diff -urN zb41pl7/image_box.php zb41pl8/image_box.php
--- zb41pl7/image_box.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/image_box.php	2006-08-18 06:41:29.000000000 +0900
@@ -86,7 +86,7 @@
 
 				if($filesize) {
 					if(!is_uploaded_file($upload[$i])) Error("Á¤»óÀûÀÎ ¹æ¹ýÀ¸·Î ¾÷·Îµå ÇØÁÖ¼¼¿ä","window.close");
-					if(!eregi("\.gif",$upload_name[$i])&&!eregi("\.jpg",$upload_name[$i])) Error("À̹ÌÁö´Â gif ¶Ç´Â jpg ÆÄÀÏÀ» ¿Ã·ÁÁÖ¼¼¿ä");
+					if(!eregi("\.gif\$",$upload_name[$i])&&!eregi("\.jpg\$",$upload_name[$i])) Error("À̹ÌÁö´Â gif ¶Ç´Â jpg ÆÄÀÏÀ» ¿Ã·ÁÁÖ¼¼¿ä");
 					$size=GetImageSize($upload[$i]);
 					if(!$size[2]) Error("À̹ÌÁö ÆÄÀÏÀ» ¿Ã·ÁÁֽñ⠹ٶø´Ï´Ù");
 					if(!@move_uploaded_file($upload[$i] , $path."/".$upload_name[$i])) Error("À̹ÌÁö ¾÷·Îµå°¡ Á¦´ë·Î µÇÁö ¾Ê¾Ò½À´Ï´Ù");
diff -urN zb41pl7/lib.php zb41pl8/lib.php
--- zb41pl7/lib.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/lib.php	2006-08-18 06:41:29.000000000 +0900
@@ -2,7 +2,7 @@
 /******************************************************************************
  * Zeroboard library 
  *
- * ¸¶Áö¸· ¼öÁ¤ÀÏÀÚ : 2003. 8. 7
+ * ¸¶Áö¸· ¼öÁ¤ÀÏÀÚ : 2006. 3. 15
  * ÀÌ ÆÄÀϳ»ÀÇ ¸ðµç ÇÔ¼ö´Â ¿øÇϽô´ë·Î »ç¿ëÇϼŵµ µË´Ï´Ù.
  *
  * by zero (zero@nzeo.com)
@@ -13,17 +13,23 @@
     @header ("P3P : CP=\"ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC\"");
 
 	// ÇöÀç ¹öÁ¯
-	$zb_version = "4.1 pl7";
+	$zb_version = "4.1 pl8";
 
 	/*******************************************************************************
  	 * ¿¡·¯ ¸®Æ÷Æà ¼³Á¤°ú register_globals_onÀ϶§ º¯¼ö Àç Á¤ÀÇ
  	 ******************************************************************************/
  	@error_reporting(E_ALL ^ E_NOTICE);
-	@extract($HTTP_GET_VARS); 
+        foreach($HTTP_GET_VARS as $key=>$val) $$key = del_html($val);
 	@extract($HTTP_POST_VARS); 
 	@extract($HTTP_SERVER_VARS); 
 	@extract($HTTP_ENV_VARS);
 
+        $page = (int)$page;
+
+	$temp_filename=realpath(__FILE__);
+	if($temp_filename) $config_dir=eregi_replace("lib.php","",$temp_filename);
+	else $config_dir="";
+
 	/*******************************************************************************
  	 * ±âº» º¯¼ö ÃʱâÈ­. (phpÀÇ ¿À·ù°°Áö ¾ÊÀº ¿À·ù ¶§¹®¿¡;; ¤Ñ¤Ñ+)
  	 ******************************************************************************/
diff -urN zb41pl7/license.txt zb41pl8/license.txt
--- zb41pl7/license.txt	2005-04-04 18:11:07.000000000 +0900
+++ zb41pl8/license.txt	2006-03-15 19:10:51.000000000 +0900
@@ -3,7 +3,7 @@
 ¾Æ·¡ ¶óÀ̼¾½º¿¡ µ¿ÀÇÇϽô ºÐ¸¸ Á¦·Îº¸µå¸¦ »ç¿ëÇÒ¼ö ÀÖ½À´Ï´Ù.
     
