From eb5f67de5ac65c974e62b8aa7adb13b90c072a15 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 13 Mar 2019 16:12:26 +0900
Subject: [PATCH] =?UTF-8?q?=EC=87=BC=ED=95=91=EB=AA=B0=20=ED=99=98?=
 =?UTF-8?q?=EA=B2=BD=EC=84=A4=EC=A0=95=20=EC=8A=A4=ED=82=A8=20=ED=8C=8C?=
 =?UTF-8?q?=EC=9D=BC=20=EC=B2=B4=ED=81=AC=20=EC=BD=94=EB=93=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/shop_admin/configformupdate.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/adm/shop_admin/configformupdate.php b/adm/shop_admin/configformupdate.php
index 57cc2bb3c..281df1bb4 100644
--- a/adm/shop_admin/configformupdate.php
+++ b/adm/shop_admin/configformupdate.php
@@ -33,8 +33,8 @@ if($_POST['de_pg_service'] == 'kcp' && !$_POST['de_card_test'] && ($_POST['de_ic
         alert('NHN KCP SITE KEY를 입력해 주십시오.');
 }
 
-$de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace('/(\.\.\/|\.\/|\.\.\\\|\.\\\)/', '', $_POST['de_shop_skin']) : 'basic';
-$de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace('/(\.\.\/|\.\/|\.\.\\\|\.\\\)/', '', $_POST['de_shop_mobile_skin']) : 'basic';
+$de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_skin']) : 'basic';
+$de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_mobile_skin']) : 'basic';
 
 $skins = get_skin_dir('shop');
 
@@ -64,11 +64,7 @@ $de_shop_mobile_skin = in_array($de_shop_mobile_skin, $mobile_skins) ? $de_shop_
 $check_skin_keys = array('de_type1_list_skin', 'de_type2_list_skin', 'de_type3_list_skin', 'de_type4_list_skin', 'de_type5_list_skin', 'de_mobile_type1_list_skin', 'de_mobile_type2_list_skin', 'de_mobile_type3_list_skin', 'de_mobile_type4_list_skin', 'de_mobile_type5_list_skin', 'de_rel_list_skin', 'de_mobile_rel_list_skin', 'de_search_list_skin', 'de_mobile_search_list_skin', 'de_listtype_list_skin', 'de_mobile_listtype_list_skin');
 
 foreach($check_skin_keys as $key){
-    $skin_file = isset($_POST[$key]) ? $_POST[$key] : '';
-
-    if( $skin_file && ! preg_match('/^.*\.(php|htm|html)$/i', $skin_file) ){
-        alert('스킨 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
-    }
+    $$key = $_POST[$key] = isset($_POST[$key]) ? preg_replace('#\.+(\/|\\\)#', '', $_POST[$key]) : '';
 }
 
 //