From afc8adf73709591c1e3f7bffe570cf23037976a2 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 20 Nov 2020 16:51:02 +0900
Subject: [PATCH] =?UTF-8?q?[KVE-2020-0785,=200788]=20=ED=83=80=20=EC=95=84?=
 =?UTF-8?q?=EC=9D=B4=EB=94=94=EA=B0=80=20=EC=97=90=EB=94=94=ED=84=B0=20?=
 =?UTF-8?q?=EC=97=85=EB=A1=9C=EB=93=9C=20=EB=90=9C=20=EC=9D=B4=EB=AF=B8?=
 =?UTF-8?q?=EC=A7=80=20=EC=82=AD=EC=A0=9C=20=EA=B0=80=EB=8A=A5=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/editor/cheditor5/imageUpload/config.php     | 10 ++++++++--
 .../photo_uploader/popup/php/UploadHandler.php     | 14 ++++++++++----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/plugin/editor/cheditor5/imageUpload/config.php b/plugin/editor/cheditor5/imageUpload/config.php
index dc5f2ba8b..16787496a 100644
--- a/plugin/editor/cheditor5/imageUpload/config.php
+++ b/plugin/editor/cheditor5/imageUpload/config.php
@@ -30,8 +30,14 @@ define("SAVE_DIR", $data_dir);
 define("SAVE_URL", $data_url);
 
 function che_get_user_id() {
-    @session_start();
-    return session_id();
+    global $member;
+
+    if(session_id() == '') {
+        @session_start();
+    }
+
+    $add_str = (isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
+    return session_id().$add_str;
 }
 
 function che_get_file_passname(){
diff --git a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
index 7e72ebafd..4f98bcfd1 100644
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/UploadHandler.php
@@ -215,14 +215,20 @@ class UploadHandler
             substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/'));
     }
 
-    protected function get_user_id() {
-        @session_start();
-        return session_id();
+    protected function get_user_id($is_add=true) {
+        global $member;
+
+        if(session_id() == '') {
+            @session_start();
+        }
+        
+        $add_str = ($is_add && isset($member['mb_id']) && $member['mb_id']) ? $member['mb_id'] : '';
+        return session_id().$add_str;
     }
 
     protected function get_user_path() {
         if ($this->options['user_dirs']) {
-            return $this->get_user_id().'/';
+            return $this->get_user_id(false).'/';
         }
         return '';
     }