KVE-2019-0082 원격취약점 다시 수정

adm/shop_admin/itemeventformupdate.php

@@ -19,8 +19,8 @@ if ($ev_mimg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
 if ($ev_himg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
 if ($ev_timg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
 
-$ev_skin = preg_replace('#\.+/#', '', $ev_skin);
-$ev_mobile_skin = preg_replace('#\.+/#', '', $ev_mobile_skin);
+$ev_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_skin);
+$ev_mobile_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_mobile_skin);
 
 $skin_regex_patten = "^list.[0-9]+\.skin\.php";
 

mobile/shop/event.php

@@ -31,7 +31,7 @@ else
     $order_by = 'b.it_order, b.it_id desc';
 
 if ($skin) {
-    $skin = preg_replace('#\.+/#', '', $skin);
+    $skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
     $ev['ev_skin'] = $skin;
 }
 

shop/event.php

@@ -43,7 +43,7 @@ else
     $order_by = 'b.it_order, b.it_id desc';
 
 if ($skin) {
-    $skin = preg_replace('#\.+/#', '', $skin);
+    $skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
     $ev['ev_skin'] = $skin;
 }