Merge branch 'master' into merge-patch

2015-07-03 17:05:45 +09:00
parent 4b9369599c 8821583e8f
commit f72ea8774e
94 changed files with 571 additions and 405 deletions
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@ -191,7 +191,6 @@ function order_select($fld, $sel='')
 // 접근 권한 검사
 if (!$member['mb_id'])
 {
-    //alert('로그인 하십시오.', '$g5['bbs_path']/login.php?url=' . urlencode('$_SERVER['PHP_SELF']?w=$w&mb_id=$mb_id'));
    alert('로그인 하십시오.', G5_BBS_URL.'/login.php?url=' . urlencode(G5_ADMIN_URL));
 }
 else if ($is_admin != 'super')
--- a/adm/auth_list.php
+++ b/adm/auth_list.php
@ -45,7 +45,7 @@ $sql = " select *
            limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = "관리권한설정";
 include_once('./admin.head.php');
@ -158,7 +158,7 @@ else
 </form>

 <?php
-$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page=');
+$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page=');
 echo $pagelist;
 ?>

--- a/adm/board_form.php
+++ b/adm/board_form.php
@ -1099,12 +1099,12 @@ $frm_submit .= '</div>';
                    <option value="wr_good desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_good desc, wr_num, wr_reply"); ?>>wr_good desc : 추천수 높은것 부터</option>
                    <option value="wr_nogood asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_nogood asc, wr_num, wr_reply"); ?>>wr_nogood asc : 비추천수 낮은것 부터</option>
                    <option value="wr_nogood desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_nogood desc, wr_num, wr_reply"); ?>>wr_nogood desc : 비추천수 높은것 부터</option>
-                    <option value="wr_subject asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject asc, wr_num, wr_reply"); ?>>wr_subject asc : 제목 내림차순</option>
-                    <option value="wr_subject desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject desc, wr_num, wr_reply"); ?>>wr_subject desc : 제목 오름차순</option>
-                    <option value="wr_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name asc, wr_num, wr_reply"); ?>>wr_name asc : 글쓴이 내림차순</option>
-                    <option value="wr_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name desc, wr_num, wr_reply"); ?>>wr_name desc : 글쓴이 오름차순</option>
-                    <option value="ca_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name asc, wr_num, wr_reply"); ?>>ca_name asc : 분류명 내림차순</option>
-                    <option value="ca_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name desc, wr_num, wr_reply"); ?>>ca_name desc : 분류명 오름차순</option>
+                    <option value="wr_subject asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject asc, wr_num, wr_reply"); ?>>wr_subject asc : 제목 오름차순</option>
+                    <option value="wr_subject desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_subject desc, wr_num, wr_reply"); ?>>wr_subject desc : 제목 내림차순</option>
+                    <option value="wr_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name asc, wr_num, wr_reply"); ?>>wr_name asc : 글쓴이 오름차순</option>
+                    <option value="wr_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "wr_name desc, wr_num, wr_reply"); ?>>wr_name desc : 글쓴이 내림차순</option>
+                    <option value="ca_name asc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name asc, wr_num, wr_reply"); ?>>ca_name asc : 분류명 오름차순</option>
+                    <option value="ca_name desc, wr_num, wr_reply" <?php echo get_selected($board['bo_sort_field'], "ca_name desc, wr_num, wr_reply"); ?>>ca_name desc : 분류명 내림차순</option>
                </select>
            </td>
            <td class="td_grpset">
--- a/adm/board_list.php
+++ b/adm/board_list.php
@ -46,7 +46,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = '게시판관리';
 include_once('./admin.head.php');
@ -208,7 +208,7 @@ $colspan = 15;

 </form>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>

 <script>
 function fboardlist_submit(f)
--- a/adm/boardgroup_list.php
+++ b/adm/boardgroup_list.php
@ -50,7 +50,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">처음</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">처음</a>';

 $g5['title'] = '게시판그룹설정';
 include_once('./admin.head.php');
@ -190,7 +190,7 @@ $colspan = 10;
 </div>

 <?php
-$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page=');
+$pagelist = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page=');
 echo $pagelist;
 ?>

--- a/adm/boardgroupmember_form.php
+++ b/adm/boardgroupmember_form.php
@ -76,7 +76,6 @@ $colspan = 4;
    $sql .= " order by a.gr_id desc ";
    $result = sql_query($sql);
    for ($i=0; $row=sql_fetch_array($result); $i++) {
-        $s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
    ?>
    <tr>
        <td class="td_chk">
--- a/adm/boardgroupmember_list.php
+++ b/adm/boardgroupmember_list.php
@ -104,8 +104,6 @@ $colspan = 7;
        if ($row2['cnt'])
            $group = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">'.$row2['cnt'].'</a>';

-        //$s_del = '<a href="javascript:post_delete(\'boardgroupmember_update.php\', \''.$row['gm_id'].'\');">삭제</a>';
-
        $mb_nick = get_sideview($row['mb_id'], $row['mb_nick'], $row['mb_email'], $row['mb_homepage']);

        $bg = 'bg'.($i%2);
@ -139,7 +137,7 @@ $colspan = 7;
 </div>
 </form>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;gr_id=$gr_id&page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;gr_id=$gr_id&page="); ?>

 <script>
 function fboardgroupmember_submit(f)
--- a/adm/config_form.php
+++ b/adm/config_form.php
@ -816,8 +816,8 @@ if ($config['cf_icode_id'] && $config['cf_icode_pw']) {
            <th scope="row" class="cf_cert_service"><label for="cf_cert_kcb_cd">코리아크레딧뷰로<br>KCB 회원사ID</label></th>
            <td class="cf_cert_service">
                <?php echo help('KCB 회원사ID를 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, KCB와 계약체결 후 회원사ID를 발급 받으실 수 있습니다.<br>이용하시려는 서비스에 대한 계약을 아이핀, 휴대폰 본인확인 각각 체결해주셔야 합니다.<br>아이핀 본인확인 테스트의 경우에는 KCB 회원사ID가 필요 없으나,<br>휴대폰 본인확인 테스트의 경우 KCB 에서 따로 발급 받으셔야 합니다.') ?>
-                <input type="text" name="cf_cert_kcb_cd" value="<?php echo $config['cf_cert_kcb_cd'] ?>" id="cf_cert_kcb_cd" class="frm_input" size="20"> <a href="http://sir.co.kr/main/provider/b_ipin.php" target="_blank" class="btn_frmline">KCB 아이핀 서비스 신청페이지</a>
-                <a href="http://sir.co.kr/main/provider/b_cert.php" target="_blank" class="btn_frmline">KCB 휴대폰 본인확인 서비스 신청페이지</a>
+                <input type="text" name="cf_cert_kcb_cd" value="<?php echo $config['cf_cert_kcb_cd'] ?>" id="cf_cert_kcb_cd" class="frm_input" size="20"> <a href="http://sir.co.kr/main/service/b_ipin.php" target="_blank" class="btn_frmline">KCB 아이핀 서비스 신청페이지</a>
+                <a href="http://sir.co.kr/main/service/b_cert.php" target="_blank" class="btn_frmline">KCB 휴대폰 본인확인 서비스 신청페이지</a>
            </td>
        </tr>
        <tr>
@ -825,7 +825,7 @@ if ($config['cf_icode_id'] && $config['cf_icode_pw']) {
            <td class="cf_cert_service">
                <?php echo help('SM으로 시작하는 5자리 사이트 코드중 뒤의 3자리만 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 사이트코드를 발급 받으실 수 있습니다.') ?>
                <span class="sitecode">SM</span>
-                <input type="text" name="cf_cert_kcp_cd" value="<?php echo $config['cf_cert_kcp_cd'] ?>" id="cf_cert_kcp_cd" class="frm_input" size="3"> <a href="http://sir.co.kr/main/provider/p_cert.php" target="_blank" class="btn_frmline">KCP 휴대폰 본인확인 서비스 신청페이지</a>
+                <input type="text" name="cf_cert_kcp_cd" value="<?php echo $config['cf_cert_kcp_cd'] ?>" id="cf_cert_kcp_cd" class="frm_input" size="3"> <a href="http://sir.co.kr/main/service/p_cert.php" target="_blank" class="btn_frmline">KCP 휴대폰 본인확인 서비스 신청페이지</a>
            </td>
        </tr>
        <tr>
@ -833,7 +833,7 @@ if ($config['cf_icode_id'] && $config['cf_icode_pw']) {
            <td class="cf_cert_service">
                <?php echo help('LG유플러스 상점아이디 중 si_를 제외한 나머지 아이디만 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 상점아이디를 발급 받으실 수 있습니다.<br><strong>LG유플러스 휴대폰본인확인은 ActiveX 설치가 필요하므로 Internet Explorer 에서만 사용할 수 있습니다.</strong>') ?>
                <span class="sitecode">si_</span>
-                <input type="text" name="cf_lg_mid" value="<?php echo $config['cf_lg_mid'] ?>" id="cf_lg_mid" class="frm_input" size="20"> <a href="http://sir.co.kr/main/provider/lg_cert.php" target="_blank" class="btn_frmline">LG유플러스 본인확인 서비스 신청페이지</a>
+                <input type="text" name="cf_lg_mid" value="<?php echo $config['cf_lg_mid'] ?>" id="cf_lg_mid" class="frm_input" size="20"> <a href="http://sir.co.kr/main/service/lg_cert.php" target="_blank" class="btn_frmline">LG유플러스 본인확인 서비스 신청페이지</a>
            </td>
        </tr>
        <tr>
--- a/adm/contentlist.php
+++ b/adm/contentlist.php
@ -50,7 +50,7 @@ $result = sql_query($sql);
 ?>

 <div class="local_ov01 local_ov">
-    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['PHP_SELF']; ?>">처음으로</a><?php } ?>
+    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>">처음으로</a><?php } ?>
    <span>전체 내용 <?php echo $total_count; ?>건</span>
 </div>

@ -91,7 +91,7 @@ $result = sql_query($sql);
    </table>
 </div>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>

 <?php
 include_once (G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/css/admin.css
+++ b/adm/css/admin.css
@ -690,11 +690,11 @@ strong.sodr_nonpay {display:block;padding:5px 0;text-align:right}

 /*부가서비스*/
 .lnb_svc{color:#ff3061;font-weight:bold}
-.service_wrap{min-width:960px; margin:0 20px 10px;overflow:hidden}
-.sevice_1{border:1px solid #ebe8e8;width:286px;float:left;border-radius:5px;text-align:center;margin-right:6px;}
+.service_wrap{width:960px; margin:0 20px 10px;overflow:hidden}
+.sevice_1{border:1px solid #ebe8e8;width:330px;float:left;border-radius:5px;text-align:center;margin-right:6px;}
 .sevice_1 .svc_img{padding:30px 0 0;}
 .sevice_1 h3{font-size:16px;margin:15px 0;color:#525252}
-.sevice_1 p{padding:20px;background:#f8f8f8;height:102px;font-size:12px;text-align:left;  color:#898989;line-height:18px}
+.sevice_1 p{padding:20px;background:#f8f8f8;height:90px;font-size:12px;text-align:left;  color:#898989;line-height:18px}
 .sevice_1 ul {width:100%;padding:0; margin:0;border-top:1px solid #ebe8e8;}
 .sevice_1 ul li{list-style:none;float:left;border-right:1px solid #ebe8e8;width:33%;}
 .sevice_1 ul li a{display:inline-block;height:76px;width:100%}
@ -703,14 +703,14 @@ strong.sodr_nonpay {display:block;padding:5px 0;text-align:right}
 .sevice_1 h4{width:100%;padding:0; margin:0;border-top:1px solid #ebe8e8;}
 .sevice_1 h4 a{display:inline-block;height:66px;padding:10px 0 0;width:100%}

