				##	Retorna o valor futuro de um investimento
+FVSCHEDULE		= VFPLANO			##	Retorna o valor futuro de um capital inicial após a aplicação de uma série de taxas de juros compostas
+INTRATE			= TAXAJUROS			##	Retorna a taxa de juros de um título totalmente investido
+IPMT			= IPGTO				##	Retorna o pagamento de juros para um investimento em um determinado período
+IRR			= TIR				##	Retorna a taxa interna de retorno de uma série de fluxos de caixa
+ISPMT			= ÉPGTO				##	Calcula os juros pagos durante um período específico de um investimento
+MDURATION		= MDURAÇÃO			##	Retorna a duração de Macauley modificada para um título com um valor de paridade equivalente a R$ 100
+MIRR			= MTIR				##	Calcula a taxa interna de retorno em que fluxos de caixa positivos e negativos são financiados com diferentes taxas
+NOMINAL			= NOMINAL			##	Retorna a taxa de juros nominal anual
+NPER			= NPER				##	Retorna o número de períodos de um investimento
+NPV			= VPL				##	Retorna o valor líquido atual de um investimento com base em uma série de fluxos de caixa periódicos e em uma taxa de desconto
+ODDFPRICE		= PREÇOPRIMINC			##	Retorna o preço por R$ 100 de valor nominal de um título com um primeiro período indefinido
+ODDFYIELD		= LUCROPRIMINC			##	Retorna o rendimento de um título com um primeiro período indefinido
+ODDLPRICE		= PREÇOÚLTINC			##	Retorna o preço por R$ 100 de valor nominal de um título com um último período de cupom indefinido
+ODDLYIELD		= LUCROÚLTINC			##	Retorna o rendimento de um título com um último período indefinido
+PMT			= PGTO				##	Retorna o pagamento periódico de uma anuidade
+PPMT			= PPGTO				##	Retorna o pagamento de capital para determinado período de investimento
+PRICE			= PREÇO				##	Retorna a preço por R$ 100,00 de valor nominal de um título que paga juros periódicos
+PRICEDISC		= PREÇODESC			##	Retorna o preço por R$ 100,00 de valor nominal de um título descontado
+PRICEMAT		= PREÇOVENC			##	Retorna o preço por R$ 100,00 de valor nominal de um título que paga juros no vencimento
+PV			= VP				##	Retorna o valor presente de um investimento
+RATE			= TAXA				##	Retorna a taxa de juros por período de uma anuidade
+RECEIVED		= RECEBER			##	Retorna a quantia recebida no vencimento de um título totalmente investido
+SLN			= DPD				##	Retorna a depreciação em linha reta de um ativo durante um período
+SYD			= SDA				##	Retorna a depreciação dos dígitos da soma dos anos de um ativo para um período especificado
+TBILLEQ			= OTN				##	Retorna o rendimento de um título equivalente a uma obrigação do Tesouro
+TBILLPRICE		= OTNVALOR			##	Retorna o preço por R$ 100,00 de valor nominal de uma obrigação do Tesouro
+TBILLYIELD		= OTNLUCRO			##	Retorna o rendimento de uma obrigação do Tesouro
+VDB			= BDV				##	Retorna a depreciação de um ativo para um período especificado ou parcial usando um método de balanço declinante
+XIRR			= XTIR				##	Fornece a taxa interna de retorno para um programa de fluxos de caixa que não é necessariamente periódico
+XNPV			= XVPL				##	Retorna o valor presente líquido de um programa de fluxos de caixa que não é necessariamente periódico
+YIELD			= LUCRO				##	Retorna o lucro de um título que paga juros periódicos
+YIELDDISC		= LUCRODESC			##	Retorna o rendimento anual de um título descontado. Por exemplo, uma obrigação do Tesouro
+YIELDMAT		= LUCROVENC			##	Retorna o lucro anual de um título que paga juros no vencimento
+
+
+##
+##	Information functions				Funções de informação
+##
+CELL			= CÉL				##	Retorna informações sobre formatação, localização ou conteúdo de uma célula
+ERROR.TYPE		= TIPO.ERRO			##	Retorna um número correspondente a um tipo de erro
+INFO			= INFORMAÇÃO			##	Retorna informações sobre o ambiente operacional atual
+ISBLANK			= ÉCÉL.VAZIA			##	Retorna VERDADEIRO se o valor for vazio
+ISERR			= ÉERRO				##	Retorna VERDADEIRO se o valor for um valor de erro diferente de #N/D
+ISERROR			= ÉERROS			##	Retorna VERDADEIRO se o valor for um valor de erro
+ISEVEN			= ÉPAR				##	Retorna VERDADEIRO se o número for par
+ISLOGICAL		= ÉLÓGICO			##	Retorna VERDADEIRO se o valor for um valor lógico
+ISNA			= É.NÃO.DISP			##	Retorna VERDADEIRO se o valor for o valor de erro #N/D
+ISNONTEXT		= É.NÃO.TEXTO			##	Retorna VERDADEIRO se o valor for diferente de texto
+ISNUMBER		= ÉNÚM				##	Retorna VERDADEIRO se o valor for um número
+ISODD			= ÉIMPAR			##	Retorna VERDADEIRO se o número for ímpar
+ISREF			= ÉREF				##	Retorna VERDADEIRO se o valor for uma referência
+ISTEXT			= ÉTEXTO			##	Retorna VERDADEIRO se o valor for texto
+N			= N				##	Retorna um valor convertido em um número
+NA			= NÃO.DISP			##	Retorna o valor de erro #N/D
+TYPE			= TIPO				##	Retorna um número indicando o tipo de dados de um valor
+
+
+##
+##	Logical functions				Funções lógicas
+##
+AND			= E				##	Retorna VERDADEIRO se todos os seus argumentos forem VERDADEIROS
+FALSE			= FALSO				##	Retorna o valor lógico FALSO
+IF			= SE				##	Especifica um teste lógico a ser executado
+IFERROR			= SEERRO			##	Retornará um valor que você especifica se uma fórmula for avaliada para um erro; do contrário, retornará o resultado da fórmula
+NOT			= NÃO				##	Inverte o valor lógico do argumento
+OR			= OU				##	Retorna VERDADEIRO se um dos argumentos for VERDADEIRO
+TRUE			= VERDADEIRO			##	Retorna o valor lógico VERDADEIRO
+
+
+##
+##	Lookup and reference functions			Funções de pesquisa e referência
+##
+ADDRESS			= ENDEREÇO			##	Retorna uma referência como texto para uma única célula em uma planilha
+AREAS			= ÁREAS				##	Retorna o número de áreas em uma referência
+CHOOSE			= ESCOLHER			##	Escolhe um valor a partir de uma lista de valores
+COLUMN			= COL				##	Retorna o número da coluna de uma referência
+COLUMNS			= COLS				##	Retorna o número de colunas em uma referência
+HLOOKUP			= PROCH				##	Procura na linha superior de uma matriz e retorna o valor da célula especificada
+HYPERLINK		= HYPERLINK			##	Cria um atalho ou salto que abre um documento armazenado em um servidor de rede, uma intranet ou na Internet
+INDEX			= ÍNDICE			##	Usa um índice para escolher um valor de uma referência ou matriz
+INDIRECT		= INDIRETO			##	Retorna uma referência indicada por um valor de texto
+LOOKUP			= PROC				##	Procura valores em um vetor ou em uma matriz
+MATCH			= CORRESP			##	Procura valores em uma referência ou em uma matriz
+OFFSET			= DESLOC			##	Retorna um deslocamento de referência com base em uma determinada referência
+ROW			= LIN				##	Retorna o número da linha de uma referência
+ROWS			= LINS				##	Retorna o número de linhas em uma referência
+RTD			= RTD				##	Recupera dados em tempo real de um programa que ofereça suporte a automação COM (automação: uma forma de trabalhar com objetos de um aplicativo a partir de outro aplicativo ou ferramenta de desenvolvimento. Chamada inicialmente de automação OLE, a automação é um padrão industrial e um recurso do modelo de objeto componente (COM).)
+TRANSPOSE		= TRANSPOR			##	Retorna a transposição de uma matriz
+VLOOKUP			= PROCV				##	Procura na primeira coluna de uma matriz e move ao longo da linha para retornar o valor de uma célula
+
+
+##
+##	Math and trigonometry functions			Funções matemáticas e trigonométricas
+##
+ABS			= ABS				##	Retorna o valor absoluto de um número
+ACOS			= ACOS				##	Retorna o arco cosseno de um número
+ACOSH			= ACOSH				##	Retorna o cosseno hiperbólico inverso de um número
+ASIN			= ASEN				##	Retorna o arco seno de um número
+ASINH			= ASENH				##	Retorna o seno hiperbólico inverso de um número
+ATAN			= ATAN				##	Retorna o arco tangente de um número
+ATAN2			= ATAN2				##	Retorna o arco tangente das coordenadas x e y especificadas
+ATANH			= ATANH				##	Retorna a tangente hiperbólica inversa de um número
+CEILING			= TETO				##	Arredonda um número para o inteiro mais próximo ou para o múltiplo mais próximo de significância
+COMBIN			= COMBIN			##	Retorna o número de combinações de um determinado número de objetos
+COS			= COS				##	Retorna o cosseno de um número
+COSH			= COSH				##	Retorna o cosseno hiperbólico de um número
+DEGREES			= GRAUS				##	Converte radianos em graus
+EVEN			= PAR				##	Arredonda um número para cima até o inteiro par mais próximo
+EXP			= EXP				##	Retorna e elevado à potência de um número especificado
+FACT			= FATORIAL			##	Retorna o fatorial de um número
+FACTDOUBLE		= FATDUPLO			##	Retorna o fatorial duplo de um número
+FLOOR			= ARREDMULTB			##	Arredonda um número para baixo até zero
+GCD			= MDC				##	Retorna o máximo divisor comum
+INT			= INT				##	Arredonda um número para baixo até o número inteiro mais próximo
+LCM			= MMC				##	Retorna o mínimo múltiplo comum
+LN			= LN				##	Retorna o logaritmo natural de um número
+LOG			= LOG				##	Retorna o logaritmo de um número de uma base especificada
+LOG10			= LOG10				##	Retorna o logaritmo de base 10 de um número
+MDETERM			= MATRIZ.DETERM			##	Retorna o determinante de uma matriz de uma variável do tipo matriz
+MINVERSE		= MATRIZ.INVERSO		##	Retorna a matriz inversa de uma matriz
+MMULT			= MATRIZ.MULT			##	Retorna o produto de duas matrizes
+MOD			= RESTO				##	Retorna o resto da divisão
+MROUND			= MARRED			##	Retorna um número arredondado ao múltiplo desejado
+MULTINOMIAL		= MULTINOMIAL			##	Retorna o multinomial de um conjunto de números
+ODD			= ÍMPAR				##	Arredonda um número para cima até o inteiro ímpar mais próximo
+PI			= PI				##	Retorna o valor de Pi
+POWER			= POTÊNCIA			##	Fornece o resultado de um número elevado a uma potência
+PRODUCT			= MULT				##	Multiplica seus argumentos
+QUOTIENT		= QUOCIENTE			##	Retorna a parte inteira de uma divisão
+RADIANS			= RADIANOS			##	Converte graus em radianos
+RAND			= ALEATÓRIO			##	Retorna um número aleatório entre 0 e 1
+RANDBETWEEN		= ALEATÓRIOENTRE		##	Retorna um número aleatório entre os números especificados
+ROMAN			= ROMANO			##	Converte um algarismo arábico em romano, como texto
+ROUND			= ARRED				##	Arredonda um número até uma quantidade especificada de dígitos
+ROUNDDOWN		= ARREDONDAR.PARA.BAIXO		##	Arredonda um número para baixo até zero
+ROUNDUP			= ARREDONDAR.PARA.CIMA		##	Arredonda um número para cima, afastando-o de zero
+SERIESSUM		= SOMASEQÜÊNCIA			##	Retorna a soma de uma série polinomial baseada na fórmula
+SIGN			= SINAL				##	Retorna o sinal de um número
+SIN			= SEN				##	Retorna o seno de um ângulo dado
+SINH			= SENH				##	Retorna o seno hiperbólico de um número
+SQRT			= RAIZ				##	Retorna uma raiz quadrada positiva
+SQRTPI			= RAIZPI			##	Retorna a raiz quadrada de (núm* pi)
+SUBTOTAL		= SUBTOTAL			##	Retorna um subtotal em uma lista ou em um banco de dados
+SUM			= SOMA				##	Soma seus argumentos
+SUMIF			= SOMASE			##	Adiciona as células especificadas por um determinado critério
+SUMIFS			= SOMASE			##	Adiciona as células em um intervalo que atende a vários critérios
+SUMPRODUCT		= SOMARPRODUTO			##	Retorna a soma dos produtos de componentes correspondentes de matrizes
+SUMSQ			= SOMAQUAD			##	Retorna a soma dos quadrados dos argumentos
+SUMX2MY2		= SOMAX2DY2			##	Retorna a soma da diferença dos quadrados dos valores correspondentes em duas matrizes
+SUMX2PY2		= SOMAX2SY2			##	Retorna a soma da soma dos quadrados dos valores correspondentes em duas matrizes
+SUMXMY2			= SOMAXMY2			##	Retorna a soma dos quadrados das diferenças dos valores correspondentes em duas matrizes
+TAN			= TAN				##	Retorna a tangente de um número
+TANH			= TANH				##	Retorna a tangente hiperbólica de um número
+TRUNC			= TRUNCAR			##	Trunca um número para um inteiro
+
+
+##
+##	Statistical functions				Funções estatísticas
+##
+AVEDEV			= DESV.MÉDIO			##	Retorna a média aritmética dos desvios médios dos pontos de dados a partir de sua média
+AVERAGE			= MÉDIA				##	Retorna a média dos argumentos
+AVERAGEA		= MÉDIAA			##	Retorna a média dos argumentos, inclusive números, texto e valores lógicos
+AVERAGEIF		= MÉDIASE			##	Retorna a média (média aritmética) de todas as células em um intervalo que atendem a um determinado critério
+AVERAGEIFS		= MÉDIASES			##	Retorna a média (média aritmética) de todas as células que atendem a múltiplos critérios.
+BETADIST		= DISTBETA			##	Retorna a função de distribuição cumulativa beta
+BETAINV			= BETA.ACUM.INV			##	Retorna o inverso da função de distribuição cumulativa para uma distribuição beta especificada
+BINOMDIST		= DISTRBINOM			##	Retorna a probabilidade de distribuição binomial do termo individual
+CHIDIST			= DIST.QUI			##	Retorna a probabilidade unicaudal da distribuição qui-quadrada
+CHIINV			= INV.QUI			##	Retorna o inverso da probabilidade uni-caudal da distribuição qui-quadrada
+CHITEST			= TESTE.QUI			##	Retorna o teste para independência
+CONFIDENCE		= INT.CONFIANÇA			##	Retorna o intervalo de confiança para uma média da população
+CORREL			= CORREL			##	Retorna o coeficiente de correlação entre dois conjuntos de dados
+COUNT			= CONT.NÚM			##	Calcula quantos números há na lista de argumentos
+COUNTA			= CONT.VALORES			##	Calcula quantos valores há na lista de argumentos
+COUNTBLANK		= CONTAR.VAZIO			##	Conta o número de células vazias no intervalo especificado
+COUNTIF			= CONT.SE			##	Calcula o número de células não vazias em um intervalo que corresponde a determinados critérios
+COUNTIFS		= CONT.SES			##	Conta o número de células dentro de um intervalo que atende a múltiplos critérios
+COVAR			= COVAR				##	Retorna a covariância, a média dos produtos dos desvios pares
+CRITBINOM		= CRIT.BINOM			##	Retorna o menor valor para o qual a distribuição binomial cumulativa é menor ou igual ao valor padrão
+DEVSQ			= DESVQ				##	Retorna a soma dos quadrados dos desvios
+EXPONDIST		= DISTEXPON			##	Retorna a distribuição exponencial
+FDIST			= DISTF				##	Retorna a distribuição de probabilidade F
+FINV			= INVF				##	Retorna o inverso da distribuição de probabilidades F
+FISHER			= FISHER			##	Retorna a transformação Fisher
+FISHERINV		= FISHERINV			##	Retorna o inverso da transformação Fisher
+FORECAST		= PREVISÃO			##	Retorna um valor ao longo de uma linha reta
+FREQUENCY		= FREQÜÊNCIA			##	Retorna uma distribuição de freqüência como uma matriz vertical
+FTEST			= TESTEF			##	Retorna o resultado de um teste F
+GAMMADIST		= DISTGAMA			##	Retorna a distribuição gama
+GAMMAINV		= INVGAMA			##	Retorna o inverso da distribuição cumulativa gama
+GAMMALN			= LNGAMA			##	Retorna o logaritmo natural da função gama, G(x)
+GEOMEAN			= MÉDIA.GEOMÉTRICA		##	Retorna a média geométrica
+GROWTH			= CRESCIMENTO			##	Retorna valores ao longo de uma tendência exponencial
+HARMEAN			= MÉDIA.HARMÔNICA		##	Retorna a média harmônica
+HYPGEOMDIST		= DIST.HIPERGEOM		##	Retorna a distribuição hipergeométrica
+INTERCEPT		= INTERCEPÇÃO			##	Retorna a intercepção da linha de regressão linear
+KURT			= CURT				##	Retorna a curtose de um conjunto de dados
+LARGE			= MAIOR				##	Retorna o maior valor k-ésimo de um conjunto de dados
+LINEST			= PROJ.LIN			##	Retorna os parâmetros de uma tendência linear
+LOGEST			= PROJ.LOG			##	Retorna os parâmetros de uma tendência exponencial
+LOGINV			= INVLOG			##	Retorna o inverso da distribuição lognormal
+LOGNORMDIST		= DIST.LOGNORMAL		##	Retorna a distribuição lognormal cumulativa
+MAX			= MÁXIMO			##	Retorna o valor máximo em uma lista de argumentos
+MAXA			= MÁXIMOA			##	Retorna o maior valor em uma lista de argumentos, inclusive números, texto e valores lógicos
+MEDIAN			= MED				##	Retorna a mediana dos números indicados
+MIN			= MÍNIMO			##	Retorna o valor mínimo em uma lista de argumentos
+MINA			= MÍNIMOA			##	Retorna o menor valor em uma lista de argumentos, inclusive números, texto e valores lógicos
+MODE			= MODO				##	Retorna o valor mais comum em um conjunto de dados
+NEGBINOMDIST		= DIST.BIN.NEG			##	Retorna a distribuição binomial negativa
+NORMDIST		= DIST.NORM			##	Retorna a distribuição cumulativa normal
+NORMINV			= INV.NORM			##	Retorna o inverso da distribuição cumulativa normal
+NORMSDIST		= DIST.NORMP			##	Retorna a distribuição cumulativa normal padrão
+NORMSINV		= INV.NORMP			##	Retorna o inverso da distribuição cumulativa normal padrão
+PEARSON			= PEARSON			##	Retorna o coeficiente de correlação do momento do produto Pearson
+PERCENTILE		= PERCENTIL			##	Retorna o k-ésimo percentil de valores em um intervalo
+PERCENTRANK		= ORDEM.PORCENTUAL		##	Retorna a ordem percentual de um valor em um conjunto de dados
+PERMUT			= PERMUT			##	Retorna o número de permutações de um determinado número de objetos
+POISSON			= POISSON			##	Retorna a distribuição Poisson
+PROB			= PROB				##	Retorna a probabilidade de valores em um intervalo estarem entre dois limites
+QUARTILE		= QUARTIL			##	Retorna o quartil do conjunto de dados
+RANK			= ORDEM				##	Retorna a posição de um número em uma lista de números
+RSQ			= RQUAD				##	Retorna o quadrado do coeficiente de correlação do momento do produto de Pearson
+SKEW			= DISTORÇÃO			##	Retorna a distorção de uma distribuição
+SLOPE			= INCLINAÇÃO			##	Retorna a inclinação da linha de regressão linear
+SMALL			= MENOR				##	Retorna o menor valor k-ésimo do conjunto de dados
+STANDARDIZE		= PADRONIZAR			##	Retorna um valor normalizado
+STDEV			= DESVPAD			##	Estima o desvio padrão com base em uma amostra
+STDEVA			= DESVPADA			##	Estima o desvio padrão com base em uma amostra, inclusive números, texto e valores lógicos
+STDEVP			= DESVPADP			##	Calcula o desvio padrão com base na população total
+STDEVPA			= DESVPADPA			##	Calcula o desvio padrão com base na população total, inclusive números, texto e valores lógicos
+STEYX			= EPADYX			##	Retorna o erro padrão do valor-y previsto para cada x da regressão
+TDIST			= DISTT				##	Retorna a distribuição t de Student
+TINV			= INVT				##	Retorna o inverso da distribuição t de Student
+TREND			= TENDÊNCIA			##	Retorna valores ao longo de uma tendência linear
+TRIMMEAN		= MÉDIA.INTERNA			##	Retorna a média do interior de um conjunto de dados
+TTEST			= TESTET			##	Retorna a probabilidade associada ao teste t de Student
+VAR			= VAR				##	Estima a variância com base em uma amostra
+VARA			= VARA				##	Estima a variância com base em uma amostra, inclusive números, texto e valores lógicos
+VARP			= VARP				##	Calcula a variância com base na população inteira
+VARPA			= VARPA				##	Calcula a variância com base na população total, inclusive números, texto e valores lógicos
+WEIBULL			= WEIBULL			##	Retorna a distribuição Weibull
+ZTEST			= TESTEZ			##	Retorna o valor de probabilidade uni-caudal de um teste-z
+
+
+##
+##	Text functions			Funções de texto
+##
+ASC			= ASC				##	Altera letras do inglês ou katakana de largura total (bytes duplos) dentro de uma seqüência de caracteres para caracteres de meia largura (byte único)
+BAHTTEXT		= BAHTTEXT			##	Converte um número em um texto, usando o formato de moeda ß (baht)
+CHAR			= CARACT			##	Retorna o caractere especificado pelo número de código
+CLEAN			= TIRAR				##	Remove todos os caracteres do texto que não podem ser impressos
+CODE			= CÓDIGO			##	Retorna um código numérico para o primeiro caractere de uma seqüência de caracteres de texto
+CONCATENATE		= CONCATENAR			##	Agrupa vários itens de texto em um único item de texto
+DOLLAR			= MOEDA				##	Converte um número em texto, usando o formato de moeda $ (dólar)
+EXACT			= EXATO				##	Verifica se dois valores de texto são idênticos
+FIND			= PROCURAR			##	Procura um valor de texto dentro de outro (diferencia maiúsculas de minúsculas)
+FINDB			= PROCURARB			##	Procura um valor de texto dentro de outro (diferencia maiúsculas de minúsculas)
+FIXED			= DEF.NÚM.DEC			##	Formata um número como texto com um número fixo de decimais
+JIS			= JIS				##	Altera letras do inglês ou katakana de meia largura (byte único) dentro de uma seqüência de caracteres para caracteres de largura total (bytes duplos)
+LEFT			= ESQUERDA			##	Retorna os caracteres mais à esquerda de um valor de texto
+LEFTB			= ESQUERDAB			##	Retorna os caracteres mais à esquerda de um valor de texto
+LEN			= NÚM.CARACT			##	Retorna o número de caracteres em uma seqüência de texto
+LENB			= NÚM.CARACTB			##	Retorna o número de caracteres em uma seqüência de texto
+LOWER			= MINÚSCULA			##	Converte texto para minúsculas
+MID			= EXT.TEXTO			##	Retorna um número específico de caracteres de uma seqüência de texto começando na posição especificada
+MIDB			= EXT.TEXTOB			##	Retorna um número específico de caracteres de uma seqüência de texto começando na posição especificada
+PHONETIC		= FONÉTICA			##	Extrai os caracteres fonéticos (furigana) de uma seqüência de caracteres de texto
+PROPER			= PRI.MAIÚSCULA			##	Coloca a primeira letra de cada palavra em maiúscula em um valor de texto
+REPLACE			= MUDAR				##	Muda os caracteres dentro do texto
+REPLACEB		= MUDARB			##	Muda os caracteres dentro do texto
+REPT			= REPT				##	Repete o texto um determinado número de vezes
+RIGHT			= DIREITA			##	Retorna os caracteres mais à direita de um valor de texto
+RIGHTB			= DIREITAB			##	Retorna os caracteres mais à direita de um valor de texto
+SEARCH			= LOCALIZAR			##	Localiza um valor de texto dentro de outro (não diferencia maiúsculas de minúsculas)
+SEARCHB			= LOCALIZARB			##	Localiza um valor de texto dentro de outro (não diferencia maiúsculas de minúsculas)
+SUBSTITUTE		= SUBSTITUIR			##	Substitui um novo texto por um texto antigo em uma seqüência de texto
+T			= T				##	Converte os argumentos em texto
+TEXT			= TEXTO				##	Formata um número e o converte em texto
+TRIM			= ARRUMAR			##	Remove espaços do texto
+UPPER			= MAIÚSCULA			##	Converte o texto em maiúsculas
+VALUE			= VALOR				##	Converte um argumento de texto em um número
diff --git a/lib/PHPExcel/locale/pt/functions b/lib/PHPExcel/locale/pt/functions
index 7fe9e3b58..ba4eb471b 100644
--- a/lib/PHPExcel/locale/pt/functions
+++ b/lib/PHPExcel/locale/pt/functions
@@ -1,408 +1,408 @@
-##
-##	Add-in and Automation functions			Funções de Suplemento e Automatização
-##
-GETPIVOTDATA		= OBTERDADOSDIN			##	Devolve dados armazenados num relatório de Tabela Dinâmica
-
-
-##
-##	Cube functions					Funções de cubo
-##
-CUBEKPIMEMBER		= MEMBROKPICUBO			##	Devolve o nome, propriedade e medição de um KPI (key performance indicator) e apresenta o nome e a propriedade na célula. Um KPI é uma medida quantificável, como, por exemplo, o lucro mensal bruto ou a rotatividade trimestral de pessoal, utilizada para monitorizar o desempenho de uma organização.
-CUBEMEMBER		= MEMBROCUBO			##	Devolve um membro ou cadeia de identificação numa hierarquia de cubo. Utilizada para validar a existência do membro ou cadeia de identificação no cubo.
-CUBEMEMBERPROPERTY	= PROPRIEDADEMEMBROCUBO		##	Devolve o valor de uma propriedade de membro no cubo. Utilizada para validar a existência de um nome de membro no cubo e para devolver a propriedade especificada para esse membro.
-CUBERANKEDMEMBER	= MEMBROCLASSIFICADOCUBO	##	Devolve o enésimo ou a classificação mais alta num conjunto. Utilizada para devolver um ou mais elementos num conjunto, tal como o melhor vendedor ou os 10 melhores alunos.
-CUBESET			= CONJUNTOCUBO			##	Define um conjunto calculado de membros ou cadeias de identificação enviando uma expressão de conjunto para o cubo no servidor, que cria o conjunto e, em seguida, devolve o conjunto ao Microsoft Office Excel.
-CUBESETCOUNT		= CONTARCONJUNTOCUBO		##	Devolve o número de itens num conjunto.
-CUBEVALUE		= VALORCUBO			##	Devolve um valor agregado do cubo.
-
-
-##
-##	Database functions				Funções de base de dados
-##
-DAVERAGE		= BDMÉDIA			##	Devolve a média das entradas da base de dados seleccionadas
-DCOUNT			= BDCONTAR			##	Conta as células que contêm números numa base de dados
-DCOUNTA			= BDCONTAR.VAL			##	Conta as células que não estejam em branco numa base de dados
-DGET			= BDOBTER			##	Extrai de uma base de dados um único registo que corresponde aos critérios especificados
-DMAX			= BDMÁX				##	Devolve o valor máximo das entradas da base de dados seleccionadas
-DMIN			= BDMÍN				##	Devolve o valor mínimo das entradas da base de dados seleccionadas
-DPRODUCT		= BDMULTIPL			##	Multiplica os valores de um determinado campo de registos que correspondem aos critérios numa base de dados
-DSTDEV			= BDDESVPAD			##	Calcula o desvio-padrão com base numa amostra de entradas da base de dados seleccionadas
-DSTDEVP			= BDDESVPADP			##	Calcula o desvio-padrão com base na população total das entradas da base de dados seleccionadas
-DSUM			= BDSOMA			##	Adiciona os números na coluna de campo dos registos de base de dados que correspondem aos critérios
-DVAR			= BDVAR				##	Calcula a variância com base numa amostra das entradas de base de dados seleccionadas
-DVARP			= BDVARP			##	Calcula a variância com base na população total das entradas de base de dados seleccionadas
-
-
-##
-##	Date and time functions				Funções de data e hora
-##
-DATE			= DATA				##	Devolve o número de série de uma determinada data
-DATEVALUE		= DATA.VALOR			##	Converte uma data em forma de texto num número de série
-DAY			= DIA				##	Converte um número de série num dia do mês
-DAYS360			= DIAS360			##	Calcula o número de dias entre duas datas com base num ano com 360 dias
-EDATE			= DATAM				##	Devolve um número de série de data que corresponde ao número de meses indicado antes ou depois da data de início
-EOMONTH			= FIMMÊS			##	Devolve o número de série do último dia do mês antes ou depois de um número de meses especificado
-HOUR			= HORA				##	Converte um número de série numa hora
-MINUTE			= MINUTO			##	Converte um número de série num minuto
-MONTH			= MÊS				##	Converte um número de série num mês
-NETWORKDAYS		= DIATRABALHOTOTAL		##	Devolve o número total de dias úteis entre duas datas
-NOW			= AGORA				##	Devolve o número de série da data e hora actuais
-SECOND			= SEGUNDO			##	Converte um número de série num segundo
-TIME			= TEMPO				##	Devolve o número de série de um determinado tempo
-TIMEVALUE		= VALOR.TEMPO			##	Converte um tempo em forma de texto num número de série
-TODAY			= HOJE				##	Devolve o número de série da data actual
-WEEKDAY			= DIA.SEMANA			##	Converte um número de série num dia da semana
-WEEKNUM			= NÚMSEMANA			##	Converte um número de série num número que representa o número da semana num determinado ano
-WORKDAY			= DIA.TRABALHO			##	Devolve o número de série da data antes ou depois de um número de dias úteis especificado
-YEAR			= ANO				##	Converte um número de série num ano
-YEARFRAC		= FRACÇÃOANO			##	Devolve a fracção de ano que representa o número de dias inteiros entre a data_de_início e a data_de_fim
-
-
-##
-##	Engineering functions				Funções de engenharia
-##
-BESSELI			= BESSELI			##	Devolve a função de Bessel modificada In(x)
-BESSELJ			= BESSELJ			##	Devolve a função de Bessel Jn(x)
-BESSELK			= BESSELK			##	Devolve a função de Bessel modificada Kn(x)
-BESSELY			= BESSELY			##	Devolve a função de Bessel Yn(x)
-BIN2DEC			= BINADEC			##	Converte um número binário em decimal
-BIN2HEX			= BINAHEX			##	Converte um número binário em hexadecimal
-BIN2OCT			= BINAOCT			##	Converte um número binário em octal
-COMPLEX			= COMPLEXO			##	Converte coeficientes reais e imaginários num número complexo
-CONVERT			= CONVERTER			##	Converte um número de um sistema de medida noutro
-DEC2BIN			= DECABIN			##	Converte um número decimal em binário
-DEC2HEX			= DECAHEX			##	Converte um número decimal em hexadecimal
-DEC2OCT			= DECAOCT			##	Converte um número decimal em octal
-DELTA			= DELTA				##	Testa se dois valores são iguais
-ERF			= FUNCERRO			##	Devolve a função de erro
-ERFC			= FUNCERROCOMPL			##	Devolve a função de erro complementar
-GESTEP			= DEGRAU			##	Testa se um número é maior do que um valor limite
-HEX2BIN			= HEXABIN			##	Converte um número hexadecimal em binário
-HEX2DEC			= HEXADEC			##	Converte um número hexadecimal em decimal
-HEX2OCT			= HEXAOCT			##	Converte um número hexadecimal em octal
-IMABS			= IMABS				##	Devolve o valor absoluto (módulo) de um número complexo
-IMAGINARY		= IMAGINÁRIO			##	Devolve o coeficiente imaginário de um número complexo
-IMARGUMENT		= IMARG				##	Devolve o argumento Teta, um ângulo expresso em radianos
-IMCONJUGATE		= IMCONJ			##	Devolve o conjugado complexo de um número complexo
-IMCOS			= IMCOS				##	Devolve o co-seno de um número complexo
-IMDIV			= IMDIV				##	Devolve o quociente de dois números complexos
-IMEXP			= IMEXP				##	Devolve o exponencial de um número complexo
-IMLN			= IMLN				##	Devolve o logaritmo natural de um número complexo
-IMLOG10			= IMLOG10			##	Devolve o logaritmo de base 10 de um número complexo
-IMLOG2			= IMLOG2			##	Devolve o logaritmo de base 2 de um número complexo
-IMPOWER			= IMPOT				##	Devolve um número complexo elevado a uma potência inteira
-IMPRODUCT		= IMPROD			##	Devolve o produto de números complexos
-IMREAL			= IMREAL			##	Devolve o coeficiente real de um número complexo
-IMSIN			= IMSENO			##	Devolve o seno de um número complexo
-IMSQRT			= IMRAIZ			##	Devolve a raiz quadrada de um número complexo
-IMSUB			= IMSUBTR			##	Devolve a diferença entre dois números complexos
-IMSUM			= IMSOMA			##	Devolve a soma de números complexos
-OCT2BIN			= OCTABIN			##	Converte um número octal em binário
-OCT2DEC			= OCTADEC			##	Converte um número octal em decimal
-OCT2HEX			= OCTAHEX			##	Converte um número octal em hexadecimal
-
-
-##
-##	Financial functions				Funções financeiras
-##
-ACCRINT			= JUROSACUM			##	Devolve os juros acumulados de um título que paga juros periódicos
-ACCRINTM		= JUROSACUMV			##	Devolve os juros acumulados de um título que paga juros no vencimento
-AMORDEGRC		= AMORDEGRC			##	Devolve a depreciação correspondente a cada período contabilístico utilizando um coeficiente de depreciação
-AMORLINC		= AMORLINC			##	Devolve a depreciação correspondente a cada período contabilístico
-COUPDAYBS		= CUPDIASINLIQ			##	Devolve o número de dias entre o início do período do cupão e a data de regularização
-COUPDAYS		= CUPDIAS			##	Devolve o número de dias no período do cupão que contém a data de regularização
-COUPDAYSNC		= CUPDIASPRÓX			##	Devolve o número de dias entre a data de regularização e a data do cupão seguinte
-COUPNCD			= CUPDATAPRÓX			##	Devolve a data do cupão seguinte após a data de regularização
-COUPNUM			= CUPNÚM			##	Devolve o número de cupões a serem pagos entre a data de regularização e a data de vencimento
-COUPPCD			= CUPDATAANT			##	Devolve a data do cupão anterior antes da data de regularização
-CUMIPMT			= PGTOJURACUM			##	Devolve os juros cumulativos pagos entre dois períodos
-CUMPRINC		= PGTOCAPACUM			##	Devolve o capital cumulativo pago a título de empréstimo entre dois períodos
-DB			= BD				##	Devolve a depreciação de um activo relativo a um período especificado utilizando o método das quotas degressivas fixas
-DDB			= BDD				##	Devolve a depreciação de um activo relativo a um período especificado utilizando o método das quotas degressivas duplas ou qualquer outro método especificado
-DISC			= DESC				##	Devolve a taxa de desconto de um título
-DOLLARDE		= MOEDADEC			##	Converte um preço em unidade monetária, expresso como uma fracção, num preço em unidade monetária, expresso como um número decimal
-DOLLARFR		= MOEDAFRA			##	Converte um preço em unidade monetária, expresso como um número decimal, num preço em unidade monetária, expresso como uma fracção
-DURATION		= DURAÇÃO			##	Devolve a duração anual de um título com pagamentos de juros periódicos
-EFFECT			= EFECTIVA			##	Devolve a taxa de juros anual efectiva
-FV			= VF				##	Devolve o valor futuro de um investimento
-FVSCHEDULE		= VFPLANO			##	Devolve o valor futuro de um capital inicial após a aplicação de uma série de taxas de juro compostas
-INTRATE			= TAXAJUROS			##	Devolve a taxa de juros de um título investido na totalidade
-IPMT			= IPGTO				##	Devolve o pagamento dos juros de um investimento durante um determinado período
-IRR			= TIR				##	Devolve a taxa de rentabilidade interna para uma série de fluxos monetários
-ISPMT			= É.PGTO			##	Calcula os juros pagos durante um período específico de um investimento
-MDURATION		= MDURAÇÃO			##	Devolve a duração modificada de Macauley de um título com um valor de paridade equivalente a € 100
-MIRR			= MTIR				##	Devolve a taxa interna de rentabilidade em que os fluxos monetários positivos e negativos são financiados com taxas diferentes
-NOMINAL			= NOMINAL			##	Devolve a taxa de juros nominal anual
-NPER			= NPER				##	Devolve o número de períodos de um investimento
-NPV			= VAL				##	Devolve o valor actual líquido de um investimento com base numa série de fluxos monetários periódicos e numa taxa de desconto
-ODDFPRICE		= PREÇOPRIMINC			##	Devolve o preço por € 100 do valor nominal de um título com um período inicial incompleto
-ODDFYIELD		= LUCROPRIMINC			##	Devolve o lucro de um título com um período inicial incompleto
-ODDLPRICE		= PREÇOÚLTINC			##	Devolve o preço por € 100 do valor nominal de um título com um período final incompleto
-ODDLYIELD		= LUCROÚLTINC			##	Devolve o lucro de um título com um período final incompleto
-PMT			= PGTO				##	Devolve o pagamento periódico de uma anuidade
-PPMT			= PPGTO				##	Devolve o pagamento sobre o capital de um investimento num determinado período
-PRICE			= PREÇO				##	Devolve o preço por € 100 do valor nominal de um título que paga juros periódicos
-PRICEDISC		= PREÇODESC			##	Devolve o preço por € 100 do valor nominal de um título descontado
-PRICEMAT		= PREÇOVENC			##	Devolve o preço por € 100 do valor nominal de um título que paga juros no vencimento
-PV			= VA				##	Devolve o valor actual de um investimento
-RATE			= TAXA				##	Devolve a taxa de juros por período de uma anuidade
-RECEIVED		= RECEBER			##	Devolve o montante recebido no vencimento de um título investido na totalidade
-SLN			= AMORT				##	Devolve uma depreciação linear de um activo durante um período
-SYD			= AMORTD			##	Devolve a depreciação por algarismos da soma dos anos de um activo durante um período especificado
-TBILLEQ			= OTN				##	Devolve o lucro de um título equivalente a uma Obrigação do Tesouro
-TBILLPRICE		= OTNVALOR			##	Devolve o preço por € 100 de valor nominal de uma Obrigação do Tesouro
-TBILLYIELD		= OTNLUCRO			##	Devolve o lucro de uma Obrigação do Tesouro
-VDB			= BDV				##	Devolve a depreciação de um activo relativo a um período específico ou parcial utilizando um método de quotas degressivas
-XIRR			= XTIR				##	Devolve a taxa interna de rentabilidade de um plano de fluxos monetários que não seja necessariamente periódica
-XNPV			= XVAL				##	Devolve o valor actual líquido de um plano de fluxos monetários que não seja necessariamente periódico
-YIELD			= LUCRO				##	Devolve o lucro de um título que paga juros periódicos
-YIELDDISC		= LUCRODESC			##	Devolve o lucro anual de um título emitido abaixo do valor nominal, por exemplo, uma Obrigação do Tesouro
-YIELDMAT		= LUCROVENC			##	Devolve o lucro anual de um título que paga juros na data de vencimento
-
-
-##
-##	Information functions				Funções de informação
-##
-CELL			= CÉL				##	Devolve informações sobre a formatação, localização ou conteúdo de uma célula
-ERROR.TYPE		= TIPO.ERRO			##	Devolve um número correspondente a um tipo de erro
-INFO			= INFORMAÇÃO			##	Devolve informações sobre o ambiente de funcionamento actual
-ISBLANK			= É.CÉL.VAZIA			##	Devolve VERDADEIRO se o valor estiver em branco
-ISERR			= É.ERROS			##	Devolve VERDADEIRO se o valor for um valor de erro diferente de #N/D
-ISERROR			= É.ERRO			##	Devolve VERDADEIRO se o valor for um valor de erro
-ISEVEN			= ÉPAR				##	Devolve VERDADEIRO se o número for par
-ISLOGICAL		= É.LÓGICO			##	Devolve VERDADEIRO se o valor for lógico
-ISNA			= É.NÃO.DISP			##	Devolve VERDADEIRO se o valor for o valor de erro #N/D
-ISNONTEXT		= É.NÃO.TEXTO			##	Devolve VERDADEIRO se o valor não for texto
-ISNUMBER		= É.NÚM				##	Devolve VERDADEIRO se o valor for um número
-ISODD			= ÉÍMPAR			##	Devolve VERDADEIRO se o número for ímpar
-ISREF			= É.REF				##	Devolve VERDADEIRO se o valor for uma referência
-ISTEXT			= É.TEXTO			##	Devolve VERDADEIRO se o valor for texto
-N			= N				##	Devolve um valor convertido num número
-NA			= NÃO.DISP			##	Devolve o valor de erro #N/D
-TYPE			= TIPO				##	Devolve um número que indica o tipo de dados de um valor
-
-
-##
-##	Logical functions				Funções lógicas
-##
-AND			= E				##	Devolve VERDADEIRO se todos os respectivos argumentos corresponderem a VERDADEIRO
-FALSE			= FALSO				##	Devolve o valor lógico FALSO
-IF			= SE				##	Especifica um teste lógico a ser executado
-IFERROR			= SE.ERRO			##	Devolve um valor definido pelo utilizador se ocorrer um erro na fórmula, e devolve o resultado da fórmula se não ocorrer nenhum erro
-NOT			= NÃO				##	Inverte a lógica do respectivo argumento
-OR			= OU				##	Devolve VERDADEIRO se qualquer argumento for VERDADEIRO
-TRUE			= VERDADEIRO			##	Devolve o valor lógico VERDADEIRO
-
-
-##
-##	Lookup and reference functions			Funções de pesquisa e referência
-##
-ADDRESS			= ENDEREÇO			##	Devolve uma referência a uma única célula numa folha de cálculo como texto
-AREAS			= ÁREAS				##	Devolve o número de áreas numa referência
-CHOOSE			= SELECCIONAR			##	Selecciona um valor a partir de uma lista de valores
-COLUMN			= COL				##	Devolve o número da coluna de uma referência
-COLUMNS			= COLS				##	Devolve o número de colunas numa referência
-HLOOKUP			= PROCH				##	Procura na linha superior de uma matriz e devolve o valor da célula indicada
-HYPERLINK		= HIPERLIGAÇÃO			##	Cria um atalho ou hiperligação que abre um documento armazenado num servidor de rede, numa intranet ou na Internet
-INDEX			= ÍNDICE			##	Utiliza um índice para escolher um valor de uma referência ou de uma matriz
-INDIRECT		= INDIRECTO			##	Devolve uma referência indicada por um valor de texto
-LOOKUP			= PROC				##	Procura valores num vector ou numa matriz
-MATCH			= CORRESP			##	Procura valores numa referência ou numa matriz
-OFFSET			= DESLOCAMENTO			##	Devolve o deslocamento de referência de uma determinada referência
-ROW			= LIN				##	Devolve o número da linha de uma referência
-ROWS			= LINS				##	Devolve o número de linhas numa referência
-RTD			= RTD				##	Obtém dados em tempo real a partir de um programa que suporte automatização COM (automatização: modo de trabalhar com objectos de uma aplicação a partir de outra aplicação ou ferramenta de desenvolvimento. Anteriormente conhecida como automatização OLE, a automatização é uma norma da indústria de software e uma funcionalidade COM (Component Object Model).)
-TRANSPOSE		= TRANSPOR			##	Devolve a transposição de uma matriz
-VLOOKUP			= PROCV				##	Procura na primeira coluna de uma matriz e percorre a linha para devolver o valor de uma célula
-
-
-##
-##	Math and trigonometry functions			Funções matemáticas e trigonométricas
-##
-ABS			= ABS				##	Devolve o valor absoluto de um número
-ACOS			= ACOS				##	Devolve o arco de co-seno de um número
-ACOSH			= ACOSH				##	Devolve o co-seno hiperbólico inverso de um número
-ASIN			= ASEN				##	Devolve o arco de seno de um número
-ASINH			= ASENH				##	Devolve o seno hiperbólico inverso de um número
-ATAN			= ATAN				##	Devolve o arco de tangente de um número
-ATAN2			= ATAN2				##	Devolve o arco de tangente das coordenadas x e y
-ATANH			= ATANH				##	Devolve a tangente hiperbólica inversa de um número
-CEILING			= ARRED.EXCESSO			##	Arredonda um número para o número inteiro mais próximo ou para o múltiplo de significância mais próximo
-COMBIN			= COMBIN			##	Devolve o número de combinações de um determinado número de objectos
-COS			= COS				##	Devolve o co-seno de um número
-COSH			= COSH				##	Devolve o co-seno hiperbólico de um número
-DEGREES			= GRAUS				##	Converte radianos em graus
-EVEN			= PAR				##	Arredonda um número por excesso para o número inteiro mais próximo
-EXP			= EXP				##	Devolve e elevado à potência de um determinado número
-FACT			= FACTORIAL			##	Devolve o factorial de um número
-FACTDOUBLE		= FACTDUPLO			##	Devolve o factorial duplo de um número
-FLOOR			= ARRED.DEFEITO			##	Arredonda um número por defeito até zero
-GCD			= MDC				##	Devolve o maior divisor comum
-INT			= INT				##	Arredonda um número por defeito para o número inteiro mais próximo
-LCM			= MMC				##	Devolve o mínimo múltiplo comum
-LN			= LN				##	Devolve o logaritmo natural de um número
-LOG			= LOG				##	Devolve o logaritmo de um número com uma base especificada
-LOG10			= LOG10				##	Devolve o logaritmo de base 10 de um número
-MDETERM			= MATRIZ.DETERM			##	Devolve o determinante matricial de uma matriz
-MINVERSE		= MATRIZ.INVERSA		##	Devolve o inverso matricial de uma matriz
-MMULT			= MATRIZ.MULT			##	Devolve o produto matricial de duas matrizes
-MOD			= RESTO				##	Devolve o resto da divisão
-MROUND			= MARRED			##	Devolve um número arredondado para o múltiplo pretendido
-MULTINOMIAL		= POLINOMIAL			##	Devolve o polinomial de um conjunto de números
-ODD			= ÍMPAR				##	Arredonda por excesso um número para o número inteiro ímpar mais próximo
-PI			= PI				##	Devolve o valor de pi
-POWER			= POTÊNCIA			##	Devolve o resultado de um número elevado a uma potência
-PRODUCT			= PRODUTO			##	Multiplica os respectivos argumentos
-QUOTIENT		= QUOCIENTE			##	Devolve a parte inteira de uma divisão
-RADIANS			= RADIANOS			##	Converte graus em radianos
-RAND			= ALEATÓRIO			##	Devolve um número aleatório entre 0 e 1
-RANDBETWEEN		= ALEATÓRIOENTRE		##	Devolve um número aleatório entre os números especificados
-ROMAN			= ROMANO			##	Converte um número árabe em romano, como texto
-ROUND			= ARRED				##	Arredonda um número para um número de dígitos especificado
-ROUNDDOWN		= ARRED.PARA.BAIXO		##	Arredonda um número por defeito até zero
-ROUNDUP			= ARRED.PARA.CIMA		##	Arredonda um número por excesso, afastando-o de zero
-SERIESSUM		= SOMASÉRIE			##	Devolve a soma de uma série de potências baseada na fórmula
-SIGN			= SINAL				##	Devolve o sinal de um número
-SIN			= SEN				##	Devolve o seno de um determinado ângulo
-SINH			= SENH				##	Devolve o seno hiperbólico de um número
-SQRT			= RAIZQ				##	Devolve uma raiz quadrada positiva
-SQRTPI			= RAIZPI			##	Devolve a raiz quadrada de (núm * pi)
-SUBTOTAL		= SUBTOTAL			##	Devolve um subtotal numa lista ou base de dados
-SUM			= SOMA				##	Adiciona os respectivos argumentos
-SUMIF			= SOMA.SE			##	Adiciona as células especificadas por um determinado critério
-SUMIFS			= SOMA.SE.S			##	Adiciona as células num intervalo que cumpre vários critérios
-SUMPRODUCT		= SOMARPRODUTO			##	Devolve a soma dos produtos de componentes de matrizes correspondentes
-SUMSQ			= SOMARQUAD			##	Devolve a soma dos quadrados dos argumentos
-SUMX2MY2		= SOMAX2DY2			##	Devolve a soma da diferença dos quadrados dos valores correspondentes em duas matrizes
-SUMX2PY2		= SOMAX2SY2			##	Devolve a soma da soma dos quadrados dos valores correspondentes em duas matrizes
-SUMXMY2			= SOMAXMY2			##	Devolve a soma dos quadrados da diferença dos valores correspondentes em duas matrizes
-TAN			= TAN				##	Devolve a tangente de um número
-TANH			= TANH				##	Devolve a tangente hiperbólica de um número
-TRUNC			= TRUNCAR			##	Trunca um número para um número inteiro
-
-
-##
-##	Statistical functions				Funções estatísticas
-##
-AVEDEV			= DESV.MÉDIO			##	Devolve a média aritmética dos desvios absolutos à média dos pontos de dados
-AVERAGE			= MÉDIA				##	Devolve a média dos respectivos argumentos
-AVERAGEA		= MÉDIAA			##	Devolve uma média dos respectivos argumentos, incluindo números, texto e valores lógicos
-AVERAGEIF		= MÉDIA.SE			##	Devolve a média aritmética de todas as células num intervalo que cumprem determinado critério
-AVERAGEIFS		= MÉDIA.SE.S			##	Devolve a média aritmética de todas as células que cumprem múltiplos critérios
-BETADIST		= DISTBETA			##	Devolve a função de distribuição cumulativa beta
-BETAINV			= BETA.ACUM.INV			##	Devolve o inverso da função de distribuição cumulativa relativamente a uma distribuição beta específica
-BINOMDIST		= DISTRBINOM			##	Devolve a probabilidade de distribuição binomial de termo individual
-CHIDIST			= DIST.CHI			##	Devolve a probabilidade unicaudal da distribuição qui-quadrada
-CHIINV			= INV.CHI			##	Devolve o inverso da probabilidade unicaudal da distribuição qui-quadrada
-CHITEST			= TESTE.CHI			##	Devolve o teste para independência
-CONFIDENCE		= INT.CONFIANÇA			##	Devolve o intervalo de confiança correspondente a uma média de população
-CORREL			= CORREL			##	Devolve o coeficiente de correlação entre dois conjuntos de dados
-COUNT			= CONTAR			##	Conta os números que existem na lista de argumentos
-COUNTA			= CONTAR.VAL			##	Conta os valores que existem na lista de argumentos
-COUNTBLANK		= CONTAR.VAZIO			##	Conta o número de células em branco num intervalo
-COUNTIF			= CONTAR.SE			##	Calcula o número de células num intervalo que corresponde aos critérios determinados
-COUNTIFS		= CONTAR.SE.S			##	Conta o número de células num intervalo que cumprem múltiplos critérios
-COVAR			= COVAR				##	Devolve a covariância, que é a média dos produtos de desvios de pares
-CRITBINOM		= CRIT.BINOM			##	Devolve o menor valor em que a distribuição binomial cumulativa é inferior ou igual a um valor de critério
-DEVSQ			= DESVQ				##	Devolve a soma dos quadrados dos desvios
-EXPONDIST		= DISTEXPON			##	Devolve a distribuição exponencial
-FDIST			= DISTF				##	Devolve a distribuição da probabilidade F
-FINV			= INVF				##	Devolve o inverso da distribuição da probabilidade F
-FISHER			= FISHER			##	Devolve a transformação Fisher
-FISHERINV		= FISHERINV			##	Devolve o inverso da transformação Fisher
-FORECAST		= PREVISÃO			##	Devolve um valor ao longo de uma tendência linear
-FREQUENCY		= FREQUÊNCIA			##	Devolve uma distribuição de frequência como uma matriz vertical
-FTEST			= TESTEF			##	Devolve o resultado de um teste F
-GAMMADIST		= DISTGAMA			##	Devolve a distribuição gama
-GAMMAINV		= INVGAMA			##	Devolve o inverso da distribuição gama cumulativa
-GAMMALN			= LNGAMA			##	Devolve o logaritmo natural da função gama, Γ(x)
-GEOMEAN			= MÉDIA.GEOMÉTRICA		##	Devolve a média geométrica
-GROWTH			= CRESCIMENTO			##	Devolve valores ao longo de uma tendência exponencial
-HARMEAN			= MÉDIA.HARMÓNICA		##	Devolve a média harmónica
-HYPGEOMDIST		= DIST.HIPERGEOM		##	Devolve a distribuição hipergeométrica
-INTERCEPT		= INTERCEPTAR			##	Devolve a intercepção da linha de regressão linear
-KURT			= CURT				##	Devolve a curtose de um conjunto de dados
-LARGE			= MAIOR				##	Devolve o maior valor k-ésimo de um conjunto de dados
-LINEST			= PROJ.LIN			##	Devolve os parâmetros de uma tendência linear
-LOGEST			= PROJ.LOG			##	Devolve os parâmetros de uma tendência exponencial
-LOGINV			= INVLOG			##	Devolve o inverso da distribuição normal logarítmica
-LOGNORMDIST		= DIST.NORMALLOG		##	Devolve a distribuição normal logarítmica cumulativa
-MAX			= MÁXIMO			##	Devolve o valor máximo numa lista de argumentos
-MAXA			= MÁXIMOA			##	Devolve o valor máximo numa lista de argumentos, incluindo números, texto e valores lógicos
-MEDIAN			= MED				##	Devolve a mediana dos números indicados
-MIN			= MÍNIMO			##	Devolve o valor mínimo numa lista de argumentos
-MINA			= MÍNIMOA			##	Devolve o valor mínimo numa lista de argumentos, incluindo números, texto e valores lógicos
-MODE			= MODA				##	Devolve o valor mais comum num conjunto de dados
-NEGBINOMDIST		= DIST.BIN.NEG			##	Devolve a distribuição binominal negativa
-NORMDIST		= DIST.NORM			##	Devolve a distribuição cumulativa normal
-NORMINV			= INV.NORM			##	Devolve o inverso da distribuição cumulativa normal
-NORMSDIST		= DIST.NORMP			##	Devolve a distribuição cumulativa normal padrão
-NORMSINV		= INV.NORMP			##	Devolve o inverso da distribuição cumulativa normal padrão
-PEARSON			= PEARSON			##	Devolve o coeficiente de correlação momento/produto de Pearson
-PERCENTILE		= PERCENTIL			##	Devolve o k-ésimo percentil de valores num intervalo
-PERCENTRANK		= ORDEM.PERCENTUAL		##	Devolve a ordem percentual de um valor num conjunto de dados
-PERMUT			= PERMUTAR			##	Devolve o número de permutações de um determinado número de objectos
-POISSON			= POISSON			##	Devolve a distribuição de Poisson
-PROB			= PROB				##	Devolve a probabilidade dos valores num intervalo se encontrarem entre dois limites
-QUARTILE		= QUARTIL			##	Devolve o quartil de um conjunto de dados
-RANK			= ORDEM				##	Devolve a ordem de um número numa lista numérica
-RSQ			= RQUAD				##	Devolve o quadrado do coeficiente de correlação momento/produto de Pearson
-SKEW			= DISTORÇÃO			##	Devolve a distorção de uma distribuição
-SLOPE			= DECLIVE			##	Devolve o declive da linha de regressão linear
-SMALL			= MENOR				##	Devolve o menor valor de k-ésimo de um conjunto de dados
-STANDARDIZE		= NORMALIZAR			##	Devolve um valor normalizado
-STDEV			= DESVPAD			##	Calcula o desvio-padrão com base numa amostra
-STDEVA			= DESVPADA			##	Calcula o desvio-padrão com base numa amostra, incluindo números, texto e valores lógicos
-STDEVP			= DESVPADP			##	Calcula o desvio-padrão com base na população total
-STDEVPA			= DESVPADPA			##	Calcula o desvio-padrão com base na população total, incluindo números, texto e valores lógicos
-STEYX			= EPADYX			##	Devolve o erro-padrão do valor de y previsto para cada x na regressão
-TDIST			= DISTT				##	Devolve a distribuição t de Student
-TINV			= INVT				##	Devolve o inverso da distribuição t de Student
-TREND			= TENDÊNCIA			##	Devolve valores ao longo de uma tendência linear
-TRIMMEAN		= MÉDIA.INTERNA			##	Devolve a média do interior de um conjunto de dados
-TTEST			= TESTET			##	Devolve a probabilidade associada ao teste t de Student
-VAR			= VAR				##	Calcula a variância com base numa amostra
-VARA			= VARA				##	Calcula a variância com base numa amostra, incluindo números, texto e valores lógicos
-VARP			= VARP				##	Calcula a variância com base na população total
-VARPA			= VARPA				##	Calcula a variância com base na população total, incluindo números, texto e valores lógicos
-WEIBULL			= WEIBULL			##	Devolve a distribuição Weibull
-ZTEST			= TESTEZ			##	Devolve o valor de probabilidade unicaudal de um teste-z
-
-
-##
-##	Text functions					Funções de texto
-##
-ASC			= ASC				##	Altera letras ou katakana de largura total (byte duplo) numa cadeia de caracteres para caracteres de largura média (byte único)
-BAHTTEXT		= TEXTO.BAHT			##	Converte um número em texto, utilizando o formato monetário ß (baht)
-CHAR			= CARÁCT			##	Devolve o carácter especificado pelo número de código
-CLEAN			= LIMPAR			##	Remove do texto todos os caracteres não imprimíveis
-CODE			= CÓDIGO			##	Devolve um código numérico correspondente ao primeiro carácter numa cadeia de texto
-CONCATENATE		= CONCATENAR			##	Agrupa vários itens de texto num único item de texto
-DOLLAR			= MOEDA				##	Converte um número em texto, utilizando o formato monetário € (Euro)
-EXACT			= EXACTO			##	Verifica se dois valores de texto são idênticos
-FIND			= LOCALIZAR			##	Localiza um valor de texto dentro de outro (sensível às maiúsculas e minúsculas)
-FINDB			= LOCALIZARB			##	Localiza um valor de texto dentro de outro (sensível às maiúsculas e minúsculas)
-FIXED			= FIXA				##	Formata um número como texto com um número fixo de decimais
-JIS			= JIS				##	Altera letras ou katakana de largura média (byte único) numa cadeia de caracteres para caracteres de largura total (byte duplo)
-LEFT			= ESQUERDA			##	Devolve os caracteres mais à esquerda de um valor de texto
-LEFTB			= ESQUERDAB			##	Devolve os caracteres mais à esquerda de um valor de texto
-LEN			= NÚM.CARACT			##	Devolve o número de caracteres de uma cadeia de texto
-LENB			= NÚM.CARACTB			##	Devolve o número de caracteres de uma cadeia de texto
-LOWER			= MINÚSCULAS			##	Converte o texto em minúsculas
-MID			= SEG.TEXTO			##	Devolve um número específico de caracteres de uma cadeia de texto, a partir da posição especificada
-MIDB			= SEG.TEXTOB			##	Devolve um número específico de caracteres de uma cadeia de texto, a partir da posição especificada
-PHONETIC		= FONÉTICA			##	Retira os caracteres fonéticos (furigana) de uma cadeia de texto
-PROPER			= INICIAL.MAIÚSCULA		##	Coloca em maiúsculas a primeira letra de cada palavra de um valor de texto
-REPLACE			= SUBSTITUIR			##	Substitui caracteres no texto
-REPLACEB		= SUBSTITUIRB			##	Substitui caracteres no texto
-REPT			= REPETIR			##	Repete texto um determinado número de vezes
-RIGHT			= DIREITA			##	Devolve os caracteres mais à direita de um valor de texto
-RIGHTB			= DIREITAB			##	Devolve os caracteres mais à direita de um valor de texto
-SEARCH			= PROCURAR			##	Localiza um valor de texto dentro de outro (não sensível a maiúsculas e minúsculas)
-SEARCHB			= PROCURARB			##	Localiza um valor de texto dentro de outro (não sensível a maiúsculas e minúsculas)
-SUBSTITUTE		= SUBST				##	Substitui texto novo por texto antigo numa cadeia de texto
-T			= T				##	Converte os respectivos argumentos em texto
-TEXT			= TEXTO				##	Formata um número e converte-o em texto
-TRIM			= COMPACTAR			##	Remove espaços do texto
-UPPER			= MAIÚSCULAS			##	Converte texto em maiúsculas
-VALUE			= VALOR				##	Converte um argumento de texto num número
+##
+##	Add-in and Automation functions			Funções de Suplemento e Automatização
+##
+GETPIVOTDATA		= OBTERDADOSDIN			##	Devolve dados armazenados num relatório de Tabela Dinâmica
+
+
+##
+##	Cube functions					Funções de cubo
+##
+CUBEKPIMEMBER		= MEMBROKPICUBO			##	Devolve o nome, propriedade e medição de um KPI (key performance indicator) e apresenta o nome e a propriedade na célula. Um KPI é uma medida quantificável, como, por exemplo, o lucro mensal bruto ou a rotatividade trimestral de pessoal, utilizada para monitorizar o desempenho de uma organização.
+CUBEMEMBER		= MEMBROCUBO			##	Devolve um membro ou cadeia de identificação numa hierarquia de cubo. Utilizada para validar a existência do membro ou cadeia de identificação no cubo.
+CUBEMEMBERPROPERTY	= PROPRIEDADEMEMBROCUBO		##	Devolve o valor de uma propriedade de membro no cubo. Utilizada para validar a existência de um nome de membro no cubo e para devolver a propriedade especificada para esse membro.
+CUBERANKEDMEMBER	= MEMBROCLASSIFICADOCUBO	##	Devolve o enésimo ou a classificação mais alta num conjunto. Utilizada para devolver um ou mais elementos num conjunto, tal como o melhor vendedor ou os 10 melhores alunos.
+CUBESET			= CONJUNTOCUBO			##	Define um conjunto calculado de membros ou cadeias de identificação enviando uma expressão de conjunto para o cubo no servidor, que cria o conjunto e, em seguida, devolve o conjunto ao Microsoft Office Excel.
+CUBESETCOUNT		= CONTARCONJUNTOCUBO		##	Devolve o número de itens num conjunto.
+CUBEVALUE		= VALORCUBO			##	Devolve um valor agregado do cubo.
+
+
+##
+##	Database functions				Funções de base de dados
+##
+DAVERAGE		= BDMÉDIA			##	Devolve a média das entradas da base de dados seleccionadas
+DCOUNT			= BDCONTAR			##	Conta as células que contêm números numa base de dados
+DCOUNTA			= BDCONTAR.VAL			##	Conta as células que não estejam em branco numa base de dados
+DGET			= BDOBTER			##	Extrai de uma base de dados um único registo que corresponde aos critérios especificados
+DMAX			= BDMÁX				##	Devolve o valor máximo das entradas da base de dados seleccionadas
+DMIN			= BDMÍN				##	Devolve o valor mínimo das entradas da base de dados seleccionadas
+DPRODUCT		= BDMULTIPL			##	Multiplica os valores de um determinado campo de registos que correspondem aos critérios numa base de dados
+DSTDEV			= BDDESVPAD			##	Calcula o desvio-padrão com base numa amostra de entradas da base de dados seleccionadas
+DSTDEVP			= BDDESVPADP			##	Calcula o desvio-padrão com base na população total das entradas da base de dados seleccionadas
+DSUM			= BDSOMA			##	Adiciona os números na coluna de campo dos registos de base de dados que correspondem aos critérios
+DVAR			= BDVAR				##	Calcula a variância com base numa amostra das entradas de base de dados seleccionadas
+DVARP			= BDVARP			##	Calcula a variância com base na população total das entradas de base de dados seleccionadas
+
+
+##
+##	Date and time functions				Funções de data e hora
+##
+DATE			= DATA				##	Devolve o número de série de uma determinada data
+DATEVALUE		= DATA.VALOR			##	Converte uma data em forma de texto num número de série
+DAY			= DIA				##	Converte um número de série num dia do mês
+DAYS360			= DIAS360			##	Calcula o número de dias entre duas datas com base num ano com 360 dias
+EDATE			= DATAM				##	Devolve um número de série de data que corresponde ao número de meses indicado antes ou depois da data de início
+EOMONTH			= FIMMÊS			##	Devolve o número de série do último dia do mês antes ou depois de um número de meses especificado
+HOUR			= HORA				##	Converte um número de série numa hora
+MINUTE			= MINUTO			##	Converte um número de série num minuto
+MONTH			= MÊS				##	Converte um número de série num mês
+NETWORKDAYS		= DIATRABALHOTOTAL		##	Devolve o número total de dias úteis entre duas datas
+NOW			= AGORA				##	Devolve o número de série da data e hora actuais
+SECOND			= SEGUNDO			##	Converte um número de série num segundo
+TIME			= TEMPO				##	Devolve o número de série de um determinado tempo
+TIMEVALUE		= VALOR.TEMPO			##	Converte um tempo em forma de texto num número de série
+TODAY			= HOJE				##	Devolve o número de série da data actual
+WEEKDAY			= DIA.SEMANA			##	Converte um número de série num dia da semana
+WEEKNUM			= NÚMSEMANA			##	Converte um número de série num número que representa o número da semana num determinado ano
+WORKDAY			= DIA.TRABALHO			##	Devolve o número de série da data antes ou depois de um número de dias úteis especificado
+YEAR			= ANO				##	Converte um número de série num ano
+YEARFRAC		= FRACÇÃOANO			##	Devolve a fracção de ano que representa o número de dias inteiros entre a data_de_início e a data_de_fim
+
+
+##
+##	Engineering functions				Funções de engenharia
+##
+BESSELI			= BESSELI			##	Devolve a função de Bessel modificada In(x)
+BESSELJ			= BESSELJ			##	Devolve a função de Bessel Jn(x)
+BESSELK			= BESSELK			##	Devolve a função de Bessel modificada Kn(x)
+BESSELY			= BESSELY			##	Devolve a função de Bessel Yn(x)
+BIN2DEC			= BINADEC			##	Converte um número binário em decimal
+BIN2HEX			= BINAHEX			##	Converte um número binário em hexadecimal
+BIN2OCT			= BINAOCT			##	Converte um número binário em octal
+COMPLEX			= COMPLEXO			##	Converte coeficientes reais e imaginários num número complexo
+CONVERT			= CONVERTER			##	Converte um número de um sistema de medida noutro
+DEC2BIN			= DECABIN			##	Converte um número decimal em binário
+DEC2HEX			= DECAHEX			##	Converte um número decimal em hexadecimal
+DEC2OCT			= DECAOCT			##	Converte um número decimal em octal
+DELTA			= DELTA				##	Testa se dois valores são iguais
+ERF			= FUNCERRO			##	Devolve a função de erro
+ERFC			= FUNCERROCOMPL			##	Devolve a função de erro complementar
+GESTEP			= DEGRAU			##	Testa se um número é maior do que um valor limite
+HEX2BIN			= HEXABIN			##	Converte um número hexadecimal em binário
+HEX2DEC			= HEXADEC			##	Converte um número hexadecimal em decimal
+HEX2OCT			= HEXAOCT			##	Converte um número hexadecimal em octal
+IMABS			= IMABS				##	Devolve o valor absoluto (módulo) de um número complexo
+IMAGINARY		= IMAGINÁRIO			##	Devolve o coeficiente imaginário de um número complexo
+IMARGUMENT		= IMARG				##	Devolve o argumento Teta, um ângulo expresso em radianos
+IMCONJUGATE		= IMCONJ			##	Devolve o conjugado complexo de um número complexo
+IMCOS			= IMCOS				##	Devolve o co-seno de um número complexo
+IMDIV			= IMDIV				##	Devolve o quociente de dois números complexos
+IMEXP			= IMEXP				##	Devolve o exponencial de um número complexo
+IMLN			= IMLN				##	Devolve o logaritmo natural de um número complexo
+IMLOG10			= IMLOG10			##	Devolve o logaritmo de base 10 de um número complexo
+IMLOG2			= IMLOG2			##	Devolve o logaritmo de base 2 de um número complexo
+IMPOWER			= IMPOT				##	Devolve um número complexo elevado a uma potência inteira
+IMPRODUCT		= IMPROD			##	Devolve o produto de números complexos
+IMREAL			= IMREAL			##	Devolve o coeficiente real de um número complexo
+IMSIN			= IMSENO			##	Devolve o seno de um número complexo
+IMSQRT			= IMRAIZ			##	Devolve a raiz quadrada de um número complexo
+IMSUB			= IMSUBTR			##	Devolve a diferença entre dois números complexos
+IMSUM			= IMSOMA			##	Devolve a soma de números complexos
+OCT2BIN			= OCTABIN			##	Converte um número octal em binário
+OCT2DEC			= OCTADEC			##	Converte um número octal em decimal
+OCT2HEX			= OCTAHEX			##	Converte um número octal em hexadecimal
+
+
+##
+##	Financial functions				Funções financeiras
+##
+ACCRINT			= JUROSACUM			##	Devolve os juros acumulados de um título que paga juros periódicos
+ACCRINTM		= JUROSACUMV			##	Devolve os juros acumulados de um título que paga juros no vencimento
+AMORDEGRC		= AMORDEGRC			##	Devolve a depreciação correspondente a cada período contabilístico utilizando um coeficiente de depreciação
+AMORLINC		= AMORLINC			##	Devolve a depreciação correspondente a cada período contabilístico
+COUPDAYBS		= CUPDIASINLIQ			##	Devolve o número de dias entre o início do período do cupão e a data de regularização
+COUPDAYS		= CUPDIAS			##	Devolve o número de dias no período do cupão que contém a data de regularização
+COUPDAYSNC		= CUPDIASPRÓX			##	Devolve o número de dias entre a data de regularização e a data do cupão seguinte
+COUPNCD			= CUPDATAPRÓX			##	Devolve a data do cupão seguinte após a data de regularização
+COUPNUM			= CUPNÚM			##	Devolve o número de cupões a serem pagos entre a data de regularização e a data de vencimento
+COUPPCD			= CUPDATAANT			##	Devolve a data do cupão anterior antes da data de regularização
+CUMIPMT			= PGTOJURACUM			##	Devolve os juros cumulativos pagos entre dois períodos
+CUMPRINC		= PGTOCAPACUM			##	Devolve o capital cumulativo pago a título de empréstimo entre dois períodos
+DB			= BD				##	Devolve a depreciação de um activo relativo a um período especificado utilizando o método das quotas degressivas fixas
+DDB			= BDD				##	Devolve a depreciação de um activo relativo a um período especificado utilizando o método das quotas degressivas duplas ou qualquer outro método especificado
+DISC			= DESC				##	Devolve a taxa de desconto de um título
+DOLLARDE		= MOEDADEC			##	Converte um preço em unidade monetária, expresso como uma fracção, num preço em unidade monetária, expresso como um número decimal
+DOLLARFR		= MOEDAFRA			##	Converte um preço em unidade monetária, expresso como um número decimal, num preço em unidade monetária, expresso como uma fracção
+DURATION		= DURAÇÃO			##	Devolve a duração anual de um título com pagamentos de juros periódicos
+EFFECT			= EFECTIVA			##	Devolve a taxa de juros anual efectiva
+FV			= VF				##	Devolve o valor futuro de um investimento
+FVSCHEDULE		= VFPLANO			##	Devolve o valor futuro de um capital inicial após a aplicação de uma série de taxas de juro compostas
+INTRATE			= TAXAJUROS			##	Devolve a taxa de juros de um título investido na totalidade
+IPMT			= IPGTO				##	Devolve o pagamento dos juros de um investimento durante um determinado período
+IRR			= TIR				##	Devolve a taxa de rentabilidade interna para uma série de fluxos monetários
+ISPMT			= É.PGTO			##	Calcula os juros pagos durante um período específico de um investimento
+MDURATION		= MDURAÇÃO			##	Devolve a duração modificada de Macauley de um título com um valor de paridade equivalente a € 100
+MIRR			= MTIR				##	Devolve a taxa interna de rentabilidade em que os fluxos monetários positivos e negativos são financiados com taxas diferentes
+NOMINAL			= NOMINAL			##	Devolve a taxa de juros nominal anual
+NPER			= NPER				##	Devolve o número de períodos de um investimento
+NPV			= VAL				##	Devolve o valor actual líquido de um investimento com base numa série de fluxos monetários periódicos e numa taxa de desconto
+ODDFPRICE		= PREÇOPRIMINC			##	Devolve o preço por € 100 do valor nominal de um título com um período inicial incompleto
+ODDFYIELD		= LUCROPRIMINC			##	Devolve o lucro de um título com um período inicial incompleto
+ODDLPRICE		= PREÇOÚLTINC			##	Devolve o preço por € 100 do valor nominal de um título com um período final incompleto
+ODDLYIELD		= LUCROÚLTINC			##	Devolve o lucro de um título com um período final incompleto
+PMT			= PGTO				##	Devolve o pagamento periódico de uma anuidade
+PPMT			= PPGTO				##	Devolve o pagamento sobre o capital de um investimento num determinado período
+PRICE			= PREÇO				##	Devolve o preço por € 100 do valor nominal de um título que paga juros periódicos
+PRICEDISC		= PREÇODESC			##	Devolve o preço por € 100 do valor nominal de um título descontado
+PRICEMAT		= PREÇOVENC			##	Devolve o preço por € 100 do valor nominal de um título que paga juros no vencimento
+PV			= VA				##	Devolve o valor actual de um investimento
+RATE			= TAXA				##	Devolve a taxa de juros por período de uma anuidade
+RECEIVED		= RECEBER			##	Devolve o montante recebido no vencimento de um título investido na totalidade
+SLN			= AMORT				##	Devolve uma depreciação linear de um activo durante um período
+SYD			= AMORTD			##	Devolve a depreciação por algarismos da soma dos anos de um activo durante um período especificado
+TBILLEQ			= OTN				##	Devolve o lucro de um título equivalente a uma Obrigação do Tesouro
+TBILLPRICE		= OTNVALOR			##	Devolve o preço por € 100 de valor nominal de uma Obrigação do Tesouro
+TBILLYIELD		= OTNLUCRO			##	Devolve o lucro de uma Obrigação do Tesouro
+VDB			= BDV				##	Devolve a depreciação de um activo relativo a um período específico ou parcial utilizando um método de quotas degressivas
+XIRR			= XTIR				##	Devolve a taxa interna de rentabilidade de um plano de fluxos monetários que não seja necessariamente periódica
+XNPV			= XVAL				##	Devolve o valor actual líquido de um plano de fluxos monetários que não seja necessariamente periódico
+YIELD			= LUCRO				##	Devolve o lucro de um título que paga juros periódicos
+YIELDDISC		= LUCRODESC			##	Devolve o lucro anual de um título emitido abaixo do valor nominal, por exemplo, uma Obrigação do Tesouro
+YIELDMAT		= LUCROVENC			##	Devolve o lucro anual de um título que paga juros na data de vencimento
+
+
+##
+##	Information functions				Funções de informação
+##
+CELL			= CÉL				##	Devolve informações sobre a formatação, localização ou conteúdo de uma célula
+ERROR.TYPE		= TIPO.ERRO			##	Devolve um número correspondente a um tipo de erro
+INFO			= INFORMAÇÃO			##	Devolve informações sobre o ambiente de funcionamento actual
+ISBLANK			= É.CÉL.VAZIA			##	Devolve VERDADEIRO se o valor estiver em branco
+ISERR			= É.ERROS			##	Devolve VERDADEIRO se o valor for um valor de erro diferente de #N/D
+ISERROR			= É.ERRO			##	Devolve VERDADEIRO se o valor for um valor de erro
+ISEVEN			= ÉPAR				##	Devolve VERDADEIRO se o número for par
+ISLOGICAL		= É.LÓGICO			##	Devolve VERDADEIRO se o valor for lógico
+ISNA			= É.NÃO.DISP			##	Devolve VERDADEIRO se o valor for o valor de erro #N/D
+ISNONTEXT		= É.NÃO.TEXTO			##	Devolve VERDADEIRO se o valor não for texto
+ISNUMBER		= É.NÚM				##	Devolve VERDADEIRO se o valor for um número
+ISODD			= ÉÍMPAR			##	Devolve VERDADEIRO se o número for ímpar
+ISREF			= É.REF				##	Devolve VERDADEIRO se o valor for uma referência
+ISTEXT			= É.TEXTO			##	Devolve VERDADEIRO se o valor for texto
+N			= N				##	Devolve um valor convertido num número
+NA			= NÃO.DISP			##	Devolve o valor de erro #N/D
+TYPE			= TIPO				##	Devolve um número que indica o tipo de dados de um valor
+
+
+##
+##	Logical functions				Funções lógicas
+##
+AND			= E				##	Devolve VERDADEIRO se todos os respectivos argumentos corresponderem a VERDADEIRO
+FALSE			= FALSO				##	Devolve o valor lógico FALSO
+IF			= SE				##	Especifica um teste lógico a ser executado
+IFERROR			= SE.ERRO			##	Devolve um valor definido pelo utilizador se ocorrer um erro na fórmula, e devolve o resultado da fórmula se não ocorrer nenhum erro
+NOT			= NÃO				##	Inverte a lógica do respectivo argumento
+OR			= OU				##	Devolve VERDADEIRO se qualquer argumento for VERDADEIRO
+TRUE			= VERDADEIRO			##	Devolve o valor lógico VERDADEIRO
+
+
+##
+##	Lookup and reference functions			Funções de pesquisa e referência
+##
+ADDRESS			= ENDEREÇO			##	Devolve uma referência a uma única célula numa folha de cálculo como texto
+AREAS			= ÁREAS				##	Devolve o número de áreas numa referência
+CHOOSE			= SELECCIONAR			##	Selecciona um valor a partir de uma lista de valores
+COLUMN			= COL				##	Devolve o número da coluna de uma referência
+COLUMNS			= COLS				##	Devolve o número de colunas numa referência
+HLOOKUP			= PROCH				##	Procura na linha superior de uma matriz e devolve o valor da célula indicada
+HYPERLINK		= HIPERLIGAÇÃO			##	Cria um atalho ou hiperligação que abre um documento armazenado num servidor de rede, numa intranet ou na Internet
+INDEX			= ÍNDICE			##	Utiliza um índice para escolher um valor de uma referência ou de uma matriz
+INDIRECT		= INDIRECTO			##	Devolve uma referência indicada por um valor de texto
+LOOKUP			= PROC				##	Procura valores num vector ou numa matriz
+MATCH			= CORRESP			##	Procura valores numa referência ou numa matriz
+OFFSET			= DESLOCAMENTO			##	Devolve o deslocamento de referência de uma determinada referência
+ROW			= LIN				##	Devolve o número da linha de uma referência
+ROWS			= LINS				##	Devolve o número de linhas numa referência
+RTD			= RTD				##	Obtém dados em tempo real a partir de um programa que suporte automatização COM (automatização: modo de trabalhar com objectos de uma aplicação a partir de outra aplicação ou ferramenta de desenvolvimento. Anteriormente conhecida como automatização OLE, a automatização é uma norma da indústria de software e uma funcionalidade COM (Component Object Model).)
+TRANSPOSE		= TRANSPOR			##	Devolve a transposição de uma matriz
+VLOOKUP			= PROCV				##	Procura na primeira coluna de uma matriz e percorre a linha para devolver o valor de uma célula
+
+
+##
+##	Math and trigonometry functions			Funções matemáticas e trigonométricas
+##
+ABS			= ABS				##	Devolve o valor absoluto de um número
+ACOS			= ACOS				##	Devolve o arco de co-seno de um número
+ACOSH			= ACOSH				##	Devolve o co-seno hiperbólico inverso de um número
+ASIN			= ASEN				##	Devolve o arco de seno de um número
+ASINH			= ASENH				##	Devolve o seno hiperbólico inverso de um número
+ATAN			= ATAN				##	Devolve o arco de tangente de um número
+ATAN2			= ATAN2				##	Devolve o arco de tangente das coordenadas x e y
+ATANH			= ATANH				##	Devolve a tangente hiperbólica inversa de um número
+CEILING			= ARRED.EXCESSO			##	Arredonda um número para o número inteiro mais próximo ou para o múltiplo de significância mais próximo
+COMBIN			= COMBIN			##	Devolve o número de combinações de um determinado número de objectos
+COS			= COS				##	Devolve o co-seno de um número
+COSH			= COSH				##	Devolve o co-seno hiperbólico de um número
+DEGREES			= GRAUS				##	Converte radianos em graus
+EVEN			= PAR				##	Arredonda um número por excesso para o número inteiro mais próximo
+EXP			= EXP				##	Devolve e elevado à potência de um determinado número
+FACT			= FACTORIAL			##	Devolve o factorial de um número
+FACTDOUBLE		= FACTDUPLO			##	Devolve o factorial duplo de um número
+FLOOR			= ARRED.DEFEITO			##	Arredonda um número por defeito até zero
+GCD			= MDC				##	Devolve o maior divisor comum
+INT			= INT				##	Arredonda um número por defeito para o número inteiro mais próximo
+LCM			= MMC				##	Devolve o mínimo múltiplo comum
+LN			= LN				##	Devolve o logaritmo natural de um número
+LOG			= LOG				##	Devolve o logaritmo de um número com uma base especificada
+LOG10			= LOG10				##	Devolve o logaritmo de base 10 de um número
+MDETERM			= MATRIZ.DETERM			##	Devolve o determinante matricial de uma matriz
+MINVERSE		= MATRIZ.INVERSA		##	Devolve o inverso matricial de uma matriz
+MMULT			= MATRIZ.MULT			##	Devolve o produto matricial de duas matrizes
+MOD			= RESTO				##	Devolve o resto da divisão
+MROUND			= MARRED			##	Devolve um número arredondado para o múltiplo pretendido
+MULTINOMIAL		= POLINOMIAL			##	Devolve o polinomial de um conjunto de números
+ODD			= ÍMPAR				##	Arredonda por excesso um número para o número inteiro ímpar mais próximo
+PI			= PI				##	Devolve o valor de pi
+POWER			= POTÊNCIA			##	Devolve o resultado de um número elevado a uma potência
+PRODUCT			= PRODUTO			##	Multiplica os respectivos argumentos
+QUOTIENT		= QUOCIENTE			##	Devolve a parte inteira de uma divisão
+RADIANS			= RADIANOS			##	Converte graus em radianos
+RAND			= ALEATÓRIO			##	Devolve um número aleatório entre 0 e 1
+RANDBETWEEN		= ALEATÓRIOENTRE		##	Devolve um número aleatório entre os números especificados
+ROMAN			= ROMANO			##	Converte um número árabe em romano, como texto
+ROUND			= ARRED				##	Arredonda um número para um número de dígitos especificado
+ROUNDDOWN		= ARRED.PARA.BAIXO		##	Arredonda um número por defeito até zero
+ROUNDUP			= ARRED.PARA.CIMA		##	Arredonda um número por excesso, afastando-o de zero
+SERIESSUM		= SOMASÉRIE			##	Devolve a soma de uma série de potências baseada na fórmula
+SIGN			= SINAL				##	Devolve o sinal de um número
+SIN			= SEN				##	Devolve o seno de um determinado ângulo
+SINH			= SENH				##	Devolve o seno hiperbólico de um número
+SQRT			= RAIZQ				##	Devolve uma raiz quadrada positiva
+SQRTPI			= RAIZPI			##	Devolve a raiz quadrada de (núm * pi)
+SUBTOTAL		= SUBTOTAL			##	Devolve um subtotal numa lista ou base de dados
+SUM			= SOMA				##	Adiciona os respectivos argumentos
+SUMIF			= SOMA.SE			##	Adiciona as células especificadas por um determinado critério
+SUMIFS			= SOMA.SE.S			##	Adiciona as células num intervalo que cumpre vários critérios
+SUMPRODUCT		= SOMARPRODUTO			##	Devolve a soma dos produtos de componentes de matrizes correspondentes
+SUMSQ			= SOMARQUAD			##	Devolve a soma dos quadrados dos argumentos
+SUMX2MY2		= SOMAX2DY2			##	Devolve a soma da diferença dos quadrados dos valores correspondentes em duas matrizes
+SUMX2PY2		= SOMAX2SY2			##	Devolve a soma da soma dos quadrados dos valores correspondentes em duas matrizes
+SUMXMY2			= SOMAXMY2			##	Devolve a soma dos quadrados da diferença dos valores correspondentes em duas matrizes
+TAN			= TAN				##	Devolve a tangente de um número
+TANH			= TANH				##	Devolve a tangente hiperbólica de um número
+TRUNC			= TRUNCAR			##	Trunca um número para um número inteiro
+
+
+##
+##	Statistical functions				Funções estatísticas
+##
+AVEDEV			= DESV.MÉDIO			##	Devolve a média aritmética dos desvios absolutos à média dos pontos de dados
+AVERAGE			= MÉDIA				##	Devolve a média dos respectivos argumentos
+AVERAGEA		= MÉDIAA			##	Devolve uma média dos respectivos argumentos, incluindo números, texto e valores lógicos
+AVERAGEIF		= MÉDIA.SE			##	Devolve a média aritmética de todas as células num intervalo que cumprem determinado critério
+AVERAGEIFS		= MÉDIA.SE.S			##	Devolve a média aritmética de todas as células que cumprem múltiplos critérios
+BETADIST		= DISTBETA			##	Devolve a função de distribuição cumulativa beta
+BETAINV			= BETA.ACUM.INV			##	Devolve o inverso da função de distribuição cumulativa relativamente a uma distribuição beta específica
+BINOMDIST		= DISTRBINOM			##	Devolve a probabilidade de distribuição binomial de termo individual
+CHIDIST			= DIST.CHI			##	Devolve a probabilidade unicaudal da distribuição qui-quadrada
+CHIINV			= INV.CHI			##	Devolve o inverso da probabilidade unicaudal da distribuição qui-quadrada
+CHITEST			= TESTE.CHI			##	Devolve o teste para independência
+CONFIDENCE		= INT.CONFIANÇA			##	Devolve o intervalo de confiança correspondente a uma média de população
+CORREL			= CORREL			##	Devolve o coeficiente de correlação entre dois conjuntos de dados
+COUNT			= CONTAR			##	Conta os números que existem na lista de argumentos
+COUNTA			= CONTAR.VAL			##	Conta os valores que existem na lista de argumentos
+COUNTBLANK		= CONTAR.VAZIO			##	Conta o número de células em branco num intervalo
+COUNTIF			= CONTAR.SE			##	Calcula o número de células num intervalo que corresponde aos critérios determinados
+COUNTIFS		= CONTAR.SE.S			##	Conta o número de células num intervalo que cumprem múltiplos critérios
+COVAR			= COVAR				##	Devolve a covariância, que é a média dos produtos de desvios de pares
+CRITBINOM		= CRIT.BINOM			##	Devolve o menor valor em que a distribuição binomial cumulativa é inferior ou igual a um valor de critério
+DEVSQ			= DESVQ				##	Devolve a soma dos quadrados dos desvios
+EXPONDIST		= DISTEXPON			##	Devolve a distribuição exponencial
+FDIST			= DISTF				##	Devolve a distribuição da probabilidade F
+FINV			= INVF				##	Devolve o inverso da distribuição da probabilidade F
+FISHER			= FISHER			##	Devolve a transformação Fisher
+FISHERINV		= FISHERINV			##	Devolve o inverso da transformação Fisher
+FORECAST		= PREVISÃO			##	Devolve um valor ao longo de uma tendência linear
+FREQUENCY		= FREQUÊNCIA			##	Devolve uma distribuição de frequência como uma matriz vertical
+FTEST			= TESTEF			##	Devolve o resultado de um teste F
+GAMMADIST		= DISTGAMA			##	Devolve a distribuição gama
+GAMMAINV		= INVGAMA			##	Devolve o inverso da distribuição gama cumulativa
+GAMMALN			= LNGAMA			##	Devolve o logaritmo natural da função gama, Γ(x)
+GEOMEAN			= MÉDIA.GEOMÉTRICA		##	Devolve a média geométrica
+GROWTH			= CRESCIMENTO			##	Devolve valores ao longo de uma tendência exponencial
+HARMEAN			= MÉDIA.HARMÓNICA		##	Devolve a média harmónica
+HYPGEOMDIST		= DIST.HIPERGEOM		##	Devolve a distribuição hipergeométrica
+INTERCEPT		= INTERCEPTAR			##	Devolve a intercepção da linha de regressão linear
+KURT			= CURT				##	Devolve a curtose de um conjunto de dados
+LARGE			= MAIOR				##	Devolve o maior valor k-ésimo de um conjunto de dados
+LINEST			= PROJ.LIN			##	Devolve os parâmetros de uma tendência linear
+LOGEST			= PROJ.LOG			##	Devolve os parâmetros de uma tendência exponencial
+LOGINV			= INVLOG			##	Devolve o inverso da distribuição normal logarítmica
+LOGNORMDIST		= DIST.NORMALLOG		##	Devolve a distribuição normal logarítmica cumulativa
+MAX			= MÁXIMO			##	Devolve o valor máximo numa lista de argumentos
+MAXA			= MÁXIMOA			##	Devolve o valor máximo numa lista de argumentos, incluindo números, texto e valores lógicos
+MEDIAN			= MED				##	Devolve a mediana dos números indicados
+MIN			= MÍNIMO			##	Devolve o valor mínimo numa lista de argumentos
+MINA			= MÍNIMOA			##	Devolve o valor mínimo numa lista de argumentos, incluindo números, texto e valores lógicos
+MODE			= MODA				##	Devolve o valor mais comum num conjunto de dados
+NEGBINOMDIST		= DIST.BIN.NEG			##	Devolve a distribuição binominal negativa
+NORMDIST		= DIST.NORM			##	Devolve a distribuição cumulativa normal
+NORMINV			= INV.NORM			##	Devolve o inverso da distribuição cumulativa normal
+NORMSDIST		= DIST.NORMP			##	Devolve a distribuição cumulativa normal padrão
+NORMSINV		= INV.NORMP			##	Devolve o inverso da distribuição cumulativa normal padrão
+PEARSON			= PEARSON			##	Devolve o coeficiente de correlação momento/produto de Pearson
+PERCENTILE		= PERCENTIL			##	Devolve o k-ésimo percentil de valores num intervalo
+PERCENTRANK		= ORDEM.PERCENTUAL		##	Devolve a ordem percentual de um valor num conjunto de dados
+PERMUT			= PERMUTAR			##	Devolve o número de permutações de um determinado número de objectos
+POISSON			= POISSON			##	Devolve a distribuição de Poisson
+PROB			= PROB				##	Devolve a probabilidade dos valores num intervalo se encontrarem entre dois limites
+QUARTILE		= QUARTIL			##	Devolve o quartil de um conjunto de dados
+RANK			= ORDEM				##	Devolve a ordem de um número numa lista numérica
+RSQ			= RQUAD				##	Devolve o quadrado do coeficiente de correlação momento/produto de Pearson
+SKEW			= DISTORÇÃO			##	Devolve a distorção de uma distribuição
+SLOPE			= DECLIVE			##	Devolve o declive da linha de regressão linear
+SMALL			= MENOR				##	Devolve o menor valor de k-ésimo de um conjunto de dados
+STANDARDIZE		= NORMALIZAR			##	Devolve um valor normalizado
+STDEV			= DESVPAD			##	Calcula o desvio-padrão com base numa amostra
+STDEVA			= DESVPADA			##	Calcula o desvio-padrão com base numa amostra, incluindo números, texto e valores lógicos
+STDEVP			= DESVPADP			##	Calcula o desvio-padrão com base na população total
+STDEVPA			= DESVPADPA			##	Calcula o desvio-padrão com base na população total, incluindo números, texto e valores lógicos
+STEYX			= EPADYX			##	Devolve o erro-padrão do valor de y previsto para cada x na regressão
+TDIST			= DISTT				##	Devolve a distribuição t de Student
+TINV			= INVT				##	Devolve o inverso da distribuição t de Student
+TREND			= TENDÊNCIA			##	Devolve valores ao longo de uma tendência linear
+TRIMMEAN		= MÉDIA.INTERNA			##	Devolve a média do interior de um conjunto de dados
+TTEST			= TESTET			##	Devolve a probabilidade associada ao teste t de Student
+VAR			= VAR				##	Calcula a variância com base numa amostra
+VARA			= VARA				##	Calcula a variância com base numa amostra, incluindo números, texto e valores lógicos
+VARP			= VARP				##	Calcula a variância com base na população total
+VARPA			= VARPA				##	Calcula a variância com base na população total, incluindo números, texto e valores lógicos
+WEIBULL			= WEIBULL			##	Devolve a distribuição Weibull
+ZTEST			= TESTEZ			##	Devolve o valor de probabilidade unicaudal de um teste-z
+
+
+##
+##	Text functions					Funções de texto
+##
+ASC			= ASC				##	Altera letras ou katakana de largura total (byte duplo) numa cadeia de caracteres para caracteres de largura média (byte único)
+BAHTTEXT		= TEXTO.BAHT			##	Converte um número em texto, utilizando o formato monetário ß (baht)
+CHAR			= CARÁCT			##	Devolve o carácter especificado pelo número de código
+CLEAN			= LIMPAR			##	Remove do texto todos os caracteres não imprimíveis
+CODE			= CÓDIGO			##	Devolve um código numérico correspondente ao primeiro carácter numa cadeia de texto
+CONCATENATE		= CONCATENAR			##	Agrupa vários itens de texto num único item de texto
+DOLLAR			= MOEDA				##	Converte um número em texto, utilizando o formato monetário € (Euro)
+EXACT			= EXACTO			##	Verifica se dois valores de texto são idênticos
+FIND			= LOCALIZAR			##	Localiza um valor de texto dentro de outro (sensível às maiúsculas e minúsculas)
+FINDB			= LOCALIZARB			##	Localiza um valor de texto dentro de outro (sensível às maiúsculas e minúsculas)
+FIXED			= FIXA				##	Formata um número como texto com um número fixo de decimais
+JIS			= JIS				##	Altera letras ou katakana de largura média (byte único) numa cadeia de caracteres para caracteres de largura total (byte duplo)
+LEFT			= ESQUERDA			##	Devolve os caracteres mais à esquerda de um valor de texto
+LEFTB			= ESQUERDAB			##	Devolve os caracteres mais à esquerda de um valor de texto
+LEN			= NÚM.CARACT			##	Devolve o número de caracteres de uma cadeia de texto
+LENB			= NÚM.CARACTB			##	Devolve o número de caracteres de uma cadeia de texto
+LOWER			= MINÚSCULAS			##	Converte o texto em minúsculas
+MID			= SEG.TEXTO			##	Devolve um número específico de caracteres de uma cadeia de texto, a partir da posição especificada
+MIDB			= SEG.TEXTOB			##	Devolve um número específico de caracteres de uma cadeia de texto, a partir da posição especificada
+PHONETIC		= FONÉTICA			##	Retira os caracteres fonéticos (furigana) de uma cadeia de texto
+PROPER			= INICIAL.MAIÚSCULA		##	Coloca em maiúsculas a primeira letra de cada palavra de um valor de texto
+REPLACE			= SUBSTITUIR			##	Substitui caracteres no texto
+REPLACEB		= SUBSTITUIRB			##	Substitui caracteres no texto
+REPT			= REPETIR			##	Repete texto um determinado número de vezes
+RIGHT			= DIREITA			##	Devolve os caracteres mais à direita de um valor de texto
+RIGHTB			= DIREITAB			##	Devolve os caracteres mais à direita de um valor de texto
+SEARCH			= PROCURAR			##	Localiza um valor de texto dentro de outro (não sensível a maiúsculas e minúsculas)
+SEARCHB			= PROCURARB			##	Localiza um valor de texto dentro de outro (não sensível a maiúsculas e minúsculas)
+SUBSTITUTE		= SUBST				##	Substitui texto novo por texto antigo numa cadeia de texto
+T			= T				##	Converte os respectivos argumentos em texto
+TEXT			= TEXTO				##	Formata um número e converte-o em texto
+TRIM			= COMPACTAR			##	Remove espaços do texto
+UPPER			= MAIÚSCULAS			##	Converte texto em maiúsculas
+VALUE			= VALOR				##	Converte um argumento de texto num número
diff --git a/lib/PHPExcel/locale/sv/functions b/lib/PHPExcel/locale/sv/functions
index 9af37d8e4..73b2deb5e 100644
--- a/lib/PHPExcel/locale/sv/functions
+++ b/lib/PHPExcel/locale/sv/functions
@@ -1,408 +1,408 @@
-##
-##	Add-in and Automation functions			Tilläggs- och automatiseringsfunktioner
-##
-GETPIVOTDATA		= HÄMTA.PIVOTDATA		##	Returnerar data som lagrats i en pivottabellrapport
-
-
-##
-##	Cube functions					Kubfunktioner
-##
-CUBEKPIMEMBER		= KUBKPIMEDLEM			##	Returnerar namn, egenskap och mått för en KPI och visar namnet och egenskapen i cellen. En KPI, eller prestandaindikator, är ett kvantifierbart mått, t.ex. månatlig bruttovinst eller personalomsättning per kvartal, som används för att analysera ett företags resultat.
-CUBEMEMBER		= KUBMEDLEM			##	Returnerar en medlem eller ett par i en kubhierarki. Används för att verifiera att medlemmen eller paret finns i kuben.
-CUBEMEMBERPROPERTY	= KUBMEDLEMSEGENSKAP		##	Returnerar värdet för en medlemsegenskap i kuben. Används för att verifiera att ett medlemsnamn finns i kuben, samt för att returnera den angivna egenskapen för medlemmen.
-CUBERANKEDMEMBER	= KUBRANGORDNADMEDLEM		##	Returnerar den n:te, eller rangordnade, medlemmen i en uppsättning. Används för att returnera ett eller flera element i en uppsättning, till exempelvis den bästa försäljaren eller de tio bästa eleverna.
-CUBESET			= KUBINSTÄLLNING		##	Definierar en beräknad uppsättning medlemmar eller par genom att skicka ett bestämt uttryck till kuben på servern, som skapar uppsättningen och sedan returnerar den till Microsoft Office Excel.
-CUBESETCOUNT		= KUBINSTÄLLNINGANTAL		##	Returnerar antalet objekt i en uppsättning.
-CUBEVALUE		= KUBVÄRDE			##	Returnerar ett mängdvärde från en kub.
-
-
-##
-##	Database functions				Databasfunktioner
-##
-DAVERAGE		= DMEDEL			##	Returnerar medelvärdet av databasposterna
-DCOUNT			= DANTAL			##	Räknar antalet celler som innehåller tal i en databas
-DCOUNTA			= DANTALV			##	Räknar ifyllda celler i en databas
-DGET			= DHÄMTA			##	Hämtar en enstaka post från en databas som uppfyller de angivna villkoren
-DMAX			= DMAX				##	Returnerar det största värdet från databasposterna
-DMIN			= DMIN				##	Returnerar det minsta värdet från databasposterna
-DPRODUCT		= DPRODUKT			##	Multiplicerar värdena i ett visst fält i poster som uppfyller villkoret
-DSTDEV			= DSTDAV			##	Uppskattar standardavvikelsen baserat på ett urval av databasposterna
-DSTDEVP			= DSTDAVP			##	Beräknar standardavvikelsen utifrån hela populationen av valda databasposter
-DSUM			= DSUMMA			##	Summerar talen i kolumnfält i databasposter som uppfyller villkoret
-DVAR			= DVARIANS			##	Uppskattar variansen baserat på ett urval av databasposterna
-DVARP			= DVARIANSP			##	Beräknar variansen utifrån hela populationen av valda databasposter
-
-
-##
-##	Date and time functions				Tid- och datumfunktioner
-##
-DATE			= DATUM				##	Returnerar ett serienummer för ett visst datum
-DATEVALUE		= DATUMVÄRDE			##	Konverterar ett datum i textformat till ett serienummer
-DAY			= DAG				##	Konverterar ett serienummer till dag i månaden
-DAYS360			= DAGAR360			##	Beräknar antalet dagar mellan två datum baserat på ett 360-dagarsår
-EDATE			= EDATUM			##	Returnerar serienumret för ett datum som infaller ett visst antal månader före eller efter startdatumet
-EOMONTH			= SLUTMÅNAD			##	Returnerar serienumret för sista dagen i månaden ett visst antal månader tidigare eller senare
-HOUR			= TIMME				##	Konverterar ett serienummer till en timme
-MINUTE			= MINUT				##	Konverterar ett serienummer till en minut
-MONTH			= MÅNAD				##	Konverterar ett serienummer till en månad
-NETWORKDAYS		= NETTOARBETSDAGAR		##	Returnerar antalet hela arbetsdagar mellan två datum
-NOW			= NU				##	Returnerar serienumret för dagens datum och aktuell tid
-SECOND			= SEKUND			##	Konverterar ett serienummer till en sekund
-TIME			= KLOCKSLAG			##	Returnerar serienumret för en viss tid
-TIMEVALUE		= TIDVÄRDE			##	Konverterar en tid i textformat till ett serienummer
-TODAY			= IDAG				##	Returnerar serienumret för dagens datum
-WEEKDAY			= VECKODAG			##	Konverterar ett serienummer till en dag i veckan
-WEEKNUM			= VECKONR			##	Konverterar ett serienummer till ett veckonummer
-WORKDAY			= ARBETSDAGAR			##	Returnerar serienumret för ett datum ett visst antal arbetsdagar tidigare eller senare
-YEAR			= ÅR				##	Konverterar ett serienummer till ett år
-YEARFRAC		= ÅRDEL				##	Returnerar en del av ett år som representerar antalet hela dagar mellan start- och slutdatum
-
-
-##
-##	Engineering functions				Tekniska funktioner
-##
-BESSELI			= BESSELI			##	Returnerar den modifierade Bessel-funktionen In(x)
-BESSELJ			= BESSELJ			##	Returnerar Bessel-funktionen Jn(x)
-BESSELK			= BESSELK			##	Returnerar den modifierade Bessel-funktionen Kn(x)
-BESSELY			= BESSELY			##	Returnerar Bessel-funktionen Yn(x)
-BIN2DEC			= BIN.TILL.DEC			##	Omvandlar ett binärt tal till decimalt
-BIN2HEX			= BIN.TILL.HEX			##	Omvandlar ett binärt tal till hexadecimalt
-BIN2OCT			= BIN.TILL.OKT			##	Omvandlar ett binärt tal till oktalt
-COMPLEX			= KOMPLEX			##	Omvandlar reella och imaginära koefficienter till ett komplext tal
-CONVERT			= KONVERTERA			##	Omvandlar ett tal från ett måttsystem till ett annat
-DEC2BIN			= DEC.TILL.BIN			##	Omvandlar ett decimalt tal till binärt
-DEC2HEX			= DEC.TILL.HEX			##	Omvandlar ett decimalt tal till hexadecimalt
-DEC2OCT			= DEC.TILL.OKT			##	Omvandlar ett decimalt tal till oktalt
-DELTA			= DELTA				##	Testar om två värden är lika
-ERF			= FELF				##	Returnerar felfunktionen
-ERFC			= FELFK				##	Returnerar den komplementära felfunktionen
-GESTEP			= SLSTEG			##	Testar om ett tal är större än ett tröskelvärde
-HEX2BIN			= HEX.TILL.BIN			##	Omvandlar ett hexadecimalt tal till binärt
-HEX2DEC			= HEX.TILL.DEC			##	Omvandlar ett hexadecimalt tal till decimalt
-HEX2OCT			= HEX.TILL.OKT			##	Omvandlar ett hexadecimalt tal till oktalt
-IMABS			= IMABS				##	Returnerar absolutvärdet (modulus) för ett komplext tal
-IMAGINARY		= IMAGINÄR			##	Returnerar den imaginära koefficienten för ett komplext tal
-IMARGUMENT		= IMARGUMENT			##	Returnerar det komplexa talets argument, en vinkel uttryckt i radianer
-IMCONJUGATE		= IMKONJUGAT			##	Returnerar det komplexa talets konjugat
-IMCOS			= IMCOS				##	Returnerar cosinus för ett komplext tal
-IMDIV			= IMDIV				##	Returnerar kvoten för två komplexa tal
-IMEXP			= IMEUPPHÖJT			##	Returnerar exponenten för ett komplext tal
-IMLN			= IMLN				##	Returnerar den naturliga logaritmen för ett komplext tal
-IMLOG10			= IMLOG10			##	Returnerar 10-logaritmen för ett komplext tal
-IMLOG2			= IMLOG2			##	Returnerar 2-logaritmen för ett komplext tal
-IMPOWER			= IMUPPHÖJT			##	Returnerar ett komplext tal upphöjt till en exponent
-IMPRODUCT		= IMPRODUKT			##	Returnerar produkten av komplexa tal
-IMREAL			= IMREAL			##	Returnerar den reella koefficienten för ett komplext tal
-IMSIN			= IMSIN				##	Returnerar sinus för ett komplext tal
-IMSQRT			= IMROT				##	Returnerar kvadratroten av ett komplext tal
-IMSUB			= IMDIFF			##	Returnerar differensen mellan två komplexa tal
-IMSUM			= IMSUM				##	Returnerar summan av komplexa tal
-OCT2BIN			= OKT.TILL.BIN			##	Omvandlar ett oktalt tal till binärt
-OCT2DEC			= OKT.TILL.DEC			##	Omvandlar ett oktalt tal till decimalt
-OCT2HEX			= OKT.TILL.HEX			##	Omvandlar ett oktalt tal till hexadecimalt
-
-
-##
-##	Financial functions				Finansiella funktioner
-##
-ACCRINT			= UPPLRÄNTA			##	Returnerar den upplupna räntan för värdepapper med periodisk ränta
-ACCRINTM		= UPPLOBLRÄNTA			##	Returnerar den upplupna räntan för ett värdepapper som ger avkastning på förfallodagen
-AMORDEGRC		= AMORDEGRC			##	Returnerar avskrivningen för varje redovisningsperiod med hjälp av en avskrivningskoefficient
-AMORLINC		= AMORLINC			##	Returnerar avskrivningen för varje redovisningsperiod
-COUPDAYBS		= KUPDAGBB			##	Returnerar antal dagar från början av kupongperioden till likviddagen
-COUPDAYS		= KUPDAGARS			##	Returnerar antalet dagar i kupongperioden som innehåller betalningsdatumet
-COUPDAYSNC		= KUPDAGNK			##	Returnerar antalet dagar från betalningsdatumet till nästa kupongdatum
-COUPNCD			= KUPNKD			##	Returnerar nästa kupongdatum efter likviddagen
-COUPNUM			= KUPANT			##	Returnerar kuponger som förfaller till betalning mellan likviddagen och förfallodagen
-COUPPCD			= KUPFKD			##	Returnerar föregående kupongdatum före likviddagen
-CUMIPMT			= KUMRÄNTA			##	Returnerar den ackumulerade räntan som betalats mellan två perioder
-CUMPRINC		= KUMPRIS			##	Returnerar det ackumulerade kapitalbeloppet som betalats på ett lån mellan två perioder
-DB			= DB				##	Returnerar avskrivningen för en tillgång under en angiven tid enligt metoden för fast degressiv avskrivning
-DDB			= DEGAVSKR			##	Returnerar en tillgångs värdeminskning under en viss period med hjälp av dubbel degressiv avskrivning eller någon annan metod som du anger
-DISC			= DISK				##	Returnerar diskonteringsräntan för ett värdepapper
-DOLLARDE		= DECTAL			##	Omvandlar ett pris uttryckt som ett bråk till ett decimaltal
-DOLLARFR		= BRÅK				##	Omvandlar ett pris i kronor uttryckt som ett decimaltal till ett bråk
-DURATION		= LÖPTID			##	Returnerar den årliga löptiden för en säkerhet med periodiska räntebetalningar
-EFFECT			= EFFRÄNTA			##	Returnerar den årliga effektiva räntesatsen
-FV			= SLUTVÄRDE			##	Returnerar det framtida värdet på en investering
-FVSCHEDULE		= FÖRRÄNTNING			##	Returnerar det framtida värdet av ett begynnelsekapital beräknat på olika räntenivåer
-INTRATE			= ÅRSRÄNTA			##	Returnerar räntesatsen för ett betalt värdepapper
-IPMT			= RBETALNING			##	Returnerar räntedelen av en betalning för en given period
-IRR			= IR				##	Returnerar internräntan för en serie betalningar
-ISPMT			= RALÅN				##	Beräknar räntan som har betalats under en specifik betalningsperiod
-MDURATION		= MLÖPTID			##	Returnerar den modifierade Macauley-löptiden för ett värdepapper med det antagna nominella värdet 100 kr
-MIRR			= MODIR				##	Returnerar internräntan där positiva och negativa betalningar finansieras med olika räntor
-NOMINAL			= NOMRÄNTA			##	Returnerar den årliga nominella räntesatsen
-NPER			= PERIODER			##	Returnerar antalet perioder för en investering
-NPV			= NETNUVÄRDE			##	Returnerar nuvärdet av en serie periodiska betalningar vid en given diskonteringsränta
-ODDFPRICE		= UDDAFPRIS			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper med en udda första period
-ODDFYIELD		= UDDAFAVKASTNING		##	Returnerar avkastningen för en säkerhet med en udda första period
-ODDLPRICE		= UDDASPRIS			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper med en udda sista period
-ODDLYIELD		= UDDASAVKASTNING		##	Returnerar avkastningen för en säkerhet med en udda sista period
-PMT			= BETALNING			##	Returnerar den periodiska betalningen för en annuitet
-PPMT			= AMORT				##	Returnerar amorteringsdelen av en annuitetsbetalning för en given period
-PRICE			= PRIS				##	Returnerar priset per 100 kr nominellt värde för ett värdepapper som ger periodisk ränta
-PRICEDISC		= PRISDISK			##	Returnerar priset per 100 kr nominellt värde för ett diskonterat värdepapper
-PRICEMAT		= PRISFÖRF			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper som ger ränta på förfallodagen
-PV			= PV				##	Returnerar nuvärdet av en serie lika stora periodiska betalningar
-RATE			= RÄNTA				##	Returnerar räntesatsen per period i en annuitet
-RECEIVED		= BELOPP			##	Returnerar beloppet som utdelas på förfallodagen för ett betalat värdepapper
-SLN			= LINAVSKR			##	Returnerar den linjära avskrivningen för en tillgång under en period
-SYD			= ÅRSAVSKR			##	Returnerar den årliga avskrivningssumman för en tillgång under en angiven period
-TBILLEQ			= SSVXEKV			##	Returnerar avkastningen motsvarande en obligation för en statsskuldväxel
-TBILLPRICE		= SSVXPRIS			##	Returnerar priset per 100 kr nominellt värde för en statsskuldväxel
-TBILLYIELD		= SSVXRÄNTA			##	Returnerar avkastningen för en statsskuldväxel
-VDB			= VDEGRAVSKR			##	Returnerar avskrivningen för en tillgång under en angiven period (med degressiv avskrivning)
-XIRR			= XIRR				##	Returnerar internräntan för en serie betalningar som inte nödvändigtvis är periodiska
-XNPV			= XNUVÄRDE			##	Returnerar det nuvarande nettovärdet för en serie betalningar som inte nödvändigtvis är periodiska
-YIELD			= NOMAVK			##	Returnerar avkastningen för ett värdepapper som ger periodisk ränta
-YIELDDISC		= NOMAVKDISK			##	Returnerar den årliga avkastningen för diskonterade värdepapper, exempelvis en statsskuldväxel
-YIELDMAT		= NOMAVKFÖRF			##	Returnerar den årliga avkastningen för ett värdepapper som ger ränta på förfallodagen
-
-
-##
-##	Information functions				Informationsfunktioner
-##
-CELL			= CELL				##	Returnerar information om formatering, plats och innehåll i en cell
-ERROR.TYPE		= FEL.TYP			##	Returnerar ett tal som motsvarar ett felvärde
-INFO			= INFO				##	Returnerar information om operativsystemet
-ISBLANK			= ÄRREF				##	Returnerar SANT om värdet är tomt
-ISERR			= Ä				##	Returnerar SANT om värdet är ett felvärde annat än #SAKNAS!
-ISERROR			= ÄRFEL				##	Returnerar SANT om värdet är ett felvärde
-ISEVEN			= ÄRJÄMN			##	Returnerar SANT om talet är jämnt
-ISLOGICAL		= ÄREJTEXT			##	Returnerar SANT om värdet är ett logiskt värde
-ISNA			= ÄRLOGISK			##	Returnerar SANT om värdet är felvärdet #SAKNAS!
-ISNONTEXT		= ÄRSAKNAD			##	Returnerar SANT om värdet inte är text
-ISNUMBER		= ÄRTAL				##	Returnerar SANT om värdet är ett tal
-ISODD			= ÄRUDDA			##	Returnerar SANT om talet är udda
-ISREF			= ÄRTOM				##	Returnerar SANT om värdet är en referens
-ISTEXT			= ÄRTEXT			##	Returnerar SANT om värdet är text
-N			= N				##	Returnerar ett värde omvandlat till ett tal
-NA			= SAKNAS			##	Returnerar felvärdet #SAKNAS!
-TYPE			= VÄRDETYP			##	Returnerar ett tal som anger värdets datatyp
-
-
-##
-##	Logical functions				Logiska funktioner
-##
-AND			= OCH				##	Returnerar SANT om alla argument är sanna
-FALSE			= FALSKT			##	Returnerar det logiska värdet FALSKT
-IF			= OM				##	Anger vilket logiskt test som ska utföras
-IFERROR			= OMFEL				##	Returnerar ett värde som du anger om en formel utvärderar till ett fel; annars returneras resultatet av formeln
-NOT			= ICKE				##	Inverterar logiken för argumenten
-OR			= ELLER				##	Returnerar SANT om något argument är SANT
-TRUE			= SANT				##	Returnerar det logiska värdet SANT
-
-
-##
-##	Lookup and reference functions			Sök- och referensfunktioner
-##
-ADDRESS			= ADRESS			##	Returnerar en referens som text till en enstaka cell i ett kalkylblad
-AREAS			= OMRÅDEN			##	Returnerar antalet områden i en referens
-CHOOSE			= VÄLJ				##	Väljer ett värde i en lista över värden
-COLUMN			= KOLUMN			##	Returnerar kolumnnumret för en referens
-COLUMNS			= KOLUMNER			##	Returnerar antalet kolumner i en referens
-HLOOKUP			= LETAKOLUMN			##	Söker i den översta raden i en matris och returnerar värdet för angiven cell
-HYPERLINK		= HYPERLÄNK			##	Skapar en genväg eller ett hopp till ett dokument i nätverket, i ett intranät eller på Internet
-INDEX			= INDEX				##	Använder ett index för ett välja ett värde i en referens eller matris
-INDIRECT		= INDIREKT			##	Returnerar en referens som anges av ett textvärde
-LOOKUP			= LETAUPP			##	Letar upp värden i en vektor eller matris
-MATCH			= PASSA				##	Letar upp värden i en referens eller matris
-OFFSET			= FÖRSKJUTNING			##	Returnerar en referens förskjuten i förhållande till en given referens
-ROW			= RAD				##	Returnerar radnumret för en referens
-ROWS			= RADER				##	Returnerar antalet rader i en referens
-RTD			= RTD				##	Hämtar realtidsdata från ett program som stöder COM-automation (Automation: Ett sätt att arbeta med ett programs objekt från ett annat program eller utvecklingsverktyg. Detta kallades tidigare för OLE Automation, och är en branschstandard och ingår i Component Object Model (COM).)
-TRANSPOSE		= TRANSPONERA			##	Transponerar en matris
-VLOOKUP			= LETARAD			##	Letar i den första kolumnen i en matris och flyttar över raden för att returnera värdet för en cell
-
-
-##
-##	Math and trigonometry functions			Matematiska och trigonometriska funktioner
-##
-ABS			= ABS				##	Returnerar absolutvärdet av ett tal
-ACOS			= ARCCOS			##	Returnerar arcus cosinus för ett tal
-ACOSH			= ARCCOSH			##	Returnerar inverterad hyperbolisk cosinus för ett tal
-ASIN			= ARCSIN			##	Returnerar arcus cosinus för ett tal
-ASINH			= ARCSINH			##	Returnerar hyperbolisk arcus sinus för ett tal
-ATAN			= ARCTAN			##	Returnerar arcus tangens för ett tal
-ATAN2			= ARCTAN2			##	Returnerar arcus tangens för en x- och en y- koordinat
-ATANH			= ARCTANH			##	Returnerar hyperbolisk arcus tangens för ett tal
-CEILING			= RUNDA.UPP			##	Avrundar ett tal till närmaste heltal eller närmaste signifikanta multipel
-COMBIN			= KOMBIN			##	Returnerar antalet kombinationer för ett givet antal objekt
-COS			= COS				##	Returnerar cosinus för ett tal
-COSH			= COSH				##	Returnerar hyperboliskt cosinus för ett tal
-DEGREES			= GRADER			##	Omvandlar radianer till grader
-EVEN			= JÄMN				##	Avrundar ett tal uppåt till närmaste heltal
-EXP			= EXP				##	Returnerar e upphöjt till ett givet tal
-FACT			= FAKULTET			##	Returnerar fakulteten för ett tal
-FACTDOUBLE		= DUBBELFAKULTET		##	Returnerar dubbelfakulteten för ett tal
-FLOOR			= RUNDA.NED			##	Avrundar ett tal nedåt mot noll
-GCD			= SGD				##	Returnerar den största gemensamma nämnaren
-INT			= HELTAL			##	Avrundar ett tal nedåt till närmaste heltal
-LCM			= MGM				##	Returnerar den minsta gemensamma multipeln
-LN			= LN				##	Returnerar den naturliga logaritmen för ett tal
-LOG			= LOG				##	Returnerar logaritmen för ett tal för en given bas
-LOG10			= LOG10				##	Returnerar 10-logaritmen för ett tal
-MDETERM			= MDETERM			##	Returnerar matrisen som är avgörandet av en matris
-MINVERSE		= MINVERT			##	Returnerar matrisinversen av en matris
-MMULT			= MMULT				##	Returnerar matrisprodukten av två matriser
-MOD			= REST				##	Returnerar resten vid en division
-MROUND			= MAVRUNDA			##	Returnerar ett tal avrundat till en given multipel
-MULTINOMIAL		= MULTINOMIAL			##	Returnerar multinomialen för en uppsättning tal
-ODD			= UDDA				##	Avrundar ett tal uppåt till närmaste udda heltal
-PI			= PI				##	Returnerar värdet pi
-POWER			= UPPHÖJT.TILL			##	Returnerar resultatet av ett tal upphöjt till en exponent
-PRODUCT			= PRODUKT			##	Multiplicerar argumenten
-QUOTIENT		= KVOT				##	Returnerar heltalsdelen av en division
-RADIANS			= RADIANER			##	Omvandlar grader till radianer
-RAND			= SLUMP				##	Returnerar ett slumptal mellan 0 och 1
-RANDBETWEEN		= SLUMP.MELLAN			##	Returnerar ett slumptal mellan de tal som du anger
-ROMAN			= ROMERSK			##	Omvandlar vanliga (arabiska) siffror till romerska som text
-ROUND			= AVRUNDA			##	Avrundar ett tal till ett angivet antal siffror
-ROUNDDOWN		= AVRUNDA.NEDÅT			##	Avrundar ett tal nedåt mot noll
-ROUNDUP			= AVRUNDA.UPPÅT			##	Avrundar ett tal uppåt, från noll
-SERIESSUM		= SERIESUMMA			##	Returnerar summan av en potensserie baserat på formeln
-SIGN			= TECKEN			##	Returnerar tecknet för ett tal
-SIN			= SIN				##	Returnerar sinus för en given vinkel
-SINH			= SINH				##	Returnerar hyperbolisk sinus för ett tal
-SQRT			= ROT				##	Returnerar den positiva kvadratroten
-SQRTPI			= ROTPI				##	Returnerar kvadratroten för (tal * pi)
-SUBTOTAL		= DELSUMMA			##	Returnerar en delsumma i en lista eller databas
-SUM			= SUMMA				##	Summerar argumenten
-SUMIF			= SUMMA.OM			##	Summerar celler enligt ett angivet villkor
-SUMIFS			= SUMMA.OMF			##	Lägger till cellerna i ett område som uppfyller flera kriterier
-SUMPRODUCT		= PRODUKTSUMMA			##	Returnerar summan av produkterna i motsvarande matriskomponenter
-SUMSQ			= KVADRATSUMMA			##	Returnerar summan av argumentens kvadrater
-SUMX2MY2		= SUMMAX2MY2			##	Returnerar summan av differensen mellan kvadraterna för motsvarande värden i två matriser
-SUMX2PY2		= SUMMAX2PY2			##	Returnerar summan av summan av kvadraterna av motsvarande värden i två matriser
-SUMXMY2			= SUMMAXMY2			##	Returnerar summan av kvadraten av skillnaden mellan motsvarande värden i två matriser
-TAN			= TAN				##	Returnerar tangens för ett tal
-TANH			= TANH				##	Returnerar hyperbolisk tangens för ett tal
-TRUNC			= AVKORTA			##	Avkortar ett tal till ett heltal
-
-
-##
-##	Statistical functions				Statistiska funktioner
-##
-AVEDEV			= MEDELAVV			##	Returnerar medelvärdet för datapunkters absoluta avvikelse från deras medelvärde
-AVERAGE			= MEDEL				##	Returnerar medelvärdet av argumenten
-AVERAGEA		= AVERAGEA			##	Returnerar medelvärdet av argumenten, inklusive tal, text och logiska värden
-AVERAGEIF		= MEDELOM			##	Returnerar medelvärdet (aritmetiskt medelvärde) för alla celler i ett område som uppfyller ett givet kriterium
-AVERAGEIFS		= MEDELOMF			##	Returnerar medelvärdet (det aritmetiska medelvärdet) för alla celler som uppfyller flera villkor.
-BETADIST		= BETAFÖRD			##	Returnerar den kumulativa betafördelningsfunktionen
-BETAINV			= BETAINV			##	Returnerar inversen till den kumulativa fördelningsfunktionen för en viss betafördelning
-BINOMDIST		= BINOMFÖRD			##	Returnerar den individuella binomialfördelningen
-CHIDIST			= CHI2FÖRD			##	Returnerar den ensidiga sannolikheten av c2-fördelningen
-CHIINV			= CHI2INV			##	Returnerar inversen av chi2-fördelningen
-CHITEST			= CHI2TEST			##	Returnerar oberoendetesten
-CONFIDENCE		= KONFIDENS			##	Returnerar konfidensintervallet för en populations medelvärde
-CORREL			= KORREL			##	Returnerar korrelationskoefficienten mellan två datamängder
-COUNT			= ANTAL				##	Räknar hur många tal som finns bland argumenten
-COUNTA			= ANTALV			##	Räknar hur många värden som finns bland argumenten
-COUNTBLANK		= ANTAL.TOMMA			##	Räknar antalet tomma celler i ett område
-COUNTIF			= ANTAL.OM			##	Räknar antalet celler i ett område som uppfyller angivna villkor.
-COUNTIFS		= ANTAL.OMF			##	Räknar antalet celler i ett område som uppfyller flera villkor.
-COVAR			= KOVAR				##	Returnerar kovariansen, d.v.s. medelvärdet av produkterna för parade avvikelser
-CRITBINOM		= KRITBINOM			##	Returnerar det minsta värdet för vilket den kumulativa binomialfördelningen är mindre än eller lika med ett villkorsvärde
-DEVSQ			= KVADAVV			##	Returnerar summan av kvadrater på avvikelser
-EXPONDIST		= EXPONFÖRD			##	Returnerar exponentialfördelningen
-FDIST			= FFÖRD				##	Returnerar F-sannolikhetsfördelningen
-FINV			= FINV				##	Returnerar inversen till F-sannolikhetsfördelningen
-FISHER			= FISHER			##	Returnerar Fisher-transformationen
-FISHERINV		= FISHERINV			##	Returnerar inversen till Fisher-transformationen
-FORECAST		= PREDIKTION			##	Returnerar ett värde längs en linjär trendlinje
-FREQUENCY		= FREKVENS			##	Returnerar en frekvensfördelning som en lodrät matris
-FTEST			= FTEST				##	Returnerar resultatet av en F-test
-GAMMADIST		= GAMMAFÖRD			##	Returnerar gammafördelningen
-GAMMAINV		= GAMMAINV			##	Returnerar inversen till den kumulativa gammafördelningen
-GAMMALN			= GAMMALN			##	Returnerar den naturliga logaritmen för gammafunktionen, G(x)
-GEOMEAN			= GEOMEDEL			##	Returnerar det geometriska medelvärdet
-GROWTH			= EXPTREND			##	Returnerar värden längs en exponentiell trend
-HARMEAN			= HARMMEDEL			##	Returnerar det harmoniska medelvärdet
-HYPGEOMDIST		= HYPGEOMFÖRD			##	Returnerar den hypergeometriska fördelningen
-INTERCEPT		= SKÄRNINGSPUNKT		##	Returnerar skärningspunkten för en linjär regressionslinje
-KURT			= TOPPIGHET			##	Returnerar toppigheten av en mängd data
-LARGE			= STÖRSTA			##	Returnerar det n:te största värdet i en mängd data
-LINEST			= REGR				##	Returnerar parametrar till en linjär trendlinje
-LOGEST			= EXPREGR			##	Returnerar parametrarna i en exponentiell trend
-LOGINV			= LOGINV			##	Returnerar inversen till den lognormala fördelningen
-LOGNORMDIST		= LOGNORMFÖRD			##	Returnerar den kumulativa lognormala fördelningen
-MAX			= MAX				##	Returnerar det största värdet i en lista av argument
-MAXA			= MAXA				##	Returnerar det största värdet i en lista av argument, inklusive tal, text och logiska värden
-MEDIAN			= MEDIAN			##	Returnerar medianen för angivna tal
-MIN			= MIN				##	Returnerar det minsta värdet i en lista med argument
-MINA			= MINA				##	Returnerar det minsta värdet i en lista över argument, inklusive tal, text och logiska värden
-MODE			= TYPVÄRDE			##	Returnerar det vanligaste värdet i en datamängd
-NEGBINOMDIST		= NEGBINOMFÖRD			##	Returnerar den negativa binomialfördelningen
-NORMDIST		= NORMFÖRD			##	Returnerar den kumulativa normalfördelningen
-NORMINV			= NORMINV			##	Returnerar inversen till den kumulativa normalfördelningen
-NORMSDIST		= NORMSFÖRD			##	Returnerar den kumulativa standardnormalfördelningen
-NORMSINV		= NORMSINV			##	Returnerar inversen till den kumulativa standardnormalfördelningen
-PEARSON			= PEARSON			##	Returnerar korrelationskoefficienten till Pearsons momentprodukt
-PERCENTILE		= PERCENTIL			##	Returnerar den n:te percentilen av värden i ett område
-PERCENTRANK		= PROCENTRANG			##	Returnerar procentrangen för ett värde i en datamängd
-PERMUT			= PERMUT			##	Returnerar antal permutationer för ett givet antal objekt
-POISSON			= POISSON			##	Returnerar Poisson-fördelningen
-PROB			= SANNOLIKHET			##	Returnerar sannolikheten att värden i ett område ligger mellan två gränser
-QUARTILE		= KVARTIL			##	Returnerar kvartilen av en mängd data
-RANK			= RANG				##	Returnerar rangordningen för ett tal i en lista med tal
-RSQ			= RKV				##	Returnerar kvadraten av Pearsons produktmomentkorrelationskoefficient
-SKEW			= SNEDHET			##	Returnerar snedheten för en fördelning
-SLOPE			= LUTNING			##	Returnerar lutningen på en linjär regressionslinje
-SMALL			= MINSTA			##	Returnerar det n:te minsta värdet i en mängd data
-STANDARDIZE		= STANDARDISERA			##	Returnerar ett normaliserat värde
-STDEV			= STDAV				##	Uppskattar standardavvikelsen baserat på ett urval
-STDEVA			= STDEVA			##	Uppskattar standardavvikelsen baserat på ett urval, inklusive tal, text och logiska värden
-STDEVP			= STDAVP			##	Beräknar standardavvikelsen baserat på hela populationen
-STDEVPA			= STDEVPA			##	Beräknar standardavvikelsen baserat på hela populationen, inklusive tal, text och logiska värden
-STEYX			= STDFELYX			##	Returnerar standardfelet för ett förutspått y-värde för varje x-värde i regressionen
-TDIST			= TFÖRD				##	Returnerar Students t-fördelning
-TINV			= TINV				##	Returnerar inversen till Students t-fördelning
-TREND			= TREND				##	Returnerar värden längs en linjär trend
-TRIMMEAN		= TRIMMEDEL			##	Returnerar medelvärdet av mittpunkterna i en datamängd
-TTEST			= TTEST				##	Returnerar sannolikheten beräknad ur Students t-test
-VAR			= VARIANS			##	Uppskattar variansen baserat på ett urval
-VARA			= VARA				##	Uppskattar variansen baserat på ett urval, inklusive tal, text och logiska värden
-VARP			= VARIANSP			##	Beräknar variansen baserat på hela populationen
-VARPA			= VARPA				##	Beräknar variansen baserat på hela populationen, inklusive tal, text och logiska värden
-WEIBULL			= WEIBULL			##	Returnerar Weibull-fördelningen
-ZTEST			= ZTEST				##	Returnerar det ensidiga sannolikhetsvärdet av ett z-test
-
-
-##
-##	Text functions					Textfunktioner
-##
-ASC			= ASC				##	Ändrar helbredds (dubbel byte) engelska bokstäver eller katakana inom en teckensträng till tecken med halvt breddsteg (enkel byte)
-BAHTTEXT		= BAHTTEXT			##	Omvandlar ett tal till text med valutaformatet ß (baht)
-CHAR			= TECKENKOD			##	Returnerar tecknet som anges av kod
-CLEAN			= STÄDA				##	Tar bort alla icke utskrivbara tecken i en text
-CODE			= KOD				##	Returnerar en numerisk kod för det första tecknet i en textsträng
-CONCATENATE		= SAMMANFOGA			##	Sammanfogar flera textdelar till en textsträng
-DOLLAR			= VALUTA			##	Omvandlar ett tal till text med valutaformat
-EXACT			= EXAKT				##	Kontrollerar om två textvärden är identiska
-FIND			= HITTA				##	Hittar en text i en annan (skiljer på gemener och versaler)
-FINDB			= HITTAB			##	Hittar en text i en annan (skiljer på gemener och versaler)
-FIXED			= FASTTAL			##	Formaterar ett tal som text med ett fast antal decimaler
-JIS			= JIS				##	Ändrar halvbredds (enkel byte) engelska bokstäver eller katakana inom en teckensträng till tecken med helt breddsteg (dubbel byte)
-LEFT			= VÄNSTER			##	Returnerar tecken längst till vänster i en sträng
-LEFTB			= VÄNSTERB			##	Returnerar tecken längst till vänster i en sträng
-LEN			= LÄNGD				##	Returnerar antalet tecken i en textsträng
-LENB			= LÄNGDB			##	Returnerar antalet tecken i en textsträng
-LOWER			= GEMENER			##	Omvandlar text till gemener
-MID			= EXTEXT			##	Returnerar angivet antal tecken från en text med början vid den position som du anger
-MIDB			= EXTEXTB			##	Returnerar angivet antal tecken från en text med början vid den position som du anger
-PHONETIC		= PHONETIC			##	Returnerar de fonetiska (furigana) tecknen i en textsträng
-PROPER			= INITIAL			##	Ändrar första bokstaven i varje ord i ett textvärde till versal
-REPLACE			= ERSÄTT			##	Ersätter tecken i text
-REPLACEB		= ERSÄTTB			##	Ersätter tecken i text
-REPT			= REP				##	Upprepar en text ett bestämt antal gånger
-RIGHT			= HÖGER				##	Returnerar tecken längst till höger i en sträng
-RIGHTB			= HÖGERB			##	Returnerar tecken längst till höger i en sträng
-SEARCH			= SÖK				##	Hittar ett textvärde i ett annat (skiljer inte på gemener och versaler)
-SEARCHB			= SÖKB				##	Hittar ett textvärde i ett annat (skiljer inte på gemener och versaler)
-SUBSTITUTE		= BYT.UT			##	Ersätter gammal text med ny text i en textsträng
-T			= T				##	Omvandlar argumenten till text
-TEXT			= TEXT				##	Formaterar ett tal och omvandlar det till text
-TRIM			= RENSA				##	Tar bort blanksteg från text
-UPPER			= VERSALER			##	Omvandlar text till versaler
-VALUE			= TEXTNUM			##	Omvandlar ett textargument till ett tal
+##
+##	Add-in and Automation functions			Tilläggs- och automatiseringsfunktioner
+##
+GETPIVOTDATA		= HÄMTA.PIVOTDATA		##	Returnerar data som lagrats i en pivottabellrapport
+
+
+##
+##	Cube functions					Kubfunktioner
+##
+CUBEKPIMEMBER		= KUBKPIMEDLEM			##	Returnerar namn, egenskap och mått för en KPI och visar namnet och egenskapen i cellen. En KPI, eller prestandaindikator, är ett kvantifierbart mått, t.ex. månatlig bruttovinst eller personalomsättning per kvartal, som används för att analysera ett företags resultat.
+CUBEMEMBER		= KUBMEDLEM			##	Returnerar en medlem eller ett par i en kubhierarki. Används för att verifiera att medlemmen eller paret finns i kuben.
+CUBEMEMBERPROPERTY	= KUBMEDLEMSEGENSKAP		##	Returnerar värdet för en medlemsegenskap i kuben. Används för att verifiera att ett medlemsnamn finns i kuben, samt för att returnera den angivna egenskapen för medlemmen.
+CUBERANKEDMEMBER	= KUBRANGORDNADMEDLEM		##	Returnerar den n:te, eller rangordnade, medlemmen i en uppsättning. Används för att returnera ett eller flera element i en uppsättning, till exempelvis den bästa försäljaren eller de tio bästa eleverna.
+CUBESET			= KUBINSTÄLLNING		##	Definierar en beräknad uppsättning medlemmar eller par genom att skicka ett bestämt uttryck till kuben på servern, som skapar uppsättningen och sedan returnerar den till Microsoft Office Excel.
+CUBESETCOUNT		= KUBINSTÄLLNINGANTAL		##	Returnerar antalet objekt i en uppsättning.
+CUBEVALUE		= KUBVÄRDE			##	Returnerar ett mängdvärde från en kub.
+
+
+##
+##	Database functions				Databasfunktioner
+##
+DAVERAGE		= DMEDEL			##	Returnerar medelvärdet av databasposterna
+DCOUNT			= DANTAL			##	Räknar antalet celler som innehåller tal i en databas
+DCOUNTA			= DANTALV			##	Räknar ifyllda celler i en databas
+DGET			= DHÄMTA			##	Hämtar en enstaka post från en databas som uppfyller de angivna villkoren
+DMAX			= DMAX				##	Returnerar det största värdet från databasposterna
+DMIN			= DMIN				##	Returnerar det minsta värdet från databasposterna
+DPRODUCT		= DPRODUKT			##	Multiplicerar värdena i ett visst fält i poster som uppfyller villkoret
+DSTDEV			= DSTDAV			##	Uppskattar standardavvikelsen baserat på ett urval av databasposterna
+DSTDEVP			= DSTDAVP			##	Beräknar standardavvikelsen utifrån hela populationen av valda databasposter
+DSUM			= DSUMMA			##	Summerar talen i kolumnfält i databasposter som uppfyller villkoret
+DVAR			= DVARIANS			##	Uppskattar variansen baserat på ett urval av databasposterna
+DVARP			= DVARIANSP			##	Beräknar variansen utifrån hela populationen av valda databasposter
+
+
+##
+##	Date and time functions				Tid- och datumfunktioner
+##
+DATE			= DATUM				##	Returnerar ett serienummer för ett visst datum
+DATEVALUE		= DATUMVÄRDE			##	Konverterar ett datum i textformat till ett serienummer
+DAY			= DAG				##	Konverterar ett serienummer till dag i månaden
+DAYS360			= DAGAR360			##	Beräknar antalet dagar mellan två datum baserat på ett 360-dagarsår
+EDATE			= EDATUM			##	Returnerar serienumret för ett datum som infaller ett visst antal månader före eller efter startdatumet
+EOMONTH			= SLUTMÅNAD			##	Returnerar serienumret för sista dagen i månaden ett visst antal månader tidigare eller senare
+HOUR			= TIMME				##	Konverterar ett serienummer till en timme
+MINUTE			= MINUT				##	Konverterar ett serienummer till en minut
+MONTH			= MÅNAD				##	Konverterar ett serienummer till en månad
+NETWORKDAYS		= NETTOARBETSDAGAR		##	Returnerar antalet hela arbetsdagar mellan två datum
+NOW			= NU				##	Returnerar serienumret för dagens datum och aktuell tid
+SECOND			= SEKUND			##	Konverterar ett serienummer till en sekund
+TIME			= KLOCKSLAG			##	Returnerar serienumret för en viss tid
+TIMEVALUE		= TIDVÄRDE			##	Konverterar en tid i textformat till ett serienummer
+TODAY			= IDAG				##	Returnerar serienumret för dagens datum
+WEEKDAY			= VECKODAG			##	Konverterar ett serienummer till en dag i veckan
+WEEKNUM			= VECKONR			##	Konverterar ett serienummer till ett veckonummer
+WORKDAY			= ARBETSDAGAR			##	Returnerar serienumret för ett datum ett visst antal arbetsdagar tidigare eller senare
+YEAR			= ÅR				##	Konverterar ett serienummer till ett år
+YEARFRAC		= ÅRDEL				##	Returnerar en del av ett år som representerar antalet hela dagar mellan start- och slutdatum
+
+
+##
+##	Engineering functions				Tekniska funktioner
+##
+BESSELI			= BESSELI			##	Returnerar den modifierade Bessel-funktionen In(x)
+BESSELJ			= BESSELJ			##	Returnerar Bessel-funktionen Jn(x)
+BESSELK			= BESSELK			##	Returnerar den modifierade Bessel-funktionen Kn(x)
+BESSELY			= BESSELY			##	Returnerar Bessel-funktionen Yn(x)
+BIN2DEC			= BIN.TILL.DEC			##	Omvandlar ett binärt tal till decimalt
+BIN2HEX			= BIN.TILL.HEX			##	Omvandlar ett binärt tal till hexadecimalt
+BIN2OCT			= BIN.TILL.OKT			##	Omvandlar ett binärt tal till oktalt
+COMPLEX			= KOMPLEX			##	Omvandlar reella och imaginära koefficienter till ett komplext tal
+CONVERT			= KONVERTERA			##	Omvandlar ett tal från ett måttsystem till ett annat
+DEC2BIN			= DEC.TILL.BIN			##	Omvandlar ett decimalt tal till binärt
+DEC2HEX			= DEC.TILL.HEX			##	Omvandlar ett decimalt tal till hexadecimalt
+DEC2OCT			= DEC.TILL.OKT			##	Omvandlar ett decimalt tal till oktalt
+DELTA			= DELTA				##	Testar om två värden är lika
+ERF			= FELF				##	Returnerar felfunktionen
+ERFC			= FELFK				##	Returnerar den komplementära felfunktionen
+GESTEP			= SLSTEG			##	Testar om ett tal är större än ett tröskelvärde
+HEX2BIN			= HEX.TILL.BIN			##	Omvandlar ett hexadecimalt tal till binärt
+HEX2DEC			= HEX.TILL.DEC			##	Omvandlar ett hexadecimalt tal till decimalt
+HEX2OCT			= HEX.TILL.OKT			##	Omvandlar ett hexadecimalt tal till oktalt
+IMABS			= IMABS				##	Returnerar absolutvärdet (modulus) för ett komplext tal
+IMAGINARY		= IMAGINÄR			##	Returnerar den imaginära koefficienten för ett komplext tal
+IMARGUMENT		= IMARGUMENT			##	Returnerar det komplexa talets argument, en vinkel uttryckt i radianer
+IMCONJUGATE		= IMKONJUGAT			##	Returnerar det komplexa talets konjugat
+IMCOS			= IMCOS				##	Returnerar cosinus för ett komplext tal
+IMDIV			= IMDIV				##	Returnerar kvoten för två komplexa tal
+IMEXP			= IMEUPPHÖJT			##	Returnerar exponenten för ett komplext tal
+IMLN			= IMLN				##	Returnerar den naturliga logaritmen för ett komplext tal
+IMLOG10			= IMLOG10			##	Returnerar 10-logaritmen för ett komplext tal
+IMLOG2			= IMLOG2			##	Returnerar 2-logaritmen för ett komplext tal
+IMPOWER			= IMUPPHÖJT			##	Returnerar ett komplext tal upphöjt till en exponent
+IMPRODUCT		= IMPRODUKT			##	Returnerar produkten av komplexa tal
+IMREAL			= IMREAL			##	Returnerar den reella koefficienten för ett komplext tal
+IMSIN			= IMSIN				##	Returnerar sinus för ett komplext tal
+IMSQRT			= IMROT				##	Returnerar kvadratroten av ett komplext tal
+IMSUB			= IMDIFF			##	Returnerar differensen mellan två komplexa tal
+IMSUM			= IMSUM				##	Returnerar summan av komplexa tal
+OCT2BIN			= OKT.TILL.BIN			##	Omvandlar ett oktalt tal till binärt
+OCT2DEC			= OKT.TILL.DEC			##	Omvandlar ett oktalt tal till decimalt
+OCT2HEX			= OKT.TILL.HEX			##	Omvandlar ett oktalt tal till hexadecimalt
+
+
+##
+##	Financial functions				Finansiella funktioner
+##
+ACCRINT			= UPPLRÄNTA			##	Returnerar den upplupna räntan för värdepapper med periodisk ränta
+ACCRINTM		= UPPLOBLRÄNTA			##	Returnerar den upplupna räntan för ett värdepapper som ger avkastning på förfallodagen
+AMORDEGRC		= AMORDEGRC			##	Returnerar avskrivningen för varje redovisningsperiod med hjälp av en avskrivningskoefficient
+AMORLINC		= AMORLINC			##	Returnerar avskrivningen för varje redovisningsperiod
+COUPDAYBS		= KUPDAGBB			##	Returnerar antal dagar från början av kupongperioden till likviddagen
+COUPDAYS		= KUPDAGARS			##	Returnerar antalet dagar i kupongperioden som innehåller betalningsdatumet
+COUPDAYSNC		= KUPDAGNK			##	Returnerar antalet dagar från betalningsdatumet till nästa kupongdatum
+COUPNCD			= KUPNKD			##	Returnerar nästa kupongdatum efter likviddagen
+COUPNUM			= KUPANT			##	Returnerar kuponger som förfaller till betalning mellan likviddagen och förfallodagen
+COUPPCD			= KUPFKD			##	Returnerar föregående kupongdatum före likviddagen
+CUMIPMT			= KUMRÄNTA			##	Returnerar den ackumulerade räntan som betalats mellan två perioder
+CUMPRINC		= KUMPRIS			##	Returnerar det ackumulerade kapitalbeloppet som betalats på ett lån mellan två perioder
+DB			= DB				##	Returnerar avskrivningen för en tillgång under en angiven tid enligt metoden för fast degressiv avskrivning
+DDB			= DEGAVSKR			##	Returnerar en tillgångs värdeminskning under en viss period med hjälp av dubbel degressiv avskrivning eller någon annan metod som du anger
+DISC			= DISK				##	Returnerar diskonteringsräntan för ett värdepapper
+DOLLARDE		= DECTAL			##	Omvandlar ett pris uttryckt som ett bråk till ett decimaltal
+DOLLARFR		= BRÅK				##	Omvandlar ett pris i kronor uttryckt som ett decimaltal till ett bråk
+DURATION		= LÖPTID			##	Returnerar den årliga löptiden för en säkerhet med periodiska räntebetalningar
+EFFECT			= EFFRÄNTA			##	Returnerar den årliga effektiva räntesatsen
+FV			= SLUTVÄRDE			##	Returnerar det framtida värdet på en investering
+FVSCHEDULE		= FÖRRÄNTNING			##	Returnerar det framtida värdet av ett begynnelsekapital beräknat på olika räntenivåer
+INTRATE			= ÅRSRÄNTA			##	Returnerar räntesatsen för ett betalt värdepapper
+IPMT			= RBETALNING			##	Returnerar räntedelen av en betalning för en given period
+IRR			= IR				##	Returnerar internräntan för en serie betalningar
+ISPMT			= RALÅN				##	Beräknar räntan som har betalats under en specifik betalningsperiod
+MDURATION		= MLÖPTID			##	Returnerar den modifierade Macauley-löptiden för ett värdepapper med det antagna nominella värdet 100 kr
+MIRR			= MODIR				##	Returnerar internräntan där positiva och negativa betalningar finansieras med olika räntor
+NOMINAL			= NOMRÄNTA			##	Returnerar den årliga nominella räntesatsen
+NPER			= PERIODER			##	Returnerar antalet perioder för en investering
+NPV			= NETNUVÄRDE			##	Returnerar nuvärdet av en serie periodiska betalningar vid en given diskonteringsränta
+ODDFPRICE		= UDDAFPRIS			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper med en udda första period
+ODDFYIELD		= UDDAFAVKASTNING		##	Returnerar avkastningen för en säkerhet med en udda första period
+ODDLPRICE		= UDDASPRIS			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper med en udda sista period
+ODDLYIELD		= UDDASAVKASTNING		##	Returnerar avkastningen för en säkerhet med en udda sista period
+PMT			= BETALNING			##	Returnerar den periodiska betalningen för en annuitet
+PPMT			= AMORT				##	Returnerar amorteringsdelen av en annuitetsbetalning för en given period
+PRICE			= PRIS				##	Returnerar priset per 100 kr nominellt värde för ett värdepapper som ger periodisk ränta
+PRICEDISC		= PRISDISK			##	Returnerar priset per 100 kr nominellt värde för ett diskonterat värdepapper
+PRICEMAT		= PRISFÖRF			##	Returnerar priset per 100 kr nominellt värde för ett värdepapper som ger ränta på förfallodagen
+PV			= PV				##	Returnerar nuvärdet av en serie lika stora periodiska betalningar
+RATE			= RÄNTA				##	Returnerar räntesatsen per period i en annuitet
+RECEIVED		= BELOPP			##	Returnerar beloppet som utdelas på förfallodagen för ett betalat värdepapper
+SLN			= LINAVSKR			##	Returnerar den linjära avskrivningen för en tillgång under en period
+SYD			= ÅRSAVSKR			##	Returnerar den årliga avskrivningssumman för en tillgång under en angiven period
+TBILLEQ			= SSVXEKV			##	Returnerar avkastningen motsvarande en obligation för en statsskuldväxel
+TBILLPRICE		= SSVXPRIS			##	Returnerar priset per 100 kr nominellt värde för en statsskuldväxel
+TBILLYIELD		= SSVXRÄNTA			##	Returnerar avkastningen för en statsskuldväxel
+VDB			= VDEGRAVSKR			##	Returnerar avskrivningen för en tillgång under en angiven period (med degressiv avskrivning)
+XIRR			= XIRR				##	Returnerar internräntan för en serie betalningar som inte nödvändigtvis är periodiska
+XNPV			= XNUVÄRDE			##	Returnerar det nuvarande nettovärdet för en serie betalningar som inte nödvändigtvis är periodiska
+YIELD			= NOMAVK			##	Returnerar avkastningen för ett värdepapper som ger periodisk ränta
+YIELDDISC		= NOMAVKDISK			##	Returnerar den årliga avkastningen för diskonterade värdepapper, exempelvis en statsskuldväxel
+YIELDMAT		= NOMAVKFÖRF			##	Returnerar den årliga avkastningen för ett värdepapper som ger ränta på förfallodagen
+
+
+##
+##	Information functions				Informationsfunktioner
+##
+CELL			= CELL				##	Returnerar information om formatering, plats och innehåll i en cell
+ERROR.TYPE		= FEL.TYP			##	Returnerar ett tal som motsvarar ett felvärde
+INFO			= INFO				##	Returnerar information om operativsystemet
+ISBLANK			= ÄRREF				##	Returnerar SANT om värdet är tomt
+ISERR			= Ä				##	Returnerar SANT om värdet är ett felvärde annat än #SAKNAS!
+ISERROR			= ÄRFEL				##	Returnerar SANT om värdet är ett felvärde
+ISEVEN			= ÄRJÄMN			##	Returnerar SANT om talet är jämnt
+ISLOGICAL		= ÄREJTEXT			##	Returnerar SANT om värdet är ett logiskt värde
+ISNA			= ÄRLOGISK			##	Returnerar SANT om värdet är felvärdet #SAKNAS!
+ISNONTEXT		= ÄRSAKNAD			##	Returnerar SANT om värdet inte är text
+ISNUMBER		= ÄRTAL				##	Returnerar SANT om värdet är ett tal
+ISODD			= ÄRUDDA			##	Returnerar SANT om talet är udda
+ISREF			= ÄRTOM				##	Returnerar SANT om värdet är en referens
+ISTEXT			= ÄRTEXT			##	Returnerar SANT om värdet är text
+N			= N				##	Returnerar ett värde omvandlat till ett tal
+NA			= SAKNAS			##	Returnerar felvärdet #SAKNAS!
+TYPE			= VÄRDETYP			##	Returnerar ett tal som anger värdets datatyp
+
+
+##
+##	Logical functions				Logiska funktioner
+##
+AND			= OCH				##	Returnerar SANT om alla argument är sanna
+FALSE			= FALSKT			##	Returnerar det logiska värdet FALSKT
+IF			= OM				##	Anger vilket logiskt test som ska utföras
+IFERROR			= OMFEL				##	Returnerar ett värde som du anger om en formel utvärderar till ett fel; annars returneras resultatet av formeln
+NOT			= ICKE				##	Inverterar logiken för argumenten
+OR			= ELLER				##	Returnerar SANT om något argument är SANT
+TRUE			= SANT				##	Returnerar det logiska värdet SANT
+
+
+##
+##	Lookup and reference functions			Sök- och referensfunktioner
+##
+ADDRESS			= ADRESS			##	Returnerar en referens som text till en enstaka cell i ett kalkylblad
+AREAS			= OMRÅDEN			##	Returnerar antalet områden i en referens
+CHOOSE			= VÄLJ				##	Väljer ett värde i en lista över värden
+COLUMN			= KOLUMN			##	Returnerar kolumnnumret för en referens
+COLUMNS			= KOLUMNER			##	Returnerar antalet kolumner i en referens
+HLOOKUP			= LETAKOLUMN			##	Söker i den översta raden i en matris och returnerar värdet för angiven cell
+HYPERLINK		= HYPERLÄNK			##	Skapar en genväg eller ett hopp till ett dokument i nätverket, i ett intranät eller på Internet
+INDEX			= INDEX				##	Använder ett index för ett välja ett värde i en referens eller matris
+INDIRECT		= INDIREKT			##	Returnerar en referens som anges av ett textvärde
+LOOKUP			= LETAUPP			##	Letar upp värden i en vektor eller matris
+MATCH			= PASSA				##	Letar upp värden i en referens eller matris
+OFFSET			= FÖRSKJUTNING			##	Returnerar en referens förskjuten i förhållande till en given referens
+ROW			= RAD				##	Returnerar radnumret för en referens
+ROWS			= RADER				##	Returnerar antalet rader i en referens
+RTD			= RTD				##	Hämtar realtidsdata från ett program som stöder COM-automation (Automation: Ett sätt att arbeta med ett programs objekt från ett annat program eller utvecklingsverktyg. Detta kallades tidigare för OLE Automation, och är en branschstandard och ingår i Component Object Model (COM).)
+TRANSPOSE		= TRANSPONERA			##	Transponerar en matris
+VLOOKUP			= LETARAD			##	Letar i den första kolumnen i en matris och flyttar över raden för att returnera värdet för en cell
+
+
+##
+##	Math and trigonometry functions			Matematiska och trigonometriska funktioner
+##
+ABS			= ABS				##	Returnerar absolutvärdet av ett tal
+ACOS			= ARCCOS			##	Returnerar arcus cosinus för ett tal
+ACOSH			= ARCCOSH			##	Returnerar inverterad hyperbolisk cosinus för ett tal
+ASIN			= ARCSIN			##	Returnerar arcus cosinus för ett tal
+ASINH			= ARCSINH			##	Returnerar hyperbolisk arcus sinus för ett tal
+ATAN			= ARCTAN			##	Returnerar arcus tangens för ett tal
+ATAN2			= ARCTAN2			##	Returnerar arcus tangens för en x- och en y- koordinat
+ATANH			= ARCTANH			##	Returnerar hyperbolisk arcus tangens för ett tal
+CEILING			= RUNDA.UPP			##	Avrundar ett tal till närmaste heltal eller närmaste signifikanta multipel
+COMBIN			= KOMBIN			##	Returnerar antalet kombinationer för ett givet antal objekt
+COS			= COS				##	Returnerar cosinus för ett tal
+COSH			= COSH				##	Returnerar hyperboliskt cosinus för ett tal
+DEGREES			= GRADER			##	Omvandlar radianer till grader
+EVEN			= JÄMN				##	Avrundar ett tal uppåt till närmaste heltal
+EXP			= EXP				##	Returnerar e upphöjt till ett givet tal
+FACT			= FAKULTET			##	Returnerar fakulteten för ett tal
+FACTDOUBLE		= DUBBELFAKULTET		##	Returnerar dubbelfakulteten för ett tal
+FLOOR			= RUNDA.NED			##	Avrundar ett tal nedåt mot noll
+GCD			= SGD				##	Returnerar den största gemensamma nämnaren
+INT			= HELTAL			##	Avrundar ett tal nedåt till närmaste heltal
+LCM			= MGM				##	Returnerar den minsta gemensamma multipeln
+LN			= LN				##	Returnerar den naturliga logaritmen för ett tal
+LOG			= LOG				##	Returnerar logaritmen för ett tal för en given bas
+LOG10			= LOG10				##	Returnerar 10-logaritmen för ett tal
+MDETERM			= MDETERM			##	Returnerar matrisen som är avgörandet av en matris
+MINVERSE		= MINVERT			##	Returnerar matrisinversen av en matris
+MMULT			= MMULT				##	Returnerar matrisprodukten av två matriser
+MOD			= REST				##	Returnerar resten vid en division
+MROUND			= MAVRUNDA			##	Returnerar ett tal avrundat till en given multipel
+MULTINOMIAL		= MULTINOMIAL			##	Returnerar multinomialen för en uppsättning tal
+ODD			= UDDA				##	Avrundar ett tal uppåt till närmaste udda heltal
+PI			= PI				##	Returnerar värdet pi
+POWER			= UPPHÖJT.TILL			##	Returnerar resultatet av ett tal upphöjt till en exponent
+PRODUCT			= PRODUKT			##	Multiplicerar argumenten
+QUOTIENT		= KVOT				##	Returnerar heltalsdelen av en division
+RADIANS			= RADIANER			##	Omvandlar grader till radianer
+RAND			= SLUMP				##	Returnerar ett slumptal mellan 0 och 1
+RANDBETWEEN		= SLUMP.MELLAN			##	Returnerar ett slumptal mellan de tal som du anger
+ROMAN			= ROMERSK			##	Omvandlar vanliga (arabiska) siffror till romerska som text
+ROUND			= AVRUNDA			##	Avrundar ett tal till ett angivet antal siffror
+ROUNDDOWN		= AVRUNDA.NEDÅT			##	Avrundar ett tal nedåt mot noll
+ROUNDUP			= AVRUNDA.UPPÅT			##	Avrundar ett tal uppåt, från noll
+SERIESSUM		= SERIESUMMA			##	Returnerar summan av en potensserie baserat på formeln
+SIGN			= TECKEN			##	Returnerar tecknet för ett tal
+SIN			= SIN				##	Returnerar sinus för en given vinkel
+SINH			= SINH				##	Returnerar hyperbolisk sinus för ett tal
+SQRT			= ROT				##	Returnerar den positiva kvadratroten
+SQRTPI			= ROTPI				##	Returnerar kvadratroten för (tal * pi)
+SUBTOTAL		= DELSUMMA			##	Returnerar en delsumma i en lista eller databas
+SUM			= SUMMA				##	Summerar argumenten
+SUMIF			= SUMMA.OM			##	Summerar celler enligt ett angivet villkor
+SUMIFS			= SUMMA.OMF			##	Lägger till cellerna i ett område som uppfyller flera kriterier
+SUMPRODUCT		= PRODUKTSUMMA			##	Returnerar summan av produkterna i motsvarande matriskomponenter
+SUMSQ			= KVADRATSUMMA			##	Returnerar summan av argumentens kvadrater
+SUMX2MY2		= SUMMAX2MY2			##	Returnerar summan av differensen mellan kvadraterna för motsvarande värden i två matriser
+SUMX2PY2		= SUMMAX2PY2			##	Returnerar summan av summan av kvadraterna av motsvarande värden i två matriser
+SUMXMY2			= SUMMAXMY2			##	Returnerar summan av kvadraten av skillnaden mellan motsvarande värden i två matriser
+TAN			= TAN				##	Returnerar tangens för ett tal
+TANH			= TANH				##	Returnerar hyperbolisk tangens för ett tal
+TRUNC			= AVKORTA			##	Avkortar ett tal till ett heltal
+
+
+##
+##	Statistical functions				Statistiska funktioner
+##
+AVEDEV			= MEDELAVV			##	Returnerar medelvärdet för datapunkters absoluta avvikelse från deras medelvärde
+AVERAGE			= MEDEL				##	Returnerar medelvärdet av argumenten
+AVERAGEA		= AVERAGEA			##	Returnerar medelvärdet av argumenten, inklusive tal, text och logiska värden
+AVERAGEIF		= MEDELOM			##	Returnerar medelvärdet (aritmetiskt medelvärde) för alla celler i ett område som uppfyller ett givet kriterium
+AVERAGEIFS		= MEDELOMF			##	Returnerar medelvärdet (det aritmetiska medelvärdet) för alla celler som uppfyller flera villkor.
+BETADIST		= BETAFÖRD			##	Returnerar den kumulativa betafördelningsfunktionen
+BETAINV			= BETAINV			##	Returnerar inversen till den kumulativa fördelningsfunktionen för en viss betafördelning
+BINOMDIST		= BINOMFÖRD			##	Returnerar den individuella binomialfördelningen
+CHIDIST			= CHI2FÖRD			##	Returnerar den ensidiga sannolikheten av c2-fördelningen
+CHIINV			= CHI2INV			##	Returnerar inversen av chi2-fördelningen
+CHITEST			= CHI2TEST			##	Returnerar oberoendetesten
+CONFIDENCE		= KONFIDENS			##	Returnerar konfidensintervallet för en populations medelvärde
+CORREL			= KORREL			##	Returnerar korrelationskoefficienten mellan två datamängder
+COUNT			= ANTAL				##	Räknar hur många tal som finns bland argumenten
+COUNTA			= ANTALV			##	Räknar hur många värden som finns bland argumenten
+COUNTBLANK		= ANTAL.TOMMA			##	Räknar antalet tomma celler i ett område
+COUNTIF			= ANTAL.OM			##	Räknar antalet celler i ett område som uppfyller angivna villkor.
+COUNTIFS		= ANTAL.OMF			##	Räknar antalet celler i ett område som uppfyller flera villkor.
+COVAR			= KOVAR				##	Returnerar kovariansen, d.v.s. medelvärdet av produkterna för parade avvikelser
+CRITBINOM		= KRITBINOM			##	Returnerar det minsta värdet för vilket den kumulativa binomialfördelningen är mindre än eller lika med ett villkorsvärde
+DEVSQ			= KVADAVV			##	Returnerar summan av kvadrater på avvikelser
+EXPONDIST		= EXPONFÖRD			##	Returnerar exponentialfördelningen
+FDIST			= FFÖRD				##	Returnerar F-sannolikhetsfördelningen
+FINV			= FINV				##	Returnerar inversen till F-sannolikhetsfördelningen
+FISHER			= FISHER			##	Returnerar Fisher-transformationen
+FISHERINV		= FISHERINV			##	Returnerar inversen till Fisher-transformationen
+FORECAST		= PREDIKTION			##	Returnerar ett värde längs en linjär trendlinje
+FREQUENCY		= FREKVENS			##	Returnerar en frekvensfördelning som en lodrät matris
+FTEST			= FTEST				##	Returnerar resultatet av en F-test
+GAMMADIST		= GAMMAFÖRD			##	Returnerar gammafördelningen
+GAMMAINV		= GAMMAINV			##	Returnerar inversen till den kumulativa gammafördelningen
+GAMMALN			= GAMMALN			##	Returnerar den naturliga logaritmen för gammafunktionen, G(x)
+GEOMEAN			= GEOMEDEL			##	Returnerar det geometriska medelvärdet
+GROWTH			= EXPTREND			##	Returnerar värden längs en exponentiell trend
+HARMEAN			= HARMMEDEL			##	Returnerar det harmoniska medelvärdet
+HYPGEOMDIST		= HYPGEOMFÖRD			##	Returnerar den hypergeometriska fördelningen
+INTERCEPT		= SKÄRNINGSPUNKT		##	Returnerar skärningspunkten för en linjär regressionslinje
+KURT			= TOPPIGHET			##	Returnerar toppigheten av en mängd data
+LARGE			= STÖRSTA			##	Returnerar det n:te största värdet i en mängd data
+LINEST			= REGR				##	Returnerar parametrar till en linjär trendlinje
+LOGEST			= EXPREGR			##	Returnerar parametrarna i en exponentiell trend
+LOGINV			= LOGINV			##	Returnerar inversen till den lognormala fördelningen
+LOGNORMDIST		= LOGNORMFÖRD			##	Returnerar den kumulativa lognormala fördelningen
+MAX			= MAX				##	Returnerar det största värdet i en lista av argument
+MAXA			= MAXA				##	Returnerar det största värdet i en lista av argument, inklusive tal, text och logiska värden
+MEDIAN			= MEDIAN			##	Returnerar medianen för angivna tal
+MIN			= MIN				##	Returnerar det minsta värdet i en lista med argument
+MINA			= MINA				##	Returnerar det minsta värdet i en lista över argument, inklusive tal, text och logiska värden
+MODE			= TYPVÄRDE			##	Returnerar det vanligaste värdet i en datamängd
+NEGBINOMDIST		= NEGBINOMFÖRD			##	Returnerar den negativa binomialfördelningen
+NORMDIST		= NORMFÖRD			##	Returnerar den kumulativa normalfördelningen
+NORMINV			= NORMINV			##	Returnerar inversen till den kumulativa normalfördelningen
+NORMSDIST		= NORMSFÖRD			##	Returnerar den kumulativa standardnormalfördelningen
+NORMSINV		= NORMSINV			##	Returnerar inversen till den kumulativa standardnormalfördelningen
+PEARSON			= PEARSON			##	Returnerar korrelationskoefficienten till Pearsons momentprodukt
+PERCENTILE		= PERCENTIL			##	Returnerar den n:te percentilen av värden i ett område
+PERCENTRANK		= PROCENTRANG			##	Returnerar procentrangen för ett värde i en datamängd
+PERMUT			= PERMUT			##	Returnerar antal permutationer för ett givet antal objekt
+POISSON			= POISSON			##	Returnerar Poisson-fördelningen
+PROB			= SANNOLIKHET			##	Returnerar sannolikheten att värden i ett område ligger mellan två gränser
+QUARTILE		= KVARTIL			##	Returnerar kvartilen av en mängd data
+RANK			= RANG				##	Returnerar rangordningen för ett tal i en lista med tal
+RSQ			= RKV				##	Returnerar kvadraten av Pearsons produktmomentkorrelationskoefficient
+SKEW			= SNEDHET			##	Returnerar snedheten för en fördelning
+SLOPE			= LUTNING			##	Returnerar lutningen på en linjär regressionslinje
+SMALL			= MINSTA			##	Returnerar det n:te minsta värdet i en mängd data
+STANDARDIZE		= STANDARDISERA			##	Returnerar ett normaliserat värde
+STDEV			= STDAV				##	Uppskattar standardavvikelsen baserat på ett urval
+STDEVA			= STDEVA			##	Uppskattar standardavvikelsen baserat på ett urval, inklusive tal, text och logiska värden
+STDEVP			= STDAVP			##	Beräknar standardavvikelsen baserat på hela populationen
+STDEVPA			= STDEVPA			##	Beräknar standardavvikelsen baserat på hela populationen, inklusive tal, text och logiska värden
+STEYX			= STDFELYX			##	Returnerar standardfelet för ett förutspått y-värde för varje x-värde i regressionen
+TDIST			= TFÖRD				##	Returnerar Students t-fördelning
+TINV			= TINV				##	Returnerar inversen till Students t-fördelning
+TREND			= TREND				##	Returnerar värden längs en linjär trend
+TRIMMEAN		= TRIMMEDEL			##	Returnerar medelvärdet av mittpunkterna i en datamängd
+TTEST			= TTEST				##	Returnerar sannolikheten beräknad ur Students t-test
+VAR			= VARIANS			##	Uppskattar variansen baserat på ett urval
+VARA			= VARA				##	Uppskattar variansen baserat på ett urval, inklusive tal, text och logiska värden
+VARP			= VARIANSP			##	Beräknar variansen baserat på hela populationen
+VARPA			= VARPA				##	Beräknar variansen baserat på hela populationen, inklusive tal, text och logiska värden
+WEIBULL			= WEIBULL			##	Returnerar Weibull-fördelningen
+ZTEST			= ZTEST				##	Returnerar det ensidiga sannolikhetsvärdet av ett z-test
+
+
+##
+##	Text functions					Textfunktioner
+##
+ASC			= ASC				##	Ändrar helbredds (dubbel byte) engelska bokstäver eller katakana inom en teckensträng till tecken med halvt breddsteg (enkel byte)
+BAHTTEXT		= BAHTTEXT			##	Omvandlar ett tal till text med valutaformatet ß (baht)
+CHAR			= TECKENKOD			##	Returnerar tecknet som anges av kod
+CLEAN			= STÄDA				##	Tar bort alla icke utskrivbara tecken i en text
+CODE			= KOD				##	Returnerar en numerisk kod för det första tecknet i en textsträng
+CONCATENATE		= SAMMANFOGA			##	Sammanfogar flera textdelar till en textsträng
+DOLLAR			= VALUTA			##	Omvandlar ett tal till text med valutaformat
+EXACT			= EXAKT				##	Kontrollerar om två textvärden är identiska
+FIND			= HITTA				##	Hittar en text i en annan (skiljer på gemener och versaler)
+FINDB			= HITTAB			##	Hittar en text i en annan (skiljer på gemener och versaler)
+FIXED			= FASTTAL			##	Formaterar ett tal som text med ett fast antal decimaler
+JIS			= JIS				##	Ändrar halvbredds (enkel byte) engelska bokstäver eller katakana inom en teckensträng till tecken med helt breddsteg (dubbel byte)
+LEFT			= VÄNSTER			##	Returnerar tecken längst till vänster i en sträng
+LEFTB			= VÄNSTERB			##	Returnerar tecken längst till vänster i en sträng
+LEN			= LÄNGD				##	Returnerar antalet tecken i en textsträng
+LENB			= LÄNGDB			##	Returnerar antalet tecken i en textsträng
+LOWER			= GEMENER			##	Omvandlar text till gemener
+MID			= EXTEXT			##	Returnerar angivet antal tecken från en text med början vid den position som du anger
+MIDB			= EXTEXTB			##	Returnerar angivet antal tecken från en text med början vid den position som du anger
+PHONETIC		= PHONETIC			##	Returnerar de fonetiska (furigana) tecknen i en textsträng
+PROPER			= INITIAL			##	Ändrar första bokstaven i varje ord i ett textvärde till versal
+REPLACE			= ERSÄTT			##	Ersätter tecken i text
+REPLACEB		= ERSÄTTB			##	Ersätter tecken i text
+REPT			= REP				##	Upprepar en text ett bestämt antal gånger
+RIGHT			= HÖGER				##	Returnerar tecken längst till höger i en sträng
+RIGHTB			= HÖGERB			##	Returnerar tecken längst till höger i en sträng
+SEARCH			= SÖK				##	Hittar ett textvärde i ett annat (skiljer inte på gemener och versaler)
+SEARCHB			= SÖKB				##	Hittar ett textvärde i ett annat (skiljer inte på gemener och versaler)
+SUBSTITUTE		= BYT.UT			##	Ersätter gammal text med ny text i en textsträng
+T			= T				##	Omvandlar argumenten till text
+TEXT			= TEXT				##	Formaterar ett tal och omvandlar det till text
+TRIM			= RENSA				##	Tar bort blanksteg från text
+UPPER			= VERSALER			##	Omvandlar text till versaler
+VALUE			= TEXTNUM			##	Omvandlar ett textargument till ett tal
diff --git a/lib/URI/uri.class.php b/lib/URI/uri.class.php
index 3e31a1f88..91a0a5165 100644
--- a/lib/URI/uri.class.php
+++ b/lib/URI/uri.class.php
@@ -163,5 +163,4 @@ class G5_URI {
 
