From 91a3ca9f8a5d2a3bab0077ffe878c3cbe386b950 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 15 Mar 2018 14:20:06 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EC=9B=90?=
 =?UTF-8?q?=EA=B2=A9=20=EC=BD=94=EB=93=9C=20=EC=8B=A4=ED=96=89=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95(2017-1050)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/itemqaform.php  | 4 ++--
 adm/shop_admin/itemuseform.php | 4 ++--
 lib/shop.lib.php               | 4 ++++
 shop/itemqaformupdate.php      | 1 +
 shop/itemuseformupdate.php     | 1 +
 5 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/adm/shop_admin/itemqaform.php b/adm/shop_admin/itemqaform.php
index d0607b74a..d9046f227 100644
--- a/adm/shop_admin/itemqaform.php
+++ b/adm/shop_admin/itemqaform.php
@@ -64,11 +64,11 @@ $qstr .= ($qstr ? '&amp;' : '').'sca='.$sca;
     </tr>
     <tr>
         <th scope="row"><label for="iq_question">질문</label></th>
-        <td><?php echo editor_html('iq_question', get_text($iq['iq_question'], 0)); ?></td>
+        <td><?php echo editor_html('iq_question', get_text(html_purifier($iq['iq_question']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row"><label for="iq_answer">답변</label></th>
-        <td><?php echo editor_html('iq_answer', get_text($iq['iq_answer'], 0)); ?></td>
+        <td><?php echo editor_html('iq_answer', get_text(html_purifier($iq['iq_answer']), 0)); ?></td>
         <!-- <td><textarea name="iq_answer" id="iq_answer" rows="7"><?php echo get_text($iq['iq_answer']); ?></textarea></td> -->
     </tr>
     </tbody>
diff --git a/adm/shop_admin/itemuseform.php b/adm/shop_admin/itemuseform.php
index 7a57776df..cdc5299a8 100644
--- a/adm/shop_admin/itemuseform.php
+++ b/adm/shop_admin/itemuseform.php
@@ -75,7 +75,7 @@ $qstr .= ($qstr ? '&amp;' : '').'sca='.$sca;
     </tr>
     <tr>
         <th scope="row">내용</th>
-        <td><?php echo editor_html('is_content', get_text($is['is_content'], 0)); ?></td>
+        <td><?php echo editor_html('is_content', get_text(html_purifier($is['is_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row"><label for="is_reply_subject">답변 제목</label></th>
@@ -84,7 +84,7 @@ $qstr .= ($qstr ? '&amp;' : '').'sca='.$sca;
     </tr>
     <tr>
         <th scope="row">답변 내용</th>
-        <td><?php echo editor_html('is_reply_content', get_text($is['is_reply_content'], 0)); ?></td>
+        <td><?php echo editor_html('is_reply_content', get_text(html_purifier($is['is_reply_content']), 0)); ?></td>
     </tr>
     <tr>
         <th scope="row">확인</th>
diff --git a/lib/shop.lib.php b/lib/shop.lib.php
index d55f86ce4..521b202b5 100644
--- a/lib/shop.lib.php
+++ b/lib/shop.lib.php
@@ -629,6 +629,10 @@ function it_img_upload($srcfile, $filename, $dir)
     if($size[2] < 1 || $size[2] > 3)
         return '';
 
+    //php파일도 getimagesize 에서 Image Type Flag 를 속일수 있다
+    if (!preg_match('/\.(gif|jpe?g|png)$/i', $filename))
+        return '';
+
     if(!is_dir($dir)) {
         @mkdir($dir, G5_DIR_PERMISSION);
         @chmod($dir, G5_DIR_PERMISSION);
diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php
index 73e6a8ef1..e4dd35de8 100644
--- a/shop/itemqaformupdate.php
+++ b/shop/itemqaformupdate.php
@@ -8,6 +8,7 @@ if (!$is_member) {
 $iq_id = (int) trim($_REQUEST['iq_id']);
 $iq_subject = trim($_POST['iq_subject']);
 $iq_question = trim($_POST['iq_question']);
+$iq_question = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $iq_question);
 $iq_answer = trim($_POST['iq_answer']);
 $hash = trim($_REQUEST['hash']);
 $get_editor_img_mode = $config['cf_editor'] ? false : true;
diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php
index 7a3ca10d1..e2c870624 100644
--- a/shop/itemuseformupdate.php
+++ b/shop/itemuseformupdate.php
@@ -8,6 +8,7 @@ if (!$is_member) {
 $it_id       = trim($_REQUEST['it_id']);
 $is_subject  = trim($_POST['is_subject']);
 $is_content  = trim($_POST['is_content']);
+$is_content = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $is_content);
 $is_name     = trim($_POST['is_name']);
 $is_password = trim($_POST['is_password']);
 $is_score    = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];