fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

merge changes of luminous to maserati (~r12676)

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@12680 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko 2013-02-04 08:09:07 +00:00
commit 0f04bd3f92
50 changed files with 784 additions and 265 deletions
Download patch file Download diff file Expand all files Collapse all files

106
classes/context/Context.class.php
View file

@ -118,6 +118,20 @@ class Context
* @var bool true if attached file exists
*/
var $is_uploaded = false;
/**
* Pattern for request vars check
* @var array
*/
var $patterns = array(
'/<\?/iUsm',
'/<\%/iUsm',
'/<script\s*?language\s*?=\s*?("|\')?\s*?php\s*("|\')?/iUsm'
);
/**
* Check init
* @var bool false if init fail
*/
var $isSuccessInit = true;
/**
* returns static context object (Singleton). It's to use Context without declaration of an object
@ -798,56 +812,63 @@ class Context
$obj = clone($source_obj);
foreach($charset_list as $charset)
foreach($charset_list as $charset)
{
$flag = true;
foreach($obj as $key=>$val)
{
if(!$val) continue;
if(!is_array($val) && iconv($charset,$charset,$val)!=$val) $flag = false;
else if(is_array($val))
{
$userdata = array('charset1'=>$charset,'charset2'=>$charset,'useFlag'=>true);
Context::arrayConvWalkCallback($val,null,$userdata);
if($userdata['returnFlag'] === false) $flag = false;
}
}
array_walk($obj,'Context::checkConvertFlag',$charset);
$flag = Context::checkConvertFlag($flag = true);
if($flag)
{
if($charset == 'UTF-8') return $obj;
foreach($obj as $key => $val)
{
if(!is_array($val)) $obj->{$key} = iconv($charset,'UTF-8',$val);
else Context::arrayConvWalkCallback($val,null,array($charset,'UTF-8'));
}
array_walk($obj,'Context::doConvertEncoding',$charset);
return $obj;
}
}
return $obj;
}
/**
* Check flag
*
* @param mixed $val
* @param string $key
* @param mixed $charset charset
* @see arrayConvWalkCallback will replaced array_walk_recursive in >=PHP5
* @return void
*/
function checkConvertFlag(&$val, $key = null, $charset = null)
{
static $flag = true;
if($charset)
{
if(is_array($val))
array_walk($val,'Context::checkConvertFlag',$charset);
else if($val && iconv($charset,$charset,$val)!=$val) $flag = false;
else $flag = false;
}
else
{
$return = $flag;
$flag = true;
return $return;
}
}
/**
* Convert array type variables into UTF-8
*
* @param mixed $val
* @param string $key
* @param mixed $userdata charset1 charset2 useFlag retrunFlag
* @param string $charset character set
* @see arrayConvWalkCallback will replaced array_walk_recursive in >=PHP5
* @return object converted object
*/
function arrayConvWalkCallback(&$val, $key = null, &$userdata)
function doConvertEncoding(&$val, $key = null, $charset)
{
if (is_array($val)) array_walk($val,'Context::arrayConvWalkCallback', $userdata);
else
if (is_array($val))
{
if(!$userdata['useFlag']) $val = iconv($userdata['charset1'],$userdata['charset2'],$val);
else
{
if(iconv($charset,$charset,$val)!=$val) $userdata['returnFlag'] = (bool)false;
}
array_walk($val,'Context::doConvertEncoding',$charset);
}
else $val = iconv($charset,'UTF-8',$val);
}
/**
@ -934,15 +955,36 @@ class Context
if($set_to_vars)
{
$val = preg_replace('/<\?/i', '', $val);
$val = preg_replace('/<\%/i', '', $val);
$val = preg_replace('/<script\s+language\s*=\s*("|\')php("|\')\s*>/ism', '', $val);
$this->_recursiveCheckVar($val);
}
$this->set($key, $val, $set_to_vars);
}
}
function _recursiveCheckVar($val)
{
if(is_string($val))
{
foreach($this->patterns as $pattern)
{
$result = preg_match($pattern, $val);
if($result)
{
$this->isSuccessInit = FALSE;
return;
}
}
}
else if(is_array($val))
{
foreach($val as $val2)
{
$this->_recursiveCheckVar($val2);
}
}
}
/**
* Handle request arguments for JSON
*