 		return $host.$return_url.$add_param.$fragment;
    }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/cache.lib.php b/lib/cache.lib.php
index 07b640148..5e6c7c6c7 100644
--- a/lib/cache.lib.php
+++ b/lib/cache.lib.php
@@ -91,5 +91,4 @@ function g5_delete_cache_by_prefix($key){
     }
 
     return ($files) ? true : false;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/common.lib.php b/lib/common.lib.php
index b38322c3b..2476c7c3d 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -166,9 +166,8 @@ function get_cookie($cookie_name)
 // 경고메세지를 경고창으로
 function alert($msg='', $url='', $error=true, $post=false)
 {
-    global $g5, $config, $member;
-    global $is_admin;
-    
+    global $g5, $config, $member, $is_member, $is_admin, $board;
+
     run_event('alert', $msg, $url, $error, $post);
 
     $msg = $msg ? strip_tags($msg, '<br>') : '올바른 방법으로 이용해 주십시오.';
@@ -185,7 +184,7 @@ function alert($msg='', $url='', $error=true, $post=false)
 // 경고메세지 출력후 창을 닫음
 function alert_close($msg, $error=true)
 {
-    global $g5;
+    global $g5, $config, $member, $is_member, $is_admin, $board;
     
     run_event('alert_close', $msg, $error);
 
@@ -202,7 +201,7 @@ function alert_close($msg, $error=true)
 // confirm 창
 function confirm($msg, $url1='', $url2='', $url3='')
 {
-    global $g5;
+    global $g5, $config, $member, $is_member, $is_admin, $board;
 
     if (!$msg) {
         $msg = '올바른 방법으로 이용해 주십시오.';
@@ -300,14 +299,14 @@ function get_filesize($size)
 // 게시글에 첨부된 파일을 얻는다. (배열로 반환)
 function get_file($bo_table, $wr_id)
 {
-    global $g5, $qstr;
+    global $g5, $qstr, $board;
 
     $file['count'] = 0;
     $sql = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '$wr_id' order by bf_no ";
     $result = sql_query($sql);
     while ($row = sql_fetch_array($result))
     {
-        $no = $row['bf_no'];
+        $no = (int) $row['bf_no'];
         $bf_content = $row['bf_content'] ? html_purifier($row['bf_content']) : '';
         $file[$no]['href'] = G5_BBS_URL."/download.php?bo_table=$bo_table&amp;wr_id=$wr_id&amp;no=$no" . $qstr;
         $file[$no]['download'] = $row['bf_download'];
@@ -763,7 +762,8 @@ function get_group($gr_id, $is_cache=false)
 
     $sql = " select * from {$g5['group_table']} where gr_id = '$gr_id' ";
 
-    $cache[$key] = run_replace('get_group', sql_fetch($sql), $gr_id, $is_cache);
+    $group = run_replace('get_group', sql_fetch($sql), $gr_id, $is_cache);
+    $cache[$key] = array_merge(array('gr_device'=>'', 'gr_subject'=>''), (array) $group);
 
     return $cache[$key];
 }
@@ -1252,13 +1252,13 @@ function delete_point($mb_id, $rel_table, $rel_id, $rel_action)
                       and po_rel_action = '$rel_action' ";
         $row = sql_fetch($sql);
 
-        if($row['po_point'] < 0) {
+        if(isset($row['po_point']) && $row['po_point'] < 0) {
             $mb_id = $row['mb_id'];
             $po_point = abs($row['po_point']);
 
             delete_use_point($mb_id, $po_point);
         } else {
-            if($row['po_use_point'] > 0) {
+            if(isset($row['po_use_point']) && $row['po_use_point'] > 0) {
                 insert_use_point($row['mb_id'], $row['po_use_point'], $row['po_id']);
             }
         }
@@ -1270,11 +1270,13 @@ function delete_point($mb_id, $rel_table, $rel_id, $rel_action)
                        and po_rel_action = '$rel_action' ", false);
 
         // po_mb_point에 반영
-        $sql = " update {$g5['point_table']}
-                    set po_mb_point = po_mb_point - '{$row['po_point']}'
-                    where mb_id = '$mb_id'
-                      and po_id > '{$row['po_id']}' ";
-        sql_query($sql);
+        if(isset($row['po_point'])) {
+            $sql = " update {$g5['point_table']}
+                        set po_mb_point = po_mb_point - '{$row['po_point']}'
+                        where mb_id = '$mb_id'
+                          and po_id > '{$row['po_id']}' ";
+            sql_query($sql);
+        }
 
         // 포인트 내역의 합을 구하고
         $sum_point = get_point_sum($mb_id);
@@ -1391,7 +1393,7 @@ function view_file_link($file, $width, $height, $content='')
     $ids++;
 
     // 파일의 폭이 게시판설정의 이미지폭 보다 크다면 게시판설정 폭으로 맞추고 비율에 따라 높이를 계산
-    if ($width > $board['bo_image_width'] && $board['bo_image_width'])
+    if ($board && $width > $board['bo_image_width'] && $board['bo_image_width'])
     {
         $rate = $board['bo_image_width'] / $width;
         $width = $board['bo_image_width'];
@@ -1404,7 +1406,7 @@ function view_file_link($file, $width, $height, $content='')
     else
         $attr = '';
 
-    if (preg_match("/\.({$config['cf_image_extension']})$/i", $file)) {
+    if (preg_match("/\.({$config['cf_image_extension']})$/i", $file) && isset($board['bo_table'])) {
         $attr_href = run_replace('thumb_view_image_href', G5_BBS_URL.'/view_image.php?bo_table='.$board['bo_table'].'&amp;fn='.urlencode($file), $file, $board['bo_table'], $width, $height, $content);
         $img = '<a href="'.$attr_href.'" target="_blank" class="view_image">';
         $img .= '<img src="'.G5_DATA_URL.'/file/'.$board['bo_table'].'/'.urlencode($file).'" alt="'.$content.'" '.$attr.'>';
@@ -1749,7 +1751,7 @@ function get_table_define($table, $crlf="\n")
     global $g5;
 
     // For MySQL < 3.23.20
-    $schema_create .= 'CREATE TABLE ' . $table . ' (' . $crlf;
+    $schema_create = 'CREATE TABLE ' . $table . ' (' . $crlf;
 
     $sql = 'SHOW FIELDS FROM ' . $table;
     $result = sql_query($sql);
@@ -1799,7 +1801,7 @@ function get_table_define($table, $crlf="\n")
     } // end while
     sql_free_result($result);
 
-    while (list($x, $columns) = @each($index)) {
+    foreach((array) $index as $x => $columns){
         $schema_create     .= ',' . $crlf;
         if ($x == 'PRIMARY') {
             $schema_create .= '    PRIMARY KEY (';
@@ -1810,7 +1812,7 @@ function get_table_define($table, $crlf="\n")
         } else {
             $schema_create .= '    KEY ' . $x . ' (';
         }
-        $schema_create     .= implode($columns, ', ') . ')';
+        $schema_create     .= implode(', ', $columns) . ')';
     } // end while
 
     $schema_create .= $crlf . ') ENGINE=MyISAM DEFAULT CHARSET=utf8';
@@ -2239,7 +2241,7 @@ function get_uniqid()
     sql_query(" LOCK TABLE {$g5['uniqid_table']} WRITE ");
     while (1) {
         // 년월일시분초에 100분의 1초 두자리를 추가함 (1/100 초 앞에 자리가 모자르면 0으로 채움)
-        $key = date('YmdHis', time()) . str_pad((int)(microtime()*100), 2, "0", STR_PAD_LEFT);
+        $key = date('YmdHis', time()) . str_pad((int)((float)microtime()*100), 2, "0", STR_PAD_LEFT);
 
         $result = sql_query(" insert into {$g5['uniqid_table']} set uq_id = '$key', uq_ip = '{$_SERVER['REMOTE_ADDR']}' ", false);
         if ($result) break; // 쿼리가 정상이면 빠진다.
@@ -2717,32 +2719,9 @@ function board_notice($bo_notice, $wr_id, $insert=false)
 function googl_short_url($longUrl)
 {
     global $config;
-
-    // Get API key from : http://code.google.com/apis/console/
-    // URL Shortener API ON
-    $apiKey = $config['cf_googl_shorturl_apikey'];
-
-    $postData = array('longUrl' => $longUrl);
-    $jsonData = json_encode($postData);
-
-    $curlObj = curl_init();
-
-    curl_setopt($curlObj, CURLOPT_URL, 'https://www.googleapis.com/urlshortener/v1/url?key='.$apiKey);
-    curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
-    curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, 0);
-    curl_setopt($curlObj, CURLOPT_HEADER, 0);
-    curl_setopt($curlObj, CURLOPT_HTTPHEADER, array('Content-type:application/json'));
-    curl_setopt($curlObj, CURLOPT_POST, 1);
-    curl_setopt($curlObj, CURLOPT_POSTFIELDS, $jsonData);
-
-    $response = curl_exec($curlObj);
-
-    //change the response json string to object
-    $json = json_decode($response);
-
-    curl_close($curlObj);
-
-    return $json->id;
+    
+    // 구글 짧은 주소는 서비스가 종료 되었습니다.
+    return function_exists('run_replace') ? run_replace('googl_short_url', $longUrl) : $longUrl;
 }
 
 
@@ -2813,7 +2792,7 @@ function certify_count_check($mb_id, $type)
 }
 
 // 1:1문의 설정로드
-function get_qa_config($fld='*')
+function get_qa_config($fld='*', $is_cache=false)
 {
     global $g5;
 
@@ -2840,6 +2819,8 @@ if (!function_exists("get_sock")) {
             $host = $res[1];
             $get  = $res[2];
         }
+        
+        $header = '';
 
         // 80번 포트로 소캣접속 시도
         $fp = fsockopen ($host, 80, $errno, $errstr, $timeout);
@@ -3044,8 +3025,16 @@ function get_search_string($stx)
 }
 
 // XSS 관련 태그 제거
-function clean_xss_tags($str, $check_entities=0)
+function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len=0)
 {
+    if( $is_remove_tags ){
+        $str = strip_tags($str);
+    }
+
+    if( $cur_str_len ){
+        $str = utf8_strcut($str, $cur_str_len, '');
+    }
+
     $str_len = strlen($str);
     
     $i = 0;
@@ -3188,7 +3177,7 @@ function get_email_address($email)
 {
     preg_match("/[0-9a-z._-]+@[a-z0-9._-]{4,}/i", $email, $matches);
 
-    return $matches[0];
+    return isset($matches[0]) ? $matches[0] : '';
 }
 
 // 파일명에서 특수문자 제거
@@ -3368,6 +3357,11 @@ function clean_query_string($query, $amp=true)
         $q = array();
 
         foreach($out as $key=>$val) {
+            if(($key && is_array($key)) || ($val && is_array($val))){
+                $q[$key] = $val;
+                continue;
+            }
+
             $key = strip_tags(trim($key));
             $val = trim($val);
 
@@ -3441,33 +3435,41 @@ function clean_query_string($query, $amp=true)
     return $str;
 }
 
-function get_params_merge_url($params){
-    $p = @parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'];
-    if(isset($p['port']) && $p['port'])
-        $href .= ':'.$p['port'];
-
-    if( $tmp = explode('?', $_SERVER['REQUEST_URI']) ){
-        if( isset($tmp[0]) && $tmp[0] )
+function get_params_merge_url($params, $url=''){
+    $str_url = $url ? $url : G5_URL;
+    $p = @parse_url($str_url);
+    $href = (isset($p['scheme']) ? "{$p['scheme']}://" : '')
+        . (isset($p['user']) ? $p['user']
+        . (isset($p['pass']) ? ":{$p['pass']}" : '').'@' : '')
+        . (isset($p['host']) ? $p['host'] : '')
+        . ((isset($p['path']) && $url) ? $p['path'] : '')
+        . ((isset($p['port']) && $p['port']) ? ":{$p['port']}" : '');
+    
+    $ori_params = '';
+    if( $url ){
+        $ori_params = !empty($p['query']) ? $p['query'] : '';
+    } else if( $tmp = explode('?', $_SERVER['REQUEST_URI']) ){
+        if( isset($tmp[0]) && $tmp[0] ) {
             $href .= $tmp[0];
-    }
-    $q = array();
-    if($_SERVER['QUERY_STRING']) {
-        foreach($_GET as $key=>$val) {
-            $key = strip_tags($key);
-            $val = strip_tags($val);
-
-            if($key && $val)
-                $q[$key] = $val;
+            $ori_params = isset($tmp[1]) ? $tmp[1] : '';
+        }
+        if( $freg = strstr($ori_params, '#') ) {
+            $p['fragment'] = preg_replace('/^#/', '', $freg);
         }
     }
-
-    if( is_array($params) ){
+    
+    $q = array();
+    if( $ori_params ){
+        parse_str( $ori_params, $q );
+    }
+    
+    if( is_array($params) && $params ){
         $q = array_merge($q, $params);
     }
 
     $query = http_build_query($q, '', '&amp;');
-    $href .= '?'.$query;
+    $qc = (strpos( $href, '?' ) !== false) ? '&amp;' : '?';
+    $href .= $qc.$query.(isset($p['fragment']) ? "#{$p['fragment']}" : '');
 
     return $href;
 }
@@ -3717,6 +3719,15 @@ function is_use_email_certify(){
     return $config['cf_use_email_certify'];
 }
 
+function safe_replace_regex($str, $str_case=''){
+
+    if($str_case === 'time'){
+        return preg_replace('/[^0-9 _\-:]/i', '', $str);
+    }
+
+    return preg_replace('/[^0-9a-z_\-]/i', '', $str);
+}
+
 function get_real_client_ip(){
 
     $real_ip = $_SERVER['REMOTE_ADDR'];
@@ -3872,4 +3883,3 @@ function option_array_checked($option, $arr=array()){
 
     return $checked;
 }
-?>
\ No newline at end of file
diff --git a/lib/connect.lib.php b/lib/connect.lib.php
index 3be01c4de..c8400f797 100644
--- a/lib/connect.lib.php
+++ b/lib/connect.lib.php
@@ -37,5 +37,4 @@ function connect($skin_dir='basic')
     ob_end_clean();
 
     return $content;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/editor.lib.php b/lib/editor.lib.php
index d3650ad83..0f43842a1 100644
--- a/lib/editor.lib.php
+++ b/lib/editor.lib.php
@@ -23,5 +23,4 @@ function get_editor_js($id)
 function chk_editor_js($id)
 {
     return "if (!{$id}_editor.value) { alert(\"내용을 입력해 주십시오.\"); {$id}_editor.focus(); return false; }\n";
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/etc.lib.php b/lib/etc.lib.php
index 34af83e61..41b48e1ed 100644
--- a/lib/etc.lib.php
+++ b/lib/etc.lib.php
@@ -10,5 +10,4 @@ function write_log($file, $log) {
     ob_end_clean();
     fwrite($fp, $msg);
     fclose($fp);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/get_data.lib.php b/lib/get_data.lib.php
index 430b69d06..edb7386bf 100644
--- a/lib/get_data.lib.php
+++ b/lib/get_data.lib.php
@@ -82,8 +82,11 @@ function get_board_db($bo_table, $is_cache=false){
 
         $sql = " select * from {$g5['board_table']} where bo_table = '$bo_table' ";
 
-        $cache[$key] = sql_fetch($sql);
+        $board = sql_fetch($sql);
+        
+        $board_defaults = array('bo_table'=>'', 'bo_skin'=>'', 'bo_mobile_skin'=>'', 'bo_upload_count' => 0, 'bo_use_dhtml_editor'=>'', 'bo_subject'=>'', 'bo_image_width'=>0);
 
+        $cache[$key] = array_merge($board_defaults, (array) $board);
     }
 
     return $cache[$key];
@@ -116,6 +119,7 @@ function get_menu_db($use_mobile=0, $is_cache=false){
 			
 			$row['ori_me_link'] = $row['me_link'];
 			$row['me_link'] = short_url_clean($row['me_link']);
+            $row['sub'] = isset($row['sub']) ? $row['sub'] : array();
 			$cache[$key][$i] = $row;
 
 			$sql2 = " select *
@@ -473,5 +477,4 @@ function get_scrap_totals($mb_id=''){
     $row = sql_fetch($sql, false);
 
     return $row['cnt'];
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/hook.lib.php b/lib/hook.lib.php
index 453d79a78..7ec8a8b15 100644
--- a/lib/hook.lib.php
+++ b/lib/hook.lib.php
@@ -130,5 +130,4 @@ function get_hook_datas($type='', $is_callback=''){
     }
 
     return null;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/icode.lms.lib.php b/lib/icode.lms.lib.php
index 4b6b2a1d9..f74b14e3b 100644
--- a/lib/icode.lms.lib.php
+++ b/lib/icode.lms.lib.php
@@ -65,6 +65,7 @@ class LMS {
 
 		// 문자 타입별 Port 설정.
 		$sendType = strlen($strData) > 90 ? 1 : 0; // 0: SMS / 1: LMS
+        $is_use_json = false;
 
         // 토큰키를 사용한다면
         if( isset($config['cf_icode_token_key']) && $config['cf_icode_token_key'] === $this->icode_key ){
@@ -357,5 +358,4 @@ function CheckCallCenter($url, $dest, $data) {
 		default:
 			return CutChar($data,80);	break;
 	}
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/icode.sms.lib.php b/lib/icode.sms.lib.php
index 679b8b0c5..9b8f75a2f 100644
--- a/lib/icode.sms.lib.php
+++ b/lib/icode.sms.lib.php
@@ -239,5 +239,4 @@ class SMS {
 		$this->Data=array();
         return true;
 	}
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/iteminfo.lib.php b/lib/iteminfo.lib.php
index 2a79e2d00..111c52bf7 100644
--- a/lib/iteminfo.lib.php
+++ b/lib/iteminfo.lib.php
@@ -556,5 +556,4 @@ $item_info = array(
             "as"=>array("A/S 책임자와 전화번호 또는 소비자상담 관련 전화번호", ""),
         )
     ),
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/lib/json.lib.php b/lib/json.lib.php
index 37fa82b10..877f8c4c2 100644
--- a/lib/json.lib.php
+++ b/lib/json.lib.php
@@ -75,5 +75,4 @@ if(!function_exists('json_decode'))
         eval($out . ';');
         return $x;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/latest.lib.php b/lib/latest.lib.php
index 4d60a0b0a..fc6925e0c 100644
--- a/lib/latest.lib.php
+++ b/lib/latest.lib.php
@@ -48,6 +48,10 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40, $cache_time=
 
         $board = get_board_db($bo_table, true);
 
+        if( ! $board ){
+            return '';
+        }
+
         $bo_subject = get_text($board['bo_subject']);
 
         $tmp_write_table = $g5['write_prefix'] . $bo_table; // 게시판 테이블 전체이름
@@ -82,6 +86,8 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40, $cache_time=
                 //     $img_content = '<img src="'. G5_IMG_URL.'/no_img.png'.'" alt="'.$thumb['alt'].'" width="'.$thumb_width.'" height="'.$thumb_height.'" class="no_img">';
                 }
             }
+
+            if(! isset($list[$i]['icon_file'])) $list[$i]['icon_file'] = '';
         }
         g5_latest_cache_data($bo_table, $list);
 
@@ -105,5 +111,4 @@ function latest($skin_dir='', $bo_table, $rows=10, $subject_len=40, $cache_time=
     ob_end_clean();
 
     return $content;
-}
-?>
+}
\ No newline at end of file
diff --git a/lib/mailer.lib.php b/lib/mailer.lib.php
index 8d0ff707a..11492b335 100644
--- a/lib/mailer.lib.php
+++ b/lib/mailer.lib.php
@@ -51,5 +51,4 @@ function attach_file($filename, $tmp_name)
     move_uploaded_file($tmp_name, $dest_file);
     $tmpfile = array("name" => $filename, "path" => $dest_file);
     return $tmpfile;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/naver_syndi.lib.php b/lib/naver_syndi.lib.php
index cbe0b8c8b..7cf82b804 100644
--- a/lib/naver_syndi.lib.php
+++ b/lib/naver_syndi.lib.php
@@ -50,5 +50,4 @@ function naver_syndi_ping($bo_table, $wr_id)
     curl_close($ping);
 
     return $response;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/naverpay.lib.php b/lib/naverpay.lib.php
index 853a9b4d8..902a2aedd 100644
--- a/lib/naverpay.lib.php
+++ b/lib/naverpay.lib.php
@@ -175,11 +175,12 @@ class naverpay_register
             $shipping .= '&SHIPPING_ADDITIONAL_PRICE='.urlencode(SHIPPING_ADDITIONAL_PRICE);
 
         if($item) {
+            $na_co_val = isset($_COOKIE['NA_CO']) ? urlencode($_COOKIE['NA_CO']) : '';
             $query .= 'SHOP_ID='.urlencode($default['de_naverpay_mid']);
             $query .= '&CERTI_KEY='.urlencode($default['de_naverpay_cert_key']);
             $query .= $shipping;
             $query .= '&BACK_URL='.urlencode(NAVERPAY_BACK_URL);
-            $query .= '&NAVER_INFLOW_CODE='.urlencode($_COOKIE['NA_CO']);
+            $query .= '&NAVER_INFLOW_CODE='.$na_co_val;
             $query .= $item;
             $query .= '&TOTAL_PRICE='.$total;
         }
@@ -331,5 +332,4 @@ function return_error2json($str, $fld='error')
     $data[$fld] = trim($str);
 
     die(json_encode($data));
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/outlogin.lib.php b/lib/outlogin.lib.php
index 73aa028b3..d9b3fd805 100644
--- a/lib/outlogin.lib.php
+++ b/lib/outlogin.lib.php
@@ -63,5 +63,4 @@ function outlogin($skin_dir='basic')
     ob_end_clean();
 
     return run_replace('outlogin_content', $content, $is_auth, $outlogin_url, $outlogin_action_url);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/poll.lib.php b/lib/poll.lib.php
index 3ffa1d770..27491a14c 100644
--- a/lib/poll.lib.php
+++ b/lib/poll.lib.php
@@ -44,5 +44,4 @@ function poll($skin_dir='basic', $po_id=false)
     ob_end_clean();
 
     return $content;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/popular.lib.php b/lib/popular.lib.php
index b2b264aa6..4cda2af46 100644
--- a/lib/popular.lib.php
+++ b/lib/popular.lib.php
@@ -47,5 +47,4 @@ function popular($skin_dir='basic', $pop_cnt=7, $date_cnt=3)
     ob_end_clean();
 
     return $content;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/register.lib.php b/lib/register.lib.php
index 254f08779..5eb7bc0e2 100644
--- a/lib/register.lib.php
+++ b/lib/register.lib.php
@@ -179,5 +179,4 @@ function exist_mb_hp($reg_mb_hp, $reg_mb_id)
         return " 이미 사용 중인 휴대폰번호입니다. ".$reg_mb_hp;
     else
         return "";
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/shop.data.lib.php b/lib/shop.data.lib.php
index d27fc0922..c71bf6126 100644
--- a/lib/shop.data.lib.php
+++ b/lib/shop.data.lib.php
@@ -16,7 +16,10 @@ function get_shop_item($it_id, $is_cache=false, $add_query=''){
         $g5_object->set('shop', $it_id, $item, $add_query_key);
     }
     
-    $item['it_basic'] = conv_content($item['it_basic'], 1);
+    if( isset($item['it_basic']) ) {
+        $item['it_basic'] = conv_content($item['it_basic'], 1);
+    }
+
     return $item;
 }
 
@@ -31,7 +34,10 @@ function get_shop_item_with_category($it_id, $seo_title='', $add_query=''){
     }
     
     $item = sql_fetch($sql);
-    $item['it_basic'] = conv_content($item['it_basic'], 1);
+
+    if( isset($item['it_basic']) ) {
+        $item['it_basic'] = conv_content($item['it_basic'], 1);
+    }
 
     return $item;
 }
@@ -201,10 +207,10 @@ function get_shop_item_options($it_id, $subject, $no)
             $opt_id = explode(chr(30), $row['io_id']);
 
             for($k=0; $k<$subj_count; $k++) {
-                if(!is_array($options[$k]))
+                if(! (isset($options[$k]) && is_array($options[$k])))
                     $options[$k] = array();
 
-                if($opt_id[$k] && !in_array($opt_id[$k], $options[$k]))
+                if(isset($opt_id[$k]) && $opt_id[$k] && !in_array($opt_id[$k], $options[$k]))
                     $options[$k][] = $opt_id[$k];
             }
         }
@@ -258,5 +264,4 @@ function get_shop_item_options($it_id, $subject, $no)
     }
 
     return $str;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/shop.lib.php b/lib/shop.lib.php
index 24c0fe3e7..67ab51714 100644
--- a/lib/shop.lib.php
+++ b/lib/shop.lib.php
@@ -411,12 +411,13 @@ function get_it_image($it_id, $width, $height=0, $anchor=false, $img_id='', $img
         return '';
 
     $filename = $thumb = $img = '';
-
+    
+    $img_width = 0;
     for($i=1;$i<=10; $i++) {
         $file = G5_DATA_PATH.'/item/'.$row['it_img'.$i];
         if(is_file($file) && $row['it_img'.$i]) {
             $size = @getimagesize($file);
-            if($size[2] < 1 || $size[2] > 3)
+            if(! isset($size[2]) || $size[2] < 1 || $size[2] > 3)
                 continue;
 
             $filename = basename($file);
@@ -972,10 +973,10 @@ function get_item_options($it_id, $subject, $is_div='', $is_first_option_title='
             $opt_id = explode(chr(30), $row['io_id']);
 
             for($k=0; $k<$subj_count; $k++) {
-                if(!is_array($options[$k]))
+                if(! (isset($options[$k]) && is_array($options[$k])))
                     $options[$k] = array();
 
-                if($opt_id[$k] && !in_array($opt_id[$k], $options[$k]))
+                if(isset($opt_id[$k]) && $opt_id[$k] && !in_array($opt_id[$k], $options[$k]))
                     $options[$k][] = $opt_id[$k];
             }
         }
@@ -1103,7 +1104,7 @@ function get_item_supply($it_id, $subject, $is_div='', $is_first_option_title=''
 
     // 옵션항목 만들기
     for($i=0; $i<$subj_count; $i++) {
-        $opt = $options[$subj[$i]];
+        $opt = (isset($subj[$i]) && isset($options[$subj[$i]])) ? $options[$subj[$i]] : array();
         $opt_count = count($opt);
         if($opt_count) {
             $seq = $i + 1;
@@ -1509,6 +1510,7 @@ function get_sns_share_link($sns, $url, $title, $img)
     if(!$sns)
         return '';
 
+    $str = '';
     switch($sns) {
         case 'facebook':
             $str = '<a href="https://www.facebook.com/sharer/sharer.php?u='.urlencode($url).'&amp;p='.urlencode($title).'" class="share-facebook" target="_blank"><img src="'.$img.'" alt="페이스북에 공유"></a>';
@@ -1614,7 +1616,7 @@ function get_order_info($od_id)
 
         $tot_od_price = $cart_price - $cart_coupon;
 
-        if($cp['cp_id']) {
+        if(isset($cp['cp_id']) && $cp['cp_id']) {
             $dc = 0;
 
             if($cp['cp_minimum'] <= $tot_od_price) {
@@ -1643,7 +1645,7 @@ function get_order_info($od_id)
                       and a.cp_method = '3' ";
         $cp = sql_fetch($sql);
 
-        if($cp['cp_id']) {
+        if(isset($cp['cp_id']) && $cp['cp_id']) {
             $dc = 0;
             if($cp['cp_minimum'] <= $tot_od_price) {
                 if($cp['cp_type']) {
@@ -2101,7 +2103,7 @@ function get_delivery_inquiry($company, $invoice, $class='')
     }
 
     $str = '';
-    if($com && $url) {
+    if(isset($com) && $com && isset($url) && $url) {
         $str .= '<a href="'.$url.$invoice.'" target="_blank"';
         if($class)
             $str .= ' class="'.$class.'"';
@@ -2408,7 +2410,7 @@ function get_itemuse_thumb($contents, $thumb_width, $thumb_height, $is_create=fa
             $filepath = dirname($srcfile);
 
             preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $matches[0][$i], $malt);
-            $alt = get_text($malt[1]);
+            $alt = isset($malt[1]) ? get_text($malt[1]) : '';
 
             break;
         }
@@ -2686,7 +2688,7 @@ function is_inicis_order_pay($type){
 
         $row = sql_fetch($sql);
 
-        if( $row['P_TID'] ){
+        if(isset($row['P_TID']) && $row['P_TID']){
             alert("이미 취소된 주문입니다.", G5_SHOP_URL);
         }
     }
@@ -2770,5 +2772,4 @@ function is_coupon_downloaded($mb_id, $cz_id)
 
 //==============================================================================
 // 쇼핑몰 라이브러리 모음 끝
-//==============================================================================
-?>
\ No newline at end of file
+//==============================================================================;
\ No newline at end of file
diff --git a/lib/shop.uri.lib.php b/lib/shop.uri.lib.php
index 41409d18a..9b4578ce7 100644
--- a/lib/shop.uri.lib.php
+++ b/lib/shop.uri.lib.php
@@ -201,7 +201,7 @@ function shop_exist_check_seo_title($seo_title, $type, $shop_item_table, $it_id)
     $sql = "select it_seo_title FROM {$shop_item_table} WHERE it_seo_title = '".sql_real_escape_string($seo_title)."' AND it_id <> '$it_id' limit 1";
     $row = sql_fetch($sql, false);
 
-    if( $row['it_seo_title'] ){
+    if( isset($row['it_seo_title']) && $row['it_seo_title'] ){
         return 'is_exists';
     }
 
@@ -222,5 +222,4 @@ function shop_seo_title_update($it_id, $is_edit=false){
             sql_query($sql);
         }
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php
index 5d190f507..51ab51453 100644
--- a/lib/thumbnail.lib.php
+++ b/lib/thumbnail.lib.php
@@ -11,8 +11,9 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
     $edt = false;
 
     $row = get_thumbnail_find_cache($bo_table, $wr_id, 'file');
+    $empty_array = array('src'=>'', 'ori'=>'', 'alt'=>'');
 
-    if($row['bf_file']) {
+    if(isset($row['bf_file']) && $row['bf_file']) {
         $filename = $row['bf_file'];
         $filepath = G5_DATA_PATH.'/file/'.$bo_table;
         $alt = get_text($row['bf_content']);
@@ -41,7 +42,7 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
                     $filepath = dirname($srcfile);
 
                     preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $matches[0][$i], $malt);
-                    $alt = get_text($malt[1]);
+                    $alt = isset($malt[1]) ? get_text($malt[1]) : '';
 
                     break;
                 }
@@ -52,7 +53,7 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
     }
 
     if(!$filename)
-        return false;
+        return $empty_array;
     
     if( $thumbnail_info = run_replace('get_list_thumbnail_info', array(), array('bo_table'=>$bo_table, 'wr_id'=>$wr_id, 'data_path'=>$data_path, 'edt'=>$edt, 'filename'=>$filename, 'filepath'=>$filepath, 'thumb_width'=>$thumb_width, 'thumb_height'=>$thumb_height, 'is_create'=>$is_create, 'is_crop'=>$is_crop, 'crop_mode'=>$crop_mode, 'is_sharpen'=>$is_sharpen, 'um_value'=>$um_value)) ){
         return $thumbnail_info;
@@ -71,7 +72,7 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
             $src = G5_DATA_URL.'/file/'.$bo_table.'/'.$tname;
         }
     } else {
-        return false;
+        return $empty_array;
     }
 
     $thumb = array("src"=>$src, "ori"=>$ori, "alt"=>$alt);
@@ -113,15 +114,15 @@ function get_view_thumbnail($contents, $thumb_width=0)
         $img_tag = isset($matches[0][$i]) ? $matches[0][$i] : '';
 
         preg_match("/src=[\'\"]?([^>\'\"]+[^>\'\"]+)/i", $img, $m);
-        $src = $m[1];
+        $src = isset($m[1]) ? $m[1] : '';
         preg_match("/style=[\"\']?([^\"\'>]+)/i", $img, $m);
-        $style = $m[1];
+        $style = isset($m[1]) ? $m[1] : '';
         preg_match("/width:\s*(\d+)px/", $style, $m);
-        $width = $m[1];
+        $width = isset($m[1]) ? $m[1] : '';
         preg_match("/height:\s*(\d+)px/", $style, $m);
-        $height = $m[1];
+        $height = isset($m[1]) ? $m[1] : '';
         preg_match("/alt=[\"\']?([^\"\']*)[\"\']?/", $img, $m);
-        $alt = get_text($m[1]);
+        $alt = isset($m[1]) ? get_text($m[1]) : '';
 
         // 이미지 path 구함
         $p = parse_url($src);
@@ -730,5 +731,4 @@ function is_animated_gif($filename) {
     run_event('is_animated_gif_after', $filename, $cache[$key]);
 
     return $cache[$key];
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/uri.lib.php b/lib/uri.lib.php
index ed889d711..397b204ed 100644
--- a/lib/uri.lib.php
+++ b/lib/uri.lib.php
@@ -109,7 +109,7 @@ function short_url_clean($string_url, $add_qry=''){
 
         $string_url = str_replace('&amp;', '&', $string_url);
         $url=parse_url($string_url);
-        $page_name = basename($url['path'],".php");
+        $page_name = isset($url['path']) ? basename($url['path'],".php") : '';
 
         $array_page_names = run_replace('url_clean_page_names', array('board', 'write', 'content'));
 
@@ -236,14 +236,14 @@ function exist_seo_url($type, $seo_title, $write_table, $sql_id=0){
         $sql = "select wr_seo_title FROM {$write_table} WHERE wr_seo_title = '".sql_real_escape_string($seo_title)."' AND wr_id <> '$sql_id' limit 1";
         $row = sql_fetch($sql);
 
-        $exists_title = $row['wr_seo_title'];
+        $exists_title = isset($row['wr_seo_title']) ? $row['wr_seo_title'] : '';
 
     } else if ( $type === 'content' ){
 
         $sql = "select co_seo_title FROM {$write_table} WHERE co_seo_title = '".sql_real_escape_string($seo_title)."' AND co_id <> '$sql_id' limit 1";
         $row = sql_fetch($sql);
 
-        $exists_title = $row['co_seo_title'];
+        $exists_title = isset($row['co_seo_title']) ? $row['co_seo_title'] : '';
 
     } else {
         return run_replace('exist_check_seo_title', $seo_title, $type, $write_table, $sql_id);
@@ -426,5 +426,4 @@ function update_rewrite_rules(){
 
     return false;
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/lib/visit.lib.php b/lib/visit.lib.php
index 1808fd5f7..6ab45ba2e 100644
--- a/lib/visit.lib.php
+++ b/lib/visit.lib.php
@@ -96,5 +96,4 @@ function get_os($agent)
     else { $s = "기타"; }
 
     return $s;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/_head.php b/mobile/_head.php
index 6f97d69de..86e9d0e0b 100644
--- a/mobile/_head.php
+++ b/mobile/_head.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
-include_once(G5_MOBILE_PATH.'/head.php');
-?>
\ No newline at end of file
+include_once(G5_MOBILE_PATH.'/head.php');
\ No newline at end of file
diff --git a/mobile/_tail.php b/mobile/_tail.php
index c9cb4b7c7..167736060 100644
--- a/mobile/_tail.php
+++ b/mobile/_tail.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
-include_once(G5_MOBILE_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_MOBILE_PATH.'/tail.php');
\ No newline at end of file
diff --git a/mobile/content.php b/mobile/content.php
index 08387f012..701ca3e60 100644
--- a/mobile/content.php
+++ b/mobile/content.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-if (!$co['co_id'])
+if (! (isset($co['co_id']) && $co['co_id']))
     alert('등록된 내용이 없습니다.');
 
 $g5['title'] = $co['co_subject'];
@@ -11,35 +11,35 @@ $co_content = $co['co_mobile_content'] ? $co['co_mobile_content'] : $co['co_cont
 $str = conv_content($co_content, $co['co_html'], $co['co_tag_filter_use']);
 
 // $src 를 $dst 로 변환
-unset($src);
-unset($dst);
+$src = $dst = array();
 $src[] = "/{{쇼핑몰명}}|{{홈페이지제목}}/";
 $dst[] = $config['cf_title'];
-$src[] = "/{{회사명}}|{{상호}}/";
-$dst[] = $default['de_admin_company_name'];
-$src[] = "/{{대표자명}}/";
-$dst[] = $default['de_admin_company_owner'];
-$src[] = "/{{사업자등록번호}}/";
-$dst[] = $default['de_admin_company_saupja_no'];
-$src[] = "/{{대표전화번호}}/";
-$dst[] = $default['de_admin_company_tel'];
-$src[] = "/{{팩스번호}}/";
-$dst[] = $default['de_admin_company_fax'];
-$src[] = "/{{통신판매업신고번호}}/";
-$dst[] = $default['de_admin_company_tongsin_no'];
-$src[] = "/{{사업장우편번호}}/";
-$dst[] = $default['de_admin_company_zip'];
-$src[] = "/{{사업장주소}}/";
-$dst[] = $default['de_admin_company_addr'];
-$src[] = "/{{운영자명}}|{{관리자명}}/";
-$dst[] = $default['de_admin_name'];
-$src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
-$dst[] = $default['de_admin_email'];
-$src[] = "/{{정보관리책임자명}}/";
-$dst[] = $default['de_admin_info_name'];
-$src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
-$dst[] = $default['de_admin_info_email'];
-
+if(isset($default) && isset($default['de_admin_company_name'])){
+    $src[] = "/{{회사명}}|{{상호}}/";
+    $dst[] = $default['de_admin_company_name'];
+    $src[] = "/{{대표자명}}/";
+    $dst[] = $default['de_admin_company_owner'];
+    $src[] = "/{{사업자등록번호}}/";
+    $dst[] = $default['de_admin_company_saupja_no'];
+    $src[] = "/{{대표전화번호}}/";
+    $dst[] = $default['de_admin_company_tel'];
+    $src[] = "/{{팩스번호}}/";
+    $dst[] = $default['de_admin_company_fax'];
+    $src[] = "/{{통신판매업신고번호}}/";
+    $dst[] = $default['de_admin_company_tongsin_no'];
+    $src[] = "/{{사업장우편번호}}/";
+    $dst[] = $default['de_admin_company_zip'];
+    $src[] = "/{{사업장주소}}/";
+    $dst[] = $default['de_admin_company_addr'];
+    $src[] = "/{{운영자명}}|{{관리자명}}/";
+    $dst[] = $default['de_admin_name'];
+    $src[] = "/{{운영자e-mail}}|{{관리자e-mail}}/i";
+    $dst[] = $default['de_admin_email'];
+    $src[] = "/{{정보관리책임자명}}/";
+    $dst[] = $default['de_admin_info_name'];
+    $src[] = "/{{정보관리책임자e-mail}}|{{정보책임자e-mail}}/i";
+    $dst[] = $default['de_admin_info_email'];
+}
 $str = preg_replace($src, $dst, $str);
 
 // 스킨경로
@@ -56,5 +56,4 @@ if(is_file($skin_file)) {
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin_file).'이 존재하지 않습니다.</p>';
 }
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/mobile/group.php b/mobile/group.php
index 386be7202..07c9a3523 100644
--- a/mobile/group.php
+++ b/mobile/group.php
@@ -31,5 +31,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 
 <?php
-include_once(G5_MOBILE_PATH.'/_tail.php');
-?>
+include_once(G5_MOBILE_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/head.php b/mobile/head.php
index e322c7838..cb0602b51 100644
--- a/mobile/head.php
+++ b/mobile/head.php
@@ -186,4 +186,4 @@ include_once(G5_LIB_PATH.'/popular.lib.php');
     	<h2 id="container_title" class="top" title="<?php echo get_text($g5['title']); ?>">
     		<a href="javascript:history.back();"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로가기</span></a> <?php echo get_head_title($g5['title']); ?>
     	</h2>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/mobile/index.php b/mobile/index.php
index 23a7dcacf..7a81fd0de 100644
--- a/mobile/index.php
+++ b/mobile/index.php
@@ -32,5 +32,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 
 <?php
-include_once(G5_MOBILE_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_MOBILE_PATH.'/tail.php');
\ No newline at end of file
diff --git a/mobile/shop/_common.php b/mobile/shop/_common.php
index f75c60696..0d3fe190d 100644
--- a/mobile/shop/_common.php
+++ b/mobile/shop/_common.php
@@ -16,5 +16,4 @@ if (isset($_REQUEST['sortodr']))  {
 
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/mobile/shop/_head.php b/mobile/shop/_head.php
index e2eca520f..f5355ec44 100644
--- a/mobile/shop/_head.php
+++ b/mobile/shop/_head.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
-include_once(G5_MSHOP_PATH.'/shop.head.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/shop.head.php');
\ No newline at end of file
diff --git a/mobile/shop/_tail.php b/mobile/shop/_tail.php
index 78936fcb0..1f1babc4e 100644
--- a/mobile/shop/_tail.php
+++ b/mobile/shop/_tail.php
@@ -1,4 +1,3 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
-include_once(G5_MSHOP_PATH.'/shop.tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/shop.tail.php');
\ No newline at end of file
diff --git a/mobile/shop/cart.php b/mobile/shop/cart.php
index 98dc91ac8..b1a7c9e51 100644
--- a/mobile/shop/cart.php
+++ b/mobile/shop/cart.php
@@ -272,5 +272,4 @@ function form_check(act) {
 </script>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/category.php b/mobile/shop/category.php
index a0a84770d..8c3687485 100644
--- a/mobile/shop/category.php
+++ b/mobile/shop/category.php
@@ -145,7 +145,7 @@ jQuery(function ($){
         var $this = $(this);
         $sub_ul = $(this).closest("li").children("ul.sub_cate");
 
-        if($sub_ul.size() > 0) {
+        if($sub_ul.length > 0) {
             var txt = $this.text();
 
             if($sub_ul.is(":visible")) {
diff --git a/mobile/shop/coupon.php b/mobile/shop/coupon.php
index 4bbfff8a8..8cf39c903 100644
--- a/mobile/shop/coupon.php
+++ b/mobile/shop/coupon.php
@@ -78,5 +78,4 @@ $result = sql_query($sql);
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/event.php b/mobile/shop/event.php
index 9a41ed587..7090d2d16 100644
--- a/mobile/shop/event.php
+++ b/mobile/shop/event.php
@@ -1,13 +1,13 @@
 <?php
 include_once('./_common.php');
 
-$ev_id = (int) $ev_id;
+$ev_id = isset($_GET['ev_id']) ? (int) $_GET['ev_id'] : 0;
 
 $sql = " select * from {$g5['g5_shop_event_table']}
           where ev_id = '$ev_id'
             and ev_use = 1 ";
 $ev = sql_fetch($sql);
-if (!$ev['ev_id'])
+if (! (isset($ev['ev_id']) && $ev['ev_id']))
     alert('등록된 이벤트가 없습니다.');
 
 $g5['title'] = $ev['ev_subject'];
@@ -91,5 +91,4 @@ echo '<div id="sev_thtml">'.conv_content($ev['ev_tail_html'], 1).'</div>';
 </div>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/index.php b/mobile/shop/index.php
index 13cefcea1..2107e903e 100644
--- a/mobile/shop/index.php
+++ b/mobile/shop/index.php
@@ -116,5 +116,4 @@ include_once(G5_MSHOP_PATH.'/_head.php');
     </section>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/inicis/_common.php b/mobile/shop/inicis/_common.php
index 7e0b90e75..7c37c6ca3 100644
--- a/mobile/shop/inicis/_common.php
+++ b/mobile/shop/inicis/_common.php
@@ -3,5 +3,4 @@ include_once('../../../common.php');
 
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/mobile/shop/inicis/orderform.3.php b/mobile/shop/inicis/orderform.3.php
index d054abec9..b090a888d 100644
--- a/mobile/shop/inicis/orderform.3.php
+++ b/mobile/shop/inicis/orderform.3.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/mobile/shop/inicis/pay_approval.php b/mobile/shop/inicis/pay_approval.php
index 2cc80d6e6..367e339f3 100644
--- a/mobile/shop/inicis/pay_approval.php
+++ b/mobile/shop/inicis/pay_approval.php
@@ -7,8 +7,11 @@ set_session('P_TID',  '');
 set_session('P_AMT',  '');
 set_session('P_HASH', '');
 
-$oid  = trim($_REQUEST['P_NOTI']);
-$p_req_url = trim($_REQUEST['P_REQ_URL']);
+$oid  = isset($_REQUEST['P_NOTI']) ? trim($_REQUEST['P_NOTI']) : '';
+$p_req_url = isset($_REQUEST['P_REQ_URL']) ? trim($_REQUEST['P_REQ_URL']) : '';
+$p_status = isset($_REQUEST['P_STATUS']) ? trim($_REQUEST['P_STATUS']) : '';
+$p_tid = isset($_REQUEST['P_TID']) ? trim($_REQUEST['P_TID']) : '';
+$p_rmesg1 = isset($_REQUEST['P_RMESG1']) ? trim($_REQUEST['P_RMESG1']) : '';
 
 if( ! $p_req_url || !preg_match('/^https\:\/\//i', $p_req_url)){
     alert("잘못된 요청 URL 입니다.");
@@ -25,7 +28,7 @@ if(isset($data['pp_id']) && $data['pp_id']) {
 } else {
     $order_action_url = G5_HTTPS_MSHOP_URL.'/orderformupdate.php';
     $page_return_url  = G5_SHOP_URL.'/orderform.php';
-    if($_SESSION['ss_direct'])
+    if(get_session('ss_direct'))
         $page_return_url .= '?sw_direct=1';
 
     // 장바구니가 비어있는가?
@@ -72,17 +75,17 @@ if(isset($data['pp_id']) && $data['pp_id']) {
     }
 }
 
-if($_REQUEST['P_STATUS'] != '00') {
-    alert('오류 : '.iconv_utf8($_REQUEST['P_RMESG1']).' 코드 : '.$_REQUEST['P_STATUS'], $page_return_url);
+if($p_status !== '00') {
+    alert('오류 : '.iconv_utf8($p_rmesg1).' 코드 : '.$p_status, $page_return_url);
 } else {
     $post_data = array(
         'P_MID' => $default['de_inicis_mid'],
-        'P_TID' => $_REQUEST['P_TID']
+        'P_TID' => $p_tid
     );
 
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_PORT, 443);
-    curl_setopt($ch, CURLOPT_URL, $_REQUEST['P_REQ_URL']);
+    curl_setopt($ch, CURLOPT_URL, $p_req_url);
     curl_setopt($ch, CURLOPT_POST, 1);
     curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -128,27 +131,26 @@ if(isset($data['pp_id']) && !empty($data['pp_id'])) {
             }
         }
 
-        $good_mny = $PAY['P_AMT'];
+        $good_mny = isset($PAY['P_AMT']) ? $PAY['P_AMT'] : 0;
         $pp_name = clean_xss_tags($data['pp_name']);
         $pp_email = clean_xss_tags($data['pp_email']);
         $pp_hp = clean_xss_tags($data['pp_hp']);
         $pp_settle_case = clean_xss_tags($data['pp_settle_case']);
 
         $_POST['P_HASH'] = $hash;
-        $_POST['P_AUTH_NO'] = $PAY['P_AUTH_NO'];
-        $_POST['pp_id'] = $PAY['P_OID'];
-        $_POST['good_mny'] = $PAY['P_AMT'];
+        $_POST['P_AUTH_NO'] = isset($PAY['P_AUTH_NO']) ? $PAY['P_AUTH_NO'] : '';
+        $_POST['pp_id'] = isset($PAY['P_OID']) ? $PAY['P_OID'] : '';
+        $_POST['good_mny'] = isset($PAY['P_AMT']) ? $PAY['P_AMT'] : 0;
 
-        $_POST['P_TYPE'] = $PAY['P_TYPE'];
-        $_POST['P_AUTH_DT'] = $PAY['P_AUTH_DT'];
-        $_POST['P_AUTH_NO'] = $PAY['P_AUTH_NO'];
-        $_POST['P_HPP_CORP'] = $PAY['P_HPP_CORP'];
-        $_POST['P_APPL_NUM'] = $PAY['P_APPL_NUM'];
-        $_POST['P_VACT_NUM'] = $PAY['P_VACT_NUM'];
-        $_POST['P_VACT_NAME'] = iconv_utf8($PAY['P_VACT_NAME']);
-        $_POST['P_VACT_BANK'] = $BANK_CODE[$PAY['P_VACT_BANK_CODE']];
-        $_POST['P_CARD_ISSUER'] = $CARD_CODE[$PAY['P_CARD_ISSUER_CODE']];
-        $_POST['P_UNAME'] = iconv_utf8($PAY['P_UNAME']);
+        $_POST['P_TYPE'] = isset($PAY['P_TYPE']) ? $PAY['P_TYPE'] : '';
+        $_POST['P_AUTH_DT'] = isset($PAY['P_AUTH_DT']) ? $PAY['P_AUTH_DT'] : '';
+        $_POST['P_HPP_CORP'] = isset($PAY['P_HPP_CORP']) ? $PAY['P_HPP_CORP'] : '';
+        $_POST['P_APPL_NUM'] = isset($PAY['P_APPL_NUM']) ? $PAY['P_APPL_NUM'] : '';
+        $_POST['P_VACT_NUM'] = isset($PAY['P_VACT_NUM']) ? $PAY['P_VACT_NUM'] : '';
+        $_POST['P_VACT_NAME'] = isset($PAY['P_VACT_NAME']) ? iconv_utf8($PAY['P_VACT_NAME']) : '';
+        $_POST['P_VACT_BANK'] = (isset($PAY['P_VACT_BANK_CODE']) && isset($BANK_CODE[$PAY['P_VACT_BANK_CODE']])) ? $BANK_CODE[$PAY['P_VACT_BANK_CODE']] : '';
+        $_POST['P_CARD_ISSUER'] = isset($CARD_CODE[$PAY['P_CARD_ISSUER_CODE']]) ? $CARD_CODE[$PAY['P_CARD_ISSUER_CODE']] : '';
+        $_POST['P_UNAME'] = isset($PAY['P_UNAME']) ? iconv_utf8($PAY['P_UNAME']) : '';
 
         include_once( G5_MSHOP_PATH.'/personalpayformupdate.php' );
     }
@@ -170,18 +172,18 @@ if(isset($data['pp_id']) && !empty($data['pp_id'])) {
         }
     }
 
-    $res_cd = $_POST['res_cd'] = $PAY['P_STATUS'];
+    $res_cd = $_POST['res_cd'] = isset($PAY['P_STATUS']) ? $PAY['P_STATUS'] : '';
     $P_HASH = $_POST['P_HASH'] = $hash;
-    $P_TYPE = $_POST['P_TYPE'] = $PAY['P_TYPE'];
-    $P_AUTH_DT = $_POST['P_AUTH_DT'] = $PAY['P_AUTH_DT'];
-    $P_AUTH_NO = $_POST['P_AUTH_NO'] = $PAY['P_AUTH_NO'];
-    $P_HPP_CORP = $_POST['P_HPP_CORP'] = $PAY['P_HPP_CORP'];
-    $P_APPL_NUM = $_POST['P_APPL_NUM'] = $PAY['P_APPL_NUM'];
-    $P_VACT_NUM = $_POST['P_VACT_NUM'] = $PAY['P_VACT_NUM'];
-    $P_VACT_NAME = $_POST['P_VACT_NAME'] = iconv_utf8($PAY['P_VACT_NAME']);
-    $P_VACT_BANK = $_POST['P_VACT_BANK'] = $BANK_CODE[$PAY['P_VACT_BANK_CODE']];
-    $P_CARD_ISSUER = $_POST['P_CARD_ISSUER'] = $CARD_CODE[$PAY['P_CARD_ISSUER_CODE']];
-    $P_UNAME = $_POST['P_UNAME'] = iconv_utf8($PAY['P_UNAME']);
+    $P_TYPE = $_POST['P_TYPE'] = isset($PAY['P_TYPE']) ? $PAY['P_TYPE'] : '';
+    $P_AUTH_DT = $_POST['P_AUTH_DT'] = isset($PAY['P_AUTH_DT']) ? $PAY['P_AUTH_DT'] : '';
+    $P_AUTH_NO = $_POST['P_AUTH_NO'] = isset($PAY['P_AUTH_NO']) ? $PAY['P_AUTH_NO'] : '';
+    $P_HPP_CORP = $_POST['P_HPP_CORP'] = isset($PAY['P_HPP_CORP']) ? $PAY['P_HPP_CORP'] : '';
+    $P_APPL_NUM = $_POST['P_APPL_NUM'] = isset($PAY['P_APPL_NUM']) ? $PAY['P_APPL_NUM'] : '';
+    $P_VACT_NUM = $_POST['P_VACT_NUM'] = isset($PAY['P_VACT_NUM']) ? $PAY['P_VACT_NUM'] : '';
+    $P_VACT_NAME = $_POST['P_VACT_NAME'] = isset($PAY['P_VACT_NAME']) ? iconv_utf8($PAY['P_VACT_NAME']) : '';
+    $P_VACT_BANK = $_POST['P_VACT_BANK'] = (isset($PAY['P_VACT_BANK_CODE']) && isset($BANK_CODE[$PAY['P_VACT_BANK_CODE']])) ? $BANK_CODE[$PAY['P_VACT_BANK_CODE']] : '';
+    $P_CARD_ISSUER = $_POST['P_CARD_ISSUER'] = isset($CARD_CODE[$PAY['P_CARD_ISSUER_CODE']]) ? $CARD_CODE[$PAY['P_CARD_ISSUER_CODE']] : '';
+    $P_UNAME = $_POST['P_UNAME'] = isset($PAY['P_UNAME']) ? iconv_utf8($PAY['P_UNAME']) : '';
 
     $check_keys = array('od_name', 'od_tel', 'od_pwd', 'od_hp', 'od_zip', 'od_addr1', 'od_addr2', 'od_addr3', 'od_addr_jibeon', 'od_email', 'ad_default', 'ad_subject', 'od_hope_date', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_b_zip', 'od_b_addr1', 'od_b_addr2', 'od_b_addr3', 'od_b_addr_jibeon', 'od_memo', 'od_settle_case', 'max_temp_point', 'od_temp_point', 'od_send_cost', 'od_send_cost2', 'od_bank_account', 'od_deposit_name', 'od_test', 'od_ip');
 
@@ -191,5 +193,4 @@ if(isset($data['pp_id']) && !empty($data['pp_id'])) {
 
     include_once( G5_MSHOP_PATH.'/orderformupdate.php' );
 }
-exit;
-?>
\ No newline at end of file
+exit;
\ No newline at end of file
diff --git a/mobile/shop/inicis/pay_result.php b/mobile/shop/inicis/pay_result.php
index 61c361b02..d514a86e6 100644
--- a/mobile/shop/inicis/pay_result.php
+++ b/mobile/shop/inicis/pay_result.php
@@ -3,32 +3,42 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 
 include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
 
+$post_p_hash = isset($_POST['P_HASH']) ? $_POST['P_HASH'] : '';
+
 // 세션비교
 $hash = md5(get_session('P_TID').$default['de_inicis_mid'].get_session('P_AMT'));
-if($hash != $_POST['P_HASH'])
+
+if($hash !== $post_p_hash)
     alert('결제 정보가 일치하지 않습니다. 올바른 방법으로 이용해 주십시오.');
 
 //최종결제요청 결과 성공 DB처리
 $tno             = get_session('P_TID');
 $amount          = get_session('P_AMT');
-$app_time        = $_POST['P_AUTH_DT'];
-$pay_method      = $_POST['P_TYPE'];
-$pay_type        = $PAY_METHOD[$pay_method];
-$depositor       = $_POST['P_UNAME'];
-$commid          = $_POST['P_HPP_CORP'];
-$mobile_no       = $_POST['P_APPL_NUM'];
-$app_no          = $_POST['P_AUTH_NO'];
-$card_name       = $_POST['P_CARD_ISSUER'];
-if ($default['de_escrow_use'] == 1)
+$app_time        = isset($_POST['P_AUTH_DT']) ? $_POST['P_AUTH_DT'] : '';
+$pay_method      = isset($_POST['P_TYPE']) ? $_POST['P_TYPE'] : '';
+$pay_type        = isset($PAY_METHOD[$pay_method]) ? $PAY_METHOD[$pay_method] : '';
+$depositor       = isset($_POST['P_UNAME']) ? $_POST['P_UNAME'] : '';
+$commid          = isset($_POST['P_HPP_CORP']) ? $_POST['P_HPP_CORP'] : '';
+$mobile_no       = isset($_POST['P_APPL_NUM']) ? $_POST['P_APPL_NUM'] : '';
+$app_no          = isset($_POST['P_AUTH_NO']) ? $_POST['P_AUTH_NO'] : '';
+$card_name       = isset($_POST['P_CARD_ISSUER']) ? $_POST['P_CARD_ISSUER'] : '';
+
+if ($default['de_escrow_use'] == 1) {
     $escw_yn         = 'Y';
+}
+
+$post_p_vact_bank = isset($_POST['P_VACT_BANK']) ? $_POST['P_VACT_BANK'] : '';
+$post_p_vact_num = isset($_POST['P_VACT_NUM']) ? $_POST['P_VACT_NUM'] : '';
+$post_p_vact_name = isset($_POST['P_VACT_NAME']) ? $_POST['P_VACT_NAME'] : '';
+
 switch($pay_type) {
     case '계좌이체':
-        $bank_name = $_POST['P_VACT_BANK'];
+        $bank_name = $post_p_vact_bank;
         break;
     case '가상계좌':
-        $bankname  = $_POST['P_VACT_BANK'];
-        $account   = $_POST['P_VACT_NUM'].' '.$_POST['P_VACT_NAME'];
-        $app_no    = $_POST['P_VACT_NUM'];
+        $bankname  = $post_p_vact_bank;
+        $account   = $post_p_vact_num.' '.$post_p_vact_name;
+        $app_no    = $post_p_vact_num;
         break;
     default:
         break;
@@ -37,5 +47,4 @@ switch($pay_type) {
 // 세션 초기화
 set_session('P_TID',  '');
 set_session('P_AMT',  '');
-set_session('P_HASH', '');
-?>
\ No newline at end of file
+set_session('P_HASH', '');
\ No newline at end of file
diff --git a/mobile/shop/inicis/pay_return.php b/mobile/shop/inicis/pay_return.php
index b66167096..0bfc1c6b7 100644
--- a/mobile/shop/inicis/pay_return.php
+++ b/mobile/shop/inicis/pay_return.php
@@ -7,7 +7,7 @@ set_session('P_TID',  '');
 set_session('P_AMT',  '');
 set_session('P_HASH', '');
 
-$oid = preg_replace('/[^0-9a-z_-]/i', '', $oid);
+$oid = isset($_REQUEST['oid']) ? preg_replace('/[^0-9a-z_\-]/i', '', $_REQUEST['oid']) : '';
 
 $sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$oid' ";
 $row = sql_fetch($sql);
@@ -41,7 +41,7 @@ if(isset($data['pp_id']) && $data['pp_id']) {
 $sql = " select * from {$g5['g5_shop_inicis_log_table']} where oid = '$oid' ";
 $row = sql_fetch($sql);
 
-if(!$row['oid'])
+if(! (isset($row['oid']) && $row['oid']))
     alert('결제 정보가 존재하지 않습니다.\\n\\n올바른 방법으로 이용해 주십시오.', $page_return_url);
 
 if($row['P_STATUS'] != '00')
@@ -92,5 +92,4 @@ function setPAYResult() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/inicis/settle_common.php b/mobile/shop/inicis/settle_common.php
index 8e6b1774b..5a8773bec 100644
--- a/mobile/shop/inicis/settle_common.php
+++ b/mobile/shop/inicis/settle_common.php
@@ -37,22 +37,22 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
     $P_SRC_CODE;        // 앱연동 결제구분
 
 
-    $P_TID      = $_POST['P_TID'];
-    $P_MID      = $_POST['P_MID'];
-    $P_AUTH_DT  = $_POST['P_AUTH_DT'];
-    $P_STATUS   = $_POST['P_STATUS'];
-    $P_TYPE     = $_POST['P_TYPE'];
-    $P_OID      = preg_replace("/[ #\&\+%@=\/\\\:;,\.'\"\^`~|\!\?\*$#<>()\[\]\{\}]/i", "", $_POST['P_OID']);
-    $P_FN_CD1   = $_POST['P_FN_CD1'];
-    $P_FN_CD2   = $_POST['P_FN_CD2'];
-    $P_FN_NM    = $_POST['P_FN_NM'];
-    $P_AMT      = $_POST['P_AMT'];
-    $P_UNAME    = $_POST['P_UNAME'];
-    $P_RMESG1   = $_POST['P_RMESG1'];
-    $P_RMESG2   = $_POST['P_RMESG2'];
-    $P_NOTI     = $_POST['P_NOTI'];
-    $P_AUTH_NO  = $_POST['P_AUTH_NO'];
-    $P_SRC_CODE = $_POST['P_SRC_CODE'];
+    $P_TID      = isset($_POST['P_TID']) ? $_POST['P_TID'] : '';
+    $P_MID      = isset($_POST['P_MID']) ? $_POST['P_MID'] : '';
+    $P_AUTH_DT  = isset($_POST['P_AUTH_DT']) ? $_POST['P_AUTH_DT'] : '';
+    $P_STATUS   = isset($_POST['P_STATUS']) ? $_POST['P_STATUS'] : '';
+    $P_TYPE     = isset($_POST['P_TYPE']) ? $_POST['P_TYPE'] : '';
+    $P_OID      = isset($_POST['P_OID']) ? preg_replace("/[ #\&\+%@=\/\\\:;,\.'\"\^`~|\!\?\*$#<>()\[\]\{\}]/i", "", $_POST['P_OID']) : '';
+    $P_FN_CD1   = isset($_POST['P_FN_CD1']) ? $_POST['P_FN_CD1'] : '';
+    $P_FN_CD2   = isset($_POST['P_FN_CD2']) ? $_POST['P_FN_CD2'] : '';
+    $P_FN_NM    = isset($_POST['P_FN_NM']) ? $_POST['P_FN_NM'] : '';
+    $P_AMT      = isset($_POST['P_AMT']) ? $_POST['P_AMT'] : '';
+    $P_UNAME    = isset($_POST['P_UNAME']) ? $_POST['P_UNAME'] : '';
+    $P_RMESG1   = isset($_POST['P_RMESG1']) ? $_POST['P_RMESG1'] : '';
+    $P_RMESG2   = isset($_POST['P_RMESG2']) ? $_POST['P_RMESG2'] : '';
+    $P_NOTI     = isset($_POST['P_NOTI']) ? $_POST['P_NOTI'] : '';
+    $P_AUTH_NO  = isset($_POST['P_AUTH_NO']) ? $_POST['P_AUTH_NO'] : '';
+    $P_SRC_CODE = isset($_POST['P_SRC_CODE']) ? $_POST['P_SRC_CODE'] : '';
 
     include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
     
@@ -388,5 +388,4 @@ function writeLog($msg)
     }
     fclose($fp);
     return 1;
-}
-?>
+}
\ No newline at end of file
diff --git a/mobile/shop/item.php b/mobile/shop/item.php
index 0e30289d5..fb142ef42 100644
--- a/mobile/shop/item.php
+++ b/mobile/shop/item.php
@@ -2,18 +2,20 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/iteminfo.lib.php');
 
-$it_id = get_search_string(trim($_GET['it_id']));
+$it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : '';
 $it_seo_title = isset($it_seo_title) ? $it_seo_title : '';
 
 $it = get_shop_item_with_category($it_id, $it_seo_title);
 $it_id = $it['it_id'];
 
+if (! (isset($it['it_id']) && $it['it_id'])) {
+    alert('자료가 없습니다.');
+}
+
 if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){
     shop_seo_title_update($row['it_id']);
 }
 
-if (!$it['it_id'])
-    alert('자료가 없습니다.');
 if (!($it['ca_use'] && $it['it_use'])) {
     if (!$is_admin)
         alert('판매가능한 상품이 아닙니다.');
@@ -66,7 +68,7 @@ $sql = " select it_id, it_name from {$g5['g5_shop_item_table']}
           order by it_id asc
           limit 1 ";
 $row = sql_fetch($sql);
-if ($row['it_id']) {
+if (isset($row['it_id']) && $row['it_id']) {
     $prev_title = '이전상품 <span>'.$row['it_name'].'</span>';
     $prev_href = '<a href="'.shop_item_url($row['it_id']).'" id="siblings_prev">';
     $prev_href2 = '</a>';
@@ -84,7 +86,7 @@ $sql = " select it_id, it_name from {$g5['g5_shop_item_table']}
           order by it_id desc
           limit 1 ";
 $row = sql_fetch($sql);
-if ($row['it_id']) {
+if (isset($row['it_id']) && $row['it_id']) {
     $next_title = '다음 상품 <span>'.$row['it_name'].'</span>';
     $next_href = '<a href="'.shop_item_url($row['it_id']).'" id="siblings_next">';
     $next_href2 = '</a>';
@@ -189,6 +191,7 @@ if($ca_dir_check) {
 define('G5_SHOP_CSS_URL', str_replace(G5_PATH, G5_URL, $skin_dir));
 
 $g5['title'] = $it['it_name'].' &gt; '.$it['ca_name'];
+$naverpay_button_js = '';
 
 include_once(G5_MSHOP_PATH.'/_head.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
@@ -221,5 +224,4 @@ else
 // 하단 HTML
 echo conv_content($it['it_mobile_tail_html'], 1);
 
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/iteminfo.php b/mobile/shop/iteminfo.php
index 7e3587e17..ebe7f3cb2 100644
--- a/mobile/shop/iteminfo.php
+++ b/mobile/shop/iteminfo.php
@@ -1,8 +1,8 @@
 <?php
 include_once('./_common.php');
 
-$it_id = get_search_string(trim($_GET['it_id']));
-$info = preg_replace('/[^0-9a-z]/i', '', $_GET['info']);
+$it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : '';
+$info = isset($_GET['info']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['info']) : '';
 
 // 분류사용, 상품사용하는 상품의 정보를 얻음
 $sql = " select a.*,
@@ -83,5 +83,4 @@ switch($info) {
 <div class="close_btn"><button type="button" id="iteminfo_close" onclick="self.close();">창닫기</button></div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/itemqa.php b/mobile/shop/itemqa.php
index 94eb9d512..97c0ff649 100644
--- a/mobile/shop/itemqa.php
+++ b/mobile/shop/itemqa.php
@@ -2,6 +2,8 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/thumbnail.lib.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 $itemqa_list = G5_SHOP_URL."/itemqalist.php";
 $itemqa_form = G5_SHOP_URL."/itemqaform.php?it_id=".$it_id;
 $itemqa_formupdate = G5_SHOP_URL."/itemqaformupdate.php?it_id=".$it_id;
@@ -27,5 +29,4 @@ if(!file_exists($itemqa_skin)) {
     echo str_replace(G5_PATH.'/', '', $itemqa_skin).' 스킨 파일이 존재하지 않습니다.';
 } else {
     include_once($itemqa_skin);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/shop/itemqaform.php b/mobile/shop/itemqaform.php
index dc66b6e17..d42157fe2 100644
--- a/mobile/shop/itemqaform.php
+++ b/mobile/shop/itemqaform.php
@@ -6,13 +6,13 @@ if (!$is_member) {
     alert_close("상품문의는 회원만 작성 가능합니다.");
 }
 
-$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
-$it_id = get_search_string(trim($_REQUEST['it_id']));
-$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));
+$w     = isset($_REQUEST['w']) ? preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w'])) : '';
+$it_id = isset($_REQUEST['it_id']) ? get_search_string(trim($_REQUEST['it_id'])) : '';
+$iq_id = isset($_REQUEST['iq_id']) ? preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id'])) : 0;
 
 // 상품정보체크
 $row = get_shop_item($it_id, true);
-if(!$row['it_id'])
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 $chk_secret = '';
@@ -59,5 +59,4 @@ if(!file_exists($itemqaform_skin)) {
     include_once($itemqaform_skin);
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/itemqalist.php b/mobile/shop/itemqalist.php
index 37632b6d6..d03be4e28 100644
--- a/mobile/shop/itemqalist.php
+++ b/mobile/shop/itemqalist.php
@@ -1,9 +1,6 @@
 <?php
 include_once('./_common.php');
 
-//$sfl = trim($_REQUEST['sfl']);
-//$stx = trim($_REQUEST['stx']);
-
 $g5['title'] = '상품문의';
 include_once(G5_MSHOP_PATH.'/_head.php');
 
@@ -63,5 +60,4 @@ if(!file_exists($itemqalist_skin)) {
     include_once($itemqalist_skin);
 }
 
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/itemrecommend.php b/mobile/shop/itemrecommend.php
index 4879c5f4b..c7467ac7f 100644
--- a/mobile/shop/itemrecommend.php
+++ b/mobile/shop/itemrecommend.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 if (!$is_member)
     alert_close('회원만 메일을 발송할 수 있습니다.');
 
@@ -9,7 +11,7 @@ $token = md5(uniqid(rand(), true));
 set_session("ss_token", $token);
 
 $it = get_shop_item($it_id, true);
-if (!$it['it_name'])
+if (! (isset($it['it_name']) && $it['it_name']))
     alert_close("등록된 상품이 아닙니다.");
 
 $g5['title'] =  $it['it_name'].' - 추천하기';
@@ -57,5 +59,4 @@ function fitemrecommend_check(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/itemuse.php b/mobile/shop/itemuse.php
index 6fa18a9a8..449cd33c6 100644
--- a/mobile/shop/itemuse.php
+++ b/mobile/shop/itemuse.php
@@ -2,11 +2,13 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/thumbnail.lib.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 $itemuse_list = G5_SHOP_URL."/itemuselist.php";
 $itemuse_form = G5_SHOP_URL."/itemuseform.php?it_id=".$it_id;
 $itemuse_formupdate = G5_SHOP_URL."/itemuseformupdate.php?it_id=".$it_id;
 
- $sql_common = " from `{$g5['g5_shop_item_use_table']}` where it_id = '{$it_id}' and is_confirm = '1' ";
+$sql_common = " from `{$g5['g5_shop_item_use_table']}` where it_id = '{$it_id}' and is_confirm = '1' ";
 
 // 테이블의 전체 레코드수만 얻음
 $sql = " select COUNT(*) as cnt " . $sql_common;
@@ -27,5 +29,4 @@ if(!file_exists($itemuse_skin)) {
     echo str_replace(G5_PATH.'/', '', $itemuse_skin).' 스킨 파일이 존재하지 않습니다.';
 } else {
     include_once($itemuse_skin);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/shop/itemuseform.php b/mobile/shop/itemuseform.php
index 48358d736..a61cbc3ef 100644
--- a/mobile/shop/itemuseform.php
+++ b/mobile/shop/itemuseform.php
@@ -6,13 +6,13 @@ if (!$is_member) {
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
-$it_id = get_search_string(trim($_REQUEST['it_id']));
-$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
+$w     = isset($_REQUEST['w']) ? preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w'])) : '';
+$it_id = isset($_REQUEST['it_id']) ? get_search_string(trim($_REQUEST['it_id'])) : '';
+$is_id = $_REQUEST['is_id'] ? preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id'])) : 0;
 
 // 상품정보체크
 $row = get_shop_item($it_id, true);
-if(!$row['it_id'])
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 if ($w == "") {
@@ -54,5 +54,4 @@ if(!file_exists($itemuseform_skin)) {
     include_once($itemuseform_skin);
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/itemuselist.php b/mobile/shop/itemuselist.php
index a4e57e54b..d0aa4fdfc 100644
--- a/mobile/shop/itemuselist.php
+++ b/mobile/shop/itemuselist.php
@@ -1,9 +1,6 @@
 <?php
 include_once('./_common.php');
 
-//$sfl = trim($_REQUEST['sfl']);
-//$stx = trim($_REQUEST['stx']);
-
 $g5['title'] = '상품후기';
 include_once(G5_MSHOP_PATH.'/_head.php');
 
@@ -63,5 +60,4 @@ if(!file_exists($itemuselist_skin)) {
     include_once($itemuselist_skin);
 }
 
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/kcp/KCPComLibrary.php b/mobile/shop/kcp/KCPComLibrary.php
index 2ba7dd5cc..c1198de64 100644
--- a/mobile/shop/kcp/KCPComLibrary.php
+++ b/mobile/shop/kcp/KCPComLibrary.php
@@ -189,5 +189,4 @@ class PayService extends  SoapClient
 
         return  $this->approveResponse->return;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/shop/kcp/_common.php b/mobile/shop/kcp/_common.php
index 7e0b90e75..7c37c6ca3 100644
--- a/mobile/shop/kcp/_common.php
+++ b/mobile/shop/kcp/_common.php
@@ -3,5 +3,4 @@ include_once('../../../common.php');
 
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/mobile/shop/kcp/easypay_form.1.php b/mobile/shop/kcp/easypay_form.1.php
index 27d013d95..db1ceb362 100644
--- a/mobile/shop/kcp/easypay_form.1.php
+++ b/mobile/shop/kcp/easypay_form.1.php
@@ -5,6 +5,10 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 if( !(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp')) ){
     return;
 }
+
+$param_opt_1 = isset($_REQUEST['param_opt_1']) ? clean_xss_tags($_REQUEST['param_opt_1'], 1, 1) : '';
+$param_opt_2 = isset($_REQUEST['param_opt_2']) ? clean_xss_tags($_REQUEST['param_opt_2'], 1, 1) : '';
+$param_opt_3 = isset($_REQUEST['param_opt_3']) ? clean_xss_tags($_REQUEST['param_opt_3'], 1, 1) : '';
 ?>
 
 <!-- 거래등록 하는 kcp 서버와 통신을 위한 스크립트-->
@@ -49,9 +53,9 @@ if( !(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp')) ){
 <!-- 배송소요기간 -->
 <input type="hidden" name="deli_term" value="03">
 <!-- 기타 파라메터 추가 부분 - Start - -->
-<input type="hidden" name="param_opt_1"  value="<?php echo $param_opt_1; ?>"/>
-<input type="hidden" name="param_opt_2"  value="<?php echo $param_opt_2; ?>"/>
-<input type="hidden" name="param_opt_3"  value="<?php echo $param_opt_3; ?>"/>
+<input type="hidden" name="param_opt_1"  value="<?php echo get_text($param_opt_1); ?>"/>
+<input type="hidden" name="param_opt_2"  value="<?php echo get_text($param_opt_2); ?>"/>
+<input type="hidden" name="param_opt_3"  value="<?php echo get_text($param_opt_3); ?>"/>
 <input type="hidden" name="disp_tax_yn"  value="N">
 <!-- 기타 파라메터 추가 부분 - End - -->
 <!-- 화면 크기조정 부분 - Start - -->
diff --git a/mobile/shop/kcp/easypay_form.2.php b/mobile/shop/kcp/easypay_form.2.php
index 62bae811c..cb7a79715 100644
--- a/mobile/shop/kcp/easypay_form.2.php
+++ b/mobile/shop/kcp/easypay_form.2.php
@@ -32,4 +32,4 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 <input type="hidden" name="comm_tax_mny"      value="<?php echo $comm_tax_mny; ?>">         <!-- 과세금액    -->
 <input type="hidden" name="comm_vat_mny"      value="<?php echo $comm_vat_mny; ?>">         <!-- 부가세     -->
 <input type="hidden" name="comm_free_mny"     value="<?php echo $comm_free_mny; ?>">        <!-- 비과세 금액 -->
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/mobile/shop/kcp/global_m_nhn_kcp.php b/mobile/shop/kcp/global_m_nhn_kcp.php
index 0c258a89a..6b95f328c 100644
--- a/mobile/shop/kcp/global_m_nhn_kcp.php
+++ b/mobile/shop/kcp/global_m_nhn_kcp.php
@@ -6,5 +6,4 @@ if( !(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp')) ){
     return;
 }
 
-include_once(G5_MSHOP_PATH.'/settle_kcp.inc.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/settle_kcp.inc.php');
\ No newline at end of file
diff --git a/mobile/shop/kcp/order_approval.php b/mobile/shop/kcp/order_approval.php
index ce6b22abf..e6e79880d 100644
--- a/mobile/shop/kcp/order_approval.php
+++ b/mobile/shop/kcp/order_approval.php
@@ -50,5 +50,4 @@
     catch (SoapFault $ex )
     {
         printf( "%s,%s,%s,%s", "95XX", "", "", "연동 오류 (PHP SOAP 모듈 설치 필요)" );
-    }
-?>
\ No newline at end of file
+    }
\ No newline at end of file
diff --git a/mobile/shop/kcp/order_approval_form.php b/mobile/shop/kcp/order_approval_form.php
index 7ad9a4545..0f561ca6a 100644
--- a/mobile/shop/kcp/order_approval_form.php
+++ b/mobile/shop/kcp/order_approval_form.php
@@ -1,5 +1,5 @@
 <?php
-    include_once('./_common.php');
+include_once('./_common.php');
 
 @header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
 @header('Pragma: no-cache'); // HTTP 1.0.
@@ -17,8 +17,7 @@
     /* = -------------------------------------------------------------------------- = */
     /* =   Copyright (c)  2010.05   KCP Inc.   All Rights Reserved.                 = */
     /* ============================================================================== */
-?>
-<?php
+
 	/* ============================================================================== */
     /* =   환경 설정 파일 Include                                                   = */
     /* = -------------------------------------------------------------------------- = */
@@ -27,56 +26,54 @@
     /* = -------------------------------------------------------------------------- = */
 
      include_once(G5_MSHOP_PATH.'/settle_kcp.inc.php');       // 환경설정 파일 include
-?>
-<?php
+
     /* = -------------------------------------------------------------------------- = */
     /* =   환경 설정 파일 Include END                                               = */
     /* ============================================================================== */
-?>
-<?php
+
     /* kcp와 통신후 kcp 서버에서 전송되는 결제 요청 정보*/
-    $req_tx          = $_POST[ "req_tx"         ]; // 요청 종류
-    $res_cd          = $_POST[ "res_cd"         ]; // 응답 코드
-    $tran_cd         = $_POST[ "tran_cd"        ]; // 트랜잭션 코드
-    $ordr_idxx       = $_POST[ "ordr_idxx"      ]; // 쇼핑몰 주문번호
-    $good_name       = $_POST[ "good_name"      ]; // 상품명
-    $good_mny        = $_POST[ "good_mny"       ]; // 결제 총금액
-    $buyr_name       = $_POST[ "buyr_name"      ]; // 주문자명
-    $buyr_tel1       = $_POST[ "buyr_tel1"      ]; // 주문자 전화번호
-    $buyr_tel2       = $_POST[ "buyr_tel2"      ]; // 주문자 핸드폰 번호
-    $buyr_mail       = $_POST[ "buyr_mail"      ]; // 주문자 E-mail 주소
-    $use_pay_method  = $_POST[ "use_pay_method" ]; // 결제 방법
-    $enc_info        = $_POST[ "enc_info"       ]; // 암호화 정보
-    $enc_data        = $_POST[ "enc_data"       ]; // 암호화 데이터
-	$rcvr_name		 = $_POST[ "rcvr_name"		]; // 수취인 이름
-	$rcvr_tel1		 = $_POST[ "rcvr_tel1"		]; // 수취인 전화번호
-	$rcvr_tel2		 = $_POST[ "rcvr_tel2"		]; // 수취인 휴대폰번호
-	$rcvr_mail		 = $_POST[ "rcvr_mail"		]; // 수취인 E-Mail
-	$rcvr_zipx		 = $_POST[ "rcvr_zipx"		]; // 수취인 우편번호
-	$rcvr_add1		 = $_POST[ "rcvr_add1"		]; // 수취인 주소
-	$rcvr_add2		 = $_POST[ "rcvr_add2"		]; // 수취인 상세주소
+    $req_tx          = isset($_POST["req_tx"]) ? $_POST["req_tx"] : ''; // 요청 종류
+    $res_cd          = isset($_POST["res_cd"]) ? $_POST["res_cd"] : ''; // 응답 코드
+    $tran_cd         = isset($_POST["tran_cd"]) ? $_POST["tran_cd"] : ''; // 트랜잭션 코드
+    $ordr_idxx       = isset($_POST["ordr_idxx"]) ? $_POST["ordr_idxx"] : ''; // 쇼핑몰 주문번호
+    $good_name       = isset($_POST["good_name"]) ? $_POST["good_name"] : ''; // 상품명
+    $good_mny        = isset($_POST["good_mny"]) ? $_POST["good_mny"] : ''; // 결제 총금액
+    $buyr_name       = isset($_POST["buyr_name"]) ? $_POST["buyr_name"] : ''; // 주문자명
+    $buyr_tel1       = isset($_POST["buyr_tel1"]) ? $_POST["buyr_tel1"] : ''; // 주문자 전화번호
+    $buyr_tel2       = isset($_POST["buyr_tel2"]) ? $_POST["buyr_tel2"] : ''; // 주문자 핸드폰 번호
+    $buyr_mail       = isset($_POST["buyr_mail"]) ? $_POST["buyr_mail"] : ''; // 주문자 E-mail 주소
+    $use_pay_method  = isset($_POST["use_pay_method"]) ? $_POST["use_pay_method"] : ''; // 결제 방법
+    $enc_info        = isset($_POST["enc_info"]) ? $_POST["enc_info"] : ''; // 암호화 정보
+    $enc_data        = isset($_POST["enc_data"]) ? $_POST["enc_data"] : ''; // 암호화 데이터
+	$rcvr_name		 = isset($_POST["rcvr_name"]) ? $_POST["rcvr_name"] : ''; // 수취인 이름
+	$rcvr_tel1		 = isset($_POST["rcvr_tel1"]) ? $_POST["rcvr_tel1"] : ''; // 수취인 전화번호
+	$rcvr_tel2		 = isset($_POST["rcvr_tel2"]) ? $_POST["rcvr_tel2"] : ''; // 수취인 휴대폰번호
+	$rcvr_mail		 = isset($_POST["rcvr_mail"]) ? $_POST["rcvr_mail"] : ''; // 수취인 E-Mail
+	$rcvr_zipx		 = isset($_POST["rcvr_zipx"]) ? $_POST["rcvr_zipx"] : ''; // 수취인 우편번호
+	$rcvr_add1		 = isset($_POST["rcvr_add1"]) ? $_POST["rcvr_add1"] : ''; // 수취인 주소
+	$rcvr_add2		 = isset($_POST["rcvr_add2"]) ? $_POST["rcvr_add2"] : ''; // 수취인 상세주소
 
     /* 주문폼에서 전송되는 정보 */
     $ipgm_date       = isset($_POST['ipgm_date']) ? $_POST['ipgm_date'] : ''; // 입금마감일
-    $settle_method   = $_POST[ "settle_method"  ]; // 결제방법
-    $good_info       = $_POST[ "good_info"      ]; // 에스크로 상품정보
-    $bask_cntx       = $_POST[ "bask_cntx"      ]; // 장바구니 상품수
-    $tablet_size     = $_POST[ "tablet_size"    ]; // 모바일기기 화면비율
+    $settle_method   = isset($_POST["settle_method"]) ? $_POST["settle_method"] : ''; // 결제방법
+    $good_info       = isset($_POST["good_info"]) ? $_POST["good_info"] : ''; // 에스크로 상품정보
+    $bask_cntx       = isset($_POST["bask_cntx"]) ? $_POST["bask_cntx"] : ''; // 장바구니 상품수
+    $tablet_size     = isset($_POST["tablet_size"]) ? $_POST["tablet_size"] : ''; // 모바일기기 화면비율
 
-    $comm_tax_mny    = $_POST[ "comm_tax_mny"   ]; // 과세금액
-    $comm_vat_mny    = $_POST[ "comm_vat_mny"   ]; // 부가세
-    $comm_free_mny   = $_POST["comm_free_mny"   ]; // 비과세금액
+    $comm_tax_mny    = isset($_POST["comm_tax_mny"]) ? $_POST["comm_tax_mny"] : ''; // 과세금액
+    $comm_vat_mny    = isset($_POST["comm_vat_mny"]) ? $_POST["comm_vat_mny"] : ''; // 부가세
+    $comm_free_mny   = isset($_POST["comm_free_mny"]) ? $_POST["comm_free_mny"] : ''; // 비과세금액
 
-    $payco_direct    = $_POST["payco_direct"    ]; // PAYCO 결제창 호출
-    $naverpay_direct    = $_POST["naverpay_direct"]; // NAVERPAY 결제창 호출
-    $kakaopay_direct    = $_POST["kakaopay_direct"]; // KAKAOPAY 결제창 호출
+    $payco_direct    = isset($_POST["payco_direct"]) ? $_POST["payco_direct"] : ''; // PAYCO 결제창 호출
+    $naverpay_direct = isset($_POST["naverpay_direct"]) ? $_POST["naverpay_direct"] : ''; // NAVERPAY 결제창 호출
+    $kakaopay_direct = isset($_POST["kakaopay_direct"]) ? $_POST["kakaopay_direct"] : ''; // KAKAOPAY 결제창 호출
 
