From 980e65361cb0f3cfbce8b3f00cb0ce2379a75726 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Mon, 21 May 2018 20:32:09 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-0300,0331,0356,0358,0370=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/faqform.php                     | 3 +++
 adm/sms_admin/form_multi_update.php | 4 ++--
 adm/sms_admin/num_book.php          | 2 ++
 lib/common.lib.php                  | 4 ++--
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/adm/faqform.php b/adm/faqform.php
index ccf049094..72f4438bd 100644
--- a/adm/faqform.php
+++ b/adm/faqform.php
@@ -5,6 +5,9 @@ include_once(G5_EDITOR_LIB);
 
 auth_check($auth[$sub_menu], "w");
 
+$fm_id = (int) $fm_id;
+$fa_id = isset($fa_id) ? (int) $fa_id : 0;
+
 $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
 $fm = sql_fetch($sql);
 
diff --git a/adm/sms_admin/form_multi_update.php b/adm/sms_admin/form_multi_update.php
index 5c1bd5930..f321a1577 100644
--- a/adm/sms_admin/form_multi_update.php
+++ b/adm/sms_admin/form_multi_update.php
@@ -4,7 +4,7 @@ include_once("./_common.php");
 
 auth_check($auth[$sub_menu], "w");
 
-check_token();
+check_admin_token();
 
 if($atype == "del"){
     $count = count($_POST['fo_no']);
@@ -14,7 +14,7 @@ if($atype == "del"){
     for ($i=0; $i<$count; $i++)
     {
         // 실제 번호를 넘김
-        $fo_no = $_POST['fo_no'][$i];
+        $fo_no = (int) $_POST['fo_no'][$i];
         if (!trim($fo_no)) continue;
 
         $res = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index 7bf189d2c..14a892bc5 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -13,6 +13,8 @@ $g5['title'] = "휴대폰번호 관리";
 
 if ($page < 1) $page = 1;
 
+$bg_no = isset($bg_no) ? (int) $bg_no : 0;
+
 if (is_numeric($bg_no))
     $sql_group = " and bg_no='$bg_no' ";
 else
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 69b64e586..045e75e37 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3438,7 +3438,7 @@ function is_include_path_check($path='', $is_input='')
     if( $path ){
         if ($is_input){
 
-            if( strpos($path, 'php://') !== false || strpos($path, 'zlib://') !== false || strpos($path, 'bzip2://') !== false || strpos($path, 'zip://') !== false ){
+            if( stripos($path, 'php://') !== false || stripos($path, 'zlib://') !== false || stripos($path, 'bzip2://') !== false || stripos($path, 'zip://') !== false || stripos($path, 'data:text/') !== false || stripos($path, 'data://') !== false ){
                 return false;
             }
 
@@ -3485,7 +3485,7 @@ function is_include_path_check($path='', $is_input='')
 
         $extension = pathinfo($path, PATHINFO_EXTENSION);
         
-        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/', $extension)) {
+        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
             return false;
         }
     }