111
classes/db/DB.class.php
View file

@ -14,6 +14,7 @@ if(!defined('__XE_LOADED_DB_CLASS__'))
require(_XE_PATH_.'classes/db/queryparts/expression/InsertExpression.class.php');
require(_XE_PATH_.'classes/db/queryparts/expression/UpdateExpression.class.php');
require(_XE_PATH_.'classes/db/queryparts/expression/UpdateExpressionWithoutArgument.class.php');
require(_XE_PATH_.'classes/db/queryparts/expression/ClickCountExpression.class.php');
require(_XE_PATH_.'classes/db/queryparts/table/Table.class.php');
require(_XE_PATH_.'classes/db/queryparts/table/JoinTable.class.php');
require(_XE_PATH_.'classes/db/queryparts/table/CubridTableWithHint.class.php');
@ -123,9 +124,9 @@ class DB
* transaction flag
* @var boolean
*/
var $transaction_started = false;
var $transaction_started = FALSE;
var $is_connected = false;
var $is_connected = FALSE;
/**
* returns enable list in supported dbms list
@ -269,7 +270,7 @@ class DB
$get_supported_list = array();
$db_classes_path = _XE_PATH_."classes/db/";
$filter = "/^DB([^\.]+)\.class\.php/i";
$supported_list = FileHandler::readDir($db_classes_path, $filter, true);
$supported_list = FileHandler::readDir($db_classes_path, $filter, TRUE);
// after creating instance of class, check is supported
for($i = 0; $i < count($supported_list); $i++)
@ -289,9 +290,9 @@ class DB
if(!$oDB) continue;
$obj = null;
$obj = NULL;
$obj->db_type = $db_type;
$obj->enable = $oDB->isSupported() ? true : false;
$obj->enable = $oDB->isSupported() ? TRUE : FALSE;
$get_supported_list[] = $obj;
}
@ -352,8 +353,8 @@ class DB
*/
function isConnected($type = 'master', $indx = 0)
{
if($type == 'master') return $this->master_db["is_connected"] ? true : false;
else return $this->slave_db[$indx]["is_connected"] ? true : false;
if($type == 'master') return $this->master_db["is_connected"] ? TRUE : FALSE;
else return $this->slave_db[$indx]["is_connected"] ? TRUE : FALSE;
}
/**
@ -402,7 +403,7 @@ class DB
$debug_file = _XE_PATH_."files/_debug_db_query.php";
$buff = array();
if(!file_exists($debug_file)) $buff[] = '<?php exit(); ?>';
$buff[] = print_r($log, true);
$buff[] = print_r($log, TRUE);
if(@!$fp = fopen($debug_file, "a")) return;
fwrite($fp, implode("\n", $buff)."\n\n");
@ -453,7 +454,7 @@ class DB
*/
function isError()
{
return $this->errno === 0 ? false : true;
return $this->errno === 0 ? FALSE : TRUE;
}
/**
@ -617,8 +618,8 @@ class DB
*/
function getCountCache($tables, $condition)
{
return false;
if(!$tables) return false;
return FALSE;
if(!$tables) return FALSE;
if(!is_dir($this->count_cache_path)) return FileHandler::makeDir($this->count_cache_path);
$condition = md5($condition);
@ -630,7 +631,7 @@ class DB
if(!is_dir($cache_path)) FileHandler::makeDir($cache_path);
$cache_filename = sprintf('%s/%s.%s', $cache_path, $tables_str, $condition);
if(!file_exists($cache_filename)) return false;
if(!file_exists($cache_filename)) return FALSE;
$cache_mtime = filemtime($cache_filename);
@ -638,7 +639,7 @@ class DB
foreach($tables as $alias => $table)
{
$table_filename = sprintf('%s/cache.%s%s', $this->count_cache_path, $this->prefix, $table) ;
if(!file_exists($table_filename) || filemtime($table_filename) > $cache_mtime) return false;
if(!file_exists($table_filename) || filemtime($table_filename) > $cache_mtime) return FALSE;
}
$count = (int)FileHandler::readFile($cache_filename);
@ -654,8 +655,8 @@ class DB
*/
function putCountCache($tables, $condition, $count = 0)
{
return false;
if(!$tables) return false;
return FALSE;
if(!$tables) return FALSE;
if(!is_dir($this->count_cache_path)) return FileHandler::makeDir($this->count_cache_path);
$condition = md5($condition);
@ -678,8 +679,8 @@ class DB
*/
function resetCountCache($tables)
{
return false;
if(!$tables) return false;
return FALSE;
if(!$tables) return FALSE;
if(!is_dir($this->count_cache_path)) return FileHandler::makeDir($this->count_cache_path);
if(!is_array($tables)) $tables = array($tables);
@ -690,7 +691,7 @@ class DB
FileHandler::writeFile($filename, '');
}
return true;
return TRUE;
}
/**
@ -730,7 +731,7 @@ class DB
* @param boolean $with_values
* @return string
*/
function getSelectSql($query, $with_values = true)
function getSelectSql($query, $with_values = TRUE)
{
$select = $query->getSelectString($with_values);
if($select == '') return new Object(-1, "Invalid query");
@ -766,6 +767,36 @@ class DB
return $select . ' ' . $from . ' ' . $where . ' ' . $index_hint_list . ' ' . $groupBy . ' ' . $orderBy . ' ' . $limit;
