From 102715421f9865209365c3a4a8648c1af92f1568 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Jan 2021 11:48:34 +0900
Subject: [PATCH 1/3] =?UTF-8?q?[KVE-2020-1597,=202021-0016]=20=EA=B7=B8?=
 =?UTF-8?q?=EB=88=84=EB=B3=B4=EB=93=9C=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/form_group.php                        |  2 +-
 adm/sms_admin/form_group_update.php                 |  6 +++---
 bbs/point.php                                       | 11 +++++++++++
 mobile/skin/member/basic/point.skin.php             | 13 +++++--------
 skin/member/basic/point.skin.php                    | 13 +++++--------
 theme/basic/mobile/skin/member/basic/point.skin.php | 11 ++++-------
 theme/basic/skin/member/basic/point.skin.php        | 11 ++++-------
 7 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/adm/sms_admin/form_group.php b/adm/sms_admin/form_group.php
index 4fb6cedc0..3acb5788f 100644
--- a/adm/sms_admin/form_group.php
+++ b/adm/sms_admin/form_group.php
@@ -136,7 +136,7 @@ function grouplist_submit(f)
         </td>
         <td class="td_left">
             <label for="fg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
-            <input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['fg_name']?>" id="fg_name_<?php echo $i; ?>" class="frm_input">
+            <input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['fg_name']); ?>" id="fg_name_<?php echo $i; ?>" class="frm_input">
             <input type="checkbox" name="fg_member[<?php echo $i; ?>]" value="1" id="fg_member_<?php echo $i; ?>" <?php if ($group[$i]['fg_member']) echo 'checked';?>>
             <label for="fg_member_<?php echo $i; ?>">회원</label>
         </td>
diff --git a/adm/sms_admin/form_group_update.php b/adm/sms_admin/form_group_update.php
index 7daebb063..824d6f2e4 100644
--- a/adm/sms_admin/form_group_update.php
+++ b/adm/sms_admin/form_group_update.php
@@ -13,7 +13,7 @@ if ($w == 'u') // 업데이트
         // 실제 번호를 넘김
         $k = $post_cnk[$i];
         $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
-        $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
+        $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags(clean_xss_attributes($_POST['fg_name'][$k]))) : '';
         $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';
 
         if (!is_numeric($fg_no))
@@ -82,11 +82,11 @@ else if ($w == 'no')
 }
 else // 등록
 {
+    $fg_name = isset($_POST['fg_name']) ? addslashes(strip_tags(clean_xss_attributes($_POST['fg_name']))) : '';
+
     if (!strlen(trim($fg_name)))
         alert('그룹명을 입력해주세요');
 
-    $fg_name = addslashes(strip_tags($fg_name));
-
     $res = sql_fetch("select fg_name from {$g5['sms5_form_group_table']} where fg_name = '$fg_name'");
     if ($res)
         alert('같은 그룹명이 존재합니다.');
diff --git a/bbs/point.php b/bbs/point.php
index e67002ce8..e8e614fad 100644
--- a/bbs/point.php
+++ b/bbs/point.php
@@ -21,6 +21,17 @@ $total_page  = ceil($total_count / $rows);  // 전체 페이지 계산
 if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
 $from_record = ($page - 1) * $rows; // 시작 열을 구함
 
+$sql = " select *
+            {$sql_common}
+            {$sql_order}
+            limit {$from_record}, {$rows} ";
+
+$result = sql_query($sql);
+
+for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $list[] = $row;
+}
+
 include_once($member_skin_path.'/point.skin.php');
 
 include_once(G5_PATH.'/tail.sub.php');
\ No newline at end of file
diff --git a/mobile/skin/member/basic/point.skin.php b/mobile/skin/member/basic/point.skin.php
index 1e7c7e48a..020a6cf29 100644
--- a/mobile/skin/member/basic/point.skin.php
+++ b/mobile/skin/member/basic/point.skin.php
@@ -18,13 +18,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <ul class="point_list">
             <?php
             $sum_point1 = $sum_point2 = $sum_point3 = 0;
-
-            $sql = " select *
-                        {$sql_common}
-                        {$sql_order}
-                        limit {$from_record}, {$rows} ";
-            $result = sql_query($sql);
-            for ($i=0; $row=sql_fetch_array($result); $i++) {
+            
+            $i = 0;
+            foreach((array) $list as $row){
                 $point1 = $point2 = 0;
                 $point_use_class = '';
                 if ($row['po_point'] > 0) {
@@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
             </li>
             <?php
-            }
+                $i++;
+            }   // end foreach
 
