diff --git a/bbs/download.php b/bbs/download.php
index 504595b74..f0f70afb7 100644
--- a/bbs/download.php
+++ b/bbs/download.php
@@ -23,6 +23,7 @@ if (!$file['bf_file'])
     alert_close('파일 정보가 존재하지 않습니다.');
 
 // JavaScript 불가일 때
+$js = (isset($_GET['js'])) ? $_GET['js'] : '';
 if($js != 'on' && $board['bo_download_point'] < 0) {
     $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
     $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on';
diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php
index 4aa235bd3..28232b330 100644
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@@ -14,7 +14,9 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
     $referer = "";
     if (isset($_SERVER['HTTP_REFERER']))
         $referer = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_REFERER'])));
-    $user_agent  = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
+    $user_agent = '';
+    if (isset($_SERVER['HTTP_USER_AGENT']))
+        $user_agent  = escape_trim(clean_xss_tags(strip_tags($_SERVER['HTTP_USER_AGENT'])));
     $vi_browser = '';
     $vi_os = '';
     $vi_device = '';
diff --git a/bbs/write_update.php b/bbs/write_update.php
index ac32277e6..dbda388ef 100644
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@@ -658,7 +658,7 @@ for ($i=(int)$row['max_bf_no']; $i>=0; $i--)
     $row2 = sql_fetch(" select bf_file from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
 
     // 정보가 있다면 빠집니다.
-    if ($row2['bf_file']) break;
+    if (isset($row2['bf_file']) && $row2['bf_file']) break;
 
     // 그렇지 않다면 정보를 삭제합니다.
     sql_query(" delete from {$g5['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$wr_id}' and bf_no = '{$i}' ");
@@ -725,8 +725,10 @@ if (!($w == 'u' || $w == 'cu') && $config['cf_email_use'] && $board['bo_use_emai
     }
 
     // 옵션에 메일받기가 체크되어 있고, 게시자의 메일이 있다면
-    if (strstr($wr['wr_option'], 'mail') && $wr['wr_email'])
-        $array_email[] = $wr['wr_email'];
+    if (isset($wr['wr_option']) && isset($wr['wr_email'])) {
+        if (strstr($wr['wr_option'], 'mail') && $wr['wr_email'])
+            $array_email[] = $wr['wr_email'];
+    }
 
     // 중복된 메일 주소는 제거
     $unique_email = array_unique($array_email);
diff --git a/common.php b/common.php
index 8fbde6e96..3accb2512 100644
--- a/common.php
+++ b/common.php
@@ -232,7 +232,7 @@ function chrome_domain_session_name(){
     '.maru.net',    // 마루호스팅
     );
 
-    if(preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){  // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다.
+    if(isset($_SERVER['HTTP_HOST']) && preg_match('/('.implode('|', $domain_array).')/i', $_SERVER['HTTP_HOST'])){  // 위의 도메인주소를 포함한 url접속시 기본세션이름을 변경한다.
         if(! defined('G5_SESSION_NAME')) define('G5_SESSION_NAME', 'G5PHPSESSID');
         @session_name(G5_SESSION_NAME);
     }
@@ -339,8 +339,10 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)
             $res = @session_start($options);
 
             // IE 브라우저 또는 엣지브라우저 또는 IOS 모바일과 http환경에서는 secure; SameSite=None을 설정하지 않습니다.
-            if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){
-                return $res;
+            if (isset($_SERVER['HTTP_USER_AGENT'])) {
+                if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){
+                    return $res;
+                }
             }
 
             $headers = headers_list();
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d84af1501..b6bb9837c 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -850,12 +850,14 @@ function get_admin($admin='super', $fields='*')
         $is = true;
     }
 
-    if (($is && !$mb['mb_id']) || $admin == 'group') {
+    // if (($is && !$mb['mb_id']) || $admin == 'group') {
+    if (($is && !isset($mb['mb_id'])) || $admin == 'group') {
         $mb = sql_fetch("select {$fields} from {$g5['member_table']} where mb_id in ('{$group['gr_admin']}') limit 1 ");
         $is = true;
     }
 
-    if (($is && !$mb['mb_id']) || $admin == 'super') {
+    // if (($is && !$mb['mb_id']) || $admin == 'super') {
+    if (($is && !isset($mb['mb_id'])) || $admin == 'super') {
         $mb = sql_fetch("select {$fields} from {$g5['member_table']} where mb_id in ('{$config['cf_admin']}') limit 1 ");
     }
 
@@ -2217,7 +2219,10 @@ function get_checked($field, $value)
 
 function is_mobile()
 {
-    return preg_match('/'.G5_MOBILE_AGENT.'/i', $_SERVER['HTTP_USER_AGENT']);
+    if (isset($_SERVER['HTTP_USER_AGENT']))
+        return  preg_match('/'.G5_MOBILE_AGENT.'/i', $_SERVER['HTTP_USER_AGENT']);
+    else
+        return '';
 }
 