-.sevice_2{border:1px solid #ebe8e8;float:left;width:370px;}
-.sevice_2 .svc_a{float:left;width:203px;padding:33px 0 0 22px ;height:111px; }
-.sevice_2 .svc_a h3{font-size:14px;letter-spacing:-1px;color:#525252;margin-bottom:5px}
-.sevice_2 .svc_a p{color:#898989;line-height:18px;letter-spacing:-1px;}
-.sevice_2 .svc_btn{float:right;}
-.sevice_2 .svc_btn a{display:inline-block; background:#ff3061;width:121px;text-align:center;color:#fff;padding:10px 0;margin:53px 10px 0 0;}
+.sevice_2{border:1px solid #ebe8e8;float:left;width:282px;}
+.sevice_2 .svc_a{padding:33px 0 0;}
+.sevice_2 .svc_a h3{font-size:14px;letter-spacing:-1px;color:#525252;margin-bottom:5px;padding:0 20px 0}
+.sevice_2 .svc_a p{color:#898989;line-height:18px;letter-spacing:-1px;padding:5px 20px 0;}
+.sevice_2 .svc_btn{text-align:center;position:absolute;bottom:0;left:0;width:282px;}
+.sevice_2 .svc_btn a{display:inline-block; background:#ff3061;text-align:center;color:#fff;padding:10px 20px;}
 .sevice_2 .svc_btn a:hover{text-decoration:none;}
-.sevice_2 .svc_sms{overflow:hidden;border-bottom:1px solid #ebe8e8;}
-.sevice_2 .svc_sms .svc_btn a{display:inline-block; width:132px; background:#f8f8f8;height:145px;text-align:center;margin:0;padding:0}
-.sevice_2 .svc_sms .svc_btn a img{margin-top:50px;}
-.sevice_2 .svc_keyword{overflow:hidden;border-bottom:1px solid #ebe8e8;background:#e6f2f4}
+.sevice_2 .svc_sms{overflow:hidden; height:212px;position:relative}
+.sevice_2 .svc_sms .svc_btn a{display:inline-block; background:#f8f8f8;width:100%;text-align:center;margin:0;padding:10px 0 0 }
+.sevice_2 .svc_design{overflow:hidden;height:210px;position:relative}
+.sevice_2 .svc_design .svc_btn a{margin:0 0 20px}
--- a/adm/faqmasterlist.php
+++ b/adm/faqmasterlist.php
@ -64,7 +64,7 @@ $result = sql_query($sql);
 ?>

 <div class="local_ov01 local_ov">
-    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['PHP_SELF']; ?>">처음으로</a><?php } ?>
+    <?php if ($page > 1) {?><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>">처음으로</a><?php } ?>
    <span>전체 FAQ <?php echo $total_count; ?>건</span>
 </div>

@ -121,7 +121,7 @@ $result = sql_query($sql);
    </table>
 </div>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>

 <?php
 include_once (G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/index.php
+++ b/adm/index.php
@ -84,7 +84,7 @@ $colspan = 12;
            else
            {
                $s_mod = '<a href="./member_form.php?$qstr&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
-                $s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['PHP_SELF'].'\');">삭제</a>';
+                $s_del = '<a href="javascript:del(\'./member_delete.php?'.$qstr.'&amp;w=d&amp;mb_id='.$row['mb_id'].'&amp;url='.$_SERVER['SCRIPT_NAME'].'\');">삭제</a>';
            }
            $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

--- a/adm/mail_list.php
+++ b/adm/mail_list.php
@ -52,7 +52,6 @@ $colspan = 7;
    <tbody>
    <?php
    for ($i=0; $row=mysql_fetch_array($result); $i++) {
-        //$s_del = '<a href="javascript:post_delete(\'mail_update.php\', '.$row['ma_id'].');">삭제</a>';
        $s_vie = '<a href="./mail_preview.php?ma_id='.$row['ma_id'].'" target="_blank">미리보기</a>';

        $num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i);
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@ -81,7 +81,7 @@ if ($w == '')
    if ($row['mb_id'])
        alert('이미 존재하는 이메일입니다.\\nＩＤ : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);

-    sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".sql_password($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} ");
+    sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".get_encrypt_string($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} ");
 }
 else if ($w == 'u')
 {
@ -139,7 +139,7 @@ else if ($w == 'u')
    }

    if ($mb_password)
-        $sql_password = " , mb_password = '".sql_password($mb_password)."' ";
+        $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";
    else
        $sql_password = "";

--- a/adm/member_list.php
+++ b/adm/member_list.php
@ -56,7 +56,7 @@ $sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_intercept_dat
 $row = sql_fetch($sql);
 $intercept_count = $row['cnt'];

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = '회원관리';
 include_once('./admin.head.php');
@ -158,10 +158,8 @@ $colspan = 16;

        if ($is_admin == 'group') {
            $s_mod = '';
-            $s_del = '';
        } else {
            $s_mod = '<a href="./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$row['mb_id'].'">수정</a>';
-            //$s_del = '<a href="javascript:post_delete(\'member_delete.php\', \''.$row['mb_id'].'\');">삭제</a>';
        }
        $s_grp = '<a href="./boardgroupmember_form.php?mb_id='.$row['mb_id'].'">그룹</a>';

@ -224,7 +222,7 @@ $colspan = 16;
            <input type="radio" name="mb_certify[<?php echo $i; ?>]" value="hp" id="mb_certify_hp_<?php echo $i; ?>" <?php echo $row['mb_certify']=='hp'?'checked':''; ?>>
            <label for="mb_certify_hp_<?php echo $i; ?>">휴대폰</label>
        </td>
-        <td headers="mb_list_mobile" class="td_tel"><?php echo $row['mb_hp']; ?></td>
+        <td headers="mb_list_mobile" class="td_tel"><?php echo get_text($row['mb_hp']); ?></td>
        <td headers="mb_list_auth" class="td_mbstat">
            <?php
            if ($leave_msg || $intercept_msg) echo $leave_msg.' '.$intercept_msg;
@ -261,7 +259,7 @@ $colspan = 16;
            <label for="mb_intercept_date_<?php echo $i; ?>" class="sound_only">접근차단</label>
            <?php } ?>
        </td>
-        <td headers="mb_list_tel" class="td_tel"><?php echo $row['mb_tel']; ?></td>
+        <td headers="mb_list_tel" class="td_tel"><?php echo get_text($row['mb_tel']); ?></td>
        <td headers="mb_list_point" class="td_num"><a href="point_list.php?sfl=mb_id&amp;stx=<?php echo $row['mb_id'] ?>"><?php echo number_format($row['mb_point']) ?></a></td>
        <td headers="mb_list_join" class="td_date"><?php echo substr($row['mb_datetime'],2,8); ?></td>
    </tr>
--- a/adm/menu_list.php
+++ b/adm/menu_list.php
@ -71,12 +71,16 @@ $colspan = 7;
            $sub_menu_info = '<span class="sound_only">'.$row['me_name'].'의 서브</span>';
            $sub_menu_ico = '<span class="sub_menu_ico"></span>';
        }
+
+        $search  = array('"', "'");
+        $replace = array('&#34;', '&#39;');
+        $me_name = str_replace($search, $replace, $row['me_name']);
    ?>
    <tr class="<?php echo $bg; ?> menu_list menu_group_<?php echo substr($row['me_code'], 0, 2); ?>">
        <td class="td_category<?php echo $sub_menu_class; ?>">
            <input type="hidden" name="code[]" value="<?php echo substr($row['me_code'], 0, 2) ?>">
            <label for="me_name_<?php echo $i; ?>" class="sound_only"><?php echo $sub_menu_info; ?> 메뉴<strong class="sound_only"> 필수</strong></label>
-            <input type="text" name="me_name[]" value="<?php echo $row['me_name'] ?>" id="me_name_<?php echo $i; ?>" required class="required frm_input full_input">
+            <input type="text" name="me_name[]" value="<?php echo $me_name; ?>" id="me_name_<?php echo $i; ?>" required class="required frm_input full_input">
        </td>
        <td>
            <label for="me_link_<?php echo $i; ?>" class="sound_only">링크<strong class="sound_only"> 필수</strong></label>
--- a/adm/newwinformupdate.php
+++ b/adm/newwinformupdate.php
@ -5,22 +5,22 @@ include_once('./_common.php');
 if ($w == "u" || $w == "d")
    check_demo();

-if ($W == 'd')
+if ($w == 'd')
    auth_check($auth[$sub_menu], "d");
 else
    auth_check($auth[$sub_menu], "w");

-$sql_common = " nw_device = '$nw_device',
-                nw_begin_time = '$nw_begin_time',
-                nw_end_time = '$nw_end_time',
-                nw_disable_hours = '$nw_disable_hours',
-                nw_left = '$nw_left',
-                nw_top = '$nw_top',
-                nw_height = '$nw_height',
-                nw_width = '$nw_width',
-                nw_subject = '$nw_subject',
-                nw_content = '$nw_content',
-                nw_content_html = '$nw_content_html' ";
+$sql_common = " nw_device = '{$_POST['nw_device']}',
+                nw_begin_time = '{$_POST['nw_begin_time']}',
+                nw_end_time = '{$_POST['nw_end_time']}',
+                nw_disable_hours = '{$_POST['nw_disable_hours']}',
+                nw_left = '{$_POST['nw_left']}',
+                nw_top = '{$_POST['nw_top']}',
+                nw_height = '{$_POST['nw_height']}',
+                nw_width = '{$_POST['nw_width']}',
+                nw_subject = '{$_POST['nw_subject']}',
+                nw_content = '{$_POST['nw_content']}',
+                nw_content_html = '{$_POST['nw_content_html']}' ";

 if($w == "")
 {
--- a/adm/point_clear.php
+++ b/adm/point_clear.php
@ -1,64 +0,0 @@
-<?php
-$sub_menu = "200200";
-include_once('./_common.php');
-
-check_demo();
-
-if (!$ok)
-    alert();
-
-if ($is_admin != 'super')
-    alert('포인트 정리는 최고관리자만 가능합니다.');
-
-$g5['title'] = '포인트 정리';
-include_once('./admin.head.php');
-echo '<span id="ct"></span>';
-include_once('./admin.tail.php');
-flush();
-
-echo '<script>document.getElementById(\'ct\').innerHTML += \'<p>포인트 정리중...</p>\';</script>'."\n";
-flush();
-
-$max_count = 50;
-
-// 테이블 락을 걸고
-$sql = " LOCK TABLES {$g5['member_table']} WRITE, {$g5['point_table']} WRITE ";
-sql_query($sql);
-
-$sql = " select mb_id, count(po_point) as cnt
-            from {$g5['point_table']}
-            group by mb_id
-            having cnt > {$max_count}+1
-            order by cnt ";
-$result = sql_query($sql);
-for ($i=0; $row=sql_fetch_array($result); $i++)
-{
-    $count = 0;
-    $total = 0;
-    $sql2 = " select po_id, po_point
-                  from {$g5['point_table']}
-                  where mb_id = '{$row['mb_id']}'
-                  order by po_id desc
-                  limit {$max_count}, {$row['cnt']} ";
-    $result2 = sql_query($sql2);
-    for ($k=0; $row2=sql_fetch_array($result2); $k++)
-    {
-        $count++;
-        $total += $row2['po_point'];
-
-        sql_query(" delete from {$g5['point_table']} where po_id = '{$row2['po_id']}' ");
-    }
-
-    insert_point($row['mb_id'], $total, '포인트 {$count}건 정리', '@clear', $row['mb_id'], G5_TIME_YMD."-".uniqid(""));
-
-    $str = $row['mb_id']."님 포인트 내역 ".number_format($count)."건 ".number_format($total)."점 정리<br>";
-    echo '<script>document.getElementById(\'ct\').innerHTML += \''.$str.'\';</script>'."\n";
-    flush();
-}
-
-// 테이블 락을 풀고
-$sql = " UNLOCK TABLES ";
-sql_query($sql);
-
-echo '<script>document.getElementById(\'ct\').innerHTML += \'<p>총 '.$i.'건의 회원포인트 내역이 정리 되었습니다.</p>\';</script>'."\n";
-?>
--- a/adm/point_list.php
+++ b/adm/point_list.php
@ -48,7 +48,7 @@ $sql = " select *
            limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $mb = array();
 if ($sfl == 'mb_id' && $stx)
@ -70,16 +70,6 @@ else
    $mb_id = "";
 ?>

-<script>
-function point_clear()
-{
-    if (confirm('포인트 정리를 하시면 최근 50건 이전의 포인트 부여 내역을 삭제하므로 포인트 부여 내역을 필요로 할때 찾지 못할 수도 있습니다. 그래도 진행하시겠습니까?'))
-    {
-        document.location.href = "./point_clear.php?ok=1";
-    }
-}
-</script>
-
 <div class="local_ov01 local_ov">
    <?php echo $listall ?>
    전체 <?php echo number_format($total_count) ?> 건
@ -91,7 +81,6 @@ function point_clear()
        echo '&nbsp;(전체 합계 '.number_format($row2['sum_point']).'점)';
    }
    ?>
-    <?php if ($is_admin == 'super') { ?><!-- <a href="javascript:point_clear();">포인트정리</a> --><?php } ?>
 </div>

 <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
@ -192,7 +181,7 @@ function point_clear()

 </form>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>

 <section id="point_mng">
    <h2 class="h2_frm">개별회원 포인트 증감 설정</h2>
--- a/adm/poll_form.php
+++ b/adm/poll_form.php
@ -86,8 +86,8 @@ include_once('./admin.head.php');

