KVE-0778 영카트 다중 취약점 수정

adm/shop_admin/itemeventformupdate.php

@@ -19,6 +19,11 @@ if ($ev_mimg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
 if ($ev_himg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
 if ($ev_timg_del)  @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
 
+$skin_regex_patten = "^list.[0-9]+\.skin\.php";
+
+$ev_skin = (preg_match("/$pattern/", $ev_skin) && G5_SHOP_SKIN_PATH.'/'.file_exists($ev_skin)) ? $ev_skin : ''; 
+$ev_mobile_skin = (preg_match("/$pattern/", $ev_mobile_skin) && G5_MSHOP_SKIN_PATH.'/'.file_exists($ev_mobile_skin)) ? $ev_mobile_skin : ''; 
+
 $sql_common = " set ev_skin             = '$ev_skin',
                     ev_mobile_skin      = '$ev_mobile_skin',
                     ev_img_width        = '$ev_img_width',