 
@@ -2344,8 +2349,9 @@ function delete_editor_thumbnail($contents)
     for($i=0; $i<count($matchs[1]); $i++) {
         // 이미지 path 구함
         $imgurl = @parse_url($matchs[1][$i]);
-        $srcfile = dirname(G5_PATH).$imgurl['path'];
-        if(! preg_match('/(\.jpe?g|\.gif|\.png)$/i', $srcfile)) continue;
+        // $srcfile = dirname(G5_PATH).$imgurl['path'];
+        $srcfile = (G5_PATH).$imgurl['path'];
+        if(!preg_match('/(\.jpe?g|\.gif|\.png|\.webp)$/i', $srcfile)) continue;
         $filename = preg_replace("/\.[^\.]+$/i", "", basename($srcfile));
         $filepath = dirname($srcfile);
         $files = glob($filepath.'/thumb-'.$filename.'*');
diff --git a/plugin/editor/cheditor5/imageUpload/upload.php b/plugin/editor/cheditor5/imageUpload/upload.php
index 9594f8c7a..f305b65d3 100644
--- a/plugin/editor/cheditor5/imageUpload/upload.php
+++ b/plugin/editor/cheditor5/imageUpload/upload.php
@@ -77,7 +77,7 @@ run_event('cheditor_photo_upload', $data_dir, $data_url);
 //
 $tempfile = $_FILES['file']['tmp_name'];
 $filename = $_FILES['file']['name'];
-
+$filename_len = strrpos($filename, ".");
 $type = substr($filename, strrpos($filename, ".")+1);
 $found = false;
 switch ($type) {
@@ -89,7 +89,7 @@ switch ($type) {
 		$found = true;
 }
 
-if ($found != true) {
+if ($found != true || $filename_len != 23) {
 	exit;
 }
 
diff --git a/plugin/sns/twitter/redirect.php b/plugin/sns/twitter/redirect.php
index 4bc1586aa..505b3e047 100644
--- a/plugin/sns/twitter/redirect.php
+++ b/plugin/sns/twitter/redirect.php
@@ -13,8 +13,8 @@ $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
 $request_token = $connection->getRequestToken(OAUTH_CALLBACK);
 
 /* Save temporary credentials to session. */
-$_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
-$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
+$_SESSION['oauth_token'] = $token = @$request_token['oauth_token'];
+$_SESSION['oauth_token_secret'] = @$request_token['oauth_token_secret'];
 
 //print_r2($_SESSION); exit;
  
diff --git a/plugin/sns/twitter/twitteroauth/twitteroauth.php b/plugin/sns/twitter/twitteroauth/twitteroauth.php
index af8712229..49bee1457 100644
--- a/plugin/sns/twitter/twitteroauth/twitteroauth.php
+++ b/plugin/sns/twitter/twitteroauth/twitteroauth.php
@@ -77,7 +77,7 @@ class TwitterOAuth {
     $parameters['oauth_callback'] = $oauth_callback;
     $request = $this->oAuthRequest($this->requestTokenURL(), 'GET', $parameters);
     $token = OAuthUtil::parse_parameters($request);
-    $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
+    $this->token = new OAuthConsumer(@$token['oauth_token'], @$token['oauth_token_secret']);
     return $token;
   }
 
diff --git a/skin/member/basic/login.skin.php b/skin/member/basic/login.skin.php
index 15f94e3a7..d282aeba2 100644
--- a/skin/member/basic/login.skin.php
+++ b/skin/member/basic/login.skin.php
@@ -39,7 +39,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
     </div>
 
     <?php // 쇼핑몰 사용시 여기부터 ?>
-    <?php if ($default['de_level_sell'] == 1) { // 상품구입 권한 ?>
+    <?php if (isset($default['de_level_sell']) && $default['de_level_sell'] == 1) { // 상품구입 권한 ?>
 
 	<!-- 주문하기, 신청하기 -->
 	<?php if (preg_match("/orderform.php/", $url)) { ?>
diff --git a/skin/shop/basic/boxbanner.skin.php b/skin/shop/basic/boxbanner.skin.php
index d6bd9fd3e..03be8e7ac 100644
--- a/skin/shop/basic/boxbanner.skin.php
+++ b/skin/shop/basic/boxbanner.skin.php
@@ -23,7 +23,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
         $banner = '';
         $size = getimagesize($bimg);
         echo '<li>'.PHP_EOL;
-        if ($row['bn_url'][0] == '#')
+        if (preg_match("/^#/", $row['bn_url']))
             $banner .= '<a href="'.$row['bn_url'].'">';
         else if ($row['bn_url'] && $row['bn_url'] != 'http://') {
             $banner .= '<a href="'.G5_SHOP_URL.'/bannerhit.php?bn_id='.$row['bn_id'].'"'.$bn_new_win.'>';