diff --git a/adm/css/admin.css b/adm/css/admin.css
index 07178cef7..ab3d85c3e 100644
--- a/adm/css/admin.css
+++ b/adm/css/admin.css
@@ -336,6 +336,7 @@ tfoot td {font-weight:bold;text-align:center}
 #menu_frm #menu_result {margin:20px 0}
 
 #menulist .sub_menu_class {padding-left:25px;background:url('../img/sub_menu_ico.gif') 5px 15px no-repeat}
+.exist_menu_link {font-weight:bold;color:red}
 
 /* 회원관리 목록 */
 .mb_leave_msg {color:#b6b6b6}
@@ -969,4 +970,4 @@ strong.sodr_nonpay {display:block;padding:5px 0;text-align:right}
 #anc_sodr_pay .btn_confirm .btn_submit{width:300px;height:40px;font-size:14px;}
 
 
- .pg_input{font:bold 15px Consolas}
\ No newline at end of file
+ .pg_input{font:bold 15px Consolas}
diff --git a/adm/menu_form.php b/adm/menu_form.php
index 0db45d575..15592bd33 100644
--- a/adm/menu_form.php
+++ b/adm/menu_form.php
@@ -43,13 +43,57 @@ $(function() {
         "./menu_form_search.php"
     );
 
-    $("#me_type").on("change", function() {
-        var type = $(this).val();
+    function link_checks_all_chage(){
+
+        var $links = $(opener.document).find("#menulist input[name='me_link[]']"),
+            $o_link = $(".td_mngsmall input[name='link[]']"),
+            hrefs = [],
+            menu_exist = false;
+           
+        if( $links.length ){
+            $links.each(function( index ) {
+                hrefs.push( $(this).val() );
+            });
+
+            $o_link.each(function( index ) {
+                if( $.inArray( $(this).val(), hrefs ) != -1 ){
+                    $(this).closest("tr").find("td:eq( 0 )").addClass("exist_menu_link");
+                    menu_exist = true;
+                }
+            });
+        }
+
+        if( menu_exist ){
+            $(".menu_exists_tip").show();
+        } else {
+            $(".menu_exists_tip").hide();
+        }
+    }
+
+    function menu_result_change( type ){
+        
+        var dfd = new $.Deferred();
 
         $("#menu_result").empty().load(
             "./menu_form_search.php",
-            { type : type }
+            { type : type },
+            function(){
+                dfd.resolve('Finished');
+            }
         );
+
+        return dfd.promise();
+    }
+
+    $("#me_type").on("change", function() {
+        var type = $(this).val();
+
+        var promise = menu_result_change( type );
+
+        promise.done(function(message) {
+            link_checks_all_chage(type);
+        });
+
     });
 
     $(document).on("click", "#add_manual", function() {
diff --git a/adm/menu_form_search.php b/adm/menu_form_search.php
index 1d5ff3ee7..c11c6288e 100644
--- a/adm/menu_form_search.php
+++ b/adm/menu_form_search.php
@@ -11,7 +11,7 @@ switch($type) {
                     order by gr_order, gr_id ";
         break;
     case 'board':
-        $sql = " select bo_table as id, bo_subject as subject
+        $sql = " select bo_table as id, bo_subject as subject, gr_id
                     from {$g5['board_table']}
                     order by bo_order, bo_table ";
         break;
@@ -32,13 +32,18 @@ if($sql) {
 
     for($i=0; $row=sql_fetch_array($result); $i++) {
         if($i == 0) {
+
+    $bbs_subject_title = ($type == 'board') ? '게시판제목' : '제목';
 ?>
 
 <div class="tbl_head01 tbl_wrap">
     <table>
     <thead>
     <tr>
-        <th scope="col">제목</th>
+        <th scope="col"><?php echo $bbs_subject_title; ?></th>
+        <?php if($type == 'board'){ ?>
+            <th scope="col">게시판 그룹</th>
+        <?php } ?>
         <th scope="col">선택</th>
     </tr>
     </thead>
@@ -63,6 +68,12 @@ if($sql) {
 
     <tr>
         <td><?php echo $row['subject']; ?></td>
+        <?php
+        if($type == 'board'){
+        $group = get_call_func_cache('get_group', array($row['gr_id']));
+        ?>
+        <td><?php echo $group['gr_subject']; ?></td>
+        <?php } ?>
         <td class="td_mngsmall">
             <input type="hidden" name="subject[]" value="<?php echo preg_replace('/[\'\"]/', '', $row['subject']); ?>">
             <input type="hidden" name="link[]" value="<?php echo $link; ?>">
@@ -76,6 +87,10 @@ if($sql) {
     </table>
 </div>
 