 	/*
      * 기타 파라메터 추가 부분 - Start -
      */
-    $param_opt_1     = $_POST[ "param_opt_1"    ]; // 기타 파라메터 추가 부분
-    $param_opt_2     = $_POST[ "param_opt_2"    ]; // 기타 파라메터 추가 부분
-    $param_opt_3     = $_POST[ "param_opt_3"    ]; // 기타 파라메터 추가 부분
+    $param_opt_1     = isset($_POST["param_opt_1"]) ? $_POST["param_opt_1"] : ''; // 기타 파라메터 추가 부분
+    $param_opt_2     = isset($_POST["param_opt_2"]) ? $_POST["param_opt_2"] : ''; // 기타 파라메터 추가 부분
+    $param_opt_3     = isset($_POST["param_opt_3"]) ? $_POST["param_opt_3"] : ''; // 기타 파라메터 추가 부분
     /*
      * 기타 파라메터 추가 부분 - End -
      */
@@ -327,9 +324,9 @@ if($enc_data != '' && $enc_info != '' && $tran_cd != '') {
 <!-- 배송소요기간 -->
 <input type="hidden" name="deli_term" value="03">
 <!-- 기타 파라메터 추가 부분 - Start - -->
-<input type="hidden" name="param_opt_1"	 value="<?php echo $param_opt_1; ?>"/>
-<input type="hidden" name="param_opt_2"	 value="<?php echo $param_opt_2; ?>"/>
-<input type="hidden" name="param_opt_3"	 value="<?php echo $param_opt_3; ?>"/>
+<input type="hidden" name="param_opt_1"	 value="<?php echo get_text($param_opt_1); ?>"/>
+<input type="hidden" name="param_opt_2"	 value="<?php echo get_text($param_opt_2); ?>"/>
+<input type="hidden" name="param_opt_3"	 value="<?php echo get_text($param_opt_3); ?>"/>
 <input type="hidden" name="disp_tax_yn"  value="N">
 <!-- 기타 파라메터 추가 부분 - End - -->
 <!-- 화면 크기조정 부분 - Start - -->
diff --git a/mobile/shop/kcp/orderform.1.php b/mobile/shop/kcp/orderform.1.php
index d1eecd557..c5789db5d 100644
--- a/mobile/shop/kcp/orderform.1.php
+++ b/mobile/shop/kcp/orderform.1.php
@@ -4,6 +4,10 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 // 무통장 입금만 사용할 때는 아래 코드 실행되지 않음 ( 카카오페이 또는 삼성페이도 사용 안하면 )
 if(!($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use'] || $default['de_card_use'] || $default['de_samsung_pay_use'] || $is_kakaopay_use ))
     return;
+
+$param_opt_1 = isset($_REQUEST['param_opt_1']) ? clean_xss_tags($_REQUEST['param_opt_1'], 1, 1) : '';
+$param_opt_2 = isset($_REQUEST['param_opt_2']) ? clean_xss_tags($_REQUEST['param_opt_2'], 1, 1) : '';
+$param_opt_3 = isset($_REQUEST['param_opt_3']) ? clean_xss_tags($_REQUEST['param_opt_3'], 1, 1) : '';
 ?>
 
 <!-- 거래등록 하는 kcp 서버와 통신을 위한 스크립트-->
@@ -47,9 +51,9 @@ if(!($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use'
 <!-- 배송소요기간 -->
 <input type="hidden" name="deli_term" value="03">
 <!-- 기타 파라메터 추가 부분 - Start - -->
-<input type="hidden" name="param_opt_1"  value="<?php echo $param_opt_1; ?>"/>
-<input type="hidden" name="param_opt_2"  value="<?php echo $param_opt_2; ?>"/>
-<input type="hidden" name="param_opt_3"  value="<?php echo $param_opt_3; ?>"/>
+<input type="hidden" name="param_opt_1"  value="<?php echo get_text($param_opt_1); ?>"/>
+<input type="hidden" name="param_opt_2"  value="<?php echo get_text($param_opt_2); ?>"/>
+<input type="hidden" name="param_opt_3"  value="<?php echo get_text($param_opt_3); ?>"/>
 <input type="hidden" name="disp_tax_yn"  value="N">
 <!-- 기타 파라메터 추가 부분 - End - -->
 <!-- 화면 크기조정 부분 - Start - -->
diff --git a/mobile/shop/kcp/orderform.2.php b/mobile/shop/kcp/orderform.2.php
index b17aef4b3..bb46177dc 100644
--- a/mobile/shop/kcp/orderform.2.php
+++ b/mobile/shop/kcp/orderform.2.php
@@ -47,4 +47,4 @@ if(!($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use'
 document.getElementById("show_req_btn").style.display = "none";
 document.getElementById("show_pay_btn").style.display = "";
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/mobile/shop/kcp/pp_ax_hub.php b/mobile/shop/kcp/pp_ax_hub.php
index 9ae59ed55..bc091650b 100644
--- a/mobile/shop/kcp/pp_ax_hub.php
+++ b/mobile/shop/kcp/pp_ax_hub.php
@@ -23,33 +23,31 @@
     /* = -------------------------------------------------------------------------- = */
     /* =   환경 설정 파일 Include END                                               = */
     /* ============================================================================== */
-?>
 
-<?php
     /* ============================================================================== */
     /* =   01. 지불 요청 정보 설정                                                  = */
     /* = -------------------------------------------------------------------------- = */
-	$req_tx         = $_POST[ "req_tx"         ]; // 요청 종류
-	$tran_cd        = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "tran_cd"        ]); // 처리 종류
+	$req_tx         = isset($_POST["req_tx"]) ? $_POST["req_tx"] : ''; // 요청 종류
+	$tran_cd        = isset($_POST["tran_cd"]) ? preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST["tran_cd"]) : ''; // 처리 종류
 	/* = -------------------------------------------------------------------------- = */
 	$cust_ip        = getenv( "REMOTE_ADDR"    ); // 요청 IP
-	$ordr_idxx      = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "ordr_idxx"      ]); // 쇼핑몰 주문번호
-	$good_name      = addslashes($_POST[ "good_name"      ]); // 상품명
-	$good_mny       = $_POST[ "good_mny"       ]; // 결제 총금액
+	$ordr_idxx      = isset($_POST["ordr_idxx"]) ? preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST["ordr_idxx"]) : ''; // 쇼핑몰 주문번호
+	$good_name      = isset($_POST["good_name"]) ? addslashes($_POST["good_name"]) : ''; // 상품명
+	$good_mny       = isset($_POST["good_mny"]) ? $_POST["good_mny"] : ''; // 결제 총금액
 	/* = -------------------------------------------------------------------------- = */
     $res_cd         = "";                         // 응답코드
     $res_msg        = "";                         // 응답메시지
-    $tno            = $_POST[ "tno"            ]; // KCP 거래 고유 번호
+    $tno            = isset($_POST["tno"]) ? $_POST["tno"] : ''; // KCP 거래 고유 번호
     /* = -------------------------------------------------------------------------- = */
-    $buyr_name      = addslashes($_POST[ "buyr_name"      ]); // 주문자명
-    $buyr_tel1      = $_POST[ "buyr_tel1"      ]; // 주문자 전화번호
-    $buyr_tel2      = $_POST[ "buyr_tel2"      ]; // 주문자 핸드폰 번호
-    $buyr_mail      = $_POST[ "buyr_mail"      ]; // 주문자 E-mail 주소
+    $buyr_name      = isset($_POST["buyr_name"]) ? addslashes($_POST["buyr_name"]) : ''; // 주문자명
+    $buyr_tel1      = isset($_POST["buyr_tel1"]) ? $_POST["buyr_tel1"] : ''; // 주문자 전화번호
+    $buyr_tel2      = isset($_POST["buyr_tel2"]) ? $_POST["buyr_tel2"] : ''; // 주문자 핸드폰 번호
+    $buyr_mail      = isset($_POST["buyr_mail"]) ? $_POST["buyr_mail"] : ''; // 주문자 E-mail 주소
     /* = -------------------------------------------------------------------------- = */
-    $mod_type       = $_POST[ "mod_type"       ]; // 변경TYPE VALUE 승인취소시 필요
-    $mod_desc       = $_POST[ "mod_desc"       ]; // 변경사유
+    $mod_type       = isset($_POST["mod_type"]) ? $_POST["mod_type"] : ''; // 변경TYPE VALUE 승인취소시 필요
+    $mod_desc       = isset($_POST["mod_desc"]) ? $_POST["mod_desc"] : ''; // 변경사유
     /* = -------------------------------------------------------------------------- = */
-    $use_pay_method = $_POST[ "use_pay_method" ]; // 결제 방법
+    $use_pay_method = isset($_POST["use_pay_method"]) ? $_POST["use_pay_method"] : ''; // 결제 방법
     $bSucc          = "";                         // 업체 DB 처리 성공 여부
     /* = -------------------------------------------------------------------------- = */
 	$app_time       = "";                         // 승인시간 (모든 결제 수단 공통)
@@ -84,10 +82,10 @@
 	$tk_van_code    = "";                         // 발급사 코드
 	$tk_app_no      = "";                         // 상품권 승인 번호
 	/* = -------------------------------------------------------------------------- = */
-    $cash_yn        = $_POST[ "cash_yn"        ]; // 현금영수증 등록 여부
+    $cash_yn        = isset($_POST["cash_yn"]) ? $_POST["cash_yn"] : ''; // 현금영수증 등록 여부
     $cash_authno    = "";                         // 현금 영수증 승인 번호
-    $cash_tr_code   = $_POST[ "cash_tr_code"   ]; // 현금 영수증 발행 구분
-    $cash_id_info   = $_POST[ "cash_id_info"   ]; // 현금 영수증 등록 번호
+    $cash_tr_code   = isset($_POST["cash_tr_code"]) ? $_POST["cash_tr_code"] : ''; // 현금 영수증 발행 구분
+    $cash_id_info   = isset($_POST["cash_id_info"]) ? $_POST["cash_id_info"] : ''; // 현금 영수증 등록 번호
     /* ============================================================================== */
 
     /* ============================================================================== */
@@ -112,7 +110,10 @@
     /* = -------------------------------------------------------------------------- = */
     if ( $req_tx == "pay" )
     {
-            $c_PayPlus->mf_set_encx_data( $_POST[ "enc_data" ], $_POST[ "enc_info" ] );
+        $post_enc_data = isset($_POST["enc_data"]) ? $_POST["enc_data"] : '';
+        $post_enc_info = isset($_POST["enc_info"]) ? $_POST["enc_info"] : '';
+
+        $c_PayPlus->mf_set_encx_data( $post_enc_data, $post_enc_info );
     }
 
     /* = -------------------------------------------------------------------------- = */
@@ -282,5 +283,4 @@
 	}
 	/* = -------------------------------------------------------------------------- = */
     /* =   05. 승인 결과 처리 END                                                   = */
-    /* ============================================================================== */
-?>
\ No newline at end of file
+    /* ============================================================================== */;
\ No newline at end of file
diff --git a/mobile/shop/kcp/pp_ax_hub_cancel.php b/mobile/shop/kcp/pp_ax_hub_cancel.php
index 5d1442e2d..891ff1aec 100644
--- a/mobile/shop/kcp/pp_ax_hub_cancel.php
+++ b/mobile/shop/kcp/pp_ax_hub_cancel.php
@@ -50,5 +50,4 @@ if ( $req_tx == "pay" )
 /* ============================================================================== */
 
 // locale 설정 초기화
-setlocale(LC_CTYPE, '');
-?>
\ No newline at end of file
+setlocale(LC_CTYPE, '');
\ No newline at end of file
diff --git a/mobile/shop/kcp/pp_ax_hub_lib.php b/mobile/shop/kcp/pp_ax_hub_lib.php
index 4c7940e68..e3b6e89dc 100644
--- a/mobile/shop/kcp/pp_ax_hub_lib.php
+++ b/mobile/shop/kcp/pp_ax_hub_lib.php
@@ -238,11 +238,12 @@
     /* -------------------------------------------------------------------- */
     function  mf_get_res_data( $name )
     {
-      return  $this->m_res_data[ $name ];
+      return  isset($this->m_res_data[$name]) ? $this->m_res_data[$name] : '';
     }
 
     function  mf_get_payx_data()
     {
+        $my_data = '';
       if ( $this->m_payx_common != "" || $this->m_payx_card != "" )
       {
         $my_data  = "payx_data=";
@@ -283,7 +284,7 @@
 
       $exec_cmd = array_shift( $arg );
 
-      while ( list(,$i) = each($arg) )
+      foreach($arg as $i)
       {
         $exec_cmd .= " " . escapeshellarg( $i );
       }
@@ -292,5 +293,4 @@
 
       return  $rt;
     }
-  }
-?>
\ No newline at end of file
+  }
\ No newline at end of file
diff --git a/mobile/shop/largeimage.php b/mobile/shop/largeimage.php
index 2e374b443..4e8d23878 100644
--- a/mobile/shop/largeimage.php
+++ b/mobile/shop/largeimage.php
@@ -1,12 +1,12 @@
 <?php
 include_once('./_common.php');
 
-$it_id = get_search_string(trim($_GET['it_id']));
-$no = preg_replace('/[^0-9a-z]/i', '', $_GET['no']);
+$it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : '';
+$no = isset($_GET['no']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['no']) : '';
 
 $row = get_shop_item($it_id, true);
 
-if(!$row['it_id'])
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 $imagefile = G5_DATA_PATH.'/item/'.$row['it_img'.$no];
@@ -23,5 +23,4 @@ if(is_file($skin))
 else
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin).'파일이 존재하지 않습니다.</p>';
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/lg/_common.php b/mobile/shop/lg/_common.php
index 7e0b90e75..7c37c6ca3 100644
--- a/mobile/shop/lg/_common.php
+++ b/mobile/shop/lg/_common.php
@@ -3,5 +3,4 @@ include_once('../../../common.php');
 
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/mobile/shop/lg/mispwapurl.php b/mobile/shop/lg/mispwapurl.php
index ff41306e6..83fc1de52 100644
--- a/mobile/shop/lg/mispwapurl.php
+++ b/mobile/shop/lg/mispwapurl.php
@@ -16,7 +16,4 @@ echo "LGD_OID = ".$LGD_OID;
 // ex) window.location.href = smartxpay://TID=1234567890&OID=0987654321
 //
 // window.location.href = "고객사 앱명://" 로 호출하시면 됩니다.
-////////////////////////////////////////////////////////////////////////////////////////////////////////
-
-
-?>
\ No newline at end of file
+////////////////////////////////////////////////////////////////////////////////////////////////////////;
\ No newline at end of file
diff --git a/mobile/shop/lg/note_url.php b/mobile/shop/lg/note_url.php
index 412b8e6cc..0cc198efb 100644
--- a/mobile/shop/lg/note_url.php
+++ b/mobile/shop/lg/note_url.php
@@ -149,5 +149,4 @@ if ($LGD_HASHDATA2 == $LGD_HASHDATA) {      //해쉬값 검증이 성공하면
     $resultMSG = "결제결과 상점 DB처리(NOTE_URL) 해쉬값 검증이 실패하였습니다.";
 }
 
-echo $resultMSG;
-?>
+echo $resultMSG;
\ No newline at end of file
diff --git a/mobile/shop/lg/orderform.3.php b/mobile/shop/lg/orderform.3.php
index d054abec9..b090a888d 100644
--- a/mobile/shop/lg/orderform.3.php
+++ b/mobile/shop/lg/orderform.3.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/mobile/shop/lg/returnurl.php b/mobile/shop/lg/returnurl.php
index 388695897..9f6cd7e55 100644
--- a/mobile/shop/lg/returnurl.php
+++ b/mobile/shop/lg/returnurl.php
@@ -76,5 +76,4 @@ function setLGDResult() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/lg/xpay_approval.php b/mobile/shop/lg/xpay_approval.php
index 1e5bbe9d8..0ac20ad07 100644
--- a/mobile/shop/lg/xpay_approval.php
+++ b/mobile/shop/lg/xpay_approval.php
@@ -171,5 +171,4 @@ function getFormObject() {
 </form>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/list.php b/mobile/shop/list.php
index 3553784b5..91f041fc7 100644
--- a/mobile/shop/list.php
+++ b/mobile/shop/list.php
@@ -189,5 +189,4 @@ var g5_shop_url = "<?php echo G5_SHOP_URL; ?>";
 <?php
 include_once(G5_MSHOP_PATH.'/_tail.php');
 
-echo "\n<!-- {$ca['ca_mobile_skin']} -->\n";
-?>
+echo "\n<!-- {$ca['ca_mobile_skin']} -->\n";
\ No newline at end of file
diff --git a/mobile/shop/listtype.php b/mobile/shop/listtype.php
index 1c52f0ccf..7e6eff45f 100644
--- a/mobile/shop/listtype.php
+++ b/mobile/shop/listtype.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-$type = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']);
+$type = isset($_REQUEST['type']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']) : '';
 if ($type == 1)      $g5['title'] = '히트상품';
 else if ($type == 2) $g5['title'] = '추천상품';
 else if ($type == 3) $g5['title'] = '최신상품';
@@ -75,5 +75,4 @@ echo get_paging($config['cf_mobile_pages'], $page, $total_page, "{$_SERVER['SCRI
 ?>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/mypage.php b/mobile/shop/mypage.php
index 3f3becb1f..e91dd1165 100644
--- a/mobile/shop/mypage.php
+++ b/mobile/shop/mypage.php
@@ -136,5 +136,4 @@ function member_leave()
 </script>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/orderaddress.php b/mobile/shop/orderaddress.php
index 834f704dd..66a28767e 100644
--- a/mobile/shop/orderaddress.php
+++ b/mobile/shop/orderaddress.php
@@ -118,5 +118,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/orderform.sub.php b/mobile/shop/orderform.sub.php
index b5159ea96..ebd80b434 100644
--- a/mobile/shop/orderform.sub.php
+++ b/mobile/shop/orderform.sub.php
@@ -114,10 +114,10 @@ ob_start();
 
             $point      = $sum['point'];
             $sell_price = $sum['price'];
-
+            
+            $cp_button = '';
             // 쿠폰
             if($is_member) {
-                $cp_button = '';
                 $cp_count = 0;
 
                 $sql = " select cp_id
@@ -288,7 +288,7 @@ if($is_kakaopay_use) {
             <ul>
                 <li>
                     <label for="od_name">이름<strong class="sound_only"> 필수</strong></label>
-                    <input type="text" name="od_name" value="<?php echo get_text($member['mb_name']); ?>" id="od_name" required class="frm_input required" maxlength="20">
+                    <input type="text" name="od_name" value="<?php echo isset($member['mb_name']) ? get_text($member['mb_name']) : ''; ?>" id="od_name" required class="frm_input required" maxlength="20">
                 </li>
 
                 <?php if (!$is_member) { // 비회원이면 ?>
@@ -355,9 +355,9 @@ if($is_kakaopay_use) {
         <div class="odf_list">
             <ul>
                 <?php
+                $addr_list = '';
                 if($is_member) {
                     // 배송지 이력
-                    $addr_list = '';
                     $sep = chr(30);
 
                     // 주문자와 동일
@@ -370,7 +370,7 @@ if($is_kakaopay_use) {
                                 where mb_id = '{$member['mb_id']}'
                                   and ad_default = '1' ";
                     $row = sql_fetch($sql);
-                    if($row['ad_id']) {
+                    if(isset($row['ad_id']) && $row['ad_id']) {
                         $val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
                         $addr_list .= '<br><input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_def">'.PHP_EOL;
                         $addr_list .= '<label for="ad_sel_addr_def">기본배송지</label>'.PHP_EOL;
@@ -848,7 +848,7 @@ $(function() {
         calculate_total_price();
         $("#cp_frm").remove();
         $cp_btn_el.text("변경").addClass("cp_mod").focus();
-        if(!$cp_row_el.find(".cp_cancel").size())
+        if(!$cp_row_el.find(".cp_cancel").length)
             $cp_btn_el.after("<button type=\"button\" class=\"cp_cancel\">취소</button>");
     });
 
@@ -915,7 +915,7 @@ $(function() {
         calculate_order_price();
         $("#od_coupon_frm").remove();
         $("#od_coupon_btn").text("변경").focus();
-        if(!$("#od_coupon_cancel").size())
+        if(!$("#od_coupon_cancel").length)
             $("#od_coupon_btn").after("<button type=\"button\" id=\"od_coupon_cancel\" class=\"cp_cancel1\">취소</button>");
     });
 
@@ -974,7 +974,7 @@ $(function() {
         calculate_order_price();
         $("#sc_coupon_frm").remove();
         $("#sc_coupon_btn").text("변경").focus();
-        if(!$("#sc_coupon_cancel").size())
+        if(!$("#sc_coupon_cancel").length)
             $("#sc_coupon_btn").after("<button type=\"button\" id=\"sc_coupon_cancel\" class=\"cp_cancel1\">취소</button>");
     });
 
@@ -1102,7 +1102,7 @@ function calculate_total_price()
     <?php if($oc_cnt > 0) { ?>
     $("input[name=od_cp_id]").val("");
     $("#od_cp_price").text(0);
-    if($("#od_coupon_cancel").size()) {
+    if($("#od_coupon_cancel").length) {
         $("#od_coupon_btn").text("쿠폰적용");
         $("#od_coupon_cancel").remove();
     }
@@ -1110,7 +1110,7 @@ function calculate_total_price()
     <?php if($sc_cnt > 0) { ?>
     $("input[name=sc_cp_id]").val("");
     $("#sc_cp_price").text(0);
-    if($("#sc_coupon_cancel").size()) {
+    if($("#sc_coupon_cancel").length) {
         $("#sc_coupon_btn").text("쿠폰적용");
         $("#sc_coupon_cancel").remove();
     }
@@ -1199,7 +1199,7 @@ function calculate_tax()
         }
     });
 
-    if($("input[name=od_temp_point]").size())
+    if($("input[name=od_temp_point]").length)
         temp_point = parseInt($("input[name=od_temp_point]").val()) || 0;
 
     tot_mny += (send_cost + send_cost2 - od_coupon - send_coupon - temp_point);
diff --git a/mobile/shop/orderformupdate.php b/mobile/shop/orderformupdate.php
index a6eaf97b6..97fcb9203 100644
--- a/mobile/shop/orderformupdate.php
+++ b/mobile/shop/orderformupdate.php
@@ -2,13 +2,19 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
+$post_p_hash = isset($_POST['P_HASH']) ? $_POST['P_HASH'] : '';
+$post_enc_data = isset($_POST['enc_data']) ? $_POST['enc_data'] : '';
+$post_enc_info = isset($_POST['enc_info']) ? $_POST['enc_info'] : '';
+$post_tran_cd = isset($_POST['tran_cd']) ? $_POST['tran_cd'] : '';
+$post_lgd_paykey = isset($_POST['LGD_PAYKEY']) ? $_POST['LGD_PAYKEY'] : '';
+
 //삼성페이 또는 lpay 또는 이니시스 카카오페이 요청으로 왔다면 현재 삼성페이 또는 lpay 또는 이니시스 카카오페이는 이니시스 밖에 없으므로 $default['de_pg_service'] 값을 이니시스로 변경한다.
 if( is_inicis_order_pay($od_settle_case) && !empty($_POST['P_HASH']) ){
     $default['de_pg_service'] = 'inicis';
 }
 
 // 타 PG 사용시 NHN KCP 네이버페이로 결제 요청이 왔다면 $default['de_pg_service'] 값을 kcp 로 변경합니다.
-if(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp') && isset($_POST['enc_data']) && $_POST['enc_data'] && isset($_POST['site_cd']) && isset($_POST['nhnkcp_pay_case']) && $_POST['nhnkcp_pay_case'] === "naverpay"){
+if(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp') && $post_enc_data && isset($_POST['site_cd']) && isset($_POST['nhnkcp_pay_case']) && $_POST['nhnkcp_pay_case'] === "naverpay"){
     $default['de_pg_service'] = 'kcp';
 }
 
@@ -29,13 +35,13 @@ if(get_session('ss_direct'))
 
 // 결제등록 완료 체크
 if($od_settle_case != '무통장' && $od_settle_case != 'KAKAOPAY') {
-    if($default['de_pg_service'] == 'kcp' && ($_POST['tran_cd'] == '' || $_POST['enc_info'] == '' || $_POST['enc_data'] == ''))
+    if($default['de_pg_service'] == 'kcp' && ($post_tran_cd === '' || $post_enc_info === '' || $post_enc_data === ''))
         alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 
-    if($default['de_pg_service'] == 'lg' && !$_POST['LGD_PAYKEY'])
+    if($default['de_pg_service'] == 'lg' && ! $post_lgd_paykey)
         alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 
-    if($default['de_pg_service'] == 'inicis' && !$_POST['P_HASH'])
+    if($default['de_pg_service'] == 'inicis' && ! $post_p_hash)
         alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 }
 
@@ -62,6 +68,10 @@ if(!isset($check_tmp['od_other_pay_type'])){
 // 변수 초기화
 $od_other_pay_type = '';
 
+$od_temp_point = isset($_POST['od_temp_point']) ? (int) $_POST['od_temp_point'] : 0;
+$od_hope_date = isset($_POST['od_hope_date']) ? clean_xss_tags($_POST['od_hope_date'], 1, 1) : '';
+$ad_default = isset($_POST['ad_default']) ? (int) $_POST['ad_default'] : 0;
+
 $error = "";
 // 장바구니 상품 재고 검사
 $sql = " select it_id,
@@ -99,11 +109,11 @@ if ($error != "")
     alert($error, $page_return_url);
 }
 
-$i_price     = (int)$_POST['od_price'];
-$i_send_cost  = (int)$_POST['od_send_cost'];
-$i_send_cost2  = (int)$_POST['od_send_cost2'];
-$i_send_coupon  = abs((int)$_POST['od_send_coupon']);
-$i_temp_point = (int)$_POST['od_temp_point'];
+$i_price     = isset($_POST['od_price']) ? (int) $_POST['od_price'] : 0;
+$i_send_cost  = isset($_POST['od_send_cost']) ? (int) $_POST['od_send_cost'] : 0;
+$i_send_cost2  = isset($_POST['od_send_cost2']) ? (int) $_POST['od_send_cost2'] : 0;
+$i_send_coupon  = isset($_POST['od_send_coupon']) ? abs((int) $_POST['od_send_coupon']) : 0;
+$i_temp_point = isset($_POST['od_temp_point']) ? (int) $_POST['od_temp_point'] : 0;
 
 
 // 주문금액이 상이함
@@ -116,15 +126,14 @@ $cart_count = $row['cart_count'];
 $tot_od_price = $tot_ct_price;
 
 // 쿠폰금액계산
-$tot_cp_price = 0;
+$tot_cp_price = $tot_it_cp_price = $tot_od_cp_price = 0;
 if($is_member) {
     // 상품쿠폰
-    $tot_it_cp_price = $tot_od_cp_price = 0;
-    $it_cp_cnt = count($_POST['cp_id']);
+    $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     $arr_it_cp_prc = array();
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = $_POST['cp_id'][$i];
-        $it_id = $_POST['it_id'][$i];
+        $cid = isset($_POST['cp_id'][$i]) ? $_POST['cp_id'][$i] : '';
+        $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
         $sql = " select cp_id, cp_method, cp_target, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '$cid'
@@ -133,7 +142,7 @@ if($is_member) {
                       and cp_end >= '".G5_TIME_YMD."'
                       and cp_method IN ( 0, 1 ) ";
         $cp = sql_fetch($sql);
-        if(!$cp['cp_id'])
+        if(! (isset($cp['cp_id']) && $cp['cp_id']))
             continue;
 
         // 사용한 쿠폰인지
@@ -189,7 +198,7 @@ if($is_member) {
     $tot_od_price -= $tot_it_cp_price;
 
     // 주문쿠폰
-    if($_POST['od_cp_id']) {
+    if(isset($_POST['od_cp_id']) && $_POST['od_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$_POST['od_cp_id']}'
@@ -235,7 +244,7 @@ $send_cost = get_sendcost($tmp_cart_id);
 $tot_sc_cp_price = 0;
 if($is_member && $send_cost > 0) {
     // 배송쿠폰
-    if($_POST['sc_cp_id']) {
+    if(isset($_POST['sc_cp_id']) && $_POST['sc_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$_POST['sc_cp_id']}'
@@ -279,7 +288,7 @@ $od_b_zip2  = substr($od_b_zip, 3);
 $zipcode = $od_b_zip1 . $od_b_zip2;
 $sql = " select sc_id, sc_price from {$g5['g5_shop_sendcost_table']} where sc_zip1 <= '$zipcode' and sc_zip2 >= '$zipcode' ";
 $tmp = sql_fetch($sql);
-if(!$tmp['sc_id'])
+if(! (isset($tmp['sc_id']) && $tmp['sc_id']))
     $send_cost2 = 0;
 else
     $send_cost2 = (int)$tmp['sc_price'];
@@ -531,10 +540,12 @@ if($tno) {
     }
 }
 
-if ($is_member)
+if ($is_member) {
     $od_pwd = $member['mb_password'];
-else
+} else {
+    $post_od_pwd = isset($_POST['od_pwd']) ? $_POST['od_pwd'] : sha1(rand());
     $od_pwd = get_encrypt_string($_POST['od_pwd']);
+}
 
 // 주문번호를 얻는다.
 $od_id = get_session('ss_order_id');
@@ -545,7 +556,7 @@ if( !$od_id ){
 }
 
 $od_escrow = 0;
-if($escw_yn == 'Y')
+if(isset($escw_yn) && $escw_yn == 'Y')
     $od_escrow = 1;
 
 // 복합과세 금액
@@ -553,9 +564,9 @@ $od_tax_mny = round($i_price / 1.1);
 $od_vat_mny = $i_price - $od_tax_mny;
 $od_free_mny = 0;
 if($default['de_tax_flag_use']) {
-    $od_tax_mny = (int)$_POST['comm_tax_mny'];
-    $od_vat_mny = (int)$_POST['comm_vat_mny'];
-    $od_free_mny = (int)$_POST['comm_free_mny'];
+    $od_tax_mny = isset($_POST['comm_tax_mny']) ? (int) $_POST['comm_tax_mny'] : 0;
+    $od_vat_mny = isset($_POST['comm_vat_mny']) ? (int) $_POST['comm_vat_mny'] : 0;
+    $od_free_mny = isset($_POST['comm_free_mny']) ? (int) $_POST['comm_free_mny'] : 0;
 }
 
 $od_email         = get_email_address($od_email);
@@ -731,11 +742,11 @@ $od_memo = nl2br(htmlspecialchars2(stripslashes($od_memo))) . "&nbsp;";
 
 // 쿠폰사용내역기록
 if($is_member) {
-    $it_cp_cnt = count($_POST['cp_id']);
+    $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = $_POST['cp_id'][$i];
-        $cp_it_id = $_POST['it_id'][$i];
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
+        $cid = isset($_POST['cp_id'][$i]) ? $_POST['cp_id'][$i] : '';
+        $cp_it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+        $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;
 
         if(trim($cid)) {
             $sql = " insert into {$g5['g5_shop_coupon_log_table']}
@@ -748,7 +759,6 @@ if($is_member) {
         }
 
         // 쿠폰사용금액 cart에 기록
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
         $sql = " update {$g5['g5_shop_cart_table']}
                     set cp_price = '$cp_prc'
                     where od_id = '$od_id'
@@ -759,7 +769,7 @@ if($is_member) {
         sql_query($sql);
     }
 
-    if($_POST['od_cp_id']) {
+    if(isset($_POST['od_cp_id']) && $_POST['od_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$_POST['od_cp_id']}',
                         mb_id       = '{$member['mb_id']}',
@@ -769,7 +779,7 @@ if($is_member) {
         sql_query($sql);
     }
 
-    if($_POST['sc_cp_id']) {
+    if(isset($_POST['sc_cp_id']) && $_POST['sc_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$_POST['sc_cp_id']}',
                         mb_id       = '{$member['mb_id']}',
@@ -960,5 +970,4 @@ if( $is_noti_pay ){
     return;
 }
 
-goto_url(G5_SHOP_URL.'/orderinquiryview.php?od_id='.$od_id.'&amp;uid='.$uid);
-?>
+goto_url(G5_SHOP_URL.'/orderinquiryview.php?od_id='.$od_id.'&amp;uid='.$uid);
\ No newline at end of file
diff --git a/mobile/shop/orderinquiry.php b/mobile/shop/orderinquiry.php
index 68b8e8676..5e5214343 100644
--- a/mobile/shop/orderinquiry.php
+++ b/mobile/shop/orderinquiry.php
@@ -4,8 +4,9 @@ include_once('./_common.php');
 define("_ORDERINQUIRY_", true);
 
 $order_info = array();
-$request_pwd = $od_pwd;
-$od_pwd = get_encrypt_string($od_pwd);
+$request_pwd = isset($_POST['od_pwd']) ? $_POST['od_pwd'] : '';
+$od_pwd = get_encrypt_string($request_pwd);
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
 // 회원인 경우
 if ($is_member)
@@ -89,5 +90,4 @@ include_once(G5_MSHOP_PATH.'/_head.php');
 </div>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/orderinquiryview.php b/mobile/shop/orderinquiryview.php
index b57724921..ba7a78e8c 100644
--- a/mobile/shop/orderinquiryview.php
+++ b/mobile/shop/orderinquiryview.php
@@ -710,5 +710,4 @@ function fcancel_check(f)
 </script>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/personalpay.php b/mobile/shop/personalpay.php
index 0ed97733c..1cf363259 100644
--- a/mobile/shop/personalpay.php
+++ b/mobile/shop/personalpay.php
@@ -55,5 +55,4 @@ include_once(G5_MSHOP_PATH.'/_head.php');
 <!-- } 상품 목록 끝 -->
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/personalpayformupdate.php b/mobile/shop/personalpayformupdate.php
index 3be3ceb7b..b26ecd2dc 100644
--- a/mobile/shop/personalpayformupdate.php
+++ b/mobile/shop/personalpayformupdate.php
@@ -4,27 +4,38 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
 
 $page_return_url = G5_SHOP_URL.'/personalpayform.php?pp_id='.get_session('ss_personalpay_id');
 
+$post_tran_cd = isset($_POST['tran_cd']) ? $_POST['tran_cd'] : '';
+$post_enc_info = isset($_POST['enc_info']) ? $_POST['enc_info'] : '';
+$post_enc_data = isset($_POST['enc_data']) ? $_POST['enc_data'] : '';
+
+$post_lgd_paykey = isset($_POST['LGD_PAYKEY']) ? $_POST['LGD_PAYKEY'] : '';
+
+$post_p_hash = isset($_POST['P_HASH']) ? $_POST['P_HASH'] : '';
+
+$pp_id = isset($_POST['pp_id']) ? preg_replace('/[^0-9]/', '', $_POST['pp_id']) : 0;
+$good_mny = isset($_POST['good_mny']) ? preg_replace('/[^0-9]/', '', $_POST['good_mny']) : 0;
+
 // 결제등록 완료 체크
-if($default['de_pg_service'] == 'kcp' && ($_POST['tran_cd'] == '' || $_POST['enc_info'] == '' || $_POST['enc_data'] == ''))
+if($default['de_pg_service'] == 'kcp' && ($post_tran_cd === '' || $post_enc_info === '' || $post_enc_data === ''))
     alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 
-if($default['de_pg_service'] == 'lg' && !$_POST['LGD_PAYKEY'])
+if($default['de_pg_service'] == 'lg' && ! $post_lgd_paykey)
     alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 
-if($default['de_pg_service'] == 'inicis' && !$_POST['P_HASH'])
+if($default['de_pg_service'] == 'inicis' && ! $post_p_hash)
     alert('결제등록 요청 후 주문해 주십시오.', $page_return_url);
 
 // 개인결제 정보
 $pp_check = false;
-$sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id']}' and pp_use = '1' ";
+$sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' and pp_use = '1' ";
 $pp = sql_fetch($sql);
-if(!$pp['pp_id'])
+if(! (isset($pp['pp_id']) && $pp['pp_id']))
     alert('개인결제 정보가 존재하지 않습니다.', G5_SHOP_URL.'/personalpay.php');
 
-$hash_data = md5($_POST['pp_id'].$_POST['good_mny'].$pp['pp_time']);
+$hash_data = md5($pp_id.$good_mny.$pp['pp_time']);
 
 if($pp['pp_tno']){
-    if( $default['de_pg_service'] == 'inicis' && ($_POST['pp_id'] === get_session('ss_personalpay_id') && $hash_data === get_session('ss_personalpay_hash')) ){
+    if( $default['de_pg_service'] == 'inicis' && ($pp_id === get_session('ss_personalpay_id') && $hash_data === get_session('ss_personalpay_hash')) ){
         $uid = md5($pp['pp_id'].$pp['pp_time'].$_SERVER['REMOTE_ADDR']);
         set_session('ss_personalpay_uid', $uid);
 
@@ -34,7 +45,7 @@ if($pp['pp_tno']){
     }
 }
 
-if($_POST['pp_id'] != get_session('ss_personalpay_id') || $hash_data != get_session('ss_personalpay_hash'))
+if($pp_id !== get_session('ss_personalpay_id') || $hash_data !== get_session('ss_personalpay_hash'))
     die('개인결제 정보가 올바르지 않습니다.');
 
 if ($pp_settle_case == "계좌이체")
@@ -253,5 +264,4 @@ if( $is_noti_pay ){
     return;
 }
 
-goto_url(G5_SHOP_URL.'/personalpayresult.php?pp_id='.$pp['pp_id'].'&amp;uid='.$uid);
-?>
+goto_url(G5_SHOP_URL.'/personalpayresult.php?pp_id='.$pp['pp_id'].'&amp;uid='.$uid);
\ No newline at end of file
diff --git a/mobile/shop/personalpayresult.php b/mobile/shop/personalpayresult.php
index 9eef75675..579b3b5b9 100644
--- a/mobile/shop/personalpayresult.php
+++ b/mobile/shop/personalpayresult.php
@@ -313,5 +313,4 @@ if($pp['pp_pg'] == 'lg') {
 <!-- } 개인결제상세내역 끝 -->
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/samsungpay/_common.php b/mobile/shop/samsungpay/_common.php
index 14553420b..03b90f3dd 100644
--- a/mobile/shop/samsungpay/_common.php
+++ b/mobile/shop/samsungpay/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/mobile/shop/samsungpay/incSamsungpayCommon.php b/mobile/shop/samsungpay/incSamsungpayCommon.php
index 81a47a404..4c8b3ddc3 100644
--- a/mobile/shop/samsungpay/incSamsungpayCommon.php
+++ b/mobile/shop/samsungpay/incSamsungpayCommon.php
@@ -6,5 +6,4 @@ if( ! is_inicis_simple_pay() || ('inicis' == $default['de_pg_service']) ){    //
     return;
 }
 
-include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
\ No newline at end of file
diff --git a/mobile/shop/samsungpay/orderform.3.php b/mobile/shop/samsungpay/orderform.3.php
index 8f1d43f85..1d2effef5 100644
--- a/mobile/shop/samsungpay/orderform.3.php
+++ b/mobile/shop/samsungpay/orderform.3.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/mobile/shop/search.php b/mobile/shop/search.php
index 4ccbb654d..a3a7c878d 100644
--- a/mobile/shop/search.php
+++ b/mobile/shop/search.php
@@ -143,5 +143,4 @@ if(!file_exists($search_skin)) {
     include_once($search_skin);
 }
 
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/shop/settle_inicis.inc.php b/mobile/shop/settle_inicis.inc.php
index f5e29b9f8..5b5389c28 100644
--- a/mobile/shop/settle_inicis.inc.php
+++ b/mobile/shop/settle_inicis.inc.php
@@ -8,6 +8,8 @@ if (!function_exists('curl_init')) {
     alert('cURL 모듈이 설치되어 있지 않습니다.\\n상점관리자에게 문의해 주십시오.');
 }
 
+$useescrow = '';
+
 if ($default['de_card_test']) {
     if ($default['de_escrow_use'] == 1) {
         // 에스크로결제 테스트
@@ -106,5 +108,4 @@ $inicis_cardpoint = $default['de_inicis_cartpoint_use'] ? '&cp_yn=Y' : '';
 
 $noti_url   = G5_MSHOP_URL.'/inicis/settle_common.php';
 $next_url   = G5_MSHOP_URL.'/inicis/pay_approval.php';
-$return_url = G5_MSHOP_URL.'/inicis/pay_return.php?oid=';
-?>
\ No newline at end of file
+$return_url = G5_MSHOP_URL.'/inicis/pay_return.php?oid=';
\ No newline at end of file
diff --git a/mobile/shop/settle_kcp.inc.php b/mobile/shop/settle_kcp.inc.php
index 7c41ebff2..d4d4c7aa5 100644
--- a/mobile/shop/settle_kcp.inc.php
+++ b/mobile/shop/settle_kcp.inc.php
@@ -46,8 +46,10 @@ else {
 $g_conf_site_cd = $default['de_kcp_mid'];
 $g_conf_site_key = $default['de_kcp_site_key'];
 
+$post_settle_method = isset($_POST['settle_method']) ? $_POST['settle_method'] : '';
+
 // 테스트 결제 때 PAYCO site_cd, site_key 재설정
-if($default['de_card_test'] && (($_POST['settle_method'] == '간편결제' || $_POST['od_settle_case'] == '간편결제') && (isset($_POST['payco_direct']) && $_POST['payco_direct'] === 'Y') )) {
+if($default['de_card_test'] && (($post_settle_method == '간편결제' || $post_settle_method == '간편결제') && (isset($_POST['payco_direct']) && $_POST['payco_direct'] === 'Y') )) {
     $g_conf_site_cd = 'S6729';
     $g_conf_site_key = '';
 }
@@ -62,5 +64,4 @@ if(!(preg_match("/^T000/", $g_conf_site_cd) || $default['de_card_test'])) {
 if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use'] || $default['de_card_use']) {
     if(trim($default['de_kcp_site_key']) == '')
         alert('KCP SITE KEY를 입력해 주십시오.');
-}
-?>
+}
\ No newline at end of file
diff --git a/mobile/shop/settle_lg.inc.php b/mobile/shop/settle_lg.inc.php
index d52c9c29a..8285489bd 100644
--- a/mobile/shop/settle_lg.inc.php
+++ b/mobile/shop/settle_lg.inc.php
@@ -31,5 +31,4 @@ $configPath             = G5_LGXPAY_PATH.'/lgdacom';
 /*
  * 가상계좌(무통장) 결제 연동을 하시는 경우 아래 LGD_CASNOTEURL 을 설정하여 주시기 바랍니다.
  */
-$LGD_CASNOTEURL         = G5_SHOP_URL.'/settle_lg_common.php';
-?>
\ No newline at end of file
+$LGD_CASNOTEURL         = G5_SHOP_URL.'/settle_lg_common.php';
\ No newline at end of file
diff --git a/mobile/shop/shop.head.php b/mobile/shop/shop.head.php
index b15274561..ac62acb74 100644
--- a/mobile/shop/shop.head.php
+++ b/mobile/shop/shop.head.php
@@ -1,6 +1,8 @@
 <?php
 if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 
+$q = isset($_GET['q']) ? clean_xss_tags($_GET['q'], 1, 1) : '';
+
 if(defined('G5_THEME_PATH')) {
     require_once(G5_THEME_MSHOP_PATH.'/shop.head.php');
     return;
@@ -120,4 +122,4 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
     }
 ?>
 <div id="container" class="<?php echo implode(' ', $container_class); ?>">
-    <?php if ((!$bo_table || $w == 's' ) && !defined('_INDEX_')) { ?><h1 id="container_title"><a href="javascript:history.back()" class="btn_back"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로</span></a> <?php echo $g5['title'] ?></h1><?php } ?>
\ No newline at end of file
+    <?php if ((!$bo_table || $w == 's' ) && !defined('_INDEX_')) { ?><h1 id="container_title"><a href="javascript:history.back()" class="btn_back"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로</span></a> <?php echo $g5['title'] ?></h1><?php }
\ No newline at end of file
diff --git a/mobile/shop/shop.tail.php b/mobile/shop/shop.tail.php
index 7b25d1ce2..15e3b4e11 100644
--- a/mobile/shop/shop.tail.php
+++ b/mobile/shop/shop.tail.php
@@ -60,5 +60,4 @@ if ($config['cf_analytics']) {
 <script src="<?php echo G5_JS_URL; ?>/sns.js"></script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/shop/wishlist.php b/mobile/shop/wishlist.php
index 570d8b495..0847d6108 100644
--- a/mobile/shop/wishlist.php
+++ b/mobile/shop/wishlist.php
@@ -33,7 +33,7 @@ include_once(G5_MSHOP_PATH.'/_head.php');
             $out_cd = '';
             $sql = " select count(*) as cnt from {$g5['g5_shop_item_option_table']} where it_id = '{$row['it_id']}' and io_type = '0' ";
             $tmp = sql_fetch($sql);
-            if($tmp['cnt'])
+            if(isset($tmp['cnt']) && $tmp['cnt'])
                 $out_cd = 'no';
 
             $it_price = get_price($row);
@@ -132,5 +132,4 @@ include_once(G5_MSHOP_PATH.'/_head.php');
 </script>
 
 <?php
-include_once(G5_MSHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+include_once(G5_MSHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/mobile/skin/board/basic/view.skin.php b/mobile/skin/board/basic/view.skin.php
index 1810b6f39..f72574070 100644
--- a/mobile/skin/board/basic/view.skin.php
+++ b/mobile/skin/board/basic/view.skin.php
@@ -83,8 +83,8 @@ jQuery(function($){
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
             echo "</div>\n";
 		}
@@ -124,8 +124,8 @@ jQuery(function($){
     </section>
     
     <?php
+    $cnt = 0;
     if ($view['file']['count']) {
-        $cnt = 0;
         for ($i=0; $i<count($view['file']); $i++) {
             if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view'])
                 $cnt++;
diff --git a/mobile/skin/board/basic/view_comment.skin.php b/mobile/skin/board/basic/view_comment.skin.php
index eda34f3fa..8ddd30dd8 100644
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@@ -341,4 +341,4 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         });
     });
     </script>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/mobile/skin/board/gallery/view.skin.php b/mobile/skin/board/gallery/view.skin.php
index e003a7faf..d75600e81 100644
--- a/mobile/skin/board/gallery/view.skin.php
+++ b/mobile/skin/board/gallery/view.skin.php
@@ -85,8 +85,8 @@ jQuery(function($){
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
             echo "</div>\n";
 		}
@@ -126,8 +126,8 @@ jQuery(function($){
     </section>
     
     <?php
+    $cnt = 0;
     if ($view['file']['count']) {
-        $cnt = 0;
         for ($i=0; $i<count($view['file']); $i++) {
             if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view'])
                 $cnt++;
diff --git a/mobile/skin/board/gallery/view_comment.skin.php b/mobile/skin/board/gallery/view_comment.skin.php
index eda34f3fa..8ddd30dd8 100644
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@@ -341,4 +341,4 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         });
     });
     </script>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/mobile/skin/connect/basic/connect.skin.php b/mobile/skin/connect/basic/connect.skin.php
index 96d2da394..d1f695a6c 100644
--- a/mobile/skin/connect/basic/connect.skin.php
+++ b/mobile/skin/connect/basic/connect.skin.php
@@ -5,4 +5,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 add_stylesheet('<link rel="stylesheet" href="'.$connect_skin_url.'/style.css">', 0);
 ?>
-<?php echo $row['total_cnt'] ?>
+<?php echo $row['total_cnt'];
\ No newline at end of file
diff --git a/mobile/skin/member/basic/login_check.skin.php b/mobile/skin/member/basic/login_check.skin.php
index 1b182915e..aea2ee5aa 100644
--- a/mobile/skin/member/basic/login_check.skin.php
+++ b/mobile/skin/member/basic/login_check.skin.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
 
-// 자신만의 코드를 넣어주세요.
-?>
+// 자신만의 코드를 넣어주세요.
\ No newline at end of file
diff --git a/mobile/skin/member/basic/register_form_update.tail.skin.php b/mobile/skin/member/basic/register_form_update.tail.skin.php
index b16c52a14..97cd044e1 100644
--- a/mobile/skin/member/basic/register_form_update.tail.skin.php
+++ b/mobile/skin/member/basic/register_form_update.tail.skin.php
@@ -56,5 +56,4 @@ if ($w == "" && $default['de_sms_use1'] && $receive_number)
 }
 //----------------------------------------------------------
 // SMS 문자전송 끝
-//----------------------------------------------------------
-?>
+//----------------------------------------------------------;
\ No newline at end of file
diff --git a/mobile/skin/member/basic/style.css b/mobile/skin/member/basic/style.css
index 6086abce2..042c43fa0 100644
--- a/mobile/skin/member/basic/style.css
+++ b/mobile/skin/member/basic/style.css
@@ -177,7 +177,7 @@
 #mb_login_notmb {background:#fff;border-bottom:1px solid #ccc;padding:20px}
 #mb_login_notmb h2 {font-size:1.25em;padding:10px;background:#f3f3f3}
 #mb_login_notmb p {border:0;padding:0;margin:10px;color:#}
-#guest_privacy p {border:1px solid #ddd;background:#fff;color:#666;min-height:20px;height:200px;padding:10px;text-align:left;overflow-y:auto;margin:10px 0}
+#guest_privacy {border:1px solid #ccc;text-align:left;line-height:1.6em;color:#666;background:#fafafa;padding:10px;height:200px;margin:10px 0;overflow-y:auto}
 #mb_login_notmb .btn_submit {width:100%;display:block;height:40px;line-height:40px}
 
 #mb_login_od_wr {background:#fff;border-bottom:1px solid #ccc;padding:20px}
diff --git a/mobile/skin/qa/basic/style.css b/mobile/skin/qa/basic/style.css
index 83c9c056d..add0d9d45 100644
--- a/mobile/skin/qa/basic/style.css
+++ b/mobile/skin/qa/basic/style.css
@@ -259,6 +259,7 @@
 #bo_v_ans #ans_msg {padding:40px 0;background:#f2f5f9;text-align:center}
 #bo_v_ans .btn_submit {width:100%;height:40px;border-radius:5px}
 #bo_v_ans .btn_confirm {margin:0 10px}
+#bo_v_ans form{padding:1em}
 
 #bo_v_rel {}
 #bo_v_rel h2 {margin:0 10px 10px;font-size:1.2em}
diff --git a/mobile/skin/qa/basic/view.skin.php b/mobile/skin/qa/basic/view.skin.php
index 9f1bc742b..5e9503ad5 100644
--- a/mobile/skin/qa/basic/view.skin.php
+++ b/mobile/skin/qa/basic/view.skin.php
@@ -15,15 +15,10 @@ add_stylesheet('<link rel="stylesheet" href="'.$qa_skin_url.'/style.css">', 0);
     <?php } ?>
 	<li>
 		<button type="button" class="btn_more_opt btn_b03 btn"><i class="fa fa-ellipsis-v" aria-hidden="true"></i><span class="sound_only">게시판 리스트 옵션</span></button>
-    	<?php ob_start(); ?>
         <ul class="more_opt">
         	<?php if ($delete_href) { ?><li><a href="<?php echo $delete_href ?>" onclick="del(this.href); return false;"><i class="fa fa-trash-o" aria-hidden="true"></i> 삭제</a></li><?php } ?>
 			<?php if ($update_href) { ?><li><a href="<?php echo $update_href ?>"><i class="fa fa-pencil-square-o" aria-hidden="true"></i> 수정</a></li><?php } ?>
 		</ul>
-		<?php
-        $link_buttons = ob_get_contents();
-        ob_end_flush();
-		?>
 	</li>
 </ul>
 <script>
@@ -44,8 +39,6 @@ $(".btn_more_opt").on("click", function() {
 	        <h2>페이지 정보</h2>
 	        <span class="sound_only">작성자</span><strong><?php echo $view['name'] ?></strong>
 	        <span class="sound_only">작성일</span><strong><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $view['datetime']; ?></strong>
-	    	<span class="sound_only">조회</span><strong><i class="fa fa-eye" aria-hidden="true"></i> <?php echo number_format($view['wr_hit']) ?></strong>
-			<span class="sound_only">댓글</span><strong><i class="fa fa-commenting-o" aria-hidden="true"></i> <?php echo number_format($view['wr_comment']) ?></strong>
 		</div>
 		<?php if($view['email'] || $view['hp']) { ?>
         <div id="bo_v_contact">
@@ -115,8 +108,8 @@ $(".btn_more_opt").on("click", function() {
     
     <?php if ($prev_href || $next_href) { ?>
     <ul class="bo_v_nb">
-        <?php if ($prev_href) { ?><li class="bo_v_prev"><a href="<?php echo $prev_href ?>"><i class="fa fa-chevron-up" aria-hidden="true"></i><span class="sound_only">이전글</span> <?php echo $prev_wr_subject;?></a></li><?php } ?>
-        <?php if ($next_href) { ?><li class="bo_v_next"><a href="<?php echo $next_href ?>"><i class="fa fa-chevron-down" aria-hidden="true"></i><span class="sound_only">다음글</span> <?php echo $next_wr_subject;?></a></li><?php } ?>
+        <?php if ($prev_href) { ?><li class="bo_v_prev"><a href="<?php echo $prev_href ?>"><i class="fa fa-chevron-up" aria-hidden="true"></i><span class="sound_only">이전글</span> <?php echo $prev_qa_subject;?></a></li><?php } ?>
+        <?php if ($next_href) { ?><li class="bo_v_next"><a href="<?php echo $next_href ?>"><i class="fa fa-chevron-down" aria-hidden="true"></i><span class="sound_only">다음글</span> <?php echo $next_qa_subject;?></a></li><?php } ?>
     </ul>
     <?php } ?>
 </article>
diff --git a/mobile/skin/search/basic/search.skin.php b/mobile/skin/search/basic/search.skin.php
index b4db95436..5993c1c10 100644
--- a/mobile/skin/search/basic/search.skin.php
+++ b/mobile/skin/search/basic/search.skin.php
@@ -31,11 +31,11 @@ if ($stx) {
 
         <label for="sfl" class="sound_only">검색조건</label>
         <select name="sfl" id="sfl">
-            <option value="wr_subject||wr_content"<?php echo get_selected($_GET['sfl'], "wr_subject||wr_content") ?>>제목+내용</option>
-            <option value="wr_subject"<?php echo get_selected($_GET['sfl'], "wr_subject") ?>>제목</option>
-            <option value="wr_content"<?php echo get_selected($_GET['sfl'], "wr_content") ?>>내용</option>
-            <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id") ?>>회원아이디</option>
-            <option value="wr_name"<?php echo get_selected($_GET['sfl'], "wr_name") ?>>이름</option>
+            <option value="wr_subject||wr_content"<?php echo get_selected($sfl, "wr_subject||wr_content") ?>>제목+내용</option>
+            <option value="wr_subject"<?php echo get_selected($sfl, "wr_subject") ?>>제목</option>
+            <option value="wr_content"<?php echo get_selected($sfl, "wr_content") ?>>내용</option>
+            <option value="mb_id"<?php echo get_selected($sfl, "mb_id") ?>>회원아이디</option>
+            <option value="wr_name"<?php echo get_selected($sfl, "wr_name") ?>>이름</option>
         </select>
 
         <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
diff --git a/mobile/skin/shop/basic/item.form.skin.php b/mobile/skin/shop/basic/item.form.skin.php
index 164cde7ee..21321157f 100644
--- a/mobile/skin/shop/basic/item.form.skin.php
+++ b/mobile/skin/shop/basic/item.form.skin.php
@@ -491,8 +491,11 @@ $(function(){
             $('#slide-counter .current-index').text(newIndex + 1);
         }
     });
-   
-    $('#slide-counter').append('<span class="total-slides">'+slider.getSlideCount()+'</span>');
+
+    try {
+        $('#slide-counter').append('<span class="total-slides">'+slider.getSlideCount()+'</span>');
+    } catch (error) {
+    }
 
     $('a.pager-prev').click(function () {
         var current = slider.getCurrentSlide();
@@ -555,7 +558,7 @@ function fsubmit_check(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
@@ -627,7 +630,7 @@ function fitem_submit(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
diff --git a/mobile/skin/shop/basic/iteminfo.itemqa.skin.php b/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
index ad2ced333..21e622eaf 100644
--- a/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
+++ b/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 //add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">', 0);
 
-goto_url(shop_item_url($it_id).'#sit_qa');
-?>
\ No newline at end of file
+goto_url(shop_item_url($it_id).'#sit_qa');
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/iteminfo.itemuse.skin.php b/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
index ffe20360f..fc9f4947f 100644
--- a/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
+++ b/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 //add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">', 0);
 
-goto_url(shop_item_url($it_id).'#sit_use');
-?>
\ No newline at end of file
+goto_url(shop_item_url($it_id).'#sit_use');
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/itemuse.skin.php b/mobile/skin/shop/basic/itemuse.skin.php
index 2404cc985..8f6d5e3da 100644
--- a/mobile/skin/shop/basic/itemuse.skin.php
+++ b/mobile/skin/shop/basic/itemuse.skin.php
@@ -30,7 +30,6 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
         $is_reply_subject = !empty($row['is_reply_subject']) ? conv_subject($row['is_reply_subject'],50,"…") : '';
         $is_reply_content = !empty($row['is_reply_content']) ? get_view_thumbnail(conv_content($row['is_reply_content'], 1), $thumbnail_width) : '';
         $is_time    = substr($row['is_time'], 2, 8);
-        $is_href    = './itemuselist.php?bo_table=itemuse&amp;wr_id='.$row['wr_id'];
 
         $hash = md5($row['is_id'].$row['is_time'].$row['is_ip']);
 
diff --git a/mobile/skin/shop/basic/largeimage.skin.php b/mobile/skin/shop/basic/largeimage.skin.php
index e79413f75..3ed05184a 100644
--- a/mobile/skin/shop/basic/largeimage.skin.php
+++ b/mobile/skin/shop/basic/largeimage.skin.php
@@ -73,7 +73,7 @@ function fit_width()
     var sw = $(window).width();
     var $img = $("#sit_pvi_nwbig span img");
 
-    if($img.size() < 1)
+    if($img.length < 1)
         return;
 
     $img.each(function() {
diff --git a/mobile/skin/shop/basic/list.10.skin.php b/mobile/skin/shop/basic/list.10.skin.php
index cc21ed1b3..b5fe1d8da 100644
--- a/mobile/skin/shop/basic/list.10.skin.php
+++ b/mobile/skin/shop/basic/list.10.skin.php
@@ -186,4 +186,4 @@ jQuery(function($){
 	});
 });
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/list.best.10.skin.php b/mobile/skin/shop/basic/list.best.10.skin.php
index 2186148fe..a666581bf 100644
--- a/mobile/skin/shop/basic/list.best.10.skin.php
+++ b/mobile/skin/shop/basic/list.best.10.skin.php
@@ -115,7 +115,7 @@ if($this->total_count > 0) {
         var $btns = this.find(""+cfg.buttons+"");
 
         var idx = cfg.startSlide;
-        var count = $slides.size();
+        var count = $slides.length;
         var width, outerW;
 
         if(count < 1)
@@ -179,5 +179,4 @@ $(function() {
 </script>
 
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/listcategory.skin.php b/mobile/skin/shop/basic/listcategory.skin.php
index 18a8d1ee9..7f0213773 100644
--- a/mobile/skin/shop/basic/listcategory.skin.php
+++ b/mobile/skin/shop/basic/listcategory.skin.php
@@ -33,4 +33,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 1 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/main.event.skin.php b/mobile/skin/shop/basic/main.event.skin.php
index 28c174438..800d5a491 100644
--- a/mobile/skin/shop/basic/main.event.skin.php
+++ b/mobile/skin/shop/basic/main.event.skin.php
@@ -77,6 +77,4 @@ $('.sev_slide').bxSlider({
 });
 </script>
 <?php
-}
-?>
-
+}
\ No newline at end of file
diff --git a/mobile/skin/shop/basic/mainbanner.10.skin.php b/mobile/skin/shop/basic/mainbanner.10.skin.php
index 0c74c67df..3d42a32c2 100644
--- a/mobile/skin/shop/basic/mainbanner.10.skin.php
+++ b/mobile/skin/shop/basic/mainbanner.10.skin.php
@@ -114,5 +114,4 @@ jQuery(function($){
 });
 </script>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/mobile/tail.php b/mobile/tail.php
index 4cf4e4ef9..c0e6cbd23 100644
--- a/mobile/tail.php
+++ b/mobile/tail.php
@@ -98,5 +98,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH."/tail.sub.php");
-?>
\ No newline at end of file
+include_once(G5_PATH."/tail.sub.php");
\ No newline at end of file
diff --git a/orderupgrade.php b/orderupgrade.php
index 913f650bf..7bff15f48 100644
--- a/orderupgrade.php
+++ b/orderupgrade.php
@@ -142,5 +142,4 @@ if(!sql_query(" select cz_id from {$g5['g5_shop_coupon_table']} limit 1 ", false
 
 echo '<p>테이블 업그레이드 완료!</p>';
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/PHPMailer/LICENSE b/plugin/PHPMailer/LICENSE
index 8e0763d1c..f166cc57b 100644
--- a/plugin/PHPMailer/LICENSE
+++ b/plugin/PHPMailer/LICENSE
@@ -1,8 +1,8 @@
-		  GNU LESSER GENERAL PUBLIC LICENSE
-		       Version 2.1, February 1999
+                  GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
-     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -10,7 +10,7 @@
  as the successor of the GNU Library Public License, version 2, hence
  the version number 2.1.]
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
   Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,8 +111,8 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
-		  GNU LESSER GENERAL PUBLIC LICENSE
+
+                  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License Agreement applies to any software library or other
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-  
+
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -158,7 +158,7 @@ Library.
   You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
   2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
   Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
   6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -312,7 +312,7 @@ of these things:
     from a designated place, offer equivalent access to copy the above
     specified materials from the same place.
 
-    e) verify that the user has already received a copy of these
+    e) Verify that the user has already received a copy of these
     materials or that you have already sent this user a copy.
 
   For an executable, the required form of the "work that uses the
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
   7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
   11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
   14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
 of all derivatives of our free software and of promoting the sharing
 and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
@@ -455,8 +455,8 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
-
+                     END OF TERMS AND CONDITIONS
+
            How to Apply These Terms to Your New Libraries
 
   If you develop a new library, and you want it to be of the greatest
@@ -485,7 +485,7 @@ convey the exclusion of warranty; and each file should have at least the
 
     You should have received a copy of the GNU Lesser General Public
     License along with this library; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -499,6 +499,4 @@ necessary.  Here is a sample; alter the names:
   <signature of Ty Coon>, 1 April 1990
   Ty Coon, President of Vice
 
-That's all there is to it!
-
-
+That's all there is to it!
\ No newline at end of file
diff --git a/plugin/PHPMailer/PHPMailerAutoload.php b/plugin/PHPMailer/PHPMailerAutoload.php
index eaa2e3034..dc066c258 100644
--- a/plugin/PHPMailer/PHPMailerAutoload.php
+++ b/plugin/PHPMailer/PHPMailerAutoload.php
@@ -30,20 +30,9 @@ function PHPMailerAutoload($classname)
     }
 }
 
-if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-        spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
+//SPL autoloading was introduced in PHP 5.1.2
+if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+    spl_autoload_register('PHPMailerAutoload', true, true);
 } else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
-}
+    spl_autoload_register('PHPMailerAutoload');
+}
\ No newline at end of file
diff --git a/plugin/PHPMailer/VERSION b/plugin/PHPMailer/VERSION
index 07b26572f..e25a44787 100644
--- a/plugin/PHPMailer/VERSION
+++ b/plugin/PHPMailer/VERSION
@@ -1 +1 @@
-5.2.22
+5.2.28
\ No newline at end of file
diff --git a/plugin/PHPMailer/class.phpmailer.php b/plugin/PHPMailer/class.phpmailer.php
index 477ee826e..abb679614 100644
--- a/plugin/PHPMailer/class.phpmailer.php
+++ b/plugin/PHPMailer/class.phpmailer.php
@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.22';
+    public $Version = '5.2.28';
 
     /**
      * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
      *
      * Parameters:
      *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $to            email addresses of the recipients
+     *   array   $cc            cc email addresses
+     *   array   $bcc           bcc email addresses
      *   string  $subject       the subject
      *   string  $body          the email body
      *   string  $from          email address of sender
@@ -659,6 +659,8 @@ class PHPMailer
         if ($exceptions !== null) {
             $this->exceptions = (boolean)$exceptions;
         }
+        //Pick an appropriate debug output format automatically
+        $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
     }
 
     /**
@@ -1294,9 +1296,12 @@ class PHPMailer
 
             // Sign with DKIM if enabled
             if (!empty($this->DKIM_domain)
-                && !empty($this->DKIM_selector)
-                && (!empty($this->DKIM_private_string)
-                   || (!empty($this->DKIM_private) && file_exists($this->DKIM_private))
+                and !empty($this->DKIM_selector)
+                and (!empty($this->DKIM_private_string)
+                    or (!empty($this->DKIM_private)
+                        and self::isPermittedPath($this->DKIM_private)
+                        and file_exists($this->DKIM_private)
+                    )
                 )
             ) {
                 $header_dkim = $this->DKIM_Add(
@@ -1461,6 +1466,18 @@ class PHPMailer
         return true;
     }
 
+    /**
+     * Check whether a file path is of a permitted type.
+     * Used to reject URLs and phar files from functions that access local file paths,
+     * such as addAttachment.
+     * @param string $path A relative or absolute path to a file.
+     * @return bool
+     */
+    protected static function isPermittedPath($path)
+    {
+        return !preg_match('#^[a-z]+://#i', $path);
+    }
+
     /**
      * Send mail using the PHP mail() function.
      * @param string $header The message headers
@@ -1622,8 +1639,13 @@ class PHPMailer
 
         foreach ($hosts as $hostentry) {
             $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
+                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+                trim($hostentry),
+                $hostinfo
+            )) {
                 // Not a valid host entry
+                $this->edebug('Ignoring invalid host: ' . $hostentry);
                 continue;
             }
             // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1764,7 @@ class PHPMailer
             'dk' => 'da',
             'no' => 'nb',
             'se' => 'sv',
+            'sr' => 'rs'
         );
 
         if (isset($renamed_langcodes[$langcode])) {
@@ -1783,7 +1806,7 @@ class PHPMailer
         // There is no English translation file
         if ($langcode != 'en') {
             // Make sure language file path is readable
-            if (!is_readable($lang_file)) {
+            if (!self::isPermittedPath($lang_file) or !is_readable($lang_file)) {
                 $foundlang = false;
             } else {
                 // Overwrite language-specific strings.
@@ -2024,10 +2047,7 @@ class PHPMailer
     {
         $result = '';
 
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 
         // To be created automatically by mail()
         if ($this->SingleTo) {
@@ -2494,6 +2514,8 @@ class PHPMailer
      * Add an attachment from a path on the filesystem.
      * Never use a user-supplied path to a file!
      * Returns false if the file could not be found or read.
+     * Explicitly *does not* support passing URLs; PHPMailer is not an HTTP client.
+     * If you need to do that, fetch the resource yourself and pass it in via a local file or string.
      * @param string $path Path to the attachment.
      * @param string $name Overrides the attachment name.
      * @param string $encoding File encoding (see $Encoding).
@@ -2505,7 +2527,7 @@ class PHPMailer
     public function addAttachment($path, $name = '', $encoding = 'base64', $type = '', $disposition = 'attachment')
     {
         try {
-            if (!@is_file($path)) {
+            if (!self::isPermittedPath($path) or !@is_file($path)) {
                 throw new phpmailerException($this->lang('file_access') . $path, self::STOP_CONTINUE);
             }
 
@@ -2686,10 +2708,13 @@ class PHPMailer
     protected function encodeFile($path, $encoding = 'base64')
     {
         try {
-            if (!is_readable($path)) {
+            if (!self::isPermittedPath($path) or !file_exists($path)) {
                 throw new phpmailerException($this->lang('file_open') . $path, self::STOP_CONTINUE);
             }
-            $magic_quotes = get_magic_quotes_runtime();
+            $magic_quotes = false;
+            if( version_compare(PHP_VERSION, '7.4.0', '<') ) {
+                $magic_quotes = get_magic_quotes_runtime();
+            }
             if ($magic_quotes) {
                 if (version_compare(PHP_VERSION, '5.3.0', '<')) {
                     set_magic_quotes_runtime(false);
@@ -3030,7 +3055,7 @@ class PHPMailer
      */
     public function addEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = '', $disposition = 'inline')
     {
-        if (!@is_file($path)) {
+        if (!self::isPermittedPath($path) or !@is_file($path)) {
             $this->setError($this->lang('file_access') . $path);
             return false;
         }
@@ -4033,7 +4058,7 @@ class phpmailerException extends Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
         return $errorMsg;
     }
 }
diff --git a/plugin/PHPMailer/class.pop3.php b/plugin/PHPMailer/class.pop3.php
index f10e688e3..e07a5697b 100644
--- a/plugin/PHPMailer/class.pop3.php
+++ b/plugin/PHPMailer/class.pop3.php
@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.22';
+    public $Version = '5.2.28';
 
     /**
      * Default POP3 port number.
diff --git a/plugin/PHPMailer/class.smtp.php b/plugin/PHPMailer/class.smtp.php
index 89321171b..d2b9a0ab2 100644
--- a/plugin/PHPMailer/class.smtp.php
+++ b/plugin/PHPMailer/class.smtp.php
@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.22';
+    const VERSION = '5.2.28';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.22';
+    public $Version = '5.2.28';
 
     /**
      * SMTP server port number.
@@ -150,16 +150,21 @@ class SMTP
      */
     public $Timelimit = 300;
 
-	/**
-	 * @var array patterns to extract smtp transaction id from smtp reply
-	 * Only first capture group will be use, use non-capturing group to deal with it
-	 * Extend this class to override this property to fulfil your needs.
-	 */
-	protected $smtp_transaction_id_patterns = array(
-		'exim' => '/[0-9]{3} OK id=(.*)/',
-		'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/',
-		'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
-	);
+    /**
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+     * The first capture group in each regex will be used as the ID.
+     */
+    protected $smtp_transaction_id_patterns = array(
+        'exim' => '/[0-9]{3} OK id=(.*)/',
+        'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/',
+        'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
+    );
+
+    /**
+     * @var string The last transaction ID issued in response to a DATA command,
+     * if one was detected
+     */
+    protected $last_smtp_transaction_id;
 
     /**
      * The socket for the server connection.
@@ -227,12 +232,11 @@ class SMTP
                 break;
             case 'html':
                 //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                     preg_replace('/[\r\n]+/', '', $str),
                     ENT_QUOTES,
                     'UTF-8'
-                )
-                . "<br>\n";
+                ) . "<br>\n";
                 break;
             case 'echo':
             default:
@@ -242,7 +246,7 @@ class SMTP
                     "\n",
                     "\n                   \t                  ",
                     trim($str)
-                )."\n";
+                ) . "\n";
         }
     }
 
@@ -276,7 +280,8 @@ class SMTP
         }
         // Connect to the SMTP server
         $this->edebug(
-            "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true),
+            "Connection: opening to $host:$port, timeout=$timeout, options=" .
+            var_export($options, true),
             self::DEBUG_CONNECTION
         );
         $errno = 0;
@@ -362,14 +367,14 @@ class SMTP
         }
 
         // Begin encrypted connection
-        if (!stream_socket_enable_crypto(
+        set_error_handler(array($this, 'errorHandler'));
+        $crypto_ok = stream_socket_enable_crypto(
             $this->smtp_conn,
             true,
             $crypto_method
-        )) {
-            return false;
-        }
-        return true;
+        );
+        restore_error_handler();
+        return $crypto_ok;
     }
 
     /**
@@ -398,8 +403,7 @@ class SMTP
         }
 
         if (array_key_exists('EHLO', $this->server_caps)) {
-        // SMTP extensions are available. Let's try to find a proper authentication method
-
+            // SMTP extensions are available; try to find a proper authentication method
             if (!array_key_exists('AUTH', $this->server_caps)) {
                 $this->setError('Authentication is not allowed at this stage');
                 // 'at this stage' means that auth may be allowed after the stage changes
@@ -424,7 +428,7 @@ class SMTP
                     $this->setError('No supported authentication methods found');
                     return false;
                 }
-                self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL);
+                self::edebug('Auth method selected: ' . $authtype, self::DEBUG_LOWLEVEL);
             }
 
             if (!in_array($authtype, $this->server_caps['AUTH'])) {
@@ -550,7 +554,7 @@ class SMTP
      * Works like hash_hmac('md5', $data, $key)
      * in case that function is not available
      * @param string $data The data to hash
-     * @param string $key  The key to hash with
+     * @param string $key The key to hash with
      * @access protected
      * @return string
      */
@@ -710,6 +714,7 @@ class SMTP
         $savetimelimit = $this->Timelimit;
         $this->Timelimit = $this->Timelimit * 2;
         $result = $this->sendCommand('DATA END', '.', 250);
+        $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
         return $result;
@@ -893,7 +898,8 @@ class SMTP
             $code_ex = (count($matches) > 2 ? $matches[2] : null);
             // Cut off error code from each response line
             $detail = preg_replace(
-                "/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m",
+                "/{$code}[ -]" .
+                ($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . "/m",
                 '',
                 $this->last_reply
             );
@@ -989,7 +995,10 @@ class SMTP
     public function client_send($data)
     {
         $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
+        $result = fwrite($this->smtp_conn, $data);
+        restore_error_handler();
+        return $result;
     }
 
     /**
@@ -1089,8 +1098,10 @@ class SMTP
             $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
             $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
             $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+            // or 4th character is a space, we are done reading, break the loop,
+            // string array access is a micro-optimisation over strlen
+            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -1105,7 +1116,7 @@ class SMTP
             // Now check if reads took too long
             if ($endtime and time() > $endtime) {
                 $this->edebug(
-                    'SMTP -> get_lines(): timelimit reached ('.
+                    'SMTP -> get_lines(): timelimit reached (' .
                     $this->Timelimit . ' sec)',
                     self::DEBUG_LOWLEVEL
                 );
@@ -1208,42 +1219,58 @@ class SMTP
      * Reports an error number and string.
      * @param integer $errno The error number returned by PHP.
      * @param string $errmsg The error message returned by PHP.
+     * @param string $errfile The file the error occurred in
+     * @param integer $errline The line number the error occurred on
      */
-    protected function errorHandler($errno, $errmsg)
+    protected function errorHandler($errno, $errmsg, $errfile = '', $errline = 0)
     {
-        $notice = 'Connection: Failed to connect to server.';
+        $notice = 'Connection failed.';
         $this->setError(
             $notice,
             $errno,
             $errmsg
         );
         $this->edebug(
-            $notice . ' Error number ' . $errno . '. "Error notice: ' . $errmsg,
+            $notice . ' Error #' . $errno . ': ' . $errmsg . " [$errfile line $errline]",
             self::DEBUG_CONNECTION
         );
     }
 
-	/**
-	 * Will return the ID of the last smtp transaction based on a list of patterns provided
-	 * in SMTP::$smtp_transaction_id_patterns.
-	 * If no reply has been received yet, it will return null.
-	 * If no pattern has been matched, it will return false.
-	 * @return bool|null|string
-	 */
-	public function getLastTransactionID()
-	{
-		$reply = $this->getLastReply();
+    /**
+     * Extract and return the ID of the last SMTP transaction based on
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+     * Relies on the host providing the ID in response to a DATA command.
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     */
+    protected function recordLastTransactionID()
+    {
+        $reply = $this->getLastReply();
 
-		if (empty($reply)) {
-			return null;
-		}
+        if (empty($reply)) {
+            $this->last_smtp_transaction_id = null;
+        } else {
+            $this->last_smtp_transaction_id = false;
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                    $this->last_smtp_transaction_id = $matches[1];
+                }
+            }
+        }
 
-		foreach($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-			if(preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-				return $matches[1];
-			}
-		}
+        return $this->last_smtp_transaction_id;
+    }
 
-		return false;
+    /**
+     * Get the queue/transaction ID of the last SMTP transaction
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     * @see recordLastTransactionID()
+     */
+    public function getLastTransactionID()
+    {
+        return $this->last_smtp_transaction_id;
     }
 }
diff --git a/plugin/PHPMailer/composer.json b/plugin/PHPMailer/composer.json
index 1112fb99a..a0ac29649 100644
--- a/plugin/PHPMailer/composer.json
+++ b/plugin/PHPMailer/composer.json
@@ -20,11 +20,28 @@
         }
     ],
     "require": {
+        "ext-ctype": "*",
         "php": ">=5.0.0"
     },
     "require-dev": {
-        "phpdocumentor/phpdocumentor": "*",
-        "phpunit/phpunit": "4.7.*"
+        "doctrine/annotations": "1.2.*",
+        "jms/serializer": "0.16.*",
+        "phpdocumentor/phpdocumentor": "2.*",
+        "phpunit/phpunit": "4.8.*",
+        "symfony/debug": "2.8.*",
+        "symfony/filesystem": "2.8.*",
+        "symfony/translation": "2.8.*",
+        "symfony/yaml": "2.8.*",
+        "zendframework/zend-cache": "2.5.1",
+        "zendframework/zend-config": "2.5.1",
+        "zendframework/zend-eventmanager": "2.5.1",
+        "zendframework/zend-filter": "2.5.1",
+        "zendframework/zend-i18n": "2.5.1",
+        "zendframework/zend-json": "2.5.1",
+        "zendframework/zend-math": "2.5.1",
+        "zendframework/zend-serializer": "2.5.*",
+        "zendframework/zend-servicemanager": "2.5.*",
+        "zendframework/zend-stdlib": "2.5.1"
     },
     "suggest": {
         "league/oauth2-google": "Needed for Google XOAUTH2 authentication"
diff --git a/plugin/PHPMailer/composer.lock b/plugin/PHPMailer/composer.lock
index 9edbf55c9..9808f2832 100644
--- a/plugin/PHPMailer/composer.lock
+++ b/plugin/PHPMailer/composer.lock
@@ -4,8 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "ca5abc72444d9608a35c39f9064c139b",
-    "content-hash": "8b66ed71ae9ca8cd0258c814615d624f",
+    "content-hash": "7e4b1bef833056eed0df39fad5399d7a",
     "packages": [],
     "packages-dev": [
         {
@@ -65,7 +64,7 @@
                 "cli",
                 "microframework"
             ],
-            "time": "2014-03-29 14:03:13"
+            "time": "2014-03-29T14:03:13+00:00"
         },
         {
             "name": "cilex/console-service-provider",
@@ -124,34 +123,7 @@
                 "service-provider",
                 "silex"
             ],
-            "time": "2012-12-19 10:50:58"
-        },
-        {
-            "name": "container-interop/container-interop",
-            "version": "1.1.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/container-interop/container-interop.git",
-                "reference": "fc08354828f8fd3245f77a66b9e23a6bca48297e"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/container-interop/container-interop/zipball/fc08354828f8fd3245f77a66b9e23a6bca48297e",
-                "reference": "fc08354828f8fd3245f77a66b9e23a6bca48297e",
-                "shasum": ""
-            },
-            "type": "library",
-            "autoload": {
-                "psr-4": {
-                    "Interop\\Container\\": "src/Interop/Container/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "description": "Promoting the interoperability of container objects (DIC, SL, etc.)",
-            "time": "2014-12-30 15:22:37"
+            "time": "2012-12-19T10:50:58+00:00"
         },
         {
             "name": "doctrine/annotations",
@@ -219,7 +191,7 @@
                 "docblock",
                 "parser"
             ],
-            "time": "2015-08-31 12:32:49"
+            "time": "2015-08-31T12:32:49+00:00"
         },
         {
             "name": "doctrine/instantiator",
@@ -273,7 +245,7 @@
                 "constructor",
                 "instantiate"
             ],
-            "time": "2015-06-14 21:17:01"
+            "time": "2015-06-14T21:17:01+00:00"
         },
         {
             "name": "doctrine/lexer",
@@ -327,22 +299,25 @@
                 "lexer",
                 "parser"
             ],
-            "time": "2014-09-09 13:34:57"
+            "time": "2014-09-09T13:34:57+00:00"
         },
         {
             "name": "erusev/parsedown",
-            "version": "1.6.0",
+            "version": "1.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/erusev/parsedown.git",
-                "reference": "3ebbd730b5c2cf5ce78bc1bf64071407fc6674b7"
+                "reference": "20ff8bbb57205368b4b42d094642a3e52dac85fb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/erusev/parsedown/zipball/3ebbd730b5c2cf5ce78bc1bf64071407fc6674b7",
-                "reference": "3ebbd730b5c2cf5ce78bc1bf64071407fc6674b7",
+                "url": "https://api.github.com/repos/erusev/parsedown/zipball/20ff8bbb57205368b4b42d094642a3e52dac85fb",
+                "reference": "20ff8bbb57205368b4b42d094642a3e52dac85fb",
                 "shasum": ""
             },
+            "require": {
+                "php": ">=5.3.0"
+            },
             "type": "library",
             "autoload": {
                 "psr-0": {
@@ -366,19 +341,19 @@
                 "markdown",
                 "parser"
             ],
-            "time": "2015-10-04 16:44:32"
+            "time": "2016-11-02T15:56:58+00:00"
         },
         {
             "name": "herrera-io/json",
             "version": "1.0.3",
             "source": {
                 "type": "git",
-                "url": "https://github.com/kherge-abandoned/php-json.git",
+                "url": "https://github.com/kherge-php/json.git",
                 "reference": "60c696c9370a1e5136816ca557c17f82a6fa83f1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/kherge-abandoned/php-json/zipball/60c696c9370a1e5136816ca557c17f82a6fa83f1",
+                "url": "https://api.github.com/repos/kherge-php/json/zipball/60c696c9370a1e5136816ca557c17f82a6fa83f1",
                 "reference": "60c696c9370a1e5136816ca557c17f82a6fa83f1",
                 "shasum": ""
             },
@@ -427,7 +402,8 @@
                 "schema",
                 "validate"
             ],
-            "time": "2013-10-30 16:51:34"
+            "abandoned": "kherge/json",
+            "time": "2013-10-30T16:51:34+00:00"
         },
         {
             "name": "herrera-io/phar-update",
@@ -485,27 +461,29 @@
                 "phar",
                 "update"
             ],
-            "time": "2013-10-30 17:23:01"
+            "abandoned": true,
+            "time": "2013-10-30T17:23:01+00:00"
         },
         {
             "name": "jms/metadata",
-            "version": "1.5.1",
+            "version": "1.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/schmittjoh/metadata.git",
-                "reference": "22b72455559a25777cfd28c4ffda81ff7639f353"
+                "reference": "6a06970a10e0a532fb52d3959547123b84a3b3ab"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/schmittjoh/metadata/zipball/22b72455559a25777cfd28c4ffda81ff7639f353",
-                "reference": "22b72455559a25777cfd28c4ffda81ff7639f353",
+                "url": "https://api.github.com/repos/schmittjoh/metadata/zipball/6a06970a10e0a532fb52d3959547123b84a3b3ab",
+                "reference": "6a06970a10e0a532fb52d3959547123b84a3b3ab",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.0"
             },
             "require-dev": {
-                "doctrine/cache": "~1.0"
+                "doctrine/cache": "~1.0",
+                "symfony/cache": "~3.1"
             },
             "type": "library",
             "extra": {
@@ -520,14 +498,12 @@
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
-                "Apache"
+                "Apache-2.0"
             ],
             "authors": [
                 {
-                    "name": "Johannes Schmitt",
-                    "email": "schmittjoh@gmail.com",
-                    "homepage": "https://github.com/schmittjoh",
-                    "role": "Developer of wrapped JMSSerializerBundle"
+                    "name": "Johannes M. Schmitt",
+                    "email": "schmittjoh@gmail.com"
                 }
             ],
             "description": "Class/method/property metadata management in PHP",
@@ -537,7 +513,7 @@
                 "xml",
                 "yaml"
             ],
-            "time": "2014-07-12 07:13:19"
+            "time": "2016-12-05T10:18:33+00:00"
         },
         {
             "name": "jms/parser-lib",
@@ -572,45 +548,40 @@
                 "Apache2"
             ],
             "description": "A library for easily creating recursive-descent parsers.",
-            "time": "2012-11-18 18:08:43"
+            "time": "2012-11-18T18:08:43+00:00"
         },
         {
             "name": "jms/serializer",
-            "version": "1.1.0",
+            "version": "0.16.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/schmittjoh/serializer.git",
-                "reference": "fe13a1f993ea3456e195b7820692f2eb2b6bbb48"
+                "reference": "c8a171357ca92b6706e395c757f334902d430ea9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/schmittjoh/serializer/zipball/fe13a1f993ea3456e195b7820692f2eb2b6bbb48",
-                "reference": "fe13a1f993ea3456e195b7820692f2eb2b6bbb48",
+                "url": "https://api.github.com/repos/schmittjoh/serializer/zipball/c8a171357ca92b6706e395c757f334902d430ea9",
+                "reference": "c8a171357ca92b6706e395c757f334902d430ea9",
                 "shasum": ""
             },
             "require": {
                 "doctrine/annotations": "1.*",
-                "doctrine/instantiator": "~1.0.3",
                 "jms/metadata": "~1.1",
                 "jms/parser-lib": "1.*",
-                "php": ">=5.4.0",
+                "php": ">=5.3.2",
                 "phpcollection/phpcollection": "~0.1"
             },
-            "conflict": {
-                "twig/twig": "<1.12"
-            },
             "require-dev": {
                 "doctrine/orm": "~2.1",
                 "doctrine/phpcr-odm": "~1.0.1",
                 "jackalope/jackalope-doctrine-dbal": "1.0.*",
-                "phpunit/phpunit": "~4.0",
                 "propel/propel1": "~1.7",
                 "symfony/filesystem": "2.*",
                 "symfony/form": "~2.1",
                 "symfony/translation": "~2.0",
                 "symfony/validator": "~2.0",
                 "symfony/yaml": "2.*",
-                "twig/twig": "~1.12|~2.0"
+                "twig/twig": ">=1.8,<2.0-dev"
             },
             "suggest": {
                 "symfony/yaml": "Required if you'd like to serialize data to YAML format."
@@ -618,7 +589,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.1-dev"
+                    "dev-master": "0.15-dev"
                 }
             },
             "autoload": {
@@ -632,8 +603,10 @@
             ],
             "authors": [
                 {
-                    "name": "Johannes M. Schmitt",
-                    "email": "schmittjoh@gmail.com"
+                    "name": "Johannes Schmitt",
+                    "email": "schmittjoh@gmail.com",
+                    "homepage": "https://github.com/schmittjoh",
+                    "role": "Developer of wrapped JMSSerializerBundle"
                 }
             ],
             "description": "Library for (de-)serializing data of any complexity; supports XML, JSON, and YAML.",
@@ -645,7 +618,7 @@
                 "serialization",
                 "xml"
             ],
-            "time": "2015-10-27 09:24:41"
+            "time": "2014-03-18T08:39:00+00:00"
         },
         {
             "name": "justinrainbow/json-schema",
@@ -711,7 +684,7 @@
                 "json",
                 "schema"
             ],
-            "time": "2016-01-25 15:43:01"
+            "time": "2016-01-25T15:43:01+00:00"
         },
         {
             "name": "kherge/version",
@@ -754,20 +727,21 @@
             ],
             "description": "A parsing and comparison library for semantic versioning.",
             "homepage": "http://github.com/kherge/Version",
-            "time": "2012-08-16 17:13:03"
+            "abandoned": true,
+            "time": "2012-08-16T17:13:03+00:00"
         },
         {
             "name": "monolog/monolog",
-            "version": "1.19.0",
+            "version": "1.22.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Seldaek/monolog.git",
-                "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf"
+                "reference": "1e044bc4b34e91743943479f1be7a1d5eb93add0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Seldaek/monolog/zipball/5f56ed5212dc509c8dc8caeba2715732abb32dbf",
-                "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf",
+                "url": "https://api.github.com/repos/Seldaek/monolog/zipball/1e044bc4b34e91743943479f1be7a1d5eb93add0",
+                "reference": "1e044bc4b34e91743943479f1be7a1d5eb93add0",
                 "shasum": ""
             },
             "require": {
@@ -778,7 +752,7 @@
                 "psr/log-implementation": "1.0.0"
             },
             "require-dev": {
-                "aws/aws-sdk-php": "^2.4.9",
+                "aws/aws-sdk-php": "^2.4.9 || ^3.0",
                 "doctrine/couchdb": "~1.0@dev",
                 "graylog2/gelf-php": "~1.0",
                 "jakub-onderka/php-parallel-lint": "0.9",
@@ -786,8 +760,8 @@
                 "php-console/php-console": "^3.1.3",
                 "phpunit/phpunit": "~4.5",
                 "phpunit/phpunit-mock-objects": "2.3.0",
-                "raven/raven": "^0.13",
                 "ruflin/elastica": ">=0.90 <3.0",
+                "sentry/sentry": "^0.13",
                 "swiftmailer/swiftmailer": "~5.3"
             },
             "suggest": {
@@ -799,9 +773,9 @@
                 "mongodb/mongodb": "Allow sending log messages to a MongoDB server via PHP Driver",
                 "php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib",
                 "php-console/php-console": "Allow sending log messages to Google Chrome",
-                "raven/raven": "Allow sending log messages to a Sentry server",
                 "rollbar/rollbar": "Allow sending log messages to Rollbar",
-                "ruflin/elastica": "Allow sending log messages to an Elastic Search server"
+                "ruflin/elastica": "Allow sending log messages to an Elastic Search server",
+                "sentry/sentry": "Allow sending log messages to a Sentry server"
             },
             "type": "library",
             "extra": {
@@ -832,7 +806,7 @@
                 "logging",
                 "psr-3"
             ],
-            "time": "2016-04-12 18:29:35"
+            "time": "2017-03-13T07:08:03+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -877,20 +851,20 @@
                 "parser",
                 "php"
             ],
-            "time": "2015-09-19 14:15:08"
+            "time": "2015-09-19T14:15:08+00:00"
         },
         {
             "name": "phpcollection/phpcollection",
-            "version": "0.4.0",
+            "version": "0.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/schmittjoh/php-collection.git",
-                "reference": "b8bf55a0a929ca43b01232b36719f176f86c7e83"
+                "reference": "f2bcff45c0da7c27991bbc1f90f47c4b7fb434a6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/schmittjoh/php-collection/zipball/b8bf55a0a929ca43b01232b36719f176f86c7e83",
-                "reference": "b8bf55a0a929ca43b01232b36719f176f86c7e83",
+                "url": "https://api.github.com/repos/schmittjoh/php-collection/zipball/f2bcff45c0da7c27991bbc1f90f47c4b7fb434a6",
+                "reference": "f2bcff45c0da7c27991bbc1f90f47c4b7fb434a6",
                 "shasum": ""
             },
             "require": {
@@ -899,7 +873,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "0.3-dev"
+                    "dev-master": "0.4-dev"
                 }
             },
             "autoload": {
@@ -914,9 +888,7 @@
             "authors": [
                 {
                     "name": "Johannes M. Schmitt",
-                    "email": "schmittjoh@gmail.com",
-                    "homepage": "http://jmsyst.com",
-                    "role": "Developer of wrapped JMSSerializerBundle"
+                    "email": "schmittjoh@gmail.com"
                 }
             ],
             "description": "General-Purpose Collection Library for PHP",
@@ -927,7 +899,7 @@
                 "sequence",
                 "set"
             ],
-            "time": "2014-03-11 13:46:42"
+            "time": "2015-05-17T12:39:23+00:00"
         },
         {
             "name": "phpdocumentor/fileset",
@@ -970,7 +942,7 @@
                 "fileset",
                 "phpdoc"
             ],
-            "time": "2013-08-06 21:07:42"
+            "time": "2013-08-06T21:07:42+00:00"
         },
         {
             "name": "phpdocumentor/graphviz",
@@ -1011,7 +983,7 @@
                     "email": "mike.vanriel@naenius.com"
                 }
             ],
-            "time": "2016-02-02 13:00:08"
+            "time": "2016-02-02T13:00:08+00:00"
         },
         {
             "name": "phpdocumentor/phpdocumentor",
@@ -1100,7 +1072,7 @@
                 "documentation",
                 "phpdoc"
             ],
-            "time": "2016-05-22 09:50:56"
+            "time": "2016-05-22T09:50:56+00:00"
         },
         {
             "name": "phpdocumentor/reflection",
@@ -1154,7 +1126,7 @@
                 "reflection",
                 "static analysis"
             ],
-            "time": "2016-05-21 08:42:32"
+            "time": "2016-05-21T08:42:32+00:00"
         },
         {
             "name": "phpdocumentor/reflection-docblock",
@@ -1203,7 +1175,7 @@
                     "email": "mike.vanriel@naenius.com"
                 }
             ],
-            "time": "2015-02-03 12:10:50"
+            "time": "2015-02-03T12:10:50+00:00"
         },
         {
             "name": "phpoption/phpoption",
@@ -1253,31 +1225,32 @@
                 "php",
                 "type"
             ],
-            "time": "2015-07-25 16:39:46"
+            "time": "2015-07-25T16:39:46+00:00"
         },
         {
             "name": "phpspec/prophecy",
-            "version": "v1.6.1",
+            "version": "v1.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "58a8137754bc24b25740d4281399a4a3596058e0"
+                "reference": "93d39f1f7f9326d746203c7c056f300f7f126073"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/58a8137754bc24b25740d4281399a4a3596058e0",
-                "reference": "58a8137754bc24b25740d4281399a4a3596058e0",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/93d39f1f7f9326d746203c7c056f300f7f126073",
+                "reference": "93d39f1f7f9326d746203c7c056f300f7f126073",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.0.2",
                 "php": "^5.3|^7.0",
                 "phpdocumentor/reflection-docblock": "^2.0|^3.0.2",
-                "sebastian/comparator": "^1.1",
-                "sebastian/recursion-context": "^1.0"
+                "sebastian/comparator": "^1.1|^2.0",
+                "sebastian/recursion-context": "^1.0|^2.0|^3.0"
             },
             "require-dev": {
-                "phpspec/phpspec": "^2.0"
+                "phpspec/phpspec": "^2.5|^3.2",
+                "phpunit/phpunit": "^4.8 || ^5.6.5"
             },
             "type": "library",
             "extra": {
@@ -1315,7 +1288,7 @@
                 "spy",
                 "stub"
             ],
-            "time": "2016-06-07 08:13:47"
+            "time": "2017-03-02T20:05:34+00:00"
         },
         {
             "name": "phpunit/php-code-coverage",
@@ -1377,20 +1350,20 @@
                 "testing",
                 "xunit"
             ],
-            "time": "2015-10-06 15:47:00"
+            "time": "2015-10-06T15:47:00+00:00"
         },
         {
             "name": "phpunit/php-file-iterator",
-            "version": "1.4.1",
+            "version": "1.4.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
-                "reference": "6150bf2c35d3fc379e50c7602b75caceaa39dbf0"
+                "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/6150bf2c35d3fc379e50c7602b75caceaa39dbf0",
-                "reference": "6150bf2c35d3fc379e50c7602b75caceaa39dbf0",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
+                "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
                 "shasum": ""
             },
             "require": {
@@ -1424,7 +1397,7 @@
                 "filesystem",
                 "iterator"
             ],
-            "time": "2015-06-21 13:08:43"
+            "time": "2016-10-03T07:40:28+00:00"
         },
         {
             "name": "phpunit/php-text-template",
@@ -1465,29 +1438,34 @@
             "keywords": [
                 "template"
             ],
-            "time": "2015-06-21 13:50:34"
+            "time": "2015-06-21T13:50:34+00:00"
         },
         {
             "name": "phpunit/php-timer",
-            "version": "1.0.8",
+            "version": "1.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-timer.git",
-                "reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260"
+                "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/38e9124049cf1a164f1e4537caf19c99bf1eb260",
-                "reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
+                "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.3"
+                "php": "^5.3.3 || ^7.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4|~5"
+                "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.0"
             },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0-dev"
+                }
+            },
             "autoload": {
                 "classmap": [
                     "src/"
@@ -1509,20 +1487,20 @@
             "keywords": [
                 "timer"
             ],
-            "time": "2016-05-12 18:03:57"
+            "time": "2017-02-26T11:10:40+00:00"
         },
         {
             "name": "phpunit/php-token-stream",
-            "version": "1.4.8",
+            "version": "1.4.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-token-stream.git",
-                "reference": "3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da"
+                "reference": "e03f8f67534427a787e21a385a67ec3ca6978ea7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da",
-                "reference": "3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e03f8f67534427a787e21a385a67ec3ca6978ea7",
+                "reference": "e03f8f67534427a787e21a385a67ec3ca6978ea7",
                 "shasum": ""
             },
             "require": {
@@ -1558,20 +1536,20 @@
             "keywords": [
                 "tokenizer"
             ],
-            "time": "2015-09-15 10:49:45"
+            "time": "2017-02-27T10:12:30+00:00"
         },
         {
             "name": "phpunit/phpunit",
-            "version": "4.7.7",
+            "version": "4.8.35",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/phpunit.git",
-                "reference": "9b97f9d807b862c2de2a36e86690000801c85724"
+                "reference": "791b1a67c25af50e230f841ee7a9c6eba507dc87"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/9b97f9d807b862c2de2a36e86690000801c85724",
-                "reference": "9b97f9d807b862c2de2a36e86690000801c85724",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/791b1a67c25af50e230f841ee7a9c6eba507dc87",
+                "reference": "791b1a67c25af50e230f841ee7a9c6eba507dc87",
                 "shasum": ""
             },
             "require": {
@@ -1581,15 +1559,15 @@
                 "ext-reflection": "*",
                 "ext-spl": "*",
                 "php": ">=5.3.3",
-                "phpspec/prophecy": "~1.3,>=1.3.1",
+                "phpspec/prophecy": "^1.3.1",
                 "phpunit/php-code-coverage": "~2.1",
                 "phpunit/php-file-iterator": "~1.4",
                 "phpunit/php-text-template": "~1.2",
-                "phpunit/php-timer": ">=1.0.6",
+                "phpunit/php-timer": "^1.0.6",
                 "phpunit/phpunit-mock-objects": "~2.3",
-                "sebastian/comparator": "~1.1",
+                "sebastian/comparator": "~1.2.2",
                 "sebastian/diff": "~1.2",
-                "sebastian/environment": "~1.2",
+                "sebastian/environment": "~1.3",
                 "sebastian/exporter": "~1.2",
                 "sebastian/global-state": "~1.0",
                 "sebastian/version": "~1.0",
@@ -1604,7 +1582,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "4.7.x-dev"
+                    "dev-master": "4.8.x-dev"
                 }
             },
             "autoload": {
@@ -1630,7 +1608,7 @@
                 "testing",
                 "xunit"
             ],
-            "time": "2015-07-13 11:28:34"
+            "time": "2017-02-06T05:18:07+00:00"
         },
         {
             "name": "phpunit/phpunit-mock-objects",
@@ -1686,7 +1664,7 @@
                 "mock",
                 "xunit"
             ],
-            "time": "2015-10-02 06:51:40"
+            "time": "2015-10-02T06:51:40+00:00"
         },
         {
             "name": "pimple/pimple",
@@ -1734,26 +1712,34 @@
                 "container",
                 "dependency injection"
             ],
-            "time": "2013-11-22 08:30:29"
+            "time": "2013-11-22T08:30:29+00:00"
         },
         {
             "name": "psr/log",
-            "version": "1.0.0",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
+                "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
-                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
+                "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
                 "shasum": ""
             },
+            "require": {
+                "php": ">=5.3.0"
+            },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
             "autoload": {
-                "psr-0": {
-                    "Psr\\Log\\": ""
+                "psr-4": {
+                    "Psr\\Log\\": "Psr/Log/"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -1767,31 +1753,32 @@
                 }
             ],
             "description": "Common interface for logging libraries",
+            "homepage": "https://github.com/php-fig/log",
             "keywords": [
                 "log",
                 "psr",
                 "psr-3"
             ],
-            "time": "2012-12-21 11:40:51"
+            "time": "2016-10-10T12:19:37+00:00"
         },
         {
             "name": "sebastian/comparator",
-            "version": "1.2.0",
+            "version": "1.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/comparator.git",
-                "reference": "937efb279bd37a375bcadf584dec0726f84dbf22"
+                "reference": "2b7424b55f5047b47ac6e5ccb20b2aea4011d9be"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/937efb279bd37a375bcadf584dec0726f84dbf22",
-                "reference": "937efb279bd37a375bcadf584dec0726f84dbf22",
+                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/2b7424b55f5047b47ac6e5ccb20b2aea4011d9be",
+                "reference": "2b7424b55f5047b47ac6e5ccb20b2aea4011d9be",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.3",
                 "sebastian/diff": "~1.2",
-                "sebastian/exporter": "~1.2"
+                "sebastian/exporter": "~1.2 || ~2.0"
             },
             "require-dev": {
                 "phpunit/phpunit": "~4.4"
@@ -1836,7 +1823,7 @@
                 "compare",
                 "equality"
             ],
-            "time": "2015-07-26 15:48:44"
+            "time": "2017-01-29T09:50:25+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -1888,27 +1875,27 @@
             "keywords": [
                 "diff"
             ],
-            "time": "2015-12-08 07:14:41"
+            "time": "2015-12-08T07:14:41+00:00"
         },
         {
             "name": "sebastian/environment",
-            "version": "1.3.7",
+            "version": "1.3.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/environment.git",
-                "reference": "4e8f0da10ac5802913afc151413bc8c53b6c2716"
+                "reference": "be2c607e43ce4c89ecd60e75c6a85c126e754aea"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/4e8f0da10ac5802913afc151413bc8c53b6c2716",
-                "reference": "4e8f0da10ac5802913afc151413bc8c53b6c2716",
+                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/be2c607e43ce4c89ecd60e75c6a85c126e754aea",
+                "reference": "be2c607e43ce4c89ecd60e75c6a85c126e754aea",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.3"
+                "php": "^5.3.3 || ^7.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4.4"
+                "phpunit/phpunit": "^4.8 || ^5.0"
             },
             "type": "library",
             "extra": {
@@ -1938,7 +1925,7 @@
                 "environment",
                 "hhvm"
             ],
-            "time": "2016-05-17 03:18:57"
+            "time": "2016-08-18T05:49:44+00:00"
         },
         {
             "name": "sebastian/exporter",
@@ -2005,7 +1992,7 @@
                 "export",
                 "exporter"
             ],
-            "time": "2016-06-17 09:04:28"
+            "time": "2016-06-17T09:04:28+00:00"
         },
         {
             "name": "sebastian/global-state",
@@ -2056,20 +2043,20 @@
             "keywords": [
                 "global state"
             ],
-            "time": "2015-10-12 03:26:01"
+            "time": "2015-10-12T03:26:01+00:00"
         },
         {
             "name": "sebastian/recursion-context",
-            "version": "1.0.2",
+            "version": "1.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/recursion-context.git",
-                "reference": "913401df809e99e4f47b27cdd781f4a258d58791"
+                "reference": "b19cc3298482a335a95f3016d2f8a6950f0fbcd7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/913401df809e99e4f47b27cdd781f4a258d58791",
-                "reference": "913401df809e99e4f47b27cdd781f4a258d58791",
+                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/b19cc3298482a335a95f3016d2f8a6950f0fbcd7",
+                "reference": "b19cc3298482a335a95f3016d2f8a6950f0fbcd7",
                 "shasum": ""
             },
             "require": {
@@ -2109,7 +2096,7 @@
             ],
             "description": "Provides functionality to recursively process PHP variables",
             "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
-            "time": "2015-11-11 19:50:13"
+            "time": "2016-10-03T07:41:43+00:00"
         },
         {
             "name": "sebastian/version",
@@ -2144,25 +2131,28 @@
             ],
             "description": "Library that helps with managing the version number of Git-hosted PHP projects",
             "homepage": "https://github.com/sebastianbergmann/version",
-            "time": "2015-06-21 13:59:46"
+            "time": "2015-06-21T13:59:46+00:00"
         },
         {
             "name": "seld/jsonlint",
-            "version": "1.4.0",
+            "version": "1.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Seldaek/jsonlint.git",
-                "reference": "66834d3e3566bb5798db7294619388786ae99394"
+                "reference": "791f8c594f300d246cdf01c6b3e1e19611e301d8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/66834d3e3566bb5798db7294619388786ae99394",
-                "reference": "66834d3e3566bb5798db7294619388786ae99394",
+                "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/791f8c594f300d246cdf01c6b3e1e19611e301d8",
+                "reference": "791f8c594f300d246cdf01c6b3e1e19611e301d8",
                 "shasum": ""
             },
             "require": {
                 "php": "^5.3 || ^7.0"
             },
+            "require-dev": {
+                "phpunit/phpunit": "^4.5"
+            },
             "bin": [
                 "bin/jsonlint"
             ],
@@ -2190,26 +2180,29 @@
                 "parser",
                 "validator"
             ],
-            "time": "2015-11-21 02:21:41"
+            "time": "2017-03-06T16:42:24+00:00"
         },
         {
             "name": "symfony/config",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/config.git",
-                "reference": "a2edd59c2163c65747fc3f35d132b5a39266bd05"
+                "reference": "06ce6bb46c24963ec09323da45d0f4f85d3cecd2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/config/zipball/a2edd59c2163c65747fc3f35d132b5a39266bd05",
-                "reference": "a2edd59c2163c65747fc3f35d132b5a39266bd05",
+                "url": "https://api.github.com/repos/symfony/config/zipball/06ce6bb46c24963ec09323da45d0f4f85d3cecd2",
+                "reference": "06ce6bb46c24963ec09323da45d0f4f85d3cecd2",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.9",
                 "symfony/filesystem": "~2.3|~3.0.0"
             },
+            "require-dev": {
+                "symfony/yaml": "~2.7|~3.0.0"
+            },
             "suggest": {
                 "symfony/yaml": "To use the yaml reference dumper"
             },
@@ -2243,24 +2236,25 @@
             ],
             "description": "Symfony Config Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:11:27"
+            "time": "2017-03-01T18:13:50+00:00"
         },
         {
             "name": "symfony/console",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "5ac8bc9aa77bb2edf06af3a1bb6bc1020d23acd3"
+                "reference": "81508e6fac4476771275a3f4f53c3fee9b956bfa"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/5ac8bc9aa77bb2edf06af3a1bb6bc1020d23acd3",
-                "reference": "5ac8bc9aa77bb2edf06af3a1bb6bc1020d23acd3",
+                "url": "https://api.github.com/repos/symfony/console/zipball/81508e6fac4476771275a3f4f53c3fee9b956bfa",
+                "reference": "81508e6fac4476771275a3f4f53c3fee9b956bfa",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.9",
+                "symfony/debug": "^2.7.2|~3.0.0",
                 "symfony/polyfill-mbstring": "~1.0"
             },
             "require-dev": {
@@ -2303,20 +2297,77 @@
             ],
             "description": "Symfony Console Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 15:06:25"
+            "time": "2017-03-04T11:00:12+00:00"
         },
         {
-            "name": "symfony/event-dispatcher",
-            "version": "v2.8.7",
+            "name": "symfony/debug",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
-                "url": "https://github.com/symfony/event-dispatcher.git",
-                "reference": "2a6b8713f8bdb582058cfda463527f195b066110"
+                "url": "https://github.com/symfony/debug.git",
+                "reference": "e90099a2958d4833a02d05b504cc06e1c234abcc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/2a6b8713f8bdb582058cfda463527f195b066110",
-                "reference": "2a6b8713f8bdb582058cfda463527f195b066110",
+                "url": "https://api.github.com/repos/symfony/debug/zipball/e90099a2958d4833a02d05b504cc06e1c234abcc",
+                "reference": "e90099a2958d4833a02d05b504cc06e1c234abcc",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.9",
+                "psr/log": "~1.0"
+            },
+            "conflict": {
+                "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
+            },
+            "require-dev": {
+                "symfony/class-loader": "~2.2|~3.0.0",
+                "symfony/http-kernel": "~2.3.24|~2.5.9|^2.6.2|~3.0.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.8-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Component\\Debug\\": ""
+                },
+                "exclude-from-classmap": [
+                    "/Tests/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony Debug Component",
+            "homepage": "https://symfony.com",
+            "time": "2017-02-18T19:13:35+00:00"
+        },
+        {
+            "name": "symfony/event-dispatcher",
+            "version": "v2.8.18",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/event-dispatcher.git",
+                "reference": "bb4ec47e8e109c1c1172145732d0aa468d967cd0"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/bb4ec47e8e109c1c1172145732d0aa468d967cd0",
+                "reference": "bb4ec47e8e109c1c1172145732d0aa468d967cd0",
                 "shasum": ""
             },
             "require": {
@@ -2324,7 +2375,7 @@
             },
             "require-dev": {
                 "psr/log": "~1.0",
-                "symfony/config": "~2.0,>=2.0.5|~3.0.0",
+                "symfony/config": "^2.0.5|~3.0.0",
                 "symfony/dependency-injection": "~2.6|~3.0.0",
                 "symfony/expression-language": "~2.6|~3.0.0",
                 "symfony/stopwatch": "~2.3|~3.0.0"
@@ -2363,29 +2414,29 @@
             ],
             "description": "Symfony EventDispatcher Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:11:27"
+            "time": "2017-02-21T08:33:48+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v3.0.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "74fec3511b62cb934b64bce1d96f06fffa4beafd"
+                "reference": "e542d4765092d22552b1bf01ddccfb01d98ee325"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/74fec3511b62cb934b64bce1d96f06fffa4beafd",
-                "reference": "74fec3511b62cb934b64bce1d96f06fffa4beafd",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/e542d4765092d22552b1bf01ddccfb01d98ee325",
+                "reference": "e542d4765092d22552b1bf01ddccfb01d98ee325",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5.9"
+                "php": ">=5.3.9"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.0-dev"
+                    "dev-master": "2.8-dev"
                 }
             },
             "autoload": {
@@ -2412,20 +2463,20 @@
             ],
             "description": "Symfony Filesystem Component",
             "homepage": "https://symfony.com",
-            "time": "2016-04-12 18:09:53"
+            "time": "2017-02-18T17:06:33+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "3ec095fab1800222732ca522a95dce8fa124007b"
+                "reference": "5fc4b5cab38b9d28be318fcffd8066988e7d9451"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/3ec095fab1800222732ca522a95dce8fa124007b",
-                "reference": "3ec095fab1800222732ca522a95dce8fa124007b",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/5fc4b5cab38b9d28be318fcffd8066988e7d9451",
+                "reference": "5fc4b5cab38b9d28be318fcffd8066988e7d9451",
                 "shasum": ""
             },
             "require": {
@@ -2461,20 +2512,20 @@
             ],
             "description": "Symfony Finder Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:11:27"
+            "time": "2017-02-21T08:33:48+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.2.0",
+            "version": "v1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "dff51f72b0706335131b00a7f49606168c582594"
+                "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/dff51f72b0706335131b00a7f49606168c582594",
-                "reference": "dff51f72b0706335131b00a7f49606168c582594",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
+                "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
                 "shasum": ""
             },
             "require": {
@@ -2486,7 +2537,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.2-dev"
+                    "dev-master": "1.3-dev"
                 }
             },
             "autoload": {
@@ -2520,20 +2571,20 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-05-18 14:26:46"
+            "time": "2016-11-14T01:06:16+00:00"
         },
         {
             "name": "symfony/process",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/process.git",
-                "reference": "115347d00c342198cdc52a7bd8bc15b5ab43500c"
+                "reference": "41336b20b52f5fd5b42a227e394e673c8071118f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/process/zipball/115347d00c342198cdc52a7bd8bc15b5ab43500c",
-                "reference": "115347d00c342198cdc52a7bd8bc15b5ab43500c",
+                "url": "https://api.github.com/repos/symfony/process/zipball/41336b20b52f5fd5b42a227e394e673c8071118f",
+                "reference": "41336b20b52f5fd5b42a227e394e673c8071118f",
                 "shasum": ""
             },
             "require": {
@@ -2569,20 +2620,20 @@
             ],
             "description": "Symfony Process Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:11:27"
+            "time": "2017-03-04T12:20:59+00:00"
         },
         {
             "name": "symfony/stopwatch",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/stopwatch.git",
-                "reference": "5e628055488bcc42dbace3af65be435d094e37e4"
+                "reference": "9e4369666d02ee9b8830da878b7f6a769eb96f4b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/stopwatch/zipball/5e628055488bcc42dbace3af65be435d094e37e4",
-                "reference": "5e628055488bcc42dbace3af65be435d094e37e4",
+                "url": "https://api.github.com/repos/symfony/stopwatch/zipball/9e4369666d02ee9b8830da878b7f6a769eb96f4b",
+                "reference": "9e4369666d02ee9b8830da878b7f6a769eb96f4b",
                 "shasum": ""
             },
             "require": {
@@ -2618,34 +2669,34 @@
             ],
             "description": "Symfony Stopwatch Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:11:27"
+            "time": "2017-02-18T17:06:33+00:00"
         },
         {
             "name": "symfony/translation",
-            "version": "v3.0.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "2b0aacaa613c0ec1ad8046f972d8abdcb19c1db7"
+                "reference": "b538355bc99db2ec7cc35284ec76d92ae7d1d256"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/2b0aacaa613c0ec1ad8046f972d8abdcb19c1db7",
-                "reference": "2b0aacaa613c0ec1ad8046f972d8abdcb19c1db7",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/b538355bc99db2ec7cc35284ec76d92ae7d1d256",
+                "reference": "b538355bc99db2ec7cc35284ec76d92ae7d1d256",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5.9",
+                "php": ">=5.3.9",
                 "symfony/polyfill-mbstring": "~1.0"
             },
             "conflict": {
-                "symfony/config": "<2.8"
+                "symfony/config": "<2.7"
             },
             "require-dev": {
                 "psr/log": "~1.0",
-                "symfony/config": "~2.8|~3.0",
-                "symfony/intl": "~2.8|~3.0",
-                "symfony/yaml": "~2.8|~3.0"
+                "symfony/config": "~2.8",
+                "symfony/intl": "~2.7.25|^2.8.18|~3.2.5",
+                "symfony/yaml": "~2.2|~3.0.0"
             },
             "suggest": {
                 "psr/log": "To use logging capability in translator",
@@ -2655,7 +2706,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.0-dev"
+                    "dev-master": "2.8-dev"
                 }
             },
             "autoload": {
@@ -2682,20 +2733,20 @@
             ],
             "description": "Symfony Translation Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-06 11:33:26"
+            "time": "2017-03-04T12:20:59+00:00"
         },
         {
             "name": "symfony/validator",
-            "version": "v2.8.7",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/validator.git",
-                "reference": "4c8f9fd8e2150dbc4745ef13378e690588365df0"
+                "reference": "8d4bfa7ec24e70ebc28d0cea5f2702d3f1257a63"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/validator/zipball/4c8f9fd8e2150dbc4745ef13378e690588365df0",
-                "reference": "4c8f9fd8e2150dbc4745ef13378e690588365df0",
+                "url": "https://api.github.com/repos/symfony/validator/zipball/8d4bfa7ec24e70ebc28d0cea5f2702d3f1257a63",
+                "reference": "8d4bfa7ec24e70ebc28d0cea5f2702d3f1257a63",
                 "shasum": ""
             },
             "require": {
@@ -2706,13 +2757,13 @@
             "require-dev": {
                 "doctrine/annotations": "~1.0",
                 "doctrine/cache": "~1.0",
-                "egulias/email-validator": "~1.2,>=1.2.1",
+                "egulias/email-validator": "^1.2.1",
                 "symfony/config": "~2.2|~3.0.0",
                 "symfony/expression-language": "~2.4|~3.0.0",
-                "symfony/http-foundation": "~2.1|~3.0.0",
-                "symfony/intl": "~2.7.4|~2.8|~3.0.0",
+                "symfony/http-foundation": "~2.3|~3.0.0",
+                "symfony/intl": "~2.7.25|^2.8.18|~3.2.5",
                 "symfony/property-access": "~2.3|~3.0.0",
-                "symfony/yaml": "~2.0,>=2.0.5|~3.0.0"
+                "symfony/yaml": "^2.0.5|~3.0.0"
             },
             "suggest": {
                 "doctrine/annotations": "For using the annotation mapping. You will also need doctrine/cache.",
@@ -2755,29 +2806,29 @@
             ],
             "description": "Symfony Validator Component",
             "homepage": "https://symfony.com",
-            "time": "2016-04-14 08:48:44"
+            "time": "2017-02-28T02:24:56+00:00"
         },
         {
             "name": "symfony/yaml",
-            "version": "v3.1.1",
+            "version": "v2.8.18",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/yaml.git",
-                "reference": "c5a7e7fc273c758b92b85dcb9c46149ccda89623"
+                "reference": "2a7bab3c16f6f452c47818fdd08f3b1e49ffcf7d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/yaml/zipball/c5a7e7fc273c758b92b85dcb9c46149ccda89623",
-                "reference": "c5a7e7fc273c758b92b85dcb9c46149ccda89623",
+                "url": "https://api.github.com/repos/symfony/yaml/zipball/2a7bab3c16f6f452c47818fdd08f3b1e49ffcf7d",
+                "reference": "2a7bab3c16f6f452c47818fdd08f3b1e49ffcf7d",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5.9"
+                "php": ">=5.3.9"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.1-dev"
+                    "dev-master": "2.8-dev"
                 }
             },
             "autoload": {
@@ -2804,33 +2855,34 @@
             ],
             "description": "Symfony Yaml Component",
             "homepage": "https://symfony.com",
-            "time": "2016-06-14 11:18:07"
+            "time": "2017-03-01T18:13:50+00:00"
         },
         {
             "name": "twig/twig",
-            "version": "v1.24.1",
+            "version": "v1.32.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "3566d311a92aae4deec6e48682dc5a4528c4a512"
+                "reference": "9935b662e24d6e634da88901ab534cc12e8c728f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3566d311a92aae4deec6e48682dc5a4528c4a512",
-                "reference": "3566d311a92aae4deec6e48682dc5a4528c4a512",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9935b662e24d6e634da88901ab534cc12e8c728f",
+                "reference": "9935b662e24d6e634da88901ab534cc12e8c728f",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.2.7"
             },
             "require-dev": {
+                "psr/container": "^1.0",
                 "symfony/debug": "~2.7",
-                "symfony/phpunit-bridge": "~2.7"
+                "symfony/phpunit-bridge": "~3.2"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.24-dev"
+                    "dev-master": "1.32-dev"
                 }
             },
             "autoload": {
@@ -2865,45 +2917,40 @@
             "keywords": [
                 "templating"
             ],
-            "time": "2016-05-30 09:11:59"
+            "time": "2017-02-27T00:07:03+00:00"
         },
         {
             "name": "zendframework/zend-cache",
-            "version": "2.7.1",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-cache.git",
-                "reference": "2c68def8f96ce842d2f2a9a69e2f3508c2f5312d"
+                "reference": "5999e5a03f7dcf82abbbe67eea74da641f959684"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-cache/zipball/2c68def8f96ce842d2f2a9a69e2f3508c2f5312d",
-                "reference": "2c68def8f96ce842d2f2a9a69e2f3508c2f5312d",
+                "url": "https://api.github.com/repos/zendframework/zend-cache/zipball/5999e5a03f7dcf82abbbe67eea74da641f959684",
+                "reference": "5999e5a03f7dcf82abbbe67eea74da641f959684",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-eventmanager": "^2.6.2 || ^3.0",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-eventmanager": "~2.5",
+                "zendframework/zend-serializer": "~2.5",
+                "zendframework/zend-servicemanager": "~2.5",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
                 "fabpot/php-cs-fixer": "1.7.*",
-                "phpbench/phpbench": "^0.10.0",
-                "phpunit/phpunit": "^4.5",
-                "zendframework/zend-serializer": "^2.6",
-                "zendframework/zend-session": "^2.6.2"
+                "phpunit/phpunit": "~4.0",
+                "zendframework/zend-session": "~2.5"
             },
             "suggest": {
-                "ext-apc": "APC or compatible extension, to use the APC storage adapter",
-                "ext-apcu": "APCU >= 5.1.0, to use the APCu storage adapter",
+                "ext-apc": "APC >= 3.1.6 to use the APC storage adapter",
                 "ext-dba": "DBA, to use the DBA storage adapter",
-                "ext-memcache": "Memcache >= 2.0.0 to use the Memcache storage adapter",
                 "ext-memcached": "Memcached >= 1.0.0 to use the Memcached storage adapter",
                 "ext-mongo": "Mongo, to use MongoDb storage adapter",
-                "ext-redis": "Redis, to use Redis storage adapter",
                 "ext-wincache": "WinCache, to use the WinCache storage adapter",
-                "ext-xcache": "XCache, to use the XCache storage adapter",
                 "mongofill/mongofill": "Alternative to ext-mongo - a pure PHP implementation designed as a drop in replacement",
                 "zendframework/zend-serializer": "Zend\\Serializer component",
                 "zendframework/zend-session": "Zend\\Session component"
@@ -2911,12 +2958,8 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.7-dev",
-                    "dev-develop": "2.8-dev"
-                },
-                "zf": {
-                    "component": "Zend\\Cache",
-                    "config-provider": "Zend\\Cache\\ConfigProvider"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -2934,33 +2977,34 @@
                 "cache",
                 "zf2"
             ],
-            "time": "2016-05-12 21:47:55"
+            "time": "2015-06-03T15:31:59+00:00"
         },
         {
             "name": "zendframework/zend-config",
-            "version": "2.6.0",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-config.git",
-                "reference": "2920e877a9f6dca9fa8f6bd3b1ffc2e19bb1e30d"
+                "reference": "ec49b1df1bdd9772df09dc2f612fbfc279bf4c27"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-config/zipball/2920e877a9f6dca9fa8f6bd3b1ffc2e19bb1e30d",
-                "reference": "2920e877a9f6dca9fa8f6bd3b1ffc2e19bb1e30d",
+                "url": "https://api.github.com/repos/zendframework/zend-config/zipball/ec49b1df1bdd9772df09dc2f612fbfc279bf4c27",
+                "reference": "ec49b1df1bdd9772df09dc2f612fbfc279bf4c27",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
                 "fabpot/php-cs-fixer": "1.7.*",
                 "phpunit/phpunit": "~4.0",
-                "zendframework/zend-filter": "^2.6",
-                "zendframework/zend-i18n": "^2.5",
-                "zendframework/zend-json": "^2.6.1",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3"
+                "zendframework/zend-filter": "~2.5",
+                "zendframework/zend-i18n": "~2.5",
+                "zendframework/zend-json": "~2.5",
+                "zendframework/zend-mvc": "~2.5",
+                "zendframework/zend-servicemanager": "~2.5"
             },
             "suggest": {
                 "zendframework/zend-filter": "Zend\\Filter component",
@@ -2971,8 +3015,8 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.6-dev",
-                    "dev-develop": "2.7-dev"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -2990,41 +3034,35 @@
                 "config",
                 "zf2"
             ],
-            "time": "2016-02-04 23:01:10"
+            "time": "2015-06-03T15:32:00+00:00"
         },
         {
             "name": "zendframework/zend-eventmanager",
-            "version": "3.0.1",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-eventmanager.git",
-                "reference": "5c80bdee0e952be112dcec0968bad770082c3a6e"
+                "reference": "d94a16039144936f107f906896349900fd634443"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-eventmanager/zipball/5c80bdee0e952be112dcec0968bad770082c3a6e",
-                "reference": "5c80bdee0e952be112dcec0968bad770082c3a6e",
+                "url": "https://api.github.com/repos/zendframework/zend-eventmanager/zipball/d94a16039144936f107f906896349900fd634443",
+                "reference": "d94a16039144936f107f906896349900fd634443",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
-                "athletic/athletic": "^0.1",
-                "container-interop/container-interop": "^1.1.0",
-                "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "^2.0",
-                "zendframework/zend-stdlib": "^2.7.3 || ^3.0"
-            },
-            "suggest": {
-                "container-interop/container-interop": "^1.1.0, to use the lazy listeners feature",
-                "zendframework/zend-stdlib": "^2.7.3 || ^3.0, to use the FilterChain feature"
+                "fabpot/php-cs-fixer": "1.7.*",
+                "phpunit/phpunit": "~4.0"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.0-dev",
-                    "dev-develop": "3.1-dev"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3036,57 +3074,52 @@
             "license": [
                 "BSD-3-Clause"
             ],
-            "description": "Trigger and listen to events within a PHP application",
             "homepage": "https://github.com/zendframework/zend-eventmanager",
             "keywords": [
-                "event",
                 "eventmanager",
-                "events",
                 "zf2"
             ],
-            "time": "2016-02-18 20:53:00"
+            "time": "2015-06-03T15:32:01+00:00"
         },
         {
             "name": "zendframework/zend-filter",
-            "version": "2.7.1",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-filter.git",
-                "reference": "84c50246428efb0a1e52868e162dab3e149d5b80"
+                "reference": "93e6990a198e6cdd811064083acac4693f4b29ae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-filter/zipball/84c50246428efb0a1e52868e162dab3e149d5b80",
-                "reference": "84c50246428efb0a1e52868e162dab3e149d5b80",
+                "url": "https://api.github.com/repos/zendframework/zend-filter/zipball/93e6990a198e6cdd811064083acac4693f4b29ae",
+                "reference": "93e6990a198e6cdd811064083acac4693f4b29ae",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
                 "fabpot/php-cs-fixer": "1.7.*",
-                "pear/archive_tar": "^1.4",
                 "phpunit/phpunit": "~4.0",
-                "zendframework/zend-crypt": "^2.6",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3",
-                "zendframework/zend-uri": "^2.5"
+                "zendframework/zend-config": "~2.5",
+                "zendframework/zend-crypt": "~2.5",
+                "zendframework/zend-i18n": "~2.5",
+                "zendframework/zend-loader": "~2.5",
+                "zendframework/zend-servicemanager": "~2.5",
+                "zendframework/zend-uri": "~2.5"
             },
             "suggest": {
-                "zendframework/zend-crypt": "Zend\\Crypt component, for encryption filters",
-                "zendframework/zend-i18n": "Zend\\I18n component for filters depending on i18n functionality",
-                "zendframework/zend-servicemanager": "Zend\\ServiceManager component, for using the filter chain functionality",
-                "zendframework/zend-uri": "Zend\\Uri component, for the UriNormalize filter"
+                "zendframework/zend-crypt": "Zend\\Crypt component",
+                "zendframework/zend-i18n": "Zend\\I18n component",
+                "zendframework/zend-servicemanager": "Zend\\ServiceManager component",
+                "zendframework/zend-uri": "Zend\\Uri component for UriNormalize filter"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.7-dev",
-                    "dev-develop": "2.8-dev"
-                },
-                "zf": {
-                    "component": "Zend\\Filter",
-                    "config-provider": "Zend\\Filter\\ConfigProvider"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3104,94 +3137,36 @@
                 "filter",
                 "zf2"
             ],
-            "time": "2016-04-18 18:32:43"
-        },
-        {
-            "name": "zendframework/zend-hydrator",
-            "version": "1.1.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/zendframework/zend-hydrator.git",
-                "reference": "22652e1661a5a10b3f564cf7824a2206cf5a4a65"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-hydrator/zipball/22652e1661a5a10b3f564cf7824a2206cf5a4a65",
-                "reference": "22652e1661a5a10b3f564cf7824a2206cf5a4a65",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "^2.0@dev",
-                "zendframework/zend-eventmanager": "^2.6.2 || ^3.0",
-                "zendframework/zend-filter": "^2.6",
-                "zendframework/zend-inputfilter": "^2.6",
-                "zendframework/zend-serializer": "^2.6.1",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3"
-            },
-            "suggest": {
-                "zendframework/zend-eventmanager": "^2.6.2 || ^3.0, to support aggregate hydrator usage",
-                "zendframework/zend-filter": "^2.6, to support naming strategy hydrator usage",
-                "zendframework/zend-serializer": "^2.6.1, to use the SerializableStrategy",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3, to support hydrator plugin manager usage"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-release-1.0": "1.0-dev",
-                    "dev-release-1.1": "1.1-dev",
-                    "dev-master": "2.0-dev",
-                    "dev-develop": "2.1-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Zend\\Hydrator\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-3-Clause"
-            ],
-            "homepage": "https://github.com/zendframework/zend-hydrator",
-            "keywords": [
-                "hydrator",
-                "zf2"
-            ],
-            "time": "2016-02-18 22:38:26"
+            "time": "2015-06-03T15:32:01+00:00"
         },
         {
             "name": "zendframework/zend-i18n",
-            "version": "2.7.3",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-i18n.git",
-                "reference": "b2db0d8246a865c659f93199f90f5fc2cd2f3cd8"
+                "reference": "509271eb7947e4aabebfc376104179cffea42696"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-i18n/zipball/b2db0d8246a865c659f93199f90f5fc2cd2f3cd8",
-                "reference": "b2db0d8246a865c659f93199f90f5fc2cd2f3cd8",
+                "url": "https://api.github.com/repos/zendframework/zend-i18n/zipball/509271eb7947e4aabebfc376104179cffea42696",
+                "reference": "509271eb7947e4aabebfc376104179cffea42696",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
                 "fabpot/php-cs-fixer": "1.7.*",
                 "phpunit/phpunit": "~4.0",
-                "zendframework/zend-cache": "^2.6.1",
-                "zendframework/zend-config": "^2.6",
-                "zendframework/zend-eventmanager": "^2.6.2 || ^3.0",
-                "zendframework/zend-filter": "^2.6.1",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3",
-                "zendframework/zend-validator": "^2.6",
-                "zendframework/zend-view": "^2.6.3"
+                "zendframework/zend-cache": "~2.5",
+                "zendframework/zend-config": "~2.5",
+                "zendframework/zend-eventmanager": "~2.5",
+                "zendframework/zend-filter": "~2.5",
+                "zendframework/zend-servicemanager": "~2.5",
+                "zendframework/zend-validator": "~2.5",
+                "zendframework/zend-view": "~2.5"
             },
             "suggest": {
                 "ext-intl": "Required for most features of Zend\\I18n; included in default builds of PHP",
@@ -3199,7 +3174,7 @@
                 "zendframework/zend-config": "Zend\\Config component",
                 "zendframework/zend-eventmanager": "You should install this package to use the events in the translator",
                 "zendframework/zend-filter": "You should install this package to use the provided filters",
-                "zendframework/zend-i18n-resources": "Translation resources",
+                "zendframework/zend-resources": "Translation resources",
                 "zendframework/zend-servicemanager": "Zend\\ServiceManager component",
                 "zendframework/zend-validator": "You should install this package to use the provided validators",
                 "zendframework/zend-view": "You should install this package to use the provided view helpers"
@@ -3207,12 +3182,8 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.7-dev",
-                    "dev-develop": "2.8-dev"
-                },
-                "zf": {
-                    "component": "Zend\\I18n",
-                    "config-provider": "Zend\\I18n\\ConfigProvider"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3229,39 +3200,43 @@
                 "i18n",
                 "zf2"
             ],
-            "time": "2016-06-07 21:08:30"
+            "time": "2015-06-03T15:32:01+00:00"
         },
         {
             "name": "zendframework/zend-json",
-            "version": "3.0.0",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-json.git",
-                "reference": "f42a1588e75c2a3e338cd94c37906231e616daab"
+                "reference": "c74eaf17d2dd37dc1e964be8dfde05706a821ebc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-json/zipball/f42a1588e75c2a3e338cd94c37906231e616daab",
-                "reference": "f42a1588e75c2a3e338cd94c37906231e616daab",
+                "url": "https://api.github.com/repos/zendframework/zend-json/zipball/c74eaf17d2dd37dc1e964be8dfde05706a821ebc",
+                "reference": "c74eaf17d2dd37dc1e964be8dfde05706a821ebc",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0"
+                "php": ">=5.3.23",
+                "zendframework/zend-stdlib": "~2.5"
             },
             "require-dev": {
+                "fabpot/php-cs-fixer": "1.7.*",
                 "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "^2.3",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "zendframework/zend-http": "~2.5",
+                "zendframework/zend-server": "~2.5",
+                "zendframework/zendxml": "~1.0"
             },
             "suggest": {
-                "zendframework/zend-json-server": "For implementing JSON-RPC servers",
-                "zendframework/zend-xml2json": "For converting XML documents to JSON"
+                "zendframework/zend-http": "Zend\\Http component",
+                "zendframework/zend-server": "Zend\\Server component",
+                "zendframework/zendxml": "To support Zend\\Json\\Json::fromXml() usage"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.0-dev",
-                    "dev-develop": "3.1-dev"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3279,46 +3254,93 @@
                 "json",
                 "zf2"
             ],
-            "time": "2016-04-01 02:34:00"
+            "time": "2015-06-03T15:32:01+00:00"
         },
         {
-            "name": "zendframework/zend-serializer",
-            "version": "2.8.0",
+            "name": "zendframework/zend-math",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
-                "url": "https://github.com/zendframework/zend-serializer.git",
-                "reference": "ff74ea020f5f90866eb28365327e9bc765a61a6e"
+                "url": "https://github.com/zendframework/zend-math.git",
+                "reference": "9f02a1ac4d3374d3332c80f9215deec9c71558fc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-serializer/zipball/ff74ea020f5f90866eb28365327e9bc765a61a6e",
-                "reference": "ff74ea020f5f90866eb28365327e9bc765a61a6e",
+                "url": "https://api.github.com/repos/zendframework/zend-math/zipball/9f02a1ac4d3374d3332c80f9215deec9c71558fc",
+                "reference": "9f02a1ac4d3374d3332c80f9215deec9c71558fc",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.6 || ^7.0",
-                "zendframework/zend-json": "^2.5 || ^3.0",
-                "zendframework/zend-stdlib": "^2.7 || ^3.0"
+                "php": ">=5.3.23"
             },
             "require-dev": {
-                "phpunit/phpunit": "^4.5",
-                "squizlabs/php_codesniffer": "^2.3.1",
-                "zendframework/zend-math": "^2.6",
-                "zendframework/zend-servicemanager": "^2.7.5 || ^3.0.3"
+                "fabpot/php-cs-fixer": "1.7.*",
+                "ircmaxell/random-lib": "~1.1",
+                "phpunit/phpunit": "~4.0",
+                "zendframework/zend-servicemanager": "~2.5"
             },
             "suggest": {
-                "zendframework/zend-math": "(^2.6 || ^3.0) To support Python Pickle serialization",
-                "zendframework/zend-servicemanager": "(^2.7.5 || ^3.0.3) To support plugin manager support"
+                "ext-bcmath": "If using the bcmath functionality",
+                "ext-gmp": "If using the gmp functionality",
+                "ircmaxell/random-lib": "Fallback random byte generator for Zend\\Math\\Rand if OpenSSL/Mcrypt extensions are unavailable",
+                "zendframework/zend-servicemanager": ">= current version, if using the BigInteger::factory functionality"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.8-dev",
-                    "dev-develop": "2.9-dev"
-                },
-                "zf": {
-                    "component": "Zend\\Serializer",
-                    "config-provider": "Zend\\Serializer\\ConfigProvider"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Zend\\Math\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "homepage": "https://github.com/zendframework/zend-math",
+            "keywords": [
+                "math",
+                "zf2"
+            ],
+            "time": "2015-06-03T15:32:02+00:00"
+        },
+        {
+            "name": "zendframework/zend-serializer",
+            "version": "2.5.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/zendframework/zend-serializer.git",
+                "reference": "b7208eb17dc4a4fb3a660b85e6c4af035eeed40c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/zendframework/zend-serializer/zipball/b7208eb17dc4a4fb3a660b85e6c4af035eeed40c",
+                "reference": "b7208eb17dc4a4fb3a660b85e6c4af035eeed40c",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.23",
+                "zendframework/zend-json": "~2.5",
+                "zendframework/zend-math": "~2.5",
+                "zendframework/zend-stdlib": "~2.5"
+            },
+            "require-dev": {
+                "fabpot/php-cs-fixer": "1.7.*",
+                "phpunit/phpunit": "~4.0",
+                "zendframework/zend-servicemanager": "~2.5"
+            },
+            "suggest": {
+                "zendframework/zend-servicemanager": "To support plugin manager support"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3336,28 +3358,26 @@
                 "serializer",
                 "zf2"
             ],
-            "time": "2016-06-21 17:01:55"
+            "time": "2015-06-03T15:32:02+00:00"
         },
         {
             "name": "zendframework/zend-servicemanager",
-            "version": "2.7.6",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-servicemanager.git",
-                "reference": "a6db4d13b9141fccce5dcb553df0295d6ad7d477"
+                "reference": "3b22c403e351d92526c642cba0bd810bc22e1c56"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-servicemanager/zipball/a6db4d13b9141fccce5dcb553df0295d6ad7d477",
-                "reference": "a6db4d13b9141fccce5dcb553df0295d6ad7d477",
+                "url": "https://api.github.com/repos/zendframework/zend-servicemanager/zipball/3b22c403e351d92526c642cba0bd810bc22e1c56",
+                "reference": "3b22c403e351d92526c642cba0bd810bc22e1c56",
                 "shasum": ""
             },
             "require": {
-                "container-interop/container-interop": "~1.0",
-                "php": "^5.5 || ^7.0"
+                "php": ">=5.3.23"
             },
             "require-dev": {
-                "athletic/athletic": "dev-master",
                 "fabpot/php-cs-fixer": "1.7.*",
                 "phpunit/phpunit": "~4.0",
                 "zendframework/zend-di": "~2.5",
@@ -3370,8 +3390,8 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.7-dev",
-                    "dev-develop": "3.0-dev"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3388,28 +3408,26 @@
                 "servicemanager",
                 "zf2"
             ],
-            "time": "2016-04-27 19:07:40"
+            "time": "2015-06-03T15:32:02+00:00"
         },
         {
             "name": "zendframework/zend-stdlib",
-            "version": "2.7.7",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/zend-stdlib.git",
-                "reference": "0e44eb46788f65e09e077eb7f44d2659143bcc1f"
+                "reference": "cc8e90a60dd5d44b9730b77d07b97550091da1ae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/zend-stdlib/zipball/0e44eb46788f65e09e077eb7f44d2659143bcc1f",
-                "reference": "0e44eb46788f65e09e077eb7f44d2659143bcc1f",
+                "url": "https://api.github.com/repos/zendframework/zend-stdlib/zipball/cc8e90a60dd5d44b9730b77d07b97550091da1ae",
+                "reference": "cc8e90a60dd5d44b9730b77d07b97550091da1ae",
                 "shasum": ""
             },
             "require": {
-                "php": "^5.5 || ^7.0",
-                "zendframework/zend-hydrator": "~1.1"
+                "php": ">=5.3.23"
             },
             "require-dev": {
-                "athletic/athletic": "~0.1",
                 "fabpot/php-cs-fixer": "1.7.*",
                 "phpunit/phpunit": "~4.0",
                 "zendframework/zend-config": "~2.5",
@@ -3428,9 +3446,8 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-release-2.7": "2.7-dev",
-                    "dev-master": "3.0-dev",
-                    "dev-develop": "3.1-dev"
+                    "dev-master": "2.5-dev",
+                    "dev-develop": "2.6-dev"
                 }
             },
             "autoload": {
@@ -3447,7 +3464,7 @@
                 "stdlib",
                 "zf2"
             ],
-            "time": "2016-04-12 21:17:31"
+            "time": "2015-06-03T15:32:03+00:00"
         },
         {
             "name": "zetacomponents/base",
@@ -3510,7 +3527,7 @@
             ],
             "description": "The Base package provides the basic infrastructure that all packages rely on. Therefore every component relies on this package.",
             "homepage": "https://github.com/zetacomponents",
-            "time": "2014-09-19 03:28:34"
+            "time": "2014-09-19T03:28:34+00:00"
         },
         {
             "name": "zetacomponents/document",
@@ -3561,7 +3578,7 @@
             ],
             "description": "The Document components provides a general conversion framework for different semantic document markup languages like XHTML, Docbook, RST and similar.",
             "homepage": "https://github.com/zetacomponents",
-            "time": "2013-12-19 11:40:00"
+            "time": "2013-12-19T11:40:00+00:00"
         }
     ],
     "aliases": [],
diff --git a/plugin/PHPMailer/examples/code_generator.phps b/plugin/PHPMailer/examples/code_generator.phps
index 23458561b..2182663d6 100644
--- a/plugin/PHPMailer/examples/code_generator.phps
+++ b/plugin/PHPMailer/examples/code_generator.phps
@@ -58,46 +58,53 @@ class phpmailerAppException extends phpmailerException
 $example_code .= "\n\nclass phpmailerAppException extends phpmailerException {}";
 $example_code .= "\n\ntry {";
 