 ÇÁ·Î±×·¥¸í : Zeroboard
-¹èÆ÷¹öÁ¯ : 4.1 pl 7 (2005. 4. 4)
+¹èÆ÷¹öÁ¯ : 4.1 pl 8 (2006. 3. 15)
 °³¹ßÀÚ : zero 
 Homepage : http://zeroboard.com
 
diff -urN zb41pl7/login_check.php zb41pl8/login_check.php
--- zb41pl7/login_check.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/login_check.php	2006-08-18 06:41:29.000000000 +0900
@@ -6,6 +6,11 @@
 	$user_id = trim($user_id);
 	$password = trim($password);
 
+        if(!get_magic_quotes_gpc()) {
+          $user_id = addslashes($user_id);
+          $password = addslashes($password);
+        }
+
 	if(!$user_id) Error("¾ÆÀ̵𸦠ÀÔ·ÂÇÏ¿© Áֽʽÿä");
 	if(!$password) Error("ºñ¹Ð¹øÈ£¸¦ ÀÔ·ÂÇÏ¿© Áֽʽÿä");
 
diff -urN zb41pl7/member_join_ok.php zb41pl8/member_join_ok.php
--- zb41pl7/member_join_ok.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/member_join_ok.php	2006-08-18 06:41:29.000000000 +0900
@@ -40,6 +40,11 @@
 // ºó¹®ÀÚ¿­ÀÎÁö¸¦ °Ë»ç
 	$user_id = str_replace("¤Ô","",$user_id);
 	$name = str_replace("¤Ô","",$name);
+
+        if(!get_magic_quotes_gpc()) {
+          $user_id = addslashes($user_id);
+          $password = addslashes($password);
+        }
 	
 	$user_id=trim($user_id);
 	if(isBlank($user_id)) Error("ID¸¦ ÀÔ·ÂÇÏ¼Å¾ß ÇÕ´Ï´Ù","");
diff -urN zb41pl7/member_memo.php zb41pl8/member_memo.php
--- zb41pl7/member_memo.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/member_memo.php	2006-08-18 06:41:29.000000000 +0900
@@ -16,13 +16,13 @@
 // »õÂÊÁö ¿Ô½À´Ï´Ù;; ¾Ë¶÷ ¾ø¾Ö±â
 	mysql_query("update $member_table set new_memo='0' where no='$member[no]'");
 
-// ÀÏÁÖÀÏ ³ÑÀº ±Û »èÁ¦;;
-	mysql_query("delete from $get_memo_table where (".time()." - reg_date) >= ".$_zbDefaultSetup[memo_limit_time]) or error(mysql_error());
+// ÁöÁ¤ ³ÑÀº ±Û »èÁ¦;;
+	mysql_query("delete from $get_memo_table where member_no='$member[no]' and (".time()." - reg_date) >= ".$_zbDefaultSetup[memo_limit_time]) or error(mysql_error());
 
 // ¼±ÅÃµÈ ¸Þ¸ð »èÁ¦;;;
 	if($exec=="del_all") {
 		for($i=0;$i<count($del);$i++) {
-			mysql_query("delete from $get_memo_table where no='$del[$i]'");
+			mysql_query("delete from $get_memo_table where no='$del[$i]' and member_no='$member[no]'");
 		}
 		mysql_close($connect);
 		movepage("$PHP_SELF?page=$page");
@@ -37,8 +37,7 @@
 