    <?php if ($w == 'u') { ?>
    <tr>
-        <th scope="row"><label for="po_date">투표시작일</label></th>
-        <td><input type="text" name="po_date" value="<?php echo $po['po_date'] ?>" id="po_date" class="frm_input" maxlength="10"></td>
+        <th scope="row">투표등록일</th>
+        <td><?php echo $po['po_date']; ?></td>
    </tr>
    <tr>
        <th scope="row"><label for="po_ips">투표참가 IP</label></th>
--- a/adm/poll_form_update.php
+++ b/adm/poll_form_update.php
@ -14,7 +14,7 @@ if ($w == '')
 {
    $sql = " insert {$g5['poll_table']}
                    ( po_subject, po_poll1, po_poll2, po_poll3, po_poll4, po_poll5, po_poll6, po_poll7, po_poll8, po_poll9, po_cnt1, po_cnt2, po_cnt3, po_cnt4, po_cnt5, po_cnt6, po_cnt7, po_cnt8, po_cnt9, po_etc, po_level, po_point, po_date )
-             values ( '{$_POST['po_subject']}', '{$_POST['po_poll1']}', '{$_POST['po_poll2']}', '{$_POST['po_poll3']}', '{$_POST['po_poll4']}', '{$_POST['po_poll5']}', '{$_POST['po_poll6']}', '{$_POST['po_poll7']}', '{$_POST['po_poll8']}', '{$_POST['po_poll9']}', '{$_POST['po_cnt1']}', '{$_POST['po_cnt2']}', '{$_POST['po_cnt3']}', '{$_POST['po_cnt4']}', '{$_POST['po_cnt5']}', '{$_POST['po_cnt6']}', '{$_POST['po_cnt7']}', '{$_POST['po_cnt8']}', '{$_POST['po_cnt9']}', '{$_POST['po_etc']}', '{$_POST['po_level']}', '{$_POST['po_point']}', '".G5_TIME_YMDHIS."' ) ";
+             values ( '{$_POST['po_subject']}', '{$_POST['po_poll1']}', '{$_POST['po_poll2']}', '{$_POST['po_poll3']}', '{$_POST['po_poll4']}', '{$_POST['po_poll5']}', '{$_POST['po_poll6']}', '{$_POST['po_poll7']}', '{$_POST['po_poll8']}', '{$_POST['po_poll9']}', '{$_POST['po_cnt1']}', '{$_POST['po_cnt2']}', '{$_POST['po_cnt3']}', '{$_POST['po_cnt4']}', '{$_POST['po_cnt5']}', '{$_POST['po_cnt6']}', '{$_POST['po_cnt7']}', '{$_POST['po_cnt8']}', '{$_POST['po_cnt9']}', '{$_POST['po_etc']}', '{$_POST['po_level']}', '{$_POST['po_point']}', '".G5_TIME_YMD."' ) ";
    sql_query($sql);

    $po_id = mysql_insert_id();
@ -43,8 +43,7 @@ else if ($w == 'u')
                     po_cnt9 = '{$_POST['po_cnt9']}',
                     po_etc = '{$_POST['po_etc']}',
                     po_level = '{$_POST['po_level']}',
-                     po_point = '{$_POST['po_point']}',
-                     po_date = '{$_POST['po_date']}'
+                     po_point = '{$_POST['po_point']}'
                where po_id = '{$_POST['po_id']}' ";
    sql_query($sql);
 }
--- a/adm/poll_list.php
+++ b/adm/poll_list.php
@ -44,7 +44,7 @@ $sql = " select *
            limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = '투표관리';
 include_once('./admin.head.php');
@ -106,7 +106,6 @@ $colspan = 7;
        $po_etc = ($row['po_etc']) ? "사용" : "미사용";

        $s_mod = '<a href="./poll_form.php?'.$qstr.'&amp;w=u&amp;po_id='.$row['po_id'].'">수정</a>';
-        //$s_del = '<a href="javascript:post_delete(\'poll_form_update.php\', \''.$row['po_id'].'\');">삭제</a>';

        $bg = 'bg'.($i%2);
    ?>
@ -139,7 +138,7 @@ $colspan = 7;
 </div>
 </form>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>

 <script>
 $(function() {
--- a/adm/popular_list.php
+++ b/adm/popular_list.php
@ -57,7 +57,7 @@ $sql = " select *
            limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = '인기검색어관리';
 include_once('./admin.head.php');
@ -123,7 +123,7 @@ var list_delete_php = 'popular_list.php';
            <label for="chk_<?php echo $i; ?>" class="sound_only"><?php echo $word ?></label>
            <input type="checkbox" name="chk[]" value="<?php echo $row['pp_id'] ?>" id="chk_<?php echo $i ?>">
        </td>
-        <td><a href="<?php echo $_SERVER['PHP_SELF'] ?>?sfl=pp_word&amp;stx=<?php echo $word ?>"><?php echo $word ?></a></td>
+        <td><a href="<?php echo $_SERVER['SCRIPT_NAME'] ?>?sfl=pp_word&amp;stx=<?php echo $word ?>"><?php echo $word ?></a></td>
        <td><?php echo $row['pp_date'] ?></td>
        <td><?php echo $row['pp_ip'] ?></td>
    </tr>
@ -147,7 +147,7 @@ var list_delete_php = 'popular_list.php';

 </form>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>

 <script>
 $(function() {
--- a/adm/popular_rank.php
+++ b/adm/popular_rank.php
@ -26,7 +26,7 @@ $from_record = ($page - 1) * $rows; // 시작 열을 구함
 $sql = " select pp_word, count(*) as cnt {$sql_common} {$sql_search} {$sql_group} {$sql_order} limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목록</a>';

 $g5['title'] = '인기검색어순위';
 include_once('./admin.head.php');
@ -104,7 +104,7 @@ $(function(){
 </form>

 <?php
-echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page=");
+echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
 ?>

 <?php
--- a/adm/service.php
+++ b/adm/service.php
@ -19,9 +19,9 @@ include_once('./admin.head.php');
        <p>정보통신망법 23조 2항(주민등록번호의 사용제한)에 따라 기존 주민등록번호 기반의 인증서비스 이용이 불가합니다. 주민등록번호 대체수단으로 최소한의 정보(생년월일, 휴대폰번호, 성별)를 입력받아 본인임을 확인하는 인증수단 입니다</p>

        <ul>
-            <li><a href="http://sir.co.kr/main/provider/p_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_01.jpg" alt="KCP 휴대폰 본인확인 신청하기"></a></li>
-            <li><a href="http://sir.co.kr/main/provider/lg_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_02.jpg" alt="LG유플러스 휴대폰대체인증 신청하기"></a></li>
-            <li class="last"><a href="http://sir.co.kr/main/provider/b_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_03.jpg" alt="OKname 휴대폰 본인확인 신청하기"></a></li>
+            <li><a href="http://sir.co.kr/main/service/p_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_01.jpg" alt="KCP 휴대폰 본인확인 신청하기"></a></li>
+            <li><a href="http://sir.co.kr/main/service/lg_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_02.jpg" alt="LG유플러스 휴대폰대체인증 신청하기"></a></li>
+            <li class="last"><a href="http://sir.co.kr/main/service/b_cert.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_03.jpg" alt="OKname 휴대폰 본인확인 신청하기"></a></li>
        </ul>
    </div>
    <div class="sevice_1">
@ -30,31 +30,17 @@ include_once('./admin.head.php');
        <p>정부가 주관하는 주민등록번호 대체 수단으로 본인의 개인정보를 아이핀 사이트에 한번만 발급해 놓고, 이후부터는 아이디와 패스워드 만으로
        본인임을 확인하는 인증수단 입니다.</p>

-       <h4><a href="http://sir.co.kr/main/provider/b_ipin.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_04.jpg" alt="OKname 아이핀 본인확인 신청하기"></a></h4>
+       <h4><a href="http://sir.co.kr/main/service/b_ipin.php" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_04.jpg" alt="OKname 아이핀 본인확인 신청하기"></a></h4>
    </div>
    <div class="sevice_2">
            <div class="svc_sms">
                <div class="svc_a">
                    <h3>SMS 문자 서비스</h3>
-                    <p>사이트 관리자 또는 회원이 다른 회원의 휴대폰으로 단문메세지(최대 한글 40자, 영문 80자)를 발송할 수 있습니다.</p>
+                    <p>사이트 관리자 또는 회원이 다른 회원의 <br>휴대폰으로 단문메세지(최대 한글 40자, 영문 80자)를 발송할 수 있습니다.</p>
                </div>
                <div class="svc_btn"><a href="http://icodekorea.com/res/join_company_fix_a.php?sellid=sir2" target="_blank"><img src="<?php echo G5_ADMIN_URL ?>/img/svc_btn_05.jpg" alt="아이코드 SMS 서비스 신청하기"></a></div>
            </div>
-            <div class="svc_keyword">
-                <div class="svc_a">
-                    <h3>키워드 검색광고 (네이버, 다음)</h3>
-                    <p>키워드 광고 최소 70원 부터!<br> 키워드 광고의 전문가가 검색 결과의 <br>최상단에 노출시켜 드립니다</p>
-                </div>
-                <div class="svc_btn"><a href="http://sir.co.kr/main/ad/" target="_blank">서비스 신청하기</a></div>
-            </div>
-            <div class="svc_design">
-                <div class="svc_a">
-                    <h3>디자인 소스 (아사달)</h3>
-                    <p>이곳을 통하여 아사달 디자인 소스, 시안, 사진 등 구입하시면 10% 할인 쿠폰을 매일 선착순 15분께 드립니다.</p>
-                </div>
-                <div class="svc_btn"><a href="http://design.sir.co.kr/event/coupon.htm" target="_blank">디자인소스 구입하기</a></div>
-            </div>
-
+            
    </div>
 </div>

--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@ -3,7 +3,7 @@ define('G5_IS_ADMIN', true);
 include_once ('../../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');

-if (!strstr($_SERVER['PHP_SELF'], 'install.php')) {
+if (!strstr($_SERVER['SCRIPT_NAME'], 'install.php')) {
    if(!mysql_num_rows(mysql_query(" show tables like '{$g5['sms5_config_table']}' ")))
        goto_url('install.php');

--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@ -131,7 +131,7 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
    <span class="pg" id="person_pg"></span>
 </nav>

-<form name="search_form" id="sms_person_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="search_form" id="sms_person_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="total_pg" value="<?php echo $total_page?>">
 <input type="hidden" name="page" value="<?php echo $page?>">

--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@ -109,7 +109,7 @@ function multi_update(sel)
 <div class="local_sch01 local_sch sms_preset_sch">
    <form>
    <label for="fg_no" class="sound_only">그룹명</label>
-    <select name="fg_no" onchange="location.href='<?php echo $_SERVER['PHP_SELF']?>?fg_no='+this.value;">
+    <select name="fg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?fg_no='+this.value;">
        <option value="" <?php echo $fg_no?'':'selected'?>> 전체 </option>
        <option value="0" <?php echo $fg_no=='0'?'selected':''?>> 미분류 (<?php echo number_format($no_count)?>) </option>
        <?php for($i=0; $i<count($group); $i++) {?>
@ -118,7 +118,7 @@ function multi_update(sel)
    </select>
    </form>

-    <form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+    <form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
    <input type="hidden" name="fg_no" value="<?php echo $fg_no;?>">
    <label for="st" class="sound_only">검색대상</label>
    <select name="st" id="st">
@ -231,7 +231,7 @@ function select_copy(sw, f) {
 }
 </script>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -145,7 +145,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </div>
    <div class="btn_confirm01 btn_confirm">
        <input type="submit" value="확인" class="btn_submit" accesskey="s">
-        <a href="./form_list.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
+        <a href="./form_list.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
    </div>
 </form>

--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>

-<form name="search_form" id="search_form" action=<?php echo $_SERVER['PHP_SELF'];?> class="local_sch01 local_sch" method="get">
+<form name="search_form" id="search_form" action=<?php echo $_SERVER['SCRIPT_NAME'];?> class="local_sch01 local_sch" method="get">

 <label for="st" class="sound_only">검색대상</label>
 <input type="hidden" name="st" id="st" value="wr_message" >
@ -91,7 +91,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </table>
 </div>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_member.php
+++ b/adm/sms_admin/history_member.php
@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>

-<form name="search_form" method="get" action="<?php echo $_SEVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SEVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
    <option value="mb_id"<?php echo get_selected('mh_name', $st); ?>>아이디</option>
@ -83,7 +83,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </table>
 </div>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@ -27,7 +27,7 @@ $vnum = $total_count - (($page-1) * $page_size);
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>