             if ($i == 0)
                 echo '<li class="empty_list">자료가 없습니다.</li>';
diff --git a/skin/member/basic/point.skin.php b/skin/member/basic/point.skin.php
index b0177dbb7..b0d4e17b9 100644
--- a/skin/member/basic/point.skin.php
+++ b/skin/member/basic/point.skin.php
@@ -18,13 +18,9 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
         <ul class="point_list">
             <?php
             $sum_point1 = $sum_point2 = $sum_point3 = 0;
-
-            $sql = " select *
-                        {$sql_common}
-                        {$sql_order}
-                        limit {$from_record}, {$rows} ";
-            $result = sql_query($sql);
-            for ($i=0; $row=sql_fetch_array($result); $i++) {
+            
+            $i = 0;
+            foreach((array) $list as $row){
                 $point1 = $point2 = 0;
                 $point_use_class = '';
                 if ($row['po_point'] > 0) {
@@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
             </li>
             <?php
-            }
+                $i++;
+            }   // end foreach
 
             if ($i == 0)
                 echo '<li class="empty_li">자료가 없습니다.</li>';
diff --git a/theme/basic/mobile/skin/member/basic/point.skin.php b/theme/basic/mobile/skin/member/basic/point.skin.php
index 1e7c7e48a..a9de51c16 100644
--- a/theme/basic/mobile/skin/member/basic/point.skin.php
+++ b/theme/basic/mobile/skin/member/basic/point.skin.php
@@ -19,12 +19,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
             <?php
             $sum_point1 = $sum_point2 = $sum_point3 = 0;
 
-            $sql = " select *
-                        {$sql_common}
-                        {$sql_order}
-                        limit {$from_record}, {$rows} ";
-            $result = sql_query($sql);
-            for ($i=0; $row=sql_fetch_array($result); $i++) {
+            $i = 0;
+            foreach((array) $list as $row){
                 $point1 = $point2 = 0;
                 $point_use_class = '';
                 if ($row['po_point'] > 0) {
@@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
             </li>
             <?php
-            }
+                $i++;
+            }   // end foreach
 
             if ($i == 0)
                 echo '<li class="empty_list">자료가 없습니다.</li>';
diff --git a/theme/basic/skin/member/basic/point.skin.php b/theme/basic/skin/member/basic/point.skin.php
index b0177dbb7..765441d8b 100644
--- a/theme/basic/skin/member/basic/point.skin.php
+++ b/theme/basic/skin/member/basic/point.skin.php
@@ -19,12 +19,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
             <?php
             $sum_point1 = $sum_point2 = $sum_point3 = 0;
 
-            $sql = " select *
-                        {$sql_common}
-                        {$sql_order}
-                        limit {$from_record}, {$rows} ";
-            $result = sql_query($sql);
-            for ($i=0; $row=sql_fetch_array($result); $i++) {
+            $i = 0;
+            foreach((array) $list as $row){
                 $point1 = $point2 = 0;
                 $point_use_class = '';
                 if ($row['po_point'] > 0) {
@@ -55,7 +51,8 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
                 </span>
             </li>
             <?php
-            }
+                $i++;
+            }   // end foreach
 
             if ($i == 0)
                 echo '<li class="empty_li">자료가 없습니다.</li>';