 // ¼±ÅÃµÈ ¸Þ¸ð°¡ ÀÖÀ»½Ã µ¥ÀÌŸ »Ì¾Æ¿À±â;;
 	if($no) {
-		$now_data=mysql_fetch_array(mysql_query("select a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, a.member_from as member_from, a.memo as memo from
-		$get_memo_table a, $member_table b where a.member_from=b.no and a.no='$no' and a.member_no='$member[no]'"));
+		$now_data=mysql_fetch_array(mysql_query("select * from $get_memo_table where no='$no' and member_no='$member[no]'"));
 		if($now_data[readed]==1) {
 			mysql_query("update $get_memo_table set readed='0' where no='$no' and member_no='$member[no]'");
 			$check=mysql_fetch_array(mysql_query("select count(*) from $get_memo_table where readed='1' and member_no='$member[no]'")); 
@@ -67,7 +66,7 @@
 	if($page>$total_page) $page=$total_page; // ÆäÀÌÁö°¡ Àüü ÆäÀÌÁöº¸´Ù Å©¸é ÆäÀÌÁö ¹øÈ£ ¹Ù²Þ
 
 // µ¥ÀÌŸ »Ì¾Æ¿À´Â ºÎºÐ... 
-	$que="select a.no as no, a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, a.member_from as member_from from $get_memo_table a ,$member_table b where a.member_no='$member[no]' and a.member_from=b.no  order by a.no desc limit $start_num,$page_num";
+	$que="select a.no as no, a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, b.user_id as user_id, a.member_from as member_from from $get_memo_table a ,$member_table b where a.member_no='$member[no]' and a.member_from=b.no  order by a.no desc limit $start_num,$page_num";
 	$result=mysql_query($que) or Error(mysql_error());
 
 // MySQL ´Ý±â 
@@ -136,7 +135,7 @@
 
 <!-- ¼±ÅÃµÈ ¸Þ¸ð°¡ ÀÖÀ»¶§;; -->
 <?
-	if($now_data[name]) {
+	if($now_data[no]) {
 
 		$temp_name = get_private_icon($now_data[member_from], "2");
 		if($temp_name) $now_data[name]="<img src='$temp_name' border=0 align=absmiddle>";
@@ -159,7 +158,7 @@
         <tr> 
           <td width="50" align="right"><img src="images/memo_from.gif" width="24" height="15"></td>
           <td><img src="images/t.gif" width="10" height="3"><br>
-            <a href=javascript:void(window.open('view_info.php?member_no=<?=$now_data[member_from]?>','view_info','width=400,height=500,toolbar=no,scrollbars=yes'))><?=stripslashes($now_data[name])?></a></td>
+            <a href=javascript:void(window.open('view_info.php?member_no=<?=$now_data[member_from]?>','view_info','width=400,height=500,toolbar=no,scrollbars=yes'))><?=stripslashes($now_data[name])?></a> <font style=font-size:8pt;>(<b>ID</b> : <?=$now_data['user_id']?>)</td>
         </tr>
         <tr> 
           <td colspan="2" bgcolor="#EBD9D9" align="center" style=padding:0px;><img src="images/t.gif" width="10" height="1"></td>
@@ -167,7 +166,7 @@
         <tr> 
           <td width="50" align="right"><img src="images/memo_subject.gif" width="35" height="15"></td>
           <td><img src="images/t.gif" width="10" height="3"><br>
-            <?=stripslashes($now_data[subject])?></td>
+            <?=stripslashes(del_html($now_data[subject]))?></td>
         </tr>
         <tr> 
           <td colspan="2" bgcolor="#EBD9D9" align="center" style=padding:0px;><img src="images/t.gif" width="10" height="1"></td>
@@ -244,7 +243,7 @@
 		$temp_name = get_private_icon($data[member_from], "1");
 		if($temp_name) $data[name]="<img src='$temp_name' border=0 align=absmiddle>&nbsp;".$data[name];
 		