-<form name="search_form" method="get" action="<?echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch" >
+<form name="search_form" method="get" action="<?echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
    <option value="hs_name"<?php echo get_selected('hs_name', $st); ?>>이름</option>
@ -100,7 +100,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </table>
 </div>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?st=$st&amp;sv=$sv&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@ -67,7 +67,7 @@ if ($result)

    if ($result) //SMS 서버에 접속했습니다.
    {
-        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='{$write['wr_reply']}', wr_message='{$write['wr_message']}', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");
+        sql_query("insert into {$g5['sms5_write_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', wr_reply='".addslashes($write['wr_reply'])."', wr_message='".addslashes($write['wr_message'])."', wr_total='$wr_total', wr_datetime='".G5_TIME_YMDHIS."'");

        $wr_success = 0;
        $wr_failure = 0;
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@ -63,7 +63,7 @@ function all_send()
 }
 </script>

-<form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <input type="hidden" name="wr_no" value="<?php echo $wr_no?>">
 <input type="hidden" name="wr_renum" value="<?php echo $wr_renum?>">
 <input type="hidden" name="page" value="<?php echo $page?>">
@ -244,7 +244,7 @@ function all_send()
    </div>
 </div>

-<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
+<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['SCRIPT_NAME']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@ -10,7 +10,7 @@ $setup = $_POST['setup'];

 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
-<form name="hidden_form" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="hidden_form" method="post" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="setup">
 </form>
 <?php
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@ -107,7 +107,7 @@ function no_hp_click(val)
    <span class="ov_listall">거부 <?php echo number_format($reject_count)?>명</span>
 </div>

-<form name="search_form" method="get" action="<?php echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch">
+<form name="search_form" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>" class="local_sch01 local_sch">
 <input type="hidden" name="bg_no" value="<?php echo $bg_no?>" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
@ -122,7 +122,7 @@ function no_hp_click(val)

 <form name="search_form" class="local_sch01 local_sch">
 <label for="bg_no" class="sound_only">그룹명</label>
-<select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['PHP_SELF']?>?bg_no='+this.value;">
+<select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['SCRIPT_NAME']?>?bg_no='+this.value;">
    <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
    <?php for($i=0; $i<count($group); $i++) {?>
@ -142,7 +142,7 @@ function no_hp_click(val)
 <input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="hidden" name="sw" value="">
 <input type="hidden" name="atype" value="del">
-<input type="hidden" name="str_query" value="<?php echo $_SERVER['QUERY_STRING']?>" >
+<input type="hidden" name="str_query" value="<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>" >

 <div class="tbl_head01 tbl_wrap">
    <table>
@ -256,7 +256,7 @@ function select_copy(sw, f) {
 }
 </script>

-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>
+<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>

 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@ -130,7 +130,7 @@ include_once(G5_ADMIN_PATH."/admin.head.php");

 <div class="btn_confirm01 btn_confirm">
    <input type="submit" value="확인" class="btn_submit" accesskey="s" onclick="return book_submit();">
-    <a href="./num_book.php?<?php echo $_SERVER['QUERY_STRING']?>">목록</a>
+    <a href="./num_book.php?<?php echo clean_query_string($_SERVER['QUERY_STRING']); ?>">목록</a>
 </div>

 </form>
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@ -238,6 +238,8 @@ function sms5_chk_send(f)
        var hp_list = document.getElementById('hp_list');
        var wr_message = document.getElementById('wr_message');
        var hp_number = document.getElementById('hp_number');
+        var wr_reply = document.getElementById('wr_reply');
+        var wr_reply_regExp = /^[0-9\-]+$/;
        var list = '';

        if (!wr_message.value) {
@ -246,7 +248,12 @@ function sms5_chk_send(f)
            is_sms5_submitted = false;
            return false;
        }
-
+        if( !wr_reply_regExp.test(wr_reply.value) ){
+            alert('회신번호 형식이 잘못 되었습니다.');
+            wr_reply.focus();
+            is_sms5_submitted = false;
+            return false;
+        }
        if (hp_list.length < 1) {
            alert('받는 사람을 입력해주세요.');
            hp_number.focus();
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@ -23,7 +23,7 @@ $no_count = $res['cnt'];
 <ul class="emo_list">
 </ul>

-<form name="emo_sch" id="emo_sch" method="get" action="<?php echo $_SERVER['PHP_SELF']?>">
+<form name="emo_sch" id="emo_sch" method="get" action="<?php echo $_SERVER['SCRIPT_NAME']?>">
 <input type="hidden" name="fg_no" value="<?php echo $fg_no?>">
 <input type="hidden" name="page" id="hidden_page" >
 <input type="hidden" name="fg_no" id="hidden_fg_no" >
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@ -6,10 +6,13 @@ auth_check($auth[$sub_menu], "w");

 $g5['title'] = "문자전송중";

-if (!trim($wr_reply))
-    win_close_alert('회신 번호를 입력해주세요.');
+$wr_reply   = preg_replace('#[^0-9\-]#', '', trim($wr_reply));
+$wr_message = clean_xss_tags(trim($wr_message));

-if (!trim($wr_message))
+if (!$wr_reply)
+    win_close_alert('회신 번호를 숫자, - 로 입력해주세요.');
+
+if (!$wr_message)
    win_close_alert('메세지를 입력해주세요.');

 if (!trim($send_list))
--- a/adm/visit_delete_update.php
+++ b/adm/visit_delete_update.php
@ -19,7 +19,7 @@ if(!$pass)

 // 관리자 비밀번호 비교
 $admin = get_admin('super');
-if(sql_password($pass) != $admin['mb_password'])
+if(!check_password($pass, $admin['mb_password']))
    alert('관리자 비밀번호가 일치하지 않습니다.');

 if(!$year)
--- a/adm/visit_list.php
+++ b/adm/visit_list.php
@ -75,8 +75,8 @@ $result = sql_query($sql);
        else
            $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);

-        if ($brow == '기타') { $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>'; }
-        if ($os == '기타') { $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>'; }
+        if ($brow == '기타') { $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>'; }
+        if ($os == '기타') { $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>'; }

        $bg = 'bg'.($i%2);
    ?>
@ -102,7 +102,7 @@ if (isset($domain))
    $qstr .= "&amp;domain=$domain";
 $qstr .= "&amp;page=";

-$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr");
+$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr");
 echo $pagelist;

 include_once('./admin.tail.php');
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@ -10,7 +10,7 @@ include_once('./admin.head.php');
 include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');

 $colspan = 5;
-$listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음으로 (초기화용도)
+$listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'">처음</a>'; //페이지 처음으로 (초기화용도)
 ?>

 <div class="local_sch local_sch01">
@ -92,17 +92,17 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
        else
            $ip = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['vi_ip']);

-        if ($brow == '기타') $brow = '<span title="'.$row['vi_agent'].'">'.$brow.'</span>';
-        if ($os == '기타') $os = '<span title="'.$row['vi_agent'].'">'.$os.'</span>';
+        if ($brow == '기타') $brow = '<span title="'.get_text($row['vi_agent']).'">'.$brow.'</span>';
+        if ($os == '기타') $os = '<span title="'.get_text($row['vi_agent']).'">'.$os.'</span>';

        $bg = 'bg'.($i%2);
    ?>
    <tr class="<?php echo $bg; ?>">
-        <td class="td_id"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sfl=vi_ip&amp;stx=<?php echo $ip; ?>"><?php echo $ip; ?></a></td>
+        <td class="td_id"><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>?sfl=vi_ip&amp;stx=<?php echo $ip; ?>"><?php echo $ip; ?></a></td>
        <td><?php echo $link.$title; ?></a></td>
        <td class="td_idsmall"><?php echo $brow; ?></td>
        <td class="td_idsmall"><?php echo $os; ?></td>
-        <td class="td_datetime"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?sfl=vi_date&amp;stx=<?php echo $row['vi_date']; ?>"><?php echo $row['vi_date']; ?></a> <?php echo $row['vi_time']; ?></td>
+        <td class="td_datetime"><a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>?sfl=vi_date&amp;stx=<?php echo $row['vi_date']; ?>"><?php echo $row['vi_date']; ?></a> <?php echo $row['vi_time']; ?></td>
    </tr>
    <?php } ?>
    <?php if ($i == 0) echo '<tr><td colspan="'.$colspan.'" class="empty_table">자료가 없습니다.</td></tr>'; ?>
@ -111,7 +111,7 @@ $listall = '<a href="'.$_SERVER['PHP_SELF'].'">처음</a>'; //페이지 처음
 </div>

 <?php
-$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;domain='.$domain.'&amp;page=');
+$pagelist = get_paging($config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;domain='.$domain.'&amp;page=');
 if ($pagelist) {
    echo $pagelist;
 }
--- a/bbs/alert.php
+++ b/bbs/alert.php
@ -32,6 +32,9 @@ $msg2 = str_replace("\\n", "<br>", $msg);

 if (!$url) $url = $_SERVER['HTTP_REFERER'];

+// url 체크
+check_url_host($url);
+
 if($error) {
    $header2 = "다음 항목에 오류가 있습니다.";
 } else {
--- a/bbs/confirm.php
+++ b/bbs/confirm.php
@ -1,6 +1,11 @@
 <?php
 include_once('./_common.php');
 include_once(G5_PATH.'/head.sub.php');
+
+// url 체크
+check_url_host($url1);
+check_url_host($url2);
+check_url_host($url3);
 ?>

 <script>
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
            order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
    $list[$i] = $row;

    if ($row['mb_id']) {
--- a/bbs/delete.php
+++ b/bbs/delete.php
@ -31,7 +31,7 @@ else if ($is_admin == 'group') { // 그룹관리자
 } else {
    if ($write['mb_id'])
        alert('로그인 후 삭제하세요.', './login.php?url='.urlencode('./board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id));
-    else if (sql_password($wr_password) != $write['wr_password'])
+    else if (!check_password($wr_password, $write['wr_password']))
        alert('비밀번호가 틀리므로 삭제할 수 없습니다.');
 }

--- a/bbs/delete_all.php
+++ b/bbs/delete_all.php
@ -53,7 +53,7 @@ for ($i=count($tmp_array)-1; $i>=0; $i--)
    {
        ;
    }
-    else if ($wr_password && !$write['mb_id'] && sql_password($wr_password) == $write['wr_password']) // 비밀번호가 같다면
+    else if ($wr_password && !$write['mb_id'] && check_password($wr_password, $write['wr_password'])) // 비밀번호가 같다면
    {
        ;
    }
--- a/bbs/delete_comment.php
+++ b/bbs/delete_comment.php
@ -40,7 +40,7 @@ else if ($is_admin == 'group') { // 그룹관리자
    if ($member['mb_id'] != $write['mb_id'])
        alert('자신의 글이 아니므로 삭제할 수 없습니다.');
 } else {
-    if (sql_password($wr_password) != $write['wr_password'])
+    if (!check_password($wr_password, $write['wr_password']))
        alert('비밀번호가 틀립니다.');
 }

--- a/bbs/download.php
+++ b/bbs/download.php
@ -25,8 +25,8 @@ if (!$file['bf_file'])
 // JavaScript 불가일 때
 if($js != 'on' && $board['bo_download_point'] < 0) {
    $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?';
-    $url1 = G5_BBS_URL.'/download.php?'.$_SERVER['QUERY_STRING'].'&amp;js=on';
-    $url2 = $_SERVER['HTTP_REFERER'];
+    $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&amp;js=on';
+    $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']);

    //$url1 = 확인link, $url2=취소link
    // 특정주소로 이동시키려면 $url3 이용
--- a/bbs/login.php
+++ b/bbs/login.php
@ -6,12 +6,8 @@ include_once('./_head.sub.php');

 $url = $_GET['url'];

-$p = parse_url($url);
-if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
-    //print_r2($p);
-    if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
-        alert('url에 타 도메인을 지정할 수 없습니다.');
-}
+// url 체크
+check_url_host($url);

 // 이미 로그인 중이라면
 if ($is_member) {
--- a/bbs/login_check.php
+++ b/bbs/login_check.php
@ -14,7 +14,7 @@ $mb = get_member($mb_id);
 // 가입된 회원이 아니다. 비밀번호가 틀리다. 라는 메세지를 따로 보여주지 않는 이유는
 // 회원아이디를 입력해 보고 맞으면 또 비밀번호를 입력해보는 경우를 방지하기 위해서입니다.
 // 불법사용자의 경우 회원아이디가 틀린지, 비밀번호가 틀린지를 알기까지는 많은 시간이 소요되기 때문입니다.
-if (!$mb['mb_id'] || (sql_password($mb_password) != $mb['mb_password'])) {
+if (!$mb['mb_id'] || !check_password($mb_password, $mb['mb_password'])) {
    alert('가입된 회원아이디가 아니거나 비밀번호가 틀립니다.\\n비밀번호는 대소문자를 구분합니다.');
 }