+<div class="local_desc01 menu_exists_tip" style="display:none">
+    <p>* <strong>빨간색</strong>의 제목은 이미 메뉴에 연결되어 경우 표시됩니다.</p>
+</div>
+
 <div class="btn_win02 btn_win">
     <button type="button" class="btn_cancel" onclick="window.close();">창닫기</button>
 </div>
diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
index 7cf17b2b7..23e15e5ef 100644
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@@ -14,5 +14,9 @@ if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
 
 $sv = isset($_REQUEST['sv']) ? get_search_string($_REQUEST['sv']) : '';
 
+if( isset($token) ){
+    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
+}
+
 add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
 ?>
\ No newline at end of file
diff --git a/common.php b/common.php
index 1adbd5d1f..a41544111 100644
--- a/common.php
+++ b/common.php
@@ -32,10 +32,11 @@ function g5_path()
     $result['path'] = str_replace('\\', '/', dirname(__FILE__));
     $tilde_remove = preg_replace('/^\/\~[^\/]+(.*)$/', '$1', $_SERVER['SCRIPT_NAME']);
     $document_root = str_replace($tilde_remove, '', $_SERVER['SCRIPT_FILENAME']);
-    $root = str_replace($document_root, '', $result['path']);
+    $pattern = '/' . preg_quote($document_root, '/') . '/i';
+    $root = preg_replace($pattern, '', $result['path']);
     $port = $_SERVER['SERVER_PORT'] != 80 ? ':'.$_SERVER['SERVER_PORT'] : '';
     $http = 'http' . ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 's' : '') . '://';
-    $user = str_replace(str_replace($document_root, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
+    $user = str_replace(preg_replace($pattern, '', $_SERVER['SCRIPT_FILENAME']), '', $_SERVER['SCRIPT_NAME']);
     $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
     if(isset($_SERVER['HTTP_HOST']) && preg_match('/:[0-9]+$/', $host))
         $host = preg_replace('/:[0-9]+$/', '', $host);
@@ -370,7 +371,7 @@ if ($_SESSION['ss_mb_id']) { // 로그인중이라면
             $key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
             // 쿠키에 저장된 키와 같다면
             $tmp_key = get_cookie('ck_auto');
-            if ($tmp_key == $key && $tmp_key) {
+            if ($tmp_key === $key && $tmp_key) {
                 // 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면
                 if ($row['mb_intercept_date'] == '' &&
                     $row['mb_leave_date'] == '' &&
diff --git a/install/index.php b/install/index.php
index 056b399c0..990b5938a 100644
--- a/install/index.php
+++ b/install/index.php
@@ -1,4 +1,6 @@
 <?php
+@header('Content-Type: text/html; charset=utf-8');
+@header('X-Robots-Tag: noindex');
 include_once ('../config.php');
 $title = G5_VERSION." 라이센스 확인 1/3";
 include_once ('./install.inc.php');
diff --git a/install/install_config.php b/install/install_config.php
index c5d6c2b34..c1586db9f 100644
--- a/install/install_config.php
+++ b/install/install_config.php
@@ -5,6 +5,8 @@ header('Last-Modified: ' . $gmnow);
 header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
 header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
 header('Pragma: no-cache'); // HTTP/1.0
+@header('Content-Type: text/html; charset=utf-8');
+@header('X-Robots-Tag: noindex');
 
 include_once ('../config.php');
 $title = G5_VERSION." 초기환경설정 2/3";
diff --git a/install/install_db.php b/install/install_db.php
index 87ca6ff87..ea31687e8 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -6,6 +6,8 @@ header('Last-Modified: ' . $gmnow);
 header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
 header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
 header('Pragma: no-cache'); // HTTP/1.0
+@header('Content-Type: text/html; charset=utf-8');
+@header('X-Robots-Tag: noindex');
 
 include_once ('../config.php');
 include_once ('../lib/common.lib.php');
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 8ac84112d..fb5aab969 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -628,7 +628,7 @@ function get_sql_search($search_ca_name, $search_field, $search_text, $search_op
 
             // SQL Injection 방지
             // 필드값에 a-z A-Z 0-9 _ , | 이외의 값이 있다면 검색필드를 wr_subject 로 설정한다.
-            $field[$k] = preg_match("/^[\w\,\|]+$/", $field[$k]) ? $field[$k] : "wr_subject";
+            $field[$k] = preg_match("/^[\w\,\|]+$/", $field[$k]) ? strtolower($field[$k]) : "wr_subject";
 
             $str .= $op2;
             switch ($field[$k]) {
@@ -3212,7 +3212,7 @@ class str_encrypt
     function __construct($salt='')
     {
         if(!$salt)
-            $this->salt = md5(G5_MYSQL_PASSWORD);
+            $this->salt = md5(preg_replace('/[^0-9A-Za-z]/', substr(G5_MYSQL_USER, -1), G5_MYSQL_PASSWORD));
         else
             $this->salt = $salt;
 
@@ -3275,9 +3275,68 @@ function check_write_token($bo_table)
     return true;
 }
 
