diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php
index a91b4897f..f7f4cf882 100644
--- a/adm/menu_list_update.php
+++ b/adm/menu_list_update.php
@@ -20,9 +20,11 @@ $count = count($_POST['code']);
 for ($i=0; $i<$count; $i++)
 {
     $_POST = array_map_deep('trim', $_POST);
+    
+    $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags($_POST['me_link'][$i], 1) : '';
 
-    $code    = strip_tags($_POST['code'][$i]);
-    $me_name = strip_tags($_POST['me_name'][$i]);
+    $code    = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
+    $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
     $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]);
     
     if(!$code || !$me_name || !$me_link)
@@ -56,9 +58,9 @@ for ($i=0; $i<$count; $i++)
 
     // 메뉴 등록
     $sql = " insert into {$g5['menu_table']}
-                set me_code         = '$me_code',
-                    me_name         = '$me_name',
-                    me_link         = '$me_link',
+                set me_code         = '".$me_code."',
+                    me_name         = '".$me_name."',
+                    me_link         = '".$me_link."',
                     me_target       = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."',
                     me_order        = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."',
                     me_use          = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."',
diff --git a/lib/common.lib.php b/lib/common.lib.php
index e57160234..c1928dca2 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3501,6 +3501,11 @@ function get_call_func_cache($func, $args=array()){
 function is_include_path_check($path='', $is_input='')
 {
     if( $path ){
+
+        if( strlen($path) > 255 ){
+            return false;
+        }
+
         if ($is_input){
             // 장태진 @jtjisgod <jtjisgod@gmail.com> 추가
             // 보안 목적 : rar wrapper 차단
@@ -3559,11 +3564,14 @@ function is_include_path_check($path='', $is_input='')
             if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){
                 return false;
             }
+            if( substr_count($replace_path, './') > 5 ){
+                return false;
+            }
         }
 
         $extension = pathinfo($path, PATHINFO_EXTENSION);
         
-        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf)$/i', $extension)) {
+        if($extension && preg_match('/(jpg|jpeg|png|gif|bmp|conf|php\-x)$/i', $extension)) {
             return false;
         }
     }