@ -65,6 +65,9 @@ if ($auto_login) {
 }

 if ($url) {
+    // url 체크
+    check_url_host($url);
+
    $link = urldecode($url);
    // 2003-06-14 추가 (다른 변수들을 넘겨주기 위함)
    if (preg_match("/\?/", $link))
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@ -14,14 +14,10 @@ else
 $g5['title'] = '회원 비밀번호 확인';
 include_once('./_head.sub.php');

-$url = $_GET['url'];
+$url = clean_xss_tags($_GET['url']);

-$p = parse_url($url);
-if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
-    //print_r2($p);
-    if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST'])
-        alert('url에 타 도메인을 지정할 수 없습니다.');
-}
+// url 체크
+check_url_host($url);

 include_once($member_skin_path.'/member_confirm.skin.php');

--- a/bbs/member_leave.php
+++ b/bbs/member_leave.php
@ -7,7 +7,7 @@ if (!$member['mb_id'])
 if ($is_admin == 'super')
    alert('최고 관리자는 탈퇴할 수 없습니다');

-if (!($_POST['mb_password'] && $member['mb_password'] == sql_password($_POST['mb_password'])))
+if (!($_POST['mb_password'] && check_password($_POST['mb_password'], $member['mb_password'])))
    alert('비밀번호가 틀립니다.');

 // 회원탈퇴일을 저장
--- a/bbs/password_check.php
+++ b/bbs/password_check.php
@ -6,7 +6,7 @@ if ($w == 's') {

    $wr = get_write($write_table, $wr_id);

-    if (sql_password($wr_password) != $wr['wr_password'])
+    if (!check_password($wr_password, $wr['wr_password']))
        alert('비밀번호가 틀립니다.');

    // 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
@ -20,7 +20,7 @@ if ($w == 's') {

    $wr = get_write($write_table, $wr_id);

-    if (sql_password($wr_password) != $wr['wr_password'])
+    if (!check_password($wr_password, $wr['wr_password']))
        alert('비밀번호가 틀립니다.');

    // 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
--- a/bbs/password_lost2.php
+++ b/bbs/password_lost2.php
@ -30,7 +30,7 @@ else if (is_admin($mb['mb_id']))

 // 임시비밀번호 발급
 $change_password = rand(100000, 999999);
-$mb_lost_certify = sql_password($change_password);
+$mb_lost_certify = get_encrypt_string($change_password);

 // 어떠한 회원정보도 포함되지 않은 일회용 난수를 생성하여 인증에 사용
 $mb_nonce = md5(pack('V*', rand(), rand(), rand(), rand()));
--- a/bbs/poll_etc_update.php
+++ b/bbs/poll_etc_update.php
@ -4,8 +4,12 @@ include_once(G5_LIB_PATH.'/mailer.lib.php');

 if ($w == '')
 {
+    $po_id   = $_POST['po_id'];
+    $pc_name = $_POST['pc_name'];
+    $pc_idea = $_POST['pc_idea'];
+
    $po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
-    if (!$po[po_id])
+    if (!$po['po_id'])
        alert('po_id 값이 제대로 넘어오지 않았습니다.');

    $tmp_row = sql_fetch(" select max(pc_id) as max_pc_id from {$g5['poll_etc_table']} ");
--- a/bbs/qatail.php
+++ b/bbs/qatail.php
@ -6,7 +6,7 @@ if (G5_IS_MOBILE) {
    // 모바일의 경우 설정을 따르지 않는다.
    include_once('./_tail.php');
 } else {
-    echo conv_content($qaconfig['qa_mobile_content_tail'], 1);
+    echo conv_content($qaconfig['qa_content_tail'], 1);
    if($qaconfig['qa_include_tail'])
        @include ($qaconfig['qa_include_tail']);
    else
--- a/bbs/register_form.php
+++ b/bbs/register_form.php
@ -69,7 +69,7 @@ if ($w == "") {
        if ($_POST['is_update'])
            $tmp_password = $_POST['mb_password'];
        else
-            $tmp_password = sql_password($_POST['mb_password']);
+            $tmp_password = get_encrypt_string($_POST['mb_password']);

        if ($member['mb_password'] != $tmp_password)
            alert('비밀번호가 틀립니다.');
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@ -181,7 +181,7 @@ if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
 if ($w == '') {
    $sql = " insert into {$g5['member_table']}
                set mb_id = '{$mb_id}',
-                     mb_password = '".sql_password($mb_password)."',
+                     mb_password = '".get_encrypt_string($mb_password)."',
                     mb_name = '{$mb_name}',
                     mb_nick = '{$mb_nick}',
                     mb_nick_date = '".G5_TIME_YMD."',
@ -276,7 +276,7 @@ if ($w == '') {

    $sql_password = "";
    if ($mb_password)
-        $sql_password = " , mb_password = '".sql_password($mb_password)."' ";
+        $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' ";

    $sql_nick_date = "";
    if ($mb_nick_default != $mb_nick)
@ -419,7 +419,7 @@ if ($w == '') {
        <meta charset="utf-8">
        <title>회원정보수정</title>
        <body>
-        <form name="fregisterupdate" method="post" action="'.G5_HTTPS_BBS_URL.'/register_form.php">
+        <form name="fregisterupdate" method="post" action="'.G5_HTTP_BBS_URL.'/register_form.php">
        <input type="hidden" name="w" value="u">
        <input type="hidden" name="mb_id" value="'.$mb_id.'">
        <input type="hidden" name="mb_password" value="'.$tmp_password.'">
--- a/bbs/scrap_popin_update.php
+++ b/bbs/scrap_popin_update.php
@ -6,7 +6,7 @@ include_once(G5_PATH.'/head.sub.php');
 if (!$is_member)
 {
    $href = './login.php?'.$qstr.'&amp;url='.urlencode('./board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id);
-    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.$href.'\'; </script>';
+    echo '<script> alert(\'회원만 접근 가능합니다.\'); top.location.href = \''.str_replace('&amp;', '&', $href).'\'; </script>';
    exit;
 }

@ -32,6 +32,8 @@ if ($row['cnt'])
    exit;
 }

+$wr_content = trim($_POST['wr_content']);
+
 // 덧글이 넘어오고 코멘트를 쓸 권한이 있다면
 if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level']))
 {
--- a/bbs/search.php
+++ b/bbs/search.php
@ -135,7 +135,7 @@ if ($stx) {
            $sch_all = "";
            if ($onetable == $g5_search['tables'][$i]) $sch_class = "class=sch_on";
            else $sch_all = "class=sch_on";
-            $str_board_list .= '<li><a href="'.$_SERVER['PHP_SELF'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;onetable='.$g5_search['tables'][$i].'" '.$sch_class.'><strong>'.$row2['bo_subject'].'</strong><span class="cnt_cmt">'.$row['cnt'].'</span></a></li>';
+            $str_board_list .= '<li><a href="'.$_SERVER['SCRIPT_NAME'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;onetable='.$g5_search['tables'][$i].'" '.$sch_class.'><strong>'.$row2['bo_subject'].'</strong><span class="cnt_cmt">'.$row['cnt'].'</span></a></li>';
        }
    }

@ -217,7 +217,7 @@ if ($stx) {
        $from_record = 0;
    }

-    $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;srows='.$srows.'&amp;onetable='.$onetable.'&amp;page=');
+    $write_pages = get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$search_query.'&amp;gr_id='.$gr_id.'&amp;srows='.$srows.'&amp;onetable='.$onetable.'&amp;page=');
 }

 $group_select = '<label for="gr_id" class="sound_only">게시판 그룹선택</label><select name="gr_id" id="gr_id" class="select"><option value="">전체 분류';
--- a/bbs/visit_insert.inc.php
+++ b/bbs/visit_insert.inc.php
@ -14,7 +14,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
    $referer = "";
    if (isset($_SERVER['HTTP_REFERER']))
        $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER']));
-    $user_agent  = escape_trim($_SERVER['HTTP_USER_AGENT']);
+    $user_agent  = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT']));
    $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '".G5_TIME_YMD."', '".G5_TIME_HIS."', '{$referer}', '{$user_agent}' ) ";

    $result = sql_query($sql, FALSE);
--- a/bbs/write.php
+++ b/bbs/write.php
@ -40,7 +40,7 @@ if ($w == '') {
        if ($member['mb_id']) {
            alert('글을 쓸 권한이 없습니다.');
        } else {
-            alert("글을 쓸 권한이 없습니다.\\n회원이시라면 로그인 후 이용해 보십시오.", './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert("글을 쓸 권한이 없습니다.\\n회원이시라면 로그인 후 이용해 보십시오.", './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
        }
    }

@ -62,7 +62,7 @@ if ($w == '') {
        if ($member['mb_id']) {
            alert('글을 수정할 권한이 없습니다.');
        } else {
-            alert('글을 수정할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert('글을 수정할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
        }
    }

@ -95,7 +95,7 @@ if ($w == '') {
        if ($member['mb_id'])
            alert('글을 답변할 권한이 없습니다.');
        else
-            alert('답변글을 작성할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+            alert('답변글을 작성할 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', './login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
    }

    $tmp_point = isset($member['mb_point']) ? $member['mb_point'] : 0;
@ -165,7 +165,7 @@ if ($w == '') {
 // 그룹접근 가능
 if (!empty($group['gr_use_access'])) {
    if ($is_guest) {
-        alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+        alert("접근 권한이 없습니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.", 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
    }

    if ($is_admin == 'super' || $group['gr_admin'] == $member['mb_id'] || $board['bo_admin'] == $member['mb_id']) {
@ -183,7 +183,7 @@ if (!empty($group['gr_use_access'])) {
 if ($config['cf_cert_use'] && !$is_admin) {
    // 인증된 회원만 가능
    if ($board['bo_use_cert'] != '' && $is_guest) {
-        alert('이 게시판은 본인확인 하신 회원님만 글쓰기가 가능합니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['PHP_SELF'].'?bo_table='.$bo_table));
+        alert('이 게시판은 본인확인 하신 회원님만 글쓰기가 가능합니다.\\n\\n회원이시라면 로그인 후 이용해 보십시오.', 'login.php?'.$qstr.'&amp;url='.urlencode($_SERVER['SCRIPT_NAME'].'?bo_table='.$bo_table));
    }

    if ($board['bo_use_cert'] == 'cert' && !$member['mb_certify']) {
@ -309,7 +309,7 @@ if ($w == '') {

    if (!$is_admin) {
        if (!($is_member && $member['mb_id'] == $write['mb_id'])) {
-            if (sql_password($wr_password) != $write['wr_password']) {
+            if (!check_password($wr_password, $write['wr_password'])) {
                alert('비밀번호가 틀립니다.');
            }
        }
--- a/bbs/write_comment_update.php
+++ b/bbs/write_comment_update.php
@ -60,7 +60,7 @@ if ($is_member)
 else
 {
    $mb_id = '';
-    $wr_password = sql_password($wr_password);
+    $wr_password = get_encrypt_string($wr_password);
 }

 if ($w == 'c') // 댓글 입력
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@ -191,7 +191,7 @@ if ($w == '' || $w == 'r') {
        $wr_name = clean_xss_tags(trim($_POST['wr_name']));
        if (!$wr_name)
            alert('이름은 필히 입력하셔야 합니다.');
-        $wr_password = sql_password($wr_password);
+        $wr_password = get_encrypt_string($wr_password);
        $wr_email = get_email_address(trim($_POST['wr_email']));
        $wr_homepage = clean_xss_tags($wr_homepage);
    }
@ -327,7 +327,7 @@ if ($w == '' || $w == 'r') {
        $wr_email = get_email_address(trim($_POST['wr_email']));
    }

-    $sql_password = $wr_password ? " , wr_password = '".sql_password($wr_password)."' " : "";
+    $sql_password = $wr_password ? " , wr_password = '".get_encrypt_string($wr_password)."' " : "";

    $sql_ip = '';
    if (!$is_admin)
--- a/common.php
+++ b/common.php
@ -287,7 +287,7 @@ if (isset($_REQUEST['sca']))  {

 if (isset($_REQUEST['sfl']))  {
    $sfl = trim($_REQUEST['sfl']);
-    $sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl);
+    $sfl = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sfl);
    if ($sfl)
        $qstr .= '&amp;sfl=' . urlencode($sfl); // search field (검색 필드)
 } else {
@ -305,7 +305,7 @@ if (isset($_REQUEST['stx']))  { // search text (검색어)

 if (isset($_REQUEST['sst']))  {
    $sst = trim($_REQUEST['sst']);
-    $sst = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sst);
+    $sst = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $sst);
    if ($sst)
        $qstr .= '&amp;sst=' . urlencode($sst); // search sort (검색 정렬 필드)
 } else {
--- a/config.php
+++ b/config.php
@ -5,6 +5,7 @@
 ********************/

 define('G5_VERSION', '그누보드5');
+define('G5_GNUBOARD_VER', '5.0.38');

 // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음
 define('_GNUBOARD_', true);
@ -164,9 +165,13 @@ define('G5_SMTP', '127.0.0.1');
    기타 상수
 ********************/

+// 암호화 함수 지정
+// 사이트 운영 중 설정을 변경하면 로그인이 안되는 등의 문제가 발생합니다.
+define('G5_STRING_ENCRYPT_FUNCTION', 'sql_password');
+
 // SQL 에러를 표시할 것인지 지정
-// 에러를 표시하지 않으려면 FALSE 로 변경
-define('G5_DISPLAY_SQL_ERROR', TRUE);
+// 에러를 표시하려면 TRUE 로 변경
+define('G5_DISPLAY_SQL_ERROR', FALSE);

 // escape string 처리 함수 지정
 // addslashes 로 변경 가능
@ -195,8 +200,8 @@ define('G5_THUMB_PNG_COMPRESS', 5);
 define('G5_IP_DISPLAY', '\\1.♡.\\3.\\4');

 if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') {   //https 통신일때 daum 주소 js
-    define('G5_POSTCODE_JS', '<script src="https://spi.maps.daum.net/imap/map_js_init/postcode.js"></script>');
+    define('G5_POSTCODE_JS', '<script src="https://spi.maps.daum.net/imap/map_js_init/postcode.v2.js"></script>');
 } else {  //http 통신일때 daum 주소 js
-    define('G5_POSTCODE_JS', '<script src="http://dmaps.daum.net/map_js_init/postcode.js"></script>');
+    define('G5_POSTCODE_JS', '<script src="http://dmaps.daum.net/map_js_init/postcode.v2.js"></script>');
 }
 ?>
--- a/head.php
+++ b/head.php
@ -1,6 +1,12 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가

+// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
+if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
+    include_once(G5_PATH.'/'.$config['cf_include_head']);
+    return; // 이 코드의 아래는 실행을 하지 않습니다.
+}
+
 include_once(G5_PATH.'/head.sub.php');
 include_once(G5_LIB_PATH.'/latest.lib.php');
 include_once(G5_LIB_PATH.'/outlogin.lib.php');
@ -9,12 +15,6 @@ include_once(G5_LIB_PATH.'/visit.lib.php');
 include_once(G5_LIB_PATH.'/connect.lib.php');
 include_once(G5_LIB_PATH.'/popular.lib.php');

-// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
-if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
-    include_once(G5_PATH.'/'.$config['cf_include_head']);
-    return; // 이 코드의 아래는 실행을 하지 않습니다.
-}
-
 if (G5_IS_MOBILE) {
    include_once(G5_MOBILE_PATH.'/head.php');
    return;
--- a/head.sub.php
+++ b/head.sub.php
@ -23,8 +23,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
-$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
+    $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
+$g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';

 /*
--- a/js/autosave.js
+++ b/js/autosave.js
@ -11,7 +11,7 @@ function autosave() {
            this.wr_content.value = CKEDITOR.instances.wr_content.getData();
        } else if (g5_editor.indexOf("cheditor5") != -1 && typeof(ed_wr_content)!="undefined") {
            this.wr_content.value = ed_wr_content.outputBodyHTML();
-        } else if (g5_editor.indexOf("smarteditor2") != -1 && typeof(oEditors.getById['wr_content'])!="undefined" ) {
+        } else if (g5_editor.indexOf("smarteditor2") != -1 && typeof(oEditors)!="undefined" && typeof(oEditors.getById['wr_content'])!="undefined" ) {
            this.wr_content.value = oEditors.getById['wr_content'].getIR();
        }
        // 변수에 저장해 놓은 값과 다를 경우에만 임시 저장함
@ -82,7 +82,7 @@ $(function(){
                CKEDITOR.instances.wr_content.setData(content);
            } else if (g5_editor.indexOf("cheditor5") != -1 && typeof(ed_wr_content)!="undefined") {
                ed_wr_content.putContents(content);
-            } else if (g5_editor.indexOf("smarteditor2") != -1 && typeof(oEditors.getById['wr_content'])!="undefined" ) {
+            } else if (g5_editor.indexOf("smarteditor2") != -1 && typeof(oEditors)!="undefined" && typeof(oEditors.getById['wr_content'])!="undefined" ) {
                oEditors.getById["wr_content"].exec("SET_CONTENTS", [""]);
                //oEditors.getById["wr_content"].exec("SET_IR", [""]);
                oEditors.getById["wr_content"].exec("PASTE_HTML", [content]);
--- a/js/common.js
+++ b/js/common.js
@ -378,31 +378,130 @@ var win_homepage = function(href) {
 **/
 var win_zip = function(frm_name, frm_zip1, frm_zip2, frm_addr1, frm_addr2, frm_addr3, frm_jibeon) {
    if(typeof daum === 'undefined'){
-        alert("다음 juso.js 파일이 로드되지 않았습니다.");
+        alert("다음 우편번호 postcode.v2.js 파일이 로드되지 않았습니다.");
        return false;
    }

-    new daum.Postcode({
-        oncomplete: function(data) {
-            // 팝업에서 검색결과 항목을 클릭했을때 실행할 코드를 작성하는 부분.
-            // 우편번호와 주소 정보를 해당 필드에 넣고, 커서를 상세주소 필드로 이동한다.
-            var of = document[frm_name];
-            of[frm_zip1].value = data.postcode1;
-            of[frm_zip2].value = data.postcode2;
-            of[frm_addr1].value = data.address1;
-            of[frm_addr2].value = "";
-            of[frm_addr3].value = "";
+    var zip_case = 1;   //0이면 레이어, 1이면 페이지에 끼워 넣기, 2이면 새창

-            if( data.addressType == "R" ){  //도로명이면
-                of[frm_addr3].value = data.address2;
-            }
-            if(of[frm_jibeon] !== undefined){
-                of[frm_jibeon].value = data.addressType;
-            }
+    var complete_fn = function(data){
+        // 팝업에서 검색결과 항목을 클릭했을때 실행할 코드를 작성하는 부분.
+        
+        // 각 주소의 노출 규칙에 따라 주소를 조합한다.
+        // 내려오는 변수가 값이 없는 경우엔 공백('')값을 가지므로, 이를 참고하여 분기 한다.
+        var fullAddr = ''; // 최종 주소 변수
+        var extraAddr = ''; // 조합형 주소 변수

-            of[frm_addr2].focus();
+        // 사용자가 선택한 주소 타입에 따라 해당 주소 값을 가져온다.
+        if (data.userSelectedType === 'R') { // 사용자가 도로명 주소를 선택했을 경우
+            fullAddr = data.roadAddress;
+
+        } else { // 사용자가 지번 주소를 선택했을 경우(J)
+            fullAddr = data.jibunAddress;
        }
-    }).open();
+
+        // 사용자가 선택한 주소가 도로명 타입일때 조합한다.
+        if(data.userSelectedType === 'R'){
+            //법정동명이 있을 경우 추가한다.
+            if(data.bname !== ''){
+                extraAddr += data.bname;
+            }
+            // 건물명이 있을 경우 추가한다.
+            if(data.buildingName !== ''){
+                extraAddr += (extraAddr !== '' ? ', ' + data.buildingName : data.buildingName);
+            }
+            // 조합형주소의 유무에 따라 양쪽에 괄호를 추가하여 최종 주소를 만든다.
+            extraAddr = (extraAddr !== '' ? ' ('+ extraAddr +')' : '');
+        }
+
+        // 우편번호와 주소 정보를 해당 필드에 넣고, 커서를 상세주소 필드로 이동한다.
+        var of = document[frm_name];
+
+        of[frm_zip1].value = data.postcode1;
+        of[frm_zip2].value = data.postcode2;
+
+        of[frm_addr1].value = fullAddr;
+        of[frm_addr3].value = extraAddr;
+
+        if(of[frm_jibeon] !== undefined){
+            of[frm_jibeon].value = data.userSelectedType;
+        }
+
+        of[frm_addr2].focus();
+    };
+
+    switch(zip_case) {
+        case 1 :    //iframe을 이용하여 페이지에 끼워 넣기
+            var daum_pape_id = 'daum_juso_page'+frm_zip1,
+                element_wrap = document.getElementById(daum_pape_id),
+                currentScroll = Math.max(document.body.scrollTop, document.documentElement.scrollTop);
+            if (element_wrap == null) {
+                element_wrap = document.createElement("div");
+                element_wrap.setAttribute("id", daum_pape_id);
+                element_wrap.style.cssText = 'display:none;border:1px solid;left:0;width:100%;height:300px;margin:5px 0;position:relative;-webkit-overflow-scrolling:touch;';
+                element_wrap.innerHTML = '<img src="//i1.daumcdn.net/localimg/localimages/07/postcode/320/close.png" id="btnFoldWrap" style="cursor:pointer;position:absolute;right:0px;top:-21px;z-index:1" class="close_daum_juso" alt="접기 버튼">';
+                jQuery('form[name="'+frm_name+'"]').find('input[name="'+frm_addr1+'"]').before(element_wrap);
+                jQuery("#"+daum_pape_id).off("click", ".close_daum_juso").on("click", ".close_daum_juso", function(e){
+                    e.preventDefault();
+                    jQuery(this).parent().hide();
+                });
+            }
+
+            new daum.Postcode({
+                oncomplete: function(data) {
+                    complete_fn(data);
+                    // iframe을 넣은 element를 안보이게 한다.
+                    element_wrap.style.display = 'none';
+                    // 우편번호 찾기 화면이 보이기 이전으로 scroll 위치를 되돌린다.
+                    document.body.scrollTop = currentScroll;
+                },
+                // 우편번호 찾기 화면 크기가 조정되었을때 실행할 코드를 작성하는 부분.
+                // iframe을 넣은 element의 높이값을 조정한다.
+                onresize : function(size) {
+                    element_wrap.style.height = size.height + "px";
+                },
+                width : '100%',
+                height : '100%'
+            }).embed(element_wrap);
+
+            // iframe을 넣은 element를 보이게 한다.
+            element_wrap.style.display = 'block';
+            break;
+        case 2 :    //새창으로 띄우기
+            new daum.Postcode({
+                oncomplete: function(data) {
+                    complete_fn(data);
+                }
+            }).open();
+            break;
+        default :   //iframe을 이용하여 레이어 띄우기
+            var rayer_id = 'daum_juso_rayer'+frm_zip1,
+                element_layer = document.getElementById(rayer_id);
+            if (element_layer == null) {
+                element_layer = document.createElement("div");
+                element_layer.setAttribute("id", rayer_id);
+                element_layer.style.cssText = 'display:none;border:5px solid;position:fixed;width:300px;height:460px;left:50%;margin-left:-155px;top:50%;margin-top:-235px;overflow:hidden;-webkit-overflow-scrolling:touch;z-index:10000';
+                element_layer.innerHTML = '<img src="//i1.daumcdn.net/localimg/localimages/07/postcode/320/close.png" id="btnCloseLayer" style="cursor:pointer;position:absolute;right:-3px;top:-3px;z-index:1" class="close_daum_juso" alt="닫기 버튼">';
+                document.body.appendChild(element_layer);
+                jQuery("#"+rayer_id).off("click", ".close_daum_juso").on("click", ".close_daum_juso", function(e){
+                    e.preventDefault();
+                    jQuery(this).parent().hide();
+                });
+            }
+
+            new daum.Postcode({
+                oncomplete: function(data) {
+                    complete_fn(data);
+                    // iframe을 넣은 element를 안보이게 한다.
+                    element_layer.style.display = 'none';
+                },
+                width : '100%',
+                height : '100%'
+            }).embed(element_layer);
+
+            // iframe을 넣은 element를 보이게 한다.
+            element_layer.style.display = 'block';
+    }
 }

 /**
@ -577,8 +676,8 @@ $(function(){
    });

    $("textarea#wr_content[maxlength]").live("keyup change", function() {
-        var str = $(this).val()
-        var mx = parseInt($(this).attr("maxlength"))
+        var str = $(this).val();
+        var mx = parseInt($(this).attr("maxlength"));
        if (str.length > mx) {
            $(this).val(str.substr(0, mx));
            return false;
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -745,7 +745,7 @@ function subject_sort_link($col, $query_string='', $flag='asc')
    $arr_query[] = 'page='.$page;
    $qstr = implode("&amp;", $arr_query);

-    return "<a href=\"{$_SERVER['PHP_SELF']}?{$qstr}\">";
+    return "<a href=\"{$_SERVER['SCRIPT_NAME']}?{$qstr}\">";
 }


