From e6a3df6f0873f627955d8cb23e9a6d8c08eae145 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Tue, 13 Jun 2017 16:06:12 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C=20?=
 =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=82=AD=EC=A0=9C=20=EC=B7=A8=EC=95=BD?=
 =?UTF-8?q?=EC=A0=90=2017-282=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/editor/cheditor5/imageUpload/delete.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugin/editor/cheditor5/imageUpload/delete.php b/plugin/editor/cheditor5/imageUpload/delete.php
index 0da4fc8f3..1d961c696 100644
--- a/plugin/editor/cheditor5/imageUpload/delete.php
+++ b/plugin/editor/cheditor5/imageUpload/delete.php
@@ -5,9 +5,9 @@ if(!function_exists('ft_nonce_is_valid')){
     include_once('../editor.lib.php');
 }
 
-$filesrc = isset($_POST["filesrc"]) ? $_POST["filesrc"] : '';
+$filesrc = isset($_POST["filesrc"]) ? preg_replace("/[ #\&\+\-%@=\/\\\:;,\'\"\^`~\_|\!\?\*$#<>()\[\]\{\}]/", "", $_POST["filesrc"]) : '';
 
-if( !$filesrc ){
+if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){
     die( false );
 }