}
/**
* Given a SELECT statement that uses click count
* returns the corresponding update sql string
* for databases that don't have click count support built in
* (aka all besides CUBRID)
*
* Function does not check if click count columns exist!
* You must call $query->usesClickCount() before using this function
*
* @param $queryObject
*/
function getClickCountQuery($queryObject)
{
$new_update_columns = array();
$click_count_columns = $queryObject->getClickCountColumns();
foreach($click_count_columns as $click_count_column)
{
$click_count_column_name = $click_count_column->column_name;
$increase_by_1 = new Argument($click_count_column_name, null);
$increase_by_1->setColumnOperation('+');
$increase_by_1->ensureDefaultValue(1);
$update_expression = new UpdateExpression($click_count_column_name, $increase_by_1);
$new_update_columns[] = $update_expression;
}
$queryObject->columns = $new_update_columns;
return $queryObject;
}
/**
* Return delete query string
* @param object $query
@ -773,7 +804,7 @@ class DB
* @param boolean $with_priority
* @return string
*/
function getDeleteSql($query, $with_values = true, $with_priority = false)
function getDeleteSql($query, $with_values = TRUE, $with_priority = FALSE)
{
$sql = 'DELETE ';
@ -799,7 +830,7 @@ class DB
* @param boolean $with_priority
* @return string
*/
function getUpdateSql($query, $with_values = true, $with_priority = false)
function getUpdateSql($query, $with_values = TRUE, $with_priority = FALSE)
{
$columnsList = $query->getUpdateString($with_values);
if($columnsList == '') return new Object(-1, "Invalid query");
@ -822,7 +853,7 @@ class DB
* @param boolean $with_priority
* @return string
*/
function getInsertSql($query, $with_values = true, $with_priority = false)
function getInsertSql($query, $with_values = TRUE, $with_priority = FALSE)
{
$tableName = $query->getFirstTableName();
$values = $query->getInsertString($with_values);
@ -875,10 +906,10 @@ class DB
function _dbInfoExists()
{
if (!$this->master_db)
return false;
return FALSE;
if (count($this->slave_db) === 0)
return false;
return true;
return FALSE;
return TRUE;
}
/**
@ -910,7 +941,7 @@ class DB
$this->_close($connection["resource"]);
$connection["is_connected"] = false;
$connection["is_connected"] = FALSE;
}
/**
@ -920,7 +951,7 @@ class DB
*/
function _begin()
{
return true;
return TRUE;
}
/**
@ -933,7 +964,7 @@ class DB
return;
if($this->_begin())
$this->transaction_started = true;
$this->transaction_started = TRUE;
}
/**
@ -943,7 +974,7 @@ class DB
*/
function _rollback()
{
return true;
return TRUE;
}
/**
@ -955,7 +986,7 @@ class DB
if (!$this->isConnected() || !$this->transaction_started)
return;
if($this->_rollback())
$this->transaction_started = false;
$this->transaction_started = FALSE;
}
/**
@ -965,7 +996,7 @@ class DB
*/
function _commit()
{
return true;
return TRUE;
}
/**
@ -973,12 +1004,12 @@ class DB
* @param boolean $force regardless transaction start status or connect status, forced to commit
* @return void
*/
function commit($force = false)
function commit($force = FALSE)
{
if (!$force && (!$this->isConnected() || !$this->transaction_started))
return;
if($this->_commit())
$this->transaction_started = false;
$this->transaction_started = FALSE;
}
/**
@ -1000,9 +1031,9 @@ class DB
* @param resource $connection
* @return resource
*/
function _query($query, $connection = null)
function _query($query, $connection = NULL)
{
if($connection == null)
if($connection == NULL)
$connection = $this->_getConnection('master');
// Notify to start a query execution
$this->actStart($query);
@ -1082,15 +1113,15 @@ class DB
$connection = &$this->slave_db[$indx];
$result = $this->__connect($connection);
if($result === NULL || $result === false)
if($result === NULL || $result === FALSE)
{
$connection["is_connected"] = false;
$connection["is_connected"] = FALSE;
return;
}
// Check connections
$connection["resource"] = $result;
$connection["is_connected"] = true;
$connection["is_connected"] = TRUE;
// Save connection info for db logs
$this->connection = ucfirst($type) . ' ' . $connection["db_hostname"];
@ -1132,9 +1163,9 @@ class DB
* @param boolean $force force load DBParser instance
* @return DBParser
*/
function &getParser($force = false)
function &getParser($force = FALSE)
{
static $dbParser = null;
static $dbParser = NULL;
if(!$dbParser || $force)
{
$oDB = &DB::getInstance();

