From cd7d06e083736b8bad193473331f23740c7e54ab Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 6 Sep 2017 20:17:53 +0900 Subject: [PATCH] =?UTF-8?q?=EC=98=81=EC=B9=B4=ED=8A=B8=20=EC=9B=90?= =?UTF-8?q?=EA=B2=A9=20=EC=BD=94=EB=93=9C=20=EC=8B=A4=ED=96=89=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95=20(=2017-0524,525=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/itemqaformupdate.php | 26 ++++++++++++-------------- shop/itemuseformupdate.php | 14 +++++++------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/shop/itemqaformupdate.php b/shop/itemqaformupdate.php index a92edc176..73e6a8ef1 100644 --- a/shop/itemqaformupdate.php +++ b/shop/itemqaformupdate.php @@ -90,14 +90,13 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $imgs = get_editor_image($row['iq_answer'], $get_editor_img_mode); @@ -109,14 +108,13 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $sql = " delete from {$g5['g5_shop_item_qa_table']} where iq_id = '$iq_id' and md5(concat(iq_id,iq_time,iq_ip)) = '{$hash}' "; diff --git a/shop/itemuseformupdate.php b/shop/itemuseformupdate.php index 868d2d895..b4701659d 100644 --- a/shop/itemuseformupdate.php +++ b/shop/itemuseformupdate.php @@ -103,14 +103,14 @@ else if ($w == "d") else $data_path = $p['path']; - if( end(explode('.', $data_path)) === 'php' ){ - continue; + + if( preg_match('/(gif|jpe?g|bmp|png)$/i', strtolower(end(explode('.', $data_path))) ) ){ + + $destfile = ( ! preg_match('/\w+\/\.\.\//', $data_path) ) ? G5_PATH.$data_path : ''; + + if($destfile && preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) + @unlink($destfile); } - - $destfile = G5_PATH.$data_path; - - if(preg_match('/\/data\/editor\/[A-Za-z0-9_]{1,20}\//', $destfile) && is_file($destfile)) - @unlink($destfile); } $sql = " delete from {$g5['g5_shop_item_use_table']} where is_id = '$is_id' and md5(concat(is_id,is_time,is_ip)) = '{$hash}' ";