From 7059b3f9cef98fde23beb22cbd6ea44cb3095f82 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 27 Mar 2017 19:26:55 +0900
Subject: [PATCH] =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=82=AD=EC=A0=9C=20?=
 =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95(=20adm1nkyj@Up?=
 =?UTF-8?q?Root=EB=8B=98=EC=9D=B4=20=EC=95=8C=EB=A0=A4=EC=A3=BC=EC=8B=AC?=
 =?UTF-8?q?=20)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shop/itemqaformupdate.php  | 19 ++++++++++++++-----
 shop/itemuseformupdate.php | 11 +++++++++--
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php
index b1764ed4d..a92edc176 100644
--- a/shop/itemqaformupdate.php
+++ b/shop/itemqaformupdate.php
@@ -5,11 +5,12 @@ if (!$is_member) {
     alert_close("상품문의는 회원만 작성이 가능합니다.");
 }
 
-$iq_id = trim($_REQUEST['iq_id']);
+$iq_id = (int) trim($_REQUEST['iq_id']);
 $iq_subject = trim($_POST['iq_subject']);
 $iq_question = trim($_POST['iq_question']);
 $iq_answer = trim($_POST['iq_answer']);
 $hash = trim($_REQUEST['hash']);
+$get_editor_img_mode = $config['cf_editor'] ? false : true;
 
 if ($w == "" || $w == "u") {
     $iq_name     = addslashes(strip_tags($member['mb_name']));
@@ -80,7 +81,7 @@ else if ($w == "d")
     $sql = " select iq_question, iq_answer from {$g5['g5_shop_item_qa_table']} where iq_id = '$iq_id' and md5(concat(iq_id,iq_time,iq_ip)) = '{$hash}' ";
     $row = sql_fetch($sql);
 
-    $imgs = get_editor_image($row['iq_question']);
+    $imgs = get_editor_image($row['iq_question'], $get_editor_img_mode);
 
     for($i=0;$i<count($imgs[1]);$i++) {
         $p = parse_url($imgs[1][$i]);
@@ -89,13 +90,17 @@ else if ($w == "d")
         else
             $data_path = $p['path'];
 
+        if( end(explode('.', $data_path)) === 'php' ){
+            continue;
+        }
+
         $destfile = G5_PATH.$data_path;
 
-        if(is_file($destfile))
+        if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
             @unlink($destfile);
     }
 
-    $imgs = get_editor_image($row['iq_answer']);
+    $imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode);
 
     for($i=0;$i<count($imgs[1]);$i++) {
         $p = parse_url($imgs[1][$i]);
@@ -104,9 +109,13 @@ else if ($w == "d")
         else
             $data_path = $p['path'];
 
+        if( end(explode('.', $data_path)) === 'php' ){
+            continue;
+        }
+
         $destfile = G5_PATH.$data_path;
 
-        if(is_file($destfile))
+        if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
             @unlink($destfile);
     }
 
diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php
index 6d3537282..868d2d895 100644
--- a/shop/itemuseformupdate.php
+++ b/shop/itemuseformupdate.php
@@ -11,6 +11,8 @@ $is_content  = trim($_POST['is_content']);
 $is_name     = trim($_POST['is_name']);
 $is_password = trim($_POST['is_password']);
 $is_score    = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
+$get_editor_img_mode = $config['cf_editor'] ? false : true;
+$is_id       = (int) trim($_REQUEST['is_id']);
 
 // 사용후기 작성 설정에 따른 체크
 check_itemuse_write($it_id, $member['mb_id']);
@@ -64,6 +66,7 @@ if ($w == "")
 else if ($w == "u")
 {
     $sql = " select is_password from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' ";
+
     $row = sql_fetch($sql);
     if ($row['is_password'] != $is_password)
         alert("비밀번호가 틀리므로 수정하실 수 없습니다.");
@@ -91,7 +94,7 @@ else if ($w == "d")
     $sql = " select is_content from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' and md5(concat(is_id,is_time,is_ip)) = '{$hash}' ";
     $row = sql_fetch($sql);
 
-    $imgs = get_editor_image($row['is_content']);
+    $imgs = get_editor_image($row['is_content'], $get_editor_img_mode);
 
     for($i=0;$i<count($imgs[1]);$i++) {
         $p = parse_url($imgs[1][$i]);
@@ -100,9 +103,13 @@ else if ($w == "d")
         else
             $data_path = $p['path'];
 
+        if( end(explode('.', $data_path)) === 'php' ){
+            continue;
+        }
+
         $destfile = G5_PATH.$data_path;
 
-        if(is_file($destfile))
+        if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile))
             @unlink($destfile);
     }