6
classes/db/DBMssql.class.php
View file

@ -767,6 +767,12 @@ class DBMssql extends DB
$buff->data = array();
$buff->page_navigation = new PageHandler($total_count, $total_page, $page, $page_count);
return $buff;
if($queryObject->usesClickCount())
{
$update_query = $this->getClickCountQuery($queryObject);
$this->_executeUpdateAct($update_query);
}
}
$start_count = ($page - 1) * $list_count;

7
classes/db/DBMysql.class.php
View file

@ -545,6 +545,13 @@ class DBMysql extends DB
$data = $this->_fetch($result);
$buff = new Object ();
$buff->data = $data;
if($queryObject->usesClickCount())
{
$update_query = $this->getClickCountQuery($queryObject);
$this->_executeUpdateAct($update_query, $with_values);
}
return $buff;
}
}

59
classes/db/queryparts/Query.class.php
View file

@ -57,13 +57,13 @@ class Query extends Object
* argument list
* @var array
*/
var $arguments = null;
var $arguments = NULL;
/**
* column list
* @var array
*/
var $columnList = null;
var $columnList = NULL;
/**
* order by text
@ -84,15 +84,15 @@ class Query extends Object
* @param string $priority
* @return void
*/
function Query($queryID = null
, $action = null
, $columns = null
, $tables = null
, $conditions = null
, $groups = null
, $orderby = null
, $limit = null
, $priority = null)
function Query($queryID = NULL
, $action = NULL
, $columns = NULL
, $tables = NULL
, $conditions = NULL
, $groups = NULL
, $orderby = NULL
, $limit = NULL
, $priority = NULL)
{
$this->queryID = $queryID;
$this->action = $action;
@ -109,7 +109,7 @@ class Query extends Object
function show()
{
return true;
return TRUE;
}
function setQueryId($queryID)
@ -162,7 +162,7 @@ class Query extends Object
{
if(!isset($tables) || count($tables) === 0)
{
$this->setError(true);
$this->setError(TRUE);
$this->setMessage("You must provide at least one table for the query.");
return;
}
@ -217,7 +217,7 @@ class Query extends Object
* @param string|array $columns
* @return Query return Query instance
*/
function select($columns= null)
function select($columns= NULL)
{
$this->action = 'select';
$this->setColumns($columns);
@ -290,12 +290,33 @@ class Query extends Object
return $this->priority?'LOW_PRIORITY':'';
}
/**
* Check if current query uses the click count attribute
* For CUBRID, this statement uses the click count feature.
* For the other databases, using this attribute causes a query
* to produce both a select and an update
*/
function usesClickCount()
{
return count($this->getClickCountColumns()) > 0;
}
function getClickCountColumns()
{
$click_count_columns = array();
foreach($this->columns as $column){
if($column->show() && is_a($column, 'ClickCountExpression'))
$click_count_columns[] = $column;
}
return $click_count_columns;
}
/**
* Return select sql
* @param boolean $with_values
* @return string
*/
function getSelectString($with_values = true)
function getSelectString($with_values = TRUE)
{
foreach($this->columns as $column)
{
@ -315,7 +336,7 @@ class Query extends Object
* @param boolean $with_values
* @return string
*/
function getUpdateString($with_values = true)
function getUpdateString($with_values = TRUE)
{
foreach($this->columns as $column)
{
@ -330,7 +351,7 @@ class Query extends Object
* @param boolean $with_values
* @return string
*/
function getInsertString($with_values = true)
function getInsertString($with_values = TRUE)
{
$columnsList = '';
// means we have insert-select
@ -374,7 +395,7 @@ class Query extends Object
* @param boolean $with_values
* @return string
*/
function getFromString($with_values = true)
function getFromString($with_values = TRUE)
{
$from = '';
$simple_table_count = 0;
@ -397,7 +418,7 @@ class Query extends Object
* @param boolean $with_optimization
* @return string
*/
function getWhereString($with_values = true, $with_optimization = true)
function getWhereString($with_values = TRUE, $with_optimization = TRUE)
{
$where = '';
$condition_count = 0;

