diff --git a/bbs/alert.php b/bbs/alert.php
index 6b1ab26a7..dabe311f6 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -33,6 +33,8 @@ $msg2 = str_replace("\\n", "
", $msg);
$url = clean_xss_tags($url);
if (!$url) $url = clean_xss_tags($_SERVER['HTTP_REFERER']);
+$url = preg_replace("/[\<\>\'\"\\\'\\\"\(\)]/", "", $url);
+
// url 체크
check_url_host($url);
diff --git a/bbs/formmail.php b/bbs/formmail.php
index 55a9847e5..fdeeab869 100644
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@@ -28,6 +28,12 @@ if ($sendmail_count > 3)
$g5['title'] = '메일 쓰기';
include_once(G5_PATH.'/head.sub.php');
+$email = get_email_address(base64_decode($email));
+if(!$email)
+ alert_close('이메일이 올바르지 않습니다.');
+
+$email = base64_encode($email);
+
if (!$name)
$name = base64_decode($email);
else
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index 9f214f289..e5abe169e 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -19,6 +19,8 @@ $url = clean_xss_tags($_GET['url']);
// url 체크
check_url_host($url);
+$url = get_text($url);
+
include_once($member_skin_path.'/member_confirm.skin.php');
include_once('./_tail.sub.php');
diff --git a/mobile/skin/board/basic/view_comment.skin.php b/mobile/skin/board/basic/view_comment.skin.php
index c6984f652..4640365e4 100644
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@@ -53,8 +53,10 @@ var char_max = parseInt(); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
- $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
+ $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql);
+ if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
+ $cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content'];
}
diff --git a/mobile/skin/board/gallery/view_comment.skin.php b/mobile/skin/board/gallery/view_comment.skin.php
index c6984f652..4640365e4 100644
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@@ -53,8 +53,10 @@ var char_max = parseInt(); // 최대
$query_string = clean_query_string($_SERVER['QUERY_STRING']);
if($w == 'cu') {
- $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
+ $sql = " select wr_id, wr_content, mb_id from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
$cmt = sql_fetch($sql);
+ if (!($is_admin || ($member['mb_id'] == $cmt['mb_id'] && $cmt['mb_id'])))
+ $cmt['wr_content'] = '';
$c_wr_content = $cmt['wr_content'];
}
diff --git a/mobile/skin/member/basic/formmail.skin.php b/mobile/skin/member/basic/formmail.skin.php
index bb1c32e7c..8d3eaead2 100644
--- a/mobile/skin/member/basic/formmail.skin.php
+++ b/mobile/skin/member/basic/formmail.skin.php
@@ -11,7 +11,6 @@ add_stylesheet('',