Ensure more consistent operation of security checks

- 수상한 파일이 업로드되었을 때 isSuccessInit = false로 지정
- isSuccessInit = false인 경우 무조건 에러메시지 출력 (xpressengine/xe-core#2304)
- 보안정책 관련 에러메시지는 msg_security_violation으로 통일

classes/context/Context.class.php

@@ -1263,6 +1263,7 @@ class Context
 			{
 				if(!UploadFileFilter::check($tmp_name, $val['name']))
 				{
+					self::$_instance->isSuccessInit = false;
 					unset($_FILES[$key]);
 					continue;
 				}

classes/module/ModuleHandler.class.php

@@ -43,14 +43,10 @@ class ModuleHandler extends Handler
 		}
 
 		$oContext = Context::getInstance();
-		if($oContext->isSuccessInit == FALSE)
+		if($oContext->isSuccessInit === false)
 		{
-			$logged_info = Context::get('logged_info');
+			$this->error = 'msg_security_violation';
-			if($logged_info->is_admin != "Y")
+			return;
-			{
-				$this->error = 'msg_invalid_request';
-				return;
-			}
 		}
 
 		// Set variables from request arguments
@@ -70,26 +66,23 @@ class ModuleHandler extends Handler
         }
 
 		// Validate variables to prevent XSS
-		$isInvalid = NULL;
+		$isInvalid = false;
-		if($this->module && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->module))
+		if($this->module && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->module))
 		{
-			$isInvalid = TRUE;
+			$isInvalid = true;
 		}
-		if($this->mid && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->mid))
+		if($this->mid && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->mid))
 		{
-			$isInvalid = TRUE;
+			$isInvalid = true;
 		}
-		if($this->act && !preg_match("/^([a-z0-9\_\-]+)$/i", $this->act))
+		if($this->act && !preg_match('/^[a-zA-Z0-9_-]+$/', $this->act))
 		{
-			$isInvalid = TRUE;
+			$isInvalid = true;
 		}
 		if($isInvalid)
 		{
-			htmlHeader();
+			$this->error = 'msg_security_violation';
-			echo lang('msg_security_violation');
+			return;
-			htmlFooter();
-			Context::close();
-			exit;
 		}
 
 		if(isset($this->act) && (strlen($this->act) >= 4 && substr_compare($this->act, 'disp', 0, 4) === 0))