13
classes/db/queryparts/expression/ClickCountExpression.class.php
View file

@ -26,9 +26,8 @@ class ClickCountExpression extends SelectExpression
if(!is_bool($click_count))
{
error_log("Click_count value for $column_name was not boolean", 0);
// error_log("Click_count value for $column_name was not boolean", 0);
$this->click_count = false;
return;
}
$this->click_count = $click_count;
}
@ -44,7 +43,15 @@ class ClickCountExpression extends SelectExpression
*/
function getExpression()
{
return "$this->column_name = $this->column_name + 1";
$db_type = Context::getDBType();
if($db_type == 'cubrid')
{
return "INCR($this->column_name)";
}
else
{
return "$this->column_name";
}
}
}

77
classes/frontendfile/FrontEndFileHandler.class.php
View file

@ -2,7 +2,7 @@
/**
* Handle front end files
* @author NHN (developers@xpressengine.com)
*/
**/
class FrontEndFileHandler extends Handler
{
/**
@ -91,40 +91,41 @@ class FrontEndFileHandler extends Handler
* @param string $cdnPrefix CDN url prefix. (http://static.xpressengine.com/core/)
* @param string $cdnVersion CDN version string (ardent1)
* @return void
*/
**/
function loadFile($args, $useCdn = false, $cdnPrefix = '', $cdnVersion = '')
{
if (!is_array($args)) $args = array($args);
$pathInfo = pathinfo($args[0]);
$file = new stdClass();
$file->fileName = $pathInfo['basename'];
$file->filePath = $this->_getAbsFileUrl($pathInfo['dirname']);
$file->fileRealPath = FileHandler::getRealPath($pathInfo['dirname']);
$file->fileExtension = strtolower($pathInfo['extension']);
$file->fileNameNoExt = preg_replace("/\.{$file->fileExtension}$/", '', $file->fileName);
$file->fileNameNoExt = preg_replace('/\.min$/', '', $pathInfo['filename']);
$file->keyName = implode('.', array($file->fileNameNoExt, $file->fileExtension));
// Remove .min
$file->fileNameNoExt = preg_replace("/\.min$/", '', $file->fileNameNoExt);
$file->fileName = $file->keyName = "{$file->fileNameNoExt}.{$file->fileExtension}";
// if no debug mode load minified file
if(!__DEBUG__)
if(strpos($file->filePath, '://') === FALSE)
{
$tmp = "{$file->fileNameNoExt}.min.{$file->fileExtension}";
if(file_exists("{$file->fileRealPath}/{$tmp}"))
if(!__DEBUG__)
{
$file->fileName = $tmp;
$file->useMin = TRUE;
// if no debug mode, load minifed file
$minifiedFileName = implode('.', array($file->fileNameNoExt, 'min', $file->fileExtension));
$minifiedRealPath = implode('/', array($file->fileRealPath, $minifiedFileName));
if(file_exists($minifiedRealPath))
{
$file->fileName = $minifiedFileName;
}
}
else
{
// Remove .min
if(file_exists(implode('/', array($file->fileRealPath, $file->keyName))))
{
$file->fileName = $file->keyName;
}
}
}
if(!$file->useMin && !file_exists("{$file->fileRealPath}/{$file->fileName}"))
{
$file->fileName = "{$file->fileNameNoExt}.min.{$file->fileExtension}";
}
if(strpos($file->filePath, '://') == false)
{
$file->useCdn = $useCdn;
$file->cdnPath = $this->_normalizeFilePath($pathInfo['dirname']);
$file->cdnPrefix = $cdnPrefix;
@ -132,25 +133,25 @@ class FrontEndFileHandler extends Handler
}
$availableExtension = array('css'=>1, 'js'=>1);
if(!isset($availableExtension[$file->fileExtension])) return;
if (!isset($availableExtension[$file->fileExtension])) return;
$file->targetIe = $args[2];
$file->index = (int)$args[3];
if($file->fileExtension == 'css')
if ($file->fileExtension == 'css')
{
$file->media = $args[1];
if(!$file->media) $file->media = 'all';
if (!$file->media) $file->media = 'all';
$map = &$this->cssMap;
$mapIndex = &$this->cssMapIndex;
$key = $file->filePath . $file->keyName . "\t" . $file->targetIe . "\t" . $file->media;