+// Convert a string to its JavaScript representation.
+function JSString($s) {
+  static $from = array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"');
+  static $to = array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\\"');
+  return is_null($s)? 'null': '"' . str_replace($from, $to, "$s") . '"';
+}
+
 try {
     if (isset($_POST["submit"]) && $_POST['submit'] == "Submit") {
-        $to = $_POST['To_Email'];
+        $to = $to_email;
         if (!PHPMailer::validateAddress($to)) {
             throw new phpmailerAppException("Email address " . $to . " is invalid -- aborting!");
         }
 
-        $example_code .= "\n\$to = '{$_POST['To_Email']}';";
+        $example_code .= "\n\$to = '" . addslashes($to_email) . "';";
         $example_code .= "\nif(!PHPMailer::validateAddress(\$to)) {";
         $example_code .= "\n  throw new phpmailerAppException(\"Email address \" . " .
             "\$to . \" is invalid -- aborting!\");";
         $example_code .= "\n}";
 
-        switch ($_POST['test_type']) {
+        switch ($test_type) {
             case 'smtp':
                 $mail->isSMTP(); // telling the class to use SMTP
-                $mail->SMTPDebug = (integer)$_POST['smtp_debug'];
-                $mail->Host = $_POST['smtp_server']; // SMTP server
-                $mail->Port = (integer)$_POST['smtp_port']; // set the SMTP port
-                if ($_POST['smtp_secure']) {
-                    $mail->SMTPSecure = strtolower($_POST['smtp_secure']);
+                $mail->SMTPDebug = (integer)$smtp_debug;
+                $mail->Host = $smtp_server; // SMTP server
+                $mail->Port = (integer)$smtp_port; // set the SMTP port
+                if ($smtp_secure) {
+                    $mail->SMTPSecure = strtolower($smtp_secure);
                 }
                 $mail->SMTPAuth = array_key_exists('smtp_authenticate', $_POST); // enable SMTP authentication?
                 if (array_key_exists('smtp_authenticate', $_POST)) {
-                    $mail->Username = $_POST['authenticate_username']; // SMTP account username
-                    $mail->Password = $_POST['authenticate_password']; // SMTP account password
+                    $mail->Username = $authenticate_username; // SMTP account username
+                    $mail->Password = $authenticate_password; // SMTP account password
                 }
 
                 $example_code .= "\n\$mail->isSMTP();";
-                $example_code .= "\n\$mail->SMTPDebug  = " . $_POST['smtp_debug'] . ";";
-                $example_code .= "\n\$mail->Host       = \"" . $_POST['smtp_server'] . "\";";
-                $example_code .= "\n\$mail->Port       = \"" . $_POST['smtp_port'] . "\";";
-                $example_code .= "\n\$mail->SMTPSecure = \"" . strtolower($_POST['smtp_secure']) . "\";";
+                $example_code .= "\n\$mail->SMTPDebug  = " . (integer) $smtp_debug . ";";
+                $example_code .= "\n\$mail->Host       = \"" . addslashes($smtp_server) . "\";";
+                $example_code .= "\n\$mail->Port       = \"" . addslashes($smtp_port) . "\";";
+                $example_code .= "\n\$mail->SMTPSecure = \"" . addslashes(strtolower($smtp_secure)) . "\";";
                 $example_code .= "\n\$mail->SMTPAuth   = " . (array_key_exists(
                     'smtp_authenticate',
                     $_POST
                 ) ? 'true' : 'false') . ";";
                 if (array_key_exists('smtp_authenticate', $_POST)) {
-                    $example_code .= "\n\$mail->Username   = \"" . $_POST['authenticate_username'] . "\";";
-                    $example_code .= "\n\$mail->Password   = \"" . $_POST['authenticate_password'] . "\";";
+                    $example_code .= "\n\$mail->Username   = \"" . addslashes($authenticate_username) . "\";";
+                    $example_code .= "\n\$mail->Password   = \"" . addslashes($authenticate_password) . "\";";
                 }
                 break;
             case 'mail':
@@ -118,59 +125,59 @@ try {
 
         try {
             if ($_POST['From_Name'] != '') {
-                $mail->addReplyTo($_POST['From_Email'], $_POST['From_Name']);
-                $mail->setFrom($_POST['From_Email'], $_POST['From_Name']);
+                $mail->addReplyTo($from_email, $from_name);
+                $mail->setFrom($from_email, $from_name);
 
                 $example_code .= "\n\$mail->addReplyTo(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Name'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_name) . "\");";
                 $example_code .= "\n\$mail->setFrom(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Name'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_name) . "\");";
             } else {
-                $mail->addReplyTo($_POST['From_Email']);
-                $mail->setFrom($_POST['From_Email'], $_POST['From_Email']);
+                $mail->addReplyTo($from_email);
+                $mail->setFrom($from_email, $from_email);
 
-                $example_code .= "\n\$mail->addReplyTo(\"" . $_POST['From_Email'] . "\");";
+                $example_code .= "\n\$mail->addReplyTo(\"" . addslashes($from_email) . "\");";
                 $example_code .= "\n\$mail->setFrom(\"" .
-                    $_POST['From_Email'] . "\", \"" . $_POST['From_Email'] . "\");";
+                    addslashes($from_email) . "\", \"" . addslashes($from_email) . "\");";
             }
 
             if ($_POST['To_Name'] != '') {
-                $mail->addAddress($to, $_POST['To_Name']);
-                $example_code .= "\n\$mail->addAddress(\"$to\", \"" . $_POST['To_Name'] . "\");";
+                $mail->addAddress($to, $to_name);
+                $example_code .= "\n\$mail->addAddress(\"$to\", \"" . addslashes($to_name) . "\");";
             } else {
                 $mail->addAddress($to);
                 $example_code .= "\n\$mail->addAddress(\"$to\");";
             }
 
             if ($_POST['bcc_Email'] != '') {
-                $indiBCC = explode(" ", $_POST['bcc_Email']);
+                $indiBCC = explode(" ", $bcc_email);
                 foreach ($indiBCC as $key => $value) {
                     $mail->addBCC($value);
-                    $example_code .= "\n\$mail->addBCC(\"$value\");";
+                    $example_code .= "\n\$mail->addBCC(\"" . addslashes($value) . "\");";
                 }
             }
 
             if ($_POST['cc_Email'] != '') {
-                $indiCC = explode(" ", $_POST['cc_Email']);
+                $indiCC = explode(" ", $cc_Email);
                 foreach ($indiCC as $key => $value) {
                     $mail->addCC($value);
-                    $example_code .= "\n\$mail->addCC(\"$value\");";
+                    $example_code .= "\n\$mail->addCC(\"" . addslashes($value) . "\");";
                 }
             }
         } catch (phpmailerException $e) { //Catch all kinds of bad addressing
             throw new phpmailerAppException($e->getMessage());
         }
-        $mail->Subject = $_POST['Subject'] . ' (PHPMailer test using ' . strtoupper($_POST['test_type']) . ')';
-        $example_code .= "\n\$mail->Subject  = \"" . $_POST['Subject'] .
-            ' (PHPMailer test using ' . strtoupper($_POST['test_type']) . ')";';
+        $mail->Subject = $subject . ' (PHPMailer test using ' . strtoupper($test_type) . ')';
+        $example_code .= "\n\$mail->Subject  = \"" . addslashes($subject) .
+            ' (PHPMailer test using ' . addslashes(strtoupper($test_type)) . ')";';
 
         if ($_POST['Message'] == '') {
             $body = file_get_contents('contents.html');
         } else {
-            $body = $_POST['Message'];
+            $body = $message;
         }
 
-        $example_code .= "\n\$body = <<<'EOT'\n" . htmlentities($body) . "\nEOT;";
+        $example_code .= "\n\$body = <<<'EOT'\n$body\nEOT;";
 
         $mail->WordWrap = 78; // set word wrap to the RFC2822 limit
         $mail->msgHTML($body, dirname(__FILE__), true); //Create message bodies and embed images
@@ -187,7 +194,7 @@ try {
         $example_code .= "\n\ntry {";
         $example_code .= "\n  \$mail->send();";
         $example_code .= "\n  \$results_messages[] = \"Message has been sent using " .
-            strtoupper($_POST['test_type']) . "\";";
+            addslashes(strtoupper($test_type)) . "\";";
         $example_code .= "\n}";
         $example_code .= "\ncatch (phpmailerException \$e) {";
         $example_code .= "\n  throw new phpmailerAppException('Unable to send to: ' . \$to. ': '.\$e->getMessage());";
@@ -195,7 +202,7 @@ try {
 
         try {
             $mail->send();
-            $results_messages[] = "Message has been sent using " . strtoupper($_POST["test_type"]);
+            $results_messages[] = "Message has been sent using " . strtoupper($test_type);
         } catch (phpmailerException $e) {
             throw new phpmailerAppException("Unable to send to: " . $to . ': ' . $e->getMessage());
         }
@@ -309,22 +316,22 @@ $example_code .= "\n}";
 
         function startAgain() {
             var post_params = {
-                "From_Name": "<?php echo $from_name; ?>",
-                "From_Email": "<?php echo $from_email; ?>",
-                "To_Name": "<?php echo $to_name; ?>",
-                "To_Email": "<?php echo $to_email; ?>",
-                "cc_Email": "<?php echo $cc_email; ?>",
-                "bcc_Email": "<?php echo $bcc_email; ?>",
-                "Subject": "<?php echo $subject; ?>",
-                "Message": "<?php echo $message; ?>",
-                "test_type": "<?php echo $test_type; ?>",
-                "smtp_debug": "<?php echo $smtp_debug; ?>",
-                "smtp_server": "<?php echo $smtp_server; ?>",
-                "smtp_port": "<?php echo $smtp_port; ?>",
-                "smtp_secure": "<?php echo $smtp_secure; ?>",
-                "smtp_authenticate": "<?php echo $smtp_authenticate; ?>",
-                "authenticate_username": "<?php echo $authenticate_username; ?>",
-                "authenticate_password": "<?php echo $authenticate_password; ?>"
+                "From_Name": <?php echo JSString($from_name); ?>,
+                "From_Email": <?php echo JSString($from_email); ?>,
+                "To_Name": <?php echo JSString($to_name); ?>,
+                "To_Email": <?php echo JSString($to_email); ?>,
+                "cc_Email": <?php echo JSString($cc_email); ?>,
+                "bcc_Email": <?php echo JSString($bcc_email); ?>,
+                "Subject": <?php echo JSString($subject); ?>,
+                "Message": <?php echo JSString($message); ?>,
+                "test_type": <?php echo JSString($test_type); ?>,
+                "smtp_debug": <?php echo JSString($smtp_debug); ?>,
+                "smtp_server": <?php echo JSString($smtp_server); ?>,
+                "smtp_port": <?php echo JSString($smtp_port); ?>,
+                "smtp_secure": <?php echo JSString($smtp_secure); ?>,
+                "smtp_authenticate": <?php echo JSString($smtp_authenticate); ?>,
+                "authenticate_username": <?php echo JSString($authenticate_username); ?>,
+                "authenticate_password": <?php echo JSString($authenticate_password); ?>
             };
 
             var resetForm = document.createElement("form");
@@ -374,7 +381,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
     echo "<button type=\"submit\" onclick=\"startAgain();\">Start Over</button><br>\n";
     echo "<br><span>Script:</span>\n";
     echo "<pre class=\"brush: php;\">\n";
-    echo $example_code;
+    echo htmlentities($example_code);
     echo "\n</pre>\n";
     echo "\n<hr style=\"margin: 3em;\">\n";
 }
@@ -390,7 +397,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="From_Name"><strong>From</strong> Name</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="From_Name" name="From_Name" value="<?php echo $from_name; ?>"
+                            <input type="text" id="From_Name" name="From_Name" value="<?php echo htmlentities($from_name); ?>"
                                    style="width:95%;" autofocus placeholder="Your Name">
                         </td>
                     </tr>
@@ -399,7 +406,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="From_Email"><strong>From</strong> Email Address</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="From_Email" name="From_Email" value="<?php echo $from_email; ?>"
+                            <input type="text" id="From_Email" name="From_Email" value="<?php echo htmlentities($from_email); ?>"
                                    style="width:95%;" required placeholder="Your.Email@example.com">
                         </td>
                     </tr>
@@ -408,7 +415,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="To_Name"><strong>To</strong> Name</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="To_Name" name="To_Name" value="<?php echo $to_name; ?>"
+                            <input type="text" id="To_Name" name="To_Name" value="<?php echo htmlentities($to_name); ?>"
                                    style="width:95%;" placeholder="Recipient's Name">
                         </td>
                     </tr>
@@ -417,7 +424,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="To_Email"><strong>To</strong> Email Address</label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="To_Email" name="To_Email" value="<?php echo $to_email; ?>"
+                            <input type="text" id="To_Email" name="To_Email" value="<?php echo htmlentities($to_email); ?>"
                                    style="width:95%;" required placeholder="Recipients.Email@example.com">
                         </td>
                     </tr>
@@ -428,7 +435,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             </label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="cc_Email" name="cc_Email" value="<?php echo $cc_email; ?>"
+                            <input type="text" id="cc_Email" name="cc_Email" value="<?php echo htmlentities($cc_email); ?>"
                                    style="width:95%;" placeholder="cc1@example.com, cc2@example.com">
                         </td>
                     </tr>
@@ -439,7 +446,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             </label>
                         </td>
                         <td class="colrite">
-                            <input type="text" id="bcc_Email" name="bcc_Email" value="<?php echo $bcc_email; ?>"
+                            <input type="text" id="bcc_Email" name="bcc_Email" value="<?php echo htmlentities($bcc_email); ?>"
                                    style="width:95%;" placeholder="bcc1@example.com, bcc2@example.com">
                         </td>
                     </tr>
@@ -448,7 +455,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <label for="Subject"><strong>Subject</strong></label>
                         </td>
                         <td class="colrite">
-                            <input type="text" name="Subject" id="Subject" value="<?php echo $subject; ?>"
+                            <input type="text" name="Subject" id="Subject" value="<?php echo htmlentities($subject); ?>"
                                    style="width:95%;" placeholder="Email Subject">
                         </td>
                     </tr>
@@ -460,7 +467,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                         </td>
                         <td class="colrite">
                             <textarea name="Message" id="Message" style="width:95%;height:5em;"
-                                      placeholder="Body of your email"><?php echo $message; ?></textarea>
+                                      placeholder="Body of your email"><?php echo htmlentities($message); ?></textarea>
                         </td>
                     </tr>
                 </table>
@@ -531,7 +538,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft"><label for="smtp_server">SMTP Server</label></td>
                             <td class="colrite">
                                 <input type="text" id="smtp_server" name="smtp_server"
-                                       value="<?php echo $smtp_server; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($smtp_server); ?>" style="width:95%;"
                                        placeholder="smtp.server.com">
                             </td>
                         </tr>
@@ -539,7 +546,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft" style="width: 5em;"><label for="smtp_port">SMTP Port</label></td>
                             <td class="colrite">
                                 <input type="text" name="smtp_port" id="smtp_port" size="3"
-                                       value="<?php echo $smtp_port; ?>" placeholder="Port">
+                                       value="<?php echo htmlentities($smtp_port); ?>" placeholder="Port">
                             </td>
                         </tr>
                         <tr>
@@ -560,14 +567,14 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
 <?php if ($smtp_authenticate != '') {
     echo "checked";
 } ?>
-                                       value="<?php echo $smtp_authenticate; ?>">
+                                       value="true">
                             </td>
                         </tr>
                         <tr>
                             <td class="colleft"><label for="authenticate_username">Authenticate Username</label></td>
                             <td class="colrite">
                                 <input type="text" id="authenticate_username" name="authenticate_username"
-                                       value="<?php echo $authenticate_username; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($authenticate_username); ?>" style="width:95%;"
                                        placeholder="SMTP Server Username">
                             </td>
                         </tr>
@@ -575,7 +582,7 @@ if (isset($_POST["submit"]) && $_POST["submit"] == "Submit") {
                             <td class="colleft"><label for="authenticate_password">Authenticate Password</label></td>
                             <td class="colrite">
                                 <input type="password" name="authenticate_password" id="authenticate_password"
-                                       value="<?php echo $authenticate_password; ?>" style="width:95%;"
+                                       value="<?php echo htmlentities($authenticate_password); ?>" style="width:95%;"
                                        placeholder="SMTP Server Password">
                             </td>
                         </tr>
diff --git a/plugin/PHPMailer/examples/gmail.phps b/plugin/PHPMailer/examples/gmail.phps
index b3cc02d53..121ca70a2 100644
--- a/plugin/PHPMailer/examples/gmail.phps
+++ b/plugin/PHPMailer/examples/gmail.phps
@@ -1,6 +1,7 @@
 <?php
 /**
  * This example shows settings to use when sending via Google's Gmail servers.
+ * The IMAP section shows how to save this message to the 'Sent Mail' folder using IMAP commands.
  */
 
 //SMTP needs accurate times, and the PHP time zone MUST be set
@@ -72,4 +73,27 @@ if (!$mail->send()) {
     echo "Mailer Error: " . $mail->ErrorInfo;
 } else {
     echo "Message sent!";
+    //Section 2: IMAP
+    //Uncomment these to save your message in the 'Sent Mail' folder.
+    #if (save_mail($mail)) {
+    #    echo "Message saved!";
+    #}
+}
+
+//Section 2: IMAP
+//IMAP commands requires the PHP IMAP Extension, found at: https://php.net/manual/en/imap.setup.php
+//Function to call which uses the PHP imap_*() functions to save messages: https://php.net/manual/en/book.imap.php
+//You can use imap_getmailboxes($imapStream, '/imap/ssl') to get a list of available folders or labels, this can
+//be useful if you are trying to get this working on a non-Gmail IMAP server.
+function save_mail($mail) {
+    //You can change 'Sent Mail' to any other folder or tag
+    $path = "{imap.gmail.com:993/imap/ssl}[Gmail]/Sent Mail";
+
+    //Tell your server to open an IMAP connection using the same username and password as you used for SMTP
+    $imapStream = imap_open($path, $mail->Username, $mail->Password);
+
+    $result = imap_append($imapStream, $path, $mail->getSentMIMEMessage());
+    imap_close($imapStream);
+
+    return $result;
 }
diff --git a/plugin/PHPMailer/examples/gmail_xoauth.phps b/plugin/PHPMailer/examples/gmail_xoauth.phps
index d64483a4d..2aec1814d 100644
--- a/plugin/PHPMailer/examples/gmail_xoauth.phps
+++ b/plugin/PHPMailer/examples/gmail_xoauth.phps
@@ -43,8 +43,8 @@ $mail->SMTPAuth = true;
 //Set AuthType
 $mail->AuthType = 'XOAUTH2';
 
-//User Email to use for SMTP authentication - Use the same Email used in Google Developer Console
-$mail->oauthUserEmail = "someone@gmail.com";
+//User Email to use for SMTP authentication - user who gave consent to our app
+$mail->oauthUserEmail = "from@gmail.com";
 
 //Obtained From Google Developer Console
 $mail->oauthClientId = "RANDOMCHARS-----duv1n2.apps.googleusercontent.com";
diff --git a/plugin/PHPMailer/extras/README.md b/plugin/PHPMailer/extras/README.md
index dac79e05f..df8ca0925 100644
--- a/plugin/PHPMailer/extras/README.md
+++ b/plugin/PHPMailer/extras/README.md
@@ -1,17 +1,17 @@
-#PHPMailer Extras
+# PHPMailer Extras
 
 These classes provide optional additional functions to PHPMailer.
 
 These are not loaded by the PHPMailer autoloader, so in some cases you may need to `require` them yourself before using them.
 
-##EasyPeasyICS
+## EasyPeasyICS
 
 This class was originally written by Manuel Reinhard and provides a simple means of generating ICS/vCal files that are used in sending calendar events. PHPMailer does not use it directly, but you can use it to generate content appropriate for placing in the `Ical` property of PHPMailer. The PHPMailer project is now its official home as Manuel has given permission for that and is no longer maintaining it himself.
 
-##htmlfilter
+## htmlfilter
 
 This class by Konstantin Riabitsev and Jim Jagielski implements HTML filtering to remove potentially malicious tags, such as `<script>` or `onclick=` attributes that can result in XSS attacks. This is a simple filter and is not as comprehensive as [HTMLawed](http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/) or [HTMLPurifier](http://htmlpurifier.org), but it's easier to use and considerably better than nothing! PHPMailer does not use it directly, but you may want to apply it to user-supplied HTML before using it as a message body.
 
-##NTLM_SASL_client
+## NTLM_SASL_client
 
 This class by Manuel Lemos (bundled with permission) adds the ability to authenticate with Microsoft Windows mail servers that use NTLM-based authentication. It is used by PHPMailer if you send via SMTP and set the `AuthType` property to `NTLM`; you will also need to use the `Realm` and `Workstation` properties. The original source is [here](http://www.phpclasses.org/browse/file/7495.html).
diff --git a/plugin/PHPMailer/extras/htmlfilter.php b/plugin/PHPMailer/extras/htmlfilter.php
index a86ef579d..b4b2d878a 100644
--- a/plugin/PHPMailer/extras/htmlfilter.php
+++ b/plugin/PHPMailer/extras/htmlfilter.php
@@ -44,9 +44,9 @@ function tln_tagprint($tagname, $attary, $tagtype)
         $fulltag = '</' . $tagname . '>';
     } else {
         $fulltag = '<' . $tagname;
-        if (is_array($attary) && sizeof($attary)) {
+        if (is_array($attary) && count($attary)) {
             $atts = array();
-            while (list($attname, $attvalue) = each($attary)) {
+            foreach($attary as $attname => $attvalue) {
                 array_push($atts, "$attname=$attvalue");
             }
             $fulltag .= ' ' . join(' ', $atts);
@@ -84,7 +84,7 @@ function tln_casenormalize(&$val)
 function tln_skipspace($body, $offset)
 {
     preg_match('/^(\s*)/s', substr($body, $offset), $matches);
-    if (sizeof($matches[1])) {
+    if (count($matches[1])) {
         $count = strlen($matches[1]);
         $offset += $count;
     }
@@ -439,9 +439,9 @@ function tln_getnxtag($body, $offset)
 function tln_deent(&$attvalue, $regex, $hex = false)
 {
     preg_match_all($regex, $attvalue, $matches);
-    if (is_array($matches) && sizeof($matches[0]) > 0) {
+    if (is_array($matches) && count($matches[0]) > 0) {
         $repl = array();
-        for ($i = 0; $i < sizeof($matches[0]); $i++) {
+        for ($i = 0; $i < count($matches[0]); $i++) {
             $numval = $matches[1][$i];
             if ($hex) {
                 $numval = hexdec($numval);
@@ -520,7 +520,7 @@ function tln_fixatts(
     $trans_image_path,
     $block_external_images
 ) {
-    while (list($attname, $attvalue) = each($attary)) {
+    foreach($attary as $attname => $attvalue) {
         /**
          * See if this attribute should be removed.
          */
@@ -794,7 +794,7 @@ function tln_body2div($attary, $trans_image_path)
     $text = '#000000';
     $has_bgc_stl = $has_txt_stl = false;
     $styledef = '';
-    if (is_array($attary) && sizeof($attary) > 0){
+    if (is_array($attary) && count($attary) > 0){
         foreach ($attary as $attname=>$attvalue){
             $quotchar = substr($attvalue, 0, 1);
             $attvalue = str_replace($quotchar, "", $attvalue);
@@ -970,7 +970,7 @@ function tln_sanitize(
                             /**
                              * This is where we run other checks.
                              */
-                            if (is_array($attary) && sizeof($attary) > 0) {
+                            if (is_array($attary) && count($attary) > 0) {
                                 $attary = tln_fixatts(
                                     $tagname,
                                     $attary,
diff --git a/plugin/PHPMailer/language/phpmailer.lang-ba.php b/plugin/PHPMailer/language/phpmailer.lang-ba.php
new file mode 100644
index 000000000..095dee3e2
--- /dev/null
+++ b/plugin/PHPMailer/language/phpmailer.lang-ba.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bosnian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Ermin Islamagić <ermin@islamagic.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
+$PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';
\ No newline at end of file
diff --git a/plugin/PHPMailer/language/phpmailer.lang-cs.php b/plugin/PHPMailer/language/phpmailer.lang-cs.php
index 8cb1a3d80..1160cf0cc 100644
--- a/plugin/PHPMailer/language/phpmailer.lang-cs.php
+++ b/plugin/PHPMailer/language/phpmailer.lang-cs.php
@@ -22,4 +22,4 @@ $PHPMAILER_LANG['signing']              = 'Chyba přihlašování: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() selhal.';
 $PHPMAILER_LANG['smtp_error']           = 'Chyba SMTP serveru: ';
 $PHPMAILER_LANG['variable_set']         = 'Nelze nastavit nebo změnit proměnnou: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Chybí rozšíření: ';
diff --git a/plugin/PHPMailer/language/phpmailer.lang-nb.php b/plugin/PHPMailer/language/phpmailer.lang-nb.php
index 383dd5165..446105422 100644
--- a/plugin/PHPMailer/language/phpmailer.lang-nb.php
+++ b/plugin/PHPMailer/language/phpmailer.lang-nb.php
@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';
diff --git a/plugin/PHPMailer/language/phpmailer.lang-pt_br.php b/plugin/PHPMailer/language/phpmailer.lang-pt_br.php
index fecbbe346..4ec10f777 100644
--- a/plugin/PHPMailer/language/phpmailer.lang-pt_br.php
+++ b/plugin/PHPMailer/language/phpmailer.lang-pt_br.php
@@ -5,6 +5,7 @@
  * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
  * @author Lucas Guimarães <lucas@lucasguimaraes.com>
  * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
+ * @author Fabio Beneditto <fabiobeneditto@gmail.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';
diff --git a/plugin/PHPMailer/language/phpmailer.lang-rs.php b/plugin/PHPMailer/language/phpmailer.lang-rs.php
new file mode 100644
index 000000000..0502f0214
--- /dev/null
+++ b/plugin/PHPMailer/language/phpmailer.lang-rs.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Serbian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Александар Јевремовић <ajevremovic@gmail.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP грешка: аутентификација није успела.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP грешка: није могуће повезивање са SMTP сервером.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP грешка: подаци нису прихваћени.';
+$PHPMAILER_LANG['empty_message']        = 'Садржај поруке је празан.';
+$PHPMAILER_LANG['encoding']             = 'Непознато кодовање: ';
+$PHPMAILER_LANG['execute']              = 'Није могуће извршити наредбу: ';
+$PHPMAILER_LANG['file_access']          = 'Није могуће приступити датотеци: ';
+$PHPMAILER_LANG['file_open']            = 'Није могуће отворити датотеку: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP грешка: слање са следећих адреса није успело: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP грешка: слање на следеће адресе није успело: ';
+$PHPMAILER_LANG['instantiate']          = 'Није могуће покренути mail функцију.';
+$PHPMAILER_LANG['invalid_address']      = 'Порука није послата због неисправне адресе: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' мејлер није подржан.';
+$PHPMAILER_LANG['provide_address']      = 'Потребно је задати најмање једну адресу.';
+$PHPMAILER_LANG['signing']              = 'Грешка приликом пријављивања: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
+$PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
+$PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';
diff --git a/plugin/PHPMailer/language/phpmailer.lang-tr.php b/plugin/PHPMailer/language/phpmailer.lang-tr.php
index 323fb4b5f..cfe8eaae2 100644
--- a/plugin/PHPMailer/language/phpmailer.lang-tr.php
+++ b/plugin/PHPMailer/language/phpmailer.lang-tr.php
@@ -6,6 +6,7 @@
  * @author Can Yılmaz
  * @author Mehmet Benlioğlu
  * @author @yasinaydin
+ * @author Ogün Karakuş
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';
diff --git a/plugin/PHPMailer/language/phpmailer.lang-zh_cn.php b/plugin/PHPMailer/language/phpmailer.lang-zh_cn.php
index d85a0b1a7..37537802a 100644
--- a/plugin/PHPMailer/language/phpmailer.lang-zh_cn.php
+++ b/plugin/PHPMailer/language/phpmailer.lang-zh_cn.php
@@ -4,13 +4,14 @@
  * @package PHPMailer
  * @author liqwei <liqwei@liqwei.com>
  * @author young <masxy@foxmail.com>
+ * @author Teddysun <i@teddysun.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';
diff --git a/plugin/browscap/Browscap.php b/plugin/browscap/Browscap.php
index 921cc9449..03c8959c0 100644
--- a/plugin/browscap/Browscap.php
+++ b/plugin/browscap/Browscap.php
@@ -1455,5 +1455,4 @@ class Browscap
 class Exception extends \Exception
 {
     // nothing to do here
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/editor/cheditor5/editor.lib.php b/plugin/editor/cheditor5/editor.lib.php
index bb91e300b..8446e022d 100644
--- a/plugin/editor/cheditor5/editor.lib.php
+++ b/plugin/editor/cheditor5/editor.lib.php
@@ -160,5 +160,4 @@ if(!function_exists('ft_nonce_generate_hash')){
 		}
 		return $o;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/editor/cheditor5/imageUpload/_common.php b/plugin/editor/cheditor5/imageUpload/_common.php
index 6d489dacb..c7f00802e 100644
--- a/plugin/editor/cheditor5/imageUpload/_common.php
+++ b/plugin/editor/cheditor5/imageUpload/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once("../../../../common.php");
-?>
\ No newline at end of file
+include_once("../../../../common.php");
\ No newline at end of file
diff --git a/plugin/editor/cheditor5/imageUpload/config.php b/plugin/editor/cheditor5/imageUpload/config.php
index 16787496a..0f81cdcb8 100644
--- a/plugin/editor/cheditor5/imageUpload/config.php
+++ b/plugin/editor/cheditor5/imageUpload/config.php
@@ -67,7 +67,4 @@ function che_replace_filename($filename){
     $file_arr = explode('_', $filename);
 
     return $file_arr[0].'_'.$passname.'_'.$random_str.'.'.$ext;
-}
-
-// ---------------------------------------------------------------------------
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/editor/cheditor5/imageUpload/delete.php b/plugin/editor/cheditor5/imageUpload/delete.php
index 82e65bedb..d59c4eb39 100644
--- a/plugin/editor/cheditor5/imageUpload/delete.php
+++ b/plugin/editor/cheditor5/imageUpload/delete.php
@@ -48,6 +48,4 @@ if (file_exists($filepath)) {
 	}
 }
 
-echo $r ? true : false;
-
-?>
\ No newline at end of file
+echo $r ? true : false;
\ No newline at end of file
diff --git a/plugin/editor/cheditor5/imageUpload/upload.php b/plugin/editor/cheditor5/imageUpload/upload.php
index 96d7d51ab..0c345ed86 100644
--- a/plugin/editor/cheditor5/imageUpload/upload.php
+++ b/plugin/editor/cheditor5/imageUpload/upload.php
@@ -129,5 +129,4 @@ $rdata = sprintf('{"fileUrl": "%s", "filePath": "%s", "fileName": "%s", "fileSiz
 	$filename,
 	$filesize );
 
-echo $rdata;
-?>
\ No newline at end of file
+echo $rdata;
\ No newline at end of file
diff --git a/plugin/editor/smarteditor2/editor.lib.php b/plugin/editor/smarteditor2/editor.lib.php
index ef11fd9e1..63071be84 100644
--- a/plugin/editor/smarteditor2/editor.lib.php
+++ b/plugin/editor/smarteditor2/editor.lib.php
@@ -168,5 +168,4 @@ if(!function_exists('ft_nonce_generate_hash')){
 		}
 		return $o;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/_common.php b/plugin/editor/smarteditor2/photo_uploader/popup/_common.php
index b13ca6312..3c73f53fe 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/_common.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once("../../../../../common.php");
-?>
\ No newline at end of file
+include_once("../../../../../common.php");
\ No newline at end of file
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/JSON.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/JSON.php
index 8dc8a6f01..31a3fb2c8 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/JSON.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/JSON.php
@@ -169,7 +169,7 @@ class Services_JSON
             return mb_convert_encoding($utf16, 'UTF-8', 'UTF-16');
         }
 
-        $bytes = (ord($utf16{0}) << 8) | ord($utf16{1});
+        $bytes = (ord($utf16[0]) << 8) | ord($utf16[1]);
 
         switch(true) {
             case ((0x7F & $bytes) == $bytes):
@@ -222,17 +222,17 @@ class Services_JSON
             case 2:
                 // return a UTF-16 character from a 2-byte UTF-8 char
                 // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
-                return chr(0x07 & (ord($utf8{0}) >> 2))
-                     . chr((0xC0 & (ord($utf8{0}) << 6))
-                         | (0x3F & ord($utf8{1})));
+                return chr(0x07 & (ord($utf8[0]) >> 2))
+                     . chr((0xC0 & (ord($utf8[0]) << 6))
+                         | (0x3F & ord($utf8[1])));
 
             case 3:
                 // return a UTF-16 character from a 3-byte UTF-8 char
                 // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
-                return chr((0xF0 & (ord($utf8{0}) << 4))
-                         | (0x0F & (ord($utf8{1}) >> 2)))
-                     . chr((0xC0 & (ord($utf8{1}) << 6))
-                         | (0x7F & ord($utf8{2})));
+                return chr((0xF0 & (ord($utf8[0]) << 4))
+                         | (0x0F & (ord($utf8[1]) >> 2)))
+                     . chr((0xC0 & (ord($utf8[1]) << 6))
+                         | (0x7F & ord($utf8[2])));
         }
 
         // ignoring UTF-32 for now, sorry
@@ -454,7 +454,7 @@ class Services_JSON
                 */
 
                 // treat as a JSON object
-                if (is_array($var) && count($var) && (array_keys($var) !== range(0, sizeof($var) - 1))) {
+                if (is_array($var) && count($var) && (array_keys($var) !== range(0, count($var) - 1))) {
                     $properties = array_map(array($this, 'name_value'),
                                             array_keys($var),
                                             array_values($var));
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
index 4f98bcfd1..d426df327 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
@@ -185,7 +185,7 @@ class UploadHandler
                 $this->head();
                 break;
             case 'GET':
-                if( $_GET['del'] ){
+                if( isset($_GET['del']) && $_GET['del'] ){
                     $this->delete();
                 } else { 
                     $this->get();
@@ -367,16 +367,19 @@ class UploadHandler
 
     function get_config_bytes($val) {
         $val = trim($val);
-        $last = strtolower($val[strlen($val)-1]);
+        $val_strlen = strlen($val)-1;
+        $last = isset($val[$val_strlen]) ? strtolower($val[$val_strlen]) : '';
+
+        $bytes = (int) preg_replace('/[^0-9]/', '', $val);
         switch($last) {
             case 'g':
-                $val *= 1024;
+                $bytes *= 1024;
             case 'm':
-                $val *= 1024;
+                $bytes *= 1024;
             case 'k':
-                $val *= 1024;
+                $bytes *= 1024;
         }
-        return $this->fix_integer_overflow($val);
+        return $this->fix_integer_overflow($bytes);
     }
 
     protected function validate($uploaded_file, $file, $error, $index) {
@@ -466,13 +469,14 @@ class UploadHandler
         );
     }
 
-    protected function get_unique_filename($file_path, $name, $size, $type, $error,
-            $index, $content_range) {
+    protected function get_unique_filename($file_path, $name, $size, $type, $error, $index, $content_range) {
         while(is_dir($this->get_upload_path($name))) {
             $name = $this->upcount_name($name);
         }
+
+        $content_range_byte = isset($content_range[1]) ? (int) $content_range[1] : 0;
         // Keep an existing filename if this is part of a chunked upload:
-        $uploaded_bytes = $this->fix_integer_overflow(intval($content_range[1]));
+        $uploaded_bytes = $this->fix_integer_overflow($content_range_byte);
         while(is_file($this->get_upload_path($name))) {
             if ($uploaded_bytes === $this->get_file_size(
                     $this->get_upload_path($name))) {
@@ -483,8 +487,7 @@ class UploadHandler
         return $name;
     }
 
-    protected function trim_file_name($file_path, $name, $size, $type, $error,
-            $index, $content_range) {
+    protected function trim_file_name($file_path, $name, $size, $type, $error, $index, $content_range) {
         // Remove path information and dots around the filename, to prevent uploading
         // into different directories or replacing hidden system files.
         // Also remove control characters and spaces (\x00..\x20) around the filename:
@@ -498,7 +501,7 @@ class UploadHandler
                 preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
             $name .= '.'.$matches[1];
         }
-        if (function_exists('exif_imagetype')) {
+        if (function_exists('exif_imagetype') && $file_path) {
             switch(@exif_imagetype($file_path)){
                 case IMAGETYPE_JPEG:
                     $extensions = array('jpg', 'jpeg');
@@ -524,12 +527,10 @@ class UploadHandler
         return $name;
     }
 
-    protected function get_file_name($file_path, $name, $size, $type, $error,
-            $index, $content_range) {
+    protected function get_file_name($file_path, $name, $size, $type, $error, $index, $content_range) {
         return $this->get_unique_filename(
             $file_path,
-            $this->trim_file_name($file_path, $name, $size, $type, $error,
-                $index, $content_range),
+            $this->trim_file_name($file_path, $name, $size, $type, $error, $index, $content_range),
             $size,
             $type,
             $error,
@@ -1066,6 +1067,8 @@ class UploadHandler
 
     protected function reprocessImage($file_path, $callback)
     {
+        if( ! $file_path ) return;
+
         // Extracting mime type using getimagesize
         try {
             $image_info = getimagesize($file_path);
@@ -1106,11 +1109,9 @@ class UploadHandler
         return true;
     }
 
-    protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
-            $index = null, $content_range = null) {
+    protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null) {
         $file = new \stdClass();
-        $file->oriname = $this->get_file_name($uploaded_file, $name, $size, $type, $error,
-            $index, $content_range);
+        $file->oriname = $this->get_file_name($uploaded_file, $name, $size, $type, $error, $index, $content_range);
         
         $filename_ext = pathinfo($name, PATHINFO_EXTENSION);
         $file->name = $this->get_file_passname().'_'.str_replace(".", "_", $this->get_microtime()).".".$filename_ext;
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/_common.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/_common.php
index 03a15a0b2..855b122e7 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/_common.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once("../../../../../../common.php");
-?>
\ No newline at end of file
+include_once("../../../../../../common.php");
\ No newline at end of file
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
index ddd639808..510ac0f24 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
@@ -10,9 +10,9 @@
  * http://www.opensource.org/licenses/MIT
  */
 include_once("./_common.php");
-@include_once("./JSON.php");
 
 if( !function_exists('json_encode') ) {
+    @include_once("./JSON.php");
     function json_encode($data) {
         $json = new Services_JSON();
         return( $json->encode($data) );
diff --git a/plugin/htmlpurifier/HTMLPurifier.standalone.php b/plugin/htmlpurifier/HTMLPurifier.standalone.php
index 754d69381..6e9db001f 100644
--- a/plugin/htmlpurifier/HTMLPurifier.standalone.php
+++ b/plugin/htmlpurifier/HTMLPurifier.standalone.php
@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.9.3
+ * @version 4.13.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,
@@ -39,7 +39,7 @@
  */
 
 /*
-    HTML Purifier 4.9.3 - Standards Compliant HTML Filtering
+    HTML Purifier 4.13.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -78,12 +78,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.9.3';
+    public $version = '4.13.0';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.9.3';
+    const VERSION = '4.13.0';
 
     /**
      * Global configuration object.
@@ -260,12 +260,17 @@ class HTMLPurifier
     public function purifyArray($array_of_html, $config = null)
     {
         $context_array = array();
-        foreach ($array_of_html as $key => $html) {
-            $array_of_html[$key] = $this->purify($html, $config);
+        $array = array();
+        foreach($array_of_html as $key=>$value){
+            if (is_array($value)) {
+                $array[$key] = $this->purifyArray($value, $config);
+            } else {
+                $array[$key] = $this->purify($value, $config);
+            }
             $context_array[$key] = $this->context;
         }
         $this->context = $context_array;
-        return $array_of_html;
+        return $array;
     }
 
     /**
@@ -1418,15 +1423,25 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             array(
                 new HTMLPurifier_AttrDef_CSS_Length('0'),
                 new HTMLPurifier_AttrDef_CSS_Percentage(true),
-                new HTMLPurifier_AttrDef_Enum(array('auto'))
+                new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit'))
+            )
+        );
+        $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
+            array(
+                new HTMLPurifier_AttrDef_CSS_Length('0'),
+                new HTMLPurifier_AttrDef_CSS_Percentage(true),
+                new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+            )
+        );
+        $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
+            array(
+                new HTMLPurifier_AttrDef_CSS_Length('0'),
+                new HTMLPurifier_AttrDef_CSS_Percentage(true),
+                new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
             )
         );
         $max = $config->get('CSS.MaxImgLength');
 
-        $this->info['min-width'] =
-        $this->info['max-width'] =
-        $this->info['min-height'] =
-        $this->info['max-height'] =
         $this->info['width'] =
         $this->info['height'] =
             $max === null ?
@@ -1443,6 +1458,38 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                     // For everyone else:
                     $trusted_wh
                 );
+        $this->info['min-width'] =
+        $this->info['min-height'] =
+            $max === null ?
+                $trusted_min_wh :
+                new HTMLPurifier_AttrDef_Switch(
+                    'img',
+                    // For img tags:
+                    new HTMLPurifier_AttrDef_CSS_Composite(
+                        array(
+                            new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+                            new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+                        )
+                    ),
+                    // For everyone else:
+                    $trusted_min_wh
+                );
+        $this->info['max-width'] =
+        $this->info['max-height'] =
+            $max === null ?
+                $trusted_max_wh :
+                new HTMLPurifier_AttrDef_Switch(
+                    'img',
+                    // For img tags:
+                    new HTMLPurifier_AttrDef_CSS_Composite(
+                        array(
+                            new HTMLPurifier_AttrDef_CSS_Length('0', $max),
+                            new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
+                        )
+                    ),
+                    // For everyone else:
+                    $trusted_max_wh
+                );
 
         $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
 
@@ -1764,7 +1811,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.9.3';
+    public $version = '4.13.0';
 
     /**
      * Whether or not to automatically finalize
@@ -2151,7 +2198,7 @@ class HTMLPurifier_Config
      *             maybeGetRawHTMLDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_HTMLDefinition
+     * @return HTMLPurifier_HTMLDefinition|null
      */
     public function getHTMLDefinition($raw = false, $optimized = false)
     {
@@ -2170,7 +2217,7 @@ class HTMLPurifier_Config
      *             maybeGetRawCSSDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_CSSDefinition
+     * @return HTMLPurifier_CSSDefinition|null
      */
     public function getCSSDefinition($raw = false, $optimized = false)
     {
@@ -2189,7 +2236,7 @@ class HTMLPurifier_Config
      *             maybeGetRawURIDefinition, which is more explicitly
      *             named, instead.
      *
-     * @return HTMLPurifier_URIDefinition
+     * @return HTMLPurifier_URIDefinition|null
      */
     public function getURIDefinition($raw = false, $optimized = false)
     {
@@ -2211,7 +2258,7 @@ class HTMLPurifier_Config
      *        maybe semantics is the "right thing to do."
      *
      * @throws HTMLPurifier_Exception
-     * @return HTMLPurifier_Definition
+     * @return HTMLPurifier_Definition|null
      */
     public function getDefinition($type, $raw = false, $optimized = false)
     {
@@ -2390,7 +2437,7 @@ class HTMLPurifier_Config
     }
 
     /**
-     * @return HTMLPurifier_HTMLDefinition
+     * @return HTMLPurifier_HTMLDefinition|null
      */
     public function maybeGetRawHTMLDefinition()
     {
@@ -2398,7 +2445,7 @@ class HTMLPurifier_Config
     }
     
     /**
-     * @return HTMLPurifier_CSSDefinition
+     * @return HTMLPurifier_CSSDefinition|null
      */
     public function maybeGetRawCSSDefinition()
     {
@@ -2406,7 +2453,7 @@ class HTMLPurifier_Config
     }
     
     /**
-     * @return HTMLPurifier_URIDefinition
+     * @return HTMLPurifier_URIDefinition|null
      */
     public function maybeGetRawURIDefinition()
     {
@@ -2633,7 +2680,7 @@ class HTMLPurifier_Config
             // zip(tail(trace), trace) -- but PHP is not Haskell har har
             for ($i = 0, $c = count($trace); $i < $c - 1; $i++) {
                 // XXX this is not correct on some versions of HTML Purifier
-                if ($trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
+                if (isset($trace[$i + 1]['class']) && $trace[$i + 1]['class'] === 'HTMLPurifier_Config') {
                     continue;
                 }
                 $frame = $trace[$i];
@@ -2764,7 +2811,7 @@ class HTMLPurifier_ConfigSchema
      * @param string $key Name of directive
      * @param mixed $default Default value of directive
      * @param string $type Allowed type of the directive. See
-     *      HTMLPurifier_DirectiveDef::$type for allowed values
+     *      HTMLPurifier_VarParser::$types for allowed values
      * @param bool $allow_null Whether or not to allow null values
      */
     public function add($key, $default, $type, $allow_null)
@@ -3938,7 +3985,7 @@ class HTMLPurifier_Encoder
 
         $len = strlen($str);
         for ($i = 0; $i < $len; $i++) {
-            $in = ord($str{$i});
+            $in = ord($str[$i]);
             $char .= $str[$i]; // append byte to char
             if (0 == $mState) {
                 // When mState is zero we expect either a US-ASCII character
@@ -4564,7 +4611,7 @@ class HTMLPurifier_EntityParser
         $entity = $matches[0];
         $hex_part = @$matches[1];
         $dec_part = @$matches[2];
-        $named_part = empty($matches[3]) ? @$matches[4] : $matches[3];
+        $named_part = empty($matches[3]) ? (empty($matches[4]) ? "" : $matches[4]) : $matches[3];
         if ($hex_part !== NULL && $hex_part !== "") {
             return HTMLPurifier_Encoder::unichr(hexdec($hex_part));
         } elseif ($dec_part !== NULL && $dec_part !== "") {
@@ -6035,9 +6082,9 @@ class HTMLPurifier_HTMLModule
      * @param string $element Name of element to add
      * @param string|bool $type What content set should element be registered to?
      *              Set as false to skip this step.
-     * @param string $contents Allowed children in form of:
+     * @param string|HTMLPurifier_ChildDef $contents Allowed children in form of:
      *              "$content_model_type: $content_model"
-     * @param array $attr_includes What attribute collections to register to
+     * @param array|string $attr_includes What attribute collections to register to
      *              element?
      * @param array $attr What unique attributes does the element define?
      * @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters.
@@ -6871,11 +6918,13 @@ abstract class HTMLPurifier_Injector
             return false;
         }
         // check for exclusion
-        for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
-            $node = $this->currentNesting[$i];
-            $def  = $this->htmlDefinition->info[$node->name];
-            if (isset($def->excludes[$name])) {
-                return false;
+        if (!empty($this->currentNesting)) {
+            for ($i = count($this->currentNesting) - 2; $i >= 0; $i--) {
+                $node = $this->currentNesting[$i];
+                $def  = $this->htmlDefinition->info[$node->name];
+                if (isset($def->excludes[$name])) {
+                    return false;
+                }
             }
         }
         return true;
@@ -7437,12 +7486,14 @@ class HTMLPurifier_Length
     protected $isValid;
 
     /**
-     * Array Lookup array of units recognized by CSS 2.1
+     * Array Lookup array of units recognized by CSS 3
      * @type array
      */
     protected static $allowedUnits = array(
         'em' => true, 'ex' => true, 'px' => true, 'in' => true,
-        'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true
+        'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true,
+        'ch' => true, 'rem' => true, 'vw' => true, 'vh' => true,
+        'vmin' => true, 'vmax' => true
     );
 
     /**
@@ -9887,34 +9938,34 @@ class HTMLPurifier_UnitConverter
 class HTMLPurifier_VarParser
 {
 
-    const STRING = 1;
+    const C_STRING = 1;
     const ISTRING = 2;
     const TEXT = 3;
     const ITEXT = 4;
-    const INT = 5;
-    const FLOAT = 6;
-    const BOOL = 7;
+    const C_INT = 5;
+    const C_FLOAT = 6;
+    const C_BOOL = 7;
     const LOOKUP = 8;
     const ALIST = 9;
     const HASH = 10;
-    const MIXED = 11;
+    const C_MIXED = 11;
 
     /**
      * Lookup table of allowed types. Mainly for backwards compatibility, but
      * also convenient for transforming string type names to the integer constants.
      */
     public static $types = array(
-        'string' => self::STRING,
+        'string' => self::C_STRING,
         'istring' => self::ISTRING,
         'text' => self::TEXT,
         'itext' => self::ITEXT,
-        'int' => self::INT,
-        'float' => self::FLOAT,
-        'bool' => self::BOOL,
+        'int' => self::C_INT,
+        'float' => self::C_FLOAT,
+        'bool' => self::C_BOOL,
         'lookup' => self::LOOKUP,
         'list' => self::ALIST,
         'hash' => self::HASH,
-        'mixed' => self::MIXED
+        'mixed' => self::C_MIXED
     );
 
     /**
@@ -9922,7 +9973,7 @@ class HTMLPurifier_VarParser
      * allowed value lists.
      */
     public static $stringTypes = array(
-        self::STRING => true,
+        self::C_STRING => true,
         self::ISTRING => true,
         self::TEXT => true,
         self::ITEXT => true,
@@ -9954,7 +10005,7 @@ class HTMLPurifier_VarParser
         // These are basic checks, to make sure nothing horribly wrong
         // happened in our implementations.
         switch ($type) {
-            case (self::STRING):
+            case (self::C_STRING):
             case (self::ISTRING):
             case (self::TEXT):
             case (self::ITEXT):
@@ -9965,17 +10016,17 @@ class HTMLPurifier_VarParser
                     $var = strtolower($var);
                 }
                 return $var;
-            case (self::INT):
+            case (self::C_INT):
                 if (!is_int($var)) {
                     break;
                 }
                 return $var;
-            case (self::FLOAT):
+            case (self::C_FLOAT):
                 if (!is_float($var)) {
                     break;
                 }
                 return $var;
-            case (self::BOOL):
+            case (self::C_BOOL):
                 if (!is_bool($var)) {
                     break;
                 }
@@ -9999,7 +10050,7 @@ class HTMLPurifier_VarParser
                     }
                 }
                 return $var;
-            case (self::MIXED):
+            case (self::C_MIXED):
                 return $var;
             default:
                 $this->errorInconsistent(get_class($this), $type);
@@ -10941,7 +10992,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
             return false;
         }
 
-        $left = ltrim($left, '0');
+        // Remove leading zeros until positive number or a zero stays left
+        if (ltrim($left, '0') != '') {
+            $left = ltrim($left, '0');
+        } else {
+            $left = '0';
+        }
+
         $right = rtrim($right, '0');
 
         if ($right === '') {
@@ -12590,7 +12647,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
 {
 
     /**
-     * @type bool
+     * @type string
      */
     protected $name;
 
@@ -12600,7 +12657,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
     public $minimized = true;
 
     /**
-     * @param bool $name
+     * @param bool|string $name
      */
     public function __construct($name = false)
     {
@@ -13343,7 +13400,11 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
 
         // PHP 5.3 and later support this functionality natively
         if (function_exists('idn_to_ascii')) {
-            $string = idn_to_ascii($string);
+            if (defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46')) {
+                $string = idn_to_ascii($string, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
+            } else {
+                $string = idn_to_ascii($string);
+            }
 
         // If we have Net_IDNA2 support, we can support IRIs by
         // punycoding them. (This is the most portable thing to do,
@@ -14577,7 +14638,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
     protected function _compileRegex()
     {
         $raw = str_replace(' ', '', $this->dtd_regex);
-        if ($raw{0} != '(') {
+        if ($raw[0] != '(') {
             $raw = "($raw)";
         }
         $el = '[#a-zA-Z0-9_.-]+';
@@ -15675,9 +15736,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
         $directory = $this->generateDirectoryPath($config);
         $chmod = $config->get('Cache.SerializerPermissions');
         if ($chmod === null) {
-            // TODO: This races
-            if (is_dir($directory)) return true;
-            return mkdir($directory);
+            if (!@mkdir($directory) && !is_dir($directory)) {
+                trigger_error(
+                    'Could not create directory ' . $directory . '',
+                    E_USER_WARNING
+                );
+                return false;
+            }
+            return true;
         }
         if (!is_dir($directory)) {
             $base = $this->generateBaseDirectoryPath($config);
@@ -15691,7 +15757,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
             } elseif (!$this->_testPermissions($base, $chmod)) {
                 return false;
             }
-            if (!mkdir($directory, $chmod)) {
+            if (!@mkdir($directory, $chmod) && !is_dir($directory)) {
                 trigger_error(
                     'Could not create directory ' . $directory . '',
                     E_USER_WARNING
@@ -16091,6 +16157,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
      */
     public function setup($config)
     {
+        if ($config->get('HTML.Forms')) {
+            $this->safe = true;
+        }
+
         $form = $this->addElement(
             'form',
             'Form',
@@ -17021,13 +17091,13 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
         $script = $this->addElement(
             'script',
             'Inline',
-            'Empty',
+            'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html
             null,
             array(
                 // While technically not required by the spec, we're forcing
                 // it to this value.
                 'type' => 'Enum#text/javascript',
-                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+                'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
             )
         );
         $script->attr_transform_pre[] =
@@ -17826,6 +17896,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
 
         // @bgcolor for table, tr, td, th ---------------------------------
         $r['table@bgcolor'] =
+        $r['tr@bgcolor'] =
         $r['td@bgcolor'] =
         $r['th@bgcolor'] =
             new HTMLPurifier_AttrTransform_BgColor();
@@ -18924,8 +18995,18 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
         $doc = new DOMDocument();
         $doc->encoding = 'UTF-8'; // theoretically, the above has this covered
 
+        $options = 0;
+        if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
+            $options |= LIBXML_PARSEHUGE;
+        }
+
         set_error_handler(array($this, 'muteErrorHandler'));
-        $doc->loadHTML($html);
+        // loadHTML() fails on PHP 5.3 when second parameter is given
+        if ($options) {
+            $doc->loadHTML($html, $options);
+        } else {
+            $doc->loadHTML($html);
+        }
         restore_error_handler();
 
         $body = $doc->getElementsByTagName('html')->item(0)-> // <html>
@@ -18982,6 +19063,41 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
         } while ($level > 0);
     }
 
+    /**
+     * Portably retrieve the tag name of a node; deals with older versions
+     * of libxml like 2.7.6
+     * @param DOMNode $node
+     */
+    protected function getTagName($node)
+    {
+        if (isset($node->tagName)) {
+            return $node->tagName;
+        } else if (isset($node->nodeName)) {
+            return $node->nodeName;
+        } else if (isset($node->localName)) {
+            return $node->localName;
+        }
+        return null;
+    }
+
+    /**
+     * Portably retrieve the data of a node; deals with older versions
+     * of libxml like 2.7.6
+     * @param DOMNode $node
+     */
+    protected function getData($node)
+    {
+        if (isset($node->data)) {
+            return $node->data;
+        } else if (isset($node->nodeValue)) {
+            return $node->nodeValue;
+        } else if (isset($node->textContent)) {
+            return $node->textContent;
+        }
+        return null;
+    }
+
+
     /**
      * @param DOMNode $node DOMNode to be tokenized.
      * @param HTMLPurifier_Token[] $tokens   Array-list of already tokenized tokens.
@@ -18997,7 +19113,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
         // but we're not getting the character reference nodes because
         // those should have been preprocessed
         if ($node->nodeType === XML_TEXT_NODE) {
-            $tokens[] = $this->factory->createText($node->data);
+            $data = $this->getData($node); // Handle variable data property
+            if ($data !== null) {
+              $tokens[] = $this->factory->createText($data);
+            }
             return false;
         } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) {
             // undo libxml's special treatment of <script> and <style> tags
@@ -19027,21 +19146,20 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
             // not-well tested: there may be other nodes we have to grab
             return false;
         }
-
         $attr = $node->hasAttributes() ? $this->transformAttrToAssoc($node->attributes) : array();
-
+        $tag_name = $this->getTagName($node); // Handle variable tagName property
+        if (empty($tag_name)) {
+            return (bool) $node->childNodes->length;
+        }
         // We still have to make sure that the element actually IS empty
         if (!$node->childNodes->length) {
             if ($collect) {
-                $tokens[] = $this->factory->createEmpty($node->tagName, $attr);
+                $tokens[] = $this->factory->createEmpty($tag_name, $attr);
             }
             return false;
         } else {
             if ($collect) {
-                $tokens[] = $this->factory->createStart(
-                    $tag_name = $node->tagName, // somehow, it get's dropped
-                    $attr
-                );
+                $tokens[] = $this->factory->createStart($tag_name, $attr);
             }
             return true;
         }
@@ -19053,10 +19171,10 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
      */
     protected function createEndNode($node, &$tokens)
     {
-        $tokens[] = $this->factory->createEnd($node->tagName);
+        $tag_name = $this->getTagName($node); // Handle variable tagName property
+        $tokens[] = $this->factory->createEnd($tag_name);
     }
 
-
     /**
      * Converts a DOMNamedNodeMap of DOMAttr objects into an assoc array.
      *
@@ -21060,7 +21178,7 @@ class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform
         if (isset($attr['size'])) {
             // normalize large numbers
             if ($attr['size'] !== '') {
-                if ($attr['size']{0} == '+' || $attr['size']{0} == '-') {
+                if ($attr['size'][0] == '+' || $attr['size'][0] == '-') {
                     $size = (int)$attr['size'];
                     if ($size < -2) {
                         $attr['size'] = '-2';
@@ -22331,23 +22449,23 @@ class HTMLPurifier_VarParser_Flexible extends HTMLPurifier_VarParser
             // Note: if code "breaks" from the switch, it triggers a generic
             // exception to be thrown. Specific errors can be specifically
             // done here.
-            case self::MIXED:
+            case self::C_MIXED:
             case self::ISTRING:
-            case self::STRING:
+            case self::C_STRING:
             case self::TEXT:
             case self::ITEXT:
                 return $var;
-            case self::INT:
+            case self::C_INT:
                 if (is_string($var) && ctype_digit($var)) {
                     $var = (int)$var;
                 }
                 return $var;
-            case self::FLOAT:
+            case self::C_FLOAT:
                 if ((is_string($var) && is_numeric($var)) || is_int($var)) {
                     $var = (float)$var;
                 }
                 return $var;
-            case self::BOOL:
+            case self::C_BOOL:
                 if (is_int($var) && ($var === 0 || $var === 1)) {
                     $var = (bool)$var;
                 } elseif (is_string($var)) {
diff --git a/plugin/htmlpurifier/extend.video.php b/plugin/htmlpurifier/extend.video.php
index 24ef7c8de..a18cc7d45 100644
--- a/plugin/htmlpurifier/extend.video.php
+++ b/plugin/htmlpurifier/extend.video.php
@@ -77,5 +77,4 @@ if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
 			}
 		}
 	}
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
index d5906cd46..1174575ea 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
@@ -1,48 +1,48 @@
-<?php
-
-/**
- * Converts HTMLPurifier_ConfigSchema_Interchange to our runtime
- * representation used to perform checks on user configuration.
- */
-class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
-{
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     * @return HTMLPurifier_ConfigSchema
-     */
-    public function build($interchange)
-    {
-        $schema = new HTMLPurifier_ConfigSchema();
-        foreach ($interchange->directives as $d) {
-            $schema->add(
-                $d->id->key,
-                $d->default,
-                $d->type,
-                $d->typeAllowsNull
-            );
-            if ($d->allowed !== null) {
-                $schema->addAllowedValues(
-                    $d->id->key,
-                    $d->allowed
-                );
-            }
-            foreach ($d->aliases as $alias) {
-                $schema->addAlias(
-                    $alias->key,
-                    $d->id->key
-                );
-            }
-            if ($d->valueAliases !== null) {
-                $schema->addValueAliases(
-                    $d->id->key,
-                    $d->valueAliases
-                );
-            }
-        }
-        $schema->postProcess();
-        return $schema;
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Converts HTMLPurifier_ConfigSchema_Interchange to our runtime
+ * representation used to perform checks on user configuration.
+ */
+class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
+{
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @return HTMLPurifier_ConfigSchema
+     */
+    public function build($interchange)
+    {
+        $schema = new HTMLPurifier_ConfigSchema();
+        foreach ($interchange->directives as $d) {
+            $schema->add(
+                $d->id->key,
+                $d->default,
+                $d->type,
+                $d->typeAllowsNull
+            );
+            if ($d->allowed !== null) {
+                $schema->addAllowedValues(
+                    $d->id->key,
+                    $d->allowed
+                );
+            }
+            foreach ($d->aliases as $alias) {
+                $schema->addAlias(
+                    $alias->key,
+                    $d->id->key
+                );
+            }
+            if ($d->valueAliases !== null) {
+                $schema->addValueAliases(
+                    $d->id->key,
+                    $d->valueAliases
+                );
+            }
+        }
+        $schema->postProcess();
+        return $schema;
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
index 5fa56f7dd..0d00bf1d1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Builder/Xml.php
@@ -1,144 +1,144 @@
-<?php
-
-/**
- * Converts HTMLPurifier_ConfigSchema_Interchange to an XML format,
- * which can be further processed to generate documentation.
- */
-class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
-{
-
-    /**
-     * @type HTMLPurifier_ConfigSchema_Interchange
-     */
-    protected $interchange;
-
-    /**
-     * @type string
-     */
-    private $namespace;
-
-    /**
-     * @param string $html
-     */
-    protected function writeHTMLDiv($html)
-    {
-        $this->startElement('div');
-
-        $purifier = HTMLPurifier::getInstance();
-        $html = $purifier->purify($html);
-        $this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
-        $this->writeRaw($html);
-
-        $this->endElement(); // div
-    }
-
-    /**
-     * @param mixed $var
-     * @return string
-     */
-    protected function export($var)
-    {
-        if ($var === array()) {
-            return 'array()';
-        }
-        return var_export($var, true);
-    }
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     */
-    public function build($interchange)
-    {
-        // global access, only use as last resort
-        $this->interchange = $interchange;
-
-        $this->setIndent(true);
-        $this->startDocument('1.0', 'UTF-8');
-        $this->startElement('configdoc');
-        $this->writeElement('title', $interchange->name);
-
-        foreach ($interchange->directives as $directive) {
-            $this->buildDirective($directive);
-        }
-
-        if ($this->namespace) {
-            $this->endElement();
-        } // namespace
-
-        $this->endElement(); // configdoc
-        $this->flush();
-    }
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
-     */
-    public function buildDirective($directive)
-    {
-        // Kludge, although I suppose having a notion of a "root namespace"
-        // certainly makes things look nicer when documentation is built.
-        // Depends on things being sorted.
-        if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
-            if ($this->namespace) {
-                $this->endElement();
-            } // namespace
-            $this->namespace = $directive->id->getRootNamespace();
-            $this->startElement('namespace');
-            $this->writeAttribute('id', $this->namespace);
-            $this->writeElement('name', $this->namespace);
-        }
-
-        $this->startElement('directive');
-        $this->writeAttribute('id', $directive->id->toString());
-
-        $this->writeElement('name', $directive->id->getDirective());
-
-        $this->startElement('aliases');
-        foreach ($directive->aliases as $alias) {
-            $this->writeElement('alias', $alias->toString());
-        }
-        $this->endElement(); // aliases
-
-        $this->startElement('constraints');
-        if ($directive->version) {
-            $this->writeElement('version', $directive->version);
-        }
-        $this->startElement('type');
-        if ($directive->typeAllowsNull) {
-            $this->writeAttribute('allow-null', 'yes');
-        }
-        $this->text($directive->type);
-        $this->endElement(); // type
-        if ($directive->allowed) {
-            $this->startElement('allowed');
-            foreach ($directive->allowed as $value => $x) {
-                $this->writeElement('value', $value);
-            }
-            $this->endElement(); // allowed
-        }
-        $this->writeElement('default', $this->export($directive->default));
-        $this->writeAttribute('xml:space', 'preserve');
-        if ($directive->external) {
-            $this->startElement('external');
-            foreach ($directive->external as $project) {
-                $this->writeElement('project', $project);
-            }
-            $this->endElement();
-        }
-        $this->endElement(); // constraints
-
-        if ($directive->deprecatedVersion) {
-            $this->startElement('deprecated');
-            $this->writeElement('version', $directive->deprecatedVersion);
-            $this->writeElement('use', $directive->deprecatedUse->toString());
-            $this->endElement(); // deprecated
-        }
-
-        $this->startElement('description');
-        $this->writeHTMLDiv($directive->description);
-        $this->endElement(); // description
-
-        $this->endElement(); // directive
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Converts HTMLPurifier_ConfigSchema_Interchange to an XML format,
+ * which can be further processed to generate documentation.
+ */
+class HTMLPurifier_ConfigSchema_Builder_Xml extends XMLWriter
+{
+
+    /**
+     * @type HTMLPurifier_ConfigSchema_Interchange
+     */
+    protected $interchange;
+
+    /**
+     * @type string
+     */
+    private $namespace;
+
+    /**
+     * @param string $html
+     */
+    protected function writeHTMLDiv($html)
+    {
+        $this->startElement('div');
+
+        $purifier = HTMLPurifier::getInstance();
+        $html = $purifier->purify($html);
+        $this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml');
+        $this->writeRaw($html);
+
+        $this->endElement(); // div
+    }
+
+    /**
+     * @param mixed $var
+     * @return string
+     */
+    protected function export($var)
+    {
+        if ($var === array()) {
+            return 'array()';
+        }
+        return var_export($var, true);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     */
+    public function build($interchange)
+    {
+        // global access, only use as last resort
+        $this->interchange = $interchange;
+
+        $this->setIndent(true);
+        $this->startDocument('1.0', 'UTF-8');
+        $this->startElement('configdoc');
+        $this->writeElement('title', $interchange->name);
+
+        foreach ($interchange->directives as $directive) {
+            $this->buildDirective($directive);
+        }
+
+        if ($this->namespace) {
+            $this->endElement();
+        } // namespace
+
+        $this->endElement(); // configdoc
+        $this->flush();
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+     */
+    public function buildDirective($directive)
+    {
+        // Kludge, although I suppose having a notion of a "root namespace"
+        // certainly makes things look nicer when documentation is built.
+        // Depends on things being sorted.
+        if (!$this->namespace || $this->namespace !== $directive->id->getRootNamespace()) {
+            if ($this->namespace) {
+                $this->endElement();
+            } // namespace
+            $this->namespace = $directive->id->getRootNamespace();
+            $this->startElement('namespace');
+            $this->writeAttribute('id', $this->namespace);
+            $this->writeElement('name', $this->namespace);
+        }
+
+        $this->startElement('directive');
+        $this->writeAttribute('id', $directive->id->toString());
+
+        $this->writeElement('name', $directive->id->getDirective());
+
+        $this->startElement('aliases');
+        foreach ($directive->aliases as $alias) {
+            $this->writeElement('alias', $alias->toString());
+        }
+        $this->endElement(); // aliases
+
+        $this->startElement('constraints');
+        if ($directive->version) {
+            $this->writeElement('version', $directive->version);
+        }
+        $this->startElement('type');
+        if ($directive->typeAllowsNull) {
+            $this->writeAttribute('allow-null', 'yes');
+        }
+        $this->text($directive->type);
+        $this->endElement(); // type
+        if ($directive->allowed) {
+            $this->startElement('allowed');
+            foreach ($directive->allowed as $value => $x) {
+                $this->writeElement('value', $value);
+            }
+            $this->endElement(); // allowed
+        }
+        $this->writeElement('default', $this->export($directive->default));
+        $this->writeAttribute('xml:space', 'preserve');
+        if ($directive->external) {
+            $this->startElement('external');
+            foreach ($directive->external as $project) {
+                $this->writeElement('project', $project);
+            }
+            $this->endElement();
+        }
+        $this->endElement(); // constraints
+
+        if ($directive->deprecatedVersion) {
+            $this->startElement('deprecated');
+            $this->writeElement('version', $directive->deprecatedVersion);
+            $this->writeElement('use', $directive->deprecatedUse->toString());
+            $this->endElement(); // deprecated
+        }
+
+        $this->startElement('description');
+        $this->writeHTMLDiv($directive->description);
+        $this->endElement(); // description
+
+        $this->endElement(); // directive
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
index 2671516c5..1abdcfc06 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Exception.php
@@ -1,11 +1,11 @@
-<?php
-
-/**
- * Exceptions related to configuration schema
- */
-class HTMLPurifier_ConfigSchema_Exception extends HTMLPurifier_Exception
-{
-
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Exceptions related to configuration schema
+ */
+class HTMLPurifier_ConfigSchema_Exception extends HTMLPurifier_Exception
+{
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
index 0e08ae8fe..c094fa0b8 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange.php
@@ -1,47 +1,47 @@
-<?php
-
-/**
- * Generic schema interchange format that can be converted to a runtime
- * representation (HTMLPurifier_ConfigSchema) or HTML documentation. Members
- * are completely validated.
- */
-class HTMLPurifier_ConfigSchema_Interchange
-{
-
-    /**
-     * Name of the application this schema is describing.
-     * @type string
-     */
-    public $name;
-
-    /**
-     * Array of Directive ID => array(directive info)
-     * @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
-     */
-    public $directives = array();
-
-    /**
-     * Adds a directive array to $directives
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
-     * @throws HTMLPurifier_ConfigSchema_Exception
-     */
-    public function addDirective($directive)
-    {
-        if (isset($this->directives[$i = $directive->id->toString()])) {
-            throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
-        }
-        $this->directives[$i] = $directive;
-    }
-
-    /**
-     * Convenience function to perform standard validation. Throws exception
-     * on failed validation.
-     */
-    public function validate()
-    {
-        $validator = new HTMLPurifier_ConfigSchema_Validator();
-        return $validator->validate($this);
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Generic schema interchange format that can be converted to a runtime
+ * representation (HTMLPurifier_ConfigSchema) or HTML documentation. Members
+ * are completely validated.
+ */
+class HTMLPurifier_ConfigSchema_Interchange
+{
+
+    /**
+     * Name of the application this schema is describing.
+     * @type string
+     */
+    public $name;
+
+    /**
+     * Array of Directive ID => array(directive info)
+     * @type HTMLPurifier_ConfigSchema_Interchange_Directive[]
+     */
+    public $directives = array();
+
+    /**
+     * Adds a directive array to $directives
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $directive
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function addDirective($directive)
+    {
+        if (isset($this->directives[$i = $directive->id->toString()])) {
+            throw new HTMLPurifier_ConfigSchema_Exception("Cannot redefine directive '$i'");
+        }
+        $this->directives[$i] = $directive;
+    }
+
+    /**
+     * Convenience function to perform standard validation. Throws exception
+     * on failed validation.
+     */
+    public function validate()
+    {
+        $validator = new HTMLPurifier_ConfigSchema_Validator();
+        return $validator->validate($this);
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php
index 127a39a67..4c39c5c68 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Directive.php
@@ -1,89 +1,89 @@
-<?php
-
-/**
- * Interchange component class describing configuration directives.
- */
-class HTMLPurifier_ConfigSchema_Interchange_Directive
-{
-
-    /**
-     * ID of directive.
-     * @type HTMLPurifier_ConfigSchema_Interchange_Id
-     */
-    public $id;
-
-    /**
-     * Type, e.g. 'integer' or 'istring'.
-     * @type string
-     */
-    public $type;
-
-    /**
-     * Default value, e.g. 3 or 'DefaultVal'.
-     * @type mixed
-     */
-    public $default;
-
-    /**
-     * HTML description.
-     * @type string
-     */
-    public $description;
-
-    /**
-     * Whether or not null is allowed as a value.
-     * @type bool
-     */
-    public $typeAllowsNull = false;
-
-    /**
-     * Lookup table of allowed scalar values.
-     * e.g. array('allowed' => true).
-     * Null if all values are allowed.
-     * @type array
-     */
-    public $allowed;
-
-    /**
-     * List of aliases for the directive.
-     * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
-     * @type HTMLPurifier_ConfigSchema_Interchange_Id[]
-     */
-    public $aliases = array();
-
-    /**
-     * Hash of value aliases, e.g. array('alt' => 'real'). Null if value
-     * aliasing is disabled (necessary for non-scalar types).
-     * @type array
-     */
-    public $valueAliases;
-
-    /**
-     * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
-     * Null if the directive has always existed.
-     * @type string
-     */
-    public $version;
-
-    /**
-     * ID of directive that supercedes this old directive.
-     * Null if not deprecated.
-     * @type HTMLPurifier_ConfigSchema_Interchange_Id
-     */
-    public $deprecatedUse;
-
-    /**
-     * Version of HTML Purifier this directive was deprecated. Null if not
-     * deprecated.
-     * @type string
-     */
-    public $deprecatedVersion;
-
-    /**
-     * List of external projects this directive depends on, e.g. array('CSSTidy').
-     * @type array
-     */
-    public $external = array();
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Interchange component class describing configuration directives.
+ */
+class HTMLPurifier_ConfigSchema_Interchange_Directive
+{
+
+    /**
+     * ID of directive.
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public $id;
+
+    /**
+     * Type, e.g. 'integer' or 'istring'.
+     * @type string
+     */
+    public $type;
+
+    /**
+     * Default value, e.g. 3 or 'DefaultVal'.
+     * @type mixed
+     */
+    public $default;
+
+    /**
+     * HTML description.
+     * @type string
+     */
+    public $description;
+
+    /**
+     * Whether or not null is allowed as a value.
+     * @type bool
+     */
+    public $typeAllowsNull = false;
+
+    /**
+     * Lookup table of allowed scalar values.
+     * e.g. array('allowed' => true).
+     * Null if all values are allowed.
+     * @type array
+     */
+    public $allowed;
+
+    /**
+     * List of aliases for the directive.
+     * e.g. array(new HTMLPurifier_ConfigSchema_Interchange_Id('Ns', 'Dir'))).
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id[]
+     */
+    public $aliases = array();
+
+    /**
+     * Hash of value aliases, e.g. array('alt' => 'real'). Null if value
+     * aliasing is disabled (necessary for non-scalar types).
+     * @type array
+     */
+    public $valueAliases;
+
+    /**
+     * Version of HTML Purifier the directive was introduced, e.g. '1.3.1'.
+     * Null if the directive has always existed.
+     * @type string
+     */
+    public $version;
+
+    /**
+     * ID of directive that supercedes this old directive.
+     * Null if not deprecated.
+     * @type HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public $deprecatedUse;
+
+    /**
+     * Version of HTML Purifier this directive was deprecated. Null if not
+     * deprecated.
+     * @type string
+     */
+    public $deprecatedVersion;
+
+    /**
+     * List of external projects this directive depends on, e.g. array('CSSTidy').
+     * @type array
+     */
+    public $external = array();
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
index 126f09d95..3ee817114 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Interchange/Id.php
@@ -1,58 +1,58 @@
-<?php
-
-/**
- * Represents a directive ID in the interchange format.
- */
-class HTMLPurifier_ConfigSchema_Interchange_Id
-{
-
-    /**
-     * @type string
-     */
-    public $key;
-
-    /**
-     * @param string $key
-     */
-    public function __construct($key)
-    {
-        $this->key = $key;
-    }
-
-    /**
-     * @return string
-     * @warning This is NOT magic, to ensure that people don't abuse SPL and
-     *          cause problems for PHP 5.0 support.
-     */
-    public function toString()
-    {
-        return $this->key;
-    }
-
-    /**
-     * @return string
-     */
-    public function getRootNamespace()
-    {
-        return substr($this->key, 0, strpos($this->key, "."));
-    }
-
-    /**
-     * @return string
-     */
-    public function getDirective()
-    {
-        return substr($this->key, strpos($this->key, ".") + 1);
-    }
-
-    /**
-     * @param string $id
-     * @return HTMLPurifier_ConfigSchema_Interchange_Id
-     */
-    public static function make($id)
-    {
-        return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Represents a directive ID in the interchange format.
+ */
+class HTMLPurifier_ConfigSchema_Interchange_Id
+{
+
+    /**
+     * @type string
+     */
+    public $key;
+
+    /**
+     * @param string $key
+     */
+    public function __construct($key)
+    {
+        $this->key = $key;
+    }
+
+    /**
+     * @return string
+     * @warning This is NOT magic, to ensure that people don't abuse SPL and
+     *          cause problems for PHP 5.0 support.
+     */
+    public function toString()
+    {
+        return $this->key;
+    }
+
+    /**
+     * @return string
+     */
+    public function getRootNamespace()
+    {
+        return substr($this->key, 0, strpos($this->key, "."));
+    }
+
+    /**
+     * @return string
+     */
+    public function getDirective()
+    {
+        return substr($this->key, strpos($this->key, ".") + 1);
+    }
+
+    /**
+     * @param string $id
+     * @return HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    public static function make($id)
+    {
+        return new HTMLPurifier_ConfigSchema_Interchange_Id($id);
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
index 655e6dd1b..fe9b3268f 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php
@@ -1,226 +1,226 @@
-<?php
-
-class HTMLPurifier_ConfigSchema_InterchangeBuilder
-{
-
-    /**
-     * Used for processing DEFAULT, nothing else.
-     * @type HTMLPurifier_VarParser
-     */
-    protected $varParser;
-
-    /**
-     * @param HTMLPurifier_VarParser $varParser
-     */
-    public function __construct($varParser = null)
-    {
-        $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
-    }
-
-    /**
-     * @param string $dir
-     * @return HTMLPurifier_ConfigSchema_Interchange
-     */
-    public static function buildFromDirectory($dir = null)
-    {
-        $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
-        $interchange = new HTMLPurifier_ConfigSchema_Interchange();
-        return $builder->buildDir($interchange, $dir);
-    }
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     * @param string $dir
-     * @return HTMLPurifier_ConfigSchema_Interchange
-     */
-    public function buildDir($interchange, $dir = null)
-    {
-        if (!$dir) {
-            $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
-        }
-        if (file_exists($dir . '/info.ini')) {
-            $info = parse_ini_file($dir . '/info.ini');
-            $interchange->name = $info['name'];
-        }
-
-        $files = array();
-        $dh = opendir($dir);
-        while (false !== ($file = readdir($dh))) {
-            if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
-                continue;
-            }
-            $files[] = $file;
-        }
-        closedir($dh);
-
-        sort($files);
-        foreach ($files as $file) {
-            $this->buildFile($interchange, $dir . '/' . $file);
-        }
-        return $interchange;
-    }
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     * @param string $file
-     */
-    public function buildFile($interchange, $file)
-    {
-        $parser = new HTMLPurifier_StringHashParser();
-        $this->build(
-            $interchange,
-            new HTMLPurifier_StringHash($parser->parseFile($file))
-        );
-    }
-
-    /**
-     * Builds an interchange object based on a hash.
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
-     * @param HTMLPurifier_StringHash $hash source data
-     * @throws HTMLPurifier_ConfigSchema_Exception
-     */
-    public function build($interchange, $hash)
-    {
-        if (!$hash instanceof HTMLPurifier_StringHash) {
-            $hash = new HTMLPurifier_StringHash($hash);
-        }
-        if (!isset($hash['ID'])) {
-            throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
-        }
-        if (strpos($hash['ID'], '.') === false) {
-            if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
-                $hash->offsetGet('DESCRIPTION'); // prevent complaining
-            } else {
-                throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
-            }
-        } else {
-            $this->buildDirective($interchange, $hash);
-        }
-        $this->_findUnused($hash);
-    }
-
-    /**
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     * @param HTMLPurifier_StringHash $hash
-     * @throws HTMLPurifier_ConfigSchema_Exception
-     */
-    public function buildDirective($interchange, $hash)
-    {
-        $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
-
-        // These are required elements:
-        $directive->id = $this->id($hash->offsetGet('ID'));
-        $id = $directive->id->toString(); // convenience
-
-        if (isset($hash['TYPE'])) {
-            $type = explode('/', $hash->offsetGet('TYPE'));
-            if (isset($type[1])) {
-                $directive->typeAllowsNull = true;
-            }
-            $directive->type = $type[0];
-        } else {
-            throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
-        }
-
-        if (isset($hash['DEFAULT'])) {
-            try {
-                $directive->default = $this->varParser->parse(
-                    $hash->offsetGet('DEFAULT'),
-                    $directive->type,
-                    $directive->typeAllowsNull
-                );
-            } catch (HTMLPurifier_VarParserException $e) {
-                throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
-            }
-        }
-
-        if (isset($hash['DESCRIPTION'])) {
-            $directive->description = $hash->offsetGet('DESCRIPTION');
-        }
-
-        if (isset($hash['ALLOWED'])) {
-            $directive->allowed = $this->lookup($this->evalArray($hash->offsetGet('ALLOWED')));
-        }
-
-        if (isset($hash['VALUE-ALIASES'])) {
-            $directive->valueAliases = $this->evalArray($hash->offsetGet('VALUE-ALIASES'));
-        }
-
-        if (isset($hash['ALIASES'])) {
-            $raw_aliases = trim($hash->offsetGet('ALIASES'));
-            $aliases = preg_split('/\s*,\s*/', $raw_aliases);
-            foreach ($aliases as $alias) {
-                $directive->aliases[] = $this->id($alias);
-            }
-        }
-
-        if (isset($hash['VERSION'])) {
-            $directive->version = $hash->offsetGet('VERSION');
-        }
-
-        if (isset($hash['DEPRECATED-USE'])) {
-            $directive->deprecatedUse = $this->id($hash->offsetGet('DEPRECATED-USE'));
-        }
-
-        if (isset($hash['DEPRECATED-VERSION'])) {
-            $directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
-        }
-
-        if (isset($hash['EXTERNAL'])) {
-            $directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
-        }
-
-        $interchange->addDirective($directive);
-    }
-
-    /**
-     * Evaluates an array PHP code string without array() wrapper
-     * @param string $contents
-     */
-    protected function evalArray($contents)
-    {
-        return eval('return array(' . $contents . ');');
-    }
-
-    /**
-     * Converts an array list into a lookup array.
-     * @param array $array
-     * @return array
-     */
-    protected function lookup($array)
-    {
-        $ret = array();
-        foreach ($array as $val) {
-            $ret[$val] = true;
-        }
-        return $ret;
-    }
-
-    /**
-     * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
-     * object based on a string Id.
-     * @param string $id
-     * @return HTMLPurifier_ConfigSchema_Interchange_Id
-     */
-    protected function id($id)
-    {
-        return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
-    }
-
-    /**
-     * Triggers errors for any unused keys passed in the hash; such keys
-     * may indicate typos, missing values, etc.
-     * @param HTMLPurifier_StringHash $hash Hash to check.
-     */
-    protected function _findUnused($hash)
-    {
-        $accessed = $hash->getAccessed();
-        foreach ($hash as $k => $v) {
-            if (!isset($accessed[$k])) {
-                trigger_error("String hash key '$k' not used by builder", E_USER_NOTICE);
-            }
-        }
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+class HTMLPurifier_ConfigSchema_InterchangeBuilder
+{
+
+    /**
+     * Used for processing DEFAULT, nothing else.
+     * @type HTMLPurifier_VarParser
+     */
+    protected $varParser;
+
+    /**
+     * @param HTMLPurifier_VarParser $varParser
+     */
+    public function __construct($varParser = null)
+    {
+        $this->varParser = $varParser ? $varParser : new HTMLPurifier_VarParser_Native();
+    }
+
+    /**
+     * @param string $dir
+     * @return HTMLPurifier_ConfigSchema_Interchange
+     */
+    public static function buildFromDirectory($dir = null)
+    {
+        $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder();
+        $interchange = new HTMLPurifier_ConfigSchema_Interchange();
+        return $builder->buildDir($interchange, $dir);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param string $dir
+     * @return HTMLPurifier_ConfigSchema_Interchange
+     */
+    public function buildDir($interchange, $dir = null)
+    {
+        if (!$dir) {
+            $dir = HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/schema';
+        }
+        if (file_exists($dir . '/info.ini')) {
+            $info = parse_ini_file($dir . '/info.ini');
+            $interchange->name = $info['name'];
+        }
+
+        $files = array();
+        $dh = opendir($dir);
+        while (false !== ($file = readdir($dh))) {
+            if (!$file || $file[0] == '.' || strrchr($file, '.') !== '.txt') {
+                continue;
+            }
+            $files[] = $file;
+        }
+        closedir($dh);
+
+        sort($files);
+        foreach ($files as $file) {
+            $this->buildFile($interchange, $dir . '/' . $file);
+        }
+        return $interchange;
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param string $file
+     */
+    public function buildFile($interchange, $file)
+    {
+        $parser = new HTMLPurifier_StringHashParser();
+        $this->build(
+            $interchange,
+            new HTMLPurifier_StringHash($parser->parseFile($file))
+        );
+    }
+
+    /**
+     * Builds an interchange object based on a hash.
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange HTMLPurifier_ConfigSchema_Interchange object to build
+     * @param HTMLPurifier_StringHash $hash source data
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function build($interchange, $hash)
+    {
+        if (!$hash instanceof HTMLPurifier_StringHash) {
+            $hash = new HTMLPurifier_StringHash($hash);
+        }
+        if (!isset($hash['ID'])) {
+            throw new HTMLPurifier_ConfigSchema_Exception('Hash does not have any ID');
+        }
+        if (strpos($hash['ID'], '.') === false) {
+            if (count($hash) == 2 && isset($hash['DESCRIPTION'])) {
+                $hash->offsetGet('DESCRIPTION'); // prevent complaining
+            } else {
+                throw new HTMLPurifier_ConfigSchema_Exception('All directives must have a namespace');
+            }
+        } else {
+            $this->buildDirective($interchange, $hash);
+        }
+        $this->_findUnused($hash);
+    }
+
+    /**
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @param HTMLPurifier_StringHash $hash
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    public function buildDirective($interchange, $hash)
+    {
+        $directive = new HTMLPurifier_ConfigSchema_Interchange_Directive();
+
+        // These are required elements:
+        $directive->id = $this->id($hash->offsetGet('ID'));
+        $id = $directive->id->toString(); // convenience
+
+        if (isset($hash['TYPE'])) {
+            $type = explode('/', $hash->offsetGet('TYPE'));
+            if (isset($type[1])) {
+                $directive->typeAllowsNull = true;
+            }
+            $directive->type = $type[0];
+        } else {
+            throw new HTMLPurifier_ConfigSchema_Exception("TYPE in directive hash '$id' not defined");
+        }
+
+        if (isset($hash['DEFAULT'])) {
+            try {
+                $directive->default = $this->varParser->parse(
+                    $hash->offsetGet('DEFAULT'),
+                    $directive->type,
+                    $directive->typeAllowsNull
+                );
+            } catch (HTMLPurifier_VarParserException $e) {
+                throw new HTMLPurifier_ConfigSchema_Exception($e->getMessage() . " in DEFAULT in directive hash '$id'");
+            }
+        }
+
+        if (isset($hash['DESCRIPTION'])) {
+            $directive->description = $hash->offsetGet('DESCRIPTION');
+        }
+
+        if (isset($hash['ALLOWED'])) {
+            $directive->allowed = $this->lookup($this->evalArray($hash->offsetGet('ALLOWED')));
+        }
+
+        if (isset($hash['VALUE-ALIASES'])) {
+            $directive->valueAliases = $this->evalArray($hash->offsetGet('VALUE-ALIASES'));
+        }
+
+        if (isset($hash['ALIASES'])) {
+            $raw_aliases = trim($hash->offsetGet('ALIASES'));
+            $aliases = preg_split('/\s*,\s*/', $raw_aliases);
+            foreach ($aliases as $alias) {
+                $directive->aliases[] = $this->id($alias);
+            }
+        }
+
+        if (isset($hash['VERSION'])) {
+            $directive->version = $hash->offsetGet('VERSION');
+        }
+
+        if (isset($hash['DEPRECATED-USE'])) {
+            $directive->deprecatedUse = $this->id($hash->offsetGet('DEPRECATED-USE'));
+        }
+
+        if (isset($hash['DEPRECATED-VERSION'])) {
+            $directive->deprecatedVersion = $hash->offsetGet('DEPRECATED-VERSION');
+        }
+
+        if (isset($hash['EXTERNAL'])) {
+            $directive->external = preg_split('/\s*,\s*/', trim($hash->offsetGet('EXTERNAL')));
+        }
+
+        $interchange->addDirective($directive);
+    }
+
+    /**
+     * Evaluates an array PHP code string without array() wrapper
+     * @param string $contents
+     */
+    protected function evalArray($contents)
+    {
+        return eval('return array(' . $contents . ');');
+    }
+
+    /**
+     * Converts an array list into a lookup array.
+     * @param array $array
+     * @return array
+     */
+    protected function lookup($array)
+    {
+        $ret = array();
+        foreach ($array as $val) {
+            $ret[$val] = true;
+        }
+        return $ret;
+    }
+
+    /**
+     * Convenience function that creates an HTMLPurifier_ConfigSchema_Interchange_Id
+     * object based on a string Id.
+     * @param string $id
+     * @return HTMLPurifier_ConfigSchema_Interchange_Id
+     */
+    protected function id($id)
+    {
+        return HTMLPurifier_ConfigSchema_Interchange_Id::make($id);
+    }
+
+    /**
+     * Triggers errors for any unused keys passed in the hash; such keys
+     * may indicate typos, missing values, etc.
+     * @param HTMLPurifier_StringHash $hash Hash to check.
+     */
+    protected function _findUnused($hash)
+    {
+        $accessed = $hash->getAccessed();
+        foreach ($hash as $k => $v) {
+            if (!isset($accessed[$k])) {
+                trigger_error("String hash key '$k' not used by builder", E_USER_NOTICE);
+            }
+        }
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
index fb3127788..9f14444f3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/Validator.php
@@ -1,248 +1,248 @@
-<?php
-
-/**
- * Performs validations on HTMLPurifier_ConfigSchema_Interchange
- *
- * @note If you see '// handled by InterchangeBuilder', that means a
- *       design decision in that class would prevent this validation from
- *       ever being necessary. We have them anyway, however, for
- *       redundancy.
- */
-class HTMLPurifier_ConfigSchema_Validator
-{
-
-    /**
-     * @type HTMLPurifier_ConfigSchema_Interchange
-     */
-    protected $interchange;
-
-    /**
-     * @type array
-     */
-    protected $aliases;
-
-    /**
-     * Context-stack to provide easy to read error messages.
-     * @type array
-     */
-    protected $context = array();
-
-    /**
-     * to test default's type.
-     * @type HTMLPurifier_VarParser
-     */
-    protected $parser;
-
-    public function __construct()
-    {
-        $this->parser = new HTMLPurifier_VarParser();
-    }
-
-    /**
-     * Validates a fully-formed interchange object.
-     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
-     * @return bool
-     */
-    public function validate($interchange)
-    {
-        $this->interchange = $interchange;
-        $this->aliases = array();
-        // PHP is a bit lax with integer <=> string conversions in
-        // arrays, so we don't use the identical !== comparison
-        foreach ($interchange->directives as $i => $directive) {
-            $id = $directive->id->toString();
-            if ($i != $id) {
-                $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
-            }
-            $this->validateDirective($directive);
-        }
-        return true;
-    }
-
-    /**
-     * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
-     * @param HTMLPurifier_ConfigSchema_Interchange_Id $id
-     */
-    public function validateId($id)
-    {
-        $id_string = $id->toString();
-        $this->context[] = "id '$id_string'";
-        if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
-            // handled by InterchangeBuilder
-            $this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
-        }
-        // keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
-        // we probably should check that it has at least one namespace
-        $this->with($id, 'key')
-            ->assertNotEmpty()
-            ->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
-        array_pop($this->context);
-    }
-
-    /**
-     * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
-     */
-    public function validateDirective($d)
-    {
-        $id = $d->id->toString();
-        $this->context[] = "directive '$id'";
-        $this->validateId($d->id);
-
-        $this->with($d, 'description')
-            ->assertNotEmpty();
-
-        // BEGIN - handled by InterchangeBuilder
-        $this->with($d, 'type')
-            ->assertNotEmpty();
-        $this->with($d, 'typeAllowsNull')
-            ->assertIsBool();
-        try {
-            // This also tests validity of $d->type
-            $this->parser->parse($d->default, $d->type, $d->typeAllowsNull);
-        } catch (HTMLPurifier_VarParserException $e) {
-            $this->error('default', 'had error: ' . $e->getMessage());
-        }
-        // END - handled by InterchangeBuilder
-
-        if (!is_null($d->allowed) || !empty($d->valueAliases)) {
-            // allowed and valueAliases require that we be dealing with
-            // strings, so check for that early.
-            $d_int = HTMLPurifier_VarParser::$types[$d->type];
-            if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
-                $this->error('type', 'must be a string type when used with allowed or value aliases');
-            }
-        }
-
-        $this->validateDirectiveAllowed($d);
-        $this->validateDirectiveValueAliases($d);
-        $this->validateDirectiveAliases($d);
-
-        array_pop($this->context);
-    }
-
-    /**
-     * Extra validation if $allowed member variable of
-     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
-     */
-    public function validateDirectiveAllowed($d)
-    {
-        if (is_null($d->allowed)) {
-            return;
-        }
-        $this->with($d, 'allowed')
-            ->assertNotEmpty()
-            ->assertIsLookup(); // handled by InterchangeBuilder
-        if (is_string($d->default) && !isset($d->allowed[$d->default])) {
-            $this->error('default', 'must be an allowed value');
-        }
-        $this->context[] = 'allowed';
-        foreach ($d->allowed as $val => $x) {
-            if (!is_string($val)) {
-                $this->error("value $val", 'must be a string');
-            }
-        }
-        array_pop($this->context);
-    }
-
-    /**
-     * Extra validation if $valueAliases member variable of
-     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
-     */
-    public function validateDirectiveValueAliases($d)
-    {
-        if (is_null($d->valueAliases)) {
-            return;
-        }
-        $this->with($d, 'valueAliases')
-            ->assertIsArray(); // handled by InterchangeBuilder
-        $this->context[] = 'valueAliases';
-        foreach ($d->valueAliases as $alias => $real) {
-            if (!is_string($alias)) {
-                $this->error("alias $alias", 'must be a string');
-            }
-            if (!is_string($real)) {
-                $this->error("alias target $real from alias '$alias'", 'must be a string');
-            }
-            if ($alias === $real) {
-                $this->error("alias '$alias'", "must not be an alias to itself");
-            }
-        }
-        if (!is_null($d->allowed)) {
-            foreach ($d->valueAliases as $alias => $real) {
-                if (isset($d->allowed[$alias])) {
-                    $this->error("alias '$alias'", 'must not be an allowed value');
-                } elseif (!isset($d->allowed[$real])) {
-                    $this->error("alias '$alias'", 'must be an alias to an allowed value');
-                }
-            }
-        }
-        array_pop($this->context);
-    }
-
-    /**
-     * Extra validation if $aliases member variable of
-     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
-     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
-     */
-    public function validateDirectiveAliases($d)
-    {
-        $this->with($d, 'aliases')
-            ->assertIsArray(); // handled by InterchangeBuilder
-        $this->context[] = 'aliases';
-        foreach ($d->aliases as $alias) {
-            $this->validateId($alias);
-            $s = $alias->toString();
-            if (isset($this->interchange->directives[$s])) {
-                $this->error("alias '$s'", 'collides with another directive');
-            }
-            if (isset($this->aliases[$s])) {
-                $other_directive = $this->aliases[$s];
-                $this->error("alias '$s'", "collides with alias for directive '$other_directive'");
-            }
-            $this->aliases[$s] = $d->id->toString();
-        }
-        array_pop($this->context);
-    }
-
-    // protected helper functions
-
-    /**
-     * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
-     * for validating simple member variables of objects.
-     * @param $obj
-     * @param $member
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    protected function with($obj, $member)
-    {
-        return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
-    }
-
-    /**
-     * Emits an error, providing helpful context.
-     * @throws HTMLPurifier_ConfigSchema_Exception
-     */
-    protected function error($target, $msg)
-    {
-        if ($target !== false) {
-            $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
-        } else {
-            $prefix = ucfirst($this->getFormattedContext());
-        }
-        throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
-    }
-
-    /**
-     * Returns a formatted context string.
-     * @return string
-     */
-    protected function getFormattedContext()
-    {
-        return implode(' in ', array_reverse($this->context));
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Performs validations on HTMLPurifier_ConfigSchema_Interchange
+ *
+ * @note If you see '// handled by InterchangeBuilder', that means a
+ *       design decision in that class would prevent this validation from
+ *       ever being necessary. We have them anyway, however, for
+ *       redundancy.
+ */
+class HTMLPurifier_ConfigSchema_Validator
+{
+
+    /**
+     * @type HTMLPurifier_ConfigSchema_Interchange
+     */
+    protected $interchange;
+
+    /**
+     * @type array
+     */
+    protected $aliases;
+
+    /**
+     * Context-stack to provide easy to read error messages.
+     * @type array
+     */
+    protected $context = array();
+
+    /**
+     * to test default's type.
+     * @type HTMLPurifier_VarParser
+     */
+    protected $parser;
+
+    public function __construct()
+    {
+        $this->parser = new HTMLPurifier_VarParser();
+    }
+
+    /**
+     * Validates a fully-formed interchange object.
+     * @param HTMLPurifier_ConfigSchema_Interchange $interchange
+     * @return bool
+     */
+    public function validate($interchange)
+    {
+        $this->interchange = $interchange;
+        $this->aliases = array();
+        // PHP is a bit lax with integer <=> string conversions in
+        // arrays, so we don't use the identical !== comparison
+        foreach ($interchange->directives as $i => $directive) {
+            $id = $directive->id->toString();
+            if ($i != $id) {
+                $this->error(false, "Integrity violation: key '$i' does not match internal id '$id'");
+            }
+            $this->validateDirective($directive);
+        }
+        return true;
+    }
+
+    /**
+     * Validates a HTMLPurifier_ConfigSchema_Interchange_Id object.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Id $id
+     */
+    public function validateId($id)
+    {
+        $id_string = $id->toString();
+        $this->context[] = "id '$id_string'";
+        if (!$id instanceof HTMLPurifier_ConfigSchema_Interchange_Id) {
+            // handled by InterchangeBuilder
+            $this->error(false, 'is not an instance of HTMLPurifier_ConfigSchema_Interchange_Id');
+        }
+        // keys are now unconstrained (we might want to narrow down to A-Za-z0-9.)
+        // we probably should check that it has at least one namespace
+        $this->with($id, 'key')
+            ->assertNotEmpty()
+            ->assertIsString(); // implicit assertIsString handled by InterchangeBuilder
+        array_pop($this->context);
+    }
+
+    /**
+     * Validates a HTMLPurifier_ConfigSchema_Interchange_Directive object.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirective($d)
+    {
+        $id = $d->id->toString();
+        $this->context[] = "directive '$id'";
+        $this->validateId($d->id);
+
+        $this->with($d, 'description')
+            ->assertNotEmpty();
+
+        // BEGIN - handled by InterchangeBuilder
+        $this->with($d, 'type')
+            ->assertNotEmpty();
+        $this->with($d, 'typeAllowsNull')
+            ->assertIsBool();
+        try {
+            // This also tests validity of $d->type
+            $this->parser->parse($d->default, $d->type, $d->typeAllowsNull);
+        } catch (HTMLPurifier_VarParserException $e) {
+            $this->error('default', 'had error: ' . $e->getMessage());
+        }
+        // END - handled by InterchangeBuilder
+
+        if (!is_null($d->allowed) || !empty($d->valueAliases)) {
+            // allowed and valueAliases require that we be dealing with
+            // strings, so check for that early.
+            $d_int = HTMLPurifier_VarParser::$types[$d->type];
+            if (!isset(HTMLPurifier_VarParser::$stringTypes[$d_int])) {
+                $this->error('type', 'must be a string type when used with allowed or value aliases');
+            }
+        }
+
+        $this->validateDirectiveAllowed($d);
+        $this->validateDirectiveValueAliases($d);
+        $this->validateDirectiveAliases($d);
+
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $allowed member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveAllowed($d)
+    {
+        if (is_null($d->allowed)) {
+            return;
+        }
+        $this->with($d, 'allowed')
+            ->assertNotEmpty()
+            ->assertIsLookup(); // handled by InterchangeBuilder
+        if (is_string($d->default) && !isset($d->allowed[$d->default])) {
+            $this->error('default', 'must be an allowed value');
+        }
+        $this->context[] = 'allowed';
+        foreach ($d->allowed as $val => $x) {
+            if (!is_string($val)) {
+                $this->error("value $val", 'must be a string');
+            }
+        }
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $valueAliases member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveValueAliases($d)
+    {
+        if (is_null($d->valueAliases)) {
+            return;
+        }
+        $this->with($d, 'valueAliases')
+            ->assertIsArray(); // handled by InterchangeBuilder
+        $this->context[] = 'valueAliases';
+        foreach ($d->valueAliases as $alias => $real) {
+            if (!is_string($alias)) {
+                $this->error("alias $alias", 'must be a string');
+            }
+            if (!is_string($real)) {
+                $this->error("alias target $real from alias '$alias'", 'must be a string');
+            }
+            if ($alias === $real) {
+                $this->error("alias '$alias'", "must not be an alias to itself");
+            }
+        }
+        if (!is_null($d->allowed)) {
+            foreach ($d->valueAliases as $alias => $real) {
+                if (isset($d->allowed[$alias])) {
+                    $this->error("alias '$alias'", 'must not be an allowed value');
+                } elseif (!isset($d->allowed[$real])) {
+                    $this->error("alias '$alias'", 'must be an alias to an allowed value');
+                }
+            }
+        }
+        array_pop($this->context);
+    }
+
+    /**
+     * Extra validation if $aliases member variable of
+     * HTMLPurifier_ConfigSchema_Interchange_Directive is defined.
+     * @param HTMLPurifier_ConfigSchema_Interchange_Directive $d
+     */
+    public function validateDirectiveAliases($d)
+    {
+        $this->with($d, 'aliases')
+            ->assertIsArray(); // handled by InterchangeBuilder
+        $this->context[] = 'aliases';
+        foreach ($d->aliases as $alias) {
+            $this->validateId($alias);
+            $s = $alias->toString();
+            if (isset($this->interchange->directives[$s])) {
+                $this->error("alias '$s'", 'collides with another directive');
+            }
+            if (isset($this->aliases[$s])) {
+                $other_directive = $this->aliases[$s];
+                $this->error("alias '$s'", "collides with alias for directive '$other_directive'");
+            }
+            $this->aliases[$s] = $d->id->toString();
+        }
+        array_pop($this->context);
+    }
+
+    // protected helper functions
+
+    /**
+     * Convenience function for generating HTMLPurifier_ConfigSchema_ValidatorAtom
+     * for validating simple member variables of objects.
+     * @param $obj
+     * @param $member
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    protected function with($obj, $member)
+    {
+        return new HTMLPurifier_ConfigSchema_ValidatorAtom($this->getFormattedContext(), $obj, $member);
+    }
+
+    /**
+     * Emits an error, providing helpful context.
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    protected function error($target, $msg)
+    {
+        if ($target !== false) {
+            $prefix = ucfirst($target) . ' in ' . $this->getFormattedContext();
+        } else {
+            $prefix = ucfirst($this->getFormattedContext());
+        }
+        throw new HTMLPurifier_ConfigSchema_Exception(trim($prefix . ' ' . $msg));
+    }
+
+    /**
+     * Returns a formatted context string.
+     * @return string
+     */
+    protected function getFormattedContext()
+    {
+        return implode(' in ', array_reverse($this->context));
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
index c9aa3644a..a2e0b4a1b 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/ValidatorAtom.php
@@ -1,130 +1,130 @@
-<?php
-
-/**
- * Fluent interface for validating the contents of member variables.
- * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for
- * use-cases. We name this an 'atom' because it's ONLY for validations that
- * are independent and usually scalar.
- */
-class HTMLPurifier_ConfigSchema_ValidatorAtom
-{
-    /**
-     * @type string
-     */
-    protected $context;
-
-    /**
-     * @type object
-     */
-    protected $obj;
-
-    /**
-     * @type string
-     */
-    protected $member;
-
-    /**
-     * @type mixed
-     */
-    protected $contents;
-
-    public function __construct($context, $obj, $member)
-    {
-        $this->context = $context;
-        $this->obj = $obj;
-        $this->member = $member;
-        $this->contents =& $obj->$member;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertIsString()
-    {
-        if (!is_string($this->contents)) {
-            $this->error('must be a string');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertIsBool()
-    {
-        if (!is_bool($this->contents)) {
-            $this->error('must be a boolean');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertIsArray()
-    {
-        if (!is_array($this->contents)) {
-            $this->error('must be an array');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertNotNull()
-    {
-        if ($this->contents === null) {
-            $this->error('must not be null');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertAlnum()
-    {
-        $this->assertIsString();
-        if (!ctype_alnum($this->contents)) {
-            $this->error('must be alphanumeric');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertNotEmpty()
-    {
-        if (empty($this->contents)) {
-            $this->error('must not be empty');
-        }
-        return $this;
-    }
-
-    /**
-     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
-     */
-    public function assertIsLookup()
-    {
-        $this->assertIsArray();
-        foreach ($this->contents as $v) {
-            if ($v !== true) {
-                $this->error('must be a lookup array');
-            }
-        }
-        return $this;
-    }
-
-    /**
-     * @param string $msg
-     * @throws HTMLPurifier_ConfigSchema_Exception
-     */
-    protected function error($msg)
-    {
-        throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+/**
+ * Fluent interface for validating the contents of member variables.
+ * This should be immutable. See HTMLPurifier_ConfigSchema_Validator for
+ * use-cases. We name this an 'atom' because it's ONLY for validations that
+ * are independent and usually scalar.
+ */
+class HTMLPurifier_ConfigSchema_ValidatorAtom
+{
+    /**
+     * @type string
+     */
+    protected $context;
+
+    /**
+     * @type object
+     */
+    protected $obj;
+
+    /**
+     * @type string
+     */
+    protected $member;
+
+    /**
+     * @type mixed
+     */
+    protected $contents;
+
+    public function __construct($context, $obj, $member)
+    {
+        $this->context = $context;
+        $this->obj = $obj;
+        $this->member = $member;
+        $this->contents =& $obj->$member;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsString()
+    {
+        if (!is_string($this->contents)) {
+            $this->error('must be a string');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsBool()
+    {
+        if (!is_bool($this->contents)) {
+            $this->error('must be a boolean');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsArray()
+    {
+        if (!is_array($this->contents)) {
+            $this->error('must be an array');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertNotNull()
+    {
+        if ($this->contents === null) {
+            $this->error('must not be null');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertAlnum()
+    {
+        $this->assertIsString();
+        if (!ctype_alnum($this->contents)) {
+            $this->error('must be alphanumeric');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertNotEmpty()
+    {
+        if (empty($this->contents)) {
+            $this->error('must not be empty');
+        }
+        return $this;
+    }
+
+    /**
+     * @return HTMLPurifier_ConfigSchema_ValidatorAtom
+     */
+    public function assertIsLookup()
+    {
+        $this->assertIsArray();
+        foreach ($this->contents as $v) {
+            if ($v !== true) {
+                $this->error('must be a lookup array');
+            }
+        }
+        return $this;
+    }
+
+    /**
+     * @param string $msg
+     * @throws HTMLPurifier_ConfigSchema_Exception
+     */
+    protected function error($msg)
+    {
+        throw new HTMLPurifier_ConfigSchema_Exception(ucfirst($this->member) . ' in ' . $this->context . ' ' . $msg);
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser
index 371e948f1..a5426c736 100644
Binary files a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser and b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema.ser differ
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
index 0517fed0a..4a42382ec 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedClasses.txt
@@ -1,8 +1,8 @@
-Attr.AllowedClasses
-TYPE: lookup/null
-VERSION: 4.0.0
-DEFAULT: null
---DESCRIPTION--
-List of allowed class values in the class attribute. By default, this is null,
-which means all classes are allowed.
---# vim: et sw=4 sts=4
+Attr.AllowedClasses
+TYPE: lookup/null
+VERSION: 4.0.0
+DEFAULT: null
+--DESCRIPTION--
+List of allowed class values in the class attribute. By default, this is null,
+which means all classes are allowed.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
index 249edd647..b033eb516 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt
@@ -1,12 +1,12 @@
-Attr.AllowedFrameTargets
-TYPE: lookup
-DEFAULT: array()
---DESCRIPTION--
-Lookup table of all allowed link frame targets.  Some commonly used link
-targets include _blank, _self, _parent and _top. Values should be
-lowercase, as validation will be done in a case-sensitive manner despite
-W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
-so this directive will have no effect in that doctype. XHTML 1.1 does not
-enable the Target module by default, you will have to manually enable it
-(see the module documentation for more details.)
---# vim: et sw=4 sts=4
+Attr.AllowedFrameTargets
+TYPE: lookup
+DEFAULT: array()
+--DESCRIPTION--
+Lookup table of all allowed link frame targets.  Some commonly used link
+targets include _blank, _self, _parent and _top. Values should be
+lowercase, as validation will be done in a case-sensitive manner despite
+W3C's recommendation. XHTML 1.0 Strict does not permit the target attribute
+so this directive will have no effect in that doctype. XHTML 1.1 does not
+enable the Target module by default, you will have to manually enable it
+(see the module documentation for more details.)
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
index 9a8fa6a2e..ed72a9d56 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRel.txt
@@ -1,9 +1,9 @@
-Attr.AllowedRel
-TYPE: lookup
-VERSION: 1.6.0
-DEFAULT: array()
---DESCRIPTION--
-List of allowed forward document relationships in the rel attribute. Common
-values may be nofollow or print. By default, this is empty, meaning that no
-document relationships are allowed.
---# vim: et sw=4 sts=4
+Attr.AllowedRel
+TYPE: lookup
+VERSION: 1.6.0
+DEFAULT: array()
+--DESCRIPTION--
+List of allowed forward document relationships in the rel attribute. Common
+values may be nofollow or print. By default, this is empty, meaning that no
+document relationships are allowed.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
index b01788348..1ae672d01 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.AllowedRev.txt
@@ -1,9 +1,9 @@
-Attr.AllowedRev
-TYPE: lookup
-VERSION: 1.6.0
-DEFAULT: array()
---DESCRIPTION--
-List of allowed reverse document relationships in the rev attribute. This
-attribute is a bit of an edge-case; if you don't know what it is for, stay
-away.
---# vim: et sw=4 sts=4
+Attr.AllowedRev
+TYPE: lookup
+VERSION: 1.6.0
+DEFAULT: array()
+--DESCRIPTION--
+List of allowed reverse document relationships in the rev attribute. This
+attribute is a bit of an edge-case; if you don't know what it is for, stay
+away.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
index e774b823b..119a9d2c6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ClassUseCDATA.txt
@@ -1,19 +1,19 @@
-Attr.ClassUseCDATA
-TYPE: bool/null
-DEFAULT: null
-VERSION: 4.0.0
---DESCRIPTION--
-If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
-XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
-it will use a relaxed CDATA definition.  If true, the relaxed CDATA definition
-is forced; if false, the NMTOKENS definition is forced.  To get behavior
-of HTML Purifier prior to 4.0.0, set this directive to false.
-
-Some rational behind the auto-detection:
-in previous versions of HTML Purifier, it was assumed that the form of
-class was NMTOKENS, as specified by the XHTML Modularization (representing
-XHTML 1.1 and XHTML 2.0).  The DTDs for HTML 4.01 and XHTML 1.0, however
-specify class as CDATA.  HTML 5 effectively defines it as CDATA, but
-with the additional constraint that each name should be unique (this is not
-explicitly outlined in previous specifications).
---# vim: et sw=4 sts=4
+Attr.ClassUseCDATA
+TYPE: bool/null
+DEFAULT: null
+VERSION: 4.0.0
+--DESCRIPTION--
+If null, class will auto-detect the doctype and, if matching XHTML 1.1 or
+XHTML 2.0, will use the restrictive NMTOKENS specification of class. Otherwise,
+it will use a relaxed CDATA definition.  If true, the relaxed CDATA definition
+is forced; if false, the NMTOKENS definition is forced.  To get behavior
+of HTML Purifier prior to 4.0.0, set this directive to false.
+
+Some rational behind the auto-detection:
+in previous versions of HTML Purifier, it was assumed that the form of
+class was NMTOKENS, as specified by the XHTML Modularization (representing
+XHTML 1.1 and XHTML 2.0).  The DTDs for HTML 4.01 and XHTML 1.0, however
+specify class as CDATA.  HTML 5 effectively defines it as CDATA, but
+with the additional constraint that each name should be unique (this is not
+explicitly outlined in previous specifications).
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
index 533165e17..80b1431c3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultImageAlt.txt
@@ -1,11 +1,11 @@
-Attr.DefaultImageAlt
-TYPE: string/null
-DEFAULT: null
-VERSION: 3.2.0
---DESCRIPTION--
-This is the content of the alt tag of an image if the user had not
-previously specified an alt attribute.  This applies to all images without
-a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which
-only applies to invalid images, and overrides in the case of an invalid image.
-Default behavior with null is to use the basename of the src tag for the alt.
---# vim: et sw=4 sts=4
+Attr.DefaultImageAlt
+TYPE: string/null
+DEFAULT: null
+VERSION: 3.2.0
+--DESCRIPTION--
+This is the content of the alt tag of an image if the user had not
+previously specified an alt attribute.  This applies to all images without
+a valid alt attribute, as opposed to %Attr.DefaultInvalidImageAlt, which
+only applies to invalid images, and overrides in the case of an invalid image.
+Default behavior with null is to use the basename of the src tag for the alt.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
index 9eb7e3846..c51000d1d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImage.txt
@@ -1,9 +1,9 @@
-Attr.DefaultInvalidImage
-TYPE: string
-DEFAULT: ''
---DESCRIPTION--
-This is the default image an img tag will be pointed to if it does not have
-a valid src attribute.  In future versions, we may allow the image tag to
-be removed completely, but due to design issues, this is not possible right
-now.
---# vim: et sw=4 sts=4
+Attr.DefaultInvalidImage
+TYPE: string
+DEFAULT: ''
+--DESCRIPTION--
+This is the default image an img tag will be pointed to if it does not have
+a valid src attribute.  In future versions, we may allow the image tag to
+be removed completely, but due to design issues, this is not possible right
+now.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
index 2f17bf477..c1ec4b038 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultInvalidImageAlt.txt
@@ -1,8 +1,8 @@
-Attr.DefaultInvalidImageAlt
-TYPE: string
-DEFAULT: 'Invalid image'
---DESCRIPTION--
-This is the content of the alt tag of an invalid image if the user had not
-previously specified an alt attribute.  It has no effect when the image is
-valid but there was no alt attribute present.
---# vim: et sw=4 sts=4
+Attr.DefaultInvalidImageAlt
+TYPE: string
+DEFAULT: 'Invalid image'
+--DESCRIPTION--
+This is the content of the alt tag of an invalid image if the user had not
+previously specified an alt attribute.  It has no effect when the image is
+valid but there was no alt attribute present.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
index 52654b53a..f57dcc40f 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.DefaultTextDir.txt
@@ -1,10 +1,10 @@
-Attr.DefaultTextDir
-TYPE: string
-DEFAULT: 'ltr'
---DESCRIPTION--
-Defines the default text direction (ltr or rtl) of the document being
-parsed.  This generally is the same as the value of the dir attribute in
-HTML, or ltr if that is not specified.
---ALLOWED--
-'ltr', 'rtl'
---# vim: et sw=4 sts=4
+Attr.DefaultTextDir
+TYPE: string
+DEFAULT: 'ltr'
+--DESCRIPTION--
+Defines the default text direction (ltr or rtl) of the document being
+parsed.  This generally is the same as the value of the dir attribute in
+HTML, or ltr if that is not specified.
+--ALLOWED--
+'ltr', 'rtl'
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
index 6440d2103..9b93a5575 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.EnableID.txt
@@ -1,16 +1,16 @@
-Attr.EnableID
-TYPE: bool
-DEFAULT: false
-VERSION: 1.2.0
---DESCRIPTION--
-Allows the ID attribute in HTML.  This is disabled by default due to the
-fact that without proper configuration user input can easily break the
-validation of a webpage by specifying an ID that is already on the
-surrounding HTML.  If you don't mind throwing caution to the wind, enable
-this directive, but I strongly recommend you also consider blacklisting IDs
-you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
-(%Attr.IDPrefix).  When set to true HTML Purifier reverts to the behavior of
-pre-1.2.0 versions.
---ALIASES--
-HTML.EnableAttrID
---# vim: et sw=4 sts=4
+Attr.EnableID
+TYPE: bool
+DEFAULT: false
+VERSION: 1.2.0
+--DESCRIPTION--
+Allows the ID attribute in HTML.  This is disabled by default due to the
+fact that without proper configuration user input can easily break the
+validation of a webpage by specifying an ID that is already on the
+surrounding HTML.  If you don't mind throwing caution to the wind, enable
+this directive, but I strongly recommend you also consider blacklisting IDs
+you use (%Attr.IDBlacklist) or prefixing all user supplied IDs
+(%Attr.IDPrefix).  When set to true HTML Purifier reverts to the behavior of
+pre-1.2.0 versions.
+--ALIASES--
+HTML.EnableAttrID
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
index f31d226f5..fed8954cf 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ForbiddenClasses.txt
@@ -1,8 +1,8 @@
-Attr.ForbiddenClasses
-TYPE: lookup
-VERSION: 4.0.0
-DEFAULT: array()
---DESCRIPTION--
-List of forbidden class values in the class attribute. By default, this is
-empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
---# vim: et sw=4 sts=4
+Attr.ForbiddenClasses
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array()
+--DESCRIPTION--
+List of forbidden class values in the class attribute. By default, this is
+empty, which means that no classes are forbidden. See also %Attr.AllowedClasses.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt
index 735d4b7a1..c48e62fbe 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt
@@ -1,10 +1,10 @@
-Attr.ID.HTML5
-TYPE: bool/null
-DEFAULT: null
-VERSION: 4.8.0
---DESCRIPTION--
-In HTML5, restrictions on the format of the id attribute have been significantly
-relaxed, such that any string is valid so long as it contains no spaces and
-is at least one character.  In lieu of a general HTML5 compatibility flag,
-set this configuration directive to true to use the relaxed rules.
---# vim: et sw=4 sts=4
+Attr.ID.HTML5
+TYPE: bool/null
+DEFAULT: null
+VERSION: 4.8.0
+--DESCRIPTION--
+In HTML5, restrictions on the format of the id attribute have been significantly
+relaxed, such that any string is valid so long as it contains no spaces and
+is at least one character.  In lieu of a general HTML5 compatibility flag,
+set this configuration directive to true to use the relaxed rules.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
index 5f2b5e3d2..52168bb5e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklist.txt
@@ -1,5 +1,5 @@
-Attr.IDBlacklist
-TYPE: list
-DEFAULT: array()
-DESCRIPTION: Array of IDs not allowed in the document.
---# vim: et sw=4 sts=4
+Attr.IDBlacklist
+TYPE: list
+DEFAULT: array()
+DESCRIPTION: Array of IDs not allowed in the document.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
index 6f5824586..7b8504307 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDBlacklistRegexp.txt
@@ -1,9 +1,9 @@
-Attr.IDBlacklistRegexp
-TYPE: string/null
-VERSION: 1.6.0
-DEFAULT: NULL
---DESCRIPTION--
-PCRE regular expression to be matched against all IDs. If the expression is
-matches, the ID is rejected. Use this with care: may cause significant
-degradation. ID matching is done after all other validation.
---# vim: et sw=4 sts=4
+Attr.IDBlacklistRegexp
+TYPE: string/null
+VERSION: 1.6.0
+DEFAULT: NULL
+--DESCRIPTION--
+PCRE regular expression to be matched against all IDs. If the expression is
+matches, the ID is rejected. Use this with care: may cause significant
+degradation. ID matching is done after all other validation.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
index cc49d43fd..578138277 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefix.txt
@@ -1,12 +1,12 @@
-Attr.IDPrefix
-TYPE: string
-VERSION: 1.2.0
-DEFAULT: ''
---DESCRIPTION--
-String to prefix to IDs.  If you have no idea what IDs your pages may use,
-you may opt to simply add a prefix to all user-submitted ID attributes so
-that they are still usable, but will not conflict with core page IDs.
-Example: setting the directive to 'user_' will result in a user submitted
-'foo' to become 'user_foo'  Be sure to set %HTML.EnableAttrID to true
-before using this.
---# vim: et sw=4 sts=4
+Attr.IDPrefix
+TYPE: string
+VERSION: 1.2.0
+DEFAULT: ''
+--DESCRIPTION--
+String to prefix to IDs.  If you have no idea what IDs your pages may use,
+you may opt to simply add a prefix to all user-submitted ID attributes so
+that they are still usable, but will not conflict with core page IDs.
+Example: setting the directive to 'user_' will result in a user submitted
+'foo' to become 'user_foo'  Be sure to set %HTML.EnableAttrID to true
+before using this.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
index 2c5924a7a..f91fcd602 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Attr.IDPrefixLocal.txt
@@ -1,14 +1,14 @@
-Attr.IDPrefixLocal
-TYPE: string
-VERSION: 1.2.0
-DEFAULT: ''
---DESCRIPTION--
-Temporary prefix for IDs used in conjunction with %Attr.IDPrefix.  If you
-need to allow multiple sets of user content on web page, you may need to
-have a seperate prefix that changes with each iteration.  This way,
-seperately submitted user content displayed on the same page doesn't
-clobber each other. Ideal values are unique identifiers for the content it
-represents (i.e. the id of the row in the database). Be sure to add a
-seperator (like an underscore) at the end.  Warning: this directive will
-not work unless %Attr.IDPrefix is set to a non-empty value!
---# vim: et sw=4 sts=4
+Attr.IDPrefixLocal
+TYPE: string
+VERSION: 1.2.0
+DEFAULT: ''
+--DESCRIPTION--
+Temporary prefix for IDs used in conjunction with %Attr.IDPrefix.  If you
+need to allow multiple sets of user content on web page, you may need to
+have a seperate prefix that changes with each iteration.  This way,
+seperately submitted user content displayed on the same page doesn't
+clobber each other. Ideal values are unique identifiers for the content it
+represents (i.e. the id of the row in the database). Be sure to add a
+seperator (like an underscore) at the end.  Warning: this directive will
+not work unless %Attr.IDPrefix is set to a non-empty value!
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
index d5caa1bb9..2d7f94e02 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.AutoParagraph.txt
@@ -1,31 +1,31 @@
-AutoFormat.AutoParagraph
-TYPE: bool
-VERSION: 2.0.1
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-  This directive turns on auto-paragraphing, where double newlines are
-  converted in to paragraphs whenever possible. Auto-paragraphing:
-</p>
-<ul>
-  <li>Always applies to inline elements or text in the root node,</li>
-  <li>Applies to inline elements or text with double newlines in nodes
-      that allow paragraph tags,</li>
-  <li>Applies to double newlines in paragraph tags</li>
-</ul>
-<p>
-  <code>p</code> tags must be allowed for this directive to take effect.
-  We do not use <code>br</code> tags for paragraphing, as that is
-  semantically incorrect.
-</p>
-<p>
-  To prevent auto-paragraphing as a content-producer, refrain from using
-  double-newlines except to specify a new paragraph or in contexts where
-  it has special meaning (whitespace usually has no meaning except in
-  tags like <code>pre</code>, so this should not be difficult.) To prevent
-  the paragraphing of inline text adjacent to block elements, wrap them
-  in <code>div</code> tags (the behavior is slightly different outside of
-  the root node.)
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.AutoParagraph
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  This directive turns on auto-paragraphing, where double newlines are
+  converted in to paragraphs whenever possible. Auto-paragraphing:
+</p>
+<ul>
+  <li>Always applies to inline elements or text in the root node,</li>
+  <li>Applies to inline elements or text with double newlines in nodes
+      that allow paragraph tags,</li>
+  <li>Applies to double newlines in paragraph tags</li>
+</ul>
+<p>
+  <code>p</code> tags must be allowed for this directive to take effect.
+  We do not use <code>br</code> tags for paragraphing, as that is
+  semantically incorrect.
+</p>
+<p>
+  To prevent auto-paragraphing as a content-producer, refrain from using
+  double-newlines except to specify a new paragraph or in contexts where
+  it has special meaning (whitespace usually has no meaning except in
+  tags like <code>pre</code>, so this should not be difficult.) To prevent
+  the paragraphing of inline text adjacent to block elements, wrap them
+  in <code>div</code> tags (the behavior is slightly different outside of
+  the root node.)
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
index 2a476481a..2eb1974fd 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Custom.txt
@@ -1,12 +1,12 @@
-AutoFormat.Custom
-TYPE: list
-VERSION: 2.0.1
-DEFAULT: array()
---DESCRIPTION--
-
-<p>
-  This directive can be used to add custom auto-format injectors.
-  Specify an array of injector names (class name minus the prefix)
-  or concrete implementations. Injector class must exist.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.Custom
+TYPE: list
+VERSION: 2.0.1
+DEFAULT: array()
+--DESCRIPTION--
+
+<p>
+  This directive can be used to add custom auto-format injectors.
+  Specify an array of injector names (class name minus the prefix)
+  or concrete implementations. Injector class must exist.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
index 663064a34..c955de7f6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt
@@ -1,11 +1,11 @@
-AutoFormat.DisplayLinkURI
-TYPE: bool
-VERSION: 3.2.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-  This directive turns on the in-text display of URIs in &lt;a&gt; tags, and disables
-  those links. For example, <a href="http://example.com">example</a> becomes
-  example (<a>http://example.com</a>).
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.DisplayLinkURI
+TYPE: bool
+VERSION: 3.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  This directive turns on the in-text display of URIs in &lt;a&gt; tags, and disables
+  those links. For example, <a href="http://example.com">example</a> becomes
+  example (<a>http://example.com</a>).
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
index 3a48ba960..328b2b2bf 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.Linkify.txt
@@ -1,12 +1,12 @@
-AutoFormat.Linkify
-TYPE: bool
-VERSION: 2.0.1
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-  This directive turns on linkification, auto-linking http, ftp and
-  https URLs. <code>a</code> tags with the <code>href</code> attribute
-  must be allowed.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.Linkify
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  This directive turns on linkification, auto-linking http, ftp and
+  https URLs. <code>a</code> tags with the <code>href</code> attribute
+  must be allowed.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
index db58b1346..d0532b6ba 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.DocURL.txt
@@ -1,12 +1,12 @@
-AutoFormat.PurifierLinkify.DocURL
-TYPE: string
-VERSION: 2.0.1
-DEFAULT: '#%s'
-ALIASES: AutoFormatParam.PurifierLinkifyDocURL
---DESCRIPTION--
-<p>
-  Location of configuration documentation to link to, let %s substitute
-  into the configuration's namespace and directive names sans the percent
-  sign.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.PurifierLinkify.DocURL
+TYPE: string
+VERSION: 2.0.1
+DEFAULT: '#%s'
+ALIASES: AutoFormatParam.PurifierLinkifyDocURL
+--DESCRIPTION--
+<p>
+  Location of configuration documentation to link to, let %s substitute
+  into the configuration's namespace and directive names sans the percent
+  sign.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
index 7996488be..f3ab259a1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.PurifierLinkify.txt
@@ -1,12 +1,12 @@
-AutoFormat.PurifierLinkify
-TYPE: bool
-VERSION: 2.0.1
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-  Internal auto-formatter that converts configuration directives in
-  syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
-  with the <code>href</code> attribute must be allowed.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.PurifierLinkify
+TYPE: bool
+VERSION: 2.0.1
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+  Internal auto-formatter that converts configuration directives in
+  syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
+  with the <code>href</code> attribute must be allowed.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt
index 6367fe23c..376f771ea 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.Predicate.txt
@@ -1,14 +1,14 @@
-AutoFormat.RemoveEmpty.Predicate
-TYPE: hash
-VERSION: 4.7.0
-DEFAULT: array('colgroup' => array(), 'th' => array(), 'td' => array(), 'iframe' => array('src'))
---DESCRIPTION--
-<p>
-  Given that an element has no contents, it will be removed by default, unless
-  this predicate dictates otherwise.  The predicate can either be an associative
-  map from tag name to list of attributes that must be present for the element
-  to be considered preserved: thus, the default always preserves <code>colgroup</code>,
-  <code>th</code> and <code>td</code>, and also <code>iframe</code> if it
-  has a <code>src</code>.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.RemoveEmpty.Predicate
+TYPE: hash
+VERSION: 4.7.0
+DEFAULT: array('colgroup' => array(), 'th' => array(), 'td' => array(), 'iframe' => array('src'))
+--DESCRIPTION--
+<p>
+  Given that an element has no contents, it will be removed by default, unless
+  this predicate dictates otherwise.  The predicate can either be an associative
+  map from tag name to list of attributes that must be present for the element
+  to be considered preserved: thus, the default always preserves <code>colgroup</code>,
+  <code>th</code> and <code>td</code>, and also <code>iframe</code> if it
+  has a <code>src</code>.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
index 35c393b4e..219d04ac4 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions.txt
@@ -1,11 +1,11 @@
-AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
-TYPE: lookup
-VERSION: 4.0.0
-DEFAULT: array('td' => true, 'th' => true)
---DESCRIPTION--
-<p>
-  When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
-  are enabled, this directive defines what HTML elements should not be
-  removede if they have only a non-breaking space in them.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions
+TYPE: lookup
+VERSION: 4.0.0
+DEFAULT: array('td' => true, 'th' => true)
+--DESCRIPTION--
+<p>
+  When %AutoFormat.RemoveEmpty and %AutoFormat.RemoveEmpty.RemoveNbsp
+  are enabled, this directive defines what HTML elements should not be
+  removede if they have only a non-breaking space in them.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
index ca17eb1dc..9228dee22 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.RemoveNbsp.txt
@@ -6,7 +6,7 @@ DEFAULT: false
 <p>
   When enabled, HTML Purifier will treat any elements that contain only
   non-breaking spaces as well as regular whitespace as empty, and remove
-  them when %AutoForamt.RemoveEmpty is enabled.
+  them when %AutoFormat.RemoveEmpty is enabled.
 </p>
 <p>
   See %AutoFormat.RemoveEmpty.RemoveNbsp.Exceptions for a list of elements
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
index 34657ba47..6b5a7a5c9 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveEmpty.txt
@@ -1,46 +1,46 @@
-AutoFormat.RemoveEmpty
-TYPE: bool
-VERSION: 3.2.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-  When enabled, HTML Purifier will attempt to remove empty elements that
-  contribute no semantic information to the document. The following types
-  of nodes will be removed:
-</p>
-<ul><li>
-    Tags with no attributes and no content, and that are not empty
-    elements (remove <code>&lt;a&gt;&lt;/a&gt;</code> but not
-    <code>&lt;br /&gt;</code>), and
-  </li>
-  <li>
-    Tags with no content, except for:<ul>
-      <li>The <code>colgroup</code> element, or</li>
-      <li>
-        Elements with the <code>id</code> or <code>name</code> attribute,
-        when those attributes are permitted on those elements.
-      </li>
-    </ul></li>
-</ul>
-<p>
-  Please be very careful when using this functionality; while it may not
-  seem that empty elements contain useful information, they can alter the
-  layout of a document given appropriate styling. This directive is most
-  useful when you are processing machine-generated HTML, please avoid using
-  it on regular user HTML.
-</p>
-<p>
-  Elements that contain only whitespace will be treated as empty. Non-breaking
-  spaces, however, do not count as whitespace. See
-  %AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
-</p>
-<p>
-  This algorithm is not perfect; you may still notice some empty tags,
-  particularly if a node had elements, but those elements were later removed
-  because they were not permitted in that context, or tags that, after
-  being auto-closed by another tag, where empty. This is for safety reasons
-  to prevent clever code from breaking validation. The general rule of thumb:
-  if a tag looked empty on the way in, it will get removed; if HTML Purifier
-  made it empty, it will stay.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.RemoveEmpty
+TYPE: bool
+VERSION: 3.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  When enabled, HTML Purifier will attempt to remove empty elements that
+  contribute no semantic information to the document. The following types
+  of nodes will be removed:
+</p>
+<ul><li>
+    Tags with no attributes and no content, and that are not empty
+    elements (remove <code>&lt;a&gt;&lt;/a&gt;</code> but not
+    <code>&lt;br /&gt;</code>), and
+  </li>
+  <li>
+    Tags with no content, except for:<ul>
+      <li>The <code>colgroup</code> element, or</li>
+      <li>
+        Elements with the <code>id</code> or <code>name</code> attribute,
+        when those attributes are permitted on those elements.
+      </li>
+    </ul></li>
+</ul>
+<p>
+  Please be very careful when using this functionality; while it may not
+  seem that empty elements contain useful information, they can alter the
+  layout of a document given appropriate styling. This directive is most
+  useful when you are processing machine-generated HTML, please avoid using
+  it on regular user HTML.
+</p>
+<p>
+  Elements that contain only whitespace will be treated as empty. Non-breaking
+  spaces, however, do not count as whitespace. See
+  %AutoFormat.RemoveEmpty.RemoveNbsp for alternate behavior.
+</p>
+<p>
+  This algorithm is not perfect; you may still notice some empty tags,
+  particularly if a node had elements, but those elements were later removed
+  because they were not permitted in that context, or tags that, after
+  being auto-closed by another tag, where empty. This is for safety reasons
+  to prevent clever code from breaking validation. The general rule of thumb:
+  if a tag looked empty on the way in, it will get removed; if HTML Purifier
+  made it empty, it will stay.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
index dde990ab2..a448770e5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/AutoFormat.RemoveSpansWithoutAttributes.txt
@@ -1,11 +1,11 @@
-AutoFormat.RemoveSpansWithoutAttributes
-TYPE: bool
-VERSION: 4.0.1
-DEFAULT: false
---DESCRIPTION--
-<p>
-  This directive causes <code>span</code> tags without any attributes
-  to be removed. It will also remove spans that had all attributes
-  removed during processing.
-</p>
---# vim: et sw=4 sts=4
+AutoFormat.RemoveSpansWithoutAttributes
+TYPE: bool
+VERSION: 4.0.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  This directive causes <code>span</code> tags without any attributes
+  to be removed. It will also remove spans that had all attributes
+  removed during processing.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt
index 4d054b1f0..acfeab3c8 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt
@@ -1,11 +1,11 @@
-CSS.AllowDuplicates
-TYPE: bool
-DEFAULT: false
-VERSION: 4.8.0
---DESCRIPTION--
-<p>
-  By default, HTML Purifier removes duplicate CSS properties,
-  like <code>color:red; color:blue</code>.  If this is set to
-  true, duplicate properties are allowed.
-</p>
---# vim: et sw=4 sts=4
+CSS.AllowDuplicates
+TYPE: bool
+DEFAULT: false
+VERSION: 4.8.0
+--DESCRIPTION--
+<p>
+  By default, HTML Purifier removes duplicate CSS properties,
+  like <code>color:red; color:blue</code>.  If this is set to
+  true, duplicate properties are allowed.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
index b324608f7..8096eb01a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowImportant.txt
@@ -1,8 +1,8 @@
-CSS.AllowImportant
-TYPE: bool
-DEFAULT: false
-VERSION: 3.1.0
---DESCRIPTION--
-This parameter determines whether or not !important cascade modifiers should
-be allowed in user CSS. If false, !important will stripped.
---# vim: et sw=4 sts=4
+CSS.AllowImportant
+TYPE: bool
+DEFAULT: false
+VERSION: 3.1.0
+--DESCRIPTION--
+This parameter determines whether or not !important cascade modifiers should
+be allowed in user CSS. If false, !important will stripped.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
index 748be0eec..9d34debc4 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowTricky.txt
@@ -1,11 +1,11 @@
-CSS.AllowTricky
-TYPE: bool
-DEFAULT: false
-VERSION: 3.1.0
---DESCRIPTION--
-This parameter determines whether or not to allow "tricky" CSS properties and
-values. Tricky CSS properties/values can drastically modify page layout or
-be used for deceptive practices but do not directly constitute a security risk.
-For example, <code>display:none;</code> is considered a tricky property that
-will only be allowed if this directive is set to true.
---# vim: et sw=4 sts=4
+CSS.AllowTricky
+TYPE: bool
+DEFAULT: false
+VERSION: 3.1.0
+--DESCRIPTION--
+This parameter determines whether or not to allow "tricky" CSS properties and
+values. Tricky CSS properties/values can drastically modify page layout or
+be used for deceptive practices but do not directly constitute a security risk.
+For example, <code>display:none;</code> is considered a tricky property that
+will only be allowed if this directive is set to true.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
index 3fd465406..7c2b54763 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt
@@ -1,12 +1,12 @@
-CSS.AllowedFonts
-TYPE: lookup/null
-VERSION: 4.3.0
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    Allows you to manually specify a set of allowed fonts.  If
-    <code>NULL</code>, all fonts are allowed.  This directive
-    affects generic names (serif, sans-serif, monospace, cursive,
-    fantasy) as well as specific font families.
-</p>
---# vim: et sw=4 sts=4
+CSS.AllowedFonts
+TYPE: lookup/null
+VERSION: 4.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    Allows you to manually specify a set of allowed fonts.  If
+    <code>NULL</code>, all fonts are allowed.  This directive
+    affects generic names (serif, sans-serif, monospace, cursive,
+    fantasy) as well as specific font families.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
index 460112ebe..f1ba513c3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.AllowedProperties.txt
@@ -1,18 +1,18 @@
-CSS.AllowedProperties
-TYPE: lookup/null
-VERSION: 3.1.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    If HTML Purifier's style attributes set is unsatisfactory for your needs,
-    you can overload it with your own list of tags to allow.  Note that this
-    method is subtractive: it does its job by taking away from HTML Purifier
-    usual feature set, so you cannot add an attribute that HTML Purifier never
-    supported in the first place.
-</p>
-<p>
-    <strong>Warning:</strong> If another directive conflicts with the
-    elements here, <em>that</em> directive will win and override.
-</p>
---# vim: et sw=4 sts=4
+CSS.AllowedProperties
+TYPE: lookup/null
+VERSION: 3.1.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    If HTML Purifier's style attributes set is unsatisfactory for your needs,
+    you can overload it with your own list of tags to allow.  Note that this
+    method is subtractive: it does its job by taking away from HTML Purifier
+    usual feature set, so you cannot add an attribute that HTML Purifier never
+    supported in the first place.
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
index 5cb7dda3b..96b410829 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.DefinitionRev.txt
@@ -1,11 +1,11 @@
-CSS.DefinitionRev
-TYPE: int
-VERSION: 2.0.0
-DEFAULT: 1
---DESCRIPTION--
-
-<p>
-    Revision identifier for your custom definition. See
-    %HTML.DefinitionRev for details.
-</p>
---# vim: et sw=4 sts=4
+CSS.DefinitionRev
+TYPE: int
+VERSION: 2.0.0
+DEFAULT: 1
+--DESCRIPTION--
+
+<p>
+    Revision identifier for your custom definition. See
+    %HTML.DefinitionRev for details.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
index f1f5c5f12..923e8e995 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.ForbiddenProperties.txt
@@ -1,13 +1,13 @@
-CSS.ForbiddenProperties
-TYPE: lookup
-VERSION: 4.2.0
-DEFAULT: array()
---DESCRIPTION--
-<p>
-    This is the logical inverse of %CSS.AllowedProperties, and it will
-    override that directive or any other directive.  If possible,
-    %CSS.AllowedProperties is recommended over this directive,
-    because it can sometimes be difficult to tell whether or not you've
-    forbidden all of the CSS properties you truly would like to disallow.
-</p>
---# vim: et sw=4 sts=4
+CSS.ForbiddenProperties
+TYPE: lookup
+VERSION: 4.2.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    This is the logical inverse of %CSS.AllowedProperties, and it will
+    override that directive or any other directive.  If possible,
+    %CSS.AllowedProperties is recommended over this directive,
+    because it can sometimes be difficult to tell whether or not you've
+    forbidden all of the CSS properties you truly would like to disallow.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
index 7a3291470..3808581e2 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.MaxImgLength.txt
@@ -1,16 +1,16 @@
-CSS.MaxImgLength
-TYPE: string/null
-DEFAULT: '1200px'
-VERSION: 3.1.1
---DESCRIPTION--
-<p>
- This parameter sets the maximum allowed length on <code>img</code> tags,
- effectively the <code>width</code> and <code>height</code> properties.
- Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
- in place to prevent imagecrash attacks, disable with null at your own risk.
- This directive is similar to %HTML.MaxImgLength, and both should be
- concurrently edited, although there are
- subtle differences in the input format (the CSS max is a number with
- a unit).
-</p>
---# vim: et sw=4 sts=4
+CSS.MaxImgLength
+TYPE: string/null
+DEFAULT: '1200px'
+VERSION: 3.1.1
+--DESCRIPTION--
+<p>
+ This parameter sets the maximum allowed length on <code>img</code> tags,
+ effectively the <code>width</code> and <code>height</code> properties.
+ Only absolute units of measurement (in, pt, pc, mm, cm) and pixels (px) are allowed. This is
+ in place to prevent imagecrash attacks, disable with null at your own risk.
+ This directive is similar to %HTML.MaxImgLength, and both should be
+ concurrently edited, although there are
+ subtle differences in the input format (the CSS max is a number with
+ a unit).
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
index 148eedb8b..8a26f228d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Proprietary.txt
@@ -1,10 +1,10 @@
-CSS.Proprietary
-TYPE: bool
-VERSION: 3.0.0
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-    Whether or not to allow safe, proprietary CSS values.
-</p>
---# vim: et sw=4 sts=4
+CSS.Proprietary
+TYPE: bool
+VERSION: 3.0.0
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+    Whether or not to allow safe, proprietary CSS values.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
index e733a61e8..917ec42ba 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
@@ -1,9 +1,9 @@
-CSS.Trusted
-TYPE: bool
-VERSION: 4.2.1
-DEFAULT: false
---DESCRIPTION--
-Indicates whether or not the user's CSS input is trusted or not. If the
-input is trusted, a more expansive set of allowed properties.  See
-also %HTML.Trusted.
---# vim: et sw=4 sts=4
+CSS.Trusted
+TYPE: bool
+VERSION: 4.2.1
+DEFAULT: false
+--DESCRIPTION--
+Indicates whether or not the user's CSS input is trusted or not. If the
+input is trusted, a more expansive set of allowed properties.  See
+also %HTML.Trusted.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
index c486724c8..afc6a87a6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.DefinitionImpl.txt
@@ -1,14 +1,14 @@
-Cache.DefinitionImpl
-TYPE: string/null
-VERSION: 2.0.0
-DEFAULT: 'Serializer'
---DESCRIPTION--
-
-This directive defines which method to use when caching definitions,
-the complex data-type that makes HTML Purifier tick. Set to null
-to disable caching (not recommended, as you will see a definite
-performance degradation).
-
---ALIASES--
-Core.DefinitionCache
---# vim: et sw=4 sts=4
+Cache.DefinitionImpl
+TYPE: string/null
+VERSION: 2.0.0
+DEFAULT: 'Serializer'
+--DESCRIPTION--
+
+This directive defines which method to use when caching definitions,
+the complex data-type that makes HTML Purifier tick. Set to null
+to disable caching (not recommended, as you will see a definite
+performance degradation).
+
+--ALIASES--
+Core.DefinitionCache
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
index 54036507d..668f248af 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPath.txt
@@ -1,13 +1,13 @@
-Cache.SerializerPath
-TYPE: string/null
-VERSION: 2.0.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    Absolute path with no trailing slash to store serialized definitions in.
-    Default is within the
-    HTML Purifier library inside DefinitionCache/Serializer. This
-    path must be writable by the webserver.
-</p>
---# vim: et sw=4 sts=4
+Cache.SerializerPath
+TYPE: string/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Absolute path with no trailing slash to store serialized definitions in.
+    Default is within the
+    HTML Purifier library inside DefinitionCache/Serializer. This
+    path must be writable by the webserver.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
index 2e0cc8104..f6059e672 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Cache.SerializerPermissions.txt
@@ -1,16 +1,16 @@
-Cache.SerializerPermissions
-TYPE: int/null
-VERSION: 4.3.0
-DEFAULT: 0755
---DESCRIPTION--
-
-<p>
-    Directory permissions of the files and directories created inside
-    the DefinitionCache/Serializer or other custom serializer path.
-</p>
-<p>
-    In HTML Purifier 4.8.0, this also supports <code>NULL</code>,
-    which means that no chmod'ing or directory creation shall
-    occur.
-</p>
---# vim: et sw=4 sts=4
+Cache.SerializerPermissions
+TYPE: int/null
+VERSION: 4.3.0
+DEFAULT: 0755
+--DESCRIPTION--
+
+<p>
+    Directory permissions of the files and directories created inside
+    the DefinitionCache/Serializer or other custom serializer path.
+</p>
+<p>
+    In HTML Purifier 4.8.0, this also supports <code>NULL</code>,
+    which means that no chmod'ing or directory creation shall
+    occur.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
index 568cbf3b3..e0fa378ea 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyFixLt.txt
@@ -1,18 +1,18 @@
-Core.AggressivelyFixLt
-TYPE: bool
-VERSION: 2.1.0
-DEFAULT: true
---DESCRIPTION--
-<p>
-    This directive enables aggressive pre-filter fixes HTML Purifier can
-    perform in order to ensure that open angled-brackets do not get killed
-    during parsing stage. Enabling this will result in two preg_replace_callback
-    calls and at least two preg_replace calls for every HTML document parsed;
-    if your users make very well-formed HTML, you can set this directive false.
-    This has no effect when DirectLex is used.
-</p>
-<p>
-    <strong>Notice:</strong> This directive's default turned from false to true
-    in HTML Purifier 3.2.0.
-</p>
---# vim: et sw=4 sts=4
+Core.AggressivelyFixLt
+TYPE: bool
+VERSION: 2.1.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    This directive enables aggressive pre-filter fixes HTML Purifier can
+    perform in order to ensure that open angled-brackets do not get killed
+    during parsing stage. Enabling this will result in two preg_replace_callback
+    calls and at least two preg_replace calls for every HTML document parsed;
+    if your users make very well-formed HTML, you can set this directive false.
+    This has no effect when DirectLex is used.
+</p>
+<p>
+    <strong>Notice:</strong> This directive's default turned from false to true
+    in HTML Purifier 3.2.0.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
index b2b6ab149..fb140b69d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
@@ -1,16 +1,16 @@
-Core.AggressivelyRemoveScript
-TYPE: bool
-VERSION: 4.9.0
-DEFAULT: true
---DESCRIPTION--
-<p>
-    This directive enables aggressive pre-filter removal of
-    script tags.  This is not necessary for security,
-    but it can help work around a bug in libxml where embedded
-    HTML elements inside script sections cause the parser to
-    choke.  To revert to pre-4.9.0 behavior, set this to false.
-    This directive has no effect if %Core.Trusted is true,
-    %Core.RemoveScriptContents is false, or %Core.HiddenElements
-    does not contain script.
-</p>
---# vim: et sw=4 sts=4
+Core.AggressivelyRemoveScript
+TYPE: bool
+VERSION: 4.9.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    This directive enables aggressive pre-filter removal of
+    script tags.  This is not necessary for security,
+    but it can help work around a bug in libxml where embedded
+    HTML elements inside script sections cause the parser to
+    choke.  To revert to pre-4.9.0 behavior, set this to false.
+    This directive has no effect if %Core.Trusted is true,
+    %Core.RemoveScriptContents is false, or %Core.HiddenElements
+    does not contain script.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
index 2c910cc7d..405d36f17 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowHostnameUnderscore.txt
@@ -1,16 +1,16 @@
-Core.AllowHostnameUnderscore
-TYPE: bool
-VERSION: 4.6.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    By RFC 1123, underscores are not permitted in host names.
-    (This is in contrast to the specification for DNS, RFC
-    2181, which allows underscores.)
-    However, most browsers do the right thing when faced with
-    an underscore in the host name, and so some poorly written
-    websites are written with the expectation this should work.
-    Setting this parameter to true relaxes our allowed character
-    check so that underscores are permitted.
-</p>
---# vim: et sw=4 sts=4
+Core.AllowHostnameUnderscore
+TYPE: bool
+VERSION: 4.6.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    By RFC 1123, underscores are not permitted in host names.
+    (This is in contrast to the specification for DNS, RFC
+    2181, which allows underscores.)
+    However, most browsers do the right thing when faced with
+    an underscore in the host name, and so some poorly written
+    websites are written with the expectation this should work.
+    Setting this parameter to true relaxes our allowed character
+    check so that underscores are permitted.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt
new file mode 100644
index 000000000..06278f82a
--- /dev/null
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.AllowParseManyTags.txt
@@ -0,0 +1,12 @@
+Core.AllowParseManyTags
+TYPE: bool
+DEFAULT: false
+VERSION: 4.10.1
+--DESCRIPTION--
+<p>
+    This directive allows parsing of many nested tags.
+    If you set true, relaxes any hardcoded limit from the parser.
+    However, in that case it may cause a Dos attack.
+    Be careful when enabling it.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
index d7317911f..c6ea06990 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.CollectErrors.txt
@@ -1,12 +1,12 @@
-Core.CollectErrors
-TYPE: bool
-VERSION: 2.0.0
-DEFAULT: false
---DESCRIPTION--
-
-Whether or not to collect errors found while filtering the document. This
-is a useful way to give feedback to your users. <strong>Warning:</strong>
-Currently this feature is very patchy and experimental, with lots of
-possible error messages not yet implemented. It will not cause any
-problems, but it may not help your users either.
---# vim: et sw=4 sts=4
+Core.CollectErrors
+TYPE: bool
+VERSION: 2.0.0
+DEFAULT: false
+--DESCRIPTION--
+
+Whether or not to collect errors found while filtering the document. This
+is a useful way to give feedback to your users. <strong>Warning:</strong>
+Currently this feature is very patchy and experimental, with lots of
+possible error messages not yet implemented. It will not cause any
+problems, but it may not help your users either.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
index c572c14ec..a75844cd5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ColorKeywords.txt
@@ -3,23 +3,154 @@ TYPE: hash
 VERSION: 2.0.0
 --DEFAULT--
 array (
-  'maroon' => '#800000',
-  'red' => '#FF0000',
-  'orange' => '#FFA500',
-  'yellow' => '#FFFF00',
-  'olive' => '#808000',
-  'purple' => '#800080',
-  'fuchsia' => '#FF00FF',
-  'white' => '#FFFFFF',
-  'lime' => '#00FF00',
-  'green' => '#008000',
-  'navy' => '#000080',
-  'blue' => '#0000FF',
+  'aliceblue' => '#F0F8FF',
+  'antiquewhite' => '#FAEBD7',
   'aqua' => '#00FFFF',
-  'teal' => '#008080',
+  'aquamarine' => '#7FFFD4',
+  'azure' => '#F0FFFF',
+  'beige' => '#F5F5DC',
+  'bisque' => '#FFE4C4',
   'black' => '#000000',
-  'silver' => '#C0C0C0',
+  'blanchedalmond' => '#FFEBCD',
+  'blue' => '#0000FF',
+  'blueviolet' => '#8A2BE2',
+  'brown' => '#A52A2A',
+  'burlywood' => '#DEB887',
+  'cadetblue' => '#5F9EA0',
+  'chartreuse' => '#7FFF00',
+  'chocolate' => '#D2691E',
+  'coral' => '#FF7F50',
+  'cornflowerblue' => '#6495ED',
+  'cornsilk' => '#FFF8DC',
+  'crimson' => '#DC143C',
+  'cyan' => '#00FFFF',
+  'darkblue' => '#00008B',
+  'darkcyan' => '#008B8B',
+  'darkgoldenrod' => '#B8860B',
+  'darkgray' => '#A9A9A9',
+  'darkgrey' => '#A9A9A9',
+  'darkgreen' => '#006400',
+  'darkkhaki' => '#BDB76B',
+  'darkmagenta' => '#8B008B',
+  'darkolivegreen' => '#556B2F',
+  'darkorange' => '#FF8C00',
+  'darkorchid' => '#9932CC',
+  'darkred' => '#8B0000',
+  'darksalmon' => '#E9967A',
+  'darkseagreen' => '#8FBC8F',
+  'darkslateblue' => '#483D8B',
+  'darkslategray' => '#2F4F4F',
+  'darkslategrey' => '#2F4F4F',
+  'darkturquoise' => '#00CED1',
+  'darkviolet' => '#9400D3',
+  'deeppink' => '#FF1493',
+  'deepskyblue' => '#00BFFF',
+  'dimgray' => '#696969',
+  'dimgrey' => '#696969',
+  'dodgerblue' => '#1E90FF',
+  'firebrick' => '#B22222',
+  'floralwhite' => '#FFFAF0',
+  'forestgreen' => '#228B22',
+  'fuchsia' => '#FF00FF',
+  'gainsboro' => '#DCDCDC',
+  'ghostwhite' => '#F8F8FF',
+  'gold' => '#FFD700',
+  'goldenrod' => '#DAA520',
   'gray' => '#808080',
+  'grey' => '#808080',
+  'green' => '#008000',
+  'greenyellow' => '#ADFF2F',
+  'honeydew' => '#F0FFF0',
+  'hotpink' => '#FF69B4',
+  'indianred' => '#CD5C5C',
+  'indigo' => '#4B0082',
+  'ivory' => '#FFFFF0',
+  'khaki' => '#F0E68C',
+  'lavender' => '#E6E6FA',
+  'lavenderblush' => '#FFF0F5',
+  'lawngreen' => '#7CFC00',
+  'lemonchiffon' => '#FFFACD',
+  'lightblue' => '#ADD8E6',
+  'lightcoral' => '#F08080',
+  'lightcyan' => '#E0FFFF',
+  'lightgoldenrodyellow' => '#FAFAD2',
+  'lightgray' => '#D3D3D3',
+  'lightgrey' => '#D3D3D3',
+  'lightgreen' => '#90EE90',
+  'lightpink' => '#FFB6C1',
+  'lightsalmon' => '#FFA07A',
+  'lightseagreen' => '#20B2AA',
+  'lightskyblue' => '#87CEFA',
+  'lightslategray' => '#778899',
+  'lightslategrey' => '#778899',
+  'lightsteelblue' => '#B0C4DE',
+  'lightyellow' => '#FFFFE0',
+  'lime' => '#00FF00',
+  'limegreen' => '#32CD32',
+  'linen' => '#FAF0E6',
+  'magenta' => '#FF00FF',
+  'maroon' => '#800000',
+  'mediumaquamarine' => '#66CDAA',
+  'mediumblue' => '#0000CD',
+  'mediumorchid' => '#BA55D3',
+  'mediumpurple' => '#9370DB',
+  'mediumseagreen' => '#3CB371',
+  'mediumslateblue' => '#7B68EE',
+  'mediumspringgreen' => '#00FA9A',
+  'mediumturquoise' => '#48D1CC',
+  'mediumvioletred' => '#C71585',
+  'midnightblue' => '#191970',
+  'mintcream' => '#F5FFFA',
+  'mistyrose' => '#FFE4E1',
+  'moccasin' => '#FFE4B5',
+  'navajowhite' => '#FFDEAD',
+  'navy' => '#000080',
+  'oldlace' => '#FDF5E6',
+  'olive' => '#808000',
+  'olivedrab' => '#6B8E23',
+  'orange' => '#FFA500',
+  'orangered' => '#FF4500',
+  'orchid' => '#DA70D6',
+  'palegoldenrod' => '#EEE8AA',
+  'palegreen' => '#98FB98',
+  'paleturquoise' => '#AFEEEE',
+  'palevioletred' => '#DB7093',
+  'papayawhip' => '#FFEFD5',
+  'peachpuff' => '#FFDAB9',
+  'peru' => '#CD853F',
+  'pink' => '#FFC0CB',
+  'plum' => '#DDA0DD',
+  'powderblue' => '#B0E0E6',
+  'purple' => '#800080',
+  'rebeccapurple' => '#663399',
+  'red' => '#FF0000',
+  'rosybrown' => '#BC8F8F',
+  'royalblue' => '#4169E1',
+  'saddlebrown' => '#8B4513',
+  'salmon' => '#FA8072',
+  'sandybrown' => '#F4A460',
+  'seagreen' => '#2E8B57',
+  'seashell' => '#FFF5EE',
+  'sienna' => '#A0522D',
+  'silver' => '#C0C0C0',
+  'skyblue' => '#87CEEB',
+  'slateblue' => '#6A5ACD',
+  'slategray' => '#708090',
+  'slategrey' => '#708090',
+  'snow' => '#FFFAFA',
+  'springgreen' => '#00FF7F',
+  'steelblue' => '#4682B4',
+  'tan' => '#D2B48C',
+  'teal' => '#008080',
+  'thistle' => '#D8BFD8',
+  'tomato' => '#FF6347',
+  'turquoise' => '#40E0D0',
+  'violet' => '#EE82EE',
+  'wheat' => '#F5DEB3',
+  'white' => '#FFFFFF',
+  'whitesmoke' => '#F5F5F5',
+  'yellow' => '#FFFF00',
+  'yellowgreen' => '#9ACD32'
 )
 --DESCRIPTION--
 