From be4517f0aa7a49a618ff8c9a42ff9cc383b75bc7 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Jan 2021 12:30:06 +0900
Subject: [PATCH 2/3] =?UTF-8?q?=EC=B5=9C=EC=8B=A0=EA=B8=80=20=EC=8A=A4?=
 =?UTF-8?q?=ED=82=A8=20=EA=B8=80=20=EB=A7=81=ED=81=AC=EB=A5=BC=20=EC=A7=A7?=
 =?UTF-8?q?=EC=9D=80=20=EC=A3=BC=EC=86=8C=20=ED=95=A8=EC=88=98=20=EC=BD=94?=
 =?UTF-8?q?=EB=93=9C=EB=A1=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mobile/skin/latest/basic/latest.skin.php               | 7 ++++---
 mobile/skin/latest/comment/latest.skin.php             | 2 +-
 mobile/skin/latest/notice/latest.skin.php              | 2 +-
 skin/latest/basic/latest.skin.php                      | 2 +-
 skin/latest/notice/latest.skin.php                     | 2 +-
 skin/latest/pic_block/latest.skin.php                  | 5 +++--
 skin/latest/pic_list/latest.skin.php                   | 6 ++++--
 theme/basic/mobile/skin/latest/basic/latest.skin.php   | 7 ++++---
 theme/basic/mobile/skin/latest/comment/latest.skin.php | 2 +-
 theme/basic/mobile/skin/latest/notice/latest.skin.php  | 2 +-
 theme/basic/skin/latest/basic/latest.skin.php          | 2 +-
 theme/basic/skin/latest/notice/latest.skin.php         | 2 +-
 theme/basic/skin/latest/pic_block/latest.skin.php      | 5 +++--
 theme/basic/skin/latest/pic_list/latest.skin.php       | 6 ++++--
 14 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/mobile/skin/latest/basic/latest.skin.php b/mobile/skin/latest/basic/latest.skin.php
index 434bbc945..79079ec68 100644
--- a/mobile/skin/latest/basic/latest.skin.php
+++ b/mobile/skin/latest/basic/latest.skin.php
@@ -28,7 +28,8 @@ $is_show_next_prev = ($list_count > 4) ? 1 : 0;
             $thumb = get_list_thumbnail($bo_table, $list[$i]['wr_id'], $thumb_width, $thumb_height, false, true);
             $img = $thumb['src'] ? $thumb['src'] : '';
             $img_content = $img ? '<img src="'.$img.'" alt="'.$thumb['alt'].'" >' : '';
-            
+            $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
+
             $echo_ul = ( $i && (($i % $divisor_count) === 0) ) ? '</ul><ul class="item">'.PHP_EOL : '';
 
             echo $echo_ul;
@@ -38,10 +39,10 @@ $is_show_next_prev = ($list_count > 4) ? 1 : 0;
                 //echo $list[$i]['icon_reply']." ";
                 
                 if( $img_content ){
-                    echo "<a href=\"".$list[$i]['href']."\" class=\"lt_thumb\">".run_replace('thumb_image_tag', $img_content, $thumb)."</a> ";
+                    echo "<a href=\"".$wr_href."\" class=\"lt_thumb\">".run_replace('thumb_image_tag', $img_content, $thumb)."</a> ";
                 }
                 
-                echo "<a href=\"".$list[$i]['href']."\" class=\"lt_tit\">";
+                echo "<a href=\"".$wr_href."\" class=\"lt_tit\">";
                 if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i> ";
                 if ($list[$i]['is_notice'])
                     echo "<strong>".$list[$i]['subject']."</strong>";
diff --git a/mobile/skin/latest/comment/latest.skin.php b/mobile/skin/latest/comment/latest.skin.php
index 961c48b0c..9ad7b04d9 100644
--- a/mobile/skin/latest/comment/latest.skin.php
+++ b/mobile/skin/latest/comment/latest.skin.php
@@ -15,7 +15,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         <li>
             <span class="cm_lt_nick"><?php echo get_member_profile_img($member['mb_id']); ?></span>
             <div class="cm_lt_info">
-            	<a href="<?php echo $list[$i]['href']; ?>" class="over"><?php echo $list[$i]['subject']; ?></a>
+            	<a href="<?php echo get_pretty_url($bo_table, $list[$i]['wr_id']); ?>" class="over"><?php echo $list[$i]['subject']; ?></a>
 				<br>
 				<span class="lt_nick"><?php echo $list[$i]['name'] ?></span>
             	<span class="lt_date"><?php echo $list[$i]['datetime2'] ?></span>              
diff --git a/mobile/skin/latest/notice/latest.skin.php b/mobile/skin/latest/notice/latest.skin.php
index c59f74c6a..a59e0fb48 100644
--- a/mobile/skin/latest/notice/latest.skin.php
+++ b/mobile/skin/latest/notice/latest.skin.php
@@ -16,7 +16,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             if ($list[$i]['icon_secret']) echo "<span class=\"lock_icon\"><i class=\"fa fa-lock\" aria-hidden=\"true\"></i></span> ";
             if ($list[$i]['icon_new']) echo "<span class=\"new_icon\">N<span class=\"sound_only\">새글</span></span>";
              //echo $list[$i]['icon_reply']." ";
-            echo "<a href=\"".$list[$i]['href']."\">";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\">";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/skin/latest/basic/latest.skin.php b/skin/latest/basic/latest.skin.php
index 78b3fc128..2f77032a5 100644
--- a/skin/latest/basic/latest.skin.php
+++ b/skin/latest/basic/latest.skin.php
@@ -14,7 +14,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
 