$this->_arrangeCssIndex($pathInfo['dirname'], $file);
}
else if($file->fileExtension == 'js')
else if ($file->fileExtension == 'js')
{
$type = $args[1];
if($type == 'body')
if ($type == 'body')
{
$map = &$this->jsBodyMap;
$mapIndex = &$this->jsBodyMapIndex;
@ -164,7 +165,7 @@ class FrontEndFileHandler extends Handler
}
(is_null($file->index))?$file->index=0:$file->index=$file->index;
if(!isset($map[$file->index][$key]) || $mapIndex[$key] > $file->index)
if (!isset($map[$file->index][$key]) || $mapIndex[$key] > $file->index)
{
$this->unloadFile($args[0], $args[2], $args[1]);
$map[$file->index][$key] = $file;
@ -188,7 +189,7 @@ class FrontEndFileHandler extends Handler
$fileExtension = strtolower($pathInfo['extension']);
$key = $filePath . $fileName . "\t" . $targetIe;
if($fileExtension == 'css')
if ($fileExtension == 'css')
{
if(empty($media))
{
@ -196,7 +197,7 @@ class FrontEndFileHandler extends Handler
}
$key .= "\t" . $media;
if(isset($this->cssMapIndex[$key]))
if (isset($this->cssMapIndex[$key]))
{
$index = $this->cssMapIndex[$key];
unset($this->cssMap[$index][$key]);
@ -205,13 +206,13 @@ class FrontEndFileHandler extends Handler
}
else
{
if(isset($this->jsHeadMapIndex[$key]))
if (isset($this->jsHeadMapIndex[$key]))
{
$index = $this->jsHeadMapIndex[$key];
unset($this->jsHeadMap[$index][$key]);
unset($this->jsHeadMapIndex[$key]);
}
if(isset($this->jsBodyMapIndex[$key]))
if (isset($this->jsBodyMapIndex[$key]))
{
$index = $this->jsBodyMapIndex[$key];
unset($this->jsBodyMap[$index][$key]);
@ -228,13 +229,13 @@ class FrontEndFileHandler extends Handler
*/
function unloadAllFiles($type = 'all')
{
if($type == 'css' || $type == 'all')
if ($type == 'css' || $type == 'all')
{
$this->cssMap = array();
$this->cssMapIndex = array();
}
if($type == 'js' || $type == 'all')
if ($type == 'js' || $type == 'all')
{
$this->jsHeadMap = array();
$this->jsBodyMap = array();
@ -263,7 +264,7 @@ class FrontEndFileHandler extends Handler
{
foreach($indexedMap as $file)
{
if($this->isSsl() == false && $useCdn == 'Y' && $file->useCdn && $file->cdnVersion != '%__XE_CDN_VERSION__%')
if ($this->isSsl() == false && $useCdn == 'Y' && $file->useCdn && $file->cdnVersion != '%__XE_CDN_VERSION__%')
{
$fullFilePath = $file->cdnPrefix . $file->cdnVersion . '/' . substr($file->cdnPath, 2) . '/' . $file->fileName;
}
@ -287,7 +288,7 @@ class FrontEndFileHandler extends Handler
*/
function getJsFileList($type = 'head')
{
if($type == 'head')
if ($type == 'head')
{
$map = &$this->jsHeadMap;
$mapIndex = &$this->jsHeadMapIndex;
@ -308,7 +309,7 @@ class FrontEndFileHandler extends Handler
{
foreach($indexedMap as $file)
{
if($this->isSsl() == false && $useCdn == 'Y' && $file->useCdn && $file->cdnVersion != '%__XE_CDN_VERSION__%')
if ($this->isSsl() == false && $useCdn == 'Y' && $file->useCdn && $file->cdnVersion != '%__XE_CDN_VERSION__%')
{
$fullFilePath = $file->cdnPrefix . $file->cdnVersion . '/' . substr($file->cdnPath, 2) . '/' . $file->fileName;
}
@ -344,7 +345,7 @@ class FrontEndFileHandler extends Handler
*/
function _normalizeFilePath($path)
{
if(strpos($path, '://') === false && $path{0} != '/' && $path{0} != '.')
if (strpos($path, '://') === false && $path{0} != '/' && $path{0} != '.')
{
$path = './' . $path;
}
@ -371,7 +372,7 @@ class FrontEndFileHandler extends Handler
if(strpos($path, './') === 0)
{
if(dirname($_SERVER['SCRIPT_NAME']) == '/' || dirname($_SERVER['SCRIPT_NAME']) == '\\')
if (dirname($_SERVER['SCRIPT_NAME']) == '/' || dirname($_SERVER['SCRIPT_NAME']) == '\\')
{
$path = '/' . substr($path, 2);
}