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
index 64b114fce..656d3783a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.ConvertDocumentToFragment.txt
@@ -1,14 +1,14 @@
-Core.ConvertDocumentToFragment
-TYPE: bool
-DEFAULT: true
---DESCRIPTION--
-
-This parameter determines whether or not the filter should convert
-input that is a full document with html and body tags to a fragment
-of just the contents of a body tag. This parameter is simply something
-HTML Purifier can do during an edge-case: for most inputs, this
-processing is not necessary.
-
---ALIASES--
-Core.AcceptFullDocuments
---# vim: et sw=4 sts=4
+Core.ConvertDocumentToFragment
+TYPE: bool
+DEFAULT: true
+--DESCRIPTION--
+
+This parameter determines whether or not the filter should convert
+input that is a full document with html and body tags to a fragment
+of just the contents of a body tag. This parameter is simply something
+HTML Purifier can do during an edge-case: for most inputs, this
+processing is not necessary.
+
+--ALIASES--
+Core.AcceptFullDocuments
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
index 36f16e07e..2f54e462a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DirectLexLineNumberSyncInterval.txt
@@ -1,17 +1,17 @@
-Core.DirectLexLineNumberSyncInterval
-TYPE: int
-VERSION: 2.0.0
-DEFAULT: 0
---DESCRIPTION--
-
-<p>
-  Specifies the number of tokens the DirectLex line number tracking
-  implementations should process before attempting to resyncronize the
-  current line count by manually counting all previous new-lines. When
-  at 0, this functionality is disabled. Lower values will decrease
-  performance, and this is only strictly necessary if the counting
-  algorithm is buggy (in which case you should report it as a bug).
-  This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
-  not being used.
-</p>
---# vim: et sw=4 sts=4
+Core.DirectLexLineNumberSyncInterval
+TYPE: int
+VERSION: 2.0.0
+DEFAULT: 0
+--DESCRIPTION--
+
+<p>
+  Specifies the number of tokens the DirectLex line number tracking
+  implementations should process before attempting to resyncronize the
+  current line count by manually counting all previous new-lines. When
+  at 0, this functionality is disabled. Lower values will decrease
+  performance, and this is only strictly necessary if the counting
+  algorithm is buggy (in which case you should report it as a bug).
+  This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
+  not being used.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
index 1cd4c2c96..3c63c923c 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.DisableExcludes.txt
@@ -1,14 +1,14 @@
-Core.DisableExcludes
-TYPE: bool
-DEFAULT: false
-VERSION: 4.5.0
---DESCRIPTION--
-<p>
-  This directive disables SGML-style exclusions, e.g. the exclusion of
-  <code>&lt;object&gt;</code> in any descendant of a
-  <code>&lt;pre&gt;</code> tag.  Disabling excludes will allow some
-  invalid documents to pass through HTML Purifier, but HTML Purifier
-  will also be less likely to accidentally remove large documents during
-  processing.
-</p>
---# vim: et sw=4 sts=4
+Core.DisableExcludes
+TYPE: bool
+DEFAULT: false
+VERSION: 4.5.0
+--DESCRIPTION--
+<p>
+  This directive disables SGML-style exclusions, e.g. the exclusion of
+  <code>&lt;object&gt;</code> in any descendant of a
+  <code>&lt;pre&gt;</code> tag.  Disabling excludes will allow some
+  invalid documents to pass through HTML Purifier, but HTML Purifier
+  will also be less likely to accidentally remove large documents during
+  processing.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
index ce243c35d..7f498e7e7 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EnableIDNA.txt
@@ -1,9 +1,9 @@
-Core.EnableIDNA
-TYPE: bool
-DEFAULT: false
-VERSION: 4.4.0
---DESCRIPTION--
-Allows international domain names in URLs.  This configuration option
-requires the PEAR Net_IDNA2 module to be installed.  It operates by
-punycoding any internationalized host names for maximum portability.
---# vim: et sw=4 sts=4
+Core.EnableIDNA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.4.0
+--DESCRIPTION--
+Allows international domain names in URLs.  This configuration option
+requires the PEAR Net_IDNA2 module to be installed.  It operates by
+punycoding any internationalized host names for maximum portability.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
index 8bfb47c3a..89e2ae34b 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Encoding.txt
@@ -1,15 +1,15 @@
-Core.Encoding
-TYPE: istring
-DEFAULT: 'utf-8'
---DESCRIPTION--
-If for some reason you are unable to convert all webpages to UTF-8, you can
-use this directive as a stop-gap compatibility change to let HTML Purifier
-deal with non UTF-8 input.  This technique has notable deficiencies:
-absolutely no characters outside of the selected character encoding will be
-preserved, not even the ones that have been ampersand escaped (this is due
-to a UTF-8 specific <em>feature</em> that automatically resolves all
-entities), making it pretty useless for anything except the most I18N-blind
-applications, although %Core.EscapeNonASCIICharacters offers fixes this
-trouble with another tradeoff. This directive only accepts ISO-8859-1 if
-iconv is not enabled.
---# vim: et sw=4 sts=4
+Core.Encoding
+TYPE: istring
+DEFAULT: 'utf-8'
+--DESCRIPTION--
+If for some reason you are unable to convert all webpages to UTF-8, you can
+use this directive as a stop-gap compatibility change to let HTML Purifier
+deal with non UTF-8 input.  This technique has notable deficiencies:
+absolutely no characters outside of the selected character encoding will be
+preserved, not even the ones that have been ampersand escaped (this is due
+to a UTF-8 specific <em>feature</em> that automatically resolves all
+entities), making it pretty useless for anything except the most I18N-blind
+applications, although %Core.EscapeNonASCIICharacters offers fixes this
+trouble with another tradeoff. This directive only accepts ISO-8859-1 if
+iconv is not enabled.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
index a3881be75..1cc3fcda2 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidChildren.txt
@@ -1,12 +1,12 @@
-Core.EscapeInvalidChildren
-TYPE: bool
-DEFAULT: false
---DESCRIPTION--
-<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
-
-<p>When true, a child is found that is not allowed in the context of the
-parent element will be transformed into text as if it were ASCII. When
-false, that element and all internal tags will be dropped, though text will
-be preserved.  There is no option for dropping the element but preserving
-child nodes.</p>
---# vim: et sw=4 sts=4
+Core.EscapeInvalidChildren
+TYPE: bool
+DEFAULT: false
+--DESCRIPTION--
+<p><strong>Warning:</strong> this configuration option is no longer does anything as of 4.6.0.</p>
+
+<p>When true, a child is found that is not allowed in the context of the
+parent element will be transformed into text as if it were ASCII. When
+false, that element and all internal tags will be dropped, though text will
+be preserved.  There is no option for dropping the element but preserving
+child nodes.</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
index a7a5b249b..299775fab 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeInvalidTags.txt
@@ -1,7 +1,7 @@
-Core.EscapeInvalidTags
-TYPE: bool
-DEFAULT: false
---DESCRIPTION--
-When true, invalid tags will be written back to the document as plain text.
-Otherwise, they are silently dropped.
---# vim: et sw=4 sts=4
+Core.EscapeInvalidTags
+TYPE: bool
+DEFAULT: false
+--DESCRIPTION--
+When true, invalid tags will be written back to the document as plain text.
+Otherwise, they are silently dropped.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
index abb499948..f50db2f92 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.EscapeNonASCIICharacters.txt
@@ -1,13 +1,13 @@
-Core.EscapeNonASCIICharacters
-TYPE: bool
-VERSION: 1.4.0
-DEFAULT: false
---DESCRIPTION--
-This directive overcomes a deficiency in %Core.Encoding by blindly
-converting all non-ASCII characters into decimal numeric entities before
-converting it to its native encoding. This means that even characters that
-can be expressed in the non-UTF-8 encoding will be entity-ized, which can
-be a real downer for encodings like Big5. It also assumes that the ASCII
-repetoire is available, although this is the case for almost all encodings.
-Anyway, use UTF-8!
---# vim: et sw=4 sts=4
+Core.EscapeNonASCIICharacters
+TYPE: bool
+VERSION: 1.4.0
+DEFAULT: false
+--DESCRIPTION--
+This directive overcomes a deficiency in %Core.Encoding by blindly
+converting all non-ASCII characters into decimal numeric entities before
+converting it to its native encoding. This means that even characters that
+can be expressed in the non-UTF-8 encoding will be entity-ized, which can
+be a real downer for encodings like Big5. It also assumes that the ASCII
+repetoire is available, although this is the case for almost all encodings.
+Anyway, use UTF-8!
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
index 915391edb..c337e47fc 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.HiddenElements.txt
@@ -1,19 +1,19 @@
-Core.HiddenElements
-TYPE: lookup
---DEFAULT--
-array (
-  'script' => true,
-  'style' => true,
-)
---DESCRIPTION--
-
-<p>
-  This directive is a lookup array of elements which should have their
-  contents removed when they are not allowed by the HTML definition.
-  For example, the contents of a <code>script</code> tag are not
-  normally shown in a document, so if script tags are to be removed,
-  their contents should be removed to. This is opposed to a <code>b</code>
-  tag, which defines some presentational changes but does not hide its
-  contents.
-</p>
---# vim: et sw=4 sts=4
+Core.HiddenElements
+TYPE: lookup
+--DEFAULT--
+array (
+  'script' => true,
+  'style' => true,
+)
+--DESCRIPTION--
+
+<p>
+  This directive is a lookup array of elements which should have their
+  contents removed when they are not allowed by the HTML definition.
+  For example, the contents of a <code>script</code> tag are not
+  normally shown in a document, so if script tags are to be removed,
+  their contents should be removed to. This is opposed to a <code>b</code>
+  tag, which defines some presentational changes but does not hide its
+  contents.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
index 233fca14f..ed1f39b5f 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.Language.txt
@@ -1,10 +1,10 @@
-Core.Language
-TYPE: string
-VERSION: 2.0.0
-DEFAULT: 'en'
---DESCRIPTION--
-
-ISO 639 language code for localizable things in HTML Purifier to use,
-which is mainly error reporting. There is currently only an English (en)
-translation, so this directive is currently useless.
---# vim: et sw=4 sts=4
+Core.Language
+TYPE: string
+VERSION: 2.0.0
+DEFAULT: 'en'
+--DESCRIPTION--
+
+ISO 639 language code for localizable things in HTML Purifier to use,
+which is mainly error reporting. There is currently only an English (en)
+translation, so this directive is currently useless.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
index 392b43649..81d9ae4dc 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LegacyEntityDecoder.txt
@@ -1,36 +1,36 @@
-Core.LegacyEntityDecoder
-TYPE: bool
-VERSION: 4.9.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Prior to HTML Purifier 4.9.0, entities were decoded by performing
-    a global search replace for all entities whose decoded versions
-    did not have special meanings under HTML, and replaced them with
-    their decoded versions.  We would match all entities, even if they did
-    not have a trailing semicolon, but only if there weren't any trailing
-    alphanumeric characters.
-</p>
-<table>
-<tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
-<tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
-<tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
-<tr><td>&amp;yena</td><td>&amp;yena</td><td>&amp;yena</td></tr>
-<tr><td>&amp;yen=</td><td>&yen;=</td><td>&yen;=</td></tr>
-</table>
-<p>
-    In HTML Purifier 4.9.0, we changed the behavior of entity parsing
-    to match entities that had missing trailing semicolons in less
-    cases, to more closely match HTML5 parsing behavior:
-</p>
-<table>
-<tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
-<tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
-<tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
-<tr><td>&amp;yena</td><td>&yen;a</td><td>&amp;yena</td></tr>
-<tr><td>&amp;yen=</td><td>&yen;=</td><td>&amp;yen=</td></tr>
-</table>
-<p>
-    This flag reverts back to pre-HTML Purifier 4.9.0 behavior.
-</p>
---# vim: et sw=4 sts=4
+Core.LegacyEntityDecoder
+TYPE: bool
+VERSION: 4.9.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Prior to HTML Purifier 4.9.0, entities were decoded by performing
+    a global search replace for all entities whose decoded versions
+    did not have special meanings under HTML, and replaced them with
+    their decoded versions.  We would match all entities, even if they did
+    not have a trailing semicolon, but only if there weren't any trailing
+    alphanumeric characters.
+</p>
+<table>
+<tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
+<tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
+<tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
+<tr><td>&amp;yena</td><td>&amp;yena</td><td>&amp;yena</td></tr>
+<tr><td>&amp;yen=</td><td>&yen;=</td><td>&yen;=</td></tr>
+</table>
+<p>
+    In HTML Purifier 4.9.0, we changed the behavior of entity parsing
+    to match entities that had missing trailing semicolons in less
+    cases, to more closely match HTML5 parsing behavior:
+</p>
+<table>
+<tr><th>Original</th><th>Text</th><th>Attribute</th></tr>
+<tr><td>&amp;yen;</td><td>&yen;</td><td>&yen;</td></tr>
+<tr><td>&amp;yen</td><td>&yen;</td><td>&yen;</td></tr>
+<tr><td>&amp;yena</td><td>&yen;a</td><td>&amp;yena</td></tr>
+<tr><td>&amp;yen=</td><td>&yen;=</td><td>&amp;yen=</td></tr>
+</table>
+<p>
+    This flag reverts back to pre-HTML Purifier 4.9.0 behavior.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
index 8983e2cca..e11c0152c 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.LexerImpl.txt
@@ -1,34 +1,34 @@
-Core.LexerImpl
-TYPE: mixed/null
-VERSION: 2.0.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-  This parameter determines what lexer implementation can be used. The
-  valid values are:
-</p>
-<dl>
-  <dt><em>null</em></dt>
-  <dd>
-    Recommended, the lexer implementation will be auto-detected based on
-    your PHP-version and configuration.
-  </dd>
-  <dt><em>string</em> lexer identifier</dt>
-  <dd>
-    This is a slim way of manually overridding the implementation.
-    Currently recognized values are: DOMLex (the default PHP5
-implementation)
-    and DirectLex (the default PHP4 implementation). Only use this if
-    you know what you are doing: usually, the auto-detection will
-    manage things for cases you aren't even aware of.
-  </dd>
-  <dt><em>object</em> lexer instance</dt>
-  <dd>
-    Super-advanced: you can specify your own, custom, implementation that
-    implements the interface defined by <code>HTMLPurifier_Lexer</code>.
-    I may remove this option simply because I don't expect anyone
-    to use it.
-  </dd>
-</dl>
---# vim: et sw=4 sts=4
+Core.LexerImpl
+TYPE: mixed/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+  This parameter determines what lexer implementation can be used. The
+  valid values are:
+</p>
+<dl>
+  <dt><em>null</em></dt>
+  <dd>
+    Recommended, the lexer implementation will be auto-detected based on
+    your PHP-version and configuration.
+  </dd>
+  <dt><em>string</em> lexer identifier</dt>
+  <dd>
+    This is a slim way of manually overridding the implementation.
+    Currently recognized values are: DOMLex (the default PHP5
+implementation)
+    and DirectLex (the default PHP4 implementation). Only use this if
+    you know what you are doing: usually, the auto-detection will
+    manage things for cases you aren't even aware of.
+  </dd>
+  <dt><em>object</em> lexer instance</dt>
+  <dd>
+    Super-advanced: you can specify your own, custom, implementation that
+    implements the interface defined by <code>HTMLPurifier_Lexer</code>.
+    I may remove this option simply because I don't expect anyone
+    to use it.
+  </dd>
+</dl>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
index eb841a759..838f10f61 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.MaintainLineNumbers.txt
@@ -1,16 +1,16 @@
-Core.MaintainLineNumbers
-TYPE: bool/null
-VERSION: 2.0.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-  If true, HTML Purifier will add line number information to all tokens.
-  This is useful when error reporting is turned on, but can result in
-  significant performance degradation and should not be used when
-  unnecessary. This directive must be used with the DirectLex lexer,
-  as the DOMLex lexer does not (yet) support this functionality.
-  If the value is null, an appropriate value will be selected based
-  on other configuration.
-</p>
---# vim: et sw=4 sts=4
+Core.MaintainLineNumbers
+TYPE: bool/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+  If true, HTML Purifier will add line number information to all tokens.
+  This is useful when error reporting is turned on, but can result in
+  significant performance degradation and should not be used when
+  unnecessary. This directive must be used with the DirectLex lexer,
+  as the DOMLex lexer does not (yet) support this functionality.
+  If the value is null, an appropriate value will be selected based
+  on other configuration.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
index d77f5360d..94a88600d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.NormalizeNewlines.txt
@@ -1,11 +1,11 @@
-Core.NormalizeNewlines
-TYPE: bool
-VERSION: 4.2.0
-DEFAULT: true
---DESCRIPTION--
-<p>
-    Whether or not to normalize newlines to the operating
-    system default.  When <code>false</code>, HTML Purifier
-    will attempt to preserve mixed newline files.
-</p>
---# vim: et sw=4 sts=4
+Core.NormalizeNewlines
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    Whether or not to normalize newlines to the operating
+    system default.  When <code>false</code>, HTML Purifier
+    will attempt to preserve mixed newline files.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
index 4070c2a0d..704ac56c8 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveInvalidImg.txt
@@ -1,12 +1,12 @@
-Core.RemoveInvalidImg
-TYPE: bool
-DEFAULT: true
-VERSION: 1.3.0
---DESCRIPTION--
-
-<p>
-  This directive enables pre-emptive URI checking in <code>img</code>
-  tags, as the attribute validation strategy is not authorized to
-  remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
-</p>
---# vim: et sw=4 sts=4
+Core.RemoveInvalidImg
+TYPE: bool
+DEFAULT: true
+VERSION: 1.3.0
+--DESCRIPTION--
+
+<p>
+  This directive enables pre-emptive URI checking in <code>img</code>
+  tags, as the attribute validation strategy is not authorized to
+  remove elements from the document. Revert to pre-1.3.0 behavior by setting to false.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
index 3397d9f71..ed6f13425 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveProcessingInstructions.txt
@@ -1,11 +1,11 @@
-Core.RemoveProcessingInstructions
-TYPE: bool
-VERSION: 4.2.0
-DEFAULT: false
---DESCRIPTION--
-Instead of escaping processing instructions in the form <code>&lt;? ...
-?&gt;</code>, remove it out-right.  This may be useful if the HTML
-you are validating contains XML processing instruction gunk, however,
-it can also be user-unfriendly for people attempting to post PHP
-snippets.
---# vim: et sw=4 sts=4
+Core.RemoveProcessingInstructions
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+Instead of escaping processing instructions in the form <code>&lt;? ...
+?&gt;</code>, remove it out-right.  This may be useful if the HTML
+you are validating contains XML processing instruction gunk, however,
+it can also be user-unfriendly for people attempting to post PHP
+snippets.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
index a4cd966df..efbe994c2 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Core.RemoveScriptContents.txt
@@ -1,12 +1,12 @@
-Core.RemoveScriptContents
-TYPE: bool/null
-DEFAULT: NULL
-VERSION: 2.0.0
-DEPRECATED-VERSION: 2.1.0
-DEPRECATED-USE: Core.HiddenElements
---DESCRIPTION--
-<p>
-  This directive enables HTML Purifier to remove not only script tags
-  but all of their contents.
-</p>
---# vim: et sw=4 sts=4
+Core.RemoveScriptContents
+TYPE: bool/null
+DEFAULT: NULL
+VERSION: 2.0.0
+DEPRECATED-VERSION: 2.1.0
+DEPRECATED-USE: Core.HiddenElements
+--DESCRIPTION--
+<p>
+  This directive enables HTML Purifier to remove not only script tags
+  but all of their contents.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
index 3db50ef20..861ae66c3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.Custom.txt
@@ -1,11 +1,11 @@
-Filter.Custom
-TYPE: list
-VERSION: 3.1.0
-DEFAULT: array()
---DESCRIPTION--
-<p>
-  This directive can be used to add custom filters; it is nearly the
-  equivalent of the now deprecated <code>HTMLPurifier-&gt;addFilter()</code>
-  method. Specify an array of concrete implementations.
-</p>
---# vim: et sw=4 sts=4
+Filter.Custom
+TYPE: list
+VERSION: 3.1.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+  This directive can be used to add custom filters; it is nearly the
+  equivalent of the now deprecated <code>HTMLPurifier-&gt;addFilter()</code>
+  method. Specify an array of concrete implementations.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
index 16829bcda..69602635e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Escaping.txt
@@ -1,14 +1,14 @@
-Filter.ExtractStyleBlocks.Escaping
-TYPE: bool
-VERSION: 3.0.0
-DEFAULT: true
-ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
---DESCRIPTION--
-
-<p>
-  Whether or not to escape the dangerous characters &lt;, &gt; and &amp;
-  as \3C, \3E and \26, respectively. This is can be safely set to false
-  if the contents of StyleBlocks will be placed in an external stylesheet,
-  where there is no risk of it being interpreted as HTML.
-</p>
---# vim: et sw=4 sts=4
+Filter.ExtractStyleBlocks.Escaping
+TYPE: bool
+VERSION: 3.0.0
+DEFAULT: true
+ALIASES: Filter.ExtractStyleBlocksEscaping, FilterParam.ExtractStyleBlocksEscaping
+--DESCRIPTION--
+
+<p>
+  Whether or not to escape the dangerous characters &lt;, &gt; and &amp;
+  as \3C, \3E and \26, respectively. This is can be safely set to false
+  if the contents of StyleBlocks will be placed in an external stylesheet,
+  where there is no risk of it being interpreted as HTML.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
index 7f95f54d1..baa81ae06 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.Scope.txt
@@ -1,29 +1,29 @@
-Filter.ExtractStyleBlocks.Scope
-TYPE: string/null
-VERSION: 3.0.0
-DEFAULT: NULL
-ALIASES: Filter.ExtractStyleBlocksScope, FilterParam.ExtractStyleBlocksScope
---DESCRIPTION--
-
-<p>
-  If you would like users to be able to define external stylesheets, but
-  only allow them to specify CSS declarations for a specific node and
-  prevent them from fiddling with other elements, use this directive.
-  It accepts any valid CSS selector, and will prepend this to any
-  CSS declaration extracted from the document. For example, if this
-  directive is set to <code>#user-content</code> and a user uses the
-  selector <code>a:hover</code>, the final selector will be
-  <code>#user-content a:hover</code>.
-</p>
-<p>
-  The comma shorthand may be used; consider the above example, with
-  <code>#user-content, #user-content2</code>, the final selector will
-  be <code>#user-content a:hover, #user-content2 a:hover</code>.
-</p>
-<p>
-  <strong>Warning:</strong> It is possible for users to bypass this measure
-  using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
-  Purifier, and I am working to get it fixed. Until then, HTML Purifier
-  performs a basic check to prevent this.
-</p>
---# vim: et sw=4 sts=4
+Filter.ExtractStyleBlocks.Scope
+TYPE: string/null
+VERSION: 3.0.0
+DEFAULT: NULL
+ALIASES: Filter.ExtractStyleBlocksScope, FilterParam.ExtractStyleBlocksScope
+--DESCRIPTION--
+
+<p>
+  If you would like users to be able to define external stylesheets, but
+  only allow them to specify CSS declarations for a specific node and
+  prevent them from fiddling with other elements, use this directive.
+  It accepts any valid CSS selector, and will prepend this to any
+  CSS declaration extracted from the document. For example, if this
+  directive is set to <code>#user-content</code> and a user uses the
+  selector <code>a:hover</code>, the final selector will be
+  <code>#user-content a:hover</code>.
+</p>
+<p>
+  The comma shorthand may be used; consider the above example, with
+  <code>#user-content, #user-content2</code>, the final selector will
+  be <code>#user-content a:hover, #user-content2 a:hover</code>.
+</p>
+<p>
+  <strong>Warning:</strong> It is possible for users to bypass this measure
+  using a naughty + selector. This is a bug in CSS Tidy 1.3, not HTML
+  Purifier, and I am working to get it fixed. Until then, HTML Purifier
+  performs a basic check to prevent this.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
index 6c231b2d7..3b7018917 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.TidyImpl.txt
@@ -1,16 +1,16 @@
-Filter.ExtractStyleBlocks.TidyImpl
-TYPE: mixed/null
-VERSION: 3.1.0
-DEFAULT: NULL
-ALIASES: FilterParam.ExtractStyleBlocksTidyImpl
---DESCRIPTION--
-<p>
-  If left NULL, HTML Purifier will attempt to instantiate a <code>csstidy</code>
-  class to use for internal cleaning. This will usually be good enough.
-</p>
-<p>
-  However, for trusted user input, you can set this to <code>false</code> to
-  disable cleaning. In addition, you can supply your own concrete implementation
-  of Tidy's interface to use, although I don't know why you'd want to do that.
-</p>
---# vim: et sw=4 sts=4
+Filter.ExtractStyleBlocks.TidyImpl
+TYPE: mixed/null
+VERSION: 3.1.0
+DEFAULT: NULL
+ALIASES: FilterParam.ExtractStyleBlocksTidyImpl
+--DESCRIPTION--
+<p>
+  If left NULL, HTML Purifier will attempt to instantiate a <code>csstidy</code>
+  class to use for internal cleaning. This will usually be good enough.
+</p>
+<p>
+  However, for trusted user input, you can set this to <code>false</code> to
+  disable cleaning. In addition, you can supply your own concrete implementation
+  of Tidy's interface to use, although I don't know why you'd want to do that.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
index 078d08741..be0177d4e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
@@ -1,74 +1,74 @@
-Filter.ExtractStyleBlocks
-TYPE: bool
-VERSION: 3.1.0
-DEFAULT: false
-EXTERNAL: CSSTidy
---DESCRIPTION--
-<p>
-  This directive turns on the style block extraction filter, which removes
-  <code>style</code> blocks from input HTML, cleans them up with CSSTidy,
-  and places them in the <code>StyleBlocks</code> context variable, for further
-  use by you, usually to be placed in an external stylesheet, or a
-  <code>style</code> block in the <code>head</code> of your document.
-</p>
-<p>
-  Sample usage:
-</p>
-<pre><![CDATA[
-<?php
-    header('Content-type: text/html; charset=utf-8');
-    echo '<?xml version="1.0" encoding="UTF-8"?>';
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
-<head>
-  <title>Filter.ExtractStyleBlocks</title>
-<?php
-    require_once '/path/to/library/HTMLPurifier.auto.php';
-    require_once '/path/to/csstidy.class.php';
-
-    $dirty = '<style>body {color:#F00;}</style> Some text';
-
-    $config = HTMLPurifier_Config::createDefault();
-    $config->set('Filter', 'ExtractStyleBlocks', true);
-    $purifier = new HTMLPurifier($config);
-
-    $html = $purifier->purify($dirty);
-
-    // This implementation writes the stylesheets to the styles/ directory.
-    // You can also echo the styles inside the document, but it's a bit
-    // more difficult to make sure they get interpreted properly by
-    // browsers; try the usual CSS armoring techniques.
-    $styles = $purifier->context->get('StyleBlocks');
-    $dir = 'styles/';
-    if (!is_dir($dir)) mkdir($dir);
-    $hash = sha1($_GET['html']);
-    foreach ($styles as $i => $style) {
-        file_put_contents($name = $dir . $hash . "_$i");
-        echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />';
-    }
-?>
-</head>
-<body>
-  <div>
-    <?php echo $html; ?>
-  </div>
-</b]]><![CDATA[ody>
-</html>
-]]></pre>
-<p>
-  <strong>Warning:</strong> It is possible for a user to mount an
-  imagecrash attack using this CSS. Counter-measures are difficult;
-  it is not simply enough to limit the range of CSS lengths (using
-  relative lengths with many nesting levels allows for large values
-  to be attained without actually specifying them in the stylesheet),
-  and the flexible nature of selectors makes it difficult to selectively
-  disable lengths on image tags (HTML Purifier, however, does disable
-  CSS width and height in inline styling). There are probably two effective
-  counter measures: an explicit width and height set to auto in all
-  images in your document (unlikely) or the disabling of width and
-  height (somewhat reasonable). Whether or not these measures should be
-  used is left to the reader.
-</p>
---# vim: et sw=4 sts=4
+Filter.ExtractStyleBlocks
+TYPE: bool
+VERSION: 3.1.0
+DEFAULT: false
+EXTERNAL: CSSTidy
+--DESCRIPTION--
+<p>
+  This directive turns on the style block extraction filter, which removes
+  <code>style</code> blocks from input HTML, cleans them up with CSSTidy,
+  and places them in the <code>StyleBlocks</code> context variable, for further
+  use by you, usually to be placed in an external stylesheet, or a
+  <code>style</code> block in the <code>head</code> of your document.
+</p>
+<p>
+  Sample usage:
+</p>
+<pre><![CDATA[
+<?php
+    header('Content-type: text/html; charset=utf-8');
+    echo '<?xml version="1.0" encoding="UTF-8"?>';
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+  <title>Filter.ExtractStyleBlocks</title>
+<?php
+    require_once '/path/to/library/HTMLPurifier.auto.php';
+    require_once '/path/to/csstidy.class.php';
+
+    $dirty = '<style>body {color:#F00;}</style> Some text';
+
+    $config = HTMLPurifier_Config::createDefault();
+    $config->set('Filter', 'ExtractStyleBlocks', true);
+    $purifier = new HTMLPurifier($config);
+
+    $html = $purifier->purify($dirty);
+
+    // This implementation writes the stylesheets to the styles/ directory.
+    // You can also echo the styles inside the document, but it's a bit
+    // more difficult to make sure they get interpreted properly by
+    // browsers; try the usual CSS armoring techniques.
+    $styles = $purifier->context->get('StyleBlocks');
+    $dir = 'styles/';
+    if (!is_dir($dir)) mkdir($dir);
+    $hash = sha1($_GET['html']);
+    foreach ($styles as $i => $style) {
+        file_put_contents($name = $dir . $hash . "_$i");
+        echo '<link rel="stylesheet" type="text/css" href="'.$name.'" />';
+    }
+?>
+</head>
+<body>
+  <div>
+    <?php echo $html; ?>
+  </div>
+</b]]><![CDATA[ody>
+</html>
+]]></pre>
+<p>
+  <strong>Warning:</strong> It is possible for a user to mount an
+  imagecrash attack using this CSS. Counter-measures are difficult;
+  it is not simply enough to limit the range of CSS lengths (using
+  relative lengths with many nesting levels allows for large values
+  to be attained without actually specifying them in the stylesheet),
+  and the flexible nature of selectors makes it difficult to selectively
+  disable lengths on image tags (HTML Purifier, however, does disable
+  CSS width and height in inline styling). There are probably two effective
+  counter measures: an explicit width and height set to auto in all
+  images in your document (unlikely) or the disabling of width and
+  height (somewhat reasonable). Whether or not these measures should be
+  used is left to the reader.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
index 321eaa2d8..882218668 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Filter.YouTube.txt
@@ -1,16 +1,16 @@
-Filter.YouTube
-TYPE: bool
-VERSION: 3.1.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-  <strong>Warning:</strong> Deprecated in favor of %HTML.SafeObject and
-  %Output.FlashCompat (turn both on to allow YouTube videos and other
-  Flash content).
-</p>
-<p>
-  This directive enables YouTube video embedding in HTML Purifier. Check
-  <a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
-  on embedding videos</a> for more information on what this filter does.
-</p>
---# vim: et sw=4 sts=4
+Filter.YouTube
+TYPE: bool
+VERSION: 3.1.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  <strong>Warning:</strong> Deprecated in favor of %HTML.SafeObject and
+  %Output.FlashCompat (turn both on to allow YouTube videos and other
+  Flash content).
+</p>
+<p>
+  This directive enables YouTube video embedding in HTML Purifier. Check
+  <a href="http://htmlpurifier.org/docs/enduser-youtube.html">this document
+  on embedding videos</a> for more information on what this filter does.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
index 0b2c106da..afd48a0d4 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Allowed.txt
@@ -1,25 +1,25 @@
-HTML.Allowed
-TYPE: itext/null
-VERSION: 2.0.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    This is a preferred convenience directive that combines
-    %HTML.AllowedElements and %HTML.AllowedAttributes.
-    Specify elements and attributes that are allowed using:
-    <code>element1[attr1|attr2],element2...</code>.  For example,
-    if you would like to only allow paragraphs and links, specify
-    <code>a[href],p</code>.  You can specify attributes that apply
-    to all elements using an asterisk, e.g. <code>*[lang]</code>.
-    You can also use newlines instead of commas to separate elements.
-</p>
-<p>
-    <strong>Warning</strong>:
-    All of the constraints on the component directives are still enforced.
-    The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
-    whitelist: directly copy-pasting it here will probably result in
-    broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
-    are set, this directive has no effect.
-</p>
---# vim: et sw=4 sts=4
+HTML.Allowed
+TYPE: itext/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    This is a preferred convenience directive that combines
+    %HTML.AllowedElements and %HTML.AllowedAttributes.
+    Specify elements and attributes that are allowed using:
+    <code>element1[attr1|attr2],element2...</code>.  For example,
+    if you would like to only allow paragraphs and links, specify
+    <code>a[href],p</code>.  You can specify attributes that apply
+    to all elements using an asterisk, e.g. <code>*[lang]</code>.
+    You can also use newlines instead of commas to separate elements.
+</p>
+<p>
+    <strong>Warning</strong>:
+    All of the constraints on the component directives are still enforced.
+    The syntax is a <em>subset</em> of TinyMCE's <code>valid_elements</code>
+    whitelist: directly copy-pasting it here will probably result in
+    broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
+    are set, this directive has no effect.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
index fcf093f17..0e6ec54f3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedAttributes.txt
@@ -1,19 +1,19 @@
-HTML.AllowedAttributes
-TYPE: lookup/null
-VERSION: 1.3.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    If HTML Purifier's attribute set is unsatisfactory, overload it!
-    The syntax is "tag.attr" or "*.attr" for the global attributes
-    (style, id, class, dir, lang, xml:lang).
-</p>
-<p>
-    <strong>Warning:</strong> If another directive conflicts with the
-    elements here, <em>that</em> directive will win and override. For
-    example, %HTML.EnableAttrID will take precedence over *.id in this
-    directive.  You must set that directive to true before you can use
-    IDs at all.
-</p>
---# vim: et sw=4 sts=4
+HTML.AllowedAttributes
+TYPE: lookup/null
+VERSION: 1.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    If HTML Purifier's attribute set is unsatisfactory, overload it!
+    The syntax is "tag.attr" or "*.attr" for the global attributes
+    (style, id, class, dir, lang, xml:lang).
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override. For
+    example, %HTML.EnableAttrID will take precedence over *.id in this
+    directive.  You must set that directive to true before you can use
+    IDs at all.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
index 140e21423..8440bc39d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedComments.txt
@@ -1,10 +1,10 @@
-HTML.AllowedComments
-TYPE: lookup
-VERSION: 4.4.0
-DEFAULT: array()
---DESCRIPTION--
-A whitelist which indicates what explicit comment bodies should be
-allowed, modulo leading and trailing whitespace.  See also %HTML.AllowedCommentsRegexp
-(these directives are union'ed together, so a comment is considered
-valid if any directive deems it valid.)
---# vim: et sw=4 sts=4
+HTML.AllowedComments
+TYPE: lookup
+VERSION: 4.4.0
+DEFAULT: array()
+--DESCRIPTION--
+A whitelist which indicates what explicit comment bodies should be
+allowed, modulo leading and trailing whitespace.  See also %HTML.AllowedCommentsRegexp
+(these directives are union'ed together, so a comment is considered
+valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
index f22e977d4..b1e65beb1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedCommentsRegexp.txt
@@ -1,15 +1,15 @@
-HTML.AllowedCommentsRegexp
-TYPE: string/null
-VERSION: 4.4.0
-DEFAULT: NULL
---DESCRIPTION--
-A regexp, which if it matches the body of a comment, indicates that
-it should be allowed. Trailing and leading spaces are removed prior
-to running this regular expression.
-<strong>Warning:</strong> Make sure you specify
-correct anchor metacharacters <code>^regex$</code>, otherwise you may accept
-comments that you did not mean to! In particular, the regex <code>/foo|bar/</code>
-is probably not sufficiently strict, since it also allows <code>foobar</code>.
-See also %HTML.AllowedComments (these directives are union'ed together,
-so a comment is considered valid if any directive deems it valid.)
---# vim: et sw=4 sts=4
+HTML.AllowedCommentsRegexp
+TYPE: string/null
+VERSION: 4.4.0
+DEFAULT: NULL
+--DESCRIPTION--
+A regexp, which if it matches the body of a comment, indicates that
+it should be allowed. Trailing and leading spaces are removed prior
+to running this regular expression.
+<strong>Warning:</strong> Make sure you specify
+correct anchor metacharacters <code>^regex$</code>, otherwise you may accept
+comments that you did not mean to! In particular, the regex <code>/foo|bar/</code>
+is probably not sufficiently strict, since it also allows <code>foobar</code>.
+See also %HTML.AllowedComments (these directives are union'ed together,
+so a comment is considered valid if any directive deems it valid.)
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
index 1d3fa7907..ca3c13ddb 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedElements.txt
@@ -1,23 +1,23 @@
-HTML.AllowedElements
-TYPE: lookup/null
-VERSION: 1.3.0
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    If HTML Purifier's tag set is unsatisfactory for your needs, you can
-    overload it with your own list of tags to allow.  If you change
-    this, you probably also want to change %HTML.AllowedAttributes; see
-    also %HTML.Allowed which lets you set allowed elements and
-    attributes at the same time.
-</p>
-<p>
-    If you attempt to allow an element that HTML Purifier does not know
-    about, HTML Purifier will raise an error.  You will need to manually
-    tell HTML Purifier about this element by using the
-    <a href="http://htmlpurifier.org/docs/enduser-customize.html">advanced customization features.</a>
-</p>
-<p>
-    <strong>Warning:</strong> If another directive conflicts with the
-    elements here, <em>that</em> directive will win and override.
-</p>
---# vim: et sw=4 sts=4
+HTML.AllowedElements
+TYPE: lookup/null
+VERSION: 1.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    If HTML Purifier's tag set is unsatisfactory for your needs, you can
+    overload it with your own list of tags to allow.  If you change
+    this, you probably also want to change %HTML.AllowedAttributes; see
+    also %HTML.Allowed which lets you set allowed elements and
+    attributes at the same time.
+</p>
+<p>
+    If you attempt to allow an element that HTML Purifier does not know
+    about, HTML Purifier will raise an error.  You will need to manually
+    tell HTML Purifier about this element by using the
+    <a href="http://htmlpurifier.org/docs/enduser-customize.html">advanced customization features.</a>
+</p>
+<p>
+    <strong>Warning:</strong> If another directive conflicts with the
+    elements here, <em>that</em> directive will win and override.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
index 5a59a55c0..e373791a5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.AllowedModules.txt
@@ -1,20 +1,20 @@
-HTML.AllowedModules
-TYPE: lookup/null
-VERSION: 2.0.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    A doctype comes with a set of usual modules to use. Without having
-    to mucking about with the doctypes, you can quickly activate or
-    disable these modules by specifying which modules you wish to allow
-    with this directive. This is most useful for unit testing specific
-    modules, although end users may find it useful for their own ends.
-</p>
-<p>
-    If you specify a module that does not exist, the manager will silently
-    fail to use it, so be careful! User-defined modules are not affected
-    by this directive. Modules defined in %HTML.CoreModules are not
-    affected by this directive.
-</p>
---# vim: et sw=4 sts=4
+HTML.AllowedModules
+TYPE: lookup/null
+VERSION: 2.0.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    A doctype comes with a set of usual modules to use. Without having
+    to mucking about with the doctypes, you can quickly activate or
+    disable these modules by specifying which modules you wish to allow
+    with this directive. This is most useful for unit testing specific
+    modules, although end users may find it useful for their own ends.
+</p>
+<p>
+    If you specify a module that does not exist, the manager will silently
+    fail to use it, so be careful! User-defined modules are not affected
+    by this directive. Modules defined in %HTML.CoreModules are not
+    affected by this directive.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
index 151fb7b82..75d680ee1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt
@@ -1,11 +1,11 @@
-HTML.Attr.Name.UseCDATA
-TYPE: bool
-DEFAULT: false
-VERSION: 4.0.0
---DESCRIPTION--
-The W3C specification DTD defines the name attribute to be CDATA, not ID, due
-to limitations of DTD.  In certain documents, this relaxed behavior is desired,
-whether it is to specify duplicate names, or to specify names that would be
-illegal IDs (for example, names that begin with a digit.) Set this configuration
-directive to true to use the relaxed parsing rules.
---# vim: et sw=4 sts=4
+HTML.Attr.Name.UseCDATA
+TYPE: bool
+DEFAULT: false
+VERSION: 4.0.0
+--DESCRIPTION--
+The W3C specification DTD defines the name attribute to be CDATA, not ID, due
+to limitations of DTD.  In certain documents, this relaxed behavior is desired,
+whether it is to specify duplicate names, or to specify names that would be
+illegal IDs (for example, names that begin with a digit.) Set this configuration
+directive to true to use the relaxed parsing rules.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
index 45ae469ec..f32b802c6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.BlockWrapper.txt
@@ -1,18 +1,18 @@
-HTML.BlockWrapper
-TYPE: string
-VERSION: 1.3.0
-DEFAULT: 'p'
---DESCRIPTION--
-
-<p>
-    String name of element to wrap inline elements that are inside a block
-    context.  This only occurs in the children of blockquote in strict mode.
-</p>
-<p>
-    Example: by default value,
-    <code>&lt;blockquote&gt;Foo&lt;/blockquote&gt;</code> would become
-    <code>&lt;blockquote&gt;&lt;p&gt;Foo&lt;/p&gt;&lt;/blockquote&gt;</code>.
-    The <code>&lt;p&gt;</code> tags can be replaced with whatever you desire,
-    as long as it is a block level element.
-</p>
---# vim: et sw=4 sts=4
+HTML.BlockWrapper
+TYPE: string
+VERSION: 1.3.0
+DEFAULT: 'p'
+--DESCRIPTION--
+
+<p>
+    String name of element to wrap inline elements that are inside a block
+    context.  This only occurs in the children of blockquote in strict mode.
+</p>
+<p>
+    Example: by default value,
+    <code>&lt;blockquote&gt;Foo&lt;/blockquote&gt;</code> would become
+    <code>&lt;blockquote&gt;&lt;p&gt;Foo&lt;/p&gt;&lt;/blockquote&gt;</code>.
+    The <code>&lt;p&gt;</code> tags can be replaced with whatever you desire,
+    as long as it is a block level element.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
index 524618879..fc8e40205 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CoreModules.txt
@@ -1,23 +1,23 @@
-HTML.CoreModules
-TYPE: lookup
-VERSION: 2.0.0
---DEFAULT--
-array (
-  'Structure' => true,
-  'Text' => true,
-  'Hypertext' => true,
-  'List' => true,
-  'NonXMLCommonAttributes' => true,
-  'XMLCommonAttributes' => true,
-  'CommonAttributes' => true,
-)
---DESCRIPTION--
-
-<p>
-    Certain modularized doctypes (XHTML, namely), have certain modules
-    that must be included for the doctype to be an conforming document
-    type: put those modules here. By default, XHTML's core modules
-    are used. You can set this to a blank array to disable core module
-    protection, but this is not recommended.
-</p>
---# vim: et sw=4 sts=4
+HTML.CoreModules
+TYPE: lookup
+VERSION: 2.0.0
+--DEFAULT--
+array (
+  'Structure' => true,
+  'Text' => true,
+  'Hypertext' => true,
+  'List' => true,
+  'NonXMLCommonAttributes' => true,
+  'XMLCommonAttributes' => true,
+  'CommonAttributes' => true,
+)
+--DESCRIPTION--
+
+<p>
+    Certain modularized doctypes (XHTML, namely), have certain modules
+    that must be included for the doctype to be an conforming document
+    type: put those modules here. By default, XHTML's core modules
+    are used. You can set this to a blank array to disable core module
+    protection, but this is not recommended.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
index 6ed70b599..187c0a0d5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.CustomDoctype.txt
@@ -1,9 +1,9 @@
-HTML.CustomDoctype
-TYPE: string/null
-VERSION: 2.0.1
-DEFAULT: NULL
---DESCRIPTION--
-
-A custom doctype for power-users who defined their own document
-type. This directive only applies when %HTML.Doctype is blank.
---# vim: et sw=4 sts=4
+HTML.CustomDoctype
+TYPE: string/null
+VERSION: 2.0.1
+DEFAULT: NULL
+--DESCRIPTION--
+
+A custom doctype for power-users who defined their own document
+type. This directive only applies when %HTML.Doctype is blank.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
index 103db754a..f5433e3f1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionID.txt
@@ -1,33 +1,33 @@
-HTML.DefinitionID
-TYPE: string/null
-DEFAULT: NULL
-VERSION: 2.0.0
---DESCRIPTION--
-
-<p>
-    Unique identifier for a custom-built HTML definition. If you edit
-    the raw version of the HTMLDefinition, introducing changes that the
-    configuration object does not reflect, you must specify this variable.
-    If you change your custom edits, you should change this directive, or
-    clear your cache. Example:
-</p>
-<pre>
-$config = HTMLPurifier_Config::createDefault();
-$config->set('HTML', 'DefinitionID', '1');
-$def = $config->getHTMLDefinition();
-$def->addAttribute('a', 'tabindex', 'Number');
-</pre>
-<p>
-    In the above example, the configuration is still at the defaults, but
-    using the advanced API, an extra attribute has been added. The
-    configuration object normally has no way of knowing that this change
-    has taken place, so it needs an extra directive: %HTML.DefinitionID.
-    If someone else attempts to use the default configuration, these two
-    pieces of code will not clobber each other in the cache, since one has
-    an extra directive attached to it.
-</p>
-<p>
-    You <em>must</em> specify a value to this directive to use the
-    advanced API features.
-</p>
---# vim: et sw=4 sts=4
+HTML.DefinitionID
+TYPE: string/null
+DEFAULT: NULL
+VERSION: 2.0.0
+--DESCRIPTION--
+
+<p>
+    Unique identifier for a custom-built HTML definition. If you edit
+    the raw version of the HTMLDefinition, introducing changes that the
+    configuration object does not reflect, you must specify this variable.
+    If you change your custom edits, you should change this directive, or
+    clear your cache. Example:
+</p>
+<pre>
+$config = HTMLPurifier_Config::createDefault();
+$config->set('HTML', 'DefinitionID', '1');
+$def = $config->getHTMLDefinition();
+$def->addAttribute('a', 'tabindex', 'Number');
+</pre>
+<p>
+    In the above example, the configuration is still at the defaults, but
+    using the advanced API, an extra attribute has been added. The
+    configuration object normally has no way of knowing that this change
+    has taken place, so it needs an extra directive: %HTML.DefinitionID.
+    If someone else attempts to use the default configuration, these two
+    pieces of code will not clobber each other in the cache, since one has
+    an extra directive attached to it.
+</p>
+<p>
+    You <em>must</em> specify a value to this directive to use the
+    advanced API features.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
index 229ae0267..0bb5a718d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.DefinitionRev.txt
@@ -1,16 +1,16 @@
-HTML.DefinitionRev
-TYPE: int
-VERSION: 2.0.0
-DEFAULT: 1
---DESCRIPTION--
-
-<p>
-    Revision identifier for your custom definition specified in
-    %HTML.DefinitionID.  This serves the same purpose: uniquely identifying
-    your custom definition, but this one does so in a chronological
-    context: revision 3 is more up-to-date then revision 2.  Thus, when
-    this gets incremented, the cache handling is smart enough to clean
-    up any older revisions of your definition as well as flush the
-    cache.
-</p>
---# vim: et sw=4 sts=4
+HTML.DefinitionRev
+TYPE: int
+VERSION: 2.0.0
+DEFAULT: 1
+--DESCRIPTION--
+
+<p>
+    Revision identifier for your custom definition specified in
+    %HTML.DefinitionID.  This serves the same purpose: uniquely identifying
+    your custom definition, but this one does so in a chronological
+    context: revision 3 is more up-to-date then revision 2.  Thus, when
+    this gets incremented, the cache handling is smart enough to clean
+    up any older revisions of your definition as well as flush the
+    cache.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
index 9dab497f2..a6969b995 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Doctype.txt
@@ -1,11 +1,11 @@
-HTML.Doctype
-TYPE: string/null
-DEFAULT: NULL
---DESCRIPTION--
-Doctype to use during filtering. Technically speaking this is not actually
-a doctype (as it does not identify a corresponding DTD), but we are using
-this name for sake of simplicity. When non-blank, this will override any
-older directives like %HTML.XHTML or %HTML.Strict.
---ALLOWED--
-'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
---# vim: et sw=4 sts=4
+HTML.Doctype
+TYPE: string/null
+DEFAULT: NULL
+--DESCRIPTION--
+Doctype to use during filtering. Technically speaking this is not actually
+a doctype (as it does not identify a corresponding DTD), but we are using
+this name for sake of simplicity. When non-blank, this will override any
+older directives like %HTML.XHTML or %HTML.Strict.
+--ALLOWED--
+'HTML 4.01 Transitional', 'HTML 4.01 Strict', 'XHTML 1.0 Transitional', 'XHTML 1.0 Strict', 'XHTML 1.1'
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
index 7878dc0bf..08d641f95 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.FlashAllowFullScreen.txt
@@ -1,11 +1,11 @@
-HTML.FlashAllowFullScreen
-TYPE: bool
-VERSION: 4.2.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Whether or not to permit embedded Flash content from
-    %HTML.SafeObject to expand to the full screen.  Corresponds to
-    the <code>allowFullScreen</code> parameter.
-</p>
---# vim: et sw=4 sts=4
+HTML.FlashAllowFullScreen
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit embedded Flash content from
+    %HTML.SafeObject to expand to the full screen.  Corresponds to
+    the <code>allowFullScreen</code> parameter.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
index 57358f9ba..2b8df97cb 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenAttributes.txt
@@ -1,21 +1,21 @@
-HTML.ForbiddenAttributes
-TYPE: lookup
-VERSION: 3.1.0
-DEFAULT: array()
---DESCRIPTION--
-<p>
-    While this directive is similar to %HTML.AllowedAttributes, for
-    forwards-compatibility with XML, this attribute has a different syntax. Instead of
-    <code>tag.attr</code>, use <code>tag@attr</code>. To disallow <code>href</code>
-    attributes in <code>a</code> tags, set this directive to
-    <code>a@href</code>. You can also disallow an attribute globally with
-    <code>attr</code> or <code>*@attr</code> (either syntax is fine; the latter
-    is provided for consistency with %HTML.AllowedAttributes).
-</p>
-<p>
-    <strong>Warning:</strong> This directive complements %HTML.ForbiddenElements,
-    accordingly, check
-    out that directive for a discussion of why you
-    should think twice before using this directive.
-</p>
---# vim: et sw=4 sts=4
+HTML.ForbiddenAttributes
+TYPE: lookup
+VERSION: 3.1.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    While this directive is similar to %HTML.AllowedAttributes, for
+    forwards-compatibility with XML, this attribute has a different syntax. Instead of
+    <code>tag.attr</code>, use <code>tag@attr</code>. To disallow <code>href</code>
+    attributes in <code>a</code> tags, set this directive to
+    <code>a@href</code>. You can also disallow an attribute globally with
+    <code>attr</code> or <code>*@attr</code> (either syntax is fine; the latter
+    is provided for consistency with %HTML.AllowedAttributes).
+</p>
+<p>
+    <strong>Warning:</strong> This directive complements %HTML.ForbiddenElements,
+    accordingly, check
+    out that directive for a discussion of why you
+    should think twice before using this directive.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
index 93a53e14f..40466c463 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.ForbiddenElements.txt
@@ -1,20 +1,20 @@
-HTML.ForbiddenElements
-TYPE: lookup
-VERSION: 3.1.0
-DEFAULT: array()
---DESCRIPTION--
-<p>
-    This was, perhaps, the most requested feature ever in HTML
-    Purifier. Please don't abuse it! This is the logical inverse of
-    %HTML.AllowedElements, and it will override that directive, or any
-    other directive.
-</p>
-<p>
-    If possible, %HTML.Allowed is recommended over this directive, because it
-    can sometimes be difficult to tell whether or not you've forbidden all of
-    the behavior you would like to disallow. If you forbid <code>img</code>
-    with the expectation of preventing images on your site, you'll be in for
-    a nasty surprise when people start using the <code>background-image</code>
-    CSS property.
-</p>
---# vim: et sw=4 sts=4
+HTML.ForbiddenElements
+TYPE: lookup
+VERSION: 3.1.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    This was, perhaps, the most requested feature ever in HTML
+    Purifier. Please don't abuse it! This is the logical inverse of
+    %HTML.AllowedElements, and it will override that directive, or any
+    other directive.
+</p>
+<p>
+    If possible, %HTML.Allowed is recommended over this directive, because it
+    can sometimes be difficult to tell whether or not you've forbidden all of
+    the behavior you would like to disallow. If you forbid <code>img</code>
+    with the expectation of preventing images on your site, you'll be in for
+    a nasty surprise when people start using the <code>background-image</code>
+    CSS property.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
new file mode 100644
index 000000000..4a432d89b
--- /dev/null
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
@@ -0,0 +1,11 @@
+HTML.Forms
+TYPE: bool
+VERSION: 4.13.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit form elements in the user input, regardless of
+    %HTML.Trusted value. Please be very careful when using this functionality, as
+    enabling forms in untrusted documents may allow for phishing attacks.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
index e424c386e..319747954 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.MaxImgLength.txt
@@ -1,14 +1,14 @@
-HTML.MaxImgLength
-TYPE: int/null
-DEFAULT: 1200
-VERSION: 3.1.1
---DESCRIPTION--
-<p>
- This directive controls the maximum number of pixels in the width and
- height attributes in <code>img</code> tags. This is
- in place to prevent imagecrash attacks, disable with null at your own risk.
- This directive is similar to %CSS.MaxImgLength, and both should be
- concurrently edited, although there are
- subtle differences in the input format (the HTML max is an integer).
-</p>
---# vim: et sw=4 sts=4
+HTML.MaxImgLength
+TYPE: int/null
+DEFAULT: 1200
+VERSION: 3.1.1
+--DESCRIPTION--
+<p>
+ This directive controls the maximum number of pixels in the width and
+ height attributes in <code>img</code> tags. This is
+ in place to prevent imagecrash attacks, disable with null at your own risk.
+ This directive is similar to %CSS.MaxImgLength, and both should be
+ concurrently edited, although there are
+ subtle differences in the input format (the HTML max is an integer).
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
index 700b30924..7aa356353 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Nofollow.txt
@@ -1,7 +1,7 @@
-HTML.Nofollow
-TYPE: bool
-VERSION: 4.3.0
-DEFAULT: FALSE
---DESCRIPTION--
-If enabled, nofollow rel attributes are added to all outgoing links.
---# vim: et sw=4 sts=4
+HTML.Nofollow
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: FALSE
+--DESCRIPTION--
+If enabled, nofollow rel attributes are added to all outgoing links.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
index 62e8e160c..2d2fbd117 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Parent.txt
@@ -1,12 +1,12 @@
-HTML.Parent
-TYPE: string
-VERSION: 1.3.0
-DEFAULT: 'div'
---DESCRIPTION--
-
-<p>
-    String name of element that HTML fragment passed to library will be
-    inserted in.  An interesting variation would be using span as the
-    parent element, meaning that only inline tags would be allowed.
-</p>
---# vim: et sw=4 sts=4
+HTML.Parent
+TYPE: string
+VERSION: 1.3.0
+DEFAULT: 'div'
+--DESCRIPTION--
+
+<p>
+    String name of element that HTML fragment passed to library will be
+    inserted in.  An interesting variation would be using span as the
+    parent element, meaning that only inline tags would be allowed.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
index dfb720496..b3c45e190 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Proprietary.txt
@@ -1,12 +1,12 @@
-HTML.Proprietary
-TYPE: bool
-VERSION: 3.1.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Whether or not to allow proprietary elements and attributes in your
-    documents, as per <code>HTMLPurifier_HTMLModule_Proprietary</code>.
-    <strong>Warning:</strong> This can cause your documents to stop
-    validating!
-</p>
---# vim: et sw=4 sts=4
+HTML.Proprietary
+TYPE: bool
+VERSION: 3.1.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to allow proprietary elements and attributes in your
+    documents, as per <code>HTMLPurifier_HTMLModule_Proprietary</code>.
+    <strong>Warning:</strong> This can cause your documents to stop
+    validating!
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
index cdda09a4c..556fa674f 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeEmbed.txt
@@ -1,13 +1,13 @@
-HTML.SafeEmbed
-TYPE: bool
-VERSION: 3.1.1
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Whether or not to permit embed tags in documents, with a number of extra
-    security features added to prevent script execution. This is similar to
-    what websites like MySpace do to embed tags. Embed is a proprietary
-    element and will cause your website to stop validating; you should
-    see if you can use %Output.FlashCompat with %HTML.SafeObject instead
-    first.</p>
---# vim: et sw=4 sts=4
+HTML.SafeEmbed
+TYPE: bool
+VERSION: 3.1.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit embed tags in documents, with a number of extra
+    security features added to prevent script execution. This is similar to
+    what websites like MySpace do to embed tags. Embed is a proprietary
+    element and will cause your website to stop validating; you should
+    see if you can use %Output.FlashCompat with %HTML.SafeObject instead
+    first.</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
index 5eb6ec2b5..295a8cf66 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeIframe.txt
@@ -1,13 +1,13 @@
-HTML.SafeIframe
-TYPE: bool
-VERSION: 4.4.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Whether or not to permit iframe tags in untrusted documents.  This
-    directive must be accompanied by a whitelist of permitted iframes,
-    such as %URI.SafeIframeRegexp, otherwise it will fatally error.
-    This directive has no effect on strict doctypes, as iframes are not
-    valid.
-</p>
---# vim: et sw=4 sts=4
+HTML.SafeIframe
+TYPE: bool
+VERSION: 4.4.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit iframe tags in untrusted documents.  This
+    directive must be accompanied by a whitelist of permitted iframes,
+    such as %URI.SafeIframeRegexp, otherwise it will fatally error.
+    This directive has no effect on strict doctypes, as iframes are not
+    valid.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
index ceb342e22..07f6e536e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeObject.txt
@@ -1,13 +1,13 @@
-HTML.SafeObject
-TYPE: bool
-VERSION: 3.1.1
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Whether or not to permit object tags in documents, with a number of extra
-    security features added to prevent script execution. This is similar to
-    what websites like MySpace do to object tags.  You should also enable
-    %Output.FlashCompat in order to generate Internet Explorer
-    compatibility code for your object tags.
-</p>
---# vim: et sw=4 sts=4
+HTML.SafeObject
+TYPE: bool
+VERSION: 3.1.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Whether or not to permit object tags in documents, with a number of extra
+    security features added to prevent script execution. This is similar to
+    what websites like MySpace do to object tags.  You should also enable
+    %Output.FlashCompat in order to generate Internet Explorer
+    compatibility code for your object tags.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
index 5ebc7a19d..641b4a8d6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
@@ -1,10 +1,10 @@
-HTML.SafeScripting
-TYPE: lookup
-VERSION: 4.5.0
-DEFAULT: array()
---DESCRIPTION--
-<p>
-    Whether or not to permit script tags to external scripts in documents.
-    Inline scripting is not allowed, and the script must match an explicit whitelist.
-</p>
---# vim: et sw=4 sts=4
+HTML.SafeScripting
+TYPE: lookup
+VERSION: 4.5.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    Whether or not to permit script tags to external scripts in documents.
+    Inline scripting is not allowed, and the script must match an explicit whitelist.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
index a8b1de56b..d99663a5e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Strict.txt
@@ -1,9 +1,9 @@
-HTML.Strict
-TYPE: bool
-VERSION: 1.3.0
-DEFAULT: false
-DEPRECATED-VERSION: 1.7.0
-DEPRECATED-USE: HTML.Doctype
---DESCRIPTION--
-Determines whether or not to use Transitional (loose) or Strict rulesets.
---# vim: et sw=4 sts=4
+HTML.Strict
+TYPE: bool
+VERSION: 1.3.0
+DEFAULT: false
+DEPRECATED-VERSION: 1.7.0
+DEPRECATED-USE: HTML.Doctype
+--DESCRIPTION--
+Determines whether or not to use Transitional (loose) or Strict rulesets.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
index 587a16778..d65f0d041 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt
@@ -1,8 +1,8 @@
-HTML.TargetBlank
-TYPE: bool
-VERSION: 4.4.0
-DEFAULT: FALSE
---DESCRIPTION--
-If enabled, <code>target=blank</code> attributes are added to all outgoing links.
-(This includes links from an HTTPS version of a page to an HTTP version.)
---# vim: et sw=4 sts=4
+HTML.TargetBlank
+TYPE: bool
+VERSION: 4.4.0
+DEFAULT: FALSE
+--DESCRIPTION--
+If enabled, <code>target=blank</code> attributes are added to all outgoing links.
+(This includes links from an HTTPS version of a page to an HTTP version.)
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
index dd514c0de..05cb3424f 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoopener.txt
@@ -1,10 +1,10 @@
---# vim: et sw=4 sts=4
-HTML.TargetNoopener
-TYPE: bool
-VERSION: 4.8.0
-DEFAULT: TRUE
---DESCRIPTION--
-If enabled, noopener rel attributes are added to links which have
-a target attribute associated with them.  This prevents malicious
-destinations from overwriting the original window.
---# vim: et sw=4 sts=4
+--# vim: et sw=4 sts=4
+HTML.TargetNoopener
+TYPE: bool
+VERSION: 4.8.0
+DEFAULT: TRUE
+--DESCRIPTION--
+If enabled, noopener rel attributes are added to links which have
+a target attribute associated with them.  This prevents malicious
+destinations from overwriting the original window.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt
index cb5a0b0e5..993a81704 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TargetNoreferrer.txt
@@ -1,9 +1,9 @@
-HTML.TargetNoreferrer
-TYPE: bool
-VERSION: 4.8.0
-DEFAULT: TRUE
---DESCRIPTION--
-If enabled, noreferrer rel attributes are added to links which have
-a target attribute associated with them.  This prevents malicious
-destinations from overwriting the original window.
---# vim: et sw=4 sts=4
+HTML.TargetNoreferrer
+TYPE: bool
+VERSION: 4.8.0
+DEFAULT: TRUE
+--DESCRIPTION--
+If enabled, noreferrer rel attributes are added to links which have
+a target attribute associated with them.  This prevents malicious
+destinations from overwriting the original window.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
index b4c271b7f..602453f6e 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyAdd.txt
@@ -1,8 +1,8 @@
-HTML.TidyAdd
-TYPE: lookup
-VERSION: 2.0.0
-DEFAULT: array()
---DESCRIPTION--
-
-Fixes to add to the default set of Tidy fixes as per your level.
---# vim: et sw=4 sts=4
+HTML.TidyAdd
+TYPE: lookup
+VERSION: 2.0.0
+DEFAULT: array()
+--DESCRIPTION--
+
+Fixes to add to the default set of Tidy fixes as per your level.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
index 4186ccd0d..bf943e8f0 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyLevel.txt
@@ -1,24 +1,24 @@
-HTML.TidyLevel
-TYPE: string
-VERSION: 2.0.0
-DEFAULT: 'medium'
---DESCRIPTION--
-
-<p>General level of cleanliness the Tidy module should enforce.
-There are four allowed values:</p>
-<dl>
-    <dt>none</dt>
-    <dd>No extra tidying should be done</dd>
-    <dt>light</dt>
-    <dd>Only fix elements that would be discarded otherwise due to
-    lack of support in doctype</dd>
-    <dt>medium</dt>
-    <dd>Enforce best practices</dd>
-    <dt>heavy</dt>
-    <dd>Transform all deprecated elements and attributes to standards
-    compliant equivalents</dd>
-</dl>
-
---ALLOWED--
-'none', 'light', 'medium', 'heavy'
---# vim: et sw=4 sts=4
+HTML.TidyLevel
+TYPE: string
+VERSION: 2.0.0
+DEFAULT: 'medium'
+--DESCRIPTION--
+
+<p>General level of cleanliness the Tidy module should enforce.
+There are four allowed values:</p>
+<dl>
+    <dt>none</dt>
+    <dd>No extra tidying should be done</dd>
+    <dt>light</dt>
+    <dd>Only fix elements that would be discarded otherwise due to
+    lack of support in doctype</dd>
+    <dt>medium</dt>
+    <dd>Enforce best practices</dd>
+    <dt>heavy</dt>
+    <dd>Transform all deprecated elements and attributes to standards
+    compliant equivalents</dd>
+</dl>
+
+--ALLOWED--
+'none', 'light', 'medium', 'heavy'
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
index 996762bd1..92cca2a43 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.TidyRemove.txt
@@ -1,8 +1,8 @@
-HTML.TidyRemove
-TYPE: lookup
-VERSION: 2.0.0
-DEFAULT: array()
---DESCRIPTION--
-
-Fixes to remove from the default set of Tidy fixes as per your level.
---# vim: et sw=4 sts=4
+HTML.TidyRemove
+TYPE: lookup
+VERSION: 2.0.0
+DEFAULT: array()
+--DESCRIPTION--
+
+Fixes to remove from the default set of Tidy fixes as per your level.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
index 1db9237e9..bc8e65499 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.Trusted.txt
@@ -1,9 +1,9 @@
-HTML.Trusted
-TYPE: bool
-VERSION: 2.0.0
-DEFAULT: false
---DESCRIPTION--
-Indicates whether or not the user input is trusted or not. If the input is
-trusted, a more expansive set of allowed tags and attributes will be used.
-See also %CSS.Trusted.
---# vim: et sw=4 sts=4
+HTML.Trusted
+TYPE: bool
+VERSION: 2.0.0
+DEFAULT: false
+--DESCRIPTION--
+Indicates whether or not the user input is trusted or not. If the input is
+trusted, a more expansive set of allowed tags and attributes will be used.
+See also %CSS.Trusted.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
index 2a47e384f..a3c2f42c3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/HTML.XHTML.txt
@@ -1,11 +1,11 @@
-HTML.XHTML
-TYPE: bool
-DEFAULT: true
-VERSION: 1.1.0
-DEPRECATED-VERSION: 1.7.0
-DEPRECATED-USE: HTML.Doctype
---DESCRIPTION--
-Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor.
---ALIASES--
-Core.XHTML
---# vim: et sw=4 sts=4
+HTML.XHTML
+TYPE: bool
+DEFAULT: true
+VERSION: 1.1.0
+DEPRECATED-VERSION: 1.7.0
+DEPRECATED-USE: HTML.Doctype
+--DESCRIPTION--
+Determines whether or not output is XHTML 1.0 or HTML 4.01 flavor.
+--ALIASES--
+Core.XHTML
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
index 08921fde7..2a1370470 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.CommentScriptContents.txt
@@ -1,10 +1,10 @@
-Output.CommentScriptContents
-TYPE: bool
-VERSION: 2.0.0
-DEFAULT: true
---DESCRIPTION--
-Determines whether or not HTML Purifier should attempt to fix up the
-contents of script tags for legacy browsers with comments.
---ALIASES--
-Core.CommentScriptContents
---# vim: et sw=4 sts=4
+Output.CommentScriptContents
+TYPE: bool
+VERSION: 2.0.0
+DEFAULT: true
+--DESCRIPTION--
+Determines whether or not HTML Purifier should attempt to fix up the
+contents of script tags for legacy browsers with comments.
+--ALIASES--
+Core.CommentScriptContents
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
index d6f0d9f29..d215ba2d3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FixInnerHTML.txt
@@ -1,15 +1,15 @@
-Output.FixInnerHTML
-TYPE: bool
-VERSION: 4.3.0
-DEFAULT: true
---DESCRIPTION--
-<p>
-  If true, HTML Purifier will protect against Internet Explorer's
-  mishandling of the <code>innerHTML</code> attribute by appending
-  a space to any attribute that does not contain angled brackets, spaces
-  or quotes, but contains a backtick.  This slightly changes the
-  semantics of any given attribute, so if this is unacceptable and
-  you do not use <code>innerHTML</code> on any of your pages, you can
-  turn this directive off.
-</p>
---# vim: et sw=4 sts=4
+Output.FixInnerHTML
+TYPE: bool
+VERSION: 4.3.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+  If true, HTML Purifier will protect against Internet Explorer's
+  mishandling of the <code>innerHTML</code> attribute by appending
+  a space to any attribute that does not contain angled brackets, spaces
+  or quotes, but contains a backtick.  This slightly changes the
+  semantics of any given attribute, so if this is unacceptable and
+  you do not use <code>innerHTML</code> on any of your pages, you can
+  turn this directive off.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
index 93398e859..e58f91aa8 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.FlashCompat.txt
@@ -1,11 +1,11 @@
-Output.FlashCompat
-TYPE: bool
-VERSION: 4.1.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-  If true, HTML Purifier will generate Internet Explorer compatibility
-  code for all object code.  This is highly recommended if you enable
-  %HTML.SafeObject.
-</p>
---# vim: et sw=4 sts=4
+Output.FlashCompat
+TYPE: bool
+VERSION: 4.1.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  If true, HTML Purifier will generate Internet Explorer compatibility
+  code for all object code.  This is highly recommended if you enable
+  %HTML.SafeObject.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
index 79f8ad82c..4bb902523 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.Newline.txt
@@ -1,13 +1,13 @@
-Output.Newline
-TYPE: string/null
-VERSION: 2.0.1
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    Newline string to format final output with. If left null, HTML Purifier
-    will auto-detect the default newline type of the system and use that;
-    you can manually override it here. Remember, \r\n is Windows, \r
-    is Mac, and \n is Unix.
-</p>
---# vim: et sw=4 sts=4
+Output.Newline
+TYPE: string/null
+VERSION: 2.0.1
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Newline string to format final output with. If left null, HTML Purifier
+    will auto-detect the default newline type of the system and use that;
+    you can manually override it here. Remember, \r\n is Windows, \r
+    is Mac, and \n is Unix.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
index 232b02362..322310651 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.SortAttr.txt
@@ -1,14 +1,14 @@
-Output.SortAttr
-TYPE: bool
-VERSION: 3.2.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-  If true, HTML Purifier will sort attributes by name before writing them back
-  to the document, converting a tag like: <code>&lt;el b="" a="" c="" /&gt;</code>
-  to <code>&lt;el a="" b="" c="" /&gt;</code>. This is a workaround for
-  a bug in FCKeditor which causes it to swap attributes order, adding noise
-  to text diffs. If you're not seeing this bug, chances are, you don't need
-  this directive.
-</p>
---# vim: et sw=4 sts=4
+Output.SortAttr
+TYPE: bool
+VERSION: 3.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  If true, HTML Purifier will sort attributes by name before writing them back
+  to the document, converting a tag like: <code>&lt;el b="" a="" c="" /&gt;</code>
+  to <code>&lt;el a="" b="" c="" /&gt;</code>. This is a workaround for
+  a bug in FCKeditor which causes it to swap attributes order, adding noise
+  to text diffs. If you're not seeing this bug, chances are, you don't need
+  this directive.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
index 06bab00a0..23dd4d3d5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Output.TidyFormat.txt
@@ -1,25 +1,25 @@
-Output.TidyFormat
-TYPE: bool
-VERSION: 1.1.1
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Determines whether or not to run Tidy on the final output for pretty
-    formatting reasons, such as indentation and wrap.
-</p>
-<p>
-    This can greatly improve readability for editors who are hand-editing
-    the HTML, but is by no means necessary as HTML Purifier has already
-    fixed all major errors the HTML may have had. Tidy is a non-default
-    extension, and this directive will silently fail if Tidy is not
-    available.
-</p>
-<p>
-    If you are looking to make the overall look of your page's source
-    better, I recommend running Tidy on the entire page rather than just
-    user-content (after all, the indentation relative to the containing
-    blocks will be incorrect).
-</p>
---ALIASES--
-Core.TidyFormat
---# vim: et sw=4 sts=4
+Output.TidyFormat
+TYPE: bool
+VERSION: 1.1.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Determines whether or not to run Tidy on the final output for pretty
+    formatting reasons, such as indentation and wrap.
+</p>
+<p>
+    This can greatly improve readability for editors who are hand-editing
+    the HTML, but is by no means necessary as HTML Purifier has already
+    fixed all major errors the HTML may have had. Tidy is a non-default
+    extension, and this directive will silently fail if Tidy is not
+    available.
+</p>
+<p>
+    If you are looking to make the overall look of your page's source
+    better, I recommend running Tidy on the entire page rather than just
+    user-content (after all, the indentation relative to the containing
+    blocks will be incorrect).
+</p>
+--ALIASES--
+Core.TidyFormat
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
index 071bc0295..d1820cdbd 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/Test.ForceNoIconv.txt
@@ -1,7 +1,7 @@
-Test.ForceNoIconv
-TYPE: bool
-DEFAULT: false
---DESCRIPTION--
-When set to true, HTMLPurifier_Encoder will act as if iconv does not exist
-and use only pure PHP implementations.
---# vim: et sw=4 sts=4
+Test.ForceNoIconv
+TYPE: bool
+DEFAULT: false
+--DESCRIPTION--
+When set to true, HTMLPurifier_Encoder will act as if iconv does not exist
+and use only pure PHP implementations.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
index eb97307e2..0b0533a77 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.AllowedSchemes.txt
@@ -1,18 +1,18 @@
-URI.AllowedSchemes
-TYPE: lookup
---DEFAULT--
-array (
-  'http' => true,
-  'https' => true,
-  'mailto' => true,
-  'ftp' => true,
-  'nntp' => true,
-  'news' => true,
-  'tel' => true,
-)
---DESCRIPTION--
-Whitelist that defines the schemes that a URI is allowed to have.  This
-prevents XSS attacks from using pseudo-schemes like javascript or mocha.
-There is also support for the <code>data</code> and <code>file</code>
-URI schemes, but they are not enabled by default.
---# vim: et sw=4 sts=4
+URI.AllowedSchemes
+TYPE: lookup
+--DEFAULT--
+array (
+  'http' => true,
+  'https' => true,
+  'mailto' => true,
+  'ftp' => true,
+  'nntp' => true,
+  'news' => true,
+  'tel' => true,
+)
+--DESCRIPTION--
+Whitelist that defines the schemes that a URI is allowed to have.  This
+prevents XSS attacks from using pseudo-schemes like javascript or mocha.
+There is also support for the <code>data</code> and <code>file</code>
+URI schemes, but they are not enabled by default.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
index 876f0680c..ba4730808 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Base.txt
@@ -1,17 +1,17 @@
-URI.Base
-TYPE: string/null
-VERSION: 2.1.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    The base URI is the URI of the document this purified HTML will be
-    inserted into.  This information is important if HTML Purifier needs
-    to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
-    is on.  You may use a non-absolute URI for this value, but behavior
-    may vary (%URI.MakeAbsolute deals nicely with both absolute and
-    relative paths, but forwards-compatibility is not guaranteed).
-    <strong>Warning:</strong> If set, the scheme on this URI
-    overrides the one specified by %URI.DefaultScheme.
-</p>
---# vim: et sw=4 sts=4
+URI.Base
+TYPE: string/null
+VERSION: 2.1.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    The base URI is the URI of the document this purified HTML will be
+    inserted into.  This information is important if HTML Purifier needs
+    to calculate absolute URIs from relative URIs, such as when %URI.MakeAbsolute
+    is on.  You may use a non-absolute URI for this value, but behavior
+    may vary (%URI.MakeAbsolute deals nicely with both absolute and
+    relative paths, but forwards-compatibility is not guaranteed).
+    <strong>Warning:</strong> If set, the scheme on this URI
+    overrides the one specified by %URI.DefaultScheme.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
index 834bc08c0..981e44325 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
@@ -1,15 +1,15 @@
-URI.DefaultScheme
-TYPE: string/null
-DEFAULT: 'http'
---DESCRIPTION--
-
-<p>
-    Defines through what scheme the output will be served, in order to
-    select the proper object validator when no scheme information is present.
-</p>
-
-<p>
-    Starting with HTML Purifier 4.9.0, the default scheme can be null, in
-    which case we reject all URIs which do not have explicit schemes.
-</p>
---# vim: et sw=4 sts=4
+URI.DefaultScheme
+TYPE: string/null
+DEFAULT: 'http'
+--DESCRIPTION--
+
+<p>
+    Defines through what scheme the output will be served, in order to
+    select the proper object validator when no scheme information is present.
+</p>
+
+<p>
+    Starting with HTML Purifier 4.9.0, the default scheme can be null, in
+    which case we reject all URIs which do not have explicit schemes.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
index f05312ba8..523204c08 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionID.txt
@@ -1,11 +1,11 @@
-URI.DefinitionID
-TYPE: string/null
-VERSION: 2.1.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    Unique identifier for a custom-built URI definition. If you  want
-    to add custom URIFilters, you must specify this value.
-</p>
---# vim: et sw=4 sts=4
+URI.DefinitionID
+TYPE: string/null
+VERSION: 2.1.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Unique identifier for a custom-built URI definition. If you  want
+    to add custom URIFilters, you must specify this value.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
index 80cfea93f..a9c07b1a3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DefinitionRev.txt
@@ -1,11 +1,11 @@
-URI.DefinitionRev
-TYPE: int
-VERSION: 2.1.0
-DEFAULT: 1
---DESCRIPTION--
-
-<p>
-    Revision identifier for your custom definition. See
-    %HTML.DefinitionRev for details.
-</p>
---# vim: et sw=4 sts=4
+URI.DefinitionRev
+TYPE: int
+VERSION: 2.1.0
+DEFAULT: 1
+--DESCRIPTION--
+
+<p>
+    Revision identifier for your custom definition. See
+    %HTML.DefinitionRev for details.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
index 71ce025a2..b19ca1d5b 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Disable.txt
@@ -1,14 +1,14 @@
-URI.Disable
-TYPE: bool
-VERSION: 1.3.0
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-    Disables all URIs in all forms. Not sure why you'd want to do that
-    (after all, the Internet's founded on the notion of a hyperlink).
-</p>
-
---ALIASES--
-Attr.DisableURI
---# vim: et sw=4 sts=4
+URI.Disable
+TYPE: bool
+VERSION: 1.3.0
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+    Disables all URIs in all forms. Not sure why you'd want to do that
+    (after all, the Internet's founded on the notion of a hyperlink).
+</p>
+
+--ALIASES--
+Attr.DisableURI
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
index 13c122c8c..9132ea4f5 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternal.txt
@@ -1,11 +1,11 @@
-URI.DisableExternal
-TYPE: bool
-VERSION: 1.2.0
-DEFAULT: false
---DESCRIPTION--
-Disables links to external websites.  This is a highly effective anti-spam
-and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
-images outside of your domain will be allowed.  Non-linkified URIs will
-still be preserved.  If you want to be able to link to subdomains or use
-absolute URIs, specify %URI.Host for your website.
---# vim: et sw=4 sts=4
+URI.DisableExternal
+TYPE: bool
+VERSION: 1.2.0
+DEFAULT: false
+--DESCRIPTION--
+Disables links to external websites.  This is a highly effective anti-spam
+and anti-pagerank-leech measure, but comes at a hefty price: nolinks or
+images outside of your domain will be allowed.  Non-linkified URIs will
+still be preserved.  If you want to be able to link to subdomains or use
+absolute URIs, specify %URI.Host for your website.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
index abcc1efd6..d74bc1e3d 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableExternalResources.txt
@@ -1,13 +1,13 @@
-URI.DisableExternalResources
-TYPE: bool
-VERSION: 1.3.0
-DEFAULT: false
---DESCRIPTION--
-Disables the embedding of external resources, preventing users from
-embedding things like images from other hosts. This prevents access
-tracking (good for email viewers), bandwidth leeching, cross-site request
-forging, goatse.cx posting, and other nasties, but also results in a loss
-of end-user functionality (they can't directly post a pic they posted from
-Flickr anymore). Use it if you don't have a robust user-content moderation
-team.
---# vim: et sw=4 sts=4
+URI.DisableExternalResources
+TYPE: bool
+VERSION: 1.3.0
+DEFAULT: false
+--DESCRIPTION--
+Disables the embedding of external resources, preventing users from
+embedding things like images from other hosts. This prevents access
+tracking (good for email viewers), bandwidth leeching, cross-site request
+forging, goatse.cx posting, and other nasties, but also results in a loss
+of end-user functionality (they can't directly post a pic they posted from
+Flickr anymore). Use it if you don't have a robust user-content moderation
+team.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
index f891de499..6c106144a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.DisableResources.txt
@@ -1,15 +1,15 @@
-URI.DisableResources
-TYPE: bool
-VERSION: 4.2.0
-DEFAULT: false
---DESCRIPTION--
-<p>
-    Disables embedding resources, essentially meaning no pictures. You can
-    still link to them though. See %URI.DisableExternalResources for why
-    this might be a good idea.
-</p>
-<p>
-    <em>Note:</em> While this directive has been available since 1.3.0,
-    it didn't actually start doing anything until 4.2.0.
-</p>
---# vim: et sw=4 sts=4
+URI.DisableResources
+TYPE: bool
+VERSION: 4.2.0
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    Disables embedding resources, essentially meaning no pictures. You can
+    still link to them though. See %URI.DisableExternalResources for why
+    this might be a good idea.
+</p>
+<p>
+    <em>Note:</em> While this directive has been available since 1.3.0,
+    it didn't actually start doing anything until 4.2.0.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
index ee83b121d..ba0e6bce1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Host.txt
@@ -1,19 +1,19 @@
-URI.Host
-TYPE: string/null
-VERSION: 1.2.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    Defines the domain name of the server, so we can determine whether or
-    an absolute URI is from your website or not.  Not strictly necessary,
-    as users should be using relative URIs to reference resources on your
-    website.  It will, however, let you use absolute URIs to link to
-    subdomains of the domain you post here: i.e. example.com will allow
-    sub.example.com.  However, higher up domains will still be excluded:
-    if you set %URI.Host to sub.example.com, example.com will be blocked.
-    <strong>Note:</strong> This directive overrides %URI.Base because
-    a given page may be on a sub-domain, but you wish HTML Purifier to be
-    more relaxed and allow some of the parent domains too.
-</p>
---# vim: et sw=4 sts=4
+URI.Host
+TYPE: string/null
+VERSION: 1.2.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Defines the domain name of the server, so we can determine whether or
+    an absolute URI is from your website or not.  Not strictly necessary,
+    as users should be using relative URIs to reference resources on your
+    website.  It will, however, let you use absolute URIs to link to
+    subdomains of the domain you post here: i.e. example.com will allow
+    sub.example.com.  However, higher up domains will still be excluded:
+    if you set %URI.Host to sub.example.com, example.com will be blocked.
+    <strong>Note:</strong> This directive overrides %URI.Base because
+    a given page may be on a sub-domain, but you wish HTML Purifier to be
+    more relaxed and allow some of the parent domains too.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
index 0b6df7625..825fef276 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.HostBlacklist.txt
@@ -1,9 +1,9 @@
-URI.HostBlacklist
-TYPE: list
-VERSION: 1.3.0
-DEFAULT: array()
---DESCRIPTION--
-List of strings that are forbidden in the host of any URI. Use it to kill
-domain names of spam, etc. Note that it will catch anything in the domain,
-so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
---# vim: et sw=4 sts=4
+URI.HostBlacklist
+TYPE: list
+VERSION: 1.3.0
+DEFAULT: array()
+--DESCRIPTION--
+List of strings that are forbidden in the host of any URI. Use it to kill
+domain names of spam, etc. Note that it will catch anything in the domain,
+so <tt>moo.com</tt> will catch <tt>moo.com.example.com</tt>.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
index 4214900a5..eb58c7f1a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MakeAbsolute.txt
@@ -1,13 +1,13 @@
-URI.MakeAbsolute
-TYPE: bool
-VERSION: 2.1.0
-DEFAULT: false
---DESCRIPTION--
-
-<p>
-    Converts all URIs into absolute forms. This is useful when the HTML
-    being filtered assumes a specific base path, but will actually be
-    viewed in a different context (and setting an alternate base URI is
-    not possible). %URI.Base must be set for this directive to work.
-</p>
---# vim: et sw=4 sts=4
+URI.MakeAbsolute
+TYPE: bool
+VERSION: 2.1.0
+DEFAULT: false
+--DESCRIPTION--
+
+<p>
+    Converts all URIs into absolute forms. This is useful when the HTML
+    being filtered assumes a specific base path, but will actually be
+    viewed in a different context (and setting an alternate base URI is
+    not possible). %URI.Base must be set for this directive to work.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
index 58c81dcc4..bedd610d6 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.Munge.txt
@@ -1,83 +1,83 @@
-URI.Munge
-TYPE: string/null
-VERSION: 1.3.0
-DEFAULT: NULL
---DESCRIPTION--
-
-<p>
-    Munges all browsable (usually http, https and ftp)
-    absolute URIs into another URI, usually a URI redirection service.
-    This directive accepts a URI, formatted with a <code>%s</code> where
-    the url-encoded original URI should be inserted (sample:
-    <code>http://www.google.com/url?q=%s</code>).
-</p>
-<p>
-    Uses for this directive:
-</p>
-<ul>
-    <li>
-        Prevent PageRank leaks, while being fairly transparent
-        to users (you may also want to add some client side JavaScript to
-        override the text in the statusbar). <strong>Notice</strong>:
-        Many security experts believe that this form of protection does not deter spam-bots.
-    </li>
-    <li>
-        Redirect users to a splash page telling them they are leaving your
-        website. While this is poor usability practice, it is often mandated
-        in corporate environments.
-    </li>
-</ul>
-<p>
-    Prior to HTML Purifier 3.1.1, this directive also enabled the munging
-    of browsable external resources, which could break things if your redirection
-    script was a splash page or used <code>meta</code> tags. To revert to
-    previous behavior, please use %URI.MungeResources.
-</p>
-<p>
-    You may want to also use %URI.MungeSecretKey along with this directive
-    in order to enforce what URIs your redirector script allows. Open
-    redirector scripts can be a security risk and negatively affect the
-    reputation of your domain name.
-</p>
-<p>
-    Starting with HTML Purifier 3.1.1, there is also these substitutions:
-</p>
-<table>
-    <thead>
-        <tr>
-            <th>Key</th>
-            <th>Description</th>
-            <th>Example <code>&lt;a href=""&gt;</code></th>
-        </tr>
-    </thead>
-    <tbody>
-        <tr>
-            <td>%r</td>
-            <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
-            <td></td>
-        </tr>
-        <tr>
-            <td>%n</td>
-            <td>The name of the tag this URI came from</td>
-            <td>a</td>
-        </tr>
-        <tr>
-            <td>%m</td>
-            <td>The name of the attribute this URI came from</td>
-            <td>href</td>
-        </tr>
-        <tr>
-            <td>%p</td>
-            <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
-            <td></td>
-        </tr>
-    </tbody>
-</table>
-<p>
-    Admittedly, these letters are somewhat arbitrary; the only stipulation
-    was that they couldn't be a through f. r is for resource (I would have preferred
-    e, but you take what you can get), n is for name, m
-    was picked because it came after n (and I couldn't use a), p is for
-    property.
-</p>
---# vim: et sw=4 sts=4
+URI.Munge
+TYPE: string/null
+VERSION: 1.3.0
+DEFAULT: NULL
+--DESCRIPTION--
+
+<p>
+    Munges all browsable (usually http, https and ftp)
+    absolute URIs into another URI, usually a URI redirection service.
+    This directive accepts a URI, formatted with a <code>%s</code> where
+    the url-encoded original URI should be inserted (sample:
+    <code>http://www.google.com/url?q=%s</code>).
+</p>
+<p>
+    Uses for this directive:
+</p>
+<ul>
+    <li>
+        Prevent PageRank leaks, while being fairly transparent
+        to users (you may also want to add some client side JavaScript to
+        override the text in the statusbar). <strong>Notice</strong>:
+        Many security experts believe that this form of protection does not deter spam-bots.
+    </li>
+    <li>
+        Redirect users to a splash page telling them they are leaving your
+        website. While this is poor usability practice, it is often mandated
+        in corporate environments.
+    </li>
+</ul>
+<p>
+    Prior to HTML Purifier 3.1.1, this directive also enabled the munging
+    of browsable external resources, which could break things if your redirection
+    script was a splash page or used <code>meta</code> tags. To revert to
+    previous behavior, please use %URI.MungeResources.
+</p>
+<p>
+    You may want to also use %URI.MungeSecretKey along with this directive
+    in order to enforce what URIs your redirector script allows. Open
+    redirector scripts can be a security risk and negatively affect the
+    reputation of your domain name.
+</p>
+<p>
+    Starting with HTML Purifier 3.1.1, there is also these substitutions:
+</p>
+<table>
+    <thead>
+        <tr>
+            <th>Key</th>
+            <th>Description</th>
+            <th>Example <code>&lt;a href=""&gt;</code></th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>%r</td>
+            <td>1 - The URI embeds a resource<br />(blank) - The URI is merely a link</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>%n</td>
+            <td>The name of the tag this URI came from</td>
+            <td>a</td>
+        </tr>
+        <tr>
+            <td>%m</td>
+            <td>The name of the attribute this URI came from</td>
+            <td>href</td>
+        </tr>
+        <tr>
+            <td>%p</td>
+            <td>The name of the CSS property this URI came from, or blank if irrelevant</td>
+            <td></td>
+        </tr>
+    </tbody>
+</table>
+<p>
+    Admittedly, these letters are somewhat arbitrary; the only stipulation
+    was that they couldn't be a through f. r is for resource (I would have preferred
+    e, but you take what you can get), n is for name, m
+    was picked because it came after n (and I couldn't use a), p is for
+    property.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
index 6fce0fdc3..ed4b5b0d0 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeResources.txt
@@ -1,17 +1,17 @@
-URI.MungeResources
-TYPE: bool
-VERSION: 3.1.1
-DEFAULT: false
---DESCRIPTION--
-<p>
-    If true, any URI munging directives like %URI.Munge
-    will also apply to embedded resources, such as <code>&lt;img src=""&gt;</code>.
-    Be careful enabling this directive if you have a redirector script
-    that does not use the <code>Location</code> HTTP header; all of your images
-    and other embedded resources will break.
-</p>
-<p>
-    <strong>Warning:</strong> It is strongly advised you use this in conjunction
-    %URI.MungeSecretKey to mitigate the security risk of an open redirector.
-</p>
---# vim: et sw=4 sts=4
+URI.MungeResources
+TYPE: bool
+VERSION: 3.1.1
+DEFAULT: false
+--DESCRIPTION--
+<p>
+    If true, any URI munging directives like %URI.Munge
+    will also apply to embedded resources, such as <code>&lt;img src=""&gt;</code>.
+    Be careful enabling this directive if you have a redirector script
+    that does not use the <code>Location</code> HTTP header; all of your images
+    and other embedded resources will break.
+</p>
+<p>
+    <strong>Warning:</strong> It is strongly advised you use this in conjunction
+    %URI.MungeSecretKey to mitigate the security risk of an open redirector.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
index 1e17c1d46..123b6e26b 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
@@ -1,30 +1,30 @@
-URI.MungeSecretKey
-TYPE: string/null
-VERSION: 3.1.1
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    This directive enables secure checksum generation along with %URI.Munge.
-    It should be set to a secure key that is not shared with anyone else.
-    The checksum can be placed in the URI using %t. Use of this checksum
-    affords an additional level of protection by allowing a redirector
-    to check if a URI has passed through HTML Purifier with this line:
-</p>
-
-<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
-
-<p>
-    If the output is TRUE, the redirector script should accept the URI.
-</p>
-
-<p>
-    Please note that it would still be possible for an attacker to procure
-    secure hashes en-mass by abusing your website's Preview feature or the
-    like, but this service affords an additional level of protection
-    that should be combined with website blacklisting.
-</p>
-
-<p>
-    Remember this has no effect if %URI.Munge is not on.
-</p>
---# vim: et sw=4 sts=4
+URI.MungeSecretKey
+TYPE: string/null
+VERSION: 3.1.1
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    This directive enables secure checksum generation along with %URI.Munge.
+    It should be set to a secure key that is not shared with anyone else.
+    The checksum can be placed in the URI using %t. Use of this checksum
+    affords an additional level of protection by allowing a redirector
+    to check if a URI has passed through HTML Purifier with this line:
+</p>
+
+<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
+
+<p>
+    If the output is TRUE, the redirector script should accept the URI.
+</p>
+
+<p>
+    Please note that it would still be possible for an attacker to procure
+    secure hashes en-mass by abusing your website's Preview feature or the
+    like, but this service affords an additional level of protection
+    that should be combined with website blacklisting.
+</p>
+
+<p>
+    Remember this has no effect if %URI.Munge is not on.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
index 23331a4e7..8b387dea3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.OverrideAllowedSchemes.txt
@@ -1,9 +1,9 @@
-URI.OverrideAllowedSchemes
-TYPE: bool
-DEFAULT: true
---DESCRIPTION--
-If this is set to true (which it is by default), you can override
-%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the
-registry.  If false, you will also have to update that directive in order
-to add more schemes.
---# vim: et sw=4 sts=4
+URI.OverrideAllowedSchemes
+TYPE: bool
+DEFAULT: true
+--DESCRIPTION--
+If this is set to true (which it is by default), you can override
+%URI.AllowedSchemes by simply registering a HTMLPurifier_URIScheme to the
+registry.  If false, you will also have to update that directive in order
+to add more schemes.
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
index 79084832b..7e1f227f7 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/URI.SafeIframeRegexp.txt
@@ -1,22 +1,22 @@
-URI.SafeIframeRegexp
-TYPE: string/null
-VERSION: 4.4.0
-DEFAULT: NULL
---DESCRIPTION--
-<p>
-    A PCRE regular expression that will be matched against an iframe URI.  This is
-    a relatively inflexible scheme, but works well enough for the most common
-    use-case of iframes: embedded video.  This directive only has an effect if
-    %HTML.SafeIframe is enabled.  Here are some example values:
-</p>
-<ul>
-    <li><code>%^http://www.youtube.com/embed/%</code> - Allow YouTube videos</li>
-    <li><code>%^http://player.vimeo.com/video/%</code> - Allow Vimeo videos</li>
-    <li><code>%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%</code> - Allow both</li>
-</ul>
-<p>
-    Note that this directive does not give you enough granularity to, say, disable
-    all <code>autoplay</code> videos.  Pipe up on the HTML Purifier forums if this
-    is a capability you want.
-</p>
---# vim: et sw=4 sts=4
+URI.SafeIframeRegexp
+TYPE: string/null
+VERSION: 4.4.0
+DEFAULT: NULL
+--DESCRIPTION--
+<p>
+    A PCRE regular expression that will be matched against an iframe URI.  This is
+    a relatively inflexible scheme, but works well enough for the most common
+    use-case of iframes: embedded video.  This directive only has an effect if
+    %HTML.SafeIframe is enabled.  Here are some example values:
+</p>
+<ul>
+    <li><code>%^http://www.youtube.com/embed/%</code> - Allow YouTube videos</li>
+    <li><code>%^http://player.vimeo.com/video/%</code> - Allow Vimeo videos</li>
+    <li><code>%^http://(www.youtube.com/embed/|player.vimeo.com/video/)%</code> - Allow both</li>
+</ul>
+<p>
+    Note that this directive does not give you enough granularity to, say, disable
+    all <code>autoplay</code> videos.  Pipe up on the HTML Purifier forums if this
+    is a capability you want.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
index 5de4505e1..58e0ce4a1 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/schema/info.ini
@@ -1,3 +1,3 @@
-name = "HTML Purifier"
-
-; vim: et sw=4 sts=4
+name = "HTML Purifier"
+
+; vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
index 66f70b0fc..5af24c202 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/ExtractStyleBlocks.php
@@ -1,341 +1,341 @@
-<?php
-
-// why is this a top level function? Because PHP 5.2.0 doesn't seem to
-// understand how to interpret this filter if it's a static method.
-// It's all really silly, but if we go this route it might be reasonable
-// to coalesce all of these methods into one.
-function htmlpurifier_filter_extractstyleblocks_muteerrorhandler()
-{
-}
-
-/**
- * This filter extracts <style> blocks from input HTML, cleans them up
- * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')
- * so they can be used elsewhere in the document.
- *
- * @note
- *      See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for
- *      sample usage.
- *
- * @note
- *      This filter can also be used on stylesheets not included in the
- *      document--something purists would probably prefer. Just directly
- *      call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()
- */
-class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
-{
-    /**
-     * @type string
-     */
-    public $name = 'ExtractStyleBlocks';
-
-    /**
-     * @type array
-     */
-    private $_styleMatches = array();
-
-    /**
-     * @type csstidy
-     */
-    private $_tidy;
-
-    /**
-     * @type HTMLPurifier_AttrDef_HTML_ID
-     */
-    private $_id_attrdef;
-
-    /**
-     * @type HTMLPurifier_AttrDef_CSS_Ident
-     */
-    private $_class_attrdef;
-
-    /**
-     * @type HTMLPurifier_AttrDef_Enum
-     */
-    private $_enum_attrdef;
-
-    public function __construct()
-    {
-        $this->_tidy = new csstidy();
-        $this->_tidy->set_cfg('lowercase_s', false);
-        $this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);
-        $this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();
-        $this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(
-            array(
-                'first-child',
-                'link',
-                'visited',
-                'active',
-                'hover',
-                'focus'
-            )
-        );
-    }
-
-    /**
-     * Save the contents of CSS blocks to style matches
-     * @param array $matches preg_replace style $matches array
-     */
-    protected function styleCallback($matches)
-    {
-        $this->_styleMatches[] = $matches[1];
-    }
-
-    /**
-     * Removes inline <style> tags from HTML, saves them for later use
-     * @param string $html
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return string
-     * @todo Extend to indicate non-text/css style blocks
-     */
-    public function preFilter($html, $config, $context)
-    {
-        $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');
-        if ($tidy !== null) {
-            $this->_tidy = $tidy;
-        }
-        // NB: this must be NON-greedy because if we have
-        // <style>foo</style>  <style>bar</style>
-        // we must not grab foo</style>  <style>bar
-        $html = preg_replace_callback('#<style(?:\s.*)?>(.*)<\/style>#isU', array($this, 'styleCallback'), $html);
-        $style_blocks = $this->_styleMatches;
-        $this->_styleMatches = array(); // reset
-        $context->register('StyleBlocks', $style_blocks); // $context must not be reused
-        if ($this->_tidy) {
-            foreach ($style_blocks as &$style) {
-                $style = $this->cleanCSS($style, $config, $context);
-            }
-        }
-        return $html;
-    }
-
-    /**
-     * Takes CSS (the stuff found in <style>) and cleans it.
-     * @warning Requires CSSTidy <http://csstidy.sourceforge.net/>
-     * @param string $css CSS styling to clean
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @throws HTMLPurifier_Exception
-     * @return string Cleaned CSS
-     */
-    public function cleanCSS($css, $config, $context)
-    {
-        // prepare scope
-        $scope = $config->get('Filter.ExtractStyleBlocks.Scope');
-        if ($scope !== null) {
-            $scopes = array_map('trim', explode(',', $scope));
-        } else {
-            $scopes = array();
-        }
-        // remove comments from CSS
-        $css = trim($css);
-        if (strncmp('<!--', $css, 4) === 0) {
-            $css = substr($css, 4);
-        }
-        if (strlen($css) > 3 && substr($css, -3) == '-->') {
-            $css = substr($css, 0, -3);
-        }
-        $css = trim($css);
-        set_error_handler('htmlpurifier_filter_extractstyleblocks_muteerrorhandler');
-        $this->_tidy->parse($css);
-        restore_error_handler();
-        $css_definition = $config->getDefinition('CSS');
-        $html_definition = $config->getDefinition('HTML');
-        $new_css = array();
-        foreach ($this->_tidy->css as $k => $decls) {
-            // $decls are all CSS declarations inside an @ selector
-            $new_decls = array();
-            foreach ($decls as $selector => $style) {
-                $selector = trim($selector);
-                if ($selector === '') {
-                    continue;
-                } // should not happen
-                // Parse the selector
-                // Here is the relevant part of the CSS grammar:
-                //
-                // ruleset
-                //   : selector [ ',' S* selector ]* '{' ...
-                // selector
-                //   : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?
-                // combinator
-                //   : '+' S*
-                //   : '>' S*
-                // simple_selector
-                //   : element_name [ HASH | class | attrib | pseudo ]*
-                //   | [ HASH | class | attrib | pseudo ]+
-                // element_name
-                //   : IDENT | '*'
-                //   ;
-                // class
-                //   : '.' IDENT
-                //   ;
-                // attrib
-                //   : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*
-                //     [ IDENT | STRING ] S* ]? ']'
-                //   ;
-                // pseudo
-                //   : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]
-                //   ;
-                //
-                // For reference, here are the relevant tokens:
-                //
-                // HASH         #{name}
-                // IDENT        {ident}
-                // INCLUDES     ==
-                // DASHMATCH    |=
-                // STRING       {string}
-                // FUNCTION     {ident}\(
-                //
-                // And the lexical scanner tokens
-                //
-                // name         {nmchar}+
-                // nmchar       [_a-z0-9-]|{nonascii}|{escape}
-                // nonascii     [\240-\377]
-                // escape       {unicode}|\\[^\r\n\f0-9a-f]
-                // unicode      \\{h}}{1,6}(\r\n|[ \t\r\n\f])?
-                // ident        -?{nmstart}{nmchar*}
-                // nmstart      [_a-z]|{nonascii}|{escape}
-                // string       {string1}|{string2}
-                // string1      \"([^\n\r\f\\"]|\\{nl}|{escape})*\"
-                // string2      \'([^\n\r\f\\"]|\\{nl}|{escape})*\'
-                //
-                // We'll implement a subset (in order to reduce attack
-                // surface); in particular:
-                //
-                //      - No Unicode support
-                //      - No escapes support
-                //      - No string support (by proxy no attrib support)
-                //      - element_name is matched against allowed
-                //        elements (some people might find this
-                //        annoying...)
-                //      - Pseudo-elements one of :first-child, :link,
-                //        :visited, :active, :hover, :focus
-
-                // handle ruleset
-                $selectors = array_map('trim', explode(',', $selector));
-                $new_selectors = array();
-                foreach ($selectors as $sel) {
-                    // split on +, > and spaces
-                    $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);
-                    // even indices are chunks, odd indices are
-                    // delimiters
-                    $nsel = null;
-                    $delim = null; // guaranteed to be non-null after
-                    // two loop iterations
-                    for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {
-                        $x = $basic_selectors[$i];
-                        if ($i % 2) {
-                            // delimiter
-                            if ($x === ' ') {
-                                $delim = ' ';
-                            } else {
-                                $delim = ' ' . $x . ' ';
-                            }
-                        } else {
-                            // simple selector
-                            $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);
-                            $sdelim = null;
-                            $nx = null;
-                            for ($j = 0, $cc = count($components); $j < $cc; $j++) {
-                                $y = $components[$j];
-                                if ($j === 0) {
-                                    if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {
-                                        $nx = $y;
-                                    } else {
-                                        // $nx stays null; this matters
-                                        // if we don't manage to find
-                                        // any valid selector content,
-                                        // in which case we ignore the
-                                        // outer $delim
-                                    }
-                                } elseif ($j % 2) {
-                                    // set delimiter
-                                    $sdelim = $y;
-                                } else {
-                                    $attrdef = null;
-                                    if ($sdelim === '#') {
-                                        $attrdef = $this->_id_attrdef;
-                                    } elseif ($sdelim === '.') {
-                                        $attrdef = $this->_class_attrdef;
-                                    } elseif ($sdelim === ':') {
-                                        $attrdef = $this->_enum_attrdef;
-                                    } else {
-                                        throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');
-                                    }
-                                    $r = $attrdef->validate($y, $config, $context);
-                                    if ($r !== false) {
-                                        if ($r !== true) {
-                                            $y = $r;
-                                        }
-                                        if ($nx === null) {
-                                            $nx = '';
-                                        }
-                                        $nx .= $sdelim . $y;
-                                    }
-                                }
-                            }
-                            if ($nx !== null) {
-                                if ($nsel === null) {
-                                    $nsel = $nx;
-                                } else {
-                                    $nsel .= $delim . $nx;
-                                }
-                            } else {
-                                // delimiters to the left of invalid
-                                // basic selector ignored
-                            }
-                        }
-                    }
-                    if ($nsel !== null) {
-                        if (!empty($scopes)) {
-                            foreach ($scopes as $s) {
-                                $new_selectors[] = "$s $nsel";
-                            }
-                        } else {
-                            $new_selectors[] = $nsel;
-                        }
-                    }
-                }
-                if (empty($new_selectors)) {
-                    continue;
-                }
-                $selector = implode(', ', $new_selectors);
-                foreach ($style as $name => $value) {
-                    if (!isset($css_definition->info[$name])) {
-                        unset($style[$name]);
-                        continue;
-                    }
-                    $def = $css_definition->info[$name];
-                    $ret = $def->validate($value, $config, $context);
-                    if ($ret === false) {
-                        unset($style[$name]);
-                    } else {
-                        $style[$name] = $ret;
-                    }
-                }
-                $new_decls[$selector] = $style;
-            }
-            $new_css[$k] = $new_decls;
-        }
-        // remove stuff that shouldn't be used, could be reenabled
-        // after security risks are analyzed
-        $this->_tidy->css = $new_css;
-        $this->_tidy->import = array();
-        $this->_tidy->charset = null;
-        $this->_tidy->namespace = null;
-        $css = $this->_tidy->print->plain();
-        // we are going to escape any special characters <>& to ensure
-        // that no funny business occurs (i.e. </style> in a font-family prop).
-        if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {
-            $css = str_replace(
-                array('<', '>', '&'),
-                array('\3C ', '\3E ', '\26 '),
-                $css
-            );
-        }
-        return $css;
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+// why is this a top level function? Because PHP 5.2.0 doesn't seem to
+// understand how to interpret this filter if it's a static method.
+// It's all really silly, but if we go this route it might be reasonable
+// to coalesce all of these methods into one.
+function htmlpurifier_filter_extractstyleblocks_muteerrorhandler()
+{
+}
+
+/**
+ * This filter extracts <style> blocks from input HTML, cleans them up
+ * using CSSTidy, and then places them in $purifier->context->get('StyleBlocks')
+ * so they can be used elsewhere in the document.
+ *
+ * @note
+ *      See tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php for
+ *      sample usage.
+ *
+ * @note
+ *      This filter can also be used on stylesheets not included in the
+ *      document--something purists would probably prefer. Just directly
+ *      call HTMLPurifier_Filter_ExtractStyleBlocks->cleanCSS()
+ */
+class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
+{
+    /**
+     * @type string
+     */
+    public $name = 'ExtractStyleBlocks';
+
+    /**
+     * @type array
+     */
+    private $_styleMatches = array();
+
+    /**
+     * @type csstidy
+     */
+    private $_tidy;
+
+    /**
+     * @type HTMLPurifier_AttrDef_HTML_ID
+     */
+    private $_id_attrdef;
+
+    /**
+     * @type HTMLPurifier_AttrDef_CSS_Ident
+     */
+    private $_class_attrdef;
+
+    /**
+     * @type HTMLPurifier_AttrDef_Enum
+     */
+    private $_enum_attrdef;
+
+    public function __construct()
+    {
+        $this->_tidy = new csstidy();
+        $this->_tidy->set_cfg('lowercase_s', false);
+        $this->_id_attrdef = new HTMLPurifier_AttrDef_HTML_ID(true);
+        $this->_class_attrdef = new HTMLPurifier_AttrDef_CSS_Ident();
+        $this->_enum_attrdef = new HTMLPurifier_AttrDef_Enum(
+            array(
+                'first-child',
+                'link',
+                'visited',
+                'active',
+                'hover',
+                'focus'
+            )
+        );
+    }
+
+    /**
+     * Save the contents of CSS blocks to style matches
+     * @param array $matches preg_replace style $matches array
+     */
+    protected function styleCallback($matches)
+    {
+        $this->_styleMatches[] = $matches[1];
+    }
+
+    /**
+     * Removes inline <style> tags from HTML, saves them for later use
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     * @todo Extend to indicate non-text/css style blocks
+     */
+    public function preFilter($html, $config, $context)
+    {
+        $tidy = $config->get('Filter.ExtractStyleBlocks.TidyImpl');
+        if ($tidy !== null) {
+            $this->_tidy = $tidy;
+        }
+        // NB: this must be NON-greedy because if we have
+        // <style>foo</style>  <style>bar</style>
+        // we must not grab foo</style>  <style>bar
+        $html = preg_replace_callback('#<style(?:\s.*)?>(.*)<\/style>#isU', array($this, 'styleCallback'), $html);
+        $style_blocks = $this->_styleMatches;
+        $this->_styleMatches = array(); // reset
+        $context->register('StyleBlocks', $style_blocks); // $context must not be reused
+        if ($this->_tidy) {
+            foreach ($style_blocks as &$style) {
+                $style = $this->cleanCSS($style, $config, $context);
+            }
+        }
+        return $html;
+    }
+
+    /**
+     * Takes CSS (the stuff found in <style>) and cleans it.
+     * @warning Requires CSSTidy <http://csstidy.sourceforge.net/>
+     * @param string $css CSS styling to clean
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @throws HTMLPurifier_Exception
+     * @return string Cleaned CSS
+     */
+    public function cleanCSS($css, $config, $context)
+    {
+        // prepare scope
+        $scope = $config->get('Filter.ExtractStyleBlocks.Scope');
+        if ($scope !== null) {
+            $scopes = array_map('trim', explode(',', $scope));
+        } else {
+            $scopes = array();
+        }
+        // remove comments from CSS
+        $css = trim($css);
+        if (strncmp('<!--', $css, 4) === 0) {
+            $css = substr($css, 4);
+        }
+        if (strlen($css) > 3 && substr($css, -3) == '-->') {
+            $css = substr($css, 0, -3);
+        }
+        $css = trim($css);
+        set_error_handler('htmlpurifier_filter_extractstyleblocks_muteerrorhandler');
+        $this->_tidy->parse($css);
+        restore_error_handler();
+        $css_definition = $config->getDefinition('CSS');
+        $html_definition = $config->getDefinition('HTML');
+        $new_css = array();
+        foreach ($this->_tidy->css as $k => $decls) {
+            // $decls are all CSS declarations inside an @ selector
+            $new_decls = array();
+            foreach ($decls as $selector => $style) {
+                $selector = trim($selector);
+                if ($selector === '') {
+                    continue;
+                } // should not happen
+                // Parse the selector
+                // Here is the relevant part of the CSS grammar:
+                //
+                // ruleset
+                //   : selector [ ',' S* selector ]* '{' ...
+                // selector
+                //   : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?
+                // combinator
+                //   : '+' S*
+                //   : '>' S*
+                // simple_selector
+                //   : element_name [ HASH | class | attrib | pseudo ]*
+                //   | [ HASH | class | attrib | pseudo ]+
+                // element_name
+                //   : IDENT | '*'
+                //   ;
+                // class
+                //   : '.' IDENT
+                //   ;
+                // attrib
+                //   : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*
+                //     [ IDENT | STRING ] S* ]? ']'
+                //   ;
+                // pseudo
+                //   : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]
+                //   ;
+                //
+                // For reference, here are the relevant tokens:
+                //
+                // HASH         #{name}
+                // IDENT        {ident}
+                // INCLUDES     ==
+                // DASHMATCH    |=
+                // STRING       {string}
+                // FUNCTION     {ident}\(
+                //
+                // And the lexical scanner tokens
+                //
+                // name         {nmchar}+
+                // nmchar       [_a-z0-9-]|{nonascii}|{escape}
+                // nonascii     [\240-\377]
+                // escape       {unicode}|\\[^\r\n\f0-9a-f]
+                // unicode      \\{h}}{1,6}(\r\n|[ \t\r\n\f])?
+                // ident        -?{nmstart}{nmchar*}
+                // nmstart      [_a-z]|{nonascii}|{escape}
+                // string       {string1}|{string2}
+                // string1      \"([^\n\r\f\\"]|\\{nl}|{escape})*\"
+                // string2      \'([^\n\r\f\\"]|\\{nl}|{escape})*\'
+                //
+                // We'll implement a subset (in order to reduce attack
+                // surface); in particular:
+                //
+                //      - No Unicode support
+                //      - No escapes support
+                //      - No string support (by proxy no attrib support)
+                //      - element_name is matched against allowed
+                //        elements (some people might find this
+                //        annoying...)
+                //      - Pseudo-elements one of :first-child, :link,
+                //        :visited, :active, :hover, :focus
+
+                // handle ruleset
+                $selectors = array_map('trim', explode(',', $selector));
+                $new_selectors = array();
+                foreach ($selectors as $sel) {
+                    // split on +, > and spaces
+                    $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);
+                    // even indices are chunks, odd indices are
+                    // delimiters
+                    $nsel = null;
+                    $delim = null; // guaranteed to be non-null after
+                    // two loop iterations
+                    for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {
+                        $x = $basic_selectors[$i];
+                        if ($i % 2) {
+                            // delimiter
+                            if ($x === ' ') {
+                                $delim = ' ';
+                            } else {
+                                $delim = ' ' . $x . ' ';
+                            }
+                        } else {
+                            // simple selector
+                            $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);
+                            $sdelim = null;
+                            $nx = null;
+                            for ($j = 0, $cc = count($components); $j < $cc; $j++) {
+                                $y = $components[$j];
+                                if ($j === 0) {
+                                    if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {
+                                        $nx = $y;
+                                    } else {
+                                        // $nx stays null; this matters
+                                        // if we don't manage to find
+                                        // any valid selector content,
+                                        // in which case we ignore the
+                                        // outer $delim
+                                    }
+                                } elseif ($j % 2) {
+                                    // set delimiter
+                                    $sdelim = $y;
+                                } else {
+                                    $attrdef = null;
+                                    if ($sdelim === '#') {
+                                        $attrdef = $this->_id_attrdef;
+                                    } elseif ($sdelim === '.') {
+                                        $attrdef = $this->_class_attrdef;
+                                    } elseif ($sdelim === ':') {
+                                        $attrdef = $this->_enum_attrdef;
+                                    } else {
+                                        throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');
+                                    }
+                                    $r = $attrdef->validate($y, $config, $context);
+                                    if ($r !== false) {
+                                        if ($r !== true) {
+                                            $y = $r;
+                                        }
+                                        if ($nx === null) {
+                                            $nx = '';
+                                        }
+                                        $nx .= $sdelim . $y;
+                                    }
+                                }
+                            }
+                            if ($nx !== null) {
+                                if ($nsel === null) {
+                                    $nsel = $nx;
+                                } else {
+                                    $nsel .= $delim . $nx;
+                                }
+                            } else {
+                                // delimiters to the left of invalid
+                                // basic selector ignored
+                            }
+                        }
+                    }
+                    if ($nsel !== null) {
+                        if (!empty($scopes)) {
+                            foreach ($scopes as $s) {
+                                $new_selectors[] = "$s $nsel";
+                            }
+                        } else {
+                            $new_selectors[] = $nsel;
+                        }
+                    }
+                }
+                if (empty($new_selectors)) {
+                    continue;
+                }
+                $selector = implode(', ', $new_selectors);
+                foreach ($style as $name => $value) {
+                    if (!isset($css_definition->info[$name])) {
+                        unset($style[$name]);
+                        continue;
+                    }
+                    $def = $css_definition->info[$name];
+                    $ret = $def->validate($value, $config, $context);
+                    if ($ret === false) {
+                        unset($style[$name]);
+                    } else {
+                        $style[$name] = $ret;
+                    }
+                }
+                $new_decls[$selector] = $style;
+            }
+            $new_css[$k] = $new_decls;
+        }
+        // remove stuff that shouldn't be used, could be reenabled
+        // after security risks are analyzed
+        $this->_tidy->css = $new_css;
+        $this->_tidy->import = array();
+        $this->_tidy->charset = null;
+        $this->_tidy->namespace = null;
+        $css = $this->_tidy->print->plain();
+        // we are going to escape any special characters <>& to ensure
+        // that no funny business occurs (i.e. </style> in a font-family prop).
+        if ($config->get('Filter.ExtractStyleBlocks.Escaping')) {
+            $css = str_replace(
+                array('<', '>', '&'),
+                array('\3C ', '\3E ', '\26 '),
+                $css
+            );
+        }
+        return $css;
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php
index 276d8362f..b90ddf751 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Filter/YouTube.php
@@ -1,65 +1,65 @@
-<?php
-
-class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
-{
-
-    /**
-     * @type string
-     */
-    public $name = 'YouTube';
-
-    /**
-     * @param string $html
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return string
-     */
-    public function preFilter($html, $config, $context)
-    {
-        $pre_regex = '#<object[^>]+>.+?' .
-            '(?:http:)?//www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s';
-        $pre_replace = '<span class="youtube-embed">\1</span>';
-        return preg_replace($pre_regex, $pre_replace, $html);
-    }
-
-    /**
-     * @param string $html
-     * @param HTMLPurifier_Config $config
-     * @param HTMLPurifier_Context $context
-     * @return string
-     */
-    public function postFilter($html, $config, $context)
-    {
-        $post_regex = '#<span class="youtube-embed">((?:v|cp)/[A-Za-z0-9\-_=]+)</span>#';
-        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
-    }
-
-    /**
-     * @param $url
-     * @return string
-     */
-    protected function armorUrl($url)
-    {
-        return str_replace('--', '-&#45;', $url);
-    }
-
-    /**
-     * @param array $matches
-     * @return string
-     */
-    protected function postFilterCallback($matches)
-    {
-        $url = $this->armorUrl($matches[1]);
-        return '<object width="425" height="350" type="application/x-shockwave-flash" ' .
-        'data="//www.youtube.com/' . $url . '">' .
-        '<param name="movie" value="//www.youtube.com/' . $url . '"></param>' .
-        '<!--[if IE]>' .
-        '<embed src="//www.youtube.com/' . $url . '"' .
-        'type="application/x-shockwave-flash"' .
-        'wmode="transparent" width="425" height="350" />' .
-        '<![endif]-->' .
-        '</object>';
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+class HTMLPurifier_Filter_YouTube extends HTMLPurifier_Filter
+{
+
+    /**
+     * @type string
+     */
+    public $name = 'YouTube';
+
+    /**
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function preFilter($html, $config, $context)
+    {
+        $pre_regex = '#<object[^>]+>.+?' .
+            '(?:http:)?//www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s';
+        $pre_replace = '<span class="youtube-embed">\1</span>';
+        return preg_replace($pre_regex, $pre_replace, $html);
+    }
+
+    /**
+     * @param string $html
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function postFilter($html, $config, $context)
+    {
+        $post_regex = '#<span class="youtube-embed">((?:v|cp)/[A-Za-z0-9\-_=]+)</span>#';
+        return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+    }
+
+    /**
+     * @param $url
+     * @return string
+     */
+    protected function armorUrl($url)
+    {
+        return str_replace('--', '-&#45;', $url);
+    }
+
+    /**
+     * @param array $matches
+     * @return string
+     */
+    protected function postFilterCallback($matches)
+    {
+        $url = $this->armorUrl($matches[1]);
+        return '<object width="425" height="350" type="application/x-shockwave-flash" ' .
+        'data="//www.youtube.com/' . $url . '">' .
+        '<param name="movie" value="//www.youtube.com/' . $url . '"></param>' .
+        '<!--[if IE]>' .
+        '<embed src="//www.youtube.com/' . $url . '"' .
+        'type="application/x-shockwave-flash"' .
+        'wmode="transparent" width="425" height="350" />' .
+        '<![endif]-->' .
+        '</object>';
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php
index c7f197e1e..1fa30bdfe 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Language/messages/en.php
@@ -1,55 +1,55 @@
-<?php
-
-$fallback = false;
-
-$messages = array(
-
-    'HTMLPurifier' => 'HTML Purifier',
-// for unit testing purposes
-    'LanguageFactoryTest: Pizza' => 'Pizza',
-    'LanguageTest: List' => '$1',
-    'LanguageTest: Hash' => '$1.Keys; $1.Values',
-    'Item separator' => ', ',
-    'Item separator last' => ' and ', // non-Harvard style
-
-    'ErrorCollector: No errors' => 'No errors detected. However, because error reporting is still incomplete, there may have been errors that the error collector was not notified of; please inspect the output HTML carefully.',
-    'ErrorCollector: At line' => ' at line $line',
-    'ErrorCollector: Incidental errors' => 'Incidental errors',
-    'Lexer: Unclosed comment' => 'Unclosed comment',
-    'Lexer: Unescaped lt' => 'Unescaped less-than sign (<) should be &lt;',
-    'Lexer: Missing gt' => 'Missing greater-than sign (>), previous less-than sign (<) should be escaped',
-    'Lexer: Missing attribute key' => 'Attribute declaration has no key',
-    'Lexer: Missing end quote' => 'Attribute declaration has no end quote',
-    'Lexer: Extracted body' => 'Removed document metadata tags',
-    'Strategy_RemoveForeignElements: Tag transform' => '<$1> element transformed into $CurrentToken.Serialized',
-    'Strategy_RemoveForeignElements: Missing required attribute' => '$CurrentToken.Compact element missing required attribute $1',
-    'Strategy_RemoveForeignElements: Foreign element to text' => 'Unrecognized $CurrentToken.Serialized tag converted to text',
-    'Strategy_RemoveForeignElements: Foreign element removed' => 'Unrecognized $CurrentToken.Serialized tag removed',
-    'Strategy_RemoveForeignElements: Comment removed' => 'Comment containing "$CurrentToken.Data" removed',
-    'Strategy_RemoveForeignElements: Foreign meta element removed' => 'Unrecognized $CurrentToken.Serialized meta tag and all descendants removed',
-    'Strategy_RemoveForeignElements: Token removed to end' => 'Tags and text starting from $1 element where removed to end',
-    'Strategy_RemoveForeignElements: Trailing hyphen in comment removed' => 'Trailing hyphen(s) in comment removed',
-    'Strategy_RemoveForeignElements: Hyphens in comment collapsed' => 'Double hyphens in comments are not allowed, and were collapsed into single hyphens',
-    'Strategy_MakeWellFormed: Unnecessary end tag removed' => 'Unnecessary $CurrentToken.Serialized tag removed',
-    'Strategy_MakeWellFormed: Unnecessary end tag to text' => 'Unnecessary $CurrentToken.Serialized tag converted to text',
-    'Strategy_MakeWellFormed: Tag auto closed' => '$1.Compact started on line $1.Line auto-closed by $CurrentToken.Compact',
-    'Strategy_MakeWellFormed: Tag carryover' => '$1.Compact started on line $1.Line auto-continued into $CurrentToken.Compact',
-    'Strategy_MakeWellFormed: Stray end tag removed' => 'Stray $CurrentToken.Serialized tag removed',
-    'Strategy_MakeWellFormed: Stray end tag to text' => 'Stray $CurrentToken.Serialized tag converted to text',
-    'Strategy_MakeWellFormed: Tag closed by element end' => '$1.Compact tag started on line $1.Line closed by end of $CurrentToken.Serialized',
-    'Strategy_MakeWellFormed: Tag closed by document end' => '$1.Compact tag started on line $1.Line closed by end of document',
-    'Strategy_FixNesting: Node removed' => '$CurrentToken.Compact node removed',
-    'Strategy_FixNesting: Node excluded' => '$CurrentToken.Compact node removed due to descendant exclusion by ancestor element',
-    'Strategy_FixNesting: Node reorganized' => 'Contents of $CurrentToken.Compact node reorganized to enforce its content model',
-    'Strategy_FixNesting: Node contents removed' => 'Contents of $CurrentToken.Compact node removed',
-    'AttrValidator: Attributes transformed' => 'Attributes on $CurrentToken.Compact transformed from $1.Keys to $2.Keys',
-    'AttrValidator: Attribute removed' => '$CurrentAttr.Name attribute on $CurrentToken.Compact removed',
-);
-
-$errorNames = array(
-    E_ERROR => 'Error',
-    E_WARNING => 'Warning',
-    E_NOTICE => 'Notice'
-);
-
-// vim: et sw=4 sts=4
+<?php
+
+$fallback = false;
+
+$messages = array(
+
+    'HTMLPurifier' => 'HTML Purifier',
+// for unit testing purposes
+    'LanguageFactoryTest: Pizza' => 'Pizza',
+    'LanguageTest: List' => '$1',
+    'LanguageTest: Hash' => '$1.Keys; $1.Values',
+    'Item separator' => ', ',
+    'Item separator last' => ' and ', // non-Harvard style
+
+    'ErrorCollector: No errors' => 'No errors detected. However, because error reporting is still incomplete, there may have been errors that the error collector was not notified of; please inspect the output HTML carefully.',
+    'ErrorCollector: At line' => ' at line $line',
+    'ErrorCollector: Incidental errors' => 'Incidental errors',
+    'Lexer: Unclosed comment' => 'Unclosed comment',
+    'Lexer: Unescaped lt' => 'Unescaped less-than sign (<) should be &lt;',
+    'Lexer: Missing gt' => 'Missing greater-than sign (>), previous less-than sign (<) should be escaped',
+    'Lexer: Missing attribute key' => 'Attribute declaration has no key',
+    'Lexer: Missing end quote' => 'Attribute declaration has no end quote',
+    'Lexer: Extracted body' => 'Removed document metadata tags',
+    'Strategy_RemoveForeignElements: Tag transform' => '<$1> element transformed into $CurrentToken.Serialized',
+    'Strategy_RemoveForeignElements: Missing required attribute' => '$CurrentToken.Compact element missing required attribute $1',
+    'Strategy_RemoveForeignElements: Foreign element to text' => 'Unrecognized $CurrentToken.Serialized tag converted to text',
+    'Strategy_RemoveForeignElements: Foreign element removed' => 'Unrecognized $CurrentToken.Serialized tag removed',
+    'Strategy_RemoveForeignElements: Comment removed' => 'Comment containing "$CurrentToken.Data" removed',
+    'Strategy_RemoveForeignElements: Foreign meta element removed' => 'Unrecognized $CurrentToken.Serialized meta tag and all descendants removed',
+    'Strategy_RemoveForeignElements: Token removed to end' => 'Tags and text starting from $1 element where removed to end',
+    'Strategy_RemoveForeignElements: Trailing hyphen in comment removed' => 'Trailing hyphen(s) in comment removed',
+    'Strategy_RemoveForeignElements: Hyphens in comment collapsed' => 'Double hyphens in comments are not allowed, and were collapsed into single hyphens',
+    'Strategy_MakeWellFormed: Unnecessary end tag removed' => 'Unnecessary $CurrentToken.Serialized tag removed',
+    'Strategy_MakeWellFormed: Unnecessary end tag to text' => 'Unnecessary $CurrentToken.Serialized tag converted to text',
+    'Strategy_MakeWellFormed: Tag auto closed' => '$1.Compact started on line $1.Line auto-closed by $CurrentToken.Compact',
+    'Strategy_MakeWellFormed: Tag carryover' => '$1.Compact started on line $1.Line auto-continued into $CurrentToken.Compact',
+    'Strategy_MakeWellFormed: Stray end tag removed' => 'Stray $CurrentToken.Serialized tag removed',
+    'Strategy_MakeWellFormed: Stray end tag to text' => 'Stray $CurrentToken.Serialized tag converted to text',
+    'Strategy_MakeWellFormed: Tag closed by element end' => '$1.Compact tag started on line $1.Line closed by end of $CurrentToken.Serialized',
+    'Strategy_MakeWellFormed: Tag closed by document end' => '$1.Compact tag started on line $1.Line closed by end of document',
+    'Strategy_FixNesting: Node removed' => '$CurrentToken.Compact node removed',
+    'Strategy_FixNesting: Node excluded' => '$CurrentToken.Compact node removed due to descendant exclusion by ancestor element',
+    'Strategy_FixNesting: Node reorganized' => 'Contents of $CurrentToken.Compact node reorganized to enforce its content model',
+    'Strategy_FixNesting: Node contents removed' => 'Contents of $CurrentToken.Compact node removed',
+    'AttrValidator: Attributes transformed' => 'Attributes on $CurrentToken.Compact transformed from $1.Keys to $2.Keys',
+    'AttrValidator: Attribute removed' => '$CurrentAttr.Name attribute on $CurrentToken.Compact removed',
+);
+
+$errorNames = array(
+    E_ERROR => 'Error',
+    E_WARNING => 'Warning',
+    E_NOTICE => 'Notice'
+);
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
index 0b452d17f..72476ddf3 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Lexer/PH5P.php
@@ -1507,7 +1507,7 @@ class HTML5
                 $entity = $this->character($start, $this->char);
                 $cond = strlen($e_name) > 0;
 