-		$data[subject]=stripslashes($data[subject]);
+		$data[subject]=stripslashes(del_html($data[subject]));
 		$reg_date=date("Y/m/d H:i",$data[reg_date]);
 		if($data[readed]==0) $readed="<img src=images/memo_readed.gif>"; else $readed="<img src=images/memo_unread.gif>"
 ?>
@@ -259,7 +258,7 @@
           <td style='word-break:break-all;' style=cursor:hand; onclick=location.href="<?="$PHP_SELF?exec=view&no=$data[no]&page=$page"?>"><img src="images/t.gif" width="10" height="3"><br>
             <a href=<?="$PHP_SELF?exec=view&no=$data[no]&page=$page"?>><?=$data[subject]?></a></td>
           <td width="80" align="center"><img src="images/t.gif" width="10" height="3"><br>
-            <a href=javascript:void(window.open('view_info.php?member_no=<?=$data[member_from]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=$data[name]?></a></td>
+            <a href=javascript:void(window.open('view_info.php?member_no=<?=$data[member_from]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=$data[name]?></a><br><font style=font-size:8pt;color:999999>(<?=$data['user_id']?>)</td>
           <td width="60" align="center"><font style=font-family:Tahoma;font-size:8pt;><span title='<?=$reg_date?>'><? echo"".date("m/d",$data[reg_date])."" ?></span></font></td>
         </tr>
 <?
@@ -288,7 +287,7 @@
 </form>
 </tr>
 </table>
-
+<script>
 <?
 	foot();
 ?>
diff -urN zb41pl7/member_memo2.php zb41pl8/member_memo2.php
--- zb41pl7/member_memo2.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/member_memo2.php	2006-08-18 06:41:29.000000000 +0900
@@ -13,13 +13,13 @@
 // ±×·ìµ¥ÀÌŸ Àоî¿À±â;;
 	$group_data=mysql_fetch_array(mysql_query("select * from $group_table where no='$member[group_no]'"));
 
-// ÀÌÁÖÀÏ ³ÑÀº ±Û »èÁ¦;;
-	mysql_query("delete from $send_memo_table where (".time()." - reg_date) >= ".$_zbDefaultSetup[memo_limit_time]) or error(mysql_error());
+// ÁöÁ¤ ½Ã°£ÀÌ ³ÑÀº ±Û »èÁ¦;;
+	mysql_query("delete from $send_memo_table where member_no='$member[no]' and (".time()." - reg_date) >= ".$_zbDefaultSetup[memo_limit_time]) or error(mysql_error());
 
 // ¼±ÅÃµÈ ¸Þ¸ð »èÁ¦;;;
 	if($exec=="del_all") {
 		for($i=0;$i<count($del);$i++) {
-			mysql_query("delete from $send_memo_table where no='$del[$i]'");
+			mysql_query("delete from $send_memo_table where no='$del[$i]' and member_no='$member[no]'");
 		}
 		mysql_close($connect);
 		movepage("$PHP_SELF?page=$page");
@@ -34,7 +34,7 @@
 
 // ¼±ÅÃµÈ ¸Þ¸ð°¡ ÀÖÀ»½Ã µ¥ÀÌŸ »Ì¾Æ¿À±â;;
 	if($no) {
-		$now_data=mysql_fetch_array(mysql_query("select a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, a.member_to as member_to, a.memo as memo from $send_memo_table a, $member_table b where a.member_to=b.no and a.no='$no' and a.member_no='$member[no]'"));
+		$now_data=mysql_fetch_array(mysql_query("select * from $send_memo_table where no='$no' and member_no = '$member[no]'"));
 	}
 
 
@@ -57,7 +57,7 @@
 	if($page>$total_page) $page=$total_page; // ÆäÀÌÁö°¡ Àüü ÆäÀÌÁöº¸´Ù Å©¸é ÆäÀÌÁö ¹øÈ£ ¹Ù²Þ
 
 // µ¥ÀÌŸ »Ì¾Æ¿À´Â ºÎºÐ... 
-	$que="select a.no as no, a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, a.member_to as member_to from $send_memo_table a, $member_table b where a.member_to=b.no and a.member_no='$member[no]' order by a.no desc limit $start_num,$page_num";
+	$que="select a.no as no, a.subject as subject, a.reg_date as reg_date, a.readed as readed, b.name as name, b.user_id as user_id, a.member_to as member_to from $send_memo_table a ,$member_table b where a.member_no='$member[no]' and a.member_to=b.no  order by a.no desc limit $start_num,$page_num";
 	$result=mysql_query($que) or Error(mysql_error());
 