-            echo "<a href=\"".$list[$i]['href']."\"> ";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/skin/latest/notice/latest.skin.php b/skin/latest/notice/latest.skin.php
index c59f74c6a..a59e0fb48 100644
--- a/skin/latest/notice/latest.skin.php
+++ b/skin/latest/notice/latest.skin.php
@@ -16,7 +16,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             if ($list[$i]['icon_secret']) echo "<span class=\"lock_icon\"><i class=\"fa fa-lock\" aria-hidden=\"true\"></i></span> ";
             if ($list[$i]['icon_new']) echo "<span class=\"new_icon\">N<span class=\"sound_only\">새글</span></span>";
              //echo $list[$i]['icon_reply']." ";
-            echo "<a href=\"".$list[$i]['href']."\">";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\">";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/skin/latest/pic_block/latest.skin.php b/skin/latest/pic_block/latest.skin.php
index 58b7f4519..887d56845 100644
--- a/skin/latest/pic_block/latest.skin.php
+++ b/skin/latest/pic_block/latest.skin.php
@@ -23,13 +23,14 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         $thumb['alt'] = '이미지가 없습니다.';
     }
     $img_content = '<img src="'.$img.'" alt="'.$thumb['alt'].'" >';
+    $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
     ?>
         <li class="gallery_li">
-            <a href="<?php echo $list[$i]['href'] ?>" class="lt_img"><?php echo run_replace('thumb_image_tag', $img_content, $thumb); ?></a>
+            <a href="<?php echo $wr_href; ?>" class="lt_img"><?php echo run_replace('thumb_image_tag', $img_content, $thumb); ?></a>
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
 
-            echo "<a href=\"".$list[$i]['href']."\"> ";
+            echo "<a href=\"".$wr_href."\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/skin/latest/pic_list/latest.skin.php b/skin/latest/pic_list/latest.skin.php
index 50ad31951..761cbb72c 100644
--- a/skin/latest/pic_list/latest.skin.php
+++ b/skin/latest/pic_list/latest.skin.php
@@ -17,6 +17,8 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         
         $img_link_html = '';
         
+        $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
+
         if( $i === 0 ) {
             $thumb = get_list_thumbnail($bo_table, $list[$i]['wr_id'], $thumb_width, $thumb_height, false, true);
 
@@ -27,7 +29,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
                 $thumb['alt'] = '이미지가 없습니다.';
             }
             $img_content = '<img src="'.$img.'" alt="'.$thumb['alt'].'" >';
-            $img_link_html = '<a href="'.$list[$i]['href'].'" class="lt_img" >'.run_replace('thumb_image_tag', $img_content, $thumb).'</a>';
+            $img_link_html = '<a href="'.$wr_href.'" class="lt_img" >'.run_replace('thumb_image_tag', $img_content, $thumb).'</a>';
         }
     ?>
         <li>
@@ -35,7 +37,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
  