-                // The rest of the parsing happens bellow.
+                // The rest of the parsing happens below.
                 break;
 
             // Anything else
@@ -1535,7 +1535,7 @@ class HTML5
                 }
 
                 $cond = isset($entity);
-                // The rest of the parsing happens bellow.
+                // The rest of the parsing happens below.
                 break;
         }
 
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php
index 549e4cea1..16acd4157 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer.php
@@ -1,218 +1,218 @@
-<?php
-
-// OUT OF DATE, NEEDS UPDATING!
-// USE XMLWRITER!
-
-class HTMLPurifier_Printer
-{
-
-    /**
-     * For HTML generation convenience funcs.
-     * @type HTMLPurifier_Generator
-     */
-    protected $generator;
-
-    /**
-     * For easy access.
-     * @type HTMLPurifier_Config
-     */
-    protected $config;
-
-    /**
-     * Initialize $generator.
-     */
-    public function __construct()
-    {
-    }
-
-    /**
-     * Give generator necessary configuration if possible
-     * @param HTMLPurifier_Config $config
-     */
-    public function prepareGenerator($config)
-    {
-        $all = $config->getAll();
-        $context = new HTMLPurifier_Context();
-        $this->generator = new HTMLPurifier_Generator($config, $context);
-    }
-
-    /**
-     * Main function that renders object or aspect of that object
-     * @note Parameters vary depending on printer
-     */
-    // function render() {}
-
-    /**
-     * Returns a start tag
-     * @param string $tag Tag name
-     * @param array $attr Attribute array
-     * @return string
-     */
-    protected function start($tag, $attr = array())
-    {
-        return $this->generator->generateFromToken(
-            new HTMLPurifier_Token_Start($tag, $attr ? $attr : array())
-        );
-    }
-
-    /**
-     * Returns an end tag
-     * @param string $tag Tag name
-     * @return string
-     */
-    protected function end($tag)
-    {
-        return $this->generator->generateFromToken(
-            new HTMLPurifier_Token_End($tag)
-        );
-    }
-
-    /**
-     * Prints a complete element with content inside
-     * @param string $tag Tag name
-     * @param string $contents Element contents
-     * @param array $attr Tag attributes
-     * @param bool $escape whether or not to escape contents
-     * @return string
-     */
-    protected function element($tag, $contents, $attr = array(), $escape = true)
-    {
-        return $this->start($tag, $attr) .
-            ($escape ? $this->escape($contents) : $contents) .
-            $this->end($tag);
-    }
-
-    /**
-     * @param string $tag
-     * @param array $attr
-     * @return string
-     */
-    protected function elementEmpty($tag, $attr = array())
-    {
-        return $this->generator->generateFromToken(
-            new HTMLPurifier_Token_Empty($tag, $attr)
-        );
-    }
-
-    /**
-     * @param string $text
-     * @return string
-     */
-    protected function text($text)
-    {
-        return $this->generator->generateFromToken(
-            new HTMLPurifier_Token_Text($text)
-        );
-    }
-
-    /**
-     * Prints a simple key/value row in a table.
-     * @param string $name Key
-     * @param mixed $value Value
-     * @return string
-     */
-    protected function row($name, $value)
-    {
-        if (is_bool($value)) {
-            $value = $value ? 'On' : 'Off';
-        }
-        return
-            $this->start('tr') . "\n" .
-            $this->element('th', $name) . "\n" .
-            $this->element('td', $value) . "\n" .
-            $this->end('tr');
-    }
-
-    /**
-     * Escapes a string for HTML output.
-     * @param string $string String to escape
-     * @return string
-     */
-    protected function escape($string)
-    {
-        $string = HTMLPurifier_Encoder::cleanUTF8($string);
-        $string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
-        return $string;
-    }
-
-    /**
-     * Takes a list of strings and turns them into a single list
-     * @param string[] $array List of strings
-     * @param bool $polite Bool whether or not to add an end before the last
-     * @return string
-     */
-    protected function listify($array, $polite = false)
-    {
-        if (empty($array)) {
-            return 'None';
-        }
-        $ret = '';
-        $i = count($array);
-        foreach ($array as $value) {
-            $i--;
-            $ret .= $value;
-            if ($i > 0 && !($polite && $i == 1)) {
-                $ret .= ', ';
-            }
-            if ($polite && $i == 1) {
-                $ret .= 'and ';
-            }
-        }
-        return $ret;
-    }
-
-    /**
-     * Retrieves the class of an object without prefixes, as well as metadata
-     * @param object $obj Object to determine class of
-     * @param string $sec_prefix Further prefix to remove
-     * @return string
-     */
-    protected function getClass($obj, $sec_prefix = '')
-    {
-        static $five = null;
-        if ($five === null) {
-            $five = version_compare(PHP_VERSION, '5', '>=');
-        }
-        $prefix = 'HTMLPurifier_' . $sec_prefix;
-        if (!$five) {
-            $prefix = strtolower($prefix);
-        }
-        $class = str_replace($prefix, '', get_class($obj));
-        $lclass = strtolower($class);
-        $class .= '(';
-        switch ($lclass) {
-            case 'enum':
-                $values = array();
-                foreach ($obj->valid_values as $value => $bool) {
-                    $values[] = $value;
-                }
-                $class .= implode(', ', $values);
-                break;
-            case 'css_composite':
-                $values = array();
-                foreach ($obj->defs as $def) {
-                    $values[] = $this->getClass($def, $sec_prefix);
-                }
-                $class .= implode(', ', $values);
-                break;
-            case 'css_multiple':
-                $class .= $this->getClass($obj->single, $sec_prefix) . ', ';
-                $class .= $obj->max;
-                break;
-            case 'css_denyelementdecorator':
-                $class .= $this->getClass($obj->def, $sec_prefix) . ', ';
-                $class .= $obj->element;
-                break;
-            case 'css_importantdecorator':
-                $class .= $this->getClass($obj->def, $sec_prefix);
-                if ($obj->allow) {
-                    $class .= ', !important';
-                }
-                break;
-        }
-        $class .= ')';
-        return $class;
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+// OUT OF DATE, NEEDS UPDATING!
+// USE XMLWRITER!
+
+class HTMLPurifier_Printer
+{
+
+    /**
+     * For HTML generation convenience funcs.
+     * @type HTMLPurifier_Generator
+     */
+    protected $generator;
+
+    /**
+     * For easy access.
+     * @type HTMLPurifier_Config
+     */
+    protected $config;
+
+    /**
+     * Initialize $generator.
+     */
+    public function __construct()
+    {
+    }
+
+    /**
+     * Give generator necessary configuration if possible
+     * @param HTMLPurifier_Config $config
+     */
+    public function prepareGenerator($config)
+    {
+        $all = $config->getAll();
+        $context = new HTMLPurifier_Context();
+        $this->generator = new HTMLPurifier_Generator($config, $context);
+    }
+
+    /**
+     * Main function that renders object or aspect of that object
+     * @note Parameters vary depending on printer
+     */
+    // function render() {}
+
+    /**
+     * Returns a start tag
+     * @param string $tag Tag name
+     * @param array $attr Attribute array
+     * @return string
+     */
+    protected function start($tag, $attr = array())
+    {
+        return $this->generator->generateFromToken(
+            new HTMLPurifier_Token_Start($tag, $attr ? $attr : array())
+        );
+    }
+
+    /**
+     * Returns an end tag
+     * @param string $tag Tag name
+     * @return string
+     */
+    protected function end($tag)
+    {
+        return $this->generator->generateFromToken(
+            new HTMLPurifier_Token_End($tag)
+        );
+    }
+
+    /**
+     * Prints a complete element with content inside
+     * @param string $tag Tag name
+     * @param string $contents Element contents
+     * @param array $attr Tag attributes
+     * @param bool $escape whether or not to escape contents
+     * @return string
+     */
+    protected function element($tag, $contents, $attr = array(), $escape = true)
+    {
+        return $this->start($tag, $attr) .
+            ($escape ? $this->escape($contents) : $contents) .
+            $this->end($tag);
+    }
+
+    /**
+     * @param string $tag
+     * @param array $attr
+     * @return string
+     */
+    protected function elementEmpty($tag, $attr = array())
+    {
+        return $this->generator->generateFromToken(
+            new HTMLPurifier_Token_Empty($tag, $attr)
+        );
+    }
+
+    /**
+     * @param string $text
+     * @return string
+     */
+    protected function text($text)
+    {
+        return $this->generator->generateFromToken(
+            new HTMLPurifier_Token_Text($text)
+        );
+    }
+
+    /**
+     * Prints a simple key/value row in a table.
+     * @param string $name Key
+     * @param mixed $value Value
+     * @return string
+     */
+    protected function row($name, $value)
+    {
+        if (is_bool($value)) {
+            $value = $value ? 'On' : 'Off';
+        }
+        return
+            $this->start('tr') . "\n" .
+            $this->element('th', $name) . "\n" .
+            $this->element('td', $value) . "\n" .
+            $this->end('tr');
+    }
+
+    /**
+     * Escapes a string for HTML output.
+     * @param string $string String to escape
+     * @return string
+     */
+    protected function escape($string)
+    {
+        $string = HTMLPurifier_Encoder::cleanUTF8($string);
+        $string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
+        return $string;
+    }
+
+    /**
+     * Takes a list of strings and turns them into a single list
+     * @param string[] $array List of strings
+     * @param bool $polite Bool whether or not to add an end before the last
+     * @return string
+     */
+    protected function listify($array, $polite = false)
+    {
+        if (empty($array)) {
+            return 'None';
+        }
+        $ret = '';
+        $i = count($array);
+        foreach ($array as $value) {
+            $i--;
+            $ret .= $value;
+            if ($i > 0 && !($polite && $i == 1)) {
+                $ret .= ', ';
+            }
+            if ($polite && $i == 1) {
+                $ret .= 'and ';
+            }
+        }
+        return $ret;
+    }
+
+    /**
+     * Retrieves the class of an object without prefixes, as well as metadata
+     * @param object $obj Object to determine class of
+     * @param string $sec_prefix Further prefix to remove
+     * @return string
+     */
+    protected function getClass($obj, $sec_prefix = '')
+    {
+        static $five = null;
+        if ($five === null) {
+            $five = version_compare(PHP_VERSION, '5', '>=');
+        }
+        $prefix = 'HTMLPurifier_' . $sec_prefix;
+        if (!$five) {
+            $prefix = strtolower($prefix);
+        }
+        $class = str_replace($prefix, '', get_class($obj));
+        $lclass = strtolower($class);
+        $class .= '(';
+        switch ($lclass) {
+            case 'enum':
+                $values = array();
+                foreach ($obj->valid_values as $value => $bool) {
+                    $values[] = $value;
+                }
+                $class .= implode(', ', $values);
+                break;
+            case 'css_composite':
+                $values = array();
+                foreach ($obj->defs as $def) {
+                    $values[] = $this->getClass($def, $sec_prefix);
+                }
+                $class .= implode(', ', $values);
+                break;
+            case 'css_multiple':
+                $class .= $this->getClass($obj->single, $sec_prefix) . ', ';
+                $class .= $obj->max;
+                break;
+            case 'css_denyelementdecorator':
+                $class .= $this->getClass($obj->def, $sec_prefix) . ', ';
+                $class .= $obj->element;
+                break;
+            case 'css_importantdecorator':
+                $class .= $this->getClass($obj->def, $sec_prefix);
+                if ($obj->allow) {
+                    $class .= ', !important';
+                }
+                break;
+        }
+        $class .= ')';
+        return $class;
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
index 29505fe12..afc8c18ab 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/CSSDefinition.php
@@ -1,44 +1,44 @@
-<?php
-
-class HTMLPurifier_Printer_CSSDefinition extends HTMLPurifier_Printer
-{
-    /**
-     * @type HTMLPurifier_CSSDefinition
-     */
-    protected $def;
-
-    /**
-     * @param HTMLPurifier_Config $config
-     * @return string
-     */
-    public function render($config)
-    {
-        $this->def = $config->getCSSDefinition();
-        $ret = '';
-
-        $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
-        $ret .= $this->start('table');
-
-        $ret .= $this->element('caption', 'Properties ($info)');
-
-        $ret .= $this->start('thead');
-        $ret .= $this->start('tr');
-        $ret .= $this->element('th', 'Property', array('class' => 'heavy'));
-        $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
-        $ret .= $this->end('tr');
-        $ret .= $this->end('thead');
-
-        ksort($this->def->info);
-        foreach ($this->def->info as $property => $obj) {
-            $name = $this->getClass($obj, 'AttrDef_');
-            $ret .= $this->row($property, $name);
-        }
-
-        $ret .= $this->end('table');
-        $ret .= $this->end('div');
-
-        return $ret;
-    }
-}
-
-// vim: et sw=4 sts=4
+<?php
+
+class HTMLPurifier_Printer_CSSDefinition extends HTMLPurifier_Printer
+{
+    /**
+     * @type HTMLPurifier_CSSDefinition
+     */
+    protected $def;
+
+    /**
+     * @param HTMLPurifier_Config $config
+     * @return string
+     */
+    public function render($config)
+    {
+        $this->def = $config->getCSSDefinition();
+        $ret = '';
+
+        $ret .= $this->start('div', array('class' => 'HTMLPurifier_Printer'));
+        $ret .= $this->start('table');
+
+        $ret .= $this->element('caption', 'Properties ($info)');
+
+        $ret .= $this->start('thead');
+        $ret .= $this->start('tr');
+        $ret .= $this->element('th', 'Property', array('class' => 'heavy'));
+        $ret .= $this->element('th', 'Definition', array('class' => 'heavy', 'style' => 'width:auto;'));
+        $ret .= $this->end('tr');
+        $ret .= $this->end('thead');
+
+        ksort($this->def->info);
+        foreach ($this->def->info as $property => $obj) {
+            $name = $this->getClass($obj, 'AttrDef_');
+            $ret .= $this->row($property, $name);
+        }
+
+        $ret .= $this->end('table');
+        $ret .= $this->end('div');
+
+        return $ret;
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css
index 3ff1a88aa..7af30fc3a 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.css
@@ -1,10 +1,10 @@
-
-.hp-config {}
-
-.hp-config tbody th {text-align:right; padding-right:0.5em;}
-.hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;}
-.hp-config .namespace th {text-align:center;}
-.hp-config .verbose {display:none;}
-.hp-config .controls {text-align:center;}
-
-/* vim: et sw=4 sts=4 */
+
+.hp-config {}
+
+.hp-config tbody th {text-align:right; padding-right:0.5em;}
+.hp-config thead, .hp-config .namespace {background:#3C578C; color:#FFF;}
+.hp-config .namespace th {text-align:center;}
+.hp-config .verbose {display:none;}
+.hp-config .controls {text-align:center;}
+
+/* vim: et sw=4 sts=4 */
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js
index cba00c9b8..83e065531 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.js
@@ -1,5 +1,5 @@
-function toggleWriteability(id_of_patient, checked) {
-    document.getElementById(id_of_patient).disabled = checked;
-}
-
-// vim: et sw=4 sts=4
+function toggleWriteability(id_of_patient, checked) {
+    document.getElementById(id_of_patient).disabled = checked;
+}
+
+// vim: et sw=4 sts=4
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php
index 65a777904..33ae11397 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/ConfigForm.php
@@ -48,7 +48,7 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
         $this->compress = $compress;
         // initialize sub-printers
         $this->fields[0] = new HTMLPurifier_Printer_ConfigForm_default();
-        $this->fields[HTMLPurifier_VarParser::BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
+        $this->fields[HTMLPurifier_VarParser::C_BOOL] = new HTMLPurifier_Printer_ConfigForm_bool();
     }
 
     /**
@@ -339,7 +339,7 @@ class HTMLPurifier_Printer_ConfigForm_default extends HTMLPurifier_Printer
                     $value = '';
             }
         }
-        if ($type === HTMLPurifier_VarParser::MIXED) {
+        if ($type === HTMLPurifier_VarParser::C_MIXED) {
             return 'Not supported';
             $value = serialize($value);
         }
diff --git a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
index 5f2f2f8a7..ae8639176 100644
--- a/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
+++ b/plugin/htmlpurifier/standalone/HTMLPurifier/Printer/HTMLDefinition.php
@@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
         $ret .= $this->element('caption', 'Doctype');
         $ret .= $this->row('Name', $doctype->name);
         $ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
-        $ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
-        $ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
+        $ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
+        $ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
         $ret .= $this->end('table');
         return $ret;
     }
diff --git a/plugin/kcaptcha/_common.php b/plugin/kcaptcha/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/kcaptcha/_common.php
+++ b/plugin/kcaptcha/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/kcaptcha/captcha.lib.php b/plugin/kcaptcha/captcha.lib.php
index a3c8d363d..bcb7a92a2 100644
--- a/plugin/kcaptcha/captcha.lib.php
+++ b/plugin/kcaptcha/captcha.lib.php
@@ -1,3 +1,2 @@
 <?php
-require(dirname(__FILE__).'/kcaptcha.lib.php');
-?>
\ No newline at end of file
+require(dirname(__FILE__).'/kcaptcha.lib.php');
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha.lib.php b/plugin/kcaptcha/kcaptcha.lib.php
index fc897b5a1..6354399b9 100644
--- a/plugin/kcaptcha/kcaptcha.lib.php
+++ b/plugin/kcaptcha/kcaptcha.lib.php
@@ -75,6 +75,8 @@ class KCAPTCHA{
         $odd=mt_rand(0,1);
         if($odd==0) $odd=-1;
         for($i=0;$i<$length;$i++){
+
+            if( ! isset($this->keystring[$i]) ) continue;
             $m=$font_metrics[$this->keystring[$i]];
 
             $y=(($i%2)*$fluctuation_amplitude - $fluctuation_amplitude/2)*$odd
@@ -240,7 +242,7 @@ function captcha_html($class="captcha")
     if(is_mobile())
         $class .= ' m_captcha';
 
-    $html .= "\n".'<script>var g5_captcha_url  = "'.G5_CAPTCHA_URL.'";</script>';
+    $html = "\n".'<script>var g5_captcha_url  = "'.G5_CAPTCHA_URL.'";</script>';
     //$html .= "\n".'<script>var g5_captcha_path = "'.G5_CAPTCHA_PATH.'";</script>';
     $html .= "\n".'<script src="'.G5_CAPTCHA_URL.'/kcaptcha.js"></script>';
     $html .= "\n".'<fieldset id="captcha" class="'.$class.'">';
@@ -279,5 +281,4 @@ function chk_captcha()
         return false;
     }
     return true;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha_config.php b/plugin/kcaptcha/kcaptcha_config.php
index cd42a3a46..eaae5440b 100644
--- a/plugin/kcaptcha/kcaptcha_config.php
+++ b/plugin/kcaptcha/kcaptcha_config.php
@@ -48,5 +48,4 @@ $background_color = array(255, 255, 255);
 # JPEG quality of CAPTCHA image (bigger is better quality, but larger file size)
 $jpeg_quality = 90;
 
-$wave = true;
-?>
\ No newline at end of file
+$wave = true;
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha_image.php b/plugin/kcaptcha/kcaptcha_image.php
index 05337e3f9..37bd3c205 100644
--- a/plugin/kcaptcha/kcaptcha_image.php
+++ b/plugin/kcaptcha/kcaptcha_image.php
@@ -5,5 +5,4 @@ include_once('captcha.lib.php');
 $captcha = new KCAPTCHA();
 $captcha->setKeyString(get_session("ss_captcha_key"));
 $captcha->getKeyString();
-$captcha->image();
-?>
\ No newline at end of file
+$captcha->image();
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha_mp3.php b/plugin/kcaptcha/kcaptcha_mp3.php
index 48b3744fe..67fa5c114 100644
--- a/plugin/kcaptcha/kcaptcha_mp3.php
+++ b/plugin/kcaptcha/kcaptcha_mp3.php
@@ -40,5 +40,4 @@ function make_mp3()
     return G5_DATA_URL.'/'.$mp3_file;
 }
 
-echo make_mp3();
-?>
\ No newline at end of file
+echo make_mp3();
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha_result.php b/plugin/kcaptcha/kcaptcha_result.php
index 97c184140..0487fac3f 100644
--- a/plugin/kcaptcha/kcaptcha_result.php
+++ b/plugin/kcaptcha/kcaptcha_result.php
@@ -2,11 +2,12 @@
 // 캡챠 세션값과 비교하여 맞는지? 틀린지? 결과값을 출력합니다.
 include_once("_common.php");
 
+$captcha_key = isset($_POST['captcha_key']) ? $_POST['captcha_key'] : '';
+
 $count = (int)get_session("ss_captcha_count");
 if ($count >= 5) { // 설정값 이상이면 자동등록방지 입력 문자가 맞아도 오류 처리
     echo false;
 } else {
     set_session("ss_captcha_count", $count + 1);
-    echo (get_session("ss_captcha_key") == $_POST['captcha_key']) ? true : false;
-}
-?>
\ No newline at end of file
+    echo (get_session("ss_captcha_key") === $captcha_key) ? true : false;
+}
\ No newline at end of file
diff --git a/plugin/kcaptcha/kcaptcha_session.php b/plugin/kcaptcha/kcaptcha_session.php
index 81ad7efbb..e2cb80362 100644
--- a/plugin/kcaptcha/kcaptcha_session.php
+++ b/plugin/kcaptcha/kcaptcha_session.php
@@ -6,7 +6,7 @@ include_once('captcha.lib.php');
 while(true){
     $keystring='';
     for($i=0;$i<$length;$i++){
-        $keystring.=$allowed_symbols{mt_rand(0,strlen($allowed_symbols)-1)};
+        $keystring.=$allowed_symbols[mt_rand(0,strlen($allowed_symbols)-1)];
     }
     if(!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) break;
 }
@@ -14,5 +14,4 @@ while(true){
 set_session("ss_captcha_count", 0);
 set_session("ss_captcha_key", $keystring);
 $captcha = new KCAPTCHA();
-$captcha->setKeyString(get_session("ss_captcha_key"));
-?>
\ No newline at end of file
+$captcha->setKeyString(get_session("ss_captcha_key"));
\ No newline at end of file
diff --git a/plugin/kcpcert/_common.php b/plugin/kcpcert/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/kcpcert/_common.php
+++ b/plugin/kcpcert/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/kcpcert/kcpcert_config.php b/plugin/kcpcert/kcpcert_config.php
index e03281bf3..37841e104 100644
--- a/plugin/kcpcert/kcpcert_config.php
+++ b/plugin/kcpcert/kcpcert_config.php
@@ -50,5 +50,4 @@ function f_get_parm_int( $val )
 
     return  $ret_val;
 }
-/* ============================================================================== */
-?>
\ No newline at end of file
+/* ============================================================================== */;
\ No newline at end of file
diff --git a/plugin/kcpcert/kcpcert_result.php b/plugin/kcpcert/kcpcert_result.php
index 49345f89c..111bbdc15 100644
--- a/plugin/kcpcert/kcpcert_result.php
+++ b/plugin/kcpcert/kcpcert_result.php
@@ -237,5 +237,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/kcpcert/lib/ct_cli_lib.php b/plugin/kcpcert/lib/ct_cli_lib.php
index bc29ad013..ffd54d3ca 100644
--- a/plugin/kcpcert/lib/ct_cli_lib.php
+++ b/plugin/kcpcert/lib/ct_cli_lib.php
@@ -109,17 +109,15 @@ class   C_CT_CLI
       if ( is_array( $arg[0] ) )  $arg = $arg[0];
 
       $exec_cmd = array_shift( $arg );
-
-      while ( list(,$i) = each($arg) )
-      {
-        // 일부서버의 경우 빈값일때 '' 결과가 넘어오지 않는 버그가 있다. kagla 150820
-        //$exec_cmd .= " " . escapeshellarg( $i );
-        $exec_cmd .= " " . ( escapeshellarg($i) ? escapeshellarg($i) : "''" );
-      }
+        
+        foreach($arg as $k => $i) {
+            // 일부서버의 경우 빈값일때 '' 결과가 넘어오지 않는 버그가 있다. kagla 150820
+            //$exec_cmd .= " " . escapeshellarg( $i );
+            $exec_cmd .= " " . ( escapeshellarg($i) ? escapeshellarg($i) : "''" );
+        }
 
       $rt = exec( $exec_cmd );
 
       return  $rt;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/lgxpay/AuthOnlyRes.php b/plugin/lgxpay/AuthOnlyRes.php
index c16bfa633..1e0a94489 100644
--- a/plugin/lgxpay/AuthOnlyRes.php
+++ b/plugin/lgxpay/AuthOnlyRes.php
@@ -223,5 +223,4 @@ jQuery(function($) {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/lgxpay/_common.php b/plugin/lgxpay/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/plugin/lgxpay/_common.php
+++ b/plugin/lgxpay/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/lgxpay/lgdacom/JSON.php b/plugin/lgxpay/lgdacom/JSON.php
index c4d7a067d..6af78c7ed 100644
--- a/plugin/lgxpay/lgdacom/JSON.php
+++ b/plugin/lgxpay/lgdacom/JSON.php
@@ -375,7 +375,7 @@ class Services_JSON
                 */
 
                 // treat as a JSON object
-                if (is_array($var) && count($var) && (array_keys($var) !== range(0, sizeof($var) - 1))) {
+                if (is_array($var) && count($var) && (array_keys($var) !== range(0, count($var) - 1))) {
                     $properties = array_map(array($this, 'name_value'),
                                             array_keys($var),
                                             array_values($var));
@@ -801,6 +801,4 @@ if (class_exists('PEAR_Error')) {
         }
     }
 
-}
-    
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/lgxpay/lgdacom/XPayClient.php b/plugin/lgxpay/lgdacom/XPayClient.php
index c83c74702..14b16c3e6 100644
--- a/plugin/lgxpay/lgdacom/XPayClient.php
+++ b/plugin/lgxpay/lgdacom/XPayClient.php
@@ -1,25 +1,26 @@
 <?php
 class XPayClient
 {
-	var $ch;
-	var $debug = false;
-	var	$bTest = false;
-	var $error_msg;
-	var $home_dir;
-	var $mode;
-	var $TX_ID;
-	var	$MID;
-	var $Auth_Code;
-	var $config;
-	var $Post = array();
-	var	$response_json;
-	var $response_array;
-	var $response_code;
-	var $response_msg;
-	var	$log_file;
-	var $err_label = array("FATAL","ERROR","WARN ","INFO ","DEBUG");
-	var $INFO = array("LGD_TXID","LGD_AUTHCODE","LGD_MID","LGD_OID","LGD_TXNAME","LGD_PAYKEY","LGD_RESPCODE","LGD_RESPMSG");
-	var $DEBUG = array("LGD_TXID","LGD_AUTHCODE","LGD_MID","LGD_TID","LGD_OID","LGD_PAYTYPE","LGD_PAYDATE","LGD_TXNAME","LGD_PAYKEY","LGD_RESPCODE","LGD_RESPMSG");
+	public $ch = null;
+	public $debug = false;
+	public $bTest = false;
+	public $error_msg = null;
+	public $home_dir = null;
+	public $mode = null;
+	public $TX_ID = null;
+	public $MID = null;
+	public $Auth_Code = null;
+	public $config = array();
+	public $Post = array();
+	public $response_json = null;
+	public $response_array = array();
+	public $response_code = null;
+	public $response_msg = null;
+	public $log_file  = null;
+	public $err_label = array("FATAL","ERROR","WARN ","INFO ","DEBUG");
+	public $INFO = array("LGD_TXID","LGD_AUTHCODE","LGD_MID","LGD_OID","LGD_TXNAME","LGD_PAYKEY","LGD_RESPCODE","LGD_RESPMSG");
+	public $DEBUG = array("LGD_TXID","LGD_AUTHCODE","LGD_MID","LGD_TID","LGD_OID","LGD_PAYTYPE","LGD_PAYDATE","LGD_TXNAME","LGD_PAYKEY","LGD_RESPCODE","LGD_RESPMSG");
+
 	function IsAcceptLog($ParamName,$LogLevel)
 	{
 	    if(LGD_LOG_DEBUG == $LogLevel)
@@ -32,7 +33,8 @@ class XPayClient
 		}
 	    return false;
 	}
-	function XPayClient($home_dir,$mode="real")
+
+	public function __construct($home_dir,$mode="real")
 	{
 		if(!function_exists('json_decode'))
 		{
@@ -232,7 +234,8 @@ class XPayClient
 	function Gen_TX_ID($MID)
 	{
 		$now = date("YmdHis");
-		$header = $MID . "-" . $this->config['server_id'] . $now;
+        $server_id = isset($this->config['server_id']) ? $this->config['server_id'] : '';
+		$header = $MID . "-" . $server_id . $now;
 		$tx_id = $header . sha1($header.$this->Get_Unique());
 		return $tx_id;
 	}
@@ -330,11 +333,11 @@ class XPayClient
 		$strReportMsg = "";
 		if ($bRollbackOnError) 
 		{
-			if ($this->config['auto_rollback'] == 0) $bRollbackOnError = false;
+			if (isset($this->config['auto_rollback']) && $this->config['auto_rollback'] == 0) $bRollbackOnError = false;
 		}
 		
-		if ($this->bTest) $url = $this->config['test_url'];
-		else $url = $this->config['url'];
+		if ($this->bTest) $url = isset($this->config['test_url']) ? $this->config['test_url'] : '';
+		else $url = isset($this->config['url']) ? $this->config['url'] : '';
 		
 		$Protocol = parse_url($url, PHP_URL_SCHEME);
 		if($Protocol == "") 
@@ -352,7 +355,8 @@ class XPayClient
 		}
 		if($bCheckURL == true)
 		{
-		    $result = $this->send_post_data($url, $this->Post, null, $this->config['timeout']);
+            $pay_timeout = isset($this->config['timeout']) ? (int) $this->config['timeout'] : 0;
+		    $result = $this->send_post_data($url, $this->Post, null, $pay_timeout);
 		}
 		else
 		{
@@ -578,8 +582,10 @@ class XPayClient
 	}
 	function Response($name, $index=0)
 	{
-		if ($this->config['output_UTF8'] == 1) return ($this->response_array["LGD_RESPONSE"][$index][$name]);
-		else return (iconv("utf-8", "euc-kr", $this->response_array["LGD_RESPONSE"][$index][$name]));
+        $response_val = isset($this->response_array["LGD_RESPONSE"][$index][$name]) ? $this->response_array["LGD_RESPONSE"][$index][$name] : '';
+
+		if ($this->config['output_UTF8'] == 1) return $response_val;
+		else return (iconv("utf-8", "euc-kr", $response_val));
 	}
 	function Log($msg, $level=LGD_LOG_FATAL)
 	{
@@ -996,10 +1002,9 @@ class XPayClient
 	*/
 	function pkcs5_unpad($text) 
 	{ 
-		$pad = ord($text{strlen($text)-1}); 
+		$pad = ord($text[strlen($text)-1]); 
 		if ($pad > strlen($text)) return false; 
 		if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; 
 		return substr($text, 0, -1 * $pad); 
 	}
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/lgxpay/lgdacom/XPayClient4DB.php b/plugin/lgxpay/lgdacom/XPayClient4DB.php
index b330656b1..5ca1a5847 100644
--- a/plugin/lgxpay/lgdacom/XPayClient4DB.php
+++ b/plugin/lgxpay/lgdacom/XPayClient4DB.php
@@ -1114,5 +1114,4 @@ class XPayClient
 		//close curl session and free up resources
 		curl_close($this->ch);
 	}
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/lgxpay/lgdacom/patch.php b/plugin/lgxpay/lgdacom/patch.php
index 176d74ce3..4036341f7 100644
--- a/plugin/lgxpay/lgdacom/patch.php
+++ b/plugin/lgxpay/lgdacom/patch.php
@@ -24,5 +24,4 @@
     $xpay = &new XPayClient($configPath, $CST_PLATFORM);
     $xpay->Init_TX($LGD_MID);
 
-    echo "patch result = ".$xpay->Patch("lgdacom.conf");
-?>
+    echo "patch result = ".$xpay->Patch("lgdacom.conf");
\ No newline at end of file
diff --git a/plugin/lgxpay/lgdacom/ping.php b/plugin/lgxpay/lgdacom/ping.php
index f441874e0..5a060a5ed 100644
--- a/plugin/lgxpay/lgdacom/ping.php
+++ b/plugin/lgxpay/lgdacom/ping.php
@@ -44,5 +44,4 @@
         echo "[TX_PING error] <br>";
         echo "response code = " . $xpay->Response_Code() . "<br>";
         echo "response msg = " . $xpay->Response_Msg() . "<p>";
-    }
-?>
+    }
\ No newline at end of file
diff --git a/plugin/lgxpay/returnurl.php b/plugin/lgxpay/returnurl.php
index b40e8940e..ef0f2e2a0 100644
--- a/plugin/lgxpay/returnurl.php
+++ b/plugin/lgxpay/returnurl.php
@@ -38,8 +38,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
 </head>
 <body onload="setLGDResult()">
 <?php
-  $LGD_RESPCODE = $_POST['LGD_RESPCODE'];
-  $LGD_RESPMSG 	= iconv("EUC-KR","UTF-8",$_POST['LGD_RESPMSG']);
+  $LGD_RESPCODE = isset($_POST['LGD_RESPCODE']) ? $_POST['LGD_RESPCODE'] : '';
+  $LGD_RESPMSG 	= isset($_POST['LGD_RESPMSG']) ? iconv("EUC-KR", "UTF-8", $_POST['LGD_RESPMSG']) : '';
   $LGD_AUTHONLYKEY		= "";	
   $LGD_PAYTYPE			= "";
 
@@ -51,7 +51,7 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
 	  $payReqMap['LGD_PAYTYPE'] 	= isset($_POST['LGD_PAYTYPE']) ? $_POST['LGD_PAYTYPE'] : '';
   }
   else{
-	  echo "LGD_RESPCODE:" + $LGD_RESPCODE + " ,LGD_RESPMSG:" + $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가
+	  echo "LGD_RESPCODE:" . $LGD_RESPCODE . " ,LGD_RESPMSG:" . $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가
   }
 ?>
 <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
diff --git a/plugin/okname/_common.php b/plugin/okname/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/okname/_common.php
+++ b/plugin/okname/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/okname/hpcert.config.php b/plugin/okname/hpcert.config.php
index 3ccdc0f15..b7040d406 100644
--- a/plugin/okname/hpcert.config.php
+++ b/plugin/okname/hpcert.config.php
@@ -80,5 +80,4 @@ if($config['cf_cert_use'] == 2) {
 // ########################################################################
 // # 리턴 URL 설정
 // ########################################################################
-$returnUrl = escapeshellarg(G5_OKNAME_URL.'/hpcert2.php');          // 본인인증 완료후 리턴될 URL (도메인 포함 full path)
-?>
\ No newline at end of file
+$returnUrl = escapeshellarg(G5_OKNAME_URL.'/hpcert2.php');          // 본인인증 완료후 리턴될 URL (도메인 포함 full path);
\ No newline at end of file
diff --git a/plugin/okname/hpcert1.php b/plugin/okname/hpcert1.php
index a0638ddc4..ece1187ab 100644
--- a/plugin/okname/hpcert1.php
+++ b/plugin/okname/hpcert1.php
@@ -91,5 +91,4 @@ if ($retcode == "B000") {
     echo ("<script>alert(\"$retcode\"); self.close();</script>");
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/okname/hpcert2.php b/plugin/okname/hpcert2.php
index 43c7fd96d..90cc0239d 100644
--- a/plugin/okname/hpcert2.php
+++ b/plugin/okname/hpcert2.php
@@ -23,13 +23,13 @@ require('./hpcert.config.php');
 /* 공통 리턴 항목 */
 //$idcfMbrComCd           =   $_REQUEST['idcf_mbr_com_cd'];      // 고객사코드
 $idcfMbrComCd           =   $memId;
-$hsCertSvcTxSeqno       =   $_REQUEST['hs_cert_svc_tx_seqno']; // 거래번호
-$rqstSiteNm             =   $_REQUEST['rqst_site_nm'];         // 접속도메인
-$hsCertRqstCausCd       =   $_REQUEST['hs_cert_rqst_caus_cd']; // 인증요청사유코드 2byte  (00:회원가입, 01:성인인증, 02:회원정보수정, 03:비밀번호찾기, 04:상품구매, 99:기타)
+$hsCertSvcTxSeqno       =   isset($_REQUEST['hs_cert_svc_tx_seqno']) ? $_REQUEST['hs_cert_svc_tx_seqno'] : ''; // 거래번호
+$rqstSiteNm             =   isset($_REQUEST['rqst_site_nm']) ? $_REQUEST['rqst_site_nm'] : '';         // 접속도메인
+$hsCertRqstCausCd       =   isset($_REQUEST['hs_cert_rqst_caus_cd']) ? $_REQUEST['hs_cert_rqst_caus_cd'] : ''; // 인증요청사유코드 2byte  (00:회원가입, 01:성인인증, 02:회원정보수정, 03:비밀번호찾기, 04:상품구매, 99:기타)
 
-$resultCd               =   $_REQUEST['result_cd'];            // 결과코드
-$resultMsg              =   $_REQUEST['result_msg'];           // 결과메세지
-$certDtTm               =   $_REQUEST['cert_dt_tm'];           // 인증일시
+$resultCd               =   isset($_REQUEST['result_cd']) ? $_REQUEST['result_cd'] : '';            // 결과코드
+$resultMsg              =   isset($_REQUEST['result_msg']) ? $_REQUEST['result_msg'] : '';           // 결과메세지
+$certDtTm               =   isset($_REQUEST['cert_dt_tm']) ? $_REQUEST['cert_dt_tm'] : '';           // 인증일시
 
 if($resultCd != 'B000') {
     alert_close('휴대폰 본인확인 중 오류가 발생했습니다. 오류코드 : '.$resultCd.'\\n\\n문의는 코리아크레딧뷰로 고객센터 02-708-1000 로 해주십시오.');
@@ -38,15 +38,15 @@ if($resultCd != 'B000') {
 /**************************************************************************
  * 모듈 호출    ; 생년월일 본인 확인서비스 결과 데이터를 복호화한다.
  **************************************************************************/
-$encInfo = $_REQUEST['encInfo'];
+$encInfo = isset($_REQUEST['encInfo']) ? $_REQUEST['encInfo'] : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $encInfo, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 //KCB서버 공개키
-$WEBPUBKEY = trim($_REQUEST['WEBPUBKEY']);
+$WEBPUBKEY = isset($_REQUEST['WEBPUBKEY']) ? trim($_REQUEST['WEBPUBKEY']) : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $WEBPUBKEY, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 //KCB서버 서명값
-$WEBSIGNATURE = trim($_REQUEST['WEBSIGNATURE']);
+$WEBSIGNATURE = isset($_REQUEST['WEBSIGNATURE']) ? trim($_REQUEST['WEBSIGNATURE']) : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $WEBSIGNATURE, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 // ########################################################################
@@ -154,5 +154,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/okname/ipin.config.php b/plugin/okname/ipin.config.php
index 10971f003..c07993ddf 100644
--- a/plugin/okname/ipin.config.php
+++ b/plugin/okname/ipin.config.php
@@ -41,5 +41,4 @@ $keypath = G5_OKNAME_PATH.'/key/okname.key';    // 키파일이 생성될 위치
 $memid = $cpCode;   // 회원사코드
 $reserved1 = '0';   //reserved1
 $reserved2 = '0';   //reserved2
-$logpath = G5_OKNAME_PATH.'/log';   // 로그파일을 남기는 경우 로그파일이 생성될 경로 option에 'L'이 포함된 경우에만 생성
-?>
\ No newline at end of file
+$logpath = G5_OKNAME_PATH.'/log';   // 로그파일을 남기는 경우 로그파일이 생성될 경로 option에 'L'이 포함된 경우에만 생성;
\ No newline at end of file
diff --git a/plugin/okname/ipin1.php b/plugin/okname/ipin1.php
index 3463aa9c0..f721527e5 100644
--- a/plugin/okname/ipin1.php
+++ b/plugin/okname/ipin1.php
@@ -65,5 +65,4 @@ document.kcbInForm.submit();
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/okname/ipin2.php b/plugin/okname/ipin2.php
index 30f664886..a916d1b82 100644
--- a/plugin/okname/ipin2.php
+++ b/plugin/okname/ipin2.php
@@ -14,15 +14,15 @@ foreach($check_arrays as $key){
 require('./ipin.config.php');
 
 //아이핀팝업에서 조회한 PERSONALINFO이다.
-@$encPsnlInfo = $_REQUEST["encPsnlInfo"];
+@$encPsnlInfo = isset($_REQUEST["encPsnlInfo"]) ? $_REQUEST["encPsnlInfo"] : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $encPsnlInfo, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 //KCB서버 공개키
-@$WEBPUBKEY = trim($_REQUEST["WEBPUBKEY"]);
+@$WEBPUBKEY = isset($_REQUEST["WEBPUBKEY"]) ? trim($_REQUEST["WEBPUBKEY"]) : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $WEBPUBKEY, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 //KCB서버 서명값
-@$WEBSIGNATURE = trim($_REQUEST["WEBSIGNATURE"]);
+@$WEBSIGNATURE = isset($_REQUEST["WEBSIGNATURE"]) ? trim($_REQUEST["WEBSIGNATURE"]) : '';
 if(preg_match('~[^0-9a-zA-Z+/=]~', $WEBSIGNATURE, $match)) {echo "입력 값 확인이 필요합니다"; exit;}
 
 //아이핀 서버와 통신을 위한 키파일 생성
@@ -120,5 +120,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/okname/key_dir_check.php b/plugin/okname/key_dir_check.php
index 91510820c..b17507682 100644
--- a/plugin/okname/key_dir_check.php
+++ b/plugin/okname/key_dir_check.php
@@ -21,5 +21,4 @@ if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
             alert_close($msg);
         }
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/recaptcha/_common.php b/plugin/recaptcha/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/recaptcha/_common.php
+++ b/plugin/recaptcha/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/recaptcha/captcha.lib.php b/plugin/recaptcha/captcha.lib.php
index e67ee596c..72aa0f93d 100644
--- a/plugin/recaptcha/captcha.lib.php
+++ b/plugin/recaptcha/captcha.lib.php
@@ -1,4 +1,3 @@
 <?php
 require_once(dirname(__FILE__).'/recaptcha.class.php');
-require_once(dirname(__FILE__).'/recaptcha.user.lib.php');
-?>
\ No newline at end of file
+require_once(dirname(__FILE__).'/recaptcha.user.lib.php');
\ No newline at end of file
diff --git a/plugin/recaptcha/recaptcha.class.php b/plugin/recaptcha/recaptcha.class.php
index 781c13d3c..44ee99373 100644
--- a/plugin/recaptcha/recaptcha.class.php
+++ b/plugin/recaptcha/recaptcha.class.php
@@ -143,5 +143,4 @@ class ReCaptcha_GNU
         }
         return $recaptchaResponse;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/recaptcha/recaptcha.user.lib.php b/plugin/recaptcha/recaptcha.user.lib.php
index 8a5c631ba..3796796d6 100644
--- a/plugin/recaptcha/recaptcha.user.lib.php
+++ b/plugin/recaptcha/recaptcha.user.lib.php
@@ -47,5 +47,4 @@ function chk_captcha(){
     }
 
     return false;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/recaptcha_inv/_common.php b/plugin/recaptcha_inv/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/plugin/recaptcha_inv/_common.php
+++ b/plugin/recaptcha_inv/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/recaptcha_inv/captcha.lib.php b/plugin/recaptcha_inv/captcha.lib.php
index 9eec82f03..84d4d8ca6 100644
--- a/plugin/recaptcha_inv/captcha.lib.php
+++ b/plugin/recaptcha_inv/captcha.lib.php
@@ -1,4 +1,3 @@
 <?php
 require_once(dirname(__FILE__).'/recaptcha.class.php');
-require_once(dirname(__FILE__).'/recaptcha.user.lib.php');
-?>
\ No newline at end of file
+require_once(dirname(__FILE__).'/recaptcha.user.lib.php');
\ No newline at end of file
diff --git a/plugin/recaptcha_inv/recaptcha.class.php b/plugin/recaptcha_inv/recaptcha.class.php
index 781c13d3c..44ee99373 100644
--- a/plugin/recaptcha_inv/recaptcha.class.php
+++ b/plugin/recaptcha_inv/recaptcha.class.php
@@ -143,5 +143,4 @@ class ReCaptcha_GNU
         }
         return $recaptchaResponse;
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/recaptcha_inv/recaptcha.user.lib.php b/plugin/recaptcha_inv/recaptcha.user.lib.php
index cd6e6bcc4..507254c49 100644
--- a/plugin/recaptcha_inv/recaptcha.user.lib.php
+++ b/plugin/recaptcha_inv/recaptcha.user.lib.php
@@ -48,5 +48,4 @@ function chk_captcha(){
     }
 
     return false;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/sms5/JSON.php b/plugin/sms5/JSON.php
index 8dc8a6f01..d2a9581c2 100644
--- a/plugin/sms5/JSON.php
+++ b/plugin/sms5/JSON.php
@@ -169,7 +169,7 @@ class Services_JSON
             return mb_convert_encoding($utf16, 'UTF-8', 'UTF-16');
         }
 
-        $bytes = (ord($utf16{0}) << 8) | ord($utf16{1});
+        $bytes = (ord($utf16[0]) << 8) | ord($utf16[1]);
 
         switch(true) {
             case ((0x7F & $bytes) == $bytes):
@@ -222,17 +222,17 @@ class Services_JSON
             case 2:
                 // return a UTF-16 character from a 2-byte UTF-8 char
                 // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
-                return chr(0x07 & (ord($utf8{0}) >> 2))
-                     . chr((0xC0 & (ord($utf8{0}) << 6))
-                         | (0x3F & ord($utf8{1})));
+                return chr(0x07 & (ord($utf8[0]) >> 2))
+                     . chr((0xC0 & (ord($utf8[0]) << 6))
+                         | (0x3F & ord($utf8[1])));
 
             case 3:
                 // return a UTF-16 character from a 3-byte UTF-8 char
                 // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
-                return chr((0xF0 & (ord($utf8{0}) << 4))
-                         | (0x0F & (ord($utf8{1}) >> 2)))
-                     . chr((0xC0 & (ord($utf8{1}) << 6))
-                         | (0x7F & ord($utf8{2})));
+                return chr((0xF0 & (ord($utf8[0]) << 4))
+                         | (0x0F & (ord($utf8[1]) >> 2)))
+                     . chr((0xC0 & (ord($utf8[1]) << 6))
+                         | (0x7F & ord($utf8[2])));
         }
 
         // ignoring UTF-32 for now, sorry
@@ -315,7 +315,7 @@ class Services_JSON
                 */
                 for ($c = 0; $c < $strlen_var; ++$c) {
 
-                    $ord_var_c = ord($var{$c});
+                    $ord_var_c = ord($var[$c]);
 
                     switch (true) {
                         case $ord_var_c == 0x08:
@@ -338,12 +338,12 @@ class Services_JSON
                         case $ord_var_c == 0x2F:
                         case $ord_var_c == 0x5C:
                             // double quote, slash, slosh
-                            $ascii .= '\\'.$var{$c};
+                            $ascii .= '\\'.$var[$c];
                             break;
 
                         case (($ord_var_c >= 0x20) && ($ord_var_c <= 0x7F)):
                             // characters U-00000000 - U-0000007F (same as ASCII)
-                            $ascii .= $var{$c};
+                            $ascii .= $var[$c];
                             break;
 
                         case (($ord_var_c & 0xE0) == 0xC0):
@@ -355,7 +355,7 @@ class Services_JSON
                                 break;
                             }
                             
-                            $char = pack('C*', $ord_var_c, ord($var{$c + 1}));
+                            $char = pack('C*', $ord_var_c, ord($var[$c + 1]));
                             $c += 1;
                             $utf16 = $this->utf82utf16($char);
                             $ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -370,8 +370,8 @@ class Services_JSON
                             // characters U-00000800 - U-0000FFFF, mask 1110XXXX
                             // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
                             $char = pack('C*', $ord_var_c,
-                                         @ord($var{$c + 1}),
-                                         @ord($var{$c + 2}));
+                                         @ord($var[$c + 1]),
+                                         @ord($var[$c + 2]));
                             $c += 2;
                             $utf16 = $this->utf82utf16($char);
                             $ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -386,9 +386,9 @@ class Services_JSON
                             // characters U-00010000 - U-001FFFFF, mask 11110XXX
                             // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
                             $char = pack('C*', $ord_var_c,
-                                         ord($var{$c + 1}),
-                                         ord($var{$c + 2}),
-                                         ord($var{$c + 3}));
+                                         ord($var[$c + 1]),
+                                         ord($var[$c + 2]),
+                                         ord($var[$c + 3]));
                             $c += 3;
                             $utf16 = $this->utf82utf16($char);
                             $ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -403,10 +403,10 @@ class Services_JSON
                                 break;
                             }
                             $char = pack('C*', $ord_var_c,
-                                         ord($var{$c + 1}),
-                                         ord($var{$c + 2}),
-                                         ord($var{$c + 3}),
-                                         ord($var{$c + 4}));
+                                         ord($var[$c + 1]),
+                                         ord($var[$c + 2]),
+                                         ord($var[$c + 3]),
+                                         ord($var[$c + 4]));
                             $c += 4;
                             $utf16 = $this->utf82utf16($char);
                             $ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -421,11 +421,11 @@ class Services_JSON
                             // characters U-04000000 - U-7FFFFFFF, mask 1111110X
                             // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
                             $char = pack('C*', $ord_var_c,
-                                         ord($var{$c + 1}),
-                                         ord($var{$c + 2}),
-                                         ord($var{$c + 3}),
-                                         ord($var{$c + 4}),
-                                         ord($var{$c + 5}));
+                                         ord($var[$c + 1]),
+                                         ord($var[$c + 2]),
+                                         ord($var[$c + 3]),
+                                         ord($var[$c + 4]),
+                                         ord($var[$c + 5]));
                             $c += 5;
                             $utf16 = $this->utf82utf16($char);
                             $ascii .= sprintf('\u%04s', bin2hex($utf16));
@@ -454,7 +454,7 @@ class Services_JSON
                 */
 
                 // treat as a JSON object
-                if (is_array($var) && count($var) && (array_keys($var) !== range(0, sizeof($var) - 1))) {
+                if (is_array($var) && count($var) && (array_keys($var) !== range(0, count($var) - 1))) {
                     $properties = array_map(array($this, 'name_value'),
                                             array_keys($var),
                                             array_values($var));
@@ -618,7 +618,7 @@ class Services_JSON
                     for ($c = 0; $c < $strlen_chrs; ++$c) {
 
                         $substr_chrs_c_2 = $this->substr8($chrs, $c, 2);
-                        $ord_chrs_c = ord($chrs{$c});
+                        $ord_chrs_c = ord($chrs[$c]);
 
                         switch (true) {
                             case $substr_chrs_c_2 == '\b':
@@ -648,7 +648,7 @@ class Services_JSON
                             case $substr_chrs_c_2 == '\\/':
                                 if (($delim == '"' && $substr_chrs_c_2 != '\\\'') ||
                                    ($delim == "'" && $substr_chrs_c_2 != '\\"')) {
-                                    $utf8 .= $chrs{++$c};
+                                    $utf8 .= $chrs[++$c];
                                 }
                                 break;
 
@@ -661,7 +661,7 @@ class Services_JSON
                                 break;
 
                             case ($ord_chrs_c >= 0x20) && ($ord_chrs_c <= 0x7F):
-                                $utf8 .= $chrs{$c};
+                                $utf8 .= $chrs[$c];
                                 break;
 
                             case ($ord_chrs_c & 0xE0) == 0xC0:
@@ -708,7 +708,7 @@ class Services_JSON
                 } elseif (preg_match('/^\[.*\]$/s', $str) || preg_match('/^\{.*\}$/s', $str)) {
                     // array, or object notation
 
-                    if ($str{0} == '[') {
+                    if ($str[0] == '[') {
                         $stk = array(SERVICES_JSON_IN_ARR);
                         $arr = array();
                     } else {
@@ -747,12 +747,12 @@ class Services_JSON
                         $top = end($stk);
                         $substr_chrs_c_2 = $this->substr8($chrs, $c, 2);
 
-                        if (($c == $strlen_chrs) || (($chrs{$c} == ',') && ($top['what'] == SERVICES_JSON_SLICE))) {
+                        if (($c == $strlen_chrs) || (($chrs[$c] == ',') && ($top['what'] == SERVICES_JSON_SLICE))) {
                             // found a comma that is not inside a string, array, etc.,
                             // OR we've reached the end of the character list
                             $slice = $this->substr8($chrs, $top['where'], ($c - $top['where']));
                             array_push($stk, array('what' => SERVICES_JSON_SLICE, 'where' => ($c + 1), 'delim' => false));
-                            //print("Found split at {$c}: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
+                            //print("Found split at [$c]: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
 
                             if (reset($stk) == SERVICES_JSON_IN_ARR) {
                                 // we are in an array, so just push an element onto the stack
@@ -788,48 +788,48 @@ class Services_JSON
 
                             }
 
-                        } elseif ((($chrs{$c} == '"') || ($chrs{$c} == "'")) && ($top['what'] != SERVICES_JSON_IN_STR)) {
+                        } elseif ((($chrs[$c] == '"') || ($chrs[$c] == "'")) && ($top['what'] != SERVICES_JSON_IN_STR)) {
                             // found a quote, and we are not inside a string
-                            array_push($stk, array('what' => SERVICES_JSON_IN_STR, 'where' => $c, 'delim' => $chrs{$c}));
-                            //print("Found start of string at {$c}\n");
+                            array_push($stk, array('what' => SERVICES_JSON_IN_STR, 'where' => $c, 'delim' => $chrs[$c]));
+                            //print("Found start of string at [$c]\n");
 
-                        } elseif (($chrs{$c} == $top['delim']) &&
+                        } elseif (($chrs[$c] == $top['delim']) &&
                                  ($top['what'] == SERVICES_JSON_IN_STR) &&
                                  (($this->strlen8($this->substr8($chrs, 0, $c)) - $this->strlen8(rtrim($this->substr8($chrs, 0, $c), '\\'))) % 2 != 1)) {
                             // found a quote, we're in a string, and it's not escaped
                             // we know that it's not escaped becase there is _not_ an
                             // odd number of backslashes at the end of the string so far
                             array_pop($stk);
-                            //print("Found end of string at {$c}: ".$this->substr8($chrs, $top['where'], (1 + 1 + $c - $top['where']))."\n");
+                            //print("Found end of string at [$c]: ".$this->substr8($chrs, $top['where'], (1 + 1 + $c - $top['where']))."\n");
 
-                        } elseif (($chrs{$c} == '[') &&
+                        } elseif (($chrs[$c] == '[') &&
                                  in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
                             // found a left-bracket, and we are in an array, object, or slice
                             array_push($stk, array('what' => SERVICES_JSON_IN_ARR, 'where' => $c, 'delim' => false));
-                            //print("Found start of array at {$c}\n");
+                            //print("Found start of array at [$c]\n");
 
-                        } elseif (($chrs{$c} == ']') && ($top['what'] == SERVICES_JSON_IN_ARR)) {
+                        } elseif (($chrs[$c] == ']') && ($top['what'] == SERVICES_JSON_IN_ARR)) {
                             // found a right-bracket, and we're in an array
                             array_pop($stk);
-                            //print("Found end of array at {$c}: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
+                            //print("Found end of array at [$c]: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
 
-                        } elseif (($chrs{$c} == '{') &&
+                        } elseif (($chrs[$c] == '{') &&
                                  in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
                             // found a left-brace, and we are in an array, object, or slice
                             array_push($stk, array('what' => SERVICES_JSON_IN_OBJ, 'where' => $c, 'delim' => false));
-                            //print("Found start of object at {$c}\n");
+                            //print("Found start of object at [$c]\n");
 
-                        } elseif (($chrs{$c} == '}') && ($top['what'] == SERVICES_JSON_IN_OBJ)) {
+                        } elseif (($chrs[$c] == '}') && ($top['what'] == SERVICES_JSON_IN_OBJ)) {
                             // found a right-brace, and we're in an object
                             array_pop($stk);
-                            //print("Found end of object at {$c}: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
+                            //print("Found end of object at [$c]: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
 
                         } elseif (($substr_chrs_c_2 == '/*') &&
                                  in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
                             // found a comment start, and we are in an array, object, or slice
                             array_push($stk, array('what' => SERVICES_JSON_IN_CMT, 'where' => $c, 'delim' => false));
                             $c++;
-                            //print("Found start of comment at {$c}\n");
+                            //print("Found start of comment at [$c]\n");
 
                         } elseif (($substr_chrs_c_2 == '*/') && ($top['what'] == SERVICES_JSON_IN_CMT)) {
                             // found a comment end, and we're in one now
@@ -839,7 +839,7 @@ class Services_JSON
                             for ($i = $top['where']; $i <= $c; ++$i)
                                 $chrs = substr_replace($chrs, ' ', $i, 1);
 
-                            //print("Found end of comment at {$c}: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
+                            //print("Found end of comment at [$c]: ".$this->substr8($chrs, $top['where'], (1 + $c - $top['where']))."\n");
 
                         }
 
diff --git a/plugin/sms5/_common.php b/plugin/sms5/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/sms5/_common.php
+++ b/plugin/sms5/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/sms5/ajax.sms_emoticon.php b/plugin/sms5/ajax.sms_emoticon.php
index 12d6431e8..6007718e0 100644
--- a/plugin/sms5/ajax.sms_emoticon.php
+++ b/plugin/sms5/ajax.sms_emoticon.php
@@ -13,13 +13,14 @@ $page_size = 9;
 
 if (!$page) $page = 1;
 
-if (is_numeric($fg_no)) 
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
+$sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
+
+if ($fg_no) 
     $sql_group = " and fg_no='$fg_no' ";
 else
     $sql_group = "";
 
-$sv = isset($sv) ? get_search_string($sv) : '';
-
 if ($st == 'all') {
     $sql_search = "and (fo_name like '%{$sv}%' or fo_content like '%{$sv}%')";
 } else if ($st == 'name') {
@@ -71,5 +72,4 @@ $arr_ajax_msg = array(
 'total_page'=>$total_page
 );
 
-die( json_encode($arr_ajax_msg) );
-?>
\ No newline at end of file
+die( json_encode($arr_ajax_msg) );
\ No newline at end of file
diff --git a/plugin/sms5/index.php b/plugin/sms5/index.php
index 087803eb5..8979053bd 100644
--- a/plugin/sms5/index.php
+++ b/plugin/sms5/index.php
@@ -7,5 +7,4 @@ include_once(G5_PATH.'/head.sub.php');
 
 include_once("./write.php");
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 2614223aa..e9a22330d 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -47,6 +47,12 @@ function sms5_sub_paging($write_pages, $cur_page, $total_page, $url, $add="", $s
         return "";
 }
 
+// php8 버전 호환 권한 검사 함수
+function ajax_auth_check_menu($auth, $sub_menu, $attr){
+    $check_auth = isset($auth[$sub_menu]) ? $auth[$sub_menu] : '';
+    return ajax_auth_check($check_auth, $attr);
+}
+
 // 권한 검사
 function ajax_auth_check($auth, $attr)
 {
@@ -92,7 +98,7 @@ if ( ! function_exists('get_hp')) {
         $hp = str_replace('-', '', trim($hp));
         $hp = preg_replace("/^(01[016789])([0-9]{3,4})([0-9]{4})$/", $preg, $hp);
 
-        if ($g5['sms5_demo'])
+        if (isset($g5['sms5_demo']) && $g5['sms5_demo'])
             $hp = '0100000000';
 
         return $hp;
@@ -167,7 +173,7 @@ if($config['cf_sms_type'] == 'LMS') {
         function Send() {
             global $g5;
 
-            if ($g5['sms5_demo_send']) {
+            if (isset($g5['sms5_demo_send']) && $g5['sms5_demo_send']) {
                 foreach($this->Data as $puts) {
                     if (rand(0,10)) {
                         $phone = substr($puts,26,11);
@@ -444,5 +450,4 @@ if($config['cf_sms_type'] == 'LMS') {
             return true;
         }
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/sns/_common.php b/plugin/sns/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/plugin/sns/_common.php
+++ b/plugin/sns/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/sns/twitter/_common.php b/plugin/sns/twitter/_common.php
index 28c56e92c..dcb0f2d67 100644
--- a/plugin/sns/twitter/_common.php
+++ b/plugin/sns/twitter/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once("../../../common.php");
-?>
\ No newline at end of file
+include_once("../../../common.php");
\ No newline at end of file
diff --git a/plugin/sns/twitter/callback.php b/plugin/sns/twitter/callback.php
index 688d4ede7..d78139b6d 100644
--- a/plugin/sns/twitter/callback.php
+++ b/plugin/sns/twitter/callback.php
@@ -84,5 +84,4 @@ EOT;
 
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/plugin/sns/view_comment_list.sns.skin.php b/plugin/sns/view_comment_list.sns.skin.php
index 9082eb1dc..d3df0a74d 100644
--- a/plugin/sns/view_comment_list.sns.skin.php
+++ b/plugin/sns/view_comment_list.sns.skin.php
@@ -12,4 +12,4 @@ if (!$board['bo_use_sns']) return;
 <?php } ?>
 <?php if ($list[$i]['wr_twitter_user']) { ?>
 <a href="https://www.twitter.com/<?php echo $list[$i]['wr_twitter_user']; ?>" target="_blank"><img src="<?php echo G5_SNS_URL; ?>/icon/twitter<?php echo $sns_mc_icon; ?>.png" alt="트위터에도 등록됨"></a>
-<?php } ?>
+<?php }
\ No newline at end of file
diff --git a/plugin/sns/view_comment_write.sns.skin.php b/plugin/sns/view_comment_write.sns.skin.php
index 2e03b4630..1d65b8e29 100644
--- a/plugin/sns/view_comment_write.sns.skin.php
+++ b/plugin/sns/view_comment_write.sns.skin.php
@@ -34,8 +34,10 @@ if ($config['cf_twitter_key']) {
             }
         }
         */
-        $access_token = $_SESSION['access_token'];
-        $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
+        $access_token = get_session('access_token');
+        $access_oauth_token = isset($access_token['oauth_token']) ? $access_token['oauth_token'] : '';
+        $access_oauth_token_secret = isset($access_token['oauth_token_secret']) ? $access_token['oauth_token_secret'] : '';
+        $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_oauth_token, $access_oauth_token_secret);
         $content = $connection->get('account/verify_credentials');
 
         switch ($connection->http_code) {
diff --git a/plugin/social/Hybrid/Auth.php b/plugin/social/Hybrid/Auth.php
index 5642b5091..a0fc3cdf5 100644
--- a/plugin/social/Hybrid/Auth.php
+++ b/plugin/social/Hybrid/Auth.php
@@ -21,7 +21,7 @@ class Hybrid_Auth {
 	 * Configuration array
 	 * @var array
 	 */
-	public static $config = array();
+	public static $config = array('providers'=>null);
 
 	/**
 	 * Auth cache
@@ -295,7 +295,7 @@ class Hybrid_Auth {
 	public static function getConnectedProviders() {
 		$idps = array();
 
-		foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) {
+		foreach ((array) Hybrid_Auth::$config["providers"] as $idpid => $params) {
 			if (Hybrid_Auth::isConnectedWith($idpid)) {
 				$idps[] = $idpid;
 			}
diff --git a/plugin/social/Hybrid/thirdparty/OAuth/OAuth.php b/plugin/social/Hybrid/thirdparty/OAuth/OAuth.php
index 876665fae..214784213 100644
--- a/plugin/social/Hybrid/thirdparty/OAuth/OAuth.php
+++ b/plugin/social/Hybrid/thirdparty/OAuth/OAuth.php
@@ -103,7 +103,7 @@ abstract class OAuthSignatureMethod {
     // Avoid a timing leak with a (hopefully) time insensitive compare
     $result = 0;
     for ($i = 0; $i < strlen($signature); $i++) {
-      $result |= ord($built{$i}) ^ ord($signature{$i});
+      $result |= ord($built[$i]) ^ ord($signature[$i]);
     }
 
     return $result == 0;
diff --git a/plugin/social/_common.php b/plugin/social/_common.php
index b8fbe2d80..673d5f2c5 100644
--- a/plugin/social/_common.php
+++ b/plugin/social/_common.php
@@ -4,5 +4,4 @@ include_once('../../common.php');
 // 커뮤니티 사용여부
 if(defined('G5_COMMUNITY_USE') && G5_COMMUNITY_USE === false) {
     define('_SHOP_', true);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/error.php b/plugin/social/error.php
index 13aa20acf..28a8b11ab 100644
--- a/plugin/social/error.php
+++ b/plugin/social/error.php
@@ -6,7 +6,7 @@ if (!defined('_GNUBOARD_')) exit;
 		<meta name="robots" content="NOINDEX, NOFOLLOW">
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
         <meta name="viewport" content="width=device-width,initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=yes">
-		<title>소셜 로그인 - <?php echo $provider; ?></title>
+		<title>소셜 로그인 - <?php echo isset($provider) ? $provider : ''; ?></title>
         <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
         <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
         <style>
@@ -28,7 +28,7 @@ if (!defined('_GNUBOARD_')) exit;
 	</head>
 	<body>
         <div class="error-container">
-            <h4>Error : <?php echo $code; ?></h4>
+            <h4>Error : <?php echo isset($code) ? $code : ''; ?></h4>
             <div class="alert alert-danger" role="alert">
               <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
               <span class="sr-only">Error:</span>
@@ -64,5 +64,4 @@ if (!defined('_GNUBOARD_')) exit;
     </script>
 </html>
 <?php
-die();
-?>
\ No newline at end of file
+die();
\ No newline at end of file
diff --git a/plugin/social/includes/functions.php b/plugin/social/includes/functions.php
index 09ba76af5..fb8b11c4e 100644
--- a/plugin/social/includes/functions.php
+++ b/plugin/social/includes/functions.php
@@ -86,7 +86,7 @@ function social_login_get_provider_adapter( $provider )
 		include_once G5_SOCIAL_LOGIN_PATH . "/Hybrid/Auth.php";
 	}
 
-    if( ! is_object($g5['hybrid_auth']) ){
+    if( ! (isset($g5['hybrid_auth']) && is_object($g5['hybrid_auth'])) ){
         $setting = social_build_provider_config($provider);
         $g5['hybrid_auth'] = new Hybrid_Auth( $setting );
     }
@@ -121,7 +121,7 @@ function social_before_join_check($url=''){
 
             $row = sql_fetch($sql);
 
-            if( $row['provider'] ){
+            if( isset($row['provider']) && $row['provider'] ){
                 $is_exist = true;
 
                 $time = time() - (86400 * (int) G5_SOCIAL_DELETE_DAY);
@@ -359,7 +359,7 @@ function social_extends_get_keys($provider){
                 );
     }
 
-    return $r[$provider];
+    return isset($r[$provider]) ? $r[$provider] : array();
 }
 
 function social_escape_request($request){
@@ -494,7 +494,7 @@ function social_check_login_before($p_service=''){
         {
             $get_error = social_get_error_msg( $e->getCode() );
 
-            if( is_object( $adapter ) ){
+            if( isset($adapter) && is_object( $adapter ) ){
                 $adapter->logout();
             }
 
@@ -1029,7 +1029,7 @@ function social_get_nonce($key=''){
 
         $setting = social_build_provider_config($key);
         try{
-            return sha1($setting['providers'][$key]['secret']);
+            return isset($setting['providers'][$key]['secret']) ? sha1($setting['providers'][$key]['secret']) : '';
         } catch(Exception $e) {
             return '';
         }
@@ -1060,5 +1060,4 @@ function social_nonce_is_valid( $nonce , $action = '' , $user='' , $provider = '
 function social_nonce_generate_hash( $action='' , $user='', $provider = '' ){
     $i = ceil( time() / ( social_get_nonce('d') / 2 ) );
     return md5( $i . $action . $user . social_get_nonce($provider) );
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/includes/g5_endpoint.php b/plugin/social/includes/g5_endpoint.php
index 0eda8063a..5a168a683 100644
--- a/plugin/social/includes/g5_endpoint.php
+++ b/plugin/social/includes/g5_endpoint.php
@@ -27,6 +27,4 @@ class G5_Hybrid_Authentication {
         G5_Hybrid_Endpoint::process();
     }
 
-}
-
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/includes/g5_endpoint_class.php b/plugin/social/includes/g5_endpoint_class.php
index 29c8f4304..95d085b8d 100644
--- a/plugin/social/includes/g5_endpoint_class.php
+++ b/plugin/social/includes/g5_endpoint_class.php
@@ -28,5 +28,4 @@ class G5_Hybrid_Endpoint extends Hybrid_Endpoint
         include_once(G5_SOCIAL_LOGIN_PATH.'/error.php');
         die();
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/includes/loading.php b/plugin/social/includes/loading.php
index 61a428427..df4f234db 100644
--- a/plugin/social/includes/loading.php
+++ b/plugin/social/includes/loading.php
@@ -64,5 +64,4 @@ if (!defined('_GNUBOARD_')) exit;
 	</body>
 </html>
 <?php
-die();
-?>
\ No newline at end of file
+die();
\ No newline at end of file
diff --git a/plugin/social/includes/providers.php b/plugin/social/includes/providers.php
index ce196085b..e3ec2d8be 100644
--- a/plugin/social/includes/providers.php
+++ b/plugin/social/includes/providers.php
@@ -239,6 +239,4 @@ $social_providers_config = array(
 
 		"cat"               => "misc",
 	),
-);
-
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/plugin/social/popup.php b/plugin/social/popup.php
index 4946df8be..eeb2a4e38 100644
--- a/plugin/social/popup.php
+++ b/plugin/social/popup.php
@@ -40,5 +40,4 @@ if( isset( $_REQUEST["redirect_to_idp"] ) ){
 } else {
     social_login_session_clear(1);
     social_return_from_provider_page( $provider_name, '', '', '', '' );
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/register_member.php b/plugin/social/register_member.php
index 60ec6ea8f..3c62ce00b 100644
--- a/plugin/social/register_member.php
+++ b/plugin/social/register_member.php
@@ -46,8 +46,8 @@ $login_action_url = G5_HTTPS_BBS_URL."/login_check.php";
 $req_nick = !isset($member['mb_nick_date']) || (isset($member['mb_nick_date']) && $member['mb_nick_date'] <= date("Y-m-d", G5_SERVER_TIME - ($config['cf_nick_modify'] * 86400)));
 $required = ($w=='') ? 'required' : '';
 $readonly = ($w=='u') ? 'readonly' : '';
+$login_url = '';
 
 include_once(get_social_skin_path().'/social_register_member.skin.php');
 
-include_once(G5_BBS_PATH.'/_tail.php');
-?>
+include_once(G5_BBS_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/plugin/social/register_member_update.php b/plugin/social/register_member_update.php
index 96e461773..abae98c45 100644
--- a/plugin/social/register_member_update.php
+++ b/plugin/social/register_member_update.php
@@ -21,12 +21,12 @@ if( ! $user_profile ){
 $is_exists_social_account = social_before_join_check(G5_URL);
 
 $sm_id = $user_profile->sid;
-$mb_id = trim($_POST['mb_id']);
-$mb_password    = trim($_POST['mb_password']);
-$mb_password_re = trim($_POST['mb_password_re']);
-$mb_nick        = trim(strip_tags($_POST['mb_nick']));
-$mb_email       = trim($_POST['mb_email']);
-$mb_name        = clean_xss_tags(trim(strip_tags($_POST['mb_name'])));
+$mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
+$mb_password    = isset($_POST['mb_password']) ? trim($_POST['mb_password']) : '';
+$mb_password_re = isset($_POST['mb_password_re']) ? trim($_POST['mb_password_re']) : '';
+$mb_nick        = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : '';
+$mb_email       = isset($_POST['mb_email']) ? trim($_POST['mb_email']) : '';
+$mb_name        = isset($_POST['mb_name']) ? clean_xss_tags(trim(strip_tags($_POST['mb_name']))) : '';
 $mb_email       = get_email_address($mb_email);
 
 // 이름, 닉네임에 utf-8 이외의 문자가 포함됐다면 오류
@@ -237,5 +237,4 @@ if($result) {
 
     alert('회원 가입 오류!', G5_URL );
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/social/unlink.php b/plugin/social/unlink.php
index 5d20bebe4..ca4b4cdfe 100644
--- a/plugin/social/unlink.php
+++ b/plugin/social/unlink.php
@@ -44,5 +44,4 @@ if( $row['mp_no'] ){
 
     die("{\"error\":\"잘못된 요청입니다.\"}");
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/plugin/syndi/_common.php b/plugin/syndi/_common.php
index 14553420b..03b90f3dd 100644
--- a/plugin/syndi/_common.php
+++ b/plugin/syndi/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/plugin/syndi/ping.php b/plugin/syndi/ping.php
index ff869b876..ea1e6cfd1 100644
--- a/plugin/syndi/ping.php
+++ b/plugin/syndi/ping.php
@@ -61,5 +61,4 @@ echo "<entry>\n";
     echo "<summary type=\"text\"><![CDATA[{$summary}]]></summary>\n";
     echo "<category term=\"{$bo_table}\" label=\"{$link_title}\" />\n";
 echo "</entry>\n";
-echo "</feed>";
-?>
\ No newline at end of file
+echo "</feed>";
\ No newline at end of file
diff --git a/shop.config.php b/shop.config.php
index 1d039ea59..f1b5c24fa 100644
--- a/shop.config.php
+++ b/shop.config.php
@@ -119,5 +119,4 @@ define('G5_OD_STATUS_FINISH'    , '배송완료');
 
 //==============================================================================
 // 쇼핑몰 필수 실행코드 모음 끝
-//==============================================================================
-?>
\ No newline at end of file
+//==============================================================================;
\ No newline at end of file
diff --git a/shop/_common.php b/shop/_common.php
index def0f8816..87fb3397c 100644
--- a/shop/_common.php
+++ b/shop/_common.php
@@ -17,5 +17,4 @@ if (isset($_REQUEST['sortodr']))  {
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/shop/_head.php b/shop/_head.php
index 96f125286..25f75085b 100644
--- a/shop/_head.php
+++ b/shop/_head.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 if(G5_IS_MOBILE)
     include_once(G5_MSHOP_PATH.'/shop.head.php');
 else
-    include_once(G5_SHOP_PATH.'/shop.head.php');
-?>
\ No newline at end of file
+    include_once(G5_SHOP_PATH.'/shop.head.php');
\ No newline at end of file
diff --git a/shop/_tail.php b/shop/_tail.php
index d2327ec8a..d183def66 100644
--- a/shop/_tail.php
+++ b/shop/_tail.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 if(G5_IS_MOBILE)
     include_once(G5_MSHOP_PATH.'/shop.tail.php');
 else
-    include_once(G5_SHOP_PATH.'/shop.tail.php');
-?>
\ No newline at end of file
+    include_once(G5_SHOP_PATH.'/shop.tail.php');
\ No newline at end of file
diff --git a/shop/ajax.action.php b/shop/ajax.action.php
index c7e5526bb..5c91f69c9 100644
--- a/shop/ajax.action.php
+++ b/shop/ajax.action.php
@@ -35,6 +35,7 @@ switch ($action) {
         cart_item_clean();
 
         $s_cart_id = get_session('ss_cart_id');
+        $it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
 
         // 장바구니 상품삭제
         $sql = " delete from {$g5['g5_shop_cart_table']}
@@ -72,14 +73,15 @@ switch ($action) {
             die(json_encode(array('error' => '상품을 구입할 수 있는 권한이 없습니다.')));
         }
 
-        $count = count($_POST['it_id']);
+        $count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
         if ($count < 1)
             die(json_encode(array('error' => '장바구니에 담을 상품을 선택하여 주십시오.')));
 
         $ct_count = 0;
         for($i=0; $i<$count; $i++) {
-            $it_id = $_POST['it_id'][$i];
-            $opt_count = count($_POST['io_id'][$it_id]);
+            $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+            $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0;
 
             // 상품정보
             $it = get_shop_item($it_id, false);
@@ -106,7 +108,8 @@ switch ($action) {
                 die(json_encode(array('error' => '상품의 선택옵션을 선택해 주십시오.')));
 
             for($k=0; $k<$opt_count; $k++) {
-                if ($_POST['ct_qty'][$it_id][$k] < 1)
+                $post_ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
+                if ($post_ct_qty < 1)
                     die(json_encode(array('error' => '수량은 1 이상 입력해 주십시오.')));
             }
 
@@ -118,8 +121,10 @@ switch ($action) {
             if($it['it_buy_min_qty'] || $it['it_buy_max_qty']) {
                 $sum_qty = 0;
                 for($k=0; $k<$opt_count; $k++) {
-                    if($_POST['io_type'][$it_id][$k] == 0)
-                        $sum_qty += $_POST['ct_qty'][$it_id][$k];
+                    if(isset($_POST['io_type'][$it_id][$k]) && $_POST['io_type'][$it_id][$k] == 0){
+                        $post_ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
+                        $sum_qty += $post_ct_qty;
+                    }
                 }
 
                 if($it['it_buy_min_qty'] > 0 && $sum_qty < $it['it_buy_min_qty'])
@@ -155,20 +160,21 @@ switch ($action) {
                         VALUES ";
 
             for($k=0; $k<$opt_count; $k++) {
-                $io_id = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]);
-                $io_type = preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]);
-                $io_value = $_POST['io_value'][$it_id][$k];
+                $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]) : '';
+                $io_type = isset($_POST['io_type'][$it_id][$k]) ? preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]) : '';
+                $io_value = isset($_POST['io_value'][$it_id][$k]) ? $_POST['io_value'][$it_id][$k] : '';
 
                 // 선택옵션정보가 존재하는데 선택된 옵션이 없으면 건너뜀
                 if($lst_count && $io_id == '')
                     continue;
-
+                
+                $opt_list_type_id_use = isset($opt_list[$io_type][$io_id]['use']) ? $opt_list[$io_type][$io_id]['use'] : '';
                 // 구매할 수 없는 옵션은 건너뜀
-                if($io_id && !$opt_list[$io_type][$io_id]['use'])
+                if($io_id && ! $opt_list_type_id_use)
                     continue;
 
-                $io_price = $opt_list[$io_type][$io_id]['price'];
-                $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+                $io_price = isset($opt_list[$io_type][$io_id]['price']) ? $opt_list[$io_type][$io_id]['price'] : 0;
+                $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
 
                 // 구매가격이 음수인지 체크
                 if($io_type) {
@@ -187,7 +193,7 @@ switch ($action) {
                               and io_id = '$io_id'
                               and ct_status = '쇼핑' ";
                 $row2 = sql_fetch($sql2);
-                if($row2['ct_id']) {
+                if(isset($row2['ct_id']) && $row2['ct_id']) {
                     // 재고체크
                     $tmp_ct_qty = $row2['ct_qty'];
                     if(!$io_id)
@@ -219,6 +225,8 @@ switch ($action) {
                     if($point < 0)
                         $point = 0;
                 }
+                
+                $ct_send_cost = 0;
 
                 // 배송비결제
                 if($it['it_sc_type'] == 1)
@@ -308,6 +316,8 @@ switch ($action) {
 
         break;
     case 'wish_update' :
+        
+        $it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
 
         if (!$is_member)
             die('회원 전용 서비스 입니다.');
@@ -318,14 +328,14 @@ switch ($action) {
         // 상품정보 체크
         $row = get_shop_item($it_id, true);
 
-        if(!$row['it_id'])
+        if(! (isset($row['it_id']) && $row['it_id']))
             die('상품정보가 존재하지 않습니다.');
 
         $sql = " select wi_id from {$g5['g5_shop_wish_table']}
                   where mb_id = '{$member['mb_id']}' and it_id = '$it_id' ";
         $row = sql_fetch($sql);
 
-        if (!$row['wi_id']) {
+        if (! (isset($row['wi_id']) && $row['wi_id'])) {
             $sql = " insert {$g5['g5_shop_wish_table']}
                         set mb_id = '{$member['mb_id']}',
                             it_id = '$it_id',
@@ -340,5 +350,4 @@ switch ($action) {
 
         break;
     default :
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/ajax.coupondownload.php b/shop/ajax.coupondownload.php
index 65a197e26..f903c3b2f 100644
--- a/shop/ajax.coupondownload.php
+++ b/shop/ajax.coupondownload.php
@@ -5,7 +5,7 @@ include_once(G5_LIB_PATH.'/json.lib.php');
 if(!$member['mb_id'])
     die(json_encode(array('error' => '회원 로그인 후 이용해 주십시오.')));
 
-$cz_id = preg_replace('#[^0-9]#', '', $_GET['cz_id']);
+$cz_id = isset($_GET['cz_id']) ? preg_replace('#[^0-9]#', '', $_GET['cz_id']) : 0;
 
 if(!$cz_id)
     die(json_encode(array('error' => '올바른 방법으로 이용해 주십시오.')));
@@ -66,5 +66,4 @@ if($result && $cp['cz_type'])
 // 다운로드 증가
 sql_query(" update {$g5['g5_shop_coupon_zone_table']} set cz_download = cz_download + 1 where cz_id = '$cz_id' ");
 
-die(json_encode(array('error' => '')));
-?>
\ No newline at end of file
+die(json_encode(array('error' => '')));
\ No newline at end of file
diff --git a/shop/ajax.list.php b/shop/ajax.list.php
index 94ed91997..22816a9c5 100644
--- a/shop/ajax.list.php
+++ b/shop/ajax.list.php
@@ -4,6 +4,8 @@ include_once(G5_LIB_PATH.'/json.lib.php');
 
 define('G5_IS_SHOP_AJAX_LIST', true);
 
+$ca_id = isset($_REQUEST['ca_id']) ? safe_replace_regex($_REQUEST['ca_id'], 'ca_id') : '';
+
 $data = array();
 
 $sql = " select *
@@ -74,5 +76,4 @@ $data['item']  = $content;
 $data['error'] = '';
 $data['page']  = $page;
 
-die(json_encode($data));
-?>
\ No newline at end of file
+die(json_encode($data));
\ No newline at end of file
diff --git a/shop/ajax.orderdatasave.php b/shop/ajax.orderdatasave.php
index 94db0832c..ece05e3b6 100644
--- a/shop/ajax.orderdatasave.php
+++ b/shop/ajax.orderdatasave.php
@@ -11,6 +11,8 @@ $sql = " delete from {$g5['g5_shop_order_data_table']} where dt_type = '1' and d
 sql_query($sql);
 */
 
+$od_settle_case = isset($_POST['od_settle_case']) ? clean_xss_tags($_POST['od_settle_case'], 1, 1) : '';
+
 if(isset($_POST['pp_id']) && $_POST['pp_id']) {
     $od_id   = get_session('ss_personalpay_id');
     $cart_id = 0;
@@ -65,5 +67,4 @@ $sql = " insert into {$g5['g5_shop_order_data_table']}
                 dt_time = '".G5_TIME_YMDHIS."' ";
 sql_query($sql);
 
-die('');
-?>
\ No newline at end of file
+die('');
\ No newline at end of file
diff --git a/shop/ajax.orderstock.php b/shop/ajax.orderstock.php
index 6e4eae453..ef685eac1 100644
--- a/shop/ajax.orderstock.php
+++ b/shop/ajax.orderstock.php
@@ -97,5 +97,4 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     }
 }
 
-die("");
-?>
\ No newline at end of file
+die("");
\ No newline at end of file
diff --git a/shop/bannerhit.php b/shop/bannerhit.php
index 140cf5a82..92a737b0d 100644
--- a/shop/bannerhit.php
+++ b/shop/bannerhit.php
@@ -1,7 +1,7 @@
 <?php
 include_once("./_common.php");
 
-$bn_id = (int) $bn_id;
+$bn_id = isset($_GET['bn_id']) ? (int) $_GET['bn_id'] : 0;
 
 $sql = " select bn_id, bn_url from {$g5['g5_shop_banner_table']} where bn_id = '$bn_id' ";
 $row = sql_fetch($sql);
@@ -20,5 +20,4 @@ if ($_COOKIE['ck_bn_id'] != $bn_id)
 
 $url = clean_xss_tags($row['bn_url']);
 