+function get_call_func_cache($func, $args=array()){
+    
+    static $cache = array();
+
+    $key = md5(serialize($args));
+
+    if( isset($cache[$func]) && isset($cache[$func][$key]) ){
+        return $cache[$func][$key];
+    }
+
+    $result = null;
+
+    try{
+        $cache[$func][$key] = $result = call_user_func_array($func, $args);
+    } catch (Exception $e) {
+        return null;
+    }
+    
+    return $result;
+}
+
 // include 하는 경로에 data file 경로가 포함되어 있는지 체크합니다.
 function is_include_path_check($path='')
 {
+    if( $path ){
+        try {
+            // whether $path is unix or not
+            $unipath = strlen($path)==0 || $path{0}!='/';
+            $unc = substr($path,0,2)=='\\\\'?true:false;
+            // attempts to detect if path is relative in which case, add cwd
+            if(strpos($path,':') === false && $unipath && !$unc){
+                $path=getcwd().DIRECTORY_SEPARATOR.$path;
+                if($path{0}=='/'){
+                    $unipath = false;
+                }
+            }
+
+            // resolve path parts (single dot, double dot and double delimiters)
+            $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
+            $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
+            $absolutes = array();
+            foreach ($parts as $part) {
+                if ('.'  == $part){
+                    continue;
+                }
+                if ('..' == $part) {
+                    array_pop($absolutes);
+                } else {
+                    $absolutes[] = $part;
+                }
+            }
+            $path = implode(DIRECTORY_SEPARATOR, $absolutes);
+            // resolve any symlinks
+            // put initial separator that could have been lost
+            $path = !$unipath ? '/'.$path : $path;
+            $path = $unc ? '\\\\'.$path : $path;
+        } catch (Exception $e) {
+            //echo 'Caught exception: ',  $e->getMessage(), "\n";
+            return false;
+        }
+    }
+
     if( !$path || preg_match('/\/data\/(file|editor)\/[A-Za-z0-9_]{1,20}\//', $path) ){
         return false;
     }
diff --git a/plugin/editor/cheditor5/imageUpload/delete.php b/plugin/editor/cheditor5/imageUpload/delete.php
index 0da4fc8f3..1d961c696 100644
--- a/plugin/editor/cheditor5/imageUpload/delete.php
+++ b/plugin/editor/cheditor5/imageUpload/delete.php
@@ -5,9 +5,9 @@ if(!function_exists('ft_nonce_is_valid')){
     include_once('../editor.lib.php');
 }
 
-$filesrc = isset($_POST["filesrc"]) ? $_POST["filesrc"] : '';
+$filesrc = isset($_POST["filesrc"]) ? preg_replace("/[ #\&\+\-%@=\/\\\:;,\'\"\^`~\_|\!\?\*$#<>()\[\]\{\}]/", "", $_POST["filesrc"]) : '';
 
-if( !$filesrc ){
+if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){
     die( false );
 }
 
diff --git a/plugin/kcaptcha/kcaptcha.lib.php b/plugin/kcaptcha/kcaptcha.lib.php
index 61d15548c..ccf5e358d 100644
--- a/plugin/kcaptcha/kcaptcha.lib.php
+++ b/plugin/kcaptcha/kcaptcha.lib.php
@@ -245,7 +245,7 @@ function captcha_html($class="captcha")
     $html .= "\n".'<script src="'.G5_CAPTCHA_URL.'/kcaptcha.js"></script>';
     $html .= "\n".'<fieldset id="captcha" class="'.$class.'">';
     $html .= "\n".'<legend><label for="captcha_key">자동등록방지</label></legend>';
-    if (is_mobile()) $html .= '<audio src="#" id="captcha_audio" controls></audio>';
+    if (is_mobile()) $html .= '<audio id="captcha_audio" controls></audio>';
     //$html .= "\n".'<img src="#" alt="" id="captcha_img">';
     $html .= "\n".'<img src="javascript:void(0);" alt="" id="captcha_img">';
     if (!is_mobile()) $html .= "\n".'<button type="button" id="captcha_mp3"><span></span>숫자음성듣기</button>';
diff --git a/theme/basic/head.sub.php b/theme/basic/head.sub.php
index f2699c5e6..2eb625b32 100644
--- a/theme/basic/head.sub.php
+++ b/theme/basic/head.sub.php
@@ -39,7 +39,7 @@ if (G5_IS_MOBILE) {
     echo '<meta name="format-detection" content="telephone=no">'.PHP_EOL;
 } else {
     echo '<meta http-equiv="imagetoolbar" content="no">'.PHP_EOL;
-    echo '<meta http-equiv="X-UA-Compatible" content="IE=10,chrome=1">'.PHP_EOL;
+    echo '<meta http-equiv="X-UA-Compatible" content="IE=Edge">'.PHP_EOL;
 }
 
 if($config['cf_add_meta'])