-            echo "<a href=\"".$list[$i]['href']."\" class=\"pic_li_tit\"> ";
+            echo "<a href=\"".$wr_href."\" class=\"pic_li_tit\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/theme/basic/mobile/skin/latest/basic/latest.skin.php b/theme/basic/mobile/skin/latest/basic/latest.skin.php
index 434bbc945..79079ec68 100644
--- a/theme/basic/mobile/skin/latest/basic/latest.skin.php
+++ b/theme/basic/mobile/skin/latest/basic/latest.skin.php
@@ -28,7 +28,8 @@ $is_show_next_prev = ($list_count > 4) ? 1 : 0;
             $thumb = get_list_thumbnail($bo_table, $list[$i]['wr_id'], $thumb_width, $thumb_height, false, true);
             $img = $thumb['src'] ? $thumb['src'] : '';
             $img_content = $img ? '<img src="'.$img.'" alt="'.$thumb['alt'].'" >' : '';
-            
+            $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
+
             $echo_ul = ( $i && (($i % $divisor_count) === 0) ) ? '</ul><ul class="item">'.PHP_EOL : '';
 
             echo $echo_ul;
@@ -38,10 +39,10 @@ $is_show_next_prev = ($list_count > 4) ? 1 : 0;
                 //echo $list[$i]['icon_reply']." ";
                 
                 if( $img_content ){
-                    echo "<a href=\"".$list[$i]['href']."\" class=\"lt_thumb\">".run_replace('thumb_image_tag', $img_content, $thumb)."</a> ";
+                    echo "<a href=\"".$wr_href."\" class=\"lt_thumb\">".run_replace('thumb_image_tag', $img_content, $thumb)."</a> ";
                 }
                 
-                echo "<a href=\"".$list[$i]['href']."\" class=\"lt_tit\">";
+                echo "<a href=\"".$wr_href."\" class=\"lt_tit\">";
                 if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i> ";
                 if ($list[$i]['is_notice'])
                     echo "<strong>".$list[$i]['subject']."</strong>";
diff --git a/theme/basic/mobile/skin/latest/comment/latest.skin.php b/theme/basic/mobile/skin/latest/comment/latest.skin.php
index 961c48b0c..9ad7b04d9 100644
--- a/theme/basic/mobile/skin/latest/comment/latest.skin.php
+++ b/theme/basic/mobile/skin/latest/comment/latest.skin.php
@@ -15,7 +15,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         <li>
             <span class="cm_lt_nick"><?php echo get_member_profile_img($member['mb_id']); ?></span>
             <div class="cm_lt_info">
-            	<a href="<?php echo $list[$i]['href']; ?>" class="over"><?php echo $list[$i]['subject']; ?></a>
+            	<a href="<?php echo get_pretty_url($bo_table, $list[$i]['wr_id']); ?>" class="over"><?php echo $list[$i]['subject']; ?></a>
 				<br>
 				<span class="lt_nick"><?php echo $list[$i]['name'] ?></span>
             	<span class="lt_date"><?php echo $list[$i]['datetime2'] ?></span>              
diff --git a/theme/basic/mobile/skin/latest/notice/latest.skin.php b/theme/basic/mobile/skin/latest/notice/latest.skin.php
index c59f74c6a..a59e0fb48 100644
--- a/theme/basic/mobile/skin/latest/notice/latest.skin.php
+++ b/theme/basic/mobile/skin/latest/notice/latest.skin.php
@@ -16,7 +16,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             if ($list[$i]['icon_secret']) echo "<span class=\"lock_icon\"><i class=\"fa fa-lock\" aria-hidden=\"true\"></i></span> ";
             if ($list[$i]['icon_new']) echo "<span class=\"new_icon\">N<span class=\"sound_only\">새글</span></span>";
              //echo $list[$i]['icon_reply']." ";
-            echo "<a href=\"".$list[$i]['href']."\">";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\">";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/theme/basic/skin/latest/basic/latest.skin.php b/theme/basic/skin/latest/basic/latest.skin.php
index ba7cae909..d55f4556b 100644
--- a/theme/basic/skin/latest/basic/latest.skin.php
+++ b/theme/basic/skin/latest/basic/latest.skin.php
@@ -14,7 +14,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
 