-goto_url($url);
-?>
+goto_url($url);
\ No newline at end of file
diff --git a/shop/cart.php b/shop/cart.php
index 739ad4860..78c2bba49 100644
--- a/shop/cart.php
+++ b/shop/cart.php
@@ -1,10 +1,13 @@
 <?php
 include_once('./_common.php');
+$naverpay_button_js = '';
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 
 // 보관기간이 지난 상품 삭제
 cart_item_clean();
 
+$sw_direct = isset($_REQUEST['sw_direct']) ? (int) $_REQUEST['sw_direct'] : 0;
+
 // cart id 설정
 set_cart_id($sw_direct);
 
@@ -65,6 +68,7 @@ include_once('./_head.php');
         <?php
         $tot_point = 0;
         $tot_sell_price = 0;
+        $send_cost = 0;
 
         // $s_cart_id 로 현재 장바구니 자료 쿼리
         $sql = " select a.ct_id,
@@ -309,5 +313,4 @@ function form_check(act) {
 <!-- } 장바구니 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/cartoption.php b/shop/cartoption.php
index c25d5e264..0194a2a5c 100644
--- a/shop/cartoption.php
+++ b/shop/cartoption.php
@@ -2,7 +2,7 @@
 include_once('./_common.php');
 
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
-$it_id  = preg_replace($pattern, '', $_POST['it_id']);
+$it_id  = isset($_POST['it_id']) ? preg_replace($pattern, '', $_POST['it_id']) : '';
 
 $sql = " select * from {$g5['g5_shop_item_table']} where it_id = '$it_id' and it_use = '1' ";
 $it = sql_fetch($sql);
diff --git a/shop/cartupdate.php b/shop/cartupdate.php
index 4508d75d9..d7b0bd235 100644
--- a/shop/cartupdate.php
+++ b/shop/cartupdate.php
@@ -6,6 +6,8 @@ include_once('./_common.php');
 // 보관기간이 지난 상품 삭제
 cart_item_clean();
 
+$sw_direct = (isset($_REQUEST['sw_direct']) && $_REQUEST['sw_direct']) ? 1 : 0;
+
 // cart id 설정
 set_cart_id($sw_direct);
 
@@ -21,6 +23,9 @@ if (!$tmp_cart_id)
 }
 
 $tmp_cart_id = preg_replace('/[^a-z0-9_\-]/i', '', $tmp_cart_id);
+$act = isset($_POST['act']) ? clean_xss_tags($_POST['act'], 1, 1) : '';
+$post_ct_chk = (isset($_POST['ct_chk']) && is_array($_POST['ct_chk'])) ? $_POST['ct_chk'] : array();
+$post_it_ids = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? $_POST['it_id'] : array();
 
 // 레벨(권한)이 상품구입 권한보다 작다면 상품을 구입할 수 없음.
 if ($member['mb_level'] < $default['de_level_sell'])
@@ -30,18 +35,20 @@ if ($member['mb_level'] < $default['de_level_sell'])
 
 if($act == "buy")
 {
-    if(!count($_POST['ct_chk']))
+    if(!count($post_ct_chk))
         alert("주문하실 상품을 하나이상 선택해 주십시오.");
 
     // 선택필드 초기화
     $sql = " update {$g5['g5_shop_cart_table']} set ct_select = '0' where od_id = '$tmp_cart_id' ";
     sql_query($sql);
 
-    $fldcnt = count($_POST['it_id']);
+    $fldcnt = count($post_it_ids);
     for($i=0; $i<$fldcnt; $i++) {
-        $ct_chk = $_POST['ct_chk'][$i];
+        $ct_chk = isset($post_ct_chk[$i]) ? 1 : 0;
         if($ct_chk) {
-            $it_id = $_POST['it_id'][$i];
+            $it_id = isset($post_it_ids[$i]) ? safe_replace_regex($post_it_ids[$i], 'it_id') : '';
+            
+            if( !$it_id ) continue;
 
             // 본인인증, 성인인증체크
             if(!$is_admin) {
@@ -108,39 +115,49 @@ else if ($act == "alldelete") // 모두 삭제이면
 }
 else if ($act == "seldelete") // 선택삭제
 {
-    if(!count($_POST['ct_chk']))
+    if(!count($post_ct_chk))
         alert("삭제하실 상품을 하나이상 선택해 주십시오.");
 
-    $fldcnt = count($_POST['it_id']);
+    $fldcnt = count($post_it_ids);
     for($i=0; $i<$fldcnt; $i++) {
-        $ct_chk = $_POST['ct_chk'][$i];
+        $ct_chk = isset($post_ct_chk[$i]) ? 1 : 0;
         if($ct_chk) {
-            $it_id = $_POST['it_id'][$i];
-            $sql = " delete from {$g5['g5_shop_cart_table']} where it_id = '$it_id' and od_id = '$tmp_cart_id' ";
-            sql_query($sql);
+            $it_id = isset($post_it_ids[$i]) ? safe_replace_regex($post_it_ids[$i], 'it_id') : '';
+            if( $it_id ){
+                $sql = " delete from {$g5['g5_shop_cart_table']} where it_id = '$it_id' and od_id = '$tmp_cart_id' ";
+                sql_query($sql);
+            }
         }
     }
 }
 else // 장바구니에 담기
 {
-    $count = count($_POST['it_id']);
+    $count = count($post_it_ids);
     if ($count < 1)
         alert('장바구니에 담을 상품을 선택하여 주십시오.');
 
     $ct_count = 0;
+    $post_chk_it_id = (isset($_POST['chk_it_id']) && is_array($_POST['chk_it_id'])) ? $_POST['chk_it_id'] : array();
+    $post_io_ids = (isset($_POST['io_id']) && is_array($_POST['io_id'])) ? $_POST['io_id'] : array();
+    $post_io_types = (isset($_POST['io_type']) && is_array($_POST['io_type'])) ? $_POST['io_type'] : array();
+    $post_ct_qtys = (isset($_POST['ct_qty']) && is_array($_POST['ct_qty'])) ? $_POST['ct_qty'] : array();
+
     for($i=0; $i<$count; $i++) {
         // 보관함의 상품을 담을 때 체크되지 않은 상품 건너뜀
-        if($act == 'multi' && !$_POST['chk_it_id'][$i])
+        if($act == 'multi' && ! (isset($post_chk_it_id[$i]) && $post_chk_it_id[$i]))
             continue;
 
-        $it_id = $_POST['it_id'][$i];
-        $opt_count = count($_POST['io_id'][$it_id]);
+        $it_id = isset($post_it_ids[$i]) ? safe_replace_regex($post_it_ids[$i], 'it_id') : '';
 
-        if($opt_count && $_POST['io_type'][$it_id][0] != 0)
+        if( !$it_id ) continue;
+
+        $opt_count = (isset($post_io_ids[$it_id]) && is_array($post_io_ids[$it_id])) ? count($post_io_ids[$it_id]) : 0;
+
+        if($opt_count && isset($post_io_types[$it_id][0]) && $post_io_types[$it_id][0] != 0)
             alert('상품의 선택옵션을 선택해 주십시오.');
 
         for($k=0; $k<$opt_count; $k++) {
-            if ($_POST['ct_qty'][$it_id][$k] < 1)
+            if (isset($post_ct_qtys[$it_id][$k]) && $post_ct_qtys[$it_id][$k] < 1)
                 alert('수량은 1 이상 입력해 주십시오.');
         }
 
@@ -213,9 +230,9 @@ else // 장바구니에 담기
         // 이미 주문폼에 있는 같은 상품의 수량합계를 구한다.
         if($sw_direct) {
             for($k=0; $k<$opt_count; $k++) {
-                $io_id = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]);
-                $io_type = preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]);
-                $io_value = $_POST['io_value'][$it_id][$k];
+                $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]) : '';
+                $io_type = isset($_POST['io_type'][$it_id][$k]) ? preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]) : '';
+                $io_value = isset($_POST['io_value'][$it_id][$k]) ? $_POST['io_value'][$it_id][$k] : '';
 
                 $sql = " select SUM(ct_qty) as cnt from {$g5['g5_shop_cart_table']}
                           where od_id <> '$tmp_cart_id'
@@ -229,7 +246,7 @@ else // 장바구니에 담기
                 $sum_qty = $row['cnt'];
 
                 // 재고 구함
-                $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+                $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
                 if(!$io_id)
                     $it_stock_qty = get_it_stock_qty($it_id);
                 else
@@ -264,9 +281,9 @@ else // 장바구니에 담기
                     VALUES ";
 
         for($k=0; $k<$opt_count; $k++) {
-            $io_id = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]);
-            $io_type = preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]);
-            $io_value = $_POST['io_value'][$it_id][$k];
+            $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]) : '';
+            $io_type = isset($_POST['io_type'][$it_id][$k]) ? preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]) : '';
+            $io_value = isset($_POST['io_value'][$it_id][$k]) ? $_POST['io_value'][$it_id][$k] : '';
 
             // 선택옵션정보가 존재하는데 선택된 옵션이 없으면 건너뜀
             if($lst_count && $io_id == '')
@@ -276,8 +293,8 @@ else // 장바구니에 담기
             if($io_id && !$opt_list[$io_type][$io_id]['use'])
                 continue;
 
-            $io_price = $opt_list[$io_type][$io_id]['price'];
-            $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+            $io_price = isset($opt_list[$io_type][$io_id]['price']) ? $opt_list[$io_type][$io_id]['price'] : 0;
+            $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
 
             // 구매가격이 음수인지 체크
             if($io_type) {
@@ -296,7 +313,7 @@ else // 장바구니에 담기
                           and io_id = '$io_id'
                           and ct_status = '쇼핑' ";
             $row2 = sql_fetch($sql2);
-            if($row2['ct_id']) {
+            if(isset($row2['ct_id']) && $row2['ct_id']) {
                 // 재고체크
                 $tmp_ct_qty = $row2['ct_qty'];
                 if(!$io_id)
@@ -328,6 +345,8 @@ else // 장바구니에 담기
                 if($point < 0)
                     $point = 0;
             }
+            
+            $ct_send_cost = 0;
 
             // 배송비결제
             if($it['it_sc_type'] == 1)
@@ -363,5 +382,4 @@ if ($sw_direct)
 else
 {
     goto_url(G5_SHOP_URL.'/cart.php');
-}
-?>
+}
\ No newline at end of file
diff --git a/shop/coupon.php b/shop/coupon.php
index 76f3d1317..89a0ab5ec 100644
--- a/shop/coupon.php
+++ b/shop/coupon.php
@@ -82,5 +82,4 @@ $result = sql_query($sql);
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/couponzone.php b/shop/couponzone.php
index b485fe7ce..e2acf75d5 100644
--- a/shop/couponzone.php
+++ b/shop/couponzone.php
@@ -30,5 +30,4 @@ if (is_file($skin_file)) {
     echo '<div class="sct_nofile">'.str_replace(G5_PATH.'/', '', $skin_file).' 파일을 찾을 수 없습니다.<br>관리자에게 알려주시면 감사하겠습니다.</div>';
 }
 
-include_once(G5_SHOP_PATH.'/_tail.php');
-?>
+include_once(G5_SHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/shop/event.php b/shop/event.php
index 788a46150..b56c68a52 100644
--- a/shop/event.php
+++ b/shop/event.php
@@ -1,7 +1,9 @@
 <?php
 include_once('./_common.php');
 
-$ev_id = (int) $ev_id;
+$ev_id = isset($_GET['ev_id']) ? (int) $_GET['ev_id'] : 0;
+$skin = isset($_GET['skin']) ? clean_xss_tags($_GET['skin'], 1, 1) : '';
+$ca_id = isset($_GET['ca_id']) ? clean_xss_tags($_GET['ca_id'], 1, 1) : '';
 
 // 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
 if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
@@ -17,7 +19,7 @@ $sql = " select * from {$g5['g5_shop_event_table']}
           where ev_id = '$ev_id'
             and ev_use = 1 ";
 $ev = sql_fetch($sql);
-if (!$ev['ev_id'])
+if (! (isset($ev['ev_id']) && $ev['ev_id']))
     alert('등록된 이벤트가 없습니다.');
 
 $g5['title'] = $ev['ev_subject'];
@@ -115,5 +117,4 @@ if (file_exists($timg))
 <!-- } 이벤트 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/index.php b/shop/index.php
index 84052144b..ff2fa2c58 100644
--- a/shop/index.php
+++ b/shop/index.php
@@ -132,5 +132,4 @@ $(function(){
 <?php } ?>
 
 <?php
-include_once(G5_SHOP_PATH.'/shop.tail.php');
-?>
\ No newline at end of file
+include_once(G5_SHOP_PATH.'/shop.tail.php');
\ No newline at end of file
diff --git a/shop/inicis/_common.php b/shop/inicis/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/shop/inicis/_common.php
+++ b/shop/inicis/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/inicis/escrow.register.php b/shop/inicis/escrow.register.php
index 01a804d57..33c1ae801 100644
--- a/shop/inicis/escrow.register.php
+++ b/shop/inicis/escrow.register.php
@@ -111,5 +111,4 @@ $inipay->startAction();
  $resultCode = $inipay->GetResult("ResultCode");     // 결과코드 ("00"이면 지불 성공)
  $resultMsg  = $inipay->GetResult("ResultMsg");          // 결과내용 (지불결과에 대한 설명)
  $dlv_date   = $inipay->GetResult("DLV_Date");
- $dlv_time   = $inipay->GetResult("DLV_Time");
-?>
\ No newline at end of file
+ $dlv_time   = $inipay->GetResult("DLV_Time");
\ No newline at end of file
diff --git a/shop/inicis/inipay_cancel.php b/shop/inicis/inipay_cancel.php
index 74ee4d167..094fcc538 100644
--- a/shop/inicis/inipay_cancel.php
+++ b/shop/inicis/inipay_cancel.php
@@ -60,5 +60,4 @@ if($cancelFlag == "true")
     {
         $inipay->MakeTXErrMsg(MERCHANT_DB_ERR,"Merchant DB FAIL");
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/inistdpay_result.php b/shop/inicis/inistdpay_result.php
index 0f0e31e36..2f850ee51 100644
--- a/shop/inicis/inistdpay_result.php
+++ b/shop/inicis/inistdpay_result.php
@@ -124,19 +124,19 @@ try {
                 $app_time   = $resultMap['applDate'].$resultMap['applTime'];
                 $pay_method = $resultMap['payMethod'];
                 $pay_type   = $PAY_METHOD[$pay_method];
-                $depositor  = $resultMap['VACT_InputName'];
+                $depositor  = isset($resultMap['VACT_InputName']) ? $resultMap['VACT_InputName'] : '';
                 $commid     = '';
-                $mobile_no  = $resultMap['HPP_Num'];
-                $app_no     = $resultMap['applNum'];
-                $card_name  = $CARD_CODE[$resultMap['CARD_Code']];
+                $mobile_no  = isset($resultMap['HPP_Num']) ? $resultMap['HPP_Num'] : '';
+                $app_no     = isset($resultMap['applNum']) ? $resultMap['applNum'] : '';
+                $card_name  = isset($resultMap['CARD_Code']) ? $CARD_CODE[$resultMap['CARD_Code']] : '';
                 switch($pay_type) {
                     case '계좌이체':
-                        $bank_name = $BANK_CODE[$resultMap['ACCT_BankCode']];
+                        $bank_name = isset($BANK_CODE[$resultMap['ACCT_BankCode']]) ? $BANK_CODE[$resultMap['ACCT_BankCode']] : '';
                         if ($default['de_escrow_use'] == 1)
                             $escw_yn         = 'Y';
                         break;
                     case '가상계좌':
-                        $bankname  = $BANK_CODE[$resultMap['VACT_BankCode']];
+                        $bankname  = isset($BANK_CODE[$resultMap['VACT_BankCode']]) ? $BANK_CODE[$resultMap['VACT_BankCode']] : '';
                         $account   = $resultMap['VACT_Num'].' '.$resultMap['VACT_Name'];
                         $app_no    = $resultMap['VACT_Num'];
                         if ($default['de_escrow_use'] == 1)
@@ -211,5 +211,4 @@ try {
 
 if( !$inicis_pay_result ){
     die("<br><br>결제 에러가 일어났습니다. 에러 이유는 위와 같습니다.");
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/inistdpay_return.php b/shop/inicis/inistdpay_return.php
index 0606c3ff1..f76af7b13 100644
--- a/shop/inicis/inistdpay_return.php
+++ b/shop/inicis/inistdpay_return.php
@@ -74,5 +74,4 @@ if(isset($data['pp_id']) && $data['pp_id']) {   //개인결제
     $od_send_cost2 = (int) $_POST['od_send_cost2'];
 
     include_once(G5_SHOP_PATH.'/orderformupdate.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/CreateIdModule.php b/shop/inicis/libs/CreateIdModule.php
index 7cedf2102..10bc2d0d3 100644
--- a/shop/inicis/libs/CreateIdModule.php
+++ b/shop/inicis/libs/CreateIdModule.php
@@ -96,25 +96,4 @@ class CreateIdModule {
         return $strNum;
     }
 
-}
-?>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/HttpClient.php b/shop/inicis/libs/HttpClient.php
index d40c8e3f2..2799437cf 100644
--- a/shop/inicis/libs/HttpClient.php
+++ b/shop/inicis/libs/HttpClient.php
@@ -144,6 +144,4 @@ class HttpClient {
         return $this->body;
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INICls.php b/shop/inicis/libs/INICls.php
index 1214805d2..1909cd8c8 100644
--- a/shop/inicis/libs/INICls.php
+++ b/shop/inicis/libs/INICls.php
@@ -15,56 +15,61 @@ require_once ( "INIXml.php" );
 /* ----------------------------------------------------- */
 extract($_POST);
 extract($_GET);
+
+$paymethod = isset($paymethod) ? preg_replace('/[^0-9a-z_\-]/i', '', $paymethod) : '';
+
 switch ($paymethod) {
-    case(Card):    // 신용카드
+    case('Card'):    // 신용카드
         $pgid = "CARD";
         break;
-    case(Account):   // 은행 계좌 이체
+    case('Account'):   // 은행 계좌 이체
         $pgid = "ACCT";
         break;
-    case(DirectBank): // 실시간 계좌 이체
+    case('DirectBank'): // 실시간 계좌 이체
         $pgid = "DBNK";
         break;
-    case(OCBPoint):  // OCB
+    case('OCBPoint'):  // OCB
         $pgid = "OCBP";
         break;
-    case(VCard):    // ISP 결제
+    case('VCard'):    // ISP 결제
         $pgid = "ISP_";
         break;
-    case(HPP):     // 휴대폰 결제
+    case('HPP'):     // 휴대폰 결제
         $pgid = "HPP_";
         break;
-    case(ArsBill):   // 700 전화결제
+    case('ArsBill'):   // 700 전화결제
         $pgid = "ARSB";
         break;
-    case(PhoneBill):  // PhoneBill 결제(받는 전화)
+    case('PhoneBill'):  // PhoneBill 결제(받는 전화)
         $pgid = "PHNB";
         break;
-    case(Ars1588Bill):// 1588 전화결제
+    case('Ars1588Bill'):// 1588 전화결제
         $pgid = "1588";
         break;
-    case(VBank):    // 가상계좌 이체
+    case('VBank'):    // 가상계좌 이체
         $pgid = "VBNK";
         break;
-    case(Culture):   // 문화상품권 결제
+    case('Culture'):   // 문화상품권 결제
         $pgid = "CULT";
         break;
-    case(CMS):     // CMS 결제
+    case('CMS'):     // CMS 결제
         $pgid = "CMS_";
         break;
-    case(AUTH):    // 신용카드 유효성 검사
+    case('AUTH'):    // 신용카드 유효성 검사
         $pgid = "AUTH";
         break;
-    case(INIcard):   // 네티머니 결제
+    case('INIcard'):   // 네티머니 결제
         $pgid = "INIC";
         break;
-    case(MDX):     // 몬덱스카드
+    case('MDX'):     // 몬덱스카드
         $pgid = "MDX_";
         break;
     default:         // 상기 지불수단 외 추가되는 지불수단의 경우 기본으로 paymethod가 4자리로 넘어온다.
         $pgid = $paymethod;
 }
 
+$quotainterest = isset($quotainterest) ? $quotainterest : '';
+
 if ($quotainterest == "1") {
     $interest = "(무이자할부)";
 }
@@ -78,7 +83,7 @@ function Base64Encode($str) {
 }
 
 function GetMicroTime() {
-    list($usec, $sec) = explode(" ", microtime(true));
+    list($usec, $sec) = explode(" ", microtime());
     return (float) $usec + (float) $sec;
 }
 
@@ -110,11 +115,11 @@ class INILog {
         $this->debug_msg = array("", "CRITICAL", "ERROR", "NOTICE", "4", "INFO", "6", "DEBUG", "8");
         $this->debug_mode = $request["debug"];
         $this->type = $request["type"];
-        $this->log = $request["log"];
+        $this->log = isset($request["log"]) ? $request["log"] : '';
         $this->homedir = $request["inipayhome"];
         $this->mid = $request["mid"];
         $this->starttime = GetMicroTime();
-        $this->mergelog = $request["mergelog"];
+        $this->mergelog = isset($request["mergelog"]) ? $request["mergelog"] : '';
     }
 
     function StartLog() {
@@ -272,7 +277,7 @@ class INIData {
             $this->m_sCmd = CMD_REQ_PAY;
             $this->m_sCrypto = FLAG_CRYPTO_3DES;
         }
-        $this->m_sPayMethod = $this->m_REQUEST["paymethod"];
+        $this->m_sPayMethod = isset($this->m_REQUEST["paymethod"]) ? $this->m_REQUEST["paymethod"] : '';
 
         $this->m_TXVersion = sprintf("%-6.6s", VERSION) .
                 sprintf("B%-8.8s", BUILDDATE) .
@@ -511,15 +516,21 @@ class INIData {
               $PD = $xml->add_node($CS,		TX_CSHR_SUBSERVICEPRICE1, $this->m_REQUEST[""]		);
              */
         } else if ($this->m_Type == TYPE_CANCEL) {
+            $cancelcode = isset($this->m_REQUEST["cancelcode"]) ? $this->m_REQUEST["cancelcode"] : '';
+
             $CI = $xml->add_node("", CANCELINFO);
             $CD = $xml->add_node($CI, TX_CANCELTID, $this->m_REQUEST["tid"]);
             $CD = $xml->add_node($CI, TX_CANCELMSG, $this->m_REQUEST["cancelmsg"], array("urlencode" => "1"));
-            $CD = $xml->add_node($CI, TX_CANCELREASON, $this->m_REQUEST["cancelcode"]);
+            $CD = $xml->add_node($CI, TX_CANCELREASON, $cancelcode);
             
+            $node_racctnum = isset($this->m_REQUEST["racctnum"]) ? $this->m_REQUEST["racctnum"] : '';
+            $node_rbankcode = isset($this->m_REQUEST["rbankcode"]) ? $this->m_REQUEST["rbankcode"] : '';
+            $node_racctname = isset($this->m_REQUEST["racctname"]) ? $this->m_REQUEST["racctname"] : '';
+
             //휴대폰 익월환불 추가
-            $CD = $xml->add_node($CI, TX_REFUNDACCTNUM, $this->m_REQUEST["racctnum"]);
-            $CD = $xml->add_node($CI, TX_REFUNDBANKCODE, $this->m_REQUEST["rbankcode"]);
-            $CD = $xml->add_node($CI, TX_REFUNDACCTNAME, $this->m_REQUEST["racctname"], array("urlencode" => "1"));
+            $CD = $xml->add_node($CI, TX_REFUNDACCTNUM, $node_racctnum);
+            $CD = $xml->add_node($CI, TX_REFUNDBANKCODE, $node_rbankcode);
+            $CD = $xml->add_node($CI, TX_REFUNDACCTNAME, $node_racctname, array("urlencode" => "1"));
             
             $this->AddUserDefinedEntity(CANCELINFO, "", $xml, $CI);
         } else if ($this->m_Type == TYPE_REPAY) {
@@ -644,10 +655,13 @@ class INIData {
         $this->m_sHead .= sprintf("%20s", $this->m_TXPGPubSN);
         $this->m_sHead .= sprintf("%4s", $this->m_sCmd);
         $this->m_sHead .= sprintf("%10s", $this->m_REQUEST["mid"]);
-        if ($this->m_Type == TYPE_RECEIPT)
-            $this->m_sHead .= sprintf("%20s", $this->m_REQUEST["cr_price"]);
-        else
-            $this->m_sHead .= sprintf("%20s", $this->m_REQUEST["price"]);
+        if ($this->m_Type == TYPE_RECEIPT) {
+            $cr_price = isset($this->m_REQUEST["cr_price"]) ? $this->m_REQUEST["cr_price"] : 0;
+            $this->m_sHead .= sprintf("%20s", $cr_price);
+        } else {
+            $price = isset($this->m_REQUEST["price"]) ? $this->m_REQUEST["price"] : 0;
+            $this->m_sHead .= sprintf("%20s", $price);
+        }
         $this->m_sHead .= sprintf("%40s", $this->m_REQUEST["tid"]);
 
         $this->m_sMsg = $this->m_sHead . $this->m_sBody . $this->m_sTail;
@@ -699,24 +713,27 @@ class INIData {
             //GoodsInfo
             //장바구니 기능 추가(2010.04.13)
             //==goodscnt가 없을 경우(장바구니 기능이 아닐경우) 기본 값 1로 설정
-            $tGoodCnt = ($this->m_REQUEST["goodscnt"] != null && (int) $this->m_REQUEST["goodscnt"] > 0 ) ? $this->m_REQUEST["goodscnt"] : 1;
+            $tGoodCnt = (isset($this->m_REQUEST["goodscnt"]) && (int) $this->m_REQUEST["goodscnt"] > 0 ) ? $this->m_REQUEST["goodscnt"] : 1;
+
+            $request_oid = isset($this->m_REQUEST["oid"]) ? $this->m_REQUEST["oid"] : '';
+            $request_taxfree = isset($this->m_REQUEST["taxfree"]) ? $this->m_REQUEST["taxfree"] : '';
 
             $GI = $xml->add_node($root, GOODSINFO);
             //장바구니 기능 추가(2010.04.13) 
             //==TX_GOOSCNT는  $tGoodCnt로 부터 입력
             //$GP = $xml->add_node($GI,		TX_GOOSCNT, 		"1"															);
             $GP = $xml->add_node($GI, TX_GOOSCNT, $tGoodCnt);
-            $GP = $xml->add_node($GI, TX_MOID, $this->m_REQUEST["oid"], array("urlencode" => "1"));
+            $GP = $xml->add_node($GI, TX_MOID, $request_oid, array("urlencode" => "1"));
             $GP = $xml->add_node($GI, TX_CURRENCY, $this->m_REQUEST["currency"]);
             $GP = $xml->add_node($GI, TX_TAX, $this->m_REQUEST["tax"]);
-            $GP = $xml->add_node($GI, TX_TAXFREE, $this->m_REQUEST["taxfree"]);
+            $GP = $xml->add_node($GI, TX_TAXFREE, $request_taxfree);
             $this->AddUserDefinedEntity(GOODSINFO, "", $xml, $GI);
 
             //장바구니 기능 추가(2010.04.13) [START]
             //==장바구니 XML 전문 추가
             $iGoodCnt = 1;
             while ($iGoodCnt <= $tGoodCnt) {
-                if ($this->m_REQUEST["smid_" . $iGoodCnt] != "" && strlen($this->m_REQUEST["smid_" . $iGoodCnt]) > 0) {
+                if (isset($this->m_REQUEST["smid_" . $iGoodCnt]) && strlen($this->m_REQUEST["smid_" . $iGoodCnt]) > 0) {
                     $GS = $xml->add_node($GI, GOODS);
                     $GD = $xml->add_node($GS, TX_SMID, $this->m_REQUEST["smid_" . $iGoodCnt]);
                     $GD = $xml->add_node($GS, TX_GOODSNAME, $this->m_REQUEST["goodsname_" . $iGoodCnt], array("urlencode" => "1"));
@@ -739,6 +756,16 @@ class INIData {
                 $iGoodCnt++;
             }
             //장바구니 기능 추가(2010.04.13) [END]
+            
+            $request_parentemail = isset($this->m_REQUEST["parentemail"]) ? $this->m_REQUEST["parentemail"] : '';
+            $request_recvname = isset($this->m_REQUEST["recvname"]) ? $this->m_REQUEST["recvname"] : '';
+            $request_recvtel = isset($this->m_REQUEST["recvtel"]) ? $this->m_REQUEST["recvtel"] : '';
+            $request_recvmsg = isset($this->m_REQUEST["recvmsg"]) ? $this->m_REQUEST["recvmsg"] : '';
+            $request_recvaddr = isset($this->m_REQUEST["recvaddr"]) ? $this->m_REQUEST["recvaddr"] : '';
+            $request_recvpostnum = isset($this->m_REQUEST["recvpostnum"]) ? $this->m_REQUEST["recvpostnum"] : '';
+            $request_joincard = isset($this->m_REQUEST["joincard"]) ? $this->m_REQUEST["joincard"] : '';
+            $request_joinexpire = isset($this->m_REQUEST["joinexpire"]) ? $this->m_REQUEST["joinexpire"] : '';
+            $request_mailorder = isset($this->m_REQUEST["mailorder"]) ? $this->m_REQUEST["mailorder"] : '';
 
             $this->AddUserDefinedEntity(GOODSINFO, GOODS, $xml, $GS);
             //BuyerInfo
@@ -746,20 +773,20 @@ class INIData {
             $BP = $xml->add_node($BI, TX_BUYERNAME, $this->m_REQUEST["buyername"], array("urlencode" => "1"));
             $BP = $xml->add_node($BI, TX_BUYERTEL, $this->m_REQUEST["buyertel"]);
             $BP = $xml->add_node($BI, TX_BUYEREMAIL, $this->m_REQUEST["buyeremail"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_PARENTEMAIL, $this->m_REQUEST["parentemail"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_RECVNAME, $this->m_REQUEST["recvname"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_RECVTEL, $this->m_REQUEST["recvtel"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_RECVMSG, $this->m_REQUEST["recvmsg"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_RECVADDR, $this->m_REQUEST["recvaddr"], array("urlencode" => "1"));
-            $BP = $xml->add_node($BI, TX_RECVPOSTNUM, $this->m_REQUEST["recvpostnum"], array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_PARENTEMAIL, $request_parentemail, array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_RECVNAME, $request_recvname, array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_RECVTEL, $request_recvtel, array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_RECVMSG, $request_recvmsg, array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_RECVADDR, $request_recvaddr, array("urlencode" => "1"));
+            $BP = $xml->add_node($BI, TX_RECVPOSTNUM, $request_recvpostnum, array("urlencode" => "1"));
             $this->AddUserDefinedEntity(BUYERINFO, "", $xml, $BI);
             //PaymentInfo
             $PI = $xml->add_node($root, PAYMENTINFO);
             $PM = $xml->add_node($PI, PAYMENT);
             $PD = $xml->add_node($PM, TX_PAYMETHOD, $this->m_REQUEST["paymethod"]);
-            $PD = $xml->add_node($PM, TX_JOINCARD, $this->m_REQUEST["joincard"]);
-            $PD = $xml->add_node($PM, TX_JOINEXPIRE, $this->m_REQUEST["joinexpire"]);
-            $PD = $xml->add_node($PM, TX_MAILORDER, $this->m_REQUEST["mailorder"]);
+            $PD = $xml->add_node($PM, TX_JOINCARD, $request_joincard);
+            $PD = $xml->add_node($PM, TX_JOINEXPIRE, $request_joinexpire);
+            $PD = $xml->add_node($PM, TX_MAILORDER, $request_mailorder);
             if ($this->m_Type == TYPE_SECUREPAY) {
                 $PD = $xml->add_node($PM, TX_SESSIONKEY, $this->m_REQUEST["sessionkey"]);
                 $PD = $xml->add_node($PM, TX_ENCRYPTED, $this->m_REQUEST["encrypted"], array("urlencode" => "1"));
@@ -841,30 +868,39 @@ class INIData {
             }
             //장바구니 기능 추가(2010.04.13) [END]
             $this->AddUserDefinedEntity(OPENSUBINFO, "", $xml, $OI);
-        }        
+        }
+
+        $node_mreserved1 = isset($this->m_REQUEST["mreserved1"]) ? $this->m_REQUEST["mreserved1"] : '';
+        $node_mreserved2 = isset($this->m_REQUEST["mreserved2"]) ? $this->m_REQUEST["mreserved2"] : '';
+        $node_mreserved3 = isset($this->m_REQUEST["mreserved3"]) ? $this->m_REQUEST["mreserved3"] : '';
+        $node_language = isset($this->m_REQUEST["language"]) ? $this->m_REQUEST["language"] : '';
+        $node_url = isset($this->m_REQUEST["url"]) ? $this->m_REQUEST["url"] : '';
+        $node_id_customer = isset($this->m_REQUEST["id_customer"]) ? $this->m_REQUEST["id_customer"] : '';
+        $node_id_regnum = isset($this->m_REQUEST["id_regnum"]) ? $this->m_REQUEST["id_regnum"] : '';
+
         //ReservedInfo
         $RI = $xml->add_node($root, RESERVEDINFO);
-        $RD = $xml->add_node($RI, TX_MRESERVED1, $this->m_REQUEST["mreserved1"]);
-        $RD = $xml->add_node($RI, TX_MRESERVED2, $this->m_REQUEST["mreserved2"]);
-        $RD = $xml->add_node($RI, TX_MRESERVED3, $this->m_REQUEST["mreserved3"]);
+        $RD = $xml->add_node($RI, TX_MRESERVED1, $node_mreserved1);
+        $RD = $xml->add_node($RI, TX_MRESERVED2, $node_mreserved2);
+        $RD = $xml->add_node($RI, TX_MRESERVED3, $node_mreserved3);
         $this->AddUserDefinedEntity(RESERVEDINFO, "", $xml, $RI);
 
         //ManageInfo
         $MI = $xml->add_node($root, MANAGEINFO);
-        $MD = $xml->add_node($MI, TX_LANGUAGE, $this->m_REQUEST["language"]);
-        $MD = $xml->add_node($MI, TX_URL, $this->m_REQUEST["url"], array("urlencode" => "1"));
+        $MD = $xml->add_node($MI, TX_LANGUAGE, $node_language);
+        $MD = $xml->add_node($MI, TX_URL, $node_url, array("urlencode" => "1"));
         $MD = $xml->add_node($MI, TX_TXVERSION, $this->m_TXVersion);
         //delete UIP(2009.01.21)
         //$MD = $xml->add_node($MI, 	TX_TXUSERIP,  	$this->m_REQUEST["uip"]     		);
-        $MD = $xml->add_node($MI, TX_TXUSERID, $this->m_REQUEST["id_customer"], array("urlencode" => "1"));
-        $MD = $xml->add_node($MI, TX_TXREGNUM, $this->m_REQUEST["id_regnum"]);
+        $MD = $xml->add_node($MI, TX_TXUSERID, $node_id_customer, array("urlencode" => "1"));
+        $MD = $xml->add_node($MI, TX_TXREGNUM, $node_id_regnum);
 
         //Ack, rn
         if ($this->m_Type == TYPE_SECUREPAY || $this->m_Type == TYPE_OCBSAVE ||
                 $this->m_Type == TYPE_FORMPAY || $this->m_Type == TYPE_RECEIPT
         ) {
             $MD = $xml->add_node($MI, TX_ACK, "1");
-            if ($this->m_REQUEST["rn"] != "")
+            if (isset($this->m_REQUEST["rn"]) && $this->m_REQUEST["rn"])
                 $MD = $xml->add_node($MI, TX_RN, $this->m_REQUEST["rn"]);
         }
         $this->AddUserDefinedEntity(MANAGEINFO, "", $xml, $MI);
@@ -908,7 +944,7 @@ class INIData {
         $this->m_Xml = $xml->xml_node;
 
         //GOODSINFO
-        $this->m_RESULT[NM_MOID] = $this->GetXMLData(MOID);
+        $this->m_RESULT[NM_MOID] = $this->GetXMLData('MOID');
 
         //PAYMENTINFO
         //기타지불수단이 paymethod를 주지 않아 임시로 요청 Paymethod로 대체
@@ -916,13 +952,14 @@ class INIData {
         $this->m_RESULT[NM_PAYMETHOD] = $this->m_sPayMethod;
 
         $ResultCode = $this->GetXMLData("ResultCode");
+
         //if( substr($ResultCode,2, 4) == "0000" )
         if (strcmp(substr($ResultCode, 2, 4), "0000") == 0) {
             $this->m_RESULT[NM_RESULTCODE] = "00";
             $this->m_RESULT[NM_RESULTMSG] = $this->GetXMLData("ResultMsg");
         } else {
             $this->m_RESULT[NM_RESULTCODE] = "01";
-            $this->m_RESULT[NM_ERRORCODE] = $ResultCode;
+            $this->m_RESULT['NM_ERRORCODE'] = $ResultCode;
             $this->m_RESULT[NM_RESULTMSG] = "[" . $ResultCode . "|" . $this->GetXMLData("ResultMsg") . "]";
         }
         $encrypted = $this->GetXMLData("Encrypted");
@@ -1036,7 +1073,7 @@ class INIData {
     function GTHR($err_code, $err_msg) {
         //Set
         $data["mid"] = $this->m_REQUEST["mid"];
-        $data["paymethod"] = $this->m_REQUEST["paymethod"];
+        $data["paymethod"] = isset($this->m_REQUEST["paymethod"]) ? $this->m_REQUEST["paymethod"] : '';
         //delete UIP(2009.01.21)
         //$data["user_ip"] = $this->m_REQUEST["uip"];
         $data["tx_version"] = $this->m_TXVersion;
@@ -1063,20 +1100,24 @@ class INIData {
     }
 
     function ParsePIEncrypted() {
-        parse_str($this->m_REQUEST["encrypted"]);
-        $this->m_PIPGPubSN = $CertVer;
-        $this->m_PG1 = $pg1;
-        $this->m_PG2 = $pg2;
-        $this->m_PG1IP = $pg1ip;
-        $this->m_PG2IP = $pg2ip;
+        $output = array();
+        if( isset($this->m_REQUEST["encrypted"]) ) {
+            parse_str($this->m_REQUEST["encrypted"], $output);
+        }
+        $this->m_PIPGPubSN = isset($output['CertVer']) ? $output['CertVer'] : '';
+        $this->m_PG1 = isset($output['pg1']) ? $output['pg1'] : '';
+        $this->m_PG2 = isset($output['pg2']) ? $output['pg2'] : '';
+        $this->m_PG1IP = isset($output['pg1ip']) ? $output['pg1ip'] : '';
+        $this->m_PG2IP = isset($output['pg2ip']) ? $output['pg2ip'] : '';
     }
 
     // Xpath로 안가져온다. 한달을 헛지랄 했다!!
     // added by ddaemiri, 2007.09.03
     function GetXMLData($node) {
-        $content = $this->m_Xml[$node . "[1]"]["text"];
-        if ($this->m_Xml[$node . "[1]"]["attr"]["urlencode"] == "1")
+        $content = isset($this->m_Xml[$node . "[1]"]["text"]) ? $this->m_Xml[$node . "[1]"]["text"] : '';
+        if (isset($this->m_Xml[$node . "[1]"]["attr"]["urlencode"]) && $this->m_Xml[$node . "[1]"]["attr"]["urlencode"] == "1")
             $content = urldecode($content);
+
         return $content;
     }
 
@@ -1101,7 +1142,7 @@ class INICrypto {
         $this->homedir = $request["inipayhome"];
         $this->mid = $request["mid"];
         $this->admin = $request["admin"];
-        $this->mkey = $request["mkey"];
+        $this->mkey = isset($request["mkey"]) ? $request["mkey"] : '';
         if(isset($request['encMethod']) && !empty($request['encMethod'])){
         	$this->encMethod = strtolower($request['encMethod']);
         }
@@ -1294,12 +1335,12 @@ class INICrypto {
 
     function remove_ctrl($string) {
         for ($i = 0; $i < strlen($string); $i++) {
-            $chr = $string{$i};
+            $chr = $string[$i];
             $ord = ord($chr);
             if ($ord < 10)
-                $string{$i} = " ";
+                $string[$i] = " ";
             else
-                $string{$i} = $chr;
+                $string[$i] = $chr;
         }
         return trim($string);
     }
@@ -1310,7 +1351,7 @@ class INICrypto {
     }
 
     function pkcs5_unpad($text) {
-        $pad = ord($text{strlen($text) - 1});
+        $pad = ord($text[strlen($text) - 1]);
         if ($pad > strlen($text))
             return false;
         if (strspn($text, chr($pad), strlen($text) - $pad) != $pad)
@@ -1356,5 +1397,4 @@ class INICrypto {
         return $cipher;
     }
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INIDFN.php b/shop/inicis/libs/INIDFN.php
index a3f1faef7..98f36d5e1 100644
--- a/shop/inicis/libs/INIDFN.php
+++ b/shop/inicis/libs/INIDFN.php
@@ -75,7 +75,7 @@ define("PROGRAM", "INIPHP");
 define("LANG", "PHP");
 define("VERSION", "NV5053");
 define("BUILDDATE", "20190404");
-define("TID_LEN", 40);
+if( ! defined('TID_LEN')) define("TID_LEN", 40);
 define("MAX_KEY_LEN", 24);
 define("MAX_IV_LEN", 8);
 
@@ -135,7 +135,6 @@ define("TXPGPUBSN_LEN", 20);
 define("CMD_LEN", 4);
 define("MID_LEN", 10);
 define("TOTPRICE_LEN", 20);
-define("TID_LEN", 40);
 
 
 //------------------------------------------------------
@@ -671,5 +670,4 @@ define("NULL_ESCROWMSG_ERR", "TX6001");
 
 define("NULL_FIELD_REFUNDACCTNUM", "TX9245");
 define("NULL_FIELD_REFUNDBANKCODE", "TX9243");
-define("NULL_FIELD_REFUNDACCTNAME", "TX9244");
-?>
\ No newline at end of file
+define("NULL_FIELD_REFUNDACCTNAME", "TX9244");
\ No newline at end of file
diff --git a/shop/inicis/libs/INILib.php b/shop/inicis/libs/INILib.php
index b78799835..c77cf2002 100644
--- a/shop/inicis/libs/INILib.php
+++ b/shop/inicis/libs/INILib.php
@@ -54,7 +54,7 @@ class INIpay50 {
     /* -------------------------------------------------- */
 
     function GetResult($name) { //Default Entity
-        $result = $this->m_RESULT[$name];
+        $result = isset($this->m_RESULT[$name]) ? $this->m_RESULT[$name] : '';
         if ($result == "")
             $result = $this->m_Data->GetXMLData($name);
         if ($result == "")
@@ -246,7 +246,7 @@ class INIpay50 {
         if($this->m_type == TYPE_ESCROW && ($this->m_Data->m_EscrowType == TYPE_ESCROW_CNF || $this->m_Data->m_EscrowType == TYPE_ESCROW_DNY)) $is_plugin_escrow = TRUE;
         
         
-        if($this->m_REQUEST["pgn"] != "") {
+        if(isset($this->m_REQUEST["pgn"]) && $this->m_REQUEST["pgn"] != "") {
         	$host = $this->m_REQUEST["pgn"];
         } else {
         	if ($this->m_type == TYPE_SECUREPAY || $is_plugin_escrow == TRUE) {		//plugin
@@ -732,6 +732,4 @@ class INIpay50 {
         return;
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INISoc.php b/shop/inicis/libs/INISoc.php
index 650f6b576..c073040bc 100644
--- a/shop/inicis/libs/INISoc.php
+++ b/shop/inicis/libs/INISoc.php
@@ -90,7 +90,8 @@ class INISocket {
 
         $read = array($this->hnd);
         $write = array($this->hnd);
-        $rtv = @socket_select($read, $write, $except = NULL, TIMEOUT_CONNECT);
+        $except = NULL;
+        $rtv = @socket_select($read, $write, $except, TIMEOUT_CONNECT);
         if ($rtv == 0) { //TIMEOUT
             $this->error();
             socket_close($this->hnd);
@@ -125,8 +126,10 @@ class INISocket {
         }
 
         $vWrite = array($this->hnd);
+        $vRead = null;
+        $vExcept = null;
 
-        while (($rtv = @socket_select($vRead = null, $vWrite, $vExcept = null, TIMEOUT_WRITE)) === FALSE);
+        while (($rtv = @socket_select($vRead, $vWrite, $vExcept, TIMEOUT_WRITE)) === FALSE);
 
         if ($rtv == 0) {
             $this->error();
@@ -157,7 +160,10 @@ class INISocket {
         $read = array($this->hnd);
         $buf = null;
         while ($nleft > 0) {
-            $rtv = @socket_select($read, $write = NULL, $except = NULL, TIMEOUT_READ);
+            $write = null;
+            $except = null;
+
+            $rtv = @socket_select($read, $write, $except, TIMEOUT_READ);
             if ($rtv == 0) {
                 $this->error();
                 return SOCK_TIMEO_ERR;
@@ -217,6 +223,4 @@ class INISocket {
         return $this->sSocErr;
     }
 
-}
-
-?>
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INIStdPayUtil.php b/shop/inicis/libs/INIStdPayUtil.php
index d5f0dfc48..7d30e69d0 100644
--- a/shop/inicis/libs/INIStdPayUtil.php
+++ b/shop/inicis/libs/INIStdPayUtil.php
@@ -17,7 +17,7 @@ class INIStdPayUtil {
 
         $milliseconds = round(microtime(true) * 1000);
         $tempValue1 = round($milliseconds / 1000);  //max integer 자릿수가 9이므로 뒤 3자리를 뺀다
-        $tempValue2 = round(microtime(false) * 1000); //뒤 3자리를 저장
+        $tempValue2 = round((float) microtime(false) * 1000); //뒤 3자리를 저장
         switch (strlen($tempValue2)) {
             case '3':
                 break;
@@ -121,5 +121,4 @@ class INIStdPayUtil {
 		return $signature;
 	}
 
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INIXml.php b/shop/inicis/libs/INIXml.php
index 150be8e97..284f31223 100644
--- a/shop/inicis/libs/INIXml.php
+++ b/shop/inicis/libs/INIXml.php
@@ -209,12 +209,12 @@ class XML {
      */
     function remove_ctrl($string) {
     	for ($i = 0; $i < strlen($string); $i++) {
-    		$chr = $string{$i};
+    		$chr = $string[$i];
     		$ord = ord($chr);
     		if ($ord < 10)
-    			$string{$i} = " ";
+    			$string[$i] = " ";
     		else
-    			$string{$i} = $chr;
+    			$string[$i] = $chr;
     	}
     	return trim($string);
     }
@@ -333,11 +333,12 @@ class XML {
 
         // Now open the tag.
         $xml .= "<" . $this->nodes[$root]["name"];
-
+            
+        $count_root_attributes = (isset($this->nodes[$root]["attributes"]) && is_array($this->nodes[$root]["attributes"])) ? count($this->nodes[$root]["attributes"]) : 0;
         // Check whether there are attributes for this node.
-        if (count($this->nodes[$root]["attributes"]) > 0) {
+        if ($count_root_attributes > 0) {
             // Run through all attributes.
-            foreach ($this->nodes[$root]["attributes"] as $key => $value) {
+            foreach ((array) $this->nodes[$root]["attributes"] as $key => $value) {
                 // Check whether this attribute is highlighted.
                 if (in_array($root . "/attribute::" . $key, $highlight)) {
                     // Add the highlight code to the XML data.
@@ -450,7 +451,9 @@ class XML {
         $path = $context . "/" . $name;
 
         // Set the relative context and the position.
-        $position = ++$this->ids[$path];
+
+        $othis_ids_path = isset($this->ids[$path]) ? (int) $this->ids[$path] : 0;
+        $position = ++$othis_ids_path;
         $relative = $name . "[" . $position . "]";
 
         // Calculate the full path.
@@ -462,7 +465,8 @@ class XML {
 
         // Calculate the position for the following and preceding axis
         // detection.
-        $this->nodes[$fullpath]["document-position"] = $this->nodes[$context]["document-position"] + 1;
+        $othis_document_position = isset($this->nodes[$context]["document-position"]) ? (int) $this->nodes[$context]["document-position"] : 0;
+        $this->nodes[$fullpath]["document-position"] = $othis_document_position + 1;
 
         // Save the information about the node.
         $this->nodes[$fullpath]["name"] = $name;
@@ -470,7 +474,7 @@ class XML {
         $this->nodes[$fullpath]["parent"] = $context;
 
         // Add this element to the element count array.
-        if (!$this->nodes[$context]["children"][$name]) {
+        if (! (isset($this->nodes[$context]["children"][$name]) && $this->nodes[$context]["children"][$name])) {
             // Set the default name.
             $this->nodes[$context]["children"][$name] = 1;
         } else {
@@ -907,7 +911,8 @@ class XML {
         $arr = preg_split("/[\/]+/", $this->path, -1, PREG_SPLIT_NO_EMPTY);
         //edited by ddaemiri. libexpat은 \n을 분리자로 인식
         //$this->xml_node[$arr[count($arr)-1]]["text"] = addslashes(trim($text));
-        $this->xml_node[$arr[count($arr) - 1]]["text"] = $this->xml_node[$arr[count($arr) - 1]]["text"] . addslashes(trim($text));
+        $othis_count_text = isset($this->xml_node[$arr[count($arr) - 1]]["text"]) ? $this->xml_node[$arr[count($arr) - 1]]["text"] : '';
+        $this->xml_node[$arr[count($arr) - 1]]["text"] = $othis_count_text . addslashes(trim($text));
     }
 
     /**
@@ -3132,6 +3137,4 @@ class XML {
         return $a[$attr];
     }
 
-}
-
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/INIpayStdMakeSignature.php b/shop/inicis/libs/INIpayStdMakeSignature.php
index 516296e34..c7183f28b 100644
--- a/shop/inicis/libs/INIpayStdMakeSignature.php
+++ b/shop/inicis/libs/INIpayStdMakeSignature.php
@@ -11,5 +11,4 @@ $output['signature'] = array(
     'signature' => hash("sha256", $input)
 );
 
-echo json_encode($output);
-?>
+echo json_encode($output);
\ No newline at end of file
diff --git a/shop/inicis/libs/JSON.php b/shop/inicis/libs/JSON.php
index 0cddbddb4..c07c76767 100644
--- a/shop/inicis/libs/JSON.php
+++ b/shop/inicis/libs/JSON.php
@@ -801,6 +801,4 @@ if (class_exists('PEAR_Error')) {
         }
     }
 
-}
-    
-?>
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/json_lib.php b/shop/inicis/libs/json_lib.php
index 5e34a6610..82232bd64 100644
--- a/shop/inicis/libs/json_lib.php
+++ b/shop/inicis/libs/json_lib.php
@@ -25,6 +25,4 @@ if (!function_exists('json_encode')) {
         $json = new Services_JSON;
         return $json->encode($content);
     }
-}
-
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/libs/sha256.inc.php b/shop/inicis/libs/sha256.inc.php
index 3d9859208..e39cd63da 100644
--- a/shop/inicis/libs/sha256.inc.php
+++ b/shop/inicis/libs/sha256.inc.php
@@ -409,6 +409,4 @@ if (!function_exists('hash'))
             return $algo($data);
         }
     }
-}
-
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/inicis/lpay_common.php b/shop/inicis/lpay_common.php
index 5b1cd9c2c..497b4dbac 100644
--- a/shop/inicis/lpay_common.php
+++ b/shop/inicis/lpay_common.php
@@ -6,5 +6,4 @@ if( ! ($default['de_inicis_lpay_use'] || $default['de_inicis_kakaopay_use']) ||
     return;
 }
 
-include_once(G5_SHOP_PATH.'/settle_inicis.inc.php');
-?>
\ No newline at end of file
+include_once(G5_SHOP_PATH.'/settle_inicis.inc.php');
\ No newline at end of file
diff --git a/shop/inicis/makesignature.php b/shop/inicis/makesignature.php
index 27b707d4a..c7313b460 100644
--- a/shop/inicis/makesignature.php
+++ b/shop/inicis/makesignature.php
@@ -29,5 +29,4 @@ $mKey = hash("sha256", $signKey);
 $params = "oid=" . $orderNumber . "&price=" . $price . "&timestamp=" . $timestamp;
 $sign = hash("sha256", $params);
 
-die(json_encode(array('error'=>'', 'mKey'=>$mKey, 'timestamp'=>$timestamp, 'sign'=>$sign)));
-?>
\ No newline at end of file
+die(json_encode(array('error'=>'', 'mKey'=>$mKey, 'timestamp'=>$timestamp, 'sign'=>$sign)));
\ No newline at end of file
diff --git a/shop/inicis/orderform.1.php b/shop/inicis/orderform.1.php
index 20fdb9a68..57f560620 100644
--- a/shop/inicis/orderform.1.php
+++ b/shop/inicis/orderform.1.php
@@ -39,4 +39,4 @@ function paybtn(f) {
     INIStdPay.pay(f.id);
 }
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/shop/inicis/orderform.2.php b/shop/inicis/orderform.2.php
index a41c53bc2..cadd1b52c 100644
--- a/shop/inicis/orderform.2.php
+++ b/shop/inicis/orderform.2.php
@@ -76,4 +76,4 @@ no_receipt : 은행계좌이체시 현금영수증 발행여부 체크박스 비
 <?php if($default['de_tax_flag_use']) { ?>
 <input type="hidden" name="tax"         value="<?php echo $comm_vat_mny; ?>">
 <input type="hidden" name="taxfree"     value="<?php echo $comm_free_mny; ?>">
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/shop/inicis/orderform.4.php b/shop/inicis/orderform.4.php
index d054abec9..b090a888d 100644
--- a/shop/inicis/orderform.4.php
+++ b/shop/inicis/orderform.4.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/shop/inicis/orderpartcancel.inc.php b/shop/inicis/orderpartcancel.inc.php
index 816e3caef..a21f9edb3 100644
--- a/shop/inicis/orderpartcancel.inc.php
+++ b/shop/inicis/orderpartcancel.inc.php
@@ -75,5 +75,4 @@ $inipay->startAction();
     sql_query($sql);
  } else {
      alert(iconv_utf8($inipay->GetResult("ResultMsg")).' 코드 : '.$inipay->GetResult("ResultCode"));
- }
-?>
\ No newline at end of file
+ }
\ No newline at end of file
diff --git a/shop/inicis/taxsave_result.php b/shop/inicis/taxsave_result.php
index f3db4bbdf..141429d52 100644
--- a/shop/inicis/taxsave_result.php
+++ b/shop/inicis/taxsave_result.php
@@ -12,6 +12,8 @@ include_once(G5_SHOP_PATH.'/settle_inicis.inc.php');
  * Copyright (C) 2006 Inicis, Co. All rights reserved.
  */
 
+$companynumber = isset($_REQUEST['companynumber']) ? clean_xss_tags($_REQUEST['companynumber'], 1, 1) : '';
+
 if($tx == 'personalpay') {
     $od = sql_fetch(" select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$od_id' ");
     if (!$od)
@@ -189,5 +191,4 @@ function showreceipt() // 현금 영수증 출력
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/item.php b/shop/item.php
index 72295e3b3..1b3b0c003 100644
--- a/shop/item.php
+++ b/shop/item.php
@@ -6,18 +6,20 @@ if (G5_IS_MOBILE) {
     return;
 }
 
-$it_id = get_search_string(trim($_GET['it_id']));
+$it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : '';
 $it_seo_title = isset($it_seo_title) ? $it_seo_title : '';
 
 $it = get_shop_item_with_category($it_id, $it_seo_title);
+
+if (! (isset($it['it_id']) && $it['it_id']))
+    alert('자료가 없습니다.');
+
 $it_id = $it['it_id'];
 
 if( isset($row['it_seo_title']) && ! $row['it_seo_title'] ){
     shop_seo_title_update($row['it_id']);
 }
 
-if (!$it['it_id'])
-    alert('자료가 없습니다.');
 if (!($it['ca_use'] && $it['it_use'])) {
     if (!$is_admin)
         alert('현재 판매가능한 상품이 아닙니다.');
@@ -144,7 +146,7 @@ else
 // 이전 상품보기
 $sql = " select it_id, it_name from {$g5['g5_shop_item_table']} where it_id > '$it_id' and SUBSTRING(ca_id,1,4) = '".substr($it['ca_id'],0,4)."' and it_use = '1' order by it_id asc limit 1 ";
 $row = sql_fetch($sql);
-if ($row['it_id']) {
+if (isset($row['it_id']) && $row['it_id']) {
     $prev_title = '이전상품<span class="sound_only"> '.$row['it_name'].'</span>';
     $prev_href = '<a href="'.get_pretty_url('shop', $row['it_id']).'" id="siblings_prev">';
     $prev_href2 = '</a>'.PHP_EOL;
@@ -157,7 +159,7 @@ if ($row['it_id']) {
 // 다음 상품보기
 $sql = " select it_id, it_name from {$g5['g5_shop_item_table']} where it_id < '$it_id' and SUBSTRING(ca_id,1,4) = '".substr($it['ca_id'],0,4)."' and it_use = '1' order by it_id desc limit 1 ";
 $row = sql_fetch($sql);
-if ($row['it_id']) {
+if (isset($row['it_id']) && $row['it_id']) {
     $next_title = '다음 상품<span class="sound_only"> '.$row['it_name'].'</span>';
     $next_href = '<a href="'.get_pretty_url('shop', $row['it_id']).'" id="siblings_next">';
     $next_href2 = '</a>'.PHP_EOL;
@@ -190,7 +192,7 @@ if($default['de_rel_list_use']) {
 // 소셜 관련
 $sns_title = get_text($it['it_name']).' | '.get_text($config['cf_title']);
 $sns_url  = shop_item_url($it['it_id']);
-$sns_share_links .= get_sns_share_link('facebook', $sns_url, $sns_title, G5_SHOP_SKIN_URL.'/img/facebook.png').' ';
+$sns_share_links = get_sns_share_link('facebook', $sns_url, $sns_title, G5_SHOP_SKIN_URL.'/img/facebook.png').' ';
 $sns_share_links .= get_sns_share_link('twitter', $sns_url, $sns_title, G5_SHOP_SKIN_URL.'/img/twitter.png').' ';
 $sns_share_links .= get_sns_share_link('googleplus', $sns_url, $sns_title, G5_SHOP_SKIN_URL.'/img/gplus.png');
 
@@ -244,6 +246,7 @@ function pg_anchor($anc_id) {
 <?php
 }
 
+$naverpay_button_js = '';
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 ?>
 
@@ -277,5 +280,4 @@ echo conv_content($it['it_tail_html'], 1);
 if ($ca['ca_include_tail'] && is_include_path_check($ca['ca_include_tail']))
     @include_once($ca['ca_include_tail']);
 else
-    include_once(G5_SHOP_PATH.'/_tail.php');
-?>
+    include_once(G5_SHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/shop/iteminfo.php b/shop/iteminfo.php
index f9eefe675..707bc2358 100644
--- a/shop/iteminfo.php
+++ b/shop/iteminfo.php
@@ -4,5 +4,4 @@ include_once('./_common.php');
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/iteminfo.php');
     return;
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/itemoption.php b/shop/itemoption.php
index fb17d5654..9e7a7151d 100644
--- a/shop/itemoption.php
+++ b/shop/itemoption.php
@@ -3,11 +3,11 @@ include_once('./_common.php');
 
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
 
-$it_id  = preg_replace($pattern, '', $_POST['it_id']);
-//$opt_id = preg_replace($pattern, '', $_POST['opt_id']);
-$opt_id = addslashes(sql_real_escape_string(preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id'])));
-$idx    = preg_replace('#[^0-9]#', '', $_POST['idx']);
-$sel_count = preg_replace('#[^0-9]#', '', $_POST['sel_count']);
+$it_id  = isset($_POST['it_id']) ? preg_replace($pattern, '', $_POST['it_id']) : '';
+//$opt_id = isset($_POST['opt_id']) ? preg_replace($pattern, '', $_POST['opt_id']) : '';
+$opt_id = isset($_POST['opt_id']) ? addslashes(sql_real_escape_string(preg_replace(G5_OPTION_ID_FILTER, '', $_POST['opt_id']))) : '';
+$idx    = isset($_POST['idx']) ? preg_replace('#[^0-9]#', '', $_POST['idx']) : 0;
+$sel_count = isset($_POST['sel_count']) ? preg_replace('#[^0-9]#', '', $_POST['sel_count']) : 0;
 $op_title = isset($_POST['op_title']) ? strip_tags($_POST['op_title']) : '';
 
 $it = get_shop_item($it_id, true);
@@ -79,5 +79,4 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
     }
 }
 
-echo $str;
-?>
\ No newline at end of file
+echo $str;
\ No newline at end of file
diff --git a/shop/itemqa.php b/shop/itemqa.php
index 41ee13c4d..3ff450187 100644
--- a/shop/itemqa.php
+++ b/shop/itemqa.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 if( !isset($it) && !get_session("ss_tv_idx") ){
     if( !headers_sent() ){  //헤더를 보내기 전이면 검색엔진에서 제외합니다.
         echo '<meta name="robots" content="noindex, nofollow">';
@@ -83,5 +85,4 @@ if(!file_exists($itemqa_skin)) {
     echo str_replace(G5_PATH.'/', '', $itemqa_skin).' 스킨 파일이 존재하지 않습니다.';
 } else {
     include_once($itemqa_skin);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/itemqaform.php b/shop/itemqaform.php
index 4759cec60..4af8038ab 100644
--- a/shop/itemqaform.php
+++ b/shop/itemqaform.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 
+$w     = isset($_REQUEST['w']) ? preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w'])) : '';
+$it_id = isset($_REQUEST['it_id']) ? get_search_string(trim($_REQUEST['it_id'])) : '';
+$iq_id = isset($_REQUEST['iq_id']) ? preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id'])) : 0;
+$qa = array('iq_subject'=>'', 'iq_question'=>'');
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/itemqaform.php');
     return;
@@ -12,13 +17,9 @@ if (!$is_member) {
     alert_close("상품문의는 회원만 작성 가능합니다.");
 }
 
-$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
-$it_id = get_search_string(trim($_REQUEST['it_id']));
-$iq_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['iq_id']));
-
 // 상품정보체크
 $row = get_shop_item($it_id, true);
-if(!$row['it_id'])
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 $chk_secret = '';
@@ -65,5 +66,4 @@ if(!file_exists($itemqaform_skin)) {
     include_once($itemqaform_skin);
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php
index 508381da9..9f6abd190 100644
--- a/shop/itemqaformupdate.php
+++ b/shop/itemqaformupdate.php
@@ -5,14 +5,19 @@ if (!$is_member) {
     alert_close("상품문의는 회원만 작성이 가능합니다.");
 }
 
-$iq_id = (int) trim($_REQUEST['iq_id']);
-$iq_subject = trim($_POST['iq_subject']);
-$iq_question = trim($_POST['iq_question']);
+$iq_id = isset($_REQUEST['iq_id']) ? (int) $_REQUEST['iq_id'] : 0;
+$iq_subject = isset($_POST['iq_subject']) ? trim($_POST['iq_subject']) : '';
+$iq_question = isset($_POST['iq_question']) ? trim($_POST['iq_question']) : '';
 $iq_question = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $iq_question);
-$iq_answer = trim($_POST['iq_answer']);
-$hash = trim($_REQUEST['hash']);
+$iq_answer = isset($_POST['iq_answer']) ? trim($_POST['iq_answer']) : '';
+$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : '';
 $get_editor_img_mode = $config['cf_editor'] ? false : true;
 
+$iq_secret = isset($_POST['iq_secret']) ? (int) $_POST['iq_secret'] : 0;
+$iq_email = isset($_POST['iq_email']) ? clean_xss_tags($_POST['iq_email'], 1, 1) : '';
+$iq_hp = isset($_POST['iq_hp']) ? clean_xss_tags($_POST['iq_hp'], 1, 1) : '';
+$is_mobile_shop = isset($_REQUEST['is_mobile_shop']) ? (int) $_REQUEST['is_mobile_shop'] : 0;
+
 if ($w == "" || $w == "u") {
     $iq_name     = addslashes(strip_tags($member['mb_name']));
     $iq_password = $member['mb_password'];
@@ -39,7 +44,7 @@ if ($w == "")
                    iq_subject  = '$iq_subject',
                    iq_question = '$iq_question',
                    iq_time = '".G5_TIME_YMDHIS."',
-                   iq_ip = '$REMOTE_ADDR' ";
+                   iq_ip = '".$_SERVER['REMOTE_ADDR']."' ";
     sql_query($sql);
 
     $alert_msg = '상품문의가 등록 되었습니다.';
@@ -102,7 +107,9 @@ else if ($w == "d")
 
     $imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode);
 
-    for($i=0;$i<count($imgs[1]);$i++) {
+    $imgs_count = (isset($imgs[1]) && is_array($imgs[1])) ? count($imgs[1]) : 0;
+
+    for($i=0;$i<$imgs_count;$i++) {
         $p = parse_url($imgs[1][$i]);
         if(strpos($p['path'], "/data/") != 0)
             $data_path = preg_replace("/^\/.*\/data/", "/data", $p['path']);
@@ -127,5 +134,4 @@ else if ($w == "d")
 if($w == 'd')
     alert($alert_msg, $url);
 else
-    alert_opener($alert_msg, $url);
-?>
+    alert_opener($alert_msg, $url);
\ No newline at end of file
diff --git a/shop/itemqalist.php b/shop/itemqalist.php
index 722d28a34..a8bd8c735 100644
--- a/shop/itemqalist.php
+++ b/shop/itemqalist.php
@@ -70,5 +70,4 @@ if(!file_exists($itemqalist_skin)) {
     include_once($itemqalist_skin);
 }
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/itemrecommend.php b/shop/itemrecommend.php
index 297a39927..37611eaf9 100644
--- a/shop/itemrecommend.php
+++ b/shop/itemrecommend.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/itemrecommend.php');
     return;
@@ -66,5 +68,4 @@ function fitemrecommend_check(f)
 <!-- } 상품 추천하기 끝 -->
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/itemrecommendmail.php b/shop/itemrecommendmail.php
index ce7d14d9c..336fe8eec 100644
--- a/shop/itemrecommendmail.php
+++ b/shop/itemrecommendmail.php
@@ -5,6 +5,8 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');
 if (!$is_member)
     alert_close('회원만 메일을 발송할 수 있습니다.');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 // 스팸으로 인한 코드 수정 060809
 //if (substr_count($to_email, "@") > 3) alert("최대 3명까지만 메일을 발송할 수 있습니다.");
 if (substr_count($to_email, "@") > 1) alert('메일 주소는 하나씩만 입력해 주십시오.');
@@ -19,7 +21,7 @@ if ($recommendmail_count > 3)
 set_session('ss_recommendmail_count', $recommendmail_count);
 
 // 세션에 저장된 토큰과 폼값으로 넘어온 토큰을 비교하여 틀리면 메일을 발송할 수 없다.
-if ($_POST["token"] && get_session("ss_token") == $_POST["token"]) {
+if (isset($_POST["token"]) && get_session("ss_token") === $_POST["token"]) {
     // 맞으면 세션을 지워 다시 입력폼을 통해서 들어오도록 한다.
     set_session("ss_token", "");
 } else {
@@ -29,11 +31,11 @@ if ($_POST["token"] && get_session("ss_token") == $_POST["token"]) {
 
 // 상품
 $it = get_shop_item($it_id, true);
-if (!$it['it_id'])
+if (! (isset($it['it_id']) && $it['it_id']))
     alert("등록된 상품이 아닙니다.");
 
-$subject = stripslashes($subject);
-$content = nl2br(stripslashes($content));
+$subject = isset($_POST['subject']) ? stripslashes($_POST['subject']) : '';
+$content = isset($_POST['content']) ? nl2br(stripslashes($_POST['content'])) : '';
 
 $from_name = get_text($member['mb_name']);
 $from_email = $member['mb_email'];
diff --git a/shop/itemstocksms.php b/shop/itemstocksms.php
index a2996d50c..f62191706 100644
--- a/shop/itemstocksms.php
+++ b/shop/itemstocksms.php
@@ -1,13 +1,15 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 $g5['title'] = '상품 재입고 알림 (SMS)';
 include_once(G5_PATH.'/head.sub.php');
 
 // 상품정보
 $it = get_shop_item($it_id, true);
 
-if(!$it['it_id'])
+if(! (isset($it['it_id']) && $it['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 if(!$it['it_soldout'] || !$it['it_stock_sms'])
@@ -74,5 +76,4 @@ function fstocksms_submit(f)
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/itemstocksmsupdate.php b/shop/itemstocksmsupdate.php
index 27a297b62..0735d7792 100644
--- a/shop/itemstocksmsupdate.php
+++ b/shop/itemstocksmsupdate.php
@@ -1,10 +1,13 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
+$ss_hp = isset($_POST['ss_hp']) ? $_POST['ss_hp'] : '';
+
 // 상품정보
 $it = get_shop_item($it_id, true);
 
-if(!$it['it_id'])
+if(! (isset($it['it_id']) && $it['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 if(!$it['it_soldout'] || !$it['it_stock_sms'])
@@ -36,5 +39,4 @@ $sql = " insert into {$g5['g5_shop_item_stocksms_table']}
                 ss_datetime = '".G5_TIME_YMDHIS."' ";
 sql_query($sql);
 
-alert_close('재입고SMS 알림 요청 등록이 완료됐습니다.');
-?>
\ No newline at end of file
+alert_close('재입고SMS 알림 요청 등록이 완료됐습니다.');
\ No newline at end of file
diff --git a/shop/itemuse.php b/shop/itemuse.php
index 22a2979ea..18cd10172 100644
--- a/shop/itemuse.php
+++ b/shop/itemuse.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
+
 if( !isset($it) && !get_session("ss_tv_idx") ){
     if( !headers_sent() ){  //헤더를 보내기 전이면 검색엔진에서 제외합니다.
         echo '<meta name="robots" content="noindex, nofollow">';
@@ -83,5 +85,4 @@ if(!file_exists($itemuse_skin)) {
     echo str_replace(G5_PATH.'/', '', $itemuse_skin).' 스킨 파일이 존재하지 않습니다.';
 } else {
     include_once($itemuse_skin);
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/itemuseform.php b/shop/itemuseform.php
index 64e8c2e7a..3de3b6573 100644
--- a/shop/itemuseform.php
+++ b/shop/itemuseform.php
@@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 
+$w     = isset($_REQUEST['w']) ? preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w'])) : '';
+$it_id = isset($_REQUEST['it_id']) ? get_search_string(trim($_REQUEST['it_id'])) : '';
+$is_id = isset($_REQUEST['is_id']) ? preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id'])) : 0;
+$use = array('is_subject'=>'', 'is_content'=>'');
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/itemuseform.php');
     return;
@@ -12,13 +17,10 @@ if (!$is_member) {
     alert_close("사용후기는 회원만 작성 가능합니다.");
 }
 
-$w     = preg_replace('/[^0-9a-z]/i', '', trim($_REQUEST['w']));
-$it_id = get_search_string(trim($_REQUEST['it_id']));
-$is_id = preg_replace('/[^0-9]/', '', trim($_REQUEST['is_id']));
-
 // 상품정보체크
 $row = get_shop_item($it_id, true);
-if(!$row['it_id'])
+
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 if ($w == "") {
@@ -60,5 +62,4 @@ if(!file_exists($itemuseform_skin)) {
     include_once($itemuseform_skin);
 }
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php
index 01f58d00a..078a4d0de 100644
--- a/shop/itemuseformupdate.php
+++ b/shop/itemuseformupdate.php
@@ -5,15 +5,17 @@ if (!$is_member) {
     alert_close("사용후기는 회원만 작성이 가능합니다.");
 }
 
-$it_id       = trim($_REQUEST['it_id']);
-$is_subject  = trim($_POST['is_subject']);
-$is_content  = trim($_POST['is_content']);
+$it_id       = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
+$is_subject  = isset($_POST['is_subject']) ? trim($_POST['is_subject']) : '';
+$is_content  = isset($_POST['is_content']) ? trim($_POST['is_content']) : '';
 $is_content = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $is_content);
-$is_name     = trim($_POST['is_name']);
-$is_password = trim($_POST['is_password']);
-$is_score    = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
+$is_name     = isset($_POST['is_name']) ? trim($_POST['is_name']) : '';
+$is_password = isset($_POST['is_password']) ? trim($_POST['is_password']) : '';
+$is_score    = isset($_POST['is_score']) ? (int) $_POST['is_score'] : 0;
+$is_score    = ($is_score > 5) ? 0 : $is_score;
 $get_editor_img_mode = $config['cf_editor'] ? false : true;
-$is_id       = (int) trim($_REQUEST['is_id']);
+$is_id       = isset($_REQUEST['is_id']) ? (int) $_REQUEST['is_id'] : 0;
+$is_mobile_shop = isset($_REQUEST['is_mobile_shop']) ? (int) $_REQUEST['is_mobile_shop'] : 0;
 
 // 사용후기 작성 설정에 따른 체크
 check_itemuse_write($it_id, $member['mb_id']);
@@ -129,5 +131,4 @@ if( ! $default['de_item_use_use'] ){
 if($w == 'd')
     alert($alert_msg, $url);
 else
-    alert_opener($alert_msg, $url);
-?>
\ No newline at end of file
+    alert_opener($alert_msg, $url);
\ No newline at end of file
diff --git a/shop/itemuselist.php b/shop/itemuselist.php
index a66cbd8a6..a4d2b43bd 100644
--- a/shop/itemuselist.php
+++ b/shop/itemuselist.php
@@ -70,5 +70,4 @@ if(!file_exists($itemuselist_skin)) {
     include_once($itemuselist_skin);
 }
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/kakaopay/_common.php b/shop/kakaopay/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/shop/kakaopay/_common.php
+++ b/shop/kakaopay/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/kakaopay/incKakaopayCommon.php b/shop/kakaopay/incKakaopayCommon.php
index 52d3f14c8..c24e639d0 100644
--- a/shop/kakaopay/incKakaopayCommon.php
+++ b/shop/kakaopay/incKakaopayCommon.php
@@ -55,5 +55,4 @@ if ($default['de_card_test']) {
     }
 }
 
-$returnUrl = G5_SHOP_URL.'/kakaopay/inicis_kk_return.php';
-?>
\ No newline at end of file
+$returnUrl = G5_SHOP_URL.'/kakaopay/inicis_kk_return.php';
\ No newline at end of file
diff --git a/shop/kakaopay/inicis_kk_return.php b/shop/kakaopay/inicis_kk_return.php
index 28d723957..31425f009 100644
--- a/shop/kakaopay/inicis_kk_return.php
+++ b/shop/kakaopay/inicis_kk_return.php
@@ -81,5 +81,4 @@ if(isset($data['pp_id']) && $data['pp_id']) {   //개인결제
     $od_send_cost2 = (int) $_POST['od_send_cost2'];
 
     include_once(G5_SHOP_PATH.'/orderformupdate.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/kakaopay/kakaopay_cancel.php b/shop/kakaopay/kakaopay_cancel.php
index 3f9458e06..3e6317473 100644
--- a/shop/kakaopay/kakaopay_cancel.php
+++ b/shop/kakaopay/kakaopay_cancel.php
@@ -83,5 +83,4 @@ if($cancelFlag == "true")
         $pg_res_cd = $res_cd;
         $pg_res_msg = iconv_utf8($res_msg);
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/kakaopay/kakaopay_result.php b/shop/kakaopay/kakaopay_result.php
index 673e80b8c..f7f333662 100644
--- a/shop/kakaopay/kakaopay_result.php
+++ b/shop/kakaopay/kakaopay_result.php
@@ -25,5 +25,4 @@ if( isset($_REQUEST['P_STATUS']) && isset($_REQUEST['P_TID']) && isset($_REQUEST
 }
 
 include G5_SHOP_PATH.'/kakaopay/pc_pay_result.php';
-return;
-?>
\ No newline at end of file
+return;
\ No newline at end of file
diff --git a/shop/kakaopay/makesignature.php b/shop/kakaopay/makesignature.php
index 7b8bf7d77..d0e8549a5 100644
--- a/shop/kakaopay/makesignature.php
+++ b/shop/kakaopay/makesignature.php
@@ -33,5 +33,4 @@ $mKey = hash("sha256", $default['de_kakaopay_key']);
 $params = "oid=" . $orderNumber . "&price=" . $price . "&timestamp=" . $timestamp;
 $sign = hash("sha256", $params);
 
-die(json_encode(array('error'=>'', 'mKey'=>$mKey, 'timestamp'=>$timestamp, 'sign'=>$sign)));
-?>
\ No newline at end of file
+die(json_encode(array('error'=>'', 'mKey'=>$mKey, 'timestamp'=>$timestamp, 'sign'=>$sign)));
\ No newline at end of file
diff --git a/shop/kakaopay/mobile_pay_approval.php b/shop/kakaopay/mobile_pay_approval.php
index 8a1a276ac..13b34b8d1 100644
--- a/shop/kakaopay/mobile_pay_approval.php
+++ b/shop/kakaopay/mobile_pay_approval.php
@@ -200,5 +200,4 @@ if(isset($data['pp_id']) && !empty($data['pp_id'])) {
 
     include_once( G5_MSHOP_PATH.'/orderformupdate.php' );
 }
-exit;
-?>
\ No newline at end of file
+exit;
\ No newline at end of file
diff --git a/shop/kakaopay/mobile_pay_result.php b/shop/kakaopay/mobile_pay_result.php
index bcfea6d5f..5f49a5ed6 100644
--- a/shop/kakaopay/mobile_pay_result.php
+++ b/shop/kakaopay/mobile_pay_result.php
@@ -37,5 +37,4 @@ switch($pay_type) {
 // 세션 초기화
 set_session('P_TID',  '');
 set_session('P_AMT',  '');
-set_session('P_HASH', '');
-?>
\ No newline at end of file
+set_session('P_HASH', '');
\ No newline at end of file
diff --git a/shop/kakaopay/mobile_pay_return.php b/shop/kakaopay/mobile_pay_return.php
index 07017ccf5..38b2d95f8 100644
--- a/shop/kakaopay/mobile_pay_return.php
+++ b/shop/kakaopay/mobile_pay_return.php
@@ -1,5 +1,4 @@
 <?php
 include_once('./_common.php');
 
-// 카카오페이 (KG 이니시스) 의 경우 NOTI 과정이 없으므로 이 페이지를 사용하지 않습니다.
-?>
\ No newline at end of file
+// 카카오페이 (KG 이니시스) 의 경우 NOTI 과정이 없으므로 이 페이지를 사용하지 않습니다.
\ No newline at end of file
diff --git a/shop/kakaopay/mobile_settle_common.php b/shop/kakaopay/mobile_settle_common.php
index 07017ccf5..38b2d95f8 100644
--- a/shop/kakaopay/mobile_settle_common.php
+++ b/shop/kakaopay/mobile_settle_common.php
@@ -1,5 +1,4 @@
 <?php
 include_once('./_common.php');
 
-// 카카오페이 (KG 이니시스) 의 경우 NOTI 과정이 없으므로 이 페이지를 사용하지 않습니다.
-?>
\ No newline at end of file
+// 카카오페이 (KG 이니시스) 의 경우 NOTI 과정이 없으므로 이 페이지를 사용하지 않습니다.
\ No newline at end of file
diff --git a/shop/kakaopay/orderform.2.php b/shop/kakaopay/orderform.2.php
index ee9b277e4..6d27e6445 100644
--- a/shop/kakaopay/orderform.2.php
+++ b/shop/kakaopay/orderform.2.php
@@ -16,5 +16,4 @@ if($is_kakaopay_use) {
 </div>
 
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/kakaopay/orderform.3.php b/shop/kakaopay/orderform.3.php
index b7dbae41b..106b2a847 100644
--- a/shop/kakaopay/orderform.3.php
+++ b/shop/kakaopay/orderform.3.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/shop/kakaopay/orderpartcancel.inc.php b/shop/kakaopay/orderpartcancel.inc.php
index b1d78548c..60449ff5f 100644
--- a/shop/kakaopay/orderpartcancel.inc.php
+++ b/shop/kakaopay/orderpartcancel.inc.php
@@ -75,5 +75,4 @@ $inipay->startAction();
     sql_query($sql);
  } else {
      alert(iconv_utf8($inipay->GetResult("ResultMsg")).' 코드 : '.$inipay->GetResult("ResultCode"));
- }
-?>
\ No newline at end of file
+ }
\ No newline at end of file
diff --git a/shop/kakaopay/pc_pay_result.php b/shop/kakaopay/pc_pay_result.php
index aafe762cb..add7a2e5f 100644
--- a/shop/kakaopay/pc_pay_result.php
+++ b/shop/kakaopay/pc_pay_result.php
@@ -211,5 +211,4 @@ try {
 
 if( !$inicis_pay_result ){
     die("<br><br>결제 에러가 일어났습니다. 에러 이유는 위와 같습니다.");
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/kcp/_common.php b/shop/kcp/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/shop/kcp/_common.php
+++ b/shop/kcp/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/kcp/escrow.register.php b/shop/kcp/escrow.register.php
index 198a6d193..f4fb62dec 100644
--- a/shop/kcp/escrow.register.php
+++ b/shop/kcp/escrow.register.php
@@ -37,5 +37,4 @@ $res_cd  = $c_PayPlus->m_res_cd;  // 결과 코드
 $res_msg = $c_PayPlus->m_res_msg; // 결과 메시지
 
 // locale 설정 초기화
-setlocale(LC_CTYPE, '');
-?>
\ No newline at end of file
+setlocale(LC_CTYPE, '');
\ No newline at end of file
diff --git a/shop/kcp/global_nhn_kcp.php b/shop/kcp/global_nhn_kcp.php
index 6591ba278..4e68b9fb0 100644
--- a/shop/kcp/global_nhn_kcp.php
+++ b/shop/kcp/global_nhn_kcp.php
@@ -6,5 +6,4 @@ if( !(function_exists('is_use_easypay') && is_use_easypay('global_nhnkcp')) ){
     return;
 }
 
-include_once(G5_SHOP_PATH.'/settle_kcp.inc.php');
-?>
\ No newline at end of file
+include_once(G5_SHOP_PATH.'/settle_kcp.inc.php');
\ No newline at end of file
diff --git a/shop/kcp/global_nhn_kcp_form.1.php b/shop/kcp/global_nhn_kcp_form.1.php
index 8fa45e217..79800a0c6 100644
--- a/shop/kcp/global_nhn_kcp_form.1.php
+++ b/shop/kcp/global_nhn_kcp_form.1.php
@@ -93,7 +93,7 @@ function jsf__pay( form )
 ?>
     <input type="hidden" name="pay_method"  value="">
     <input type="hidden" name="ordr_idxx"   value="<?php echo $od_id; ?>">
-    <input type="hidden" name="good_name"   value="<?php echo $goods; ?>">
+    <input type="hidden" name="good_name"   value="<?php echo isset($goods) ? get_text($goods) : ''; ?>">
     <input type="hidden" name="good_mny"    value="<?php echo $tot_price; ?>">
     <input type="hidden" name="buyr_name"   value="">
     <input type="hidden" name="buyr_mail"   value="">
@@ -186,7 +186,7 @@ function jsf__pay( form )
     <input type="hidden" name="deli_term" value="03">
 
     <!-- 장바구니 상품 개수 : 장바구니에 담겨있는 상품의 개수를 입력 -->
-    <input type="hidden" name="bask_cntx" value="<?php echo (int)$goods_count + 1; ?>">
+    <input type="hidden" name="bask_cntx" value="<?php echo isset($goods_count) ? ((int) $goods_count + 1) : 0; ?>">
 
     <!-- 장바구니 상품 상세 정보 (자바 스크립트 샘플(create_goodInfo()) 참고) -->
     <input type="hidden" name="good_info" value="">
@@ -257,9 +257,9 @@ if($default['de_tax_flag_use']) {
        (good_mny = comm_tax_mny + comm_vat_mny + comm_free_mny) */
 ?>
     <input type="hidden" name="tax_flag"          value="TG03">     <!-- 변경불가    -->
-    <input type="hidden" name="comm_tax_mny"	  value="<?php echo $comm_tax_mny; ?>">         <!-- 과세금액    -->
-    <input type="hidden" name="comm_vat_mny"      value="<?php echo $comm_vat_mny; ?>">         <!-- 부가세	    -->
-    <input type="hidden" name="comm_free_mny"     value="<?php echo $comm_free_mny; ?>">        <!-- 비과세 금액 -->
+    <input type="hidden" name="comm_tax_mny"	  value="">         <!-- 과세금액    -->
+    <input type="hidden" name="comm_vat_mny"      value="">         <!-- 부가세	    -->
+    <input type="hidden" name="comm_free_mny"     value="">        <!-- 비과세 금액 -->
 <?php
 }
 ?>
diff --git a/shop/kcp/orderform.1.php b/shop/kcp/orderform.1.php
index 8b18d7715..ee584380b 100644
--- a/shop/kcp/orderform.1.php
+++ b/shop/kcp/orderform.1.php
@@ -56,4 +56,4 @@ function jsf__pay( form )
     }
 }
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/shop/kcp/orderform.2.php b/shop/kcp/orderform.2.php
index d526997ae..2639df219 100644
--- a/shop/kcp/orderform.2.php
+++ b/shop/kcp/orderform.2.php
@@ -246,5 +246,4 @@ if($default['de_tax_flag_use']) {
 
     /* = -------------------------------------------------------------------------- = */
     /* =   4. 옵션 정보 END                                                         = */
-    /* ============================================================================== */
-?>
\ No newline at end of file
+    /* ============================================================================== */;
\ No newline at end of file
diff --git a/shop/kcp/orderpartcancel.inc.php b/shop/kcp/orderpartcancel.inc.php
index bc04341b6..1ec7f260a 100644
--- a/shop/kcp/orderpartcancel.inc.php
+++ b/shop/kcp/orderpartcancel.inc.php
@@ -140,5 +140,4 @@ if ( $req_tx == "mod" )
 }
 
 // locale 설정 초기화
-setlocale(LC_CTYPE, '');
-?>
\ No newline at end of file
+setlocale(LC_CTYPE, '');
\ No newline at end of file
diff --git a/shop/kcp/pp_ax_hub.php b/shop/kcp/pp_ax_hub.php
index 5cd5ebef5..77f7c41fc 100644
--- a/shop/kcp/pp_ax_hub.php
+++ b/shop/kcp/pp_ax_hub.php
@@ -21,9 +21,7 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
     /* = -------------------------------------------------------------------------- = */
     /* =   환경 설정 파일 Include END                                               = */
     /* ============================================================================== */
-?>
 
-<?php
     /* ============================================================================== */
     /* =   POST 형식 체크부분                                                       = */
     /* = -------------------------------------------------------------------------- = */
@@ -33,34 +31,32 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
         exit;
     }
     /* ============================================================================== */
-?>
 
-<?php
     /* ============================================================================== */
     /* =   01. 지불 요청 정보 설정                                                  = */
     /* = -------------------------------------------------------------------------- = */
-	$req_tx         = $_POST[ "req_tx"         ]; // 요청 종류
-	$tran_cd        = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "tran_cd"        ]); // 처리 종류
+	$req_tx         = isset($_POST['req_tx']) ? $_POST['req_tx'] : ''; // 요청 종류
+	$tran_cd        = isset($_POST['tran_cd']) ? preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST['tran_cd']) : ''; // 처리 종류
 	/* = -------------------------------------------------------------------------- = */
 	$cust_ip        = getenv( "REMOTE_ADDR"    ); // 요청 IP
-	$ordr_idxx      = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "ordr_idxx"      ]); // 쇼핑몰 주문번호
-	$good_name      = addslashes($_POST[ "good_name"]); // 상품명
-	$good_mny       = $_POST[ "good_mny"       ]; // 결제 총금액
+	$ordr_idxx      = isset($_POST['ordr_idxx']) ? preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST['ordr_idxx']) : ''; // 쇼핑몰 주문번호
+	$good_name      = isset($_POST['good_name']) ? addslashes($_POST['good_name']) : ''; // 상품명
+	$good_mny       = isset($_POST['good_mny']) ? (int) $_POST['good_mny'] : 0; // 결제 총금액
 	/* = -------------------------------------------------------------------------- = */
     $res_cd         = "";                         // 응답코드
     $res_msg        = "";                         // 응답메시지
 	$res_en_msg     = "";                         // 응답 영문 메세지
-    $tno            = $_POST[ "tno"            ]; // KCP 거래 고유 번호
+    $tno            = isset($_POST['tno']) ? $_POST['tno'] : ''; // KCP 거래 고유 번호
     /* = -------------------------------------------------------------------------- = */
-    $buyr_name      = addslashes($_POST[ "buyr_name"]); // 주문자명
-    $buyr_tel1      = $_POST[ "buyr_tel1"      ]; // 주문자 전화번호
-    $buyr_tel2      = $_POST[ "buyr_tel2"      ]; // 주문자 핸드폰 번호
-    $buyr_mail      = $_POST[ "buyr_mail"      ]; // 주문자 E-mail 주소
+    $buyr_name      = isset($_POST['buyr_name']) ? addslashes($_POST['buyr_name']) : ''; // 주문자명
+    $buyr_tel1      = isset($_POST['buyr_tel1']) ? $_POST['buyr_tel1'] : ''; // 주문자 전화번호
+    $buyr_tel2      = isset($_POST['buyr_tel2']) ? $_POST['buyr_tel2'] : ''; // 주문자 핸드폰 번호
+    $buyr_mail      = isset($_POST['buyr_mail']) ? $_POST['buyr_mail'] : ''; // 주문자 E-mail 주소
     /* = -------------------------------------------------------------------------- = */
-    $mod_type       = $_POST[ "mod_type"       ]; // 변경TYPE VALUE 승인취소시 필요
-    $mod_desc       = $_POST[ "mod_desc"       ]; // 변경사유
+    $mod_type       = isset($_POST['mod_type']) ? $_POST['mod_type'] : ''; // 변경TYPE VALUE 승인취소시 필요
+    $mod_desc       = isset($_POST['mod_desc']) ? $_POST['mod_desc'] : ''; // 변경사유
     /* = -------------------------------------------------------------------------- = */
-    $use_pay_method = $_POST[ "use_pay_method" ]; // 결제 방법
+    $use_pay_method = isset($_POST['use_pay_method']) ? $_POST['use_pay_method'] : ''; // 결제 방법
     $bSucc          = "";                         // 업체 DB 처리 성공 여부
     /* = -------------------------------------------------------------------------- = */
 	$app_time       = "";                         // 승인시간 (모든 결제 수단 공통)
@@ -99,29 +95,29 @@ if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 	$commid         = "";                         // 통신사 코드
 	$mobile_no      = "";                         // 휴대폰 번호
 	/* = -------------------------------------------------------------------------- = */
-	$shop_user_id   = $_POST[ "shop_user_id"   ]; // 가맹점 고객 아이디
+	$shop_user_id   = isset($_POST['shop_user_id']) ? $_POST['shop_user_id'] : ''; // 가맹점 고객 아이디
 	$tk_van_code    = "";                         // 발급사 코드
 	$tk_app_no      = "";                         // 상품권 승인 번호
 	/* = -------------------------------------------------------------------------- = */
-    $cash_yn        = $_POST[ "cash_yn"        ]; // 현금영수증 등록 여부
+    $cash_yn        = isset($_POST['cash_yn']) ? $_POST['cash_yn'] : ''; // 현금영수증 등록 여부
     $cash_authno    = "";                         // 현금 영수증 승인 번호
-    $cash_tr_code   = $_POST[ "cash_tr_code"   ]; // 현금 영수증 발행 구분
-    $cash_id_info   = $_POST[ "cash_id_info"   ]; // 현금 영수증 등록 번호
+    $cash_tr_code   = isset($_POST['cash_tr_code']) ? $_POST['cash_tr_code'] : ''; // 현금 영수증 발행 구분
+    $cash_id_info   = isset($_POST['cash_id_info']) ? $_POST['cash_id_info'] : ''; // 현금 영수증 등록 번호
     /* ============================================================================== */
     /* =   01-1. 에스크로 지불 요청 정보 설정                                       = */
     /* = -------------------------------------------------------------------------- = */
-    $escw_used      = $_POST[  "escw_used"     ]; // 에스크로 사용 여부
-    $pay_mod        = $_POST[  "pay_mod"       ]; // 에스크로 결제처리 모드
-    $deli_term      = $_POST[  "deli_term"     ]; // 배송 소요일
-    $bask_cntx      = $_POST[  "bask_cntx"     ]; // 장바구니 상품 개수
-    $good_info      = $_POST[  "good_info"     ]; // 장바구니 상품 상세 정보
-    $rcvr_name      = addslashes($_POST[  "rcvr_name"]); // 수취인 이름
-    $rcvr_tel1      = $_POST[  "rcvr_tel1"     ]; // 수취인 전화번호
-    $rcvr_tel2      = $_POST[  "rcvr_tel2"     ]; // 수취인 휴대폰번호
-    $rcvr_mail      = $_POST[  "rcvr_mail"     ]; // 수취인 E-Mail
-    $rcvr_zipx      = $_POST[  "rcvr_zipx"     ]; // 수취인 우편번호
-    $rcvr_add1      = addslashes($_POST[  "rcvr_add1"]); // 수취인 주소
-    $rcvr_add2      = addslashes($_POST[  "rcvr_add2"]); // 수취인 상세주소
+    $escw_used      = isset($_POST['escw_used']) ? $_POST['escw_used'] : ''; // 에스크로 사용 여부
+    $pay_mod        = isset($_POST['pay_mod']) ? $_POST['pay_mod'] : ''; // 에스크로 결제처리 모드
+    $deli_term      = isset($_POST['deli_term']) ? $_POST['deli_term'] : ''; // 배송 소요일
+    $bask_cntx      = isset($_POST['bask_cntx']) ? $_POST['bask_cntx'] : 0; // 장바구니 상품 개수
+    $good_info      = isset($_POST['good_info']) ? $_POST['good_info'] : ''; // 장바구니 상품 상세 정보
+    $rcvr_name      = isset($_POST['rcvr_name']) ? addslashes($_POST['rcvr_name']) : ''; // 수취인 이름
+    $rcvr_tel1      = isset($_POST['rcvr_tel1']) ? $_POST['rcvr_tel1'] : ''; // 수취인 전화번호
+    $rcvr_tel2      = isset($_POST['rcvr_tel2']) ? $_POST['rcvr_tel2'] : ''; // 수취인 휴대폰번호
+    $rcvr_mail      = isset($_POST['rcvr_mail']) ? $_POST['rcvr_mail'] : ''; // 수취인 E-Mail
+    $rcvr_zipx      = isset($_POST['rcvr_zipx']) ? $_POST['rcvr_zipx'] : ''; // 수취인 우편번호
+    $rcvr_add1      = isset($_POST['rcvr_add1']) ? addslashes($_POST['rcvr_add1']) : ''; // 수취인 주소
+    $rcvr_add2      = isset($_POST['rcvr_add2']) ? addslashes($_POST['rcvr_add2']) : ''; // 수취인 상세주소
 	$escw_yn		= "";						  // 에스크로 여부
 
     /* ============================================================================== */
@@ -150,8 +146,11 @@ if ( $req_tx == "pay" )
 {
         /* 1004원은 실제로 업체에서 결제하셔야 될 원 금액을 넣어주셔야 합니다. 결제금액 유효성 검증 */
         $c_PayPlus->mf_set_ordr_data( "ordr_mony",  $good_mny );
+        
+        $post_enc_data = isset($_POST['enc_data']) ? $_POST['enc_data'] : '';
+        $post_enc_info = isset($_POST['enc_info']) ? $_POST['enc_info'] : '';
 
-        $c_PayPlus->mf_set_encx_data( $_POST[ "enc_data" ], $_POST[ "enc_info" ] );
+        $c_PayPlus->mf_set_encx_data( $post_enc_data, $post_enc_info );
 }
 
 /* = -------------------------------------------------------------------------- = */
@@ -181,16 +180,22 @@ else if ($req_tx = "mod_escrow")
 
     if ($mod_type == "STE1")													// 상태변경 타입이 [배송요청]인 경우
     {
-        $c_PayPlus->mf_set_modx_data( "deli_numb",   $_POST[ "deli_numb" ] );   // 운송장 번호
-        $c_PayPlus->mf_set_modx_data( "deli_corp",   $_POST[ "deli_corp" ] );   // 택배 업체명
+        $post_deli_numb = isset($_POST['deli_numb']) ? $_POST['deli_numb'] : '';
+        $post_deli_corp = isset($_POST['deli_corp']) ? $_POST['deli_corp'] : '';
+
+        $c_PayPlus->mf_set_modx_data( "deli_numb",   $post_deli_numb );   // 운송장 번호
+        $c_PayPlus->mf_set_modx_data( "deli_corp",   $post_deli_corp );   // 택배 업체명
     }
     else if ($mod_type == "STE2" || $mod_type == "STE4") // 상태변경 타입이 [즉시취소] 또는 [취소]인 계좌이체, 가상계좌의 경우
     {
         if ($vcnt_yn == "Y")
         {
-            $c_PayPlus->mf_set_modx_data( "refund_account",   $_POST[ "refund_account" ] );      // 환불수취계좌번호
-            $c_PayPlus->mf_set_modx_data( "refund_nm",        $_POST[ "refund_nm"      ] );      // 환불수취계좌주명
-            $c_PayPlus->mf_set_modx_data( "bank_code",        $_POST[ "bank_code"      ] );      // 환불수취은행코드
+            $post_refund_account = isset($_POST['refund_account']) ? $_POST['refund_account'] : '';
+            $post_refund_nm = isset($_POST['refund_nm']) ? $_POST['refund_nm'] : '';
+            $post_bank_code = isset($_POST['bank_code']) ? $_POST['bank_code'] : '';
+            $c_PayPlus->mf_set_modx_data( "refund_account",   $post_refund_account );      // 환불수취계좌번호
+            $c_PayPlus->mf_set_modx_data( "refund_nm",        $post_refund_nm );      // 환불수취계좌주명
+            $c_PayPlus->mf_set_modx_data( "bank_code",        $post_bank_code );      // 환불수취은행코드
         }
     }
 }
@@ -368,5 +373,4 @@ if ( $req_tx == "pay" )
 
 /* = -------------------------------------------------------------------------- = */
 /* =   05. 승인 결과 처리 END                                                   = */
-/* ============================================================================== */
-?>
\ No newline at end of file
+/* ============================================================================== */;
\ No newline at end of file
diff --git a/shop/kcp/pp_ax_hub_cancel.php b/shop/kcp/pp_ax_hub_cancel.php
index 1eb48f533..535216a68 100644
--- a/shop/kcp/pp_ax_hub_cancel.php
+++ b/shop/kcp/pp_ax_hub_cancel.php
@@ -75,5 +75,4 @@ if ( $req_tx == "pay" )
 /* ============================================================================== */
 
 // locale 설정 초기화
-setlocale(LC_CTYPE, '');
-?>
\ No newline at end of file
+setlocale(LC_CTYPE, '');
\ No newline at end of file
diff --git a/shop/kcp/pp_ax_hub_lib.php b/shop/kcp/pp_ax_hub_lib.php
index 4c7940e68..bfe5ec7e1 100644
--- a/shop/kcp/pp_ax_hub_lib.php
+++ b/shop/kcp/pp_ax_hub_lib.php
@@ -238,11 +238,12 @@
     /* -------------------------------------------------------------------- */
     function  mf_get_res_data( $name )
     {
-      return  $this->m_res_data[ $name ];
+      return isset($this->m_res_data[ $name ]) ? $this->m_res_data[ $name ] : '';
     }
 
     function  mf_get_payx_data()
     {
+      $my_data = '';
       if ( $this->m_payx_common != "" || $this->m_payx_card != "" )
       {
         $my_data  = "payx_data=";
@@ -283,7 +284,7 @@
 
       $exec_cmd = array_shift( $arg );
 
-      while ( list(,$i) = each($arg) )
+      foreach((array) $arg as $key=>$i)
       {
         $exec_cmd .= " " . escapeshellarg( $i );
       }
@@ -292,5 +293,4 @@
 
       return  $rt;
     }
-  }
-?>
\ No newline at end of file
+  }
\ No newline at end of file
diff --git a/shop/kcp/pp_cli_hub.php b/shop/kcp/pp_cli_hub.php
index e73fcb5d6..a7362823f 100644
--- a/shop/kcp/pp_cli_hub.php
+++ b/shop/kcp/pp_cli_hub.php
@@ -387,5 +387,4 @@ setlocale(LC_CTYPE, 'ko_KR.euc-kr');
 
 <?php
 // locale 설정 초기화
-setlocale(LC_CTYPE, '');
-?>
\ No newline at end of file
+setlocale(LC_CTYPE, '');
\ No newline at end of file
diff --git a/shop/kcp/pp_cli_hub_lib.php b/shop/kcp/pp_cli_hub_lib.php
index 1cf11f609..58fb2d13d 100644
--- a/shop/kcp/pp_cli_hub_lib.php
+++ b/shop/kcp/pp_cli_hub_lib.php
@@ -287,5 +287,4 @@ class   C_PAYPLUS_CLI_T
 
       return  $rt;
     }
-}
-?>
+}
\ No newline at end of file
diff --git a/shop/kcp/pp_cli_result.php b/shop/kcp/pp_cli_result.php
index b0d299018..f5a7c19fc 100644
--- a/shop/kcp/pp_cli_result.php
+++ b/shop/kcp/pp_cli_result.php
@@ -28,48 +28,48 @@ require_once(G5_SHOP_PATH.'/settle_kcp.inc.php');
     /* ============================================================================== */
     /* =   지불 결과                                                                = */
     /* = -------------------------------------------------------------------------- = */
-    $req_tx     = $_POST[ "req_tx"     ];                             // 요청 종류
-    $bSucc      = $_POST[ "bSucc"      ];                             // DB처리 여부
-    $trad_time  = $_POST[ "trad_time"  ];                             // 원거래 시각
+    $req_tx     = isset($_POST["req_tx"]) ? $_POST["req_tx"] : '';                             // 요청 종류
+    $bSucc      = isset($_POST["bSucc"]) ? $_POST["bSucc"] : '';                             // DB처리 여부
+    $trad_time  = isset($_POST["trad_time"]) ? $_POST["trad_time"] : '';                             // 원거래 시각
     /* = -------------------------------------------------------------------------- = */
-    $ordr_idxx  = $_POST[ "ordr_idxx"  ];                             // 주문번호
-    $buyr_name  = $_POST[ "buyr_name"  ];                             // 주문자 이름
-    $buyr_tel1  = $_POST[ "buyr_tel1"  ];                             // 주문자 전화번호
-    $buyr_mail  = $_POST[ "buyr_mail"  ];                             // 주문자 메일
-    $good_name  = $_POST[ "good_name"  ];                             // 주문상품명
-    $comment    = $_POST[ "comment"    ];                             // 비고
+    $ordr_idxx  = isset($_POST["ordr_idxx"]) ? $_POST["ordr_idxx"] : '';                             // 주문번호
+    $buyr_name  = isset($_POST["buyr_name"]) ? $_POST["buyr_name"] : '';                             // 주문자 이름
+    $buyr_tel1  = isset($_POST["buyr_tel1"]) ? $_POST["buyr_tel1"] : '';                             // 주문자 전화번호
+    $buyr_mail  = isset($_POST["buyr_mail"]) ? $_POST["buyr_mail"] : '';                             // 주문자 메일
+    $good_name  = isset($_POST["good_name"]) ? $_POST["good_name"] : '';                             // 주문상품명
+    $comment    = isset($_POST["comment"]) ? $_POST["comment"] : '';                             // 비고
     /* = -------------------------------------------------------------------------- = */
-    $corp_type     = $_POST[ "corp_type"      ];                      // 사업장 구분
-    $corp_tax_type = $_POST[ "corp_tax_type"  ];                      // 과세/면세 구분
-    $corp_tax_no   = $_POST[ "corp_tax_no"    ];                      // 발행 사업자 번호
-    $corp_nm       = $_POST[ "corp_nm"        ];                      // 상호
-    $corp_owner_nm = $_POST[ "corp_owner_nm"  ];                      // 대표자명
-    $corp_addr     = $_POST[ "corp_addr"      ];                      // 사업장 주소
-    $corp_telno    = $_POST[ "corp_telno"     ];                      // 사업장 대표 연락처
+    $corp_type     = isset($_POST["corp_type"]) ? $_POST["corp_type"] : '';                      // 사업장 구분
+    $corp_tax_type = isset($_POST["corp_tax_type"]) ? $_POST["corp_tax_type"] : '';                      // 과세/면세 구분
+    $corp_tax_no   = isset($_POST["corp_tax_no"]) ? $_POST["corp_tax_no"] : '';                      // 발행 사업자 번호
+    $corp_nm       = isset($_POST["corp_nm"]) ? $_POST["corp_nm"] : '';                      // 상호
+    $corp_owner_nm = isset($_POST["corp_owner_nm"]) ? $_POST["corp_owner_nm"] : '';                      // 대표자명
+    $corp_addr     = isset($_POST["corp_addr"]) ? $_POST["corp_addr"] : '';                      // 사업장 주소
+    $corp_telno    = isset($_POST["corp_telno"]) ? $_POST["corp_telno"] : '';                      // 사업장 대표 연락처
     /* = -------------------------------------------------------------------------- = */
-    $tr_code    = $_POST[ "tr_code"    ];                             // 발행용도
-    $id_info    = $_POST[ "id_info"    ];                             // 신분확인 ID
-    $amt_tot    = $_POST[ "amt_tot"    ];                             // 거래금액 총 합
-    $amt_sup    = $_POST[ "amt_sup"    ];                             // 공급가액
-    $amt_svc    = $_POST[ "amt_svc"    ];                             // 봉사료
-    $amt_tax    = $_POST[ "amt_tax"    ];                             // 부가가치세
+    $tr_code    = isset($_POST["tr_code"]) ? $_POST["tr_code"] : '';                             // 발행용도
+    $id_info    = isset($_POST["id_info"]) ? $_POST["id_info"] : '';                             // 신분확인 ID
+    $amt_tot    = isset($_POST["amt_tot"]) ? $_POST["amt_tot"] : '';                             // 거래금액 총 합
+    $amt_sup    = isset($_POST["amt_sup"]) ? $_POST["amt_sup"] : '';                             // 공급가액
+    $amt_svc    = isset($_POST["amt_svc"]) ? $_POST["amt_svc"] : '';                             // 봉사료
+    $amt_tax    = isset($_POST["amt_tax"]) ? $_POST["amt_tax"] : '';                             // 부가가치세
     /* = -------------------------------------------------------------------------- = */
-    $pay_type      = $_POST[ "pay_type"       ];                      // 결제 서비스 구분
-    $pay_trade_no  = $_POST[ "pay_trade_no"   ];                      // 결제 거래번호
+    $pay_type      = isset($_POST["pay_type"]) ? $_POST["pay_type"] : '';                      // 결제 서비스 구분
+    $pay_trade_no  = isset($_POST["pay_trade_no"]) ? $_POST["pay_trade_no"] : '';                      // 결제 거래번호
     /* = -------------------------------------------------------------------------- = */
-    $mod_type   = $_POST[ "mod_type"   ];                             // 변경 타입
-    $mod_value  = $_POST[ "mod_value"  ];                             // 변경 요청 거래번호
-    $mod_gubn   = $_POST[ "mod_gubn"   ];                             // 변경 요청 거래번호 구분
-    $mod_mny    = $_POST[ "mod_mny"    ];                             // 변경 요청 금액
-    $rem_mny    = $_POST[ "rem_mny"    ];                             // 변경처리 이전 금액
+    $mod_type   = isset($_POST["mod_type"]) ? $_POST["mod_type"] : '';                             // 변경 타입
+    $mod_value  = isset($_POST["mod_value"]) ? $_POST["mod_value"] : '';                             // 변경 요청 거래번호
+    $mod_gubn   = isset($_POST["mod_gubn"]) ? $_POST["mod_gubn"] : '';                             // 변경 요청 거래번호 구분
+    $mod_mny    = isset($_POST["mod_mny"]) ? $_POST["mod_mny"] : '';                             // 변경 요청 금액
+    $rem_mny    = isset($_POST["rem_mny"]) ? $_POST["rem_mny"] : '';                             // 변경처리 이전 금액
     /* = -------------------------------------------------------------------------- = */
-    $res_cd     = clean_xss_tags(strip_tags($_POST[ "res_cd"     ]));                             // 응답코드
-    $res_msg    = clean_xss_tags(strip_tags($_POST[ "res_msg"    ]));                             // 응답메시지
-    $cash_no    = clean_xss_tags(strip_tags($_POST[ "cash_no"    ]));                             // 현금영수증 거래번호
-    $receipt_no = clean_xss_tags(strip_tags($_POST[ "receipt_no" ]));                             // 현금영수증 승인번호
-    $app_time   = clean_xss_tags(strip_tags($_POST[ "app_time"   ]));                             // 승인시간(YYYYMMDDhhmmss)
-    $reg_stat   = clean_xss_tags(strip_tags($_POST[ "reg_stat"   ]));                             // 등록 상태 코드
-    $reg_desc   = clean_xss_tags(strip_tags($_POST[ "reg_desc"   ]));                             // 등록 상태 설명
+    $res_cd     = isset($_POST["res_cd"]) ? clean_xss_tags(strip_tags($_POST["res_cd"])) : '';                             // 응답코드
+    $res_msg    = isset($_POST["res_msg"]) ? clean_xss_tags(strip_tags($_POST["res_msg"])) : '';                             // 응답메시지
+    $cash_no    = isset($_POST["cash_no"]) ? clean_xss_tags(strip_tags($_POST["cash_no"])) : '';                             // 현금영수증 거래번호
+    $receipt_no = isset($_POST["receipt_no"]) ? clean_xss_tags(strip_tags($_POST["receipt_no"])) : '';                             // 현금영수증 승인번호
+    $app_time   = isset($_POST["app_time"]) ? clean_xss_tags(strip_tags($_POST["app_time"])) : '';                             // 승인시간(YYYYMMDDhhmmss)
+    $reg_stat   = isset($_POST["reg_stat"]) ? clean_xss_tags(strip_tags($_POST["reg_stat"])) : '';                             // 등록 상태 코드
+    $reg_desc   = isset($_POST["reg_desc"]) ? clean_xss_tags(strip_tags($_POST["reg_desc"])) : '';                             // 등록 상태 설명
     /* ============================================================================== */
 
     $req_tx_name = "";
diff --git a/shop/largeimage.php b/shop/largeimage.php
index 2db98565b..fa48717a6 100644
--- a/shop/largeimage.php
+++ b/shop/largeimage.php
@@ -1,17 +1,17 @@
 <?php
 include_once('./_common.php');
 
+$it_id = isset($_GET['it_id']) ? get_search_string(trim($_GET['it_id'])) : '';
+$no = (isset($_GET['no']) && $_GET['no']) ? (int) $_GET['no'] : 1;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/largeimage.php');
     return;
 }
 
-$it_id = get_search_string(trim($_GET['it_id']));
-$no = (isset($_GET['no']) && $_GET['no']) ? (int) $_GET['no'] : 1;
-
 $row = get_shop_item($it_id, true);
 
-if(!$row['it_id'])
+if(! (isset($row['it_id']) && $row['it_id']))
     alert_close('상품정보가 존재하지 않습니다.');
 
 $imagefile = G5_DATA_PATH.'/item/'.$row['it_img'.$no];
@@ -28,5 +28,4 @@ if(is_file($skin))
 else
     echo '<p>'.str_replace(G5_PATH.'/', '', $skin).'파일이 존재하지 않습니다.</p>';
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/lg/_common.php b/shop/lg/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/shop/lg/_common.php
+++ b/shop/lg/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/lg/escrow.register.php b/shop/lg/escrow.register.php
index ddfc11e68..da89b8aad 100644
--- a/shop/lg/escrow.register.php
+++ b/shop/lg/escrow.register.php
@@ -113,5 +113,4 @@ else
     {
         // 비정상처리 되었을때 DB 처리
     }
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/lg/orderform.1.php b/shop/lg/orderform.1.php
index a5d60de52..045938a87 100644
--- a/shop/lg/orderform.1.php
+++ b/shop/lg/orderform.1.php
@@ -67,4 +67,4 @@ function payment_return() {
     }
 }
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/shop/lg/orderform.4.php b/shop/lg/orderform.4.php
index d054abec9..b090a888d 100644
--- a/shop/lg/orderform.4.php
+++ b/shop/lg/orderform.4.php
@@ -1,3 +1,2 @@
 <?php
-if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
-?>
\ No newline at end of file
+if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가;
\ No newline at end of file
diff --git a/shop/lg/orderpartcancel.inc.php b/shop/lg/orderpartcancel.inc.php
index 8057d5359..c7c237437 100644
--- a/shop/lg/orderpartcancel.inc.php
+++ b/shop/lg/orderpartcancel.inc.php
@@ -96,5 +96,4 @@ if ($xpay->TX()) {
     */
 
     alert('결제 부분취소 요청이 실패하였습니다.\\n\\n'.$xpay->Response_Code().' : '.$xpay->Response_Msg());
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/lg/returnurl.php b/shop/lg/returnurl.php
index cbbb4097f..57ebee9c8 100644
--- a/shop/lg/returnurl.php
+++ b/shop/lg/returnurl.php
@@ -28,8 +28,8 @@ $payReqMap = $_SESSION['PAYREQ_MAP'];//결제 요청시, Session에 저장했던
 </head>
 <body onload="setLGDResult()">
 <?php
-  $LGD_RESPCODE = clean_xss_tags(strip_tags($_POST['LGD_RESPCODE']));
-  $LGD_RESPMSG 	= clean_xss_tags(strip_tags($_POST['LGD_RESPMSG']));
+  $LGD_RESPCODE = isset($_POST['LGD_RESPCODE']) ? clean_xss_tags(strip_tags($_POST['LGD_RESPCODE'])) : '';
+  $LGD_RESPMSG 	= isset($_POST['LGD_RESPMSG']) ? clean_xss_tags(strip_tags($_POST['LGD_RESPMSG'])) : '';
   $LGD_PAYKEY	= '';
 
   $payReqMap['LGD_RESPCODE'] = $LGD_RESPCODE;
@@ -40,7 +40,7 @@ $payReqMap = $_SESSION['PAYREQ_MAP'];//결제 요청시, Session에 저장했던
 	  $payReqMap['LGD_PAYKEY'] = $LGD_PAYKEY;
   }
   else{
-	  echo "LGD_RESPCODE:" + $LGD_RESPCODE + " ,LGD_RESPMSG:" + $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가
+	  echo "LGD_RESPCODE:" . $LGD_RESPCODE . " ,LGD_RESPMSG:" . $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가
   }
 ?>
 <form method="post" name="LGD_RETURNINFO" id="LGD_RETURNINFO">
diff --git a/shop/lg/taxsave_result.php b/shop/lg/taxsave_result.php
index b92033a40..41ded6cae 100644
--- a/shop/lg/taxsave_result.php
+++ b/shop/lg/taxsave_result.php
@@ -254,5 +254,4 @@ switch($LGD_PAYTYPE) {
 </div>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/lg/xpay_cancel.php b/shop/lg/xpay_cancel.php
index 46882da54..3160db6b0 100644
--- a/shop/lg/xpay_cancel.php
+++ b/shop/lg/xpay_cancel.php
@@ -14,5 +14,4 @@ if( !$isDBOK ) {
         echo "자동취소가 정상적으로 처리되지 않았습니다.<br>";
     }
     */
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/lg/xpay_request.php b/shop/lg/xpay_request.php
index 385de9a8e..b16b63612 100644
--- a/shop/lg/xpay_request.php
+++ b/shop/lg/xpay_request.php
@@ -88,5 +88,4 @@ $payReqMap['LGD_PAYKEY']                = '';
 
 $_SESSION['PAYREQ_MAP'] = $payReqMap;
 
-die(json_encode(array('LGD_HASHDATA' => $LGD_HASHDATA, 'error' => '')));
-?>
\ No newline at end of file
+die(json_encode(array('LGD_HASHDATA' => $LGD_HASHDATA, 'error' => '')));
\ No newline at end of file
diff --git a/shop/lg/xpay_result.php b/shop/lg/xpay_result.php
index 2553be9d8..c7e1e722d 100644
--- a/shop/lg/xpay_result.php
+++ b/shop/lg/xpay_result.php
@@ -77,12 +77,12 @@ if ($xpay->TX()) {
         $tno             = $xpay->Response('LGD_TID',0);
         $amount          = $xpay->Response('LGD_AMOUNT',0);
         $app_time        = $xpay->Response('LGD_PAYDATE',0);
-        $bank_name       = $xpay->Response('LGD_FINANCENAME',0);
+        $bank_name = $bankname = $xpay->Response('LGD_FINANCENAME',0);
         $depositor       = $xpay->Response('LGD_PAYER',0);
         $account         = $xpay->Response('LGD_FINANCENAME',0).' '.$xpay->Response('LGD_ACCOUNTNUM',0).' '.$xpay->Response('LGD_SAOWNER',0);
         $commid          = $xpay->Response('LGD_FINANCENAME',0);
         $mobile_no       = $xpay->Response('LGD_TELNO',0);
-        $app_no          = $xpay->Response('LGD_FINANCEAUTHNUM',0);
+        $app_no = $od_app_no = $xpay->Response('LGD_FINANCEAUTHNUM',0);
         $card_name       = $xpay->Response('LGD_FINANCENAME',0);
         $pay_type        = $xpay->Response('LGD_PAYTYPE',0);
         $escw_yn         = $xpay->Response('LGD_ESCROWYN',0);
@@ -116,5 +116,4 @@ if ($xpay->TX()) {
     */
 
     alert($xpay->Response_Msg().' 코드 : '.$xpay->Response_Code());
-}
-?>
+}
\ No newline at end of file
diff --git a/shop/list.php b/shop/list.php
index 913d9c19a..7e71e8d14 100644
--- a/shop/list.php
+++ b/shop/list.php
@@ -1,6 +1,9 @@
 <?php
 include_once('./_common.php');
 
+$ca_id = isset($_REQUEST['ca_id']) ? safe_replace_regex($_REQUEST['ca_id'], 'ca_id') : '';
+$skin = isset($_REQUEST['skin']) ? safe_replace_regex($_REQUEST['skin'], 'skin') : '';
+
 // 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
 if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
     $sort='';
@@ -13,7 +16,7 @@ if (G5_IS_MOBILE) {
 
 $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' and ca_use = '1'  ";
 $ca = sql_fetch($sql);
-if (!$ca['ca_id'])
+if (! (isset($ca['ca_id']) && $ca['ca_id']))
     alert('등록된 분류가 없습니다.');
 
 // 테마미리보기 스킨 등의 변수 재설정
@@ -145,15 +148,11 @@ var itemlist_ca_id = "<?php echo $ca_id; ?>";
     {
         echo '<div class="sct_nofile">'.str_replace(G5_PATH.'/', '', $skin_file).' 파일을 찾을 수 없습니다.<br>관리자에게 알려주시면 감사하겠습니다.</div>';
     }
-    ?>
 
-    <?php
-    $qstr1 .= 'ca_id='.$ca_id;
+    $qstr1 = 'ca_id='.$ca_id;
     $qstr1 .='&amp;sort='.$sort.'&amp;sortodr='.$sortodr;
     echo get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr1.'&amp;page=');
-    ?>
 
-    <?php
     // 하단 HTML
     echo '<div id="sct_thtml">'.conv_content($ca['ca_tail_html'], 1).'</div>';
 
@@ -167,5 +166,4 @@ if ($ca['ca_include_tail'] && is_include_path_check($ca['ca_include_tail']))
 else
     include_once(G5_SHOP_PATH.'/_tail.php');
 
-echo "\n<!-- {$ca['ca_skin']} -->\n";
-?>
+echo "\n<!-- {$ca['ca_skin']} -->\n";
\ No newline at end of file
diff --git a/shop/listtype.php b/shop/listtype.php
index 0cfb1f5b6..d0e9fe55c 100644
--- a/shop/listtype.php
+++ b/shop/listtype.php
@@ -2,16 +2,14 @@
 include_once('./_common.php');
 
 // 상품 리스트에서 다른 필드로 정렬을 하려면 아래의 배열 코드에서 해당 필드를 추가하세요.
-if( isset($sort) && ! in_array($sort, array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time')) ){
-    $sort='';
-}
+$sort = (isset($_REQUEST['sort']) && in_array($_REQUEST['sort'], array('it_sum_qty', 'it_price', 'it_use_avg', 'it_use_cnt', 'it_update_time'))) ? $_REQUEST['sort'] : '';
+$type = isset($_REQUEST['type']) ? preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']) : '';
 
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/listtype.php');
     return;
 }
 
-$type = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $_REQUEST['type']);
 if ($type == 1)      $g5['title'] = '히트상품';
 else if ($type == 2) $g5['title'] = '추천상품';
 else if ($type == 3) $g5['title'] = '최신상품';
@@ -28,9 +26,7 @@ $list_row   = $default['de_listtype_list_row'];   // 한 페이지에 몇라인
 
 $img_width  = $default['de_listtype_img_width'];  // 출력이미지 폭
 $img_height = $default['de_listtype_img_height']; // 출력이미지 높이
-?>
 
-<?php
 // 상품 출력순서가 있다면
 $order_by = ' it_order, it_id desc ';
 if ($sort != '')
@@ -38,6 +34,7 @@ if ($sort != '')
 else
     $order_by = 'it_order, it_id desc';
 
+$skin = isset($skin) ? $skin : '';
 if (!$skin || preg_match('#\.+[\\\/]#', $skin))
     $skin = $default['de_listtype_list_skin'];
 else
@@ -82,13 +79,8 @@ else
 {
     echo '<div align="center">'.$skin.' 파일을 찾을 수 없습니다.<br>관리자에게 알려주시면 감사하겠습니다.</div>';
 }
-?>
 
-<?php
 $qstr .= '&amp;type='.$type.'&amp;sort='.$sort;
 echo get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
-?>
 
-<?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/mail/ordermail.mail.php b/shop/mail/ordermail.mail.php
index 6235f593c..06bc1d756 100644
--- a/shop/mail/ordermail.mail.php
+++ b/shop/mail/ordermail.mail.php
@@ -48,7 +48,7 @@ $ft_a_st = 'display:block;padding:30px 0;background:#484848;color:#fff;text-alig
         </table>
         <?php } // end if ?>
 
-        <?php if (count($card_list)) { ?>
+        <?php if (isset($card_list) && is_array($card_list) && $card_list) { ?>
         <table style="<?php echo $cont_st; ?>">
         <caption style="<?php echo $caption_st; ?>">신용카드 결제 확인</caption>
         <colgroup>
diff --git a/shop/mypage.php b/shop/mypage.php
index 099e23f3d..232c2bdd3 100644
--- a/shop/mypage.php
+++ b/shop/mypage.php
@@ -4,6 +4,9 @@ include_once('./_common.php');
 if (!$is_member)
     goto_url(G5_BBS_URL."/login.php?url=".urlencode(G5_SHOP_URL."/mypage.php"));
 
+// 읽지 않은 쪽지수
+$memo_not_read = isset($member['mb_memo_cnt']) ? (int) $member['mb_memo_cnt'] : 0;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/mypage.php');
     return;
@@ -154,5 +157,4 @@ function member_leave()
 <!-- } 마이페이지 끝 -->
 
 <?php
-include_once("./_tail.php");
-?>
\ No newline at end of file
+include_once("./_tail.php");
\ No newline at end of file
diff --git a/shop/naverpay/_common.php b/shop/naverpay/_common.php
index 859215bc0..8274dd7f4 100644
--- a/shop/naverpay/_common.php
+++ b/shop/naverpay/_common.php
@@ -1,4 +1,3 @@
 <?php
 define('_SHOP_', true);
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/naverpay/naverpay_item.php b/shop/naverpay/naverpay_item.php
index f63a4890f..0dffee7d3 100644
--- a/shop/naverpay/naverpay_item.php
+++ b/shop/naverpay/naverpay_item.php
@@ -75,5 +75,4 @@ foreach($itemIds as $it_id) {
 </item>
 <?php
 }
-echo('</response>');
-?>
\ No newline at end of file
+echo('</response>');
\ No newline at end of file
diff --git a/shop/naverpay/naverpay_order.php b/shop/naverpay/naverpay_order.php
index 63789889d..7d98b317a 100644
--- a/shop/naverpay/naverpay_order.php
+++ b/shop/naverpay/naverpay_order.php
@@ -4,27 +4,27 @@ include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');
 
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
+$post_naverpay_form = isset($_POST['naverpay_form']) ? clean_xss_tags($_POST['naverpay_form']) : '';
 
 $is_collect = false;    //착불체크 변수 초기화
 $is_prepay = false;     //선불체크 변수 초기화
 $is_cart = false;       //장바구니 체크 변수 초기화
 
-if($_POST['naverpay_form'] == 'cart.php') {
-    if(!count($_POST['ct_chk']))
+if($post_naverpay_form == 'cart.php') {
+    if(! (isset($_POST['ct_chk']) && is_array($_POST['ct_chk']) && count($_POST['ct_chk'])))
         return_error2json('구매하실 상품을 하나이상 선택해 주십시오.');
 
     $s_cart_id = get_session('ss_cart_id');
-    $fldcnt = count($_POST['it_id']);
+    $fldcnt = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
     $items = array();
 
     for($i=0; $i<$fldcnt; $i++) {
-        $ct_chk = $_POST['ct_chk'][$i];
+        $ct_chk = isset($_POST['ct_chk'][$i]) ? $_POST['ct_chk'][$i] : '';
+        $it_id = isset($_POST['it_id'][$i]) ? preg_replace($pattern, '', $_POST['it_id'][$i]) : '';
 
-        if(!$ct_chk)
+        if(!$ct_chk || !$it_id)
             continue;
 
-        $it_id = preg_replace($pattern, '', $_POST['it_id'][$i]);
-
         // 장바구니 상품
         $sql = " select ct_id, it_id, ct_option, io_id, io_type, ct_qty, ct_send_cost, it_sc_type from {$g5['g5_shop_cart_table']} where od_id = '$s_cart_id' and it_id = '$it_id' and ct_status = '쇼핑' order by ct_id asc ";
         $result = sql_query($sql);
@@ -76,7 +76,7 @@ if( $is_cart && $is_prepay && $is_collect ){
 }
 */
 
-$count = count($_POST['it_id']);
+$count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
 if ($count < 1)
     return_error2json('구매하실 상품을 선택하여 주십시오.');
 
@@ -84,9 +84,9 @@ $itm_ids     = array();
 $sel_options = array();
 $sup_options = array();
 
-if($_POST['naverpay_form'] == 'item.php')
-    $back_uri = shop_item_url($_POST['it_id'][0]);
-else if($_POST['naverpay_form'] == 'cart.php')
+if($post_naverpay_form == 'item.php')
+    $back_uri = isset($_POST['it_id'][0]) ? shop_item_url($_POST['it_id'][0]) : '';
+else if($post_naverpay_form == 'cart.php')
     $back_uri = G5_SHOP_URL.'/cart.php';
 else
     $back_uri = '';
@@ -94,8 +94,10 @@ else
 define('NAVERPAY_BACK_URL', $back_uri);
 
 for($i=0; $i<$count; $i++) {
-    $it_id = preg_replace($pattern, '', $_POST['it_id'][$i]);
-    $opt_count = count($_POST['io_id'][$it_id]);
+    $it_id = isset($_POST['it_id'][$i]) ? preg_replace($pattern, '', $_POST['it_id'][$i]) : '';
+    $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0;
+    
+    if( ! $it_id) continue;
 
     if($opt_count && $_POST['io_type'][$it_id][0] != 0)
         return_error2json('상품의 선택옵션을 선택해 주십시오.');
@@ -107,7 +109,8 @@ for($i=0; $i<$count; $i++) {
 