8
classes/module/ModuleHandler.class.php
View file

@ -38,6 +38,14 @@
$this->act = Context::get('act');
return;
}
$oContext = Context::getInstance();
if($oContext->isSuccessInit == false)
{
$this->error = 'msg_invalid_request';
return;
}
// Set variables from request arguments
$this->module = $module?$module:Context::get('module');
$this->act = $act?$act:Context::get('act');

56
classes/security/EmbedFilter.class.php
View file

@ -3,6 +3,16 @@ include _XE_PATH_ . 'classes/security/phphtmlparser/src/htmlparser.inc';
class EmbedFilter
{
/**
* allow script access list
* @var array
*/
var $allowscriptaccessList = array();
/**
* allow script access key
* @var int
*/
var $allowscriptaccessKey = 0;
var $whiteUrlXmlFile = './classes/security/conf/embedWhiteUrl.xml';
var $whiteUrlCacheFile = './files/cache/embedfilter/embedWhiteUrl.php';
var $whiteUrlList = array();
@ -285,6 +295,9 @@ class EmbedFilter
*/
function check(&$content)
{
$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
$this->checkObjectTag($content);
$this->checkEmbedTag($content);
$this->checkIframeTag($content);
@ -543,6 +556,49 @@ class EmbedFilter
return false;
}
function _checkAllowScriptAccess($m)
{
if($m[1] == 'object')
{
$this->allowscriptaccessList[] = 1;
}
if($m[1] == 'param')
{
if(strpos(strtolower($m[0]), 'allowscriptaccess'))
{
$m[0] = '<param name="allowscriptaccess" value="never"';
if(substr($m[0], -1) == '/')
{
$m[0] .= '/';
}
$this->allowscriptaccessList[count($this->allowscriptaccessList)-1]--;
}
}
else if($m[1] == 'embed')
{
if(strpos(strtolower($m[0]), 'allowscriptaccess'))
{
$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
}
else
{
$m[0] = preg_replace('/\<embed/i', '<embed allowscriptaccess="never"', $m[0]);
}
}
return $m[0];
}
function _addAllowScriptAccess($m)
{
if($this->allowscriptaccessList[$this->allowscriptaccessKey] == 1)
{
$m[0] = $m[0].'<param name="allowscriptaccess" value="never"></param>';
}
$this->allowscriptaccessKey++;
return $m[0];
}
/**
* Make white domain list cache file from xml config file.
* @return void