 // MySQL ´Ý±â
@@ -116,7 +116,7 @@
 </table>
 <table width="100%" border="0" cellspacing="0" cellpadding="5">
   <tr>
- <td>&nbsp;&nbsp;&nbsp;<a href=member_memo.php><img src=images/vi_B_inbox.gif border=0></a> <a href=member_memo2.php><img src=images/vi_B_sent.gif border=0></a> <a href=member_memo3.php><img src=images/vi_B_write.gif border=0></a></td>
+ <td nowrap>&nbsp;&nbsp;&nbsp;<a href=member_memo.php><img src=images/vi_B_inbox.gif border=0></a> <a href=member_memo2.php><img src=images/vi_B_sent.gif border=0></a> <a href=member_memo3.php><img src=images/vi_B_write.gif border=0></a></td>
     <td align=right><img src="images/t.gif" width="10" height="10"><font color="#666666">Àüü :
       <b><?=$total?></b> , ÀÐÁö ¾ÊÀº ÂÊÁö : <b><?=$new_total?></b></font>&nbsp;&nbsp;&nbsp;&nbsp;</td>
   </tr>
@@ -124,7 +124,7 @@
 
 <!-- ¼±ÅÃµÈ ¸Þ¸ð°¡ ÀÖÀ»¶§;; -->
 <?
- if($now_data[name]) {
+ if($now_data[no]) {
 	$temp_name = get_private_icon($now_data[member_to], "2");
 	if($temp_name) $now_data[name]="<img src='$temp_name' border=0 align=absmiddle>";
 	$temp_name = get_private_icon($now_data[member_to], "1");
@@ -147,7 +147,7 @@
         <tr>
           <td width="50" align="right"><img src="images/sm_to.gif"></td>
           <td><img src="images/t.gif" width="10" height="3"><br>
-            <a href=javascript:void(window.open('view_info.php?member_no=<?=$now_data[member_to]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=stripslashes($now_data[name])?></a></td>
+            <a href=javascript:void(window.open('view_info.php?member_no=<?=$now_data[member_to]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=stripslashes($now_data[name])?></a> <font style=font-size:8pt;>(<b>ID</b> : <?=$now_data['user_id']?>)</td>
         </tr>
         <tr>
           <td colspan="2" bgcolor="#EBD9D9" align="center" style=padding:0px;><img src="images/t.gif" width="10" height="1"></td>
@@ -155,7 +155,7 @@
         <tr>
           <td width="50" align="right"><img src="images/memo_subject.gif" width="35" height="15"></td>
           <td><img src="images/t.gif" width="10" height="3"><br>
-            <?=stripslashes($now_data[subject])?></td>
+            <?=stripslashes(del_html($now_data[subject]))?></td>
         </tr>
         <tr>
           <td colspan="2" bgcolor="#EBD9D9" align="center" style=padding:0px;><img src="images/t.gif" width="10" height="1"></td>
@@ -233,7 +233,7 @@
 		$temp_name = get_private_icon($data[member_to], "1");
 		if($temp_name) $data[name]="<img src='$temp_name' border=0 align=absmiddle>&nbsp;".$data[name];
 		
-		$data[subject]=stripslashes($data[subject]);
+		$data[subject]=stripslashes(del_html($data[subject]));
 		$reg_date=date("Y/m/d H:i",$data[reg_date]);
 		if($data[readed]==0) $readed="<img src=images/memo_readed.gif>"; else $readed="<img src=images/memo_unread.gif>"
 ?>
@@ -248,7 +248,7 @@
           <td style='word-break:break-all;' style=cursor:hand; onclick=location.href="<?="$PHP_SELF?exec=view&no=$data[no]&page=$page"?>"><img src="images/t.gif" width="10" height="3"><br>
             <a href=<?="$PHP_SELF?exec=view&no=$data[no]&page=$page"?>><?=$data[subject]?></a></td>
           <td width="80" align="center"><img src="images/t.gif" width="10" height="3"><br>
-            <a href=javascript:void(window.open('view_info.php?member_no=<?=$data[member_to]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=$data[name]?></a></td>
+            <a href=javascript:void(window.open('view_info.php?member_no=<?=$data[member_to]?>','view_info','width=400,height=510,toolbar=no,scrollbars=yes'))><?=$data[name]?></a><br><font style=font-size:8pt;color:999999>(<?=$data['user_id']?>)</td>
           <td width="60" align="center"><font style=font-family:Tahoma;font-size:8pt;><span title='<?=$reg_date?>'><? echo"".date("m/d",$data[reg_date])."" ?></span></font></td>
         </tr>
 