@ -1448,12 +1448,13 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
    // Blind SQL Injection 취약점 해결
    $sql = trim($sql);
    // union의 사용을 허락하지 않습니다.
-    $sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+    //$sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
+    $sql = preg_replace("#^select.*from.*[\s\(]+union[\s\)]+.*#i ", "select 1", $sql);
    // `information_schema` DB로의 접근을 허락하지 않습니다.
    $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);

    if ($error)
-        $result = @mysql_query($sql, $g5['connect_db']) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['PHP_SELF']}");
+        $result = @mysql_query($sql, $g5['connect_db']) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : {$_SERVER['SCRIPT_NAME']}");
    else
        $result = @mysql_query($sql, $g5['connect_db']);

@ -1465,7 +1466,7 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR)
 function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR)
 {
    $result = sql_query($sql, $error);
-    //$row = @sql_fetch_array($result) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER['PHP_SELF']");
+    //$row = @sql_fetch_array($result) or die("<p>$sql<p>" . mysql_errno() . " : " .  mysql_error() . "<p>error file : $_SERVER['SCRIPT_NAME']");
    $row = sql_fetch_array($result);
    return $row;
 }
@ -2429,12 +2430,12 @@ function googl_short_url($longUrl)
    // URL Shortener API ON
    $apiKey = $config['cf_googl_shorturl_apikey'];

-    $postData = array('longUrl' => $longUrl, 'key' => $apiKey);
+    $postData = array('longUrl' => $longUrl);
    $jsonData = json_encode($postData);

    $curlObj = curl_init();

-    curl_setopt($curlObj, CURLOPT_URL, 'https://www.googleapis.com/urlshortener/v1/url');
+    curl_setopt($curlObj, CURLOPT_URL, 'https://www.googleapis.com/urlshortener/v1/url?key='.$apiKey);
    curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curlObj, CURLOPT_HEADER, 0);
@ -2823,4 +2824,167 @@ function insert_popular($field, $str)
        sql_query($sql, FALSE);
    }
 }
+
+// 문자열 암호화
+function get_encrypt_string($str)
+{
+    if(defined('G5_STRING_ENCRYPT_FUNCTION') && G5_STRING_ENCRYPT_FUNCTION) {
+        $encrypt = call_user_func(G5_STRING_ENCRYPT_FUNCTION, $str);
+    } else {
+        $encrypt = sql_password($str);
+    }
+
+    return $encrypt;
+}
+
+// 비밀번호 비교
+function check_password($pass, $hash)
+{
+    $password = get_encrypt_string($pass);
+
+    return ($password === $hash);
+}
+
+// 동일한 host url 인지
+function check_url_host($url, $msg='', $return_url=G5_URL)
+{
+    if(!$msg)
+        $msg = 'url에 타 도메인을 지정할 수 없습니다.';
+
+    $p = parse_url($url);
+    $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+
+    if ((isset($p['scheme']) && $p['scheme']) || (isset($p['host']) && $p['host'])) {
+        //if ($p['host'].(isset($p['port']) ? ':'.$p['port'] : '') != $_SERVER['HTTP_HOST']) {
+        if ($p['host'] != $host) {
+            echo '<script>'.PHP_EOL;
+            echo 'alert("url에 타 도메인을 지정할 수 없습니다.");'.PHP_EOL;
+            echo 'document.location.href = "'.$return_url.'";'.PHP_EOL;
+            echo '</script>'.PHP_EOL;
+            echo '<noscript>'.PHP_EOL;
+            echo '<p>'.$msg.'</p>'.PHP_EOL;
+            echo '<p><a href="'.$return_url.'">돌아가기</a></p>'.PHP_EOL;
+            echo '</noscript>'.PHP_EOL;
+            exit;
+        }
+    }
+}
+
+// QUERY STRING 에 포함된 XSS 태그 제거
+function clean_query_string($query, $amp=true)
+{
+    $qstr = trim($query);
+
+    parse_str($qstr, $out);
+
+    if(is_array($out)) {
+        $q = array();
+
+        foreach($out as $key=>$val) {
+            $key = strip_tags(trim($key));
+            $val = trim($val);
+
+            switch($key) {
+                case 'wr_id':
+                    $val = (int)preg_replace('/[^0-9]/', '', $val);
+                    $q[$key] = $val;
+                    break;
+                case 'sca':
+                    $val = clean_xss_tags($val);
+                    $q[$key] = $val;
+                    break;
+                case 'sfl':
+                    $val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val);
+                    $q[$key] = $val;
+                    break;
+                case 'stx':
+                    $val = get_search_string($val);
+                    $q[$key] = $val;
+                    break;
+                case 'sst':
+                    $val = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\s]/", "", $val);
+                    $q[$key] = $val;
+                    break;
+                case 'sod':
+                    $val = preg_match("/^(asc|desc)$/i", $val) ? $val : '';
+                    $q[$key] = $val;
+                    break;
+                case 'sop':
+                    $val = preg_match("/^(or|and)$/i", $val) ? $val : '';
+                    $q[$key] = $val;
+                    break;
+                case 'spt':
+                    $val = (int)preg_replace('/[^0-9]/', '', $val);
+                    $q[$key] = $val;
+                    break;
+                case 'page':
+                    $val = (int)preg_replace('/[^0-9]/', '', $val);
+                    $q[$key] = $val;
+                    break;
+                case 'w':
+                    $val = substr($val, 0, 2);
+                    $q[$key] = $val;
+                    break;
+                case 'bo_table':
+                    $val = preg_replace('/[^a-z0-9_]/i', '', $val);
+                    $val = substr($val, 0, 20);
+                    $q[$key] = $val;
+                    break;
+                case 'gr_id':
+                    $val = preg_replace('/[^a-z0-9_]/i', '', $val);
+                    $q[$key] = $val;
+                    break;
+                default:
+                    $val = clean_xss_tags($val);
+                    $q[$key] = $val;
+                    break;
+            }
+        }
+
+        if($amp)
+            $sep = '&amp;';
+        else
+            $sep ='&';
+
+        $str = http_build_query($q, '', $sep);
+    } else {
+        $str = clean_xss_tags($qstr);
+    }
+
+    return $str;
+}
+
+function get_device_change_url()
+{
+    $p = parse_url(G5_URL);
+    $href = $p['scheme'].'://'.$p['host'];
+    if(isset($p['port']) && $p['port'])
+        $href .= ':'.$p['port'];
+    $href .= $_SERVER['SCRIPT_NAME'];
+
+    $q = array();
+    $device = 'device='.(G5_IS_MOBILE ? 'pc' : 'mobile');
+
+    if($_SERVER['QUERY_STRING']) {
+        foreach($_GET as $key=>$val) {
+            if($key == 'device')
+                continue;
+
+            $key = strip_tags($key);
+            $val = strip_tags($val);
+
+            if($key && $val)
+                $q[$key] = $val;
+        }
+    }
+
+    if(!empty($q)) {
+        $query = http_build_query($q, '', '&amp;');
+        $href .= '?'.$query.'&amp;'.$device;
+    } else {
+        $href .= '?'.$device;
+    }
+
+    return $href;
+}
 ?>
--- a/lib/mailer.lib.php
+++ b/lib/mailer.lib.php
@ -5,16 +5,16 @@ include_once(G5_PHPMAILER_PATH.'/class.phpmailer.php');

 // 메일 보내기 (파일 여러개 첨부 가능)
 // type : text=0, html=1, text+html=2
-function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="") 
-{ 
-    global $config; 
-    global $g5; 
+function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="")
+{
+    global $config;
+    global $g5;

-    // 메일발송 사용을 하지 않는다면 
-    if (!$config['cf_email_use']) return; 
+    // 메일발송 사용을 하지 않는다면
+    if (!$config['cf_email_use']) return;

-    if ($type != 1) 
-        $content = nl2br($content); 
+    if ($type != 1)
+        $content = nl2br($content);

    $mail = new PHPMailer(); // defaults to using php "mail()"
    if (defined('G5_SMTP') && G5_SMTP) {
@ -27,13 +27,13 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=
    $mail->AltBody = ""; // optional, comment out and test
    $mail->MsgHTML($content);
    $mail->AddAddress($to);
-    if ($cc) 
+    if ($cc)
        $mail->AddCC($cc);
-    if ($bcc) 
+    if ($bcc)
        $mail->AddBCC($bcc);
    //print_r2($file); exit;
-    if ($file != "") { 
-        foreach ($file as $f) { 
+    if ($file != "") {
+        foreach ($file as $f) {
            $mail->AddAttachment($f['path'], $f['name']);
        }
    }
@ -61,27 +61,27 @@ function attach_file($filename, $tmp_name)
 /*
 // 메일 보내기 (파일 여러개 첨부 가능)
 // type : text=0, html=1, text+html=2
-function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="") 
-{ 
-    global $config; 
-    global $g5; 
+function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc="", $bcc="")
+{
+    global $config;
+    global $g5;

-    // 메일발송 사용을 하지 않는다면 
-    if (!$config['cf_email_use']) return; 
+    // 메일발송 사용을 하지 않는다면
+    if (!$config['cf_email_use']) return;

-    $boundary = uniqid(time()); 
+    $boundary = uniqid(time());

    $header = "Message-ID: <".generate_mail_id(preg_replace("/@.+$/i","",$to)).">\r\n".
              "From:=?utf-8?B?".base64_encode($fname)."?=<$fmail>\r\n";
-    if ($cc)  $header .= "Cc: $cc\n"; 
-    if ($bcc) $header .= "Bcc: $bcc\n"; 
-    $header .= "MIME-Version: 1.0\n"; 
-    $header .= "X-Mailer: SIR Mailer 0.94 : {$_SERVER['SERVER_ADDR']} : {$_SERVER['REMOTE_ADDR']} : ".G5_URL." : {$_SERVER['PHP_SELF']} : {$_SERVER['HTTP_REFERER']} \n"; 
+    if ($cc)  $header .= "Cc: $cc\n";
+    if ($bcc) $header .= "Bcc: $bcc\n";
+    $header .= "MIME-Version: 1.0\n";
+    $header .= "X-Mailer: SIR Mailer 0.94 : {$_SERVER['SERVER_ADDR']} : {$_SERVER['REMOTE_ADDR']} : ".G5_URL." : {$_SERVER['SCRIPT_NAME']} : {$_SERVER['HTTP_REFERER']} \n";
    $header .= "Date: ".date ("D, j M Y H:i:s T",time())."\r\n".
               "To: $to\r\n".
               "Subject: =?utf-8?B?".base64_encode($subject)."?=\r\n";

-    if ($file == "") { 
+    if ($file == "") {
        $header .= "Content-Type: MULTIPART/ALTERNATIVE;\n".
                   "              BOUNDARY=\"$boundary\"\n\n";
    } else {
@ -89,39 +89,39 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=
                   "              BOUNDARY=\"$boundary\"\n\n";
    }

-    if ($type == 2) 
-        $content = nl2br($content); 
+    if ($type == 2)
+        $content = nl2br($content);

    $strip_content  = stripslashes(trim($content));
    $encode_content = chunk_split(base64_encode($strip_content));

    $body = "";
    $body .= "\n--$boundary\n";
-    $body .= "Content-Type: TEXT/PLAIN; charset=utf-8\n"; 
-    $body .= "Content-Transfer-Encoding: BASE64\n\n"; 
-    $body .= $encode_content; 
+    $body .= "Content-Type: TEXT/PLAIN; charset=utf-8\n";
+    $body .= "Content-Transfer-Encoding: BASE64\n\n";
+    $body .= $encode_content;
    $body .= "\n--$boundary\n";

-    if ($type) { 
-        $body .= "Content-Type: TEXT/HTML; charset=utf-8\n"; 
-        $body .= "Content-Transfer-Encoding: BASE64\n\n"; 
-        $body .= $encode_content; 
+    if ($type) {
+        $body .= "Content-Type: TEXT/HTML; charset=utf-8\n";
+        $body .= "Content-Transfer-Encoding: BASE64\n\n";
+        $body .= $encode_content;
        $body .= "\n--$boundary\n";
    }

-    if ($file != "") { 
-        foreach ($file as $f) { 
-            $body .= "n--$boundary\n"; 
-            $body .= "Content-Type: APPLICATION/OCTET-STREAM; name=$fname\n"; 
-            $body .= "Content-Transfer-Encoding: BASE64\n"; 
-            $body .= "Content-Disposition: inline; filename=$fname\n"; 
+    if ($file != "") {
+        foreach ($file as $f) {
+            $body .= "n--$boundary\n";
+            $body .= "Content-Type: APPLICATION/OCTET-STREAM; name=$fname\n";
+            $body .= "Content-Transfer-Encoding: BASE64\n";
+            $body .= "Content-Disposition: inline; filename=$fname\n";