-            echo "<a href=\"".$list[$i]['href']."\"> ";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/theme/basic/skin/latest/notice/latest.skin.php b/theme/basic/skin/latest/notice/latest.skin.php
index c59f74c6a..a59e0fb48 100644
--- a/theme/basic/skin/latest/notice/latest.skin.php
+++ b/theme/basic/skin/latest/notice/latest.skin.php
@@ -16,7 +16,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             if ($list[$i]['icon_secret']) echo "<span class=\"lock_icon\"><i class=\"fa fa-lock\" aria-hidden=\"true\"></i></span> ";
             if ($list[$i]['icon_new']) echo "<span class=\"new_icon\">N<span class=\"sound_only\">새글</span></span>";
              //echo $list[$i]['icon_reply']." ";
-            echo "<a href=\"".$list[$i]['href']."\">";
+            echo "<a href=\"".get_pretty_url($bo_table, $list[$i]['wr_id'])."\">";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/theme/basic/skin/latest/pic_block/latest.skin.php b/theme/basic/skin/latest/pic_block/latest.skin.php
index 2682480e0..43248a2a2 100644
--- a/theme/basic/skin/latest/pic_block/latest.skin.php
+++ b/theme/basic/skin/latest/pic_block/latest.skin.php
@@ -23,13 +23,14 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
         $thumb['alt'] = '이미지가 없습니다.';
     }
     $img_content = '<img src="'.$img.'" alt="'.$thumb['alt'].'" >';
+    $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
     ?>
         <li class="galley_li">
-            <a href="<?php echo $list[$i]['href'] ?>" class="lt_img"><?php echo run_replace('thumb_image_tag', $img_content, $thumb); ?></a>
+            <a href="<?php echo $wr_href; ?>" class="lt_img"><?php echo run_replace('thumb_image_tag', $img_content, $thumb); ?></a>
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
 
-            echo "<a href=\"".$list[$i]['href']."\"> ";
+            echo "<a href=\"".$wr_href."\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else
diff --git a/theme/basic/skin/latest/pic_list/latest.skin.php b/theme/basic/skin/latest/pic_list/latest.skin.php
index 89700c5c0..fc4ab8f47 100644
--- a/theme/basic/skin/latest/pic_list/latest.skin.php
+++ b/theme/basic/skin/latest/pic_list/latest.skin.php
@@ -16,6 +16,8 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
     for ($i=0; $i<$list_count; $i++) {
         
         $img_link_html = '';
+
+        $wr_href = get_pretty_url($bo_table, $list[$i]['wr_id']);
         
         if( $i === 0 ) {
             $thumb = get_list_thumbnail($bo_table, $list[$i]['wr_id'], $thumb_width, $thumb_height, false, true);
@@ -27,7 +29,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
                 $thumb['alt'] = '이미지가 없습니다.';
             }
             $img_content = '<img src="'.$img.'" alt="'.$thumb['alt'].'" >';
-            $img_link_html = '<a href="'.$list[$i]['href'].'" class="lt_img" >'.run_replace('thumb_image_tag', $img_content, $thumb).'</a>';
+            $img_link_html = '<a href="'.$wr_href.'" class="lt_img" >'.run_replace('thumb_image_tag', $img_content, $thumb).'</a>';
         }
     ?>
         <li>
@@ -35,7 +37,7 @@ $list_count = (is_array($list) && $list) ? count($list) : 0;
             <?php
             if ($list[$i]['icon_secret']) echo "<i class=\"fa fa-lock\" aria-hidden=\"true\"></i><span class=\"sound_only\">비밀글</span> ";
  
-            echo "<a href=\"".$list[$i]['href']."\" class=\"pic_li_tit\"> ";
+            echo "<a href=\"".$wr_href."\" class=\"pic_li_tit\"> ";
             if ($list[$i]['is_notice'])
                 echo "<strong>".$list[$i]['subject']."</strong>";
             else

From 031949528b341404f9c37256781b8de9b01816ec Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Jan 2021 15:28:43 +0900
Subject: [PATCH 3/3] =?UTF-8?q?=EB=B2=84=EC=A0=84=205.4.4.7=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.php b/config.php
index b2c225c4a..7ee46ff6a 100644
--- a/config.php
+++ b/config.php
@@ -5,7 +5,7 @@
 ********************/
 
 define('G5_VERSION', '그누보드5');
-define('G5_GNUBOARD_VER', '5.4.4.6');
+define('G5_GNUBOARD_VER', '5.4.4.7');
 
 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);