     // 상품정보
     $it = get_shop_item($it_id, true);
-    if(!$it['it_id'])
+
+    if(! (isset($it['it_id']) && $it['it_id']))
         return_error2json('상품정보가 존재하지 않습니다.');
 
     if(!$it['it_use'] || $it['it_soldout'] || $it['it_tel_inq'])
@@ -148,13 +151,12 @@ for($i=0; $i<$count; $i++) {
     //  재고 검사
     //--------------------------------------------------------
     for($k=0; $k<$opt_count; $k++) {
-        $io_id = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['io_id'][$it_id][$k])));
-        $io_type = (int) $_POST['io_type'][$it_id][$k];
-        $io_value = $_POST['io_value'][$it_id][$k];
-       
+        $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['io_id'][$it_id][$k]))) : '';
+        $io_type = isset($_POST['io_type'][$it_id][$k]) ? (int) $_POST['io_type'][$it_id][$k] : 0;
+        $io_value = isset($_POST['io_value'][$it_id][$k]) ? (int) $_POST['io_value'][$it_id][$k] : 0;
 
         // 재고 구함
-        $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+        $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
         if(!$io_id)
             $it_stock_qty = get_it_stock_qty($it_id);
         else
@@ -170,9 +172,9 @@ for($i=0; $i<$count; $i++) {
     $itm_ids[] = $it_id;
 
     for($k=0; $k<$opt_count; $k++) {
-        $io_id = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['io_id'][$it_id][$k])));
-        $io_type = (int) $_POST['io_type'][$it_id][$k];
-        $io_value = $_POST['io_value'][$it_id][$k];
+        $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['io_id'][$it_id][$k]))) : '';
+        $io_type = isset($_POST['io_type'][$it_id][$k]) ? (int) $_POST['io_type'][$it_id][$k] : 0;
+        $io_value = isset($_POST['io_value'][$it_id][$k]) ? $_POST['io_value'][$it_id][$k] : '';
 
         // 선택옵션정보가 존재하는데 선택된 옵션이 없으면 건너뜀
         if($lst_count && $io_id == '')
@@ -182,8 +184,8 @@ for($i=0; $i<$count; $i++) {
         if($io_id && !$opt_list[$io_type][$io_id]['use'])
             continue;
 
-        $io_price = $opt_list[$io_type][$io_id]['price'];
-        $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+        $io_price = isset($opt_list[$io_type][$io_id]['price']) ? $opt_list[$io_type][$io_id]['price'] : 0;
+        $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
 
         $it_price = get_price($it);
 
@@ -250,6 +252,8 @@ if ($nc_sock) {
     fwrite($nc_sock, "\r\n");
     fwrite($nc_sock, $query."\r\n");
     fwrite($nc_sock, "\r\n");
+    
+    $headers = $bodys = '';
 
     // get header
     while(!feof($nc_sock)) {
@@ -283,5 +287,4 @@ if ($nc_sock) {
 }
 
 if($resultCode == 200)
-    die(json_encode(array('error'=>'', 'ORDER_ID'=>$orderId, 'SHOP_ID'=>$default['de_naverpay_mid'], 'TOTAL_PRICE'=>$totalPrice)));
-?>
\ No newline at end of file
+    die(json_encode(array('error'=>'', 'ORDER_ID'=>$orderId, 'SHOP_ID'=>$default['de_naverpay_mid'], 'TOTAL_PRICE'=>$totalPrice)));
\ No newline at end of file
diff --git a/shop/naverpay/naverpay_wish.php b/shop/naverpay/naverpay_wish.php
index e6afce495..9e62bf486 100644
--- a/shop/naverpay/naverpay_wish.php
+++ b/shop/naverpay/naverpay_wish.php
@@ -3,7 +3,8 @@ include_once('./_common.php');
 include_once(G5_SHOP_PATH.'/settle_naverpay.inc.php');
 include_once(G5_LIB_PATH.'/naverpay.lib.php');
 
-$count = count($_POST['it_id']);
+$count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
 if ($count < 1)
     alert_close('찜하실 상품을 선택하여 주십시오.');
 
@@ -11,11 +12,11 @@ $query = '';
 $item  = '';
 
 for($i=0; $i<$count; $i++) {
-    $it_id = $_POST['it_id'][$i];
+    $it_id = isset($_POST['it_id']) ? $_POST['it_id'][$i] : '';
 
     // 상품정보
     $it = get_shop_item($it_id, true);
-    if(!$it['it_id'])
+    if(! (isset($it['it_id']) && $it['it_id']))
         alert_close('상품정보가 존재하지 않습니다.');
 
     $id          = urlencode($it['it_id']);
@@ -53,6 +54,8 @@ if ($nc_sock) {
     fwrite($nc_sock, $query."\r\n");
     fwrite($nc_sock, "\r\n");
 
+    $headers = $bodys = '';
+
     // get header
     while(!feof($nc_sock)) {
         $header=fgets($nc_sock,4096);
@@ -108,4 +111,4 @@ document.frm.target = "_top";
 document.frm.submit();
 </script>
 </html>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/shop/no_image.gif b/shop/no_image.gif
deleted file mode 100644
index 76410c38d..000000000
Binary files a/shop/no_image.gif and /dev/null differ
diff --git a/shop/orderaddress.php b/shop/orderaddress.php
index 7dd8c938e..24662aeaa 100644
--- a/shop/orderaddress.php
+++ b/shop/orderaddress.php
@@ -4,6 +4,8 @@ include_once('./_common.php');
 if(!$is_member)
     alert_close('회원이시라면 회원로그인 후 이용해 주십시오.');
 
+$ad_id = isset($_REQUEST['ad_id']) ? (int) $_REQUEST['ad_id'] : 0;
+
 if($w == 'd') {
     $sql = " delete from {$g5['g5_shop_order_address_table']} where mb_id = '{$member['mb_id']}' and ad_id = '$ad_id' ";
     sql_query($sql);
@@ -172,5 +174,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/orderaddressupdate.php b/shop/orderaddressupdate.php
index 083cb8160..8fb5a65f6 100644
--- a/shop/orderaddressupdate.php
+++ b/shop/orderaddressupdate.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 if($is_guest)
     die('회원 로그인 후 이용해 주십시오.');
 
-$count = count($_POST['chk']);
+$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
 
 if (!$count) {
     alert('수정하실 항목을 하나이상 선택하세요.');
@@ -14,15 +14,15 @@ if ($is_member && $count) {
     for ($i=0; $i<$count; $i++)
     {
         // 실제 번호를 넘김
-        $k = (int) $_POST['chk'][$i];
-        $ad_id = (int) $_POST['ad_id'][$k];
+        $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
+        $ad_id = isset($_POST['ad_id'][$k]) ? (int) $_POST['ad_id'][$k] : 0;
 
-        $ad_subject = clean_xss_tags($_POST['ad_subject'][$k]);
+        $ad_subject = isset($_POST['ad_subject'][$k]) ? clean_xss_tags($_POST['ad_subject'][$k]) : '';
 
         $sql = " update {$g5['g5_shop_order_address_table']}
                     set ad_subject = '$ad_subject' ";
 
-        if(!empty($_POST['ad_default']) && $ad_id == $_POST['ad_default']) {
+        if(!empty($_POST['ad_default']) && $ad_id === $_POST['ad_default']) {
             sql_query(" update {$g5['g5_shop_order_address_table']} set ad_default = '0' where mb_id = '{$member['mb_id']}' ");
 
             $sql .= ", ad_default = '1' ";
@@ -35,5 +35,4 @@ if ($is_member && $count) {
     }
 }
 
-goto_url(G5_SHOP_URL.'/orderaddress.php');
-?>
\ No newline at end of file
+goto_url(G5_SHOP_URL.'/orderaddress.php');
\ No newline at end of file
diff --git a/shop/ordercoupon.php b/shop/ordercoupon.php
index a363becce..ab5bc4ce3 100644
--- a/shop/ordercoupon.php
+++ b/shop/ordercoupon.php
@@ -4,7 +4,7 @@ include_once('./_common.php');
 if($is_guest)
     exit;
 
-$price = (int)preg_replace('#[^0-9]#', '', $_POST['price']);
+$price = isset($_POST['price']) ? preg_replace('#[^0-9]#', '', $_POST['price']) : 0;
 
 if($price <= 0)
     die('상품금액이 0원이므로 쿠폰을 사용할 수 없습니다.');
diff --git a/shop/ordererrormail.php b/shop/ordererrormail.php
index eca98869c..bb3f9e59a 100644
--- a/shop/ordererrormail.php
+++ b/shop/ordererrormail.php
@@ -22,5 +22,4 @@ $content .= '<p>'.$sql.'</p><p>'.sql_error_info().'<p>error file : '.$_SERVER['S
 // 메일발송
 mailer($od_name, $od_email, $config['cf_admin_email'], $subject, $content, 1);
 
-unset($error);
-?>
\ No newline at end of file
+unset($error);
\ No newline at end of file
diff --git a/shop/orderform.php b/shop/orderform.php
index d056c5782..e7818a322 100644
--- a/shop/orderform.php
+++ b/shop/orderform.php
@@ -7,7 +7,7 @@ add_javascript(G5_POSTCODE_JS, 0);    //다음 주소 js
 // 주문상품 재고체크 js 파일
 add_javascript('<script src="'.G5_JS_URL.'/shop.order.js"></script>', 0);
 
-$sw_direct = preg_replace('/[^a-z0-9_]/i', '', $sw_direct);
+$sw_direct = isset($_REQUEST['sw_direct']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['sw_direct']) : '';
 
 // 모바일 주문인지
 $is_mobile_order = is_mobile();
@@ -35,6 +35,8 @@ $s_cart_id = $tmp_cart_id;
 if($default['de_pg_service'] == 'inicis' || $default['de_inicis_lpay_use'] || $default['de_inicis_kakaopay_use'])
     set_session('ss_order_inicis_id', $od_id);
 
+$tot_price = 0;
+
 $g5['title'] = '주문서 작성';
 
 if(G5_IS_MOBILE)
@@ -59,5 +61,4 @@ if($is_mobile_order) {
 if(G5_IS_MOBILE)
     include_once(G5_MSHOP_PATH.'/_tail.php');
 else
-    include_once(G5_SHOP_PATH.'/_tail.php');
-?>
+    include_once(G5_SHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/shop/orderform.sub.php b/shop/orderform.sub.php
index e2c70a106..db1d0e488 100644
--- a/shop/orderform.sub.php
+++ b/shop/orderform.sub.php
@@ -133,8 +133,8 @@ if($is_kakaopay_use) {
             $sell_price = $sum['price'];
 
             // 쿠폰
+            $cp_button = '';
             if($is_member) {
-                $cp_button = '';
                 $cp_count = 0;
 
                 $sql = " select cp_id
@@ -265,7 +265,7 @@ if($is_kakaopay_use) {
                 <tbody>
                 <tr>
                     <th scope="row"><label for="od_name">이름<strong class="sound_only"> 필수</strong></label></th>
-                    <td><input type="text" name="od_name" value="<?php echo get_text($member['mb_name']); ?>" id="od_name" required class="frm_input required" maxlength="20"></td>
+                    <td><input type="text" name="od_name" value="<?php echo isset($member['mb_name']) ? get_text($member['mb_name']) : ''; ?>" id="od_name" required class="frm_input required" maxlength="20"></td>
                 </tr>
 
                 <?php if (!$is_member) { // 비회원이면 ?>
@@ -338,9 +338,9 @@ if($is_kakaopay_use) {
                 <table>
                 <tbody>
                 <?php
+                $addr_list = '';
                 if($is_member) {
                     // 배송지 이력
-                    $addr_list = '';
                     $sep = chr(30);
 
                     // 주문자와 동일
@@ -353,7 +353,7 @@ if($is_kakaopay_use) {
                                 where mb_id = '{$member['mb_id']}'
                                   and ad_default = '1' ";
                     $row = sql_fetch($sql);
-                    if($row['ad_id']) {
+                    if(isset($row['ad_id']) && $row['ad_id']) {
                         $val1 = $row['ad_name'].$sep.$row['ad_tel'].$sep.$row['ad_hp'].$sep.$row['ad_zip1'].$sep.$row['ad_zip2'].$sep.$row['ad_addr1'].$sep.$row['ad_addr2'].$sep.$row['ad_addr3'].$sep.$row['ad_jibeon'].$sep.$row['ad_subject'];
                         $addr_list .= '<input type="radio" name="ad_sel_addr" value="'.get_text($val1).'" id="ad_sel_addr_def">'.PHP_EOL;
                         $addr_list .= '<label for="ad_sel_addr_def">기본배송지</label>'.PHP_EOL;
@@ -849,7 +849,7 @@ $(function() {
         calculate_total_price();
         $("#cp_frm").remove();
         $cp_btn_el.text("변경").focus();
-        if(!$cp_row_el.find(".cp_cancel").size())
+        if(!$cp_row_el.find(".cp_cancel").length)
             $cp_btn_el.after("<button type=\"button\" class=\"cp_cancel\">취소</button>");
     });
 
@@ -916,7 +916,7 @@ $(function() {
         calculate_order_price();
         $("#od_coupon_frm").remove();
         $("#od_coupon_btn").text("변경").focus();
-        if(!$("#od_coupon_cancel").size())
+        if(!$("#od_coupon_cancel").length)
             $("#od_coupon_btn").after("<button type=\"button\" id=\"od_coupon_cancel\" class=\"cp_cancel\">취소</button>");
     });
 
@@ -975,7 +975,7 @@ $(function() {
         calculate_order_price();
         $("#sc_coupon_frm").remove();
         $("#sc_coupon_btn").text("변경").focus();
-        if(!$("#sc_coupon_cancel").size())
+        if(!$("#sc_coupon_cancel").length)
             $("#sc_coupon_btn").after("<button type=\"button\" id=\"sc_coupon_cancel\" class=\"cp_cancel\">취소</button>");
     });
 
@@ -1099,7 +1099,7 @@ function calculate_total_price()
     <?php if($oc_cnt > 0) { ?>
     $("input[name=od_cp_id]").val("");
     $("#od_cp_price").text(0);
-    if($("#od_coupon_cancel").size()) {
+    if($("#od_coupon_cancel").length) {
         $("#od_coupon_btn").text("쿠폰적용");
         $("#od_coupon_cancel").remove();
     }
@@ -1107,7 +1107,7 @@ function calculate_total_price()
     <?php if($sc_cnt > 0) { ?>
     $("input[name=sc_cp_id]").val("");
     $("#sc_cp_price").text(0);
-    if($("#sc_coupon_cancel").size()) {
+    if($("#sc_coupon_cancel").length) {
         $("#sc_coupon_btn").text("쿠폰적용");
         $("#sc_coupon_cancel").remove();
     }
@@ -1196,7 +1196,7 @@ function calculate_tax()
         }
     });
 
-    if($("input[name=od_temp_point]").size())
+    if($("input[name=od_temp_point]").length)
         temp_point = parseInt($("input[name=od_temp_point]").val());
 
     tot_mny += (send_cost + send_cost2 - od_coupon - send_coupon - temp_point);
diff --git a/shop/orderformupdate.php b/shop/orderformupdate.php
index fc7e52dcc..d2c739cd7 100644
--- a/shop/orderformupdate.php
+++ b/shop/orderformupdate.php
@@ -42,6 +42,10 @@ if(!isset($check_tmp['od_other_pay_type'])){
 // 변수 초기화
 $od_other_pay_type = '';
 
+$od_temp_point = isset($_POST['od_temp_point']) ? (int) $_POST['od_temp_point'] : 0;
+$od_hope_date = isset($_POST['od_hope_date']) ? clean_xss_tags($_POST['od_hope_date'], 1, 1) : '';
+$ad_default = ! empty($_POST['ad_default']) ? (int) $_POST['ad_default'] : 0;
+
 $error = "";
 // 장바구니 상품 재고 검사
 $sql = " select it_id,
@@ -79,12 +83,11 @@ if ($error != "")
     alert($error);
 }
 
-$i_price     = (int)$_POST['od_price'];
-$i_send_cost  = (int)$_POST['od_send_cost'];
-$i_send_cost2  = (int)$_POST['od_send_cost2'];
-$i_send_coupon  = abs((int)$_POST['od_send_coupon']);
-$i_temp_point = (int)$_POST['od_temp_point'];
-
+$i_price     = isset($_POST['od_price']) ? (int) $_POST['od_price'] : 0;
+$i_send_cost  = isset($_POST['od_send_cost']) ? (int) $_POST['od_send_cost'] : 0;
+$i_send_cost2  = isset($_POST['od_send_cost2']) ? (int) $_POST['od_send_cost2'] : 0;
+$i_send_coupon  = isset($_POST['od_send_coupon']) ? abs((int) $_POST['od_send_coupon']) : 0;
+$i_temp_point = isset($_POST['od_temp_point']) ? (int) $_POST['od_temp_point'] : 0;
 
 // 주문금액이 상이함
 $sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as od_price,
@@ -96,15 +99,14 @@ $cart_count = $row['cart_count'];
 $tot_od_price = $tot_ct_price;
 
 // 쿠폰금액계산
-$tot_cp_price = 0;
+$tot_cp_price = $tot_it_cp_price = $tot_od_cp_price = 0;
 if($is_member) {
     // 상품쿠폰
-    $tot_it_cp_price = $tot_od_cp_price = 0;
-    $it_cp_cnt = count($_POST['cp_id']);
+    $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     $arr_it_cp_prc = array();
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = $_POST['cp_id'][$i];
-        $it_id = $_POST['it_id'][$i];
+        $cid = isset($_POST['cp_id'][$i]) ? clean_xss_tags($_POST['cp_id'][$i], 1, 1) : '';
+        $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
         $sql = " select cp_id, cp_method, cp_target, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '$cid'
@@ -113,7 +115,7 @@ if($is_member) {
                       and cp_end >= '".G5_TIME_YMD."'
                       and cp_method IN ( 0, 1 ) ";
         $cp = sql_fetch($sql);
-        if(!$cp['cp_id'])
+        if(! (isset($cp['cp_id']) && $cp['cp_id']))
             continue;
 
         // 사용한 쿠폰인지
@@ -169,7 +171,7 @@ if($is_member) {
     $tot_od_price -= $tot_it_cp_price;
 
     // 주문쿠폰
-    if($_POST['od_cp_id']) {
+    if(isset($_POST['od_cp_id']) && $_POST['od_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$_POST['od_cp_id']}'
@@ -215,7 +217,7 @@ $send_cost = get_sendcost($tmp_cart_id);
 $tot_sc_cp_price = 0;
 if($is_member && $send_cost > 0) {
     // 배송쿠폰
-    if($_POST['sc_cp_id']) {
+    if(isset($_POST['sc_cp_id']) && $_POST['sc_cp_id']) {
         $sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
                     from {$g5['g5_shop_coupon_table']}
                     where cp_id = '{$_POST['sc_cp_id']}'
@@ -259,10 +261,10 @@ $od_b_zip2  = substr($od_b_zip, 3);
 $zipcode = $od_b_zip;
 $sql = " select sc_id, sc_price from {$g5['g5_shop_sendcost_table']} where sc_zip1 <= '$zipcode' and sc_zip2 >= '$zipcode' ";
 $tmp = sql_fetch($sql);
-if(!$tmp['sc_id'])
+if(! (isset($tmp['sc_id']) && $tmp['sc_id']))
     $send_cost2 = 0;
 else
-    $send_cost2 = (int)$tmp['sc_price'];
+    $send_cost2 = (int) $tmp['sc_price'];
 
 if($send_cost2 !== $i_send_cost2){
     if(function_exists('add_order_post_log')) add_order_post_log('추가배송비 최종 계산 Error...');
@@ -347,6 +349,7 @@ else if ($od_settle_case == "가상계좌")
     switch($default['de_pg_service']) {
         case 'lg':
             include G5_SHOP_PATH.'/lg/xpay_result.php';
+            $od_receipt_time = '0000-00-00 00:00:00';
             break;
         case 'inicis':
             include G5_SHOP_PATH.'/inicis/inistdpay_result.php';
@@ -467,6 +470,10 @@ $od_pg = $default['de_pg_service'];
 if($od_settle_case == 'KAKAOPAY')
     $od_pg = 'KAKAOPAY';
 
+$tno = isset($tno) ? $tno : '';
+$od_receipt_time = isset($od_receipt_time) ? $od_receipt_time : '';
+$od_app_no = isset($od_app_no) ? $od_app_no : '';
+
 // 주문금액과 결제금액이 일치하는지 체크
 if($tno) {
     if((int)$order_price !== (int)$pg_price) {
@@ -498,13 +505,13 @@ if($tno) {
 if ($is_member)
     $od_pwd = $member['mb_password'];
 else
-    $od_pwd = get_encrypt_string($_POST['od_pwd']);
+    $od_pwd = isset($_POST['od_pwd']) ? get_encrypt_string($_POST['od_pwd']) : get_encrypt_string(mt_rand());
 
 // 주문번호를 얻는다.
 $od_id = get_session('ss_order_id');
 
 $od_escrow = 0;
-if($escw_yn == 'Y')
+if(isset($escw_yn) && $escw_yn === 'Y')
     $od_escrow = 1;
 
 // 복합과세 금액
@@ -512,9 +519,9 @@ $od_tax_mny = round($i_price / 1.1);
 $od_vat_mny = $i_price - $od_tax_mny;
 $od_free_mny = 0;
 if($default['de_tax_flag_use']) {
-    $od_tax_mny = (int)$_POST['comm_tax_mny'];
-    $od_vat_mny = (int)$_POST['comm_vat_mny'];
-    $od_free_mny = (int)$_POST['comm_free_mny'];
+    $od_tax_mny = isset($_POST['comm_tax_mny']) ? (int) $_POST['comm_tax_mny'] : 0;
+    $od_vat_mny = isset($_POST['comm_vat_mny']) ? (int) $_POST['comm_vat_mny'] : 0;
+    $od_free_mny = isset($_POST['comm_free_mny']) ? (int) $_POST['comm_free_mny'] : 0;
 }
 
 $od_email         = get_email_address($od_email);
@@ -687,11 +694,11 @@ $od_memo = nl2br(htmlspecialchars2(stripslashes($od_memo))) . "&nbsp;";
 
 // 쿠폰사용내역기록
 if($is_member) {
-    $it_cp_cnt = count($_POST['cp_id']);
+    $it_cp_cnt = (isset($_POST['cp_id']) && is_array($_POST['cp_id'])) ? count($_POST['cp_id']) : 0;
     for($i=0; $i<$it_cp_cnt; $i++) {
-        $cid = $_POST['cp_id'][$i];
-        $cp_it_id = $_POST['it_id'][$i];
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
+        $cid = isset($_POST['cp_id'][$i]) ? clean_xss_tags($_POST['cp_id'][$i], 1, 1) : '';
+        $cp_it_id = isset($_POST['it_id'][$i]) ? clean_xss_tags($_POST['it_id'][$i], 1, 1) : '';
+        $cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;
 
         if(trim($cid)) {
             $sql = " insert into {$g5['g5_shop_coupon_log_table']}
@@ -704,7 +711,6 @@ if($is_member) {
         }
 
         // 쿠폰사용금액 cart에 기록
-        $cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
         $sql = " update {$g5['g5_shop_cart_table']}
                     set cp_price = '$cp_prc'
                     where od_id = '$od_id'
@@ -715,7 +721,7 @@ if($is_member) {
         sql_query($sql);
     }
 
-    if($_POST['od_cp_id']) {
+    if(isset($_POST['od_cp_id']) && $_POST['od_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$_POST['od_cp_id']}',
                         mb_id       = '{$member['mb_id']}',
@@ -725,7 +731,7 @@ if($is_member) {
         sql_query($sql);
     }
 
-    if($_POST['sc_cp_id']) {
+    if(isset($_POST['sc_cp_id']) && $_POST['sc_cp_id']) {
         $sql = " insert into {$g5['g5_shop_coupon_log_table']}
                     set cp_id       = '{$_POST['sc_cp_id']}',
                         mb_id       = '{$member['mb_id']}',
@@ -878,9 +884,9 @@ if($is_member) {
         sql_query($sql);
     }
 
-    $ad_subject = clean_xss_tags($ad_subject);
+    $ad_subject = isset($_POST['ad_subject']) ? clean_xss_tags($_POST['ad_subject']) : '';
 
-    if($row['ad_id']){
+    if(isset($row['ad_id']) && $row['ad_id']){
         $sql = " update {$g5['g5_shop_order_address_table']}
                       set ad_default = '$ad_default',
                           ad_subject = '$ad_subject',
@@ -908,7 +914,6 @@ if($is_member) {
 
 goto_url(G5_SHOP_URL.'/orderinquiryview.php?od_id='.$od_id.'&amp;uid='.$uid);
 ?>
-
 <html>
     <head>
         <title>주문정보 기록</title>
diff --git a/shop/orderinquiry.php b/shop/orderinquiry.php
index 485f871cf..28a137fad 100644
--- a/shop/orderinquiry.php
+++ b/shop/orderinquiry.php
@@ -9,8 +9,9 @@ if (G5_IS_MOBILE) {
 define("_ORDERINQUIRY_", true);
 
 $order_info = array();
-$request_pwd = $od_pwd;
-$od_pwd = get_encrypt_string($od_pwd);
+$request_pwd = isset($_POST['od_pwd']) ? $_POST['od_pwd'] : '';
+$od_pwd = get_encrypt_string($request_pwd);
+$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
 // 회원인 경우
 if ($is_member)
@@ -94,5 +95,4 @@ include_once('./_head.php');
 <!-- } 주문 내역 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/orderinquiry.sub.php b/shop/orderinquiry.sub.php
index 909fb3440..6dbc58955 100644
--- a/shop/orderinquiry.sub.php
+++ b/shop/orderinquiry.sub.php
@@ -66,7 +66,6 @@ if(defined('G5_THEME_SHOP_PATH')) {
 
     <tr>
         <td>
-            <input type="hidden" name="ct_id[<?php echo $i; ?>]" value="<?php echo $row['ct_id']; ?>">
             <a href="<?php echo G5_SHOP_URL; ?>/orderinquiryview.php?od_id=<?php echo $row['od_id']; ?>&amp;uid=<?php echo $uid; ?>"><?php echo $row['od_id']; ?></a>
         </td>
         <td><?php echo substr($row['od_time'],2,14); ?> (<?php echo get_yoil($row['od_time']); ?>)</td>
diff --git a/shop/orderinquirycancel.php b/shop/orderinquirycancel.php
index 9342ccb38..c2c549211 100644
--- a/shop/orderinquirycancel.php
+++ b/shop/orderinquirycancel.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
+
 // 세션에 저장된 토큰과 폼으로 넘어온 토큰을 비교하여 틀리면 에러
 if ($token && get_session("ss_token") == $token) {
     // 맞으면 세션을 지워 다시 입력폼을 통해서 들어오도록 한다.
@@ -12,7 +14,7 @@ if ($token && get_session("ss_token") == $token) {
 
 $od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' and mb_id = '{$member['mb_id']}' ");
 
-if (!$od['od_id']) {
+if (! (isset($od['od_id']) && $od['od_id'])) {
     alert("존재하는 주문이 아닙니다.");
 }
 
@@ -155,5 +157,4 @@ sql_query($sql);
 if ($od['od_receipt_point'] > 0)
     insert_point($member['mb_id'], $od['od_receipt_point'], "주문번호 $od_id 본인 취소");
 
-goto_url(G5_SHOP_URL."/orderinquiryview.php?od_id=$od_id&amp;uid=$uid");
-?>
\ No newline at end of file
+goto_url(G5_SHOP_URL."/orderinquiryview.php?od_id=$od_id&amp;uid=$uid");
\ No newline at end of file
diff --git a/shop/orderinquiryview.php b/shop/orderinquiryview.php
index b2c4c7ffb..9437c1b3d 100644
--- a/shop/orderinquiryview.php
+++ b/shop/orderinquiryview.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-$od_id = isset($od_id) ? preg_replace('/[^A-Za-z0-9\-_]/', '', strip_tags($od_id)) : 0;
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
 
 if( isset($_GET['ini_noti']) && !isset($_GET['uid']) ){
     goto_url(G5_SHOP_URL.'/orderinquiry.php');
@@ -16,11 +16,14 @@ if (!$is_member) {
         alert("직접 링크로는 주문서 조회가 불가합니다.\\n\\n주문조회 화면을 통하여 조회하시기 바랍니다.", G5_SHOP_URL);
 }
 
+$tot_point = 0;
+
 $sql = "select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
 if($is_member && !$is_admin)
     $sql .= " and mb_id = '{$member['mb_id']}' ";
 $od = sql_fetch($sql);
-if (!$od['od_id'] || (!$is_member && md5($od['od_id'].$od['od_time'].$od['od_ip']) != get_session('ss_orderview_uid'))) {
+
+if (! (isset($od['od_id']) && $od['od_id']) || (!$is_member && md5($od['od_id'].$od['od_time'].$od['od_ip']) != get_session('ss_orderview_uid'))) {
     alert("조회하실 주문서가 없습니다.", G5_SHOP_URL);
 }
 
@@ -765,5 +768,4 @@ function fcancel_check(f)
 </script>
 
 <?php
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/orderitemcoupon.php b/shop/orderitemcoupon.php
index 5111a6778..2759bd04b 100644
--- a/shop/orderitemcoupon.php
+++ b/shop/orderitemcoupon.php
@@ -6,8 +6,8 @@ if($is_guest)
 
 // 상품정보
 $pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#';
-$it_id  = preg_replace($pattern, '', $_POST['it_id']);
-$sw_direct = $_POST['sw_direct'];
+$it_id  = isset($_POST['it_id']) ? preg_replace($pattern, '', $_POST['it_id']) : '';
+$sw_direct = isset($_POST['sw_direct']) ? clean_xss_tags($_POST['sw_direct'], 1, 1) : '';
 $it = get_shop_item($it_id, true);
 
 // 상품 총 금액
diff --git a/shop/ordermail1.inc.php b/shop/ordermail1.inc.php
index ed2604ff3..2f98cf532 100644
--- a/shop/ordermail1.inc.php
+++ b/shop/ordermail1.inc.php
@@ -78,5 +78,4 @@ if ($od_send_cost)
 
 // 추가배송비가 있다면 총계에 더한다
 if ($od_send_cost2)
-    $ttotal_price += $od_send_cost2;
-?>
\ No newline at end of file
+    $ttotal_price += $od_send_cost2;
\ No newline at end of file
diff --git a/shop/ordermail2.inc.php b/shop/ordermail2.inc.php
index d5ab9c677..c1e1abe5d 100644
--- a/shop/ordermail2.inc.php
+++ b/shop/ordermail2.inc.php
@@ -90,5 +90,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
 
     mailer($config['cf_admin_email_name'], $config['cf_admin_email'],  $row['it_sell_email'], $subject, $content, 1);
 }
-//==============================================================================
-?>
\ No newline at end of file
+//==============================================================================;
\ No newline at end of file
diff --git a/shop/ordersendcost.php b/shop/ordersendcost.php
index 71643bbd2..9bb445f28 100644
--- a/shop/ordersendcost.php
+++ b/shop/ordersendcost.php
@@ -1,7 +1,7 @@
 <?php
 include_once('./_common.php');
 
-$code = preg_replace('#[^0-9]#', '', $_POST['zipcode']);
+$code = isset($_POST['zipcode']) ? preg_replace('#[^0-9]#', '', $_POST['zipcode']) : '';
 
 if(!$code)
     die('0');
@@ -12,8 +12,7 @@ $sql = " select sc_id, sc_price
               and sc_zip2 >= '$code' ";
 $row = sql_fetch($sql);
 
-if(!$row['sc_id'])
+if(! (isset($row['sc_id']) && $row['sc_id']))
     die('0');
 
-die($row['sc_price']);
-?>
\ No newline at end of file
+die($row['sc_price']);
\ No newline at end of file
diff --git a/shop/ordersendcostcoupon.php b/shop/ordersendcostcoupon.php
index 131c4a790..2766058a1 100644
--- a/shop/ordersendcostcoupon.php
+++ b/shop/ordersendcostcoupon.php
@@ -4,8 +4,8 @@ include_once('./_common.php');
 if($is_guest)
     exit;
 
-$price = preg_replace('#[^0-9]#', '', $_POST['price']);
-$send_cost = preg_replace('#[^0-9]#', '', $_POST['send_cost']);
+$price = isset($_POST['price']) ? preg_replace('#[^0-9]#', '', $_POST['price']) : 0;
+$send_cost = isset($_POST['send_cost']) ? preg_replace('#[^0-9]#', '', $_POST['send_cost']) : 0;
 
 // 쿠폰정보
 $sql = " select *
diff --git a/shop/personalpay.php b/shop/personalpay.php
index 21e2cf95e..ecc03702a 100644
--- a/shop/personalpay.php
+++ b/shop/personalpay.php
@@ -68,5 +68,4 @@ include_once('./_head.php');
 <!-- } 상품 목록 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/personalpayform.php b/shop/personalpayform.php
index 539dbb0d8..462daabfd 100644
--- a/shop/personalpayform.php
+++ b/shop/personalpayform.php
@@ -1,13 +1,15 @@
 <?php
 include_once('./_common.php');
 
+$pp_id = isset($_REQUEST['pp_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_id']) : 0;
+
 // 모바일 주문인지
 $is_mobile_pay = is_mobile();
 
 $sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$pp_id' and pp_use = '1' and pp_price > 0 ";
 $pp = sql_fetch($sql);
 
-if(!$pp['pp_id'])
+if(! (isset($pp['pp_id']) && $pp['pp_id']))
     alert('개인결제 정보가 존재하지 않습니다.');
 
 if($pp['pp_tno'])
@@ -56,5 +58,4 @@ if($is_mobile_pay) {
 if(G5_IS_MOBILE)
     include_once(G5_MSHOP_PATH.'/_tail.php');
 else
-    include_once(G5_SHOP_PATH.'/_tail.php');
-?>
\ No newline at end of file
+    include_once(G5_SHOP_PATH.'/_tail.php');
\ No newline at end of file
diff --git a/shop/personalpayformupdate.php b/shop/personalpayformupdate.php
index a5a7c15d5..30d61c621 100644
--- a/shop/personalpayformupdate.php
+++ b/shop/personalpayformupdate.php
@@ -2,21 +2,26 @@
 include_once('./_common.php');
 include_once(G5_LIB_PATH.'/mailer.lib.php');
 
-if($default['de_pg_service'] == 'lg' && !$_POST['LGD_PAYKEY'])
+$pp_id = $_POST['pp_id'] = isset($_POST['pp_id']) ? preg_replace('/[^0-9]/', '', $_POST['pp_id']) : 0;
+$good_mny = $_POST['good_mny'] = isset($_POST['good_mny']) ? preg_replace('/[^0-9]/', '', $_POST['good_mny']) : 0;
+$post_lgd_paykey = isset($_POST['LGD_PAYKEY']) ? $_POST['LGD_PAYKEY'] : '';
+$pp_deposit_name = '';
+
+if($default['de_pg_service'] == 'lg' && ! $post_lgd_paykey)
     alert('결제등록 요청 후 결제해 주십시오.');
 
 // 개인결제 정보
 $pp_check = false;
-$sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id']}' and pp_use = '1' ";
+$sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' and pp_use = '1' ";
 $pp = sql_fetch($sql);
-if(!$pp['pp_id'])
+if(! (isset($pp['pp_id']) && $pp['pp_id']))
     alert('개인결제 정보가 존재하지 않습니다.');
 
 if($pp['pp_tno'])
     alert('이미 결제하신 개인결제 내역입니다.');
 
-$hash_data = md5($_POST['pp_id'].$_POST['good_mny'].$pp['pp_time']);
-if($_POST['pp_id'] != get_session('ss_personalpay_id') || $hash_data != get_session('ss_personalpay_hash'))
+$hash_data = md5($pp_id.$good_mny.$pp['pp_time']);
+if($pp_id != get_session('ss_personalpay_id') || $hash_data != get_session('ss_personalpay_hash'))
     die('개인결제 정보가 올바르지 않습니다.');
 
 
diff --git a/shop/personalpayresult.php b/shop/personalpayresult.php
index 76d4ee56a..b01625b7b 100644
--- a/shop/personalpayresult.php
+++ b/shop/personalpayresult.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$pp_id = isset($_REQUEST['pp_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_id']) : 0;
+
 if (G5_IS_MOBILE) {
     include_once(G5_MSHOP_PATH.'/personalpayresult.php');
     return;
@@ -8,7 +10,7 @@ if (G5_IS_MOBILE) {
 
 $sql = "select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$pp_id' ";
 $pp = sql_fetch($sql);
-if (!$pp['pp_id'] || (md5($pp['pp_id'].$pp['pp_time'].$_SERVER['REMOTE_ADDR']) != get_session('ss_personalpay_uid'))) {
+if (! (isset($pp['pp_id']) && $pp['pp_id']) || (md5($pp['pp_id'].$pp['pp_time'].$_SERVER['REMOTE_ADDR']) != get_session('ss_personalpay_uid'))) {
     alert("조회하실 개인결제 내역이 없습니다.", G5_SHOP_URL);
 }
 
@@ -315,5 +317,4 @@ if($pp['pp_pg'] == 'lg') {
 <!-- } 개인결제상세내역 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/price/_common.php b/shop/price/_common.php
index 03a3ab6aa..c7ed3c4ee 100644
--- a/shop/price/_common.php
+++ b/shop/price/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
+include_once('../../common.php');
\ No newline at end of file
diff --git a/shop/price/daum.php b/shop/price/daum.php
index d18b1d545..974190a3c 100644
--- a/shop/price/daum.php
+++ b/shop/price/daum.php
@@ -143,5 +143,4 @@ echo iconv('utf-8', 'euc-kr', $str);
 $content = ob_get_contents();
 ob_end_clean();
 
-echo $content;
-?>
\ No newline at end of file
+echo $content;
\ No newline at end of file
diff --git a/shop/price/daum_summary.php b/shop/price/daum_summary.php
index d80a79866..33ba7029c 100644
--- a/shop/price/daum_summary.php
+++ b/shop/price/daum_summary.php
@@ -150,5 +150,4 @@ echo iconv('utf-8', 'euc-kr', $str);
 $content = ob_get_contents();
 ob_end_clean();
 
-echo $content;
-?>
\ No newline at end of file
+echo $content;
\ No newline at end of file
diff --git a/shop/price/naver.php b/shop/price/naver.php
index acf69adaa..1164957d5 100644
--- a/shop/price/naver.php
+++ b/shop/price/naver.php
@@ -87,5 +87,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
 $content = ob_get_contents();
 ob_end_clean();
 
-echo $content;
-?>
\ No newline at end of file
+echo $content;
\ No newline at end of file
diff --git a/shop/price/naver_summary.php b/shop/price/naver_summary.php
index c4feac56e..d06f303be 100644
--- a/shop/price/naver_summary.php
+++ b/shop/price/naver_summary.php
@@ -97,5 +97,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
 $content = ob_get_contents();
 ob_end_clean();
 
-echo $content;
-?>
\ No newline at end of file
+echo $content;
\ No newline at end of file
diff --git a/shop/search.php b/shop/search.php
index 44ff5b504..c2861eca2 100644
--- a/shop/search.php
+++ b/shop/search.php
@@ -151,5 +151,4 @@ if(!file_exists($search_skin)) {
     include_once($search_skin);
 }
 
-include_once('./_tail.php');
-?>
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/settle_inicis.inc.php b/shop/settle_inicis.inc.php
index 1c6842828..3bbb711c4 100644
--- a/shop/settle_inicis.inc.php
+++ b/shop/settle_inicis.inc.php
@@ -1,6 +1,8 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
+$useescrow = '';
+
 if ($default['de_card_test']) {
     if ($default['de_escrow_use'] == 1) {
         // 에스크로결제 테스트
@@ -143,5 +145,4 @@ $PAY_METHOD = array(
     'DirectBank' => '계좌이체',
     'HPP'        => '휴대폰',
     'VBank'      => '가상계좌'
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/shop/settle_inicis_common.php b/shop/settle_inicis_common.php
index 807cd69ce..2b9356253 100644
--- a/shop/settle_inicis_common.php
+++ b/shop/settle_inicis_common.php
@@ -178,5 +178,4 @@ if( $PG_IP == "203.238.37.3" || $PG_IP == "203.238.37.15" || $PG_IP == "203.238.
 
 //*************************************************************************************
 
-}
-?>
+}
\ No newline at end of file
diff --git a/shop/settle_kakaopay.inc.php b/shop/settle_kakaopay.inc.php
index b4e23e78c..7c2c2bd5a 100644
--- a/shop/settle_kakaopay.inc.php
+++ b/shop/settle_kakaopay.inc.php
@@ -5,5 +5,4 @@ $is_kakaopay_use = false;
 if($default['de_kakaopay_enckey']) {
     $is_kakaopay_use = true;
     require_once(G5_SHOP_PATH.'/kakaopay/incKakaopayCommon.php');
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/shop/settle_kcp.inc.php b/shop/settle_kcp.inc.php
index 0dd137be9..76344cbdb 100644
--- a/shop/settle_kcp.inc.php
+++ b/shop/settle_kcp.inc.php
@@ -65,5 +65,4 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
 $g_conf_site_name = $default['de_admin_company_name'];
 $g_conf_log_level = '3';           // 변경불가
 $g_conf_gw_port   = '8090';        // 포트번호(변경불가)
-$module_type      = '01';          // 변경불가
-?>
+$module_type      = '01';          // 변경불가;
\ No newline at end of file
diff --git a/shop/settle_kcp_common.php b/shop/settle_kcp_common.php
index 28789d32e..523a716dd 100644
--- a/shop/settle_kcp_common.php
+++ b/shop/settle_kcp_common.php
@@ -56,11 +56,11 @@ if(!$default['de_card_test']) {
     /* ============================================================================== */
     /* =   02. 공통 통보 데이터 받기                                                = */
     /* = -------------------------------------------------------------------------- = */
-    $site_cd      = $_POST [ "site_cd"  ];                 // 사이트 코드
-    $tno          = $_POST [ "tno"      ];                 // KCP 거래번호
-    $order_no     = $_POST [ "order_no" ];                 // 주문번호
-    $tx_cd        = $_POST [ "tx_cd"    ];                 // 업무처리 구분 코드
-    $tx_tm        = $_POST [ "tx_tm"    ];                 // 업무처리 완료 시간
+    $site_cd      = isset($_POST["site_cd"]) ? $_POST["site_cd"] : '';                 // 사이트 코드
+    $tno          = isset($_POST["tno"]) ? $_POST["tno"] : '';                 // KCP 거래번호
+    $order_no     = isset($_POST["order_no"]) ? $_POST["order_no"] : '';                 // 주문번호
+    $tx_cd        = isset($_POST["tx_cd"]) ? $_POST["tx_cd"] : '';                 // 업무처리 구분 코드
+    $tx_tm        = isset($_POST["tx_tm"]) ? $_POST["tx_tm"] : '';                 // 업무처리 완료 시간
     /* = -------------------------------------------------------------------------- = */
     $ipgm_name    = "";                                    // 주문자명
     $remitter     = "";                                    // 입금자명
@@ -85,13 +85,13 @@ if(!$default['de_card_test']) {
     /* = -------------------------------------------------------------------------- = */
     if ( $tx_cd == "TX00" )
     {
-        $ipgm_name = $_POST[ "ipgm_name" ];                // 주문자명
-        $remitter  = $_POST[ "remitter"  ];                // 입금자명
-        $ipgm_mnyx = $_POST[ "ipgm_mnyx" ];                // 입금 금액
-        $bank_code = $_POST[ "bank_code" ];                // 은행코드
-        $account   = $_POST[ "account"   ];                // 가상계좌 입금계좌번호
-        $op_cd     = $_POST[ "op_cd"     ];                // 처리구분 코드
-        $noti_id   = $_POST[ "noti_id"   ];                // 통보 아이디
+        $ipgm_name = isset($_POST["ipgm_name"]) ? $_POST["ipgm_name"] : '';                // 주문자명
+        $remitter  = isset($_POST["remitter"]) ? $_POST["remitter"] : '';                // 입금자명
+        $ipgm_mnyx = isset($_POST["ipgm_mnyx"]) ? $_POST["ipgm_mnyx"] : '';                // 입금 금액
+        $bank_code = isset($_POST["bank_code"]) ? $_POST["bank_code"] : '';                // 은행코드
+        $account   = isset($_POST["account"]) ? $_POST["account"] : '';                // 가상계좌 입금계좌번호
+        $op_cd     = isset($_POST["op_cd"]) ? $_POST["op_cd"] : '';                // 처리구분 코드
+        $noti_id   = isset($_POST["noti_id"]) ? $_POST["noti_id"] : '';                // 통보 아이디
     }
 
     /* = -------------------------------------------------------------------------- = */
@@ -99,9 +99,9 @@ if(!$default['de_card_test']) {
     /* = -------------------------------------------------------------------------- = */
     else if ( $tx_cd == "TX01" )
     {
-        $refund_nm  = $_POST[ "refund_nm"  ];              // 환불계좌주명
-        $refund_mny = $_POST[ "refund_mny" ];              // 환불금액
-        $bank_code  = $_POST[ "bank_code"  ];              // 은행코드
+        $refund_nm  = isset($_POST["refund_nm"]) ? $_POST["refund_nm"] : '';              // 환불계좌주명
+        $refund_mny = isset($_POST["refund_mny"]) ? $_POST["refund_mny"] : '';              // 환불금액
+        $bank_code  = isset($_POST["bank_code"]) ? $_POST["bank_code"] : '';              // 은행코드
     }
 
     /* = -------------------------------------------------------------------------- = */
@@ -109,11 +109,11 @@ if(!$default['de_card_test']) {
     /* = -------------------------------------------------------------------------- = */
     else if ( $tx_cd == "TX02" )
     {
-        $st_cd = $_POST[ "st_cd" ];                        // 구매확인 코드
+        $st_cd = isset($_POST["st_cd"]) ? $_POST["st_cd"] : '';                        // 구매확인 코드
 
         if ( $st_cd == "N" )                               // 구매확인 상태가 구매취소인 경우
         {
-            $can_msg = $_POST[ "can_msg" ];                // 구매취소 사유
+            $can_msg = isset($_POST["can_msg"]) ? $_POST["can_msg"] : '';                // 구매취소 사유
         }
     }
 
@@ -122,8 +122,8 @@ if(!$default['de_card_test']) {
     /* = -------------------------------------------------------------------------- = */
     else if ( $tx_cd == "TX03" )
     {
-        $waybill_no   = $_POST[ "waybill_no"   ];          // 운송장 번호
-        $waybill_corp = $_POST[ "waybill_corp" ];          // 택배 업체명
+        $waybill_no   = isset($_POST["waybill_no"]) ? $_POST["waybill_no"] : '';          // 운송장 번호
+        $waybill_corp = isset($_POST["waybill_corp"]) ? $_POST["waybill_corp"] : '';          // 택배 업체명
     }
     /* ============================================================================== */
 
diff --git a/shop/settle_lg.inc.php b/shop/settle_lg.inc.php
index c941ace1b..59951f62a 100644
--- a/shop/settle_lg.inc.php
+++ b/shop/settle_lg.inc.php
@@ -50,5 +50,4 @@ $configPath             = G5_LGXPAY_PATH.'/lgdacom';
 /*
  * 가상계좌(무통장) 결제 연동을 하시는 경우 아래 LGD_CASNOTEURL 을 설정하여 주시기 바랍니다.
  */
-$LGD_CASNOTEURL     = G5_SHOP_URL.'/settle_lg_common.php';
-?>
\ No newline at end of file
+$LGD_CASNOTEURL     = G5_SHOP_URL.'/settle_lg_common.php';
\ No newline at end of file
diff --git a/shop/settle_lg_common.php b/shop/settle_lg_common.php
index dda641812..cc2365782 100644
--- a/shop/settle_lg_common.php
+++ b/shop/settle_lg_common.php
@@ -7,43 +7,43 @@ include_once('./_common.php');
  * 1) 위변조 방지를 위한 hashdata값 검증은 반드시 적용하셔야 합니다.
  *
  */
-$LGD_RESPCODE            = $_POST["LGD_RESPCODE"];             // 응답코드: 0000(성공) 그외 실패
-$LGD_RESPMSG             = $_POST["LGD_RESPMSG"];              // 응답메세지
-$LGD_MID                 = $_POST["LGD_MID"];                  // 상점아이디
-$LGD_OID                 = $_POST["LGD_OID"];                  // 주문번호
-$LGD_AMOUNT              = $_POST["LGD_AMOUNT"];               // 거래금액
-$LGD_TID                 = $_POST["LGD_TID"];                  // LG유플러스에서 부여한 거래번호
-$LGD_PAYTYPE             = $_POST["LGD_PAYTYPE"];              // 결제수단코드
-$LGD_PAYDATE             = $_POST["LGD_PAYDATE"];              // 거래일시(승인일시/이체일시)
-$LGD_HASHDATA            = $_POST["LGD_HASHDATA"];             // 해쉬값
-$LGD_FINANCECODE         = $_POST["LGD_FINANCECODE"];          // 결제기관코드(은행코드)
-$LGD_FINANCENAME         = $_POST["LGD_FINANCENAME"];          // 결제기관이름(은행이름)
-$LGD_ESCROWYN            = $_POST["LGD_ESCROWYN"];             // 에스크로 적용여부
-$LGD_TIMESTAMP           = $_POST["LGD_TIMESTAMP"];            // 타임스탬프
-$LGD_ACCOUNTNUM          = $_POST["LGD_ACCOUNTNUM"];           // 계좌번호(무통장입금)
-$LGD_CASTAMOUNT          = $_POST["LGD_CASTAMOUNT"];           // 입금총액(무통장입금)
-$LGD_CASCAMOUNT          = $_POST["LGD_CASCAMOUNT"];           // 현입금액(무통장입금)
-$LGD_CASFLAG             = $_POST["LGD_CASFLAG"];              // 무통장입금 플래그(무통장입금) - 'R':계좌할당, 'I':입금, 'C':입금취소
-$LGD_CASSEQNO            = $_POST["LGD_CASSEQNO"];             // 입금순서(무통장입금)
-$LGD_CASHRECEIPTNUM      = $_POST["LGD_CASHRECEIPTNUM"];       // 현금영수증 승인번호
-$LGD_CASHRECEIPTSELFYN   = $_POST["LGD_CASHRECEIPTSELFYN"];    // 현금영수증자진발급제유무 Y: 자진발급제 적용, 그외 : 미적용
-$LGD_CASHRECEIPTKIND     = $_POST["LGD_CASHRECEIPTKIND"];      // 현금영수증 종류 0: 소득공제용 , 1: 지출증빙용
-$LGD_PAYER     			 = $_POST["LGD_PAYER"];      			// 입금자명
+$LGD_RESPCODE            = isset($_POST["LGD_RESPCODE"]) ? $_POST["LGD_RESPCODE"] : '';             // 응답코드: 0000(성공) 그외 실패
+$LGD_RESPMSG             = isset($_POST["LGD_RESPMSG"]) ? $_POST["LGD_RESPMSG"] : '';              // 응답메세지
+$LGD_MID                 = isset($_POST["LGD_MID"]) ? $_POST["LGD_MID"] : '';                  // 상점아이디
+$LGD_OID                 = isset($_POST["LGD_OID"]) ? $_POST["LGD_OID"] : '';                  // 주문번호
+$LGD_AMOUNT              = isset($_POST["LGD_AMOUNT"]) ? $_POST["LGD_AMOUNT"] : '';               // 거래금액
+$LGD_TID                 = isset($_POST["LGD_TID"]) ? $_POST["LGD_TID"] : '';                  // LG유플러스에서 부여한 거래번호
+$LGD_PAYTYPE             = isset($_POST["LGD_PAYTYPE"]) ? $_POST["LGD_PAYTYPE"] : '';              // 결제수단코드
+$LGD_PAYDATE             = isset($_POST["LGD_PAYDATE"]) ? $_POST["LGD_PAYDATE"] : '';              // 거래일시(승인일시/이체일시)
+$LGD_HASHDATA            = isset($_POST["LGD_HASHDATA"]) ? $_POST["LGD_HASHDATA"] : '';             // 해쉬값
+$LGD_FINANCECODE         = isset($_POST["LGD_FINANCECODE"]) ? $_POST["LGD_FINANCECODE"] : '';          // 결제기관코드(은행코드)
+$LGD_FINANCENAME         = isset($_POST["LGD_FINANCENAME"]) ? $_POST["LGD_FINANCENAME"] : '';          // 결제기관이름(은행이름)
+$LGD_ESCROWYN            = isset($_POST["LGD_ESCROWYN"]) ? $_POST["LGD_ESCROWYN"] : '';             // 에스크로 적용여부
+$LGD_TIMESTAMP           = isset($_POST["LGD_TIMESTAMP"]) ? $_POST["LGD_TIMESTAMP"] : '';            // 타임스탬프
+$LGD_ACCOUNTNUM          = isset($_POST["LGD_ACCOUNTNUM"]) ? $_POST["LGD_ACCOUNTNUM"] : '';           // 계좌번호(무통장입금)
+$LGD_CASTAMOUNT          = isset($_POST["LGD_CASTAMOUNT"]) ? $_POST["LGD_CASTAMOUNT"] : '';           // 입금총액(무통장입금)
+$LGD_CASCAMOUNT          = isset($_POST["LGD_CASCAMOUNT"]) ? $_POST["LGD_CASCAMOUNT"] : '';           // 현입금액(무통장입금)
+$LGD_CASFLAG             = isset($_POST["LGD_CASFLAG"]) ? $_POST["LGD_CASFLAG"] : '';              // 무통장입금 플래그(무통장입금) - 'R':계좌할당, 'I':입금, 'C':입금취소
+$LGD_CASSEQNO            = isset($_POST["LGD_CASSEQNO"]) ? $_POST["LGD_CASSEQNO"] : '';             // 입금순서(무통장입금)
+$LGD_CASHRECEIPTNUM      = isset($_POST["LGD_CASHRECEIPTNUM"]) ? $_POST["LGD_CASHRECEIPTNUM"] : '';       // 현금영수증 승인번호
+$LGD_CASHRECEIPTSELFYN   = isset($_POST["LGD_CASHRECEIPTSELFYN"]) ? $_POST["LGD_CASHRECEIPTSELFYN"] : '';    // 현금영수증자진발급제유무 Y: 자진발급제 적용, 그외 : 미적용
+$LGD_CASHRECEIPTKIND     = isset($_POST["LGD_CASHRECEIPTKIND"]) ? $_POST["LGD_CASHRECEIPTKIND"] : '';      // 현금영수증 종류 0: 소득공제용 , 1: 지출증빙용
+$LGD_PAYER     			 = isset($_POST["LGD_PAYER"]) ? $_POST["LGD_PAYER"] : '';      			// 입금자명
 
 /*
  * 구매정보
  */
-$LGD_BUYER               = $_POST["LGD_BUYER"];                // 구매자
-$LGD_PRODUCTINFO         = $_POST["LGD_PRODUCTINFO"];          // 상품명
-$LGD_BUYERID             = $_POST["LGD_BUYERID"];              // 구매자 ID
-$LGD_BUYERADDRESS        = $_POST["LGD_BUYERADDRESS"];         // 구매자 주소
-$LGD_BUYERPHONE          = $_POST["LGD_BUYERPHONE"];           // 구매자 전화번호
-$LGD_BUYEREMAIL          = $_POST["LGD_BUYEREMAIL"];           // 구매자 이메일
-$LGD_BUYERSSN            = $_POST["LGD_BUYERSSN"];             // 구매자 주민번호
-$LGD_PRODUCTCODE         = $_POST["LGD_PRODUCTCODE"];          // 상품코드
-$LGD_RECEIVER            = $_POST["LGD_RECEIVER"];             // 수취인
-$LGD_RECEIVERPHONE       = $_POST["LGD_RECEIVERPHONE"];        // 수취인 전화번호
-$LGD_DELIVERYINFO        = $_POST["LGD_DELIVERYINFO"];         // 배송지
+$LGD_BUYER               = isset($_POST["LGD_BUYER"]) ? $_POST["LGD_BUYER"] : '';                // 구매자
+$LGD_PRODUCTINFO         = isset($_POST["LGD_PRODUCTINFO"]) ? $_POST["LGD_PRODUCTINFO"] : '';          // 상품명
+$LGD_BUYERID             = isset($_POST["LGD_BUYERID"]) ? $_POST["LGD_BUYERID"] : '';              // 구매자 ID
+$LGD_BUYERADDRESS        = isset($_POST["LGD_BUYERADDRESS"]) ? $_POST["LGD_BUYERADDRESS"] : '';         // 구매자 주소
+$LGD_BUYERPHONE          = isset($_POST["LGD_BUYERPHONE"]) ? $_POST["LGD_BUYERPHONE"] : '';           // 구매자 전화번호
+$LGD_BUYEREMAIL          = isset($_POST["LGD_BUYEREMAIL"]) ? $_POST["LGD_BUYEREMAIL"] : '';           // 구매자 이메일
+$LGD_BUYERSSN            = isset($_POST["LGD_BUYERSSN"]) ? $_POST["LGD_BUYERSSN"] : '';             // 구매자 주민번호
+$LGD_PRODUCTCODE         = isset($_POST["LGD_PRODUCTCODE"]) ? $_POST["LGD_PRODUCTCODE"] : '';          // 상품코드
+$LGD_RECEIVER            = isset($_POST["LGD_RECEIVER"]) ? $_POST["LGD_RECEIVER"] : '';             // 수취인
+$LGD_RECEIVERPHONE       = isset($_POST["LGD_RECEIVERPHONE"]) ? $_POST["LGD_RECEIVERPHONE"] : '';        // 수취인 전화번호
+$LGD_DELIVERYINFO        = isset($_POST["LGD_DELIVERYINFO"]) ? $_POST["LGD_DELIVERYINFO"] : '';         // 배송지
 
 $LGD_MERTKEY             = $config['cf_lg_mert_key'];          //LG유플러스에서 발급한 상점키로 변경해 주시기 바랍니다.
 
@@ -174,5 +174,4 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면
     $resultMSG = "결제결과 상점 DB처리(LGD_CASNOTEURL) 해쉬값 검증이 실패하였습니다.";
 }
 
-echo $resultMSG;
-?>
+echo $resultMSG;
\ No newline at end of file
diff --git a/shop/settle_naverpay.inc.php b/shop/settle_naverpay.inc.php
index 372e0a897..3fc9dd8b0 100644
--- a/shop/settle_naverpay.inc.php
+++ b/shop/settle_naverpay.inc.php
@@ -145,5 +145,4 @@ function not_buy_nc()
     alert("죄송합니다. 네이버페이로 구매가 불가한 상품입니다.");
     return false;
 }
-//]]></script>'.PHP_EOL;
-?>
\ No newline at end of file
+//]]></script>'.PHP_EOL;
\ No newline at end of file
diff --git a/shop/shop.head.php b/shop/shop.head.php
index 55c167247..5bae5fa2c 100644
--- a/shop/shop.head.php
+++ b/shop/shop.head.php
@@ -1,6 +1,8 @@
 <?php
 if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 
+$q = isset($_GET['q']) ? clean_xss_tags($_GET['q'], 1, 1) : '';
+
 if(defined('G5_THEME_PATH')) {
     require_once(G5_THEME_SHOP_PATH.'/shop.head.php');
     return;
diff --git a/shop/shop.tail.php b/shop/shop.tail.php
index 463087833..a9f1c790e 100644
--- a/shop/shop.tail.php
+++ b/shop/shop.tail.php
@@ -66,5 +66,4 @@ if ($config['cf_analytics']) {
 <!-- } 하단 끝 -->
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/taxsave.php b/shop/taxsave.php
index 362a1aba6..49cbb3df2 100644
--- a/shop/taxsave.php
+++ b/shop/taxsave.php
@@ -1,14 +1,15 @@
 <?php
 include_once('./_common.php');
 
-$g5['title'] = '주문번호 '.$od_id.' 현금영수증 발행';
-include_once(G5_PATH.'/head.sub.php');
+$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
+$tx = isset($_REQUEST['tx']) ? clean_xss_tags($_REQUEST['tx'], 1, 1) : '';
 
 if (!$od_id){
     alert('주문번호가 누락되었습니다.');
 }
 
-$od_id = preg_replace('/[^a-z0-9_-]/i', '', $od_id);
+$g5['title'] = '주문번호 '.$od_id.' 현금영수증 발행';
+include_once(G5_PATH.'/head.sub.php');
 
 if($tx == 'personalpay') {
     $od = sql_fetch(" select * from {$g5['g5_shop_personalpay_table']} where pp_id = '$od_id' ");
@@ -57,5 +58,4 @@ if(!$dir)
 
 include_once(G5_SHOP_PATH.'/'.$dir.'/taxsave_form.php');
 
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/shop/wishlist.php b/shop/wishlist.php
index 372ecd816..cc292844f 100644
--- a/shop/wishlist.php
+++ b/shop/wishlist.php
@@ -42,7 +42,7 @@ include_once('./_head.php');
             $out_cd = '';
             $sql = " select count(*) as cnt from {$g5['g5_shop_item_option_table']} where it_id = '{$row['it_id']}' and io_type = '0' ";
             $tmp = sql_fetch($sql);
-            if($tmp['cnt'])
+            if(isset($tmp['cnt']) && $tmp['cnt'])
                 $out_cd = 'no';
 
             $it_price = get_price($row);
@@ -145,5 +145,4 @@ include_once('./_head.php');
 <!-- } 위시리스트 끝 -->
 
 <?php
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/shop/wishupdate.php b/shop/wishupdate.php
index b460834f7..9b721de7e 100644
--- a/shop/wishupdate.php
+++ b/shop/wishupdate.php
@@ -6,7 +6,7 @@ if (!$is_member)
 
 if ($w == "d")
 {
-    $wi_id = trim($_GET['wi_id']);
+    $wi_id = isset($_GET['wi_id']) ? (int) $_GET['wi_id'] : 0;
 
     $sql = " select mb_id from {$g5['g5_shop_wish_table']} where wi_id = '$wi_id' ";
     $row = sql_fetch($sql);
@@ -21,9 +21,13 @@ if ($w == "d")
 }
 else
 {
+    $it_id = isset($_POST['it_id']) ? $_POST['it_id'] : null;
+
     if(is_array($it_id))
         $it_id = $_POST['it_id'][0];
 
+    $it_id = safe_replace_regex($it_id, 'it_id');
+
     if(!$it_id)
         alert('상품코드가 올바르지 않습니다.', G5_SHOP_URL);
     
@@ -44,15 +48,14 @@ else
               where mb_id = '{$member['mb_id']}' and it_id = '$it_id' ";
     $row = sql_fetch($sql);
 
-    if (!$row['wi_id']) { // 없다면 등록
+    if (! (isset($row['wi_id']) && $row['wi_id'])) { // 없다면 등록
         $sql = " insert {$g5['g5_shop_wish_table']}
                     set mb_id = '{$member['mb_id']}',
                         it_id = '$it_id',
                         wi_time = '".G5_TIME_YMDHIS."',
-                        wi_ip = '$REMOTE_ADDR' ";
+                        wi_ip = '".$_SERVER['REMOTE_ADDR']."' ";
         sql_query($sql);
     }
 }
 
-goto_url('./wishlist.php');
-?>
\ No newline at end of file
+goto_url('./wishlist.php');
\ No newline at end of file
diff --git a/skin/board/basic/style.css b/skin/board/basic/style.css
index 46cb1018e..0cf2d24d8 100644
--- a/skin/board/basic/style.css
+++ b/skin/board/basic/style.css
@@ -19,6 +19,7 @@
 #bo_list .txt_expired {color:#ccc}
 #bo_list tbody tr {border-left:2px solid transparent}
 #bo_list tbody tr:hover {border-left:2px solid #253dbe}
+#bo_list tbody .even td {background:#fbfbfb}
 
 #bo_cate {margin:25px 0}
 #bo_cate h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
@@ -335,4 +336,6 @@ box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1)}
 #bo_w .bo_w_flie .file_wr {position:relative;border:1px solid #ccc;background:#fff;color:#000;vertical-align:middle;border-radius:3px;padding:5px;height:40px;margin:0}
 #bo_w .bo_w_flie .frm_input {margin:10px 0 0}
 #bo_w .bo_w_flie .file_del {position:absolute;top:10px;right:10px;font-size:0.92em;color:#7d7d7d}
-#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
\ No newline at end of file
+#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
+#bo_w .btn_submit {padding:0 20px;font-size:1.167em}
+#bo_w .btn_cancel {border-radius:3px;font-size:1.167em}
\ No newline at end of file
diff --git a/skin/board/basic/view.skin.php b/skin/board/basic/view.skin.php
index 56cf28a20..cbf54f971 100644
--- a/skin/board/basic/view.skin.php
+++ b/skin/board/basic/view.skin.php
@@ -93,8 +93,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
 
             echo "</div>\n";
diff --git a/skin/board/gallery/style.css b/skin/board/gallery/style.css
index a9fe37a5d..763ee44d2 100644
--- a/skin/board/gallery/style.css
+++ b/skin/board/gallery/style.css
@@ -370,4 +370,6 @@ box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1)}
 #bo_w .bo_w_flie .file_wr {position:relative;border:1px solid #ccc;background:#fff;color:#000;vertical-align:middle;border-radius:3px;padding:5px;height:40px;margin:0}
 #bo_w .bo_w_flie .frm_input {margin:10px 0 0}
 #bo_w .bo_w_flie .file_del {position:absolute;top:10px;right:10px;font-size:0.92em;color:#7d7d7d}
-#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
\ No newline at end of file
+#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
+#bo_w .btn_submit {padding:0 20px;font-size:1.167em}
+#bo_w .btn_cancel {border-radius:3px;font-size:1.167em}
\ No newline at end of file
diff --git a/skin/board/gallery/view.skin.php b/skin/board/gallery/view.skin.php
index c5af84d3f..293af3bf1 100644
--- a/skin/board/gallery/view.skin.php
+++ b/skin/board/gallery/view.skin.php
@@ -93,8 +93,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
 
             echo "</div>\n";
diff --git a/skin/connect/basic/connect.skin.php b/skin/connect/basic/connect.skin.php
index 55849443c..b4623f038 100644
--- a/skin/connect/basic/connect.skin.php
+++ b/skin/connect/basic/connect.skin.php
@@ -6,4 +6,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 add_stylesheet('<link rel="stylesheet" href="'.$connect_skin_url.'/style.css">', 0);
 ?>
 
-<?php echo $row['total_cnt'] ?>
+<?php echo $row['total_cnt'];
\ No newline at end of file
diff --git a/skin/member/basic/login_check.skin.php b/skin/member/basic/login_check.skin.php
index 1b182915e..aea2ee5aa 100644
--- a/skin/member/basic/login_check.skin.php
+++ b/skin/member/basic/login_check.skin.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
 
-// 자신만의 코드를 넣어주세요.
-?>
+// 자신만의 코드를 넣어주세요.
\ No newline at end of file
diff --git a/skin/member/basic/register_form_update.tail.skin.php b/skin/member/basic/register_form_update.tail.skin.php
index b16c52a14..97cd044e1 100644
--- a/skin/member/basic/register_form_update.tail.skin.php
+++ b/skin/member/basic/register_form_update.tail.skin.php
@@ -56,5 +56,4 @@ if ($w == "" && $default['de_sms_use1'] && $receive_number)
 }
 //----------------------------------------------------------
 // SMS 문자전송 끝
-//----------------------------------------------------------
-?>
+//----------------------------------------------------------;
\ No newline at end of file
diff --git a/skin/popular/basic/popular.skin.php b/skin/popular/basic/popular.skin.php
index e9e36f12f..353d53302 100644
--- a/skin/popular/basic/popular.skin.php
+++ b/skin/popular/basic/popular.skin.php
@@ -29,7 +29,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_JS_URL.'/owlcarousel/owl.carou
     </div>
 </section>
 
-<?php if ( $list && is_array($list) ) { //게시물이 있다면 ?>
+<?php if (isset($list) && $list && is_array($list)) { //게시물이 있다면 ?>
 <script>
 jQuery(function($){
     
diff --git a/skin/search/basic/search.skin.php b/skin/search/basic/search.skin.php
index ceddef9cc..9ffcff08a 100644
--- a/skin/search/basic/search.skin.php
+++ b/skin/search/basic/search.skin.php
@@ -15,11 +15,11 @@ add_stylesheet('<link rel="stylesheet" href="'.$search_skin_url.'/style.css">',
 
     <label for="sfl" class="sound_only">검색조건</label>
     <select name="sfl" id="sfl">
-        <option value="wr_subject||wr_content"<?php echo get_selected($_GET['sfl'], "wr_subject||wr_content") ?>>제목+내용</option>
-        <option value="wr_subject"<?php echo get_selected($_GET['sfl'], "wr_subject") ?>>제목</option>
-        <option value="wr_content"<?php echo get_selected($_GET['sfl'], "wr_content") ?>>내용</option>
-        <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id") ?>>회원아이디</option>
-        <option value="wr_name"<?php echo get_selected($_GET['sfl'], "wr_name") ?>>이름</option>
+        <option value="wr_subject||wr_content"<?php echo get_selected($sfl, "wr_subject||wr_content") ?>>제목+내용</option>
+        <option value="wr_subject"<?php echo get_selected($sfl, "wr_subject") ?>>제목</option>
+        <option value="wr_content"<?php echo get_selected($sfl, "wr_content") ?>>내용</option>
+        <option value="mb_id"<?php echo get_selected($sfl, "mb_id") ?>>회원아이디</option>
+        <option value="wr_name"<?php echo get_selected($sfl, "wr_name") ?>>이름</option>
     </select>
 
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
diff --git a/skin/shop/basic/boxevent.skin.php b/skin/shop/basic/boxevent.skin.php
index 089b02594..cce361504 100644
--- a/skin/shop/basic/boxevent.skin.php
+++ b/skin/shop/basic/boxevent.skin.php
@@ -74,5 +74,4 @@ if(sql_num_rows($hresult)) {
     </ul>
 </div>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/skin/shop/basic/item.form.skin.php b/skin/shop/basic/item.form.skin.php
index ac4f21214..4f1095fb6 100644
--- a/skin/shop/basic/item.form.skin.php
+++ b/skin/shop/basic/item.form.skin.php
@@ -398,7 +398,7 @@ function fsubmit_check(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
@@ -470,7 +470,7 @@ function fitem_submit(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
diff --git a/skin/shop/basic/itemuse.skin.php b/skin/shop/basic/itemuse.skin.php
index cfe1e67d3..1c796be50 100644
--- a/skin/shop/basic/itemuse.skin.php
+++ b/skin/shop/basic/itemuse.skin.php
@@ -36,7 +36,6 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
         $is_reply_subject = !empty($row['is_reply_subject']) ? conv_subject($row['is_reply_subject'],50,"…") : '';
         $is_reply_content = !empty($row['is_reply_content']) ? get_view_thumbnail(conv_content($row['is_reply_content'], 1), $thumbnail_width) : '';
         $is_time    = substr($row['is_time'], 2, 8);
-        $is_href    = './itemuselist.php?bo_table=itemuse&amp;wr_id='.$row['wr_id'];
 
         $hash = md5($row['is_id'].$row['is_time'].$row['is_ip']);
 
diff --git a/skin/shop/basic/list.sub.skin.php b/skin/shop/basic/list.sub.skin.php
index efe001431..0989cdcbe 100644
--- a/skin/shop/basic/list.sub.skin.php
+++ b/skin/shop/basic/list.sub.skin.php
@@ -9,4 +9,4 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
     <li><button type="button" class="sct_lst_view sct_lst_list"><i class="fa fa-th-list" aria-hidden="true"></i><span class="sound_only">리스트뷰</span></button></li>
     <li><button type="button" class="sct_lst_view sct_lst_gallery"><i class="fa fa-th-large" aria-hidden="true"></i><span class="sound_only">갤러리뷰</span></button></li>
 </ul>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/skin/shop/basic/listcategory.skin.php b/skin/shop/basic/listcategory.skin.php
index ab50fb08e..a7a3b4208 100644
--- a/skin/shop/basic/listcategory.skin.php
+++ b/skin/shop/basic/listcategory.skin.php
@@ -33,4 +33,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 1 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/skin/shop/basic/listcategory2.skin.php b/skin/shop/basic/listcategory2.skin.php
index 1f4501f46..4bfc8735e 100644
--- a/skin/shop/basic/listcategory2.skin.php
+++ b/skin/shop/basic/listcategory2.skin.php
@@ -61,4 +61,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 2 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/skin/shop/basic/listcategory3.skin.php b/skin/shop/basic/listcategory3.skin.php
index dcd7e83b1..6a06aed37 100644
--- a/skin/shop/basic/listcategory3.skin.php
+++ b/skin/shop/basic/listcategory3.skin.php
@@ -32,4 +32,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 3 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/skin/shop/basic/main.20.skin.php b/skin/shop/basic/main.20.skin.php
index f54b93dfb..e6bcf1e5b 100644
--- a/skin/shop/basic/main.20.skin.php
+++ b/skin/shop/basic/main.20.skin.php
@@ -135,7 +135,7 @@ if($i == 0) echo "<p class=\"sct_noitem\">등록된 상품이 없습니다.</p>\
             var $smt = this.find("ul.sct_ul");
             var $smt_a = $smt.find("a");
             var height = 0;
-            var count = $smt.size();
+            var count = $smt.length;
             var c_idx = o_idx = 0;
             var fx = null;
             var el_id = this[0].id;
@@ -266,7 +266,7 @@ $(function() {
 
     // 애니메이션 stop
     $("#btn_smt_<?php echo $this->type; ?> button.sctrl_stop").on("click", function() {
-        if($(this).parent().siblings().find(".sctrl_on").size() > 0) {
+        if($(this).parent().siblings().find(".sctrl_on").length > 0) {
             $(this).parent().siblings().find("span").removeClass("sctrl_on").html("");
             $(this).children().addClass("sctrl_on").html("<b class=\"sound_only\">선택됨</b>");
             var id = $(this).closest(".sctrl").attr("id").replace("btn_", "");
diff --git a/skin/shop/basic/mainbanner.10.skin.php b/skin/shop/basic/mainbanner.10.skin.php
index e6dfa06ec..2e2691b85 100644
--- a/skin/shop/basic/mainbanner.10.skin.php
+++ b/skin/shop/basic/mainbanner.10.skin.php
@@ -134,5 +134,4 @@ jQuery(function($){
 });
 </script>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/skin/shop/basic/personalpay.skin.php b/skin/shop/basic/personalpay.skin.php
index dc67edf7e..c16812194 100644
--- a/skin/shop/basic/personalpay.skin.php
+++ b/skin/shop/basic/personalpay.skin.php
@@ -31,5 +31,4 @@ for ($i=1; $row=sql_fetch_array($result); $i++) {
 
 if ($i > 1) echo "</ul>\n";
 
-if($i == 1) echo "<p class=\"sct_noitem\">등록된 개인결제가 없습니다.</p>\n";
-?>
\ No newline at end of file
+if($i == 1) echo "<p class=\"sct_noitem\">등록된 개인결제가 없습니다.</p>\n";
\ No newline at end of file
diff --git a/tail.php b/tail.php
index f0cac06b7..dd6627238 100644
--- a/tail.php
+++ b/tail.php
@@ -91,5 +91,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH."/tail.sub.php");
-?>
\ No newline at end of file
+include_once(G5_PATH."/tail.sub.php");
\ No newline at end of file
diff --git a/tail.sub.php b/tail.sub.php
index 1d038707b..ec25a8297 100644
--- a/tail.sub.php
+++ b/tail.sub.php
@@ -29,4 +29,4 @@ $(function() {
 
 </body>
 </html>
-<?php echo html_end(); // HTML 마지막 처리 함수 : 반드시 넣어주시기 바랍니다. ?>
\ No newline at end of file
+<?php echo html_end(); // HTML 마지막 처리 함수 : 반드시 넣어주시기 바랍니다.
\ No newline at end of file
diff --git a/theme/basic/_common.php b/theme/basic/_common.php
index bad54a5d7..c7ed3c4ee 100644
--- a/theme/basic/_common.php
+++ b/theme/basic/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../common.php');
-?>
\ No newline at end of file
+include_once('../../common.php');
\ No newline at end of file
diff --git a/theme/basic/group.php b/theme/basic/group.php
index 5a7736c22..34f9f7325 100644
--- a/theme/basic/group.php
+++ b/theme/basic/group.php
@@ -46,5 +46,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 </div>
 <?php
-include_once(G5_THEME_PATH.'/tail.php');
-?>
+include_once(G5_THEME_PATH.'/tail.php');
\ No newline at end of file
diff --git a/theme/basic/head.php b/theme/basic/head.php
index 0f974f2bc..63f27c29f 100644
--- a/theme/basic/head.php
+++ b/theme/basic/head.php
@@ -212,5 +212,4 @@ include_once(G5_LIB_PATH.'/popular.lib.php');
     <div id="container_wr">
    
     <div id="container">
-        <?php if (!defined("_INDEX_")) { ?><h2 id="container_title"><span title="<?php echo get_text($g5['title']); ?>"><?php echo get_head_title($g5['title']); ?></span></h2><?php } ?>
-
+        <?php if (!defined("_INDEX_")) { ?><h2 id="container_title"><span title="<?php echo get_text($g5['title']); ?>"><?php echo get_head_title($g5['title']); ?></span></h2><?php }
\ No newline at end of file
diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php
index 21fd82529..776b9d252 100644
--- a/theme/basic/head.sub.php
+++ b/theme/basic/head.sub.php
@@ -106,5 +106,4 @@ if ($is_member) { // 회원이라면 로그인 중이라는 메세지를 출력
 
     echo '<div id="hd_login_msg">'.$sr_admin_msg.get_text($member['mb_nick']).'님 로그인 중 ';
     echo '<a href="'.G5_BBS_URL.'/logout.php">로그아웃</a></div>';
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/index.php b/theme/basic/index.php
index f52e70c02..c546f54e3 100644
--- a/theme/basic/index.php
+++ b/theme/basic/index.php
@@ -1,5 +1,5 @@
 <?php
-define('_INDEX_', true);
+if (!defined('_INDEX_')) define('_INDEX_', true);
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
 if (G5_IS_MOBILE) {
@@ -69,5 +69,4 @@ include_once(G5_THEME_PATH.'/head.php');
 </div>
 
 <?php
-include_once(G5_THEME_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_THEME_PATH.'/tail.php');
\ No newline at end of file
diff --git a/theme/basic/js/theme.shop.list.js b/theme/basic/js/theme.shop.list.js
index 6236db696..536a35c01 100644
--- a/theme/basic/js/theme.shop.list.js
+++ b/theme/basic/js/theme.shop.list.js
@@ -46,7 +46,7 @@ jQuery(function ($) {
         var id = "";
         var value, info, sel_opt, item, price, stock, run_error = false;
         var option = sep = "";
-        var count = $sel.size();
+        var count = $sel.length;
 
         if(count > 0) {
             $sel.each(function(index) {
@@ -241,7 +241,7 @@ jQuery(function ($) {
     $(document).on("change", "select.it_option", function() {
         var $frm = $(this).closest("form");
         var $sel = $frm.find("select.it_option");
-        var sel_count = $sel.size();
+        var sel_count = $sel.length;
         var idx = $sel.index($(this));
         var val = $(this).val();
         var it_id = $frm.find("input[name='it_id[]']").val();
diff --git a/theme/basic/mobile/_common.php b/theme/basic/mobile/_common.php
index 2ce42a3fc..eaf56278e 100644
--- a/theme/basic/mobile/_common.php
+++ b/theme/basic/mobile/_common.php
@@ -1,3 +1,2 @@
 <?php
-include_once('../../../common.php');
-?>
\ No newline at end of file
+include_once('../../../common.php');
\ No newline at end of file
diff --git a/theme/basic/mobile/group.php b/theme/basic/mobile/group.php
index aa9187851..52474da90 100644
--- a/theme/basic/mobile/group.php
+++ b/theme/basic/mobile/group.php
@@ -31,5 +31,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 
 <?php
-include_once(G5_THEME_MOBILE_PATH.'/tail.php');
-?>
+include_once(G5_THEME_MOBILE_PATH.'/tail.php');
\ No newline at end of file
diff --git a/theme/basic/mobile/head.php b/theme/basic/mobile/head.php
index 2fb0c5a59..7a8c3a5e5 100644
--- a/theme/basic/mobile/head.php
+++ b/theme/basic/mobile/head.php
@@ -188,4 +188,4 @@ include_once(G5_LIB_PATH.'/popular.lib.php');
     	<h2 id="container_title" class="top" title="<?php echo get_text($g5['title']); ?>">
     		<a href="javascript:history.back();"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로가기</span></a> <?php echo get_head_title($g5['title']); ?>
     	</h2>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/index.php b/theme/basic/mobile/index.php
index 6144cdff6..79684bab6 100644
--- a/theme/basic/mobile/index.php
+++ b/theme/basic/mobile/index.php
@@ -32,5 +32,4 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
 <!-- 메인화면 최신글 끝 -->
 
 <?php
-include_once(G5_THEME_MOBILE_PATH.'/tail.php');
-?>
\ No newline at end of file
+include_once(G5_THEME_MOBILE_PATH.'/tail.php');
\ No newline at end of file
diff --git a/theme/basic/mobile/shop/_common.php b/theme/basic/mobile/shop/_common.php
index cb80d260d..c607a69da 100644
--- a/theme/basic/mobile/shop/_common.php
+++ b/theme/basic/mobile/shop/_common.php
@@ -3,5 +3,4 @@ include_once('../../../../common.php');
 
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/theme/basic/mobile/shop/category.php b/theme/basic/mobile/shop/category.php
index 9ee08f71b..28a09dccd 100644
--- a/theme/basic/mobile/shop/category.php
+++ b/theme/basic/mobile/shop/category.php
@@ -145,7 +145,7 @@ jQuery(function ($){
         var $this = $(this);
         $sub_ul = $(this).closest("li").children("ul.sub_cate");
 
-        if($sub_ul.size() > 0) {
+        if($sub_ul.length > 0) {
             var txt = $this.text();
 
             if($sub_ul.is(":visible")) {
diff --git a/theme/basic/mobile/shop/index.php b/theme/basic/mobile/shop/index.php
index 57f992490..95b13a214 100644
--- a/theme/basic/mobile/shop/index.php
+++ b/theme/basic/mobile/shop/index.php
@@ -117,5 +117,4 @@ include_once(G5_THEME_MSHOP_PATH.'/shop.head.php');
 </script>
 
 <?php
-include_once(G5_THEME_MSHOP_PATH.'/shop.tail.php');
-?>
\ No newline at end of file
+include_once(G5_THEME_MSHOP_PATH.'/shop.tail.php');
\ No newline at end of file
diff --git a/theme/basic/mobile/shop/shop.head.php b/theme/basic/mobile/shop/shop.head.php
index 799ce1f44..ba2cabefc 100644
--- a/theme/basic/mobile/shop/shop.head.php
+++ b/theme/basic/mobile/shop/shop.head.php
@@ -1,6 +1,8 @@
 <?php
 if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 
+$q = isset($_GET['q']) ? clean_xss_tags($_GET['q'], 1, 1) : '';
+
 include_once(G5_THEME_PATH.'/head.sub.php');
 include_once(G5_LIB_PATH.'/outlogin.lib.php');
 include_once(G5_LIB_PATH.'/visit.lib.php');
@@ -114,4 +116,4 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
     }
 ?>
 <div id="container" class="<?php echo implode(' ', $container_class); ?>">
-    <?php if ((!$bo_table || $w == 's' ) && !defined('_INDEX_')) { ?><h1 id="container_title"><a href="javascript:history.back()" class="btn_back"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로</span></a> <?php echo $g5['title'] ?></h1><?php } ?>
+    <?php if ((!$bo_table || $w == 's' ) && !defined('_INDEX_')) { ?><h1 id="container_title"><a href="javascript:history.back()" class="btn_back"><i class="fa fa-chevron-left" aria-hidden="true"></i><span class="sound_only">뒤로</span></a> <?php echo $g5['title'] ?></h1><?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/shop/shop.tail.php b/theme/basic/mobile/shop/shop.tail.php
index 238f72b90..db5a86005 100644
--- a/theme/basic/mobile/shop/shop.tail.php
+++ b/theme/basic/mobile/shop/shop.tail.php
@@ -55,5 +55,4 @@ if ($config['cf_analytics']) {
 <script src="<?php echo G5_JS_URL; ?>/sns.js"></script>
 
 <?php
-include_once(G5_THEME_PATH.'/tail.sub.php');
-?>
+include_once(G5_THEME_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/board/basic/view.skin.php b/theme/basic/mobile/skin/board/basic/view.skin.php
index 1810b6f39..f72574070 100644
--- a/theme/basic/mobile/skin/board/basic/view.skin.php
+++ b/theme/basic/mobile/skin/board/basic/view.skin.php
@@ -83,8 +83,8 @@ jQuery(function($){
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
             echo "</div>\n";
 		}
@@ -124,8 +124,8 @@ jQuery(function($){
     </section>
     
     <?php
+    $cnt = 0;
     if ($view['file']['count']) {
-        $cnt = 0;
         for ($i=0; $i<count($view['file']); $i++) {
             if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view'])
                 $cnt++;
diff --git a/theme/basic/mobile/skin/board/basic/view_comment.skin.php b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
index eda34f3fa..8ddd30dd8 100644
--- a/theme/basic/mobile/skin/board/basic/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
@@ -341,4 +341,4 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         });
     });
     </script>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/board/gallery/view.skin.php b/theme/basic/mobile/skin/board/gallery/view.skin.php
index e003a7faf..d75600e81 100644
--- a/theme/basic/mobile/skin/board/gallery/view.skin.php
+++ b/theme/basic/mobile/skin/board/gallery/view.skin.php
@@ -85,8 +85,8 @@ jQuery(function($){
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
             echo "</div>\n";
 		}
@@ -126,8 +126,8 @@ jQuery(function($){
     </section>
     
     <?php
+    $cnt = 0;
     if ($view['file']['count']) {
-        $cnt = 0;
         for ($i=0; $i<count($view['file']); $i++) {
             if (isset($view['file'][$i]['source']) && $view['file'][$i]['source'] && !$view['file'][$i]['view'])
                 $cnt++;
diff --git a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
index eda34f3fa..8ddd30dd8 100644
--- a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
@@ -341,4 +341,4 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
         });
     });
     </script>
-    <?php } ?>
+    <?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/connect/basic/connect.skin.php b/theme/basic/mobile/skin/connect/basic/connect.skin.php
index 96d2da394..d1f695a6c 100644
--- a/theme/basic/mobile/skin/connect/basic/connect.skin.php
+++ b/theme/basic/mobile/skin/connect/basic/connect.skin.php
@@ -5,4 +5,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 add_stylesheet('<link rel="stylesheet" href="'.$connect_skin_url.'/style.css">', 0);
 ?>
-<?php echo $row['total_cnt'] ?>
+<?php echo $row['total_cnt'];
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/member/basic/login_check.skin.php b/theme/basic/mobile/skin/member/basic/login_check.skin.php
index 1b182915e..aea2ee5aa 100644
--- a/theme/basic/mobile/skin/member/basic/login_check.skin.php
+++ b/theme/basic/mobile/skin/member/basic/login_check.skin.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
 
-// 자신만의 코드를 넣어주세요.
-?>
+// 자신만의 코드를 넣어주세요.
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/member/basic/register_form_update.tail.skin.php b/theme/basic/mobile/skin/member/basic/register_form_update.tail.skin.php
index b16c52a14..97cd044e1 100644
--- a/theme/basic/mobile/skin/member/basic/register_form_update.tail.skin.php
+++ b/theme/basic/mobile/skin/member/basic/register_form_update.tail.skin.php
@@ -56,5 +56,4 @@ if ($w == "" && $default['de_sms_use1'] && $receive_number)
 }
 //----------------------------------------------------------
 // SMS 문자전송 끝
-//----------------------------------------------------------
-?>
+//----------------------------------------------------------;
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/member/basic/style.css b/theme/basic/mobile/skin/member/basic/style.css
index 7102aa4b8..208b0df1f 100644
--- a/theme/basic/mobile/skin/member/basic/style.css
+++ b/theme/basic/mobile/skin/member/basic/style.css
@@ -178,7 +178,7 @@
 #mb_login_notmb .chk_box input[type="checkbox"] + label{padding-left:20px}
 #mb_login_notmb h2 {font-size:1.25em;padding:10px;background:#f3f3f3}
 #mb_login_notmb p {border:0;padding:0;margin:10px;color:#}
-#guest_privacy p {border:1px solid #ddd;background:#fff;color:#666;min-height:20px;height:200px;padding:10px;text-align:left;overflow-y:auto;margin:10px 0}
+#guest_privacy {border:1px solid #ccc;text-align:left;line-height:1.6em;color:#666;background:#fafafa;padding:10px;height:200px;margin:10px 0;overflow-y:auto}
 #mb_login_notmb .btn_submit {width:100%;display:block;height:40px;line-height:40px}
 
 #mb_login_od_wr {background:#fff;border-bottom:1px solid #ccc;padding:20px}
diff --git a/theme/basic/mobile/skin/qa/basic/style.css b/theme/basic/mobile/skin/qa/basic/style.css
index 83c9c056d..add0d9d45 100644
--- a/theme/basic/mobile/skin/qa/basic/style.css
+++ b/theme/basic/mobile/skin/qa/basic/style.css
@@ -259,6 +259,7 @@
 #bo_v_ans #ans_msg {padding:40px 0;background:#f2f5f9;text-align:center}
 #bo_v_ans .btn_submit {width:100%;height:40px;border-radius:5px}
 #bo_v_ans .btn_confirm {margin:0 10px}
+#bo_v_ans form{padding:1em}
 
 #bo_v_rel {}
 #bo_v_rel h2 {margin:0 10px 10px;font-size:1.2em}
diff --git a/theme/basic/mobile/skin/qa/basic/view.skin.php b/theme/basic/mobile/skin/qa/basic/view.skin.php
index 9f1bc742b..8b075369a 100644
--- a/theme/basic/mobile/skin/qa/basic/view.skin.php
+++ b/theme/basic/mobile/skin/qa/basic/view.skin.php
@@ -44,8 +44,6 @@ $(".btn_more_opt").on("click", function() {
 	        <h2>페이지 정보</h2>
 	        <span class="sound_only">작성자</span><strong><?php echo $view['name'] ?></strong>
 	        <span class="sound_only">작성일</span><strong><i class="fa fa-clock-o" aria-hidden="true"></i> <?php echo $view['datetime']; ?></strong>
-	    	<span class="sound_only">조회</span><strong><i class="fa fa-eye" aria-hidden="true"></i> <?php echo number_format($view['wr_hit']) ?></strong>
-			<span class="sound_only">댓글</span><strong><i class="fa fa-commenting-o" aria-hidden="true"></i> <?php echo number_format($view['wr_comment']) ?></strong>
 		</div>
 		<?php if($view['email'] || $view['hp']) { ?>
         <div id="bo_v_contact">
diff --git a/theme/basic/mobile/skin/search/basic/search.skin.php b/theme/basic/mobile/skin/search/basic/search.skin.php
index b4db95436..5993c1c10 100644
--- a/theme/basic/mobile/skin/search/basic/search.skin.php
+++ b/theme/basic/mobile/skin/search/basic/search.skin.php
@@ -31,11 +31,11 @@ if ($stx) {
 
         <label for="sfl" class="sound_only">검색조건</label>
         <select name="sfl" id="sfl">
-            <option value="wr_subject||wr_content"<?php echo get_selected($_GET['sfl'], "wr_subject||wr_content") ?>>제목+내용</option>
-            <option value="wr_subject"<?php echo get_selected($_GET['sfl'], "wr_subject") ?>>제목</option>
-            <option value="wr_content"<?php echo get_selected($_GET['sfl'], "wr_content") ?>>내용</option>
-            <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id") ?>>회원아이디</option>
-            <option value="wr_name"<?php echo get_selected($_GET['sfl'], "wr_name") ?>>이름</option>
+            <option value="wr_subject||wr_content"<?php echo get_selected($sfl, "wr_subject||wr_content") ?>>제목+내용</option>
+            <option value="wr_subject"<?php echo get_selected($sfl, "wr_subject") ?>>제목</option>
+            <option value="wr_content"<?php echo get_selected($sfl, "wr_content") ?>>내용</option>
+            <option value="mb_id"<?php echo get_selected($sfl, "mb_id") ?>>회원아이디</option>
+            <option value="wr_name"<?php echo get_selected($sfl, "wr_name") ?>>이름</option>
         </select>
 
         <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
diff --git a/theme/basic/mobile/skin/shop/basic/item.form.skin.php b/theme/basic/mobile/skin/shop/basic/item.form.skin.php
index 164cde7ee..6f36a6a35 100644
--- a/theme/basic/mobile/skin/shop/basic/item.form.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/item.form.skin.php
@@ -492,7 +492,10 @@ $(function(){
         }
     });
    
-    $('#slide-counter').append('<span class="total-slides">'+slider.getSlideCount()+'</span>');
+    try {
+        $('#slide-counter').append('<span class="total-slides">'+slider.getSlideCount()+'</span>');
+    } catch (error) {
+    }
 
     $('a.pager-prev').click(function () {
         var current = slider.getCurrentSlide();
@@ -555,7 +558,7 @@ function fsubmit_check(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
@@ -627,7 +630,7 @@ function fitem_submit(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
diff --git a/theme/basic/mobile/skin/shop/basic/iteminfo.itemqa.skin.php b/theme/basic/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
index ad2ced333..21e622eaf 100644
--- a/theme/basic/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/iteminfo.itemqa.skin.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 //add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">', 0);
 
-goto_url(shop_item_url($it_id).'#sit_qa');
-?>
\ No newline at end of file
+goto_url(shop_item_url($it_id).'#sit_qa');
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/iteminfo.itemuse.skin.php b/theme/basic/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
index ffe20360f..fc9f4947f 100644
--- a/theme/basic/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/iteminfo.itemuse.skin.php
@@ -4,5 +4,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 //add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">', 0);
 
-goto_url(shop_item_url($it_id).'#sit_use');
-?>
\ No newline at end of file
+goto_url(shop_item_url($it_id).'#sit_use');
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/itemuse.skin.php b/theme/basic/mobile/skin/shop/basic/itemuse.skin.php
index 2404cc985..8f6d5e3da 100644
--- a/theme/basic/mobile/skin/shop/basic/itemuse.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/itemuse.skin.php
@@ -30,7 +30,6 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
         $is_reply_subject = !empty($row['is_reply_subject']) ? conv_subject($row['is_reply_subject'],50,"…") : '';
         $is_reply_content = !empty($row['is_reply_content']) ? get_view_thumbnail(conv_content($row['is_reply_content'], 1), $thumbnail_width) : '';
         $is_time    = substr($row['is_time'], 2, 8);
-        $is_href    = './itemuselist.php?bo_table=itemuse&amp;wr_id='.$row['wr_id'];
 
         $hash = md5($row['is_id'].$row['is_time'].$row['is_ip']);
 
diff --git a/theme/basic/mobile/skin/shop/basic/largeimage.skin.php b/theme/basic/mobile/skin/shop/basic/largeimage.skin.php
index e79413f75..3ed05184a 100644
--- a/theme/basic/mobile/skin/shop/basic/largeimage.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/largeimage.skin.php
@@ -73,7 +73,7 @@ function fit_width()
     var sw = $(window).width();
     var $img = $("#sit_pvi_nwbig span img");
 
-    if($img.size() < 1)
+    if($img.length < 1)
         return;
 
     $img.each(function() {
diff --git a/theme/basic/mobile/skin/shop/basic/list.10.skin.php b/theme/basic/mobile/skin/shop/basic/list.10.skin.php
index 608dca290..88885a0ad 100644
--- a/theme/basic/mobile/skin/shop/basic/list.10.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/list.10.skin.php
@@ -186,4 +186,4 @@ jQuery(function($){
 	});
 });
 </script>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/list.best.10.skin.php b/theme/basic/mobile/skin/shop/basic/list.best.10.skin.php
index 2186148fe..a666581bf 100644
--- a/theme/basic/mobile/skin/shop/basic/list.best.10.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/list.best.10.skin.php
@@ -115,7 +115,7 @@ if($this->total_count > 0) {
         var $btns = this.find(""+cfg.buttons+"");
 
         var idx = cfg.startSlide;
-        var count = $slides.size();
+        var count = $slides.length;
         var width, outerW;
 
         if(count < 1)
@@ -179,5 +179,4 @@ $(function() {
 </script>
 
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/listcategory.skin.php b/theme/basic/mobile/skin/shop/basic/listcategory.skin.php
index 18a8d1ee9..7f0213773 100644
--- a/theme/basic/mobile/skin/shop/basic/listcategory.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/listcategory.skin.php
@@ -33,4 +33,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 1 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/main.event.skin.php b/theme/basic/mobile/skin/shop/basic/main.event.skin.php
index 28c174438..800d5a491 100644
--- a/theme/basic/mobile/skin/shop/basic/main.event.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/main.event.skin.php
@@ -77,6 +77,4 @@ $('.sev_slide').bxSlider({
 });
 </script>
 <?php
-}
-?>
-
+}
\ No newline at end of file
diff --git a/theme/basic/mobile/skin/shop/basic/mainbanner.10.skin.php b/theme/basic/mobile/skin/shop/basic/mainbanner.10.skin.php
index 0c74c67df..3d42a32c2 100644
--- a/theme/basic/mobile/skin/shop/basic/mainbanner.10.skin.php
+++ b/theme/basic/mobile/skin/shop/basic/mainbanner.10.skin.php
@@ -114,5 +114,4 @@ jQuery(function($){
 });
 </script>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/mobile/tail.php b/theme/basic/mobile/tail.php
index 6f84f94ca..7910e2512 100644
--- a/theme/basic/mobile/tail.php
+++ b/theme/basic/mobile/tail.php
@@ -79,5 +79,4 @@ jQuery(function($) {
 </script>
 
 <?php
-include_once(G5_THEME_PATH."/tail.sub.php");
-?>
\ No newline at end of file
+include_once(G5_THEME_PATH."/tail.sub.php");
\ No newline at end of file
diff --git a/theme/basic/shop/_common.php b/theme/basic/shop/_common.php
index 495871843..3d77e83c4 100644
--- a/theme/basic/shop/_common.php
+++ b/theme/basic/shop/_common.php
@@ -17,5 +17,4 @@ if (isset($_REQUEST['sortodr']))  {
 if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
     die('<p>쇼핑몰 설치 후 이용해 주십시오.</p>');
 
-define('_SHOP_', true);
-?>
\ No newline at end of file
+define('_SHOP_', true);
\ No newline at end of file
diff --git a/theme/basic/shop/ajax.action.php b/theme/basic/shop/ajax.action.php
index 647f5b80d..0f5f37ff9 100644
--- a/theme/basic/shop/ajax.action.php
+++ b/theme/basic/shop/ajax.action.php
@@ -35,6 +35,7 @@ switch ($action) {
         cart_item_clean();
 
         $s_cart_id = get_session('ss_cart_id');
+        $it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
 
         // 장바구니 상품삭제
         $sql = " delete from {$g5['g5_shop_cart_table']}
@@ -72,14 +73,15 @@ switch ($action) {
             die(json_encode(array('error' => '상품을 구입할 수 있는 권한이 없습니다.')));
         }
 
-        $count = count($_POST['it_id']);
+        $count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
+
         if ($count < 1)
             die(json_encode(array('error' => '장바구니에 담을 상품을 선택하여 주십시오.')));
 
         $ct_count = 0;
         for($i=0; $i<$count; $i++) {
-            $it_id = $_POST['it_id'][$i];
-            $opt_count = count($_POST['io_id'][$it_id]);
+            $it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
+            $opt_count = (isset($_POST['io_id'][$it_id]) && is_array($_POST['io_id'][$it_id])) ? count($_POST['io_id'][$it_id]) : 0;
 
             // 상품정보
             $it = get_shop_item($it_id, false);
@@ -106,7 +108,8 @@ switch ($action) {
                 die(json_encode(array('error' => '상품의 선택옵션을 선택해 주십시오.')));
 
             for($k=0; $k<$opt_count; $k++) {
-                if ($_POST['ct_qty'][$it_id][$k] < 1)
+                $post_ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
+                if ($post_ct_qty < 1)
                     die(json_encode(array('error' => '수량은 1 이상 입력해 주십시오.')));
             }
 
@@ -118,8 +121,10 @@ switch ($action) {
             if($it['it_buy_min_qty'] || $it['it_buy_max_qty']) {
                 $sum_qty = 0;
                 for($k=0; $k<$opt_count; $k++) {
-                    if($_POST['io_type'][$it_id][$k] == 0)
-                        $sum_qty += $_POST['ct_qty'][$it_id][$k];
+                    if(isset($_POST['io_type'][$it_id][$k]) && $_POST['io_type'][$it_id][$k] == 0){
+                        $post_ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
+                        $sum_qty += $post_ct_qty;
+                    }
                 }
 
                 if($it['it_buy_min_qty'] > 0 && $sum_qty < $it['it_buy_min_qty'])
@@ -155,20 +160,21 @@ switch ($action) {
                         VALUES ";
 
             for($k=0; $k<$opt_count; $k++) {
-                $io_id = preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]);
-                $io_type = preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]);
-                $io_value = $_POST['io_value'][$it_id][$k];
+                $io_id = isset($_POST['io_id'][$it_id][$k]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$it_id][$k]) : '';
+                $io_type = isset($_POST['io_type'][$it_id][$k]) ? preg_replace('#[^01]#', '', $_POST['io_type'][$it_id][$k]) : '';
+                $io_value = isset($_POST['io_value'][$it_id][$k]) ? $_POST['io_value'][$it_id][$k] : '';
 
                 // 선택옵션정보가 존재하는데 선택된 옵션이 없으면 건너뜀
                 if($lst_count && $io_id == '')
                     continue;
-
+                
+                $opt_list_type_id_use = isset($opt_list[$io_type][$io_id]['use']) ? $opt_list[$io_type][$io_id]['use'] : '';
                 // 구매할 수 없는 옵션은 건너뜀
-                if($io_id && !$opt_list[$io_type][$io_id]['use'])
+                if($io_id && ! $opt_list_type_id_use)
                     continue;
 
-                $io_price = $opt_list[$io_type][$io_id]['price'];
-                $ct_qty = (int) $_POST['ct_qty'][$it_id][$k];
+                $io_price = isset($opt_list[$io_type][$io_id]['price']) ? $opt_list[$io_type][$io_id]['price'] : 0;
+                $ct_qty = isset($_POST['ct_qty'][$it_id][$k]) ? (int) $_POST['ct_qty'][$it_id][$k] : 0;
 
                 // 구매가격이 음수인지 체크
                 if($io_type) {
@@ -187,7 +193,7 @@ switch ($action) {
                               and io_id = '$io_id'
                               and ct_status = '쇼핑' ";
                 $row2 = sql_fetch($sql2);
-                if($row2['ct_id']) {
+                if(isset($row2['ct_id']) && $row2['ct_id']) {
                     // 재고체크
                     $tmp_ct_qty = $row2['ct_qty'];
                     if(!$io_id)
@@ -219,6 +225,8 @@ switch ($action) {
                     if($point < 0)
                         $point = 0;
                 }
+                
+                $ct_send_cost = 0;
 
                 // 배송비결제
                 if($it['it_sc_type'] == 1)
@@ -308,6 +316,8 @@ switch ($action) {
 
         break;
     case 'wish_update' :
+        
+        $it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
 
         if (!$is_member)
             die('회원 전용 서비스 입니다.');
@@ -325,7 +335,7 @@ switch ($action) {
                   where mb_id = '{$member['mb_id']}' and it_id = '$it_id' ";
         $row = sql_fetch($sql);
 
-        if (!$row['wi_id']) {
+        if (! (isset($row['wi_id']) && $row['wi_id'])) {
             $sql = " insert {$g5['g5_shop_wish_table']}
                         set mb_id = '{$member['mb_id']}',
                             it_id = '$it_id',
@@ -340,5 +350,4 @@ switch ($action) {
 
         break;
     default :
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/shop/index.php b/theme/basic/shop/index.php
index 69f1f6629..3505b3859 100644
--- a/theme/basic/shop/index.php
+++ b/theme/basic/shop/index.php
@@ -125,5 +125,4 @@ $(function(){
 <?php } ?>
 
 <?php
-include_once(G5_THEME_SHOP_PATH.'/shop.tail.php');
-?>
\ No newline at end of file
+include_once(G5_THEME_SHOP_PATH.'/shop.tail.php');
\ No newline at end of file
diff --git a/theme/basic/shop/mypage.php b/theme/basic/shop/mypage.php
index 6bcf0ce2a..7faafd093 100644
--- a/theme/basic/shop/mypage.php
+++ b/theme/basic/shop/mypage.php
@@ -115,6 +115,10 @@ for($k=0; $cp=sql_fetch_array($res); $k++) {
                 for ($i=0; $row = sql_fetch_array($result); $i++)
                 {
                     $image = get_it_image($row['it_id'], 100, 100, true);
+
+                    $sql = " select count(*) as cnt from {$g5['g5_shop_item_option_table']} where it_id = '{$row['it_id']}' and io_type = '0' ";
+                    $tmp = sql_fetch($sql);
+                    $out_cd = (isset($tmp['cnt']) && $tmp['cnt']) ? 'no' : '';
                 ?>
 
                 <li>
@@ -214,5 +218,4 @@ function fwishlist_check(f, act)
 <!-- } 마이페이지 끝 -->
 
 <?php
-include_once("./_tail.php");
-?>
\ No newline at end of file
+include_once("./_tail.php");
\ No newline at end of file
diff --git a/theme/basic/shop/orderinquiryview.php b/theme/basic/shop/orderinquiryview.php
index 691dd6441..7f36520e4 100644
--- a/theme/basic/shop/orderinquiryview.php
+++ b/theme/basic/shop/orderinquiryview.php
@@ -703,5 +703,4 @@ function fcancel_check(f)
 </script>
 
 <?php
-include_once('./_tail.php');
-?>
\ No newline at end of file
+include_once('./_tail.php');
\ No newline at end of file
diff --git a/theme/basic/shop/shop.head.php b/theme/basic/shop/shop.head.php
index 43325afdd..d1c820ca6 100644
--- a/theme/basic/shop/shop.head.php
+++ b/theme/basic/shop/shop.head.php
@@ -1,6 +1,8 @@
 <?php
 if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
 
+$q = isset($_GET['q']) ? clean_xss_tags($_GET['q'], 1, 1) : '';
+
 if(G5_IS_MOBILE) {
     include_once(G5_THEME_MSHOP_PATH.'/shop.head.php');
     return;
diff --git a/theme/basic/shop/shop.tail.php b/theme/basic/shop/shop.tail.php
index 498ddf127..0b6c87549 100644
--- a/theme/basic/shop/shop.tail.php
+++ b/theme/basic/shop/shop.tail.php
@@ -66,5 +66,4 @@ if ($config['cf_analytics']) {
 <!-- } 하단 끝 -->
 
 <?php
-include_once(G5_THEME_PATH.'/tail.sub.php');
-?>
+include_once(G5_THEME_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/theme/basic/skin/board/basic/style.css b/theme/basic/skin/board/basic/style.css
index 46cb1018e..0cf2d24d8 100644
--- a/theme/basic/skin/board/basic/style.css
+++ b/theme/basic/skin/board/basic/style.css
@@ -19,6 +19,7 @@
 #bo_list .txt_expired {color:#ccc}
 #bo_list tbody tr {border-left:2px solid transparent}
 #bo_list tbody tr:hover {border-left:2px solid #253dbe}
+#bo_list tbody .even td {background:#fbfbfb}
 
 #bo_cate {margin:25px 0}
 #bo_cate h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
@@ -335,4 +336,6 @@ box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1)}
 #bo_w .bo_w_flie .file_wr {position:relative;border:1px solid #ccc;background:#fff;color:#000;vertical-align:middle;border-radius:3px;padding:5px;height:40px;margin:0}
 #bo_w .bo_w_flie .frm_input {margin:10px 0 0}
 #bo_w .bo_w_flie .file_del {position:absolute;top:10px;right:10px;font-size:0.92em;color:#7d7d7d}
-#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
\ No newline at end of file
+#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
+#bo_w .btn_submit {padding:0 20px;font-size:1.167em}
+#bo_w .btn_cancel {border-radius:3px;font-size:1.167em}
\ No newline at end of file
diff --git a/theme/basic/skin/board/basic/view.skin.php b/theme/basic/skin/board/basic/view.skin.php
index 56cf28a20..cbf54f971 100644
--- a/theme/basic/skin/board/basic/view.skin.php
+++ b/theme/basic/skin/board/basic/view.skin.php
@@ -93,8 +93,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
 
             echo "</div>\n";
diff --git a/theme/basic/skin/board/gallery/style.css b/theme/basic/skin/board/gallery/style.css
index a9fe37a5d..763ee44d2 100644
--- a/theme/basic/skin/board/gallery/style.css
+++ b/theme/basic/skin/board/gallery/style.css
@@ -370,4 +370,6 @@ box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1)}
 #bo_w .bo_w_flie .file_wr {position:relative;border:1px solid #ccc;background:#fff;color:#000;vertical-align:middle;border-radius:3px;padding:5px;height:40px;margin:0}
 #bo_w .bo_w_flie .frm_input {margin:10px 0 0}
 #bo_w .bo_w_flie .file_del {position:absolute;top:10px;right:10px;font-size:0.92em;color:#7d7d7d}
-#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
\ No newline at end of file
+#bo_w .bo_w_select select {border:1px solid #d0d3db;width:100%;height:40px;border-radius:3px}
+#bo_w .btn_submit {padding:0 20px;font-size:1.167em}
+#bo_w .btn_cancel {border-radius:3px;font-size:1.167em}
\ No newline at end of file
diff --git a/theme/basic/skin/board/gallery/view.skin.php b/theme/basic/skin/board/gallery/view.skin.php
index c5af84d3f..293af3bf1 100644
--- a/theme/basic/skin/board/gallery/view.skin.php
+++ b/theme/basic/skin/board/gallery/view.skin.php
@@ -93,8 +93,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$board_skin_url.'/style.css">', 0
         if($v_img_count) {
             echo "<div id=\"bo_v_img\">\n";
 
-            for ($i=0; $i<=count($view['file']); $i++) {
-                echo get_file_thumbnail($view['file'][$i]);
+            foreach($view['file'] as $view_file) {
+                echo get_file_thumbnail($view_file);
             }
 
             echo "</div>\n";
diff --git a/theme/basic/skin/connect/basic/connect.skin.php b/theme/basic/skin/connect/basic/connect.skin.php
index 55849443c..b4623f038 100644
--- a/theme/basic/skin/connect/basic/connect.skin.php
+++ b/theme/basic/skin/connect/basic/connect.skin.php
@@ -6,4 +6,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 add_stylesheet('<link rel="stylesheet" href="'.$connect_skin_url.'/style.css">', 0);
 ?>
 
-<?php echo $row['total_cnt'] ?>
+<?php echo $row['total_cnt'];
\ No newline at end of file
diff --git a/theme/basic/skin/latest/basic/latest.skin.php b/theme/basic/skin/latest/basic/latest.skin.php
index 78b3fc128..ba7cae909 100644
--- a/theme/basic/skin/latest/basic/latest.skin.php
+++ b/theme/basic/skin/latest/basic/latest.skin.php
@@ -28,7 +28,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             // if ($list[$i]['file']['count']) { echo "<{$list[$i]['file']['count']}>"; }
 
             echo $list[$i]['icon_reply']." ";
-           	if ($list[$i]['icon_file']) echo " <i class=\"fa fa-download\" aria-hidden=\"true\"></i>" ;
+           	if (isset($list[$i]['icon_file']) && $list[$i]['icon_file']) echo " <i class=\"fa fa-download\" aria-hidden=\"true\"></i>" ;
             if ($list[$i]['icon_link']) echo " <i class=\"fa fa-link\" aria-hidden=\"true\"></i>" ;
 
             if ($list[$i]['comment_cnt'])  echo "
diff --git a/theme/basic/skin/latest/pic_list/latest.skin.php b/theme/basic/skin/latest/pic_list/latest.skin.php
index 50ad31951..89700c5c0 100644
--- a/theme/basic/skin/latest/pic_list/latest.skin.php
+++ b/theme/basic/skin/latest/pic_list/latest.skin.php
@@ -20,7 +20,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         if( $i === 0 ) {
             $thumb = get_list_thumbnail($bo_table, $list[$i]['wr_id'], $thumb_width, $thumb_height, false, true);
 
-            if($thumb['src']) {
+            if(isset($thumb['src']) && $thumb['src']) {
                 $img = $thumb['src'];
             } else {
                 $img = G5_IMG_URL.'/no_img.png';
diff --git a/theme/basic/skin/member/basic/login.skin.php b/theme/basic/skin/member/basic/login.skin.php
index 966bc4cce..19e7e01d1 100644
--- a/theme/basic/skin/member/basic/login.skin.php
+++ b/theme/basic/skin/member/basic/login.skin.php
@@ -87,7 +87,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
             <form name="forderinquiry" method="post" action="<?php echo urldecode($url); ?>" autocomplete="off">
 
             <label for="od_id" class="od_id sound_only">주문서번호<strong class="sound_only"> 필수</strong></label>
-            <input type="text" name="od_id" value="<?php echo $od_id; ?>" id="od_id" required class="frm_input required" size="20" placeholder="주문서번호">
+            <input type="text" name="od_id" value="<?php echo get_text($od_id); ?>" id="od_id" required class="frm_input required" size="20" placeholder="주문서번호">
             <label for="od_pwd" class="od_pwd sound_only">비밀번호 <strong>필수</strong></label>
             <input type="password" name="od_pwd" size="20" id="od_pwd" required class="frm_input required" placeholder="비밀번호">
             <button type="submit" class="btn_submit">확인</button>
diff --git a/theme/basic/skin/member/basic/login_check.skin.php b/theme/basic/skin/member/basic/login_check.skin.php
index 1b182915e..aea2ee5aa 100644
--- a/theme/basic/skin/member/basic/login_check.skin.php
+++ b/theme/basic/skin/member/basic/login_check.skin.php
@@ -1,5 +1,4 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 
 
-// 자신만의 코드를 넣어주세요.
-?>
+// 자신만의 코드를 넣어주세요.
\ No newline at end of file
diff --git a/theme/basic/skin/member/basic/register_form_update.tail.skin.php b/theme/basic/skin/member/basic/register_form_update.tail.skin.php
index b16c52a14..97cd044e1 100644
--- a/theme/basic/skin/member/basic/register_form_update.tail.skin.php
+++ b/theme/basic/skin/member/basic/register_form_update.tail.skin.php
@@ -56,5 +56,4 @@ if ($w == "" && $default['de_sms_use1'] && $receive_number)
 }
 //----------------------------------------------------------
 // SMS 문자전송 끝
-//----------------------------------------------------------
-?>
+//----------------------------------------------------------;
\ No newline at end of file
diff --git a/theme/basic/skin/popular/basic/popular.skin.php b/theme/basic/skin/popular/basic/popular.skin.php
index 888fe7a0e..353d53302 100644
--- a/theme/basic/skin/popular/basic/popular.skin.php
+++ b/theme/basic/skin/popular/basic/popular.skin.php
@@ -29,7 +29,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_JS_URL.'/owlcarousel/owl.carou
     </div>
 </section>
 
-<?php if ($list && is_array($list)) { //게시물이 있다면 ?>
+<?php if (isset($list) && $list && is_array($list)) { //게시물이 있다면 ?>
 <script>
 jQuery(function($){
     
diff --git a/theme/basic/skin/search/basic/search.skin.php b/theme/basic/skin/search/basic/search.skin.php
index ceddef9cc..9ffcff08a 100644
--- a/theme/basic/skin/search/basic/search.skin.php
+++ b/theme/basic/skin/search/basic/search.skin.php
@@ -15,11 +15,11 @@ add_stylesheet('<link rel="stylesheet" href="'.$search_skin_url.'/style.css">',
 
     <label for="sfl" class="sound_only">검색조건</label>
     <select name="sfl" id="sfl">
-        <option value="wr_subject||wr_content"<?php echo get_selected($_GET['sfl'], "wr_subject||wr_content") ?>>제목+내용</option>
-        <option value="wr_subject"<?php echo get_selected($_GET['sfl'], "wr_subject") ?>>제목</option>
-        <option value="wr_content"<?php echo get_selected($_GET['sfl'], "wr_content") ?>>내용</option>
-        <option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id") ?>>회원아이디</option>
-        <option value="wr_name"<?php echo get_selected($_GET['sfl'], "wr_name") ?>>이름</option>
+        <option value="wr_subject||wr_content"<?php echo get_selected($sfl, "wr_subject||wr_content") ?>>제목+내용</option>
+        <option value="wr_subject"<?php echo get_selected($sfl, "wr_subject") ?>>제목</option>
+        <option value="wr_content"<?php echo get_selected($sfl, "wr_content") ?>>내용</option>
+        <option value="mb_id"<?php echo get_selected($sfl, "mb_id") ?>>회원아이디</option>
+        <option value="wr_name"<?php echo get_selected($sfl, "wr_name") ?>>이름</option>
     </select>
 
     <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
diff --git a/theme/basic/skin/shop/basic/boxevent.skin.php b/theme/basic/skin/shop/basic/boxevent.skin.php
index 089b02594..cce361504 100644
--- a/theme/basic/skin/shop/basic/boxevent.skin.php
+++ b/theme/basic/skin/shop/basic/boxevent.skin.php
@@ -74,5 +74,4 @@ if(sql_num_rows($hresult)) {
     </ul>
 </div>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/item.form.skin.php b/theme/basic/skin/shop/basic/item.form.skin.php
index ac4f21214..4f1095fb6 100644
--- a/theme/basic/skin/shop/basic/item.form.skin.php
+++ b/theme/basic/skin/shop/basic/item.form.skin.php
@@ -398,7 +398,7 @@ function fsubmit_check(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
@@ -470,7 +470,7 @@ function fitem_submit(f)
         return false;
     }
 
-    if($(".sit_opt_list").size() < 1) {
+    if($(".sit_opt_list").length < 1) {
         alert("상품의 선택옵션을 선택해 주십시오.");
         return false;
     }
diff --git a/theme/basic/skin/shop/basic/itemuse.skin.php b/theme/basic/skin/shop/basic/itemuse.skin.php
index cfe1e67d3..1c796be50 100644
--- a/theme/basic/skin/shop/basic/itemuse.skin.php
+++ b/theme/basic/skin/shop/basic/itemuse.skin.php
@@ -36,7 +36,6 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
         $is_reply_subject = !empty($row['is_reply_subject']) ? conv_subject($row['is_reply_subject'],50,"…") : '';
         $is_reply_content = !empty($row['is_reply_content']) ? get_view_thumbnail(conv_content($row['is_reply_content'], 1), $thumbnail_width) : '';
         $is_time    = substr($row['is_time'], 2, 8);
-        $is_href    = './itemuselist.php?bo_table=itemuse&amp;wr_id='.$row['wr_id'];
 
         $hash = md5($row['is_id'].$row['is_time'].$row['is_ip']);
 
diff --git a/theme/basic/skin/shop/basic/list.sub.skin.php b/theme/basic/skin/shop/basic/list.sub.skin.php
index efe001431..0989cdcbe 100644
--- a/theme/basic/skin/shop/basic/list.sub.skin.php
+++ b/theme/basic/skin/shop/basic/list.sub.skin.php
@@ -9,4 +9,4 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_SHOP_SKIN_URL.'/style.css">',
     <li><button type="button" class="sct_lst_view sct_lst_list"><i class="fa fa-th-list" aria-hidden="true"></i><span class="sound_only">리스트뷰</span></button></li>
     <li><button type="button" class="sct_lst_view sct_lst_gallery"><i class="fa fa-th-large" aria-hidden="true"></i><span class="sound_only">갤러리뷰</span></button></li>
 </ul>
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/listcategory.skin.php b/theme/basic/skin/shop/basic/listcategory.skin.php
index ab50fb08e..a7a3b4208 100644
--- a/theme/basic/skin/shop/basic/listcategory.skin.php
+++ b/theme/basic/skin/shop/basic/listcategory.skin.php
@@ -33,4 +33,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 1 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/listcategory2.skin.php b/theme/basic/skin/shop/basic/listcategory2.skin.php
index 1f4501f46..4bfc8735e 100644
--- a/theme/basic/skin/shop/basic/listcategory2.skin.php
+++ b/theme/basic/skin/shop/basic/listcategory2.skin.php
@@ -61,4 +61,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 2 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/listcategory3.skin.php b/theme/basic/skin/shop/basic/listcategory3.skin.php
index dcd7e83b1..6a06aed37 100644
--- a/theme/basic/skin/shop/basic/listcategory3.skin.php
+++ b/theme/basic/skin/shop/basic/listcategory3.skin.php
@@ -32,4 +32,4 @@ if ($exists) {
 </aside>
 <!-- } 상품분류 3 끝 -->
 
-<?php } ?>
\ No newline at end of file
+<?php }
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/main.20.skin.php b/theme/basic/skin/shop/basic/main.20.skin.php
index f54b93dfb..e6bcf1e5b 100644
--- a/theme/basic/skin/shop/basic/main.20.skin.php
+++ b/theme/basic/skin/shop/basic/main.20.skin.php
@@ -135,7 +135,7 @@ if($i == 0) echo "<p class=\"sct_noitem\">등록된 상품이 없습니다.</p>\
             var $smt = this.find("ul.sct_ul");
             var $smt_a = $smt.find("a");
             var height = 0;
-            var count = $smt.size();
+            var count = $smt.length;
             var c_idx = o_idx = 0;
             var fx = null;
             var el_id = this[0].id;
@@ -266,7 +266,7 @@ $(function() {
 
     // 애니메이션 stop
     $("#btn_smt_<?php echo $this->type; ?> button.sctrl_stop").on("click", function() {
-        if($(this).parent().siblings().find(".sctrl_on").size() > 0) {
+        if($(this).parent().siblings().find(".sctrl_on").length > 0) {
             $(this).parent().siblings().find("span").removeClass("sctrl_on").html("");
             $(this).children().addClass("sctrl_on").html("<b class=\"sound_only\">선택됨</b>");
             var id = $(this).closest(".sctrl").attr("id").replace("btn_", "");
diff --git a/theme/basic/skin/shop/basic/mainbanner.10.skin.php b/theme/basic/skin/shop/basic/mainbanner.10.skin.php
index fe97751a7..9146a50a2 100644
--- a/theme/basic/skin/shop/basic/mainbanner.10.skin.php
+++ b/theme/basic/skin/shop/basic/mainbanner.10.skin.php
@@ -140,5 +140,4 @@ jQuery(function($){
 });
 </script>
 <?php
-}
-?>
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/theme/basic/skin/shop/basic/personalpay.skin.php b/theme/basic/skin/shop/basic/personalpay.skin.php
index dc67edf7e..c16812194 100644
--- a/theme/basic/skin/shop/basic/personalpay.skin.php
+++ b/theme/basic/skin/shop/basic/personalpay.skin.php
@@ -31,5 +31,4 @@ for ($i=1; $row=sql_fetch_array($result); $i++) {
 
 if ($i > 1) echo "</ul>\n";
 
-if($i == 1) echo "<p class=\"sct_noitem\">등록된 개인결제가 없습니다.</p>\n";
-?>
\ No newline at end of file
+if($i == 1) echo "<p class=\"sct_noitem\">등록된 개인결제가 없습니다.</p>\n";
\ No newline at end of file
diff --git a/theme/basic/tail.php b/theme/basic/tail.php
index 6aa7f4ed6..147cf0a4b 100644
--- a/theme/basic/tail.php
+++ b/theme/basic/tail.php
@@ -92,5 +92,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_THEME_PATH."/tail.sub.php");
-?>
\ No newline at end of file
+include_once(G5_THEME_PATH."/tail.sub.php");
\ No newline at end of file
diff --git a/theme/basic/tail.sub.php b/theme/basic/tail.sub.php
index 1c25b33cd..513656f17 100644
--- a/theme/basic/tail.sub.php
+++ b/theme/basic/tail.sub.php
@@ -24,4 +24,4 @@ $(function() {
 
 </body>
 </html>
-<?php echo html_end(); // HTML 마지막 처리 함수 : 반드시 넣어주시기 바랍니다. ?>
\ No newline at end of file
+<?php echo html_end(); // HTML 마지막 처리 함수 : 반드시 넣어주시기 바랍니다.
\ No newline at end of file
diff --git a/theme/basic/theme.config.php b/theme/basic/theme.config.php
index 443ef7ba0..b6ffe622b 100644
--- a/theme/basic/theme.config.php
+++ b/theme/basic/theme.config.php
@@ -1,14 +1,22 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
+
 // 테마가 지원하는 장치 설정 pc, mobile
 // 선언하지 않거나 값을 지정하지 않으면 그누보드5의 설정을 따른다.
 // G5_SET_DEVICE 상수 설정 보다 우선 적용됨
-define('G5_THEME_DEVICE', '');
+if(! defined('G5_THEME_DEVICE')) define('G5_THEME_DEVICE', '');
+
+$theme_config = array();
+
+// 갤러리 이미지 수 등의 설정을 지정하시면 게시판관리에서 해당 값을
+// 가져오기 기능을 통해 게시판 설정의 해당 필드에 바로 적용할 수 있습니다.
+// 사용하지 않는 스킨 설정은 값을 비워두시면 됩니다.
+
 // 테마에서 커뮤니티 지원여부 설정
 // 커뮤니티 사용없이 쇼핑몰이 초기화면이라면 false로 설정
 // false 설정이면 게시판 head, tail 은 쇼핑몰의 그것이 적용됨
-define('G5_COMMUNITY_USE', true);
-$theme_config = array();
+if(! defined('G5_COMMUNITY_USE')) define('G5_COMMUNITY_USE', true);
+
 // 갤러리 이미지 수 등의 설정을 지정하시면 게시판관리에서 해당 값을
 // 가져오기 기능을 통해 게시판 설정의 해당 필드에 바로 적용할 수 있습니다.
 // 사용하지 않는 스킨 설정은 값을 비워두시면 됩니다.
@@ -140,5 +148,4 @@ $theme_config = array(
     'ev_mobile_list_row'            => 5,       // 모바일 이벤트 이미지 줄 수
     'ca_mobile_list_best_mod'       => 2,       // 모바일 상품리스트 베스트상품 1줄당 이미지 수
     'ca_mobile_list_best_row'       => 3,       // 모바일 상품리스트 베스트상품 이미지 줄 수
-);
-?>
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/yc4_import.php b/yc4_import.php
index 7d04bba6d..6d68c2f42 100644
--- a/yc4_import.php
+++ b/yc4_import.php
@@ -172,5 +172,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/yc4_import_run.php b/yc4_import_run.php
index e5a9a788c..5675f440e 100644
--- a/yc4_import_run.php
+++ b/yc4_import_run.php
@@ -689,5 +689,4 @@ $(function() {
 </script>
 
 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
\ No newline at end of file
+include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file