diff -urN zb41pl7/member_modify_ok.php zb41pl8/member_modify_ok.php
--- zb41pl7/member_modify_ok.php	2006-08-18 06:41:28.000000000 +0900
+++ zb41pl8/member_modify_ok.php	2006-08-18 06:41:29.000000000 +0900
@@ -23,22 +23,22 @@
 	if($check[0]>0) Error("ÀÌ¹Ì µî·ÏµÇ¾î ÀÖ´Â E-MailÀÔ´Ï´Ù");
 
 
-	$name = addslashes($name);
-	$job = addslashes($job);
-	$email = addslashes($email);
+	$name = addslashes(del_html($name));
+	$job = addslashes(del_html($job));
+	$email = addslashes(del_html($email));
 	if($_zbDefaultSetup[check_email]=="true"&&!mail_mx_check($email)) Error("ÀÔ·ÂÇϽŠ$email Àº Á¸ÀçÇÏÁö ¾Ê´Â ¸ÞÀÏÁÖ¼ÒÀÔ´Ï´Ù.<br>´Ù½Ã Çѹø È®ÀÎÇÏ¿© Áֽñ⠹ٶø´Ï´Ù.");
 	if(!eregi("http://",$homepage)&&$homepage) $homepage="http://$homepage";
-	$homepage = addslashes($homepage);
-	$birth = addslashes($birth);
-	$hobby = addslashes($hobby);
-	$icq = addslashes($icq);
-	$msn = addslashes($msn);
-	$home_address = addslashes($home_address);
-	$home_tel = addslashes($home_tel);
-	$office_address = addslashes($office_address);
-	$office_tel = addslashes($office_tel);
-	$handphone = addslashes($handphone);
-	$comment = addslashes($comment);
+	$homepage = addslashes(del_html($homepage));
+	$birth = addslashes(del_html($birth));
+	$hobby = addslashes(del_html($hobby));
+	$icq = addslashes(del_html($icq));
+	$msn = addslashes(del_html($msn));
+	$home_address = addslashes(del_html($home_address));
+	$home_tel = addslashes(del_html($home_tel));
+	$office_address = addslashes(del_html($office_address));
+	$office_tel = addslashes(del_html($office_tel));
+	$handphone = addslashes(del_html($handphone));
+	$comment = addslashes(del_html($comment));
 
 	$que="update $member_table set name='$name'";
 	if($password&&$password1&&$password==$password) $que.=" ,password=password('$password') ";
@@ -76,7 +76,7 @@
 
 	if($picture_name) {
 		if(!is_uploaded_file($picture)) Error("Á¤»óÀûÀÎ ¹æ¹ýÀ¸·Î ¾÷·Îµå ÇØÁÖ¼¼¿ä");
-		if(!eregi(".gif",$picture_name)&&!eregi(".jpg",$picture_name)) Error("»çÁøÀº gif ¶Ç´Â jpg ÆÄÀÏÀ» ¿Ã·ÁÁÖ¼¼¿ä");
+		if(!eregi(".gif\$",$picture_name)&&!eregi(".jpg\$",$picture_name)) Error("»çÁøÀº gif ¶Ç´Â jpg ÆÄÀÏÀ» ¿Ã·ÁÁÖ¼¼¿ä");
 		$size=GetImageSize($picture);
 		if($size[0]>200||$size[1]>200) Error("»çÁøÀÇ Å©±â´Â 200*200ÀÌÇÏ¿©¾ß ÇÕ´Ï´Ù");
 		$kind=array("","gif","jpg");