fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-22 20:59:55 +09:00
Code Issues Projects Releases Packages Wiki Activity

글작성/댓글작성/서명부분의 위지윅에디터 코드의 자바스크립트/iframe 제거 기능 추가

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/trunk@2233 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
zero 2007-08-07 06:21:53 +00:00
parent d7aa8157a6
commit 07d5c1c017
5 changed files with 23 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config/func.inc.php
View file

@ -346,4 +346,16 @@
return preg_replace('/%u([[:alnum:]]{4})/', '&#x\\1;',$str);
}
/**
* @brief iframe, script코드 제거
**/
function removeHackTag($content) {
// iframe 제거
$content = preg_replace("!<iframe(.*?)<\/iframe>!is","",$content);
// script code 제거
$content = preg_replace("!<script(.*?)<\/script>!is","",$content);
return $content;
}
?>

4
modules/comment/comment.controller.php
View file

@ -25,6 +25,7 @@
* @brief 댓글 입력
**/
function insertComment($obj, $manual_inserted = false) {
$obj->content = removeHackTag($obj->content);
// document_srl에 해당하는 글이 있는지 확인
$document_srl = $obj->document_srl;
@ -33,6 +34,7 @@
// document model 객체 생성
$oDocumentModel = &getModel('document');
// 원본글을 가져옴
if(!$manual_inserted) {
$oDocument = $oDocumentModel->getDocument($document_srl);
@ -106,6 +108,8 @@
* @brief 댓글 수정
**/
function updateComment($obj, $is_admin = false) {
$obj->content = removeHackTag($obj->content);
// comment model 객체 생성
$oCommentModel = &getModel('comment');

4
modules/document/document.controller.php
View file

@ -38,6 +38,9 @@
if($obj->homepage && !eregi('^http:\/\/',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage;
if($obj->notify_message != "Y") $obj->notify_message = "N";
// 내용의 경우 javascript, iframe제거
$obj->content = removeHackTag($obj->content);
// 자동저장용 필드 제거
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
@ -129,6 +132,7 @@
if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N';
if($obj->homepage && !eregi('^http:\/\/',$obj->homepage)) $obj->homepage = 'http://'.$obj->homepage;
if($obj->notify_message != "Y") $obj->notify_message = "N";
$obj->content = removeHackTag($obj->content);
// 자동저장용 필드 제거
unset($obj->_saved_doc_srl);

3
modules/document/document.item.php
View file

@ -152,9 +152,7 @@
$_SESSION['accessible'][$this->document_srl] = true;
$content = $this->get('content');
$content = preg_replace("!<iframe(.*?)<\/iframe>!is","",$content);
return htmlspecialchars($content);
}
@ -164,7 +162,6 @@
$_SESSION['accessible'][$this->document_srl] = true;
$content = $this->get('content');
$content = preg_replace("!<iframe(.*?)<\/iframe>!is","",$content);
return sprintf('<!--BeforeDocument(%d,%d)-->%s<!--AfterDocument(%d,%d)-->', $this->document_srl, $this->get('member_srl'), $content, $this->document_srl, $this->get('member_srl'));
}

3
modules/member/member.controller.php
View file

@ -163,6 +163,8 @@
}
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true) {
$content = removeHackTag($content);
// 보내는 사용자의 쪽지함에 넣을 쪽지
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
@ -812,6 +814,7 @@
* @brief 서명을 파일로 저장
**/
function putSignature($member_srl, $signature) {
$signature = removeHackTag($signature);
$path = sprintf('files/attach/member_extra_info/signature/%s/', getNumberingPath($member_srl));
$filename = sprintf('%s%d.signature.php', $path, $member_srl);
if(!trim($signature) || trim(strtolower($signature))=='<br>') return @unlink($filename);