From aa7ffdf093272e96ac479589afc09c19848869b7 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 17 Oct 2018 18:01:42 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C5=20?=
 =?UTF-8?q?=EB=8B=A4=EC=A4=91=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=20adm1nkyj(=20http://adm1nkyj.kr/=20)=20=EC=A0=9C?=
 =?UTF-8?q?=EB=B3=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/contentformupdate.php | 5 +++--
 bbs/content.php           | 2 ++
 bbs/view_image.php        | 3 +--
 g4_import_run.php         | 1 +
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php
index dff780a39..69f82f0b0 100644
--- a/adm/contentformupdate.php
+++ b/adm/contentformupdate.php
@@ -20,6 +20,7 @@ if ($w == "" || $w == "u")
     $co_row = sql_fetch($sql);
 }
 
+$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
 $co_subject = strip_tags($co_subject);
 $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
 $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
@@ -59,12 +60,12 @@ if( $co_include_tail ){
     }
 }
 
-if( $co_include_head && ! is_include_path_check($co_include_head) ){
+if( $co_include_head && ! is_include_path_check($co_include_head, 1) ){
     $co_include_head = '';
     $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 상단 파일 경로에 포함시킬수 없습니다.';
 }
 
-if( $co_include_tail && ! is_include_path_check($co_include_tail) ){
+if( $co_include_tail && ! is_include_path_check($co_include_tail, 1) ){
     $co_include_tail = '';
     $error_msg = '/data/file/ 또는 /data/editor/ 포함된 문자를 하단 파일 경로에 포함시킬수 없습니다.';
 }
diff --git a/bbs/content.php b/bbs/content.php
index f9551ed80..366e11e54 100644
--- a/bbs/content.php
+++ b/bbs/content.php
@@ -1,6 +1,8 @@
 <?php
 include_once('./_common.php');
 
+$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
+
 //dbconfig파일에 $g5['content_table'] 배열변수가 있는지 체크
 if( !isset($g5['content_table']) ){
     die('<meta charset="utf-8">관리자 모드에서 게시판관리->내용 관리를 먼저 확인해 주세요.');
diff --git a/bbs/view_image.php b/bbs/view_image.php
index 779f83a30..6bcd005e2 100644
--- a/bbs/view_image.php
+++ b/bbs/view_image.php
@@ -4,8 +4,7 @@ include_once('./_common.php');
 $g5['title'] = '이미지 크게보기';
 include_once(G5_PATH.'/head.sub.php');
 
-$filename = $_GET['fn'];
-$bo_table = $_GET['bo_table'];
+$filename = preg_replace('/[^A-Za-z0-9 _ .-]/', '', $_GET['fn']);
 
 if(strpos($filename, 'data/editor')) {
     $editor_file = strstr($filename, 'editor');
diff --git a/g4_import_run.php b/g4_import_run.php
index 259832777..6681df0e8 100644
--- a/g4_import_run.php
+++ b/g4_import_run.php
@@ -71,6 +71,7 @@ document.onkeydown = noRefresh ;
 <?php
 flush();
 
+$g4 = array();
 // g4의 confing.php
 require('./'.$g4_config_file);