From 859e283746be0d4f1f0ef6d20b5edfbaaa38d6b9 Mon Sep 17 00:00:00 2001
From: bnu <bnufactory@gmail.com>
Date: Mon, 14 Sep 2015 14:43:02 +0900
Subject: [PATCH] =?UTF-8?q?fix=20#1747=20=EA=B0=A4=EB=9F=AC=EB=A6=AC=20?=
 =?UTF-8?q?=EC=BB=B4=ED=8F=AC=EB=84=8C=ED=8A=B8=EB=A5=BC=20=EC=9D=B4?=
 =?UTF-8?q?=EC=9A=A9=ED=95=9C=20CSRF=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../image_gallery/image_gallery.class.php        | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/modules/editor/components/image_gallery/image_gallery.class.php b/modules/editor/components/image_gallery/image_gallery.class.php
index 6fbea0f76..767c850e1 100644
--- a/modules/editor/components/image_gallery/image_gallery.class.php
+++ b/modules/editor/components/image_gallery/image_gallery.class.php
@@ -43,18 +43,24 @@ class image_gallery extends EditorHandler
 	 */
 	function transHTML($xml_obj)
 	{
-		$gallery_info = new stdClass;
-		$gallery_info->srl = rand(111111,999999);
-		$gallery_info->border_thickness = $xml_obj->attrs->border_thickness;
+		$gallery_info = new stdClass();
+		$gallery_info->srl = rand(111111, 999999);
+		$gallery_info->border_thickness = (int)$xml_obj->attrs->border_thickness;
 		$gallery_info->gallery_style = $xml_obj->attrs->gallery_style;
 		$color_preg = "/^([a-fA-F0-9]{6})/";
 		$gallery_info->border_color = preg_replace($color_preg,"#$1",$xml_obj->attrs->border_color);
 		$gallery_info->bg_color = preg_replace($color_preg,"#$1",$xml_obj->attrs->bg_color);
 		$gallery_info->gallery_align = $xml_obj->attrs->gallery_align;
 
+		if(!in_array($gallery_info->gallery_align, array('left', 'center', 'right'))) {
+			$gallery_info->gallery_align = 'center';
+		}
+
 		$images_list = $xml_obj->attrs->images_list;
-		$images_list = preg_replace('/\.(gif|jpg|jpeg|png) /i',".\\1\n",$images_list);
-		$gallery_info->images_list = explode("\n",trim($images_list));
+		$images_list = preg_replace('/\.(gif|jpe?g|png) /i', ".\\1\n", $images_list);
+		$images_list = explode("\n", trim($images_list));
+		$gallery_info->images_list = preg_grep("/^[a-z0-9\/]+\.(gif|jpe?g|png)+$/", $images_list);
+
 		// If you set the output to output the XML code generated a list of the image
 		if(Context::getResponseMethod() == 'XMLRPC')
 		{