-            $body .= "\n"; 
-            $body .= chunk_split(base64_encode($f['data'])); 
-            $body .= "\n"; 
-        } 
-        $body .= "--$boundary--\n"; 
-    } 
+            $body .= "\n";
+            $body .= chunk_split(base64_encode($f['data']));
+            $body .= "\n";
+        }
+        $body .= "--$boundary--\n";
+    }

    $mails['to'] = $to;
    $mails['from'] = $fmail;
@ -129,7 +129,7 @@ function mailer($fname, $fmail, $to, $subject, $content, $type=0, $file="", $cc=

    if (defined(G5_SMTP)) {
        ini_set('SMTP', G5_SMTP);
-        @mail($to, $subject, $body, $header, "-f $fmail"); 
+        @mail($to, $subject, $body, $header, "-f $fmail");
    } else {
        new maildaemon($mails);
    }
@ -306,7 +306,7 @@ class maildaemon {
  #  $t -> 1 (debug of socket open,close)
  #        0 (regular smtp message)
  #  $p -> 1 (print detail debug)
-  # 
+  #
  # return 1 -> success
  # return 0 -> failed
  #
@ -381,7 +381,7 @@ function generate_mail_id($uid) {
 function mail_header($to,$from,$title,$mta=0) {
  global $langs,$boundary;

-  # mail header 를 작성 
+  # mail header 를 작성
  $boundary = get_boundary_msg();
  $header = "Message-ID: <".generate_mail_id(preg_replace("/@.+$/i","",$to)).">\r\n".
            "From:=?utf-8?B?".base64_encode('보내는사람')."?=<$from>\r\n".
--- a/lib/thumbnail.lib.php
+++ b/lib/thumbnail.lib.php
@ -333,11 +333,14 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
        if($size[2] == 3) {
            imagealphablending($dst, false);
            imagesavealpha($dst, true);
-        } else if($size[2] == 1 && $src_transparency != -1) {
-            $transparent_color   = imagecolorsforindex($src, $src_transparency);
-            $current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
-            imagefill($dst, 0, 0, $current_transparent);
-            imagecolortransparent($dst, $current_transparent);
+        } else if($size[2] == 1) {
+            $palletsize = imagecolorstotal($src);
+            if($src_transparency >= 0 && $src_transparency < $palletsize) {
+                $transparent_color   = imagecolorsforindex($src, $src_transparency);
+                $current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
+                imagefill($dst, 0, 0, $current_transparent);
+                imagecolortransparent($dst, $current_transparent);
+            }
        }
    } else {
        $dst = imagecreatetruecolor($dst_w, $dst_h);
@ -367,7 +370,8 @@ function thumbnail($filename, $source_path, $target_path, $thumb_width, $thumb_h
            imagealphablending($dst, false);
            imagesavealpha($dst, true);
        } else if($size[2] == 1) {
-            if($src_transparency != -1) {
+            $palletsize = imagecolorstotal($src);
+            if($src_transparency >= 0 && $src_transparency < $palletsize) {
                $transparent_color   = imagecolorsforindex($src, $src_transparency);
                $current_transparent = imagecolorallocate($dst, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
                imagefill($dst, 0, 0, $current_transparent);
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
        <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>

        <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);

            if($w == 'cu') {
                $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@ -50,7 +50,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
        <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>

        <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);

            if($w == 'cu') {
                $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
--- a/mobile/skin/connect/basic/connect.skin.php
+++ b/mobile/skin/connect/basic/connect.skin.php
@ -5,5 +5,4 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨
 add_stylesheet('<link rel="stylesheet" href="'.$connect_skin_url.'/style.css">', 0);
 ?>
-
 <?php echo $row['total_cnt'] ?>
--- a/mobile/skin/faq/basic/list.skin.php
+++ b/mobile/skin/faq/basic/list.skin.php
@ -73,7 +73,7 @@ if( count($faq_master_list) ){
    ?>
 </div>

-<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>

 <?php
 // 하단 HTML
--- a/mobile/skin/member/basic/member_confirm.skin.php
+++ b/mobile/skin/member/basic/member_confirm.skin.php
@ -10,7 +10,11 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',

    <p>
        <strong>비밀번호를 한번 더 입력해주세요.</strong>
+        <?php if ($url == 'member_leave.php') { ?>
+        비밀번호를 입력하시면 회원탈퇴가 완료됩니다.
+        <?php }else{ ?>
        회원님의 정보를 안전하게 보호하기 위해 비밀번호를 한번 더 확인합니다.
+        <?php }  ?>
    </p>

    <form name="fmemberconfirm" action="<?php echo $url ?>" onsubmit="return fmemberconfirm_submit(this);" method="post">
--- a/mobile/skin/member/basic/point.skin.php
+++ b/mobile/skin/member/basic/point.skin.php
@ -75,7 +75,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
        </div>
    </div>

-    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>

    <div class="win_btn"><button type="button" onclick="javascript:window.close();">창닫기</button></div>
 </div>
--- a/mobile/tail.php
+++ b/mobile/tail.php
@ -25,27 +25,8 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 </div>

 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'].$_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.$val;
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=pc';
-    else
-        $href .= '?device=pc';
-?>
-<a href="<?php echo $href; ?>" id="device_change">PC 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">PC 버전으로 보기</a>
 <?php
 }

--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@ -15,10 +15,13 @@ if (!$is_member)
 if ($member['mb_level'] < $sms5['cf_level'])
    alert("회원 {$sms5['cf_level']}레벨 이상만 문자전송이 가능합니다.");

-if (!trim($mh_reply))
+$mh_reply   = preg_replace('#[^0-9\-]#', '', trim($mh_reply));
+$mh_message = clean_xss_tags(trim($mh_message));
+
+if (!$mh_reply)
    alert('보내는 번호를 입력해주세요.');

-if (!trim($mh_message))
+if (!$mh_message)
    alert('메세지를 입력해주세요.');

 if ($is_admin != 'super')
--- a/skin/board/basic/style.css
+++ b/skin/board/basic/style.css
@ -107,7 +107,7 @@
 #bo_list .txt_expired {color:#ccc}

 #bo_cate h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#bo_cate ul {margin-bottom:10px;padding-left:1px;width:728px;zoom:1}
+#bo_cate ul {margin-bottom:10px;padding-left:1px;zoom:1}
 #bo_cate ul:after {display:block;visibility:hidden;clear:both;content:""}
 #bo_cate li {float:left;margin-bottom:-1px}
 #bo_cate a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:90px;border:1px solid #ddd;background:#f7f7f7;color:#888;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
--- a/skin/board/basic/view_comment.skin.php
+++ b/skin/board/basic/view_comment.skin.php
@ -56,7 +56,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
        <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>

        <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);

            if($w == 'cu') {
                $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
--- a/skin/board/gallery/style.css
+++ b/skin/board/gallery/style.css
@ -79,7 +79,7 @@

 /* 게시판 목록 */
 #bo_cate h2 {width:1px;height:1px;font-size:0;line-height:0;overflow:hidden}
-#bo_cate ul {margin-bottom:10px;padding-left:1px;width:728px;zoom:1}
+#bo_cate ul {margin-bottom:10px;padding-left:1px;zoom:1}
 #bo_cate ul:after {display:block;visibility:hidden;clear:both;content:""}
 #bo_cate li {float:left;margin-bottom:-1px}
 #bo_cate a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:90px;border:1px solid #ddd;background:#f7f7f7;color:#888;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
--- a/skin/board/gallery/view_comment.skin.php
+++ b/skin/board/gallery/view_comment.skin.php
@ -56,7 +56,7 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
        <textarea id="save_comment_<?php echo $comment_id ?>" style="display:none"><?php echo get_text($list[$i]['content1'], 0) ?></textarea>

        <?php if($list[$i]['is_reply'] || $list[$i]['is_edit'] || $list[$i]['is_del']) {
-            $query_string = str_replace("&", "&amp;", $_SERVER['QUERY_STRING']);
+            $query_string = clean_query_string($_SERVER['QUERY_STRING']);

            if($w == 'cu') {
                $sql = " select wr_id, wr_content from $write_table where wr_id = '$c_id' and wr_is_comment = '1' ";
--- a/skin/faq/basic/list.skin.php
+++ b/skin/faq/basic/list.skin.php
@ -79,7 +79,7 @@ if( count($faq_master_list) ){
    ?>
 </div>

-<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+<?php echo get_paging($page_rows, $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>

 <?php
 // 하단 HTML
--- a/skin/faq/basic/style.css
+++ b/skin/faq/basic/style.css
@ -1,7 +1,7 @@
@charset "utf-8";

 #bo_cate h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#bo_cate ul {margin-bottom:10px;padding-left:1px;width:728px;zoom:1}
+#bo_cate ul {margin-bottom:10px;padding-left:1px;zoom:1}
 #bo_cate ul:after {display:block;visibility:hidden;clear:both;content:""}
 #bo_cate li {float:left;margin-bottom:-1px}
 #bo_cate a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:90px;border:1px solid #ddd;background:#f7f7f7;color:#888;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
--- a/skin/member/basic/point.skin.php
+++ b/skin/member/basic/point.skin.php
@ -82,7 +82,7 @@ add_stylesheet('<link rel="stylesheet" href="'.$member_skin_url.'/style.css">',
        </table>
    </div>

-    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['PHP_SELF'].'?'.$qstr.'&amp;page='); ?>
+    <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME'].'?'.$qstr.'&amp;page='); ?>

    <div class="win_btn"><button type="button" onclick="javascript:window.close();">창닫기</button></div>
 </div>
--- a/skin/member/basic/style.css
+++ b/skin/member/basic/style.css
@ -50,7 +50,7 @@
 .mbskin .frm_file {}

 .mbskin .tbl_frm01 {}
-.mbskin .tbl_frm01 th {}
+.mbskin .tbl_frm01 th {width:85px;}
 .mbskin .tbl_frm01 td {}
 .mbskin .tbl_frm01 textarea, .mb_skin tbl_frm01 .frm_input {}
 .mbskin .tbl_frm01 textarea {}
--- a/skin/qa/basic/style.css
+++ b/skin/qa/basic/style.css
@ -107,7 +107,7 @@
 #bo_list .txt_expired {color:#ccc}

 #bo_cate h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
-#bo_cate ul {margin-bottom:10px;padding-left:1px;width:728px;zoom:1}
+#bo_cate ul {margin-bottom:10px;padding-left:1px;zoom:1}
 #bo_cate ul:after {display:block;visibility:hidden;clear:both;content:""}
 #bo_cate li {float:left;margin-bottom:-1px}
 #bo_cate a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:90px;border:1px solid #ddd;background:#f7f7f7;color:#888;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
--- a/skin/search/basic/style.css
+++ b/skin/search/basic/style.css
@ -12,10 +12,10 @@
 #sch_res_ov dd {float:left;margin:0 10px 0 5px}
 #sch_res_ov p {float:right;margin:0;padding:0;line-height:1em}

-#sch_res_board {margin:0 0 10px;padding-left:1px;width:728px;list-style:none;zoom:1}
+#sch_res_board {margin:0 0 10px;padding-left:1px;list-style:none;zoom:1}
 #sch_res_board:after {display:block;visibility:hidden;clear:both;content:""}
 #sch_res_board li {float:left;margin-bottom:-1px}
-#sch_res_board a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:181px;border:1px solid #ddd;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
+#sch_res_board a {display:block;position:relative;margin-left:-1px;padding:6px 0 5px;width:180px;border:1px solid #ddd;text-align:center;letter-spacing:-0.1em;line-height:1.2em;cursor:pointer}
 #sch_res_board a:focus, #sch_res_board a:hover, #sch_res_board a:active {text-decoration:none}
 #sch_res_board .cnt_cmt {font-weight:normal !important}

--- a/tail.php
+++ b/tail.php
@ -38,27 +38,8 @@ if (G5_IS_MOBILE) {
 </div>

 <?php
-if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) {
-    $seq = 0;
-    $p = parse_url(G5_URL);
-    $href = $p['scheme'].'://'.$p['host'].$_SERVER['PHP_SELF'];
-    if($_SERVER['QUERY_STRING']) {
-        $sep = '?';
-        foreach($_GET as $key=>$val) {
-            if($key == 'device')
-                continue;
-
-            $href .= $sep.$key.'='.strip_tags($val);
-            $sep = '&amp;';
-            $seq++;
-        }
-    }
-    if($seq)
-        $href .= '&amp;device=mobile';
-    else
-        $href .= '?device=mobile';
-?>
-<a href="<?php echo $href; ?>" id="device_change">모바일 버전으로 보기</a>
+if(G5_DEVICE_BUTTON_DISPLAY && !G5_IS_MOBILE) { ?>
+<a href="<?php echo get_device_change_url(); ?>" id="device_change">모바일 버전으로 보기</a>
 <?php
 }