fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #836 compatibility with third-party modules that use document_srl for their own purposes

Browse source
This commit is contained in:
Kijin Sung 2017-05-30 12:48:52 +09:00
parent 11707a8821
commit 0be7e72fe5
2 changed files with 15 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

37
classes/module/ModuleHandler.class.php
View file

@ -198,22 +198,7 @@ class ModuleHandler extends Handler
if($this->document_srl) if($this->document_srl)
{ {
$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl); $module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
if($module_info)
// If the document does not exist, remove document_srl
if(!$module_info)
{
if(Context::getRequestMethod() == 'GET')
{
$this->error = 'The document does not exist';
$this->httpStatusCode = '404';
return true;
}
else
{
unset($this->document_srl);
}
}
else
{ {
// If it exists, compare mid based on the module information // If it exists, compare mid based on the module information
// if mids are not matching, set it as the document's mid // if mids are not matching, set it as the document's mid
@ -236,18 +221,18 @@ class ModuleHandler extends Handler
{ {
unset($module_info); unset($module_info);
} }
}
// if the secret document permission does not have, specify HTTP 403
if(Context::getRequestMethod() == 'GET') // Block access to secret or temporary documents.
if(Context::getRequestMethod() == 'GET')
{
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($this->document_srl);
if($oDocument->isSecret() || $oDocument->get('status') === $oDocumentModel->getConfigStatus('temp'))
{ {
$oDocumentModel = getModel('document'); if(!$oDocument->isGranted() && !$oDocument->isAccessible())
$oDocument = $oDocumentModel->getDocument($this->document_srl);
if($oDocument->isSecret() || $oDocument->get('status') === $oDocumentModel->getConfigStatus('temp'))
{ {
if(!$oDocument->isGranted() && !$oDocument->isAccessible()) $this->httpStatusCode = '403';
{
$this->httpStatusCode = '403';
}
} }
} }
} }

8
modules/board/board.view.php
View file

@ -291,7 +291,7 @@ class boardView extends board
{ {
// if the document is not existed, then alert a warning message // if the document is not existed, then alert a warning message
Context::set('document_srl','',true); Context::set('document_srl','',true);
$this->alertMessage('msg_not_founded'); $this->alertMessage('msg_not_founded', 404);
} }
/** /**
@ -312,7 +312,7 @@ class boardView extends board
{ {
$oDocument = $oDocumentModel->getDocument(0); $oDocument = $oDocumentModel->getDocument(0);
Context::set('document_srl','',true); Context::set('document_srl','',true);
$this->alertMessage('msg_not_permitted'); $this->alertMessage('msg_not_permitted', 403);
} }
else else
{ {
@ -1278,12 +1278,12 @@ class boardView extends board
* @brief the method for displaying the warning messages * @brief the method for displaying the warning messages
* display an error message if it has not a special design * display an error message if it has not a special design
**/ **/
function alertMessage($message) function alertMessage($message, $code = 403)
{ {
$script = sprintf('<script> jQuery(function(){ alert("%s"); } );</script>', lang($message)); $script = sprintf('<script> jQuery(function(){ alert("%s"); } );</script>', lang($message));
Context::addHtmlFooter($script); Context::addHtmlFooter($script);
$this->setHttpStatusCode(403); $this->setHttpStatusCode($code);
} }
} }