From 4ad43d052d60b7c320ec5e0cb3d74e0cc2702fea Mon Sep 17 00:00:00 2001
From: taggon <gonom9@gmail.com>
Date: Fri, 5 Nov 2010 07:31:21 +0000
Subject: [PATCH] =?UTF-8?q?#19191197=20=ED=8C=8C=EC=9D=BC=20=EC=9D=B4?=
 =?UTF-8?q?=EB=A6=84=EC=97=90=20#=EB=93=B1=EC=9D=98=20=ED=8A=B9=EC=88=98?=
 =?UTF-8?q?=EB=AC=B8=EC=9E=90=EA=B0=80=20=ED=8F=AC=ED=95=A8=EB=90=98?=
 =?UTF-8?q?=EB=A9=B4=20=EB=8B=A4=EC=9A=B4=EB=A1=9C=EB=93=9C=EA=B0=80=20?=
 =?UTF-8?q?=EB=90=98=EC=A7=80=20=EC=95=8A=EB=8D=98=20=EB=B2=84=EA=B7=B8=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@7809 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/file/file.controller.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 2d17fd1f1..eca656d8c 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -21,6 +21,11 @@
          * sync이상없도록 함
          **/
         function procFileUpload() {
+            $file_info = Context::get('Filedata');
+
+            // 정상적으로 업로드된 파일이 아니면 오류 출력
+            if(!is_uploaded_file($file_info['tmp_name'])) exit();
+
             // 기본적으로 필요한 변수 설정
             $oFileModel = &getModel('file');
             $editor_sequence = Context::get('editor_sequence');
@@ -36,10 +41,6 @@
             // 세션정보에도 정의되지 않았다면 새로 생성
             if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
 
-            $file_info = Context::get('Filedata');
-
-            // 정상적으로 업로드된 파일이 아니면 오류 출력
-            if(!is_uploaded_file($file_info['tmp_name'])) exit();
 
             return $this->insertFile($file_info, $module_srl, $upload_target_srl);
         }
@@ -403,10 +404,13 @@
                 $file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']);
 
                 $path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
-                $filename = $path.$file_info['name'];
+
+				// 파일 이름에서 특수문자를 _로 변환
+				$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
+                $filename  = $path.$_filename;
                 $idx = 1;
                 while(file_exists($filename)) {
-                    $filename = $path.preg_replace('/\.([a-z0-9]+)$/i','_'.$idx.'.$1',$file_info['name']);
+                    $filename = $path.preg_replace('/\.([a-z0-9]+)$/i','_'.$idx.'.$1',$_filename);
                     $idx++;
                 }
                 $direct_download = 'Y';