43
classes/xml/XmlQueryParser.150.class.php
View file

@ -1,4 +1,8 @@
<?php
/**
* File containing the XE 1.5 XmlQueryParserClass
*/
if(!defined('__XE_LOADED_XML_CLASS__'))
{
define('__XE_LOADED_XML_CLASS__', 1);
@ -30,13 +34,12 @@ if(!defined('__XE_LOADED_XML_CLASS__'))
}
/**
* New XmlQueryParser class
* @author NHN (developers@xpressengine.com)
* @brief case to parse XE xml query
* @version 0.1
* New XmlQueryParser class <br />
* Parses XE XML query files
*
* @todo need to support extend query such as subquery, union
* @todo include info about column types for parsing user input
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml
* @version 0.1
*/
class XmlQueryParser extends XmlParser
{
@ -50,11 +53,12 @@ class XmlQueryParser extends XmlParser
/**
* Create XmlQueryParser instance for Singleton
*
* @return XmlQueryParser object
*/
function &getInstance()
{
static $theInstance = null;
static $theInstance = NULL;
if(!isset($theInstance))
{
$theInstance = new XmlQueryParser();
@ -63,9 +67,16 @@ class XmlQueryParser extends XmlParser
}
/**
* Parses an XML query file
*
* 1. Read xml file<br />
* 2. Check the action<br />
* 3. Parsing and write a cache file<br />
* 3. Parse and write cache file <br />
*
* @param $query_id
* @param $xml_file
* @param $cache_file
*
* @return QueryParser object
*/
function &parse_xml_query($query_id, $xml_file, $cache_file)
@ -85,8 +96,13 @@ class XmlQueryParser extends XmlParser
}
/**
* Query XML file parsing
* @return QueryParser object
* Override for parent "parse" method
*
* @param null $query_id
* @param null $xml_file
* @param null $cache_file
*
* @return void
*/
function parse($query_id = NULL, $xml_file = NULL, $cache_file = NULL)
{
@ -94,8 +110,11 @@ class XmlQueryParser extends XmlParser
}
/**
* Return XML file content
* @return array|NULL Returns a resultant data object or NULL in case of error
* Returns XML file contents as an object
* or NULL in case of error
*
* @param $xml_file
* @return array|NULL
*/
function getXmlFileContent($xml_file)
{

125
classes/xml/xmlquery/DBParser.class.php
View file

@ -1,33 +1,59 @@
<?php
/**
* DBParser class
* @author NHN (developers@xpressengine.com)
* @package /classes/xml/xmlquery
* File containing the DBParser class
*/
/**
* Escapes query statements: <br />
* - column names: member.member_srl =&gt; "member"."member_srl" <br />
* - expressions: SUM(member.member_srl) =&gt; SUM("member"."member_srl") <br />
*
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery
* @version 0.1
*/
class DBParser
{
/**
* Character for escape target value on the left
*
* For example, in CUBRID left and right escape
* chars are the same, the double quote - " <br />
* But for SQL Server, the escape is made with
* [double brackets], so the left and right char differ
*
*
* @var string
*/
var $escape_char_left;
/**
* Character for escape target value on the right
*
* For example, in CUBRID left and right escape
* chars are the same, the double quote - " <br />
* But for SQL Server, the escape is made with
* [double brackets], so the left and right char differ
*
* @var string
*/
var $escape_char_right;
/**
* Table prefix string
*
* Default is "xe_"
*
* @var string
*/
var $table_prefix;
/**
* constructor
* Constructor
*
* @param string $escape_char_left
* @param string $escape_char_right
* @param string $table_prefix
*
* @return void
*/
function DBParser($escape_char_left, $escape_char_right = "", $table_prefix = "xe_")
@ -40,6 +66,7 @@ class DBParser
/**
* Get escape character
*
* @param string $leftOrRight left or right
* @return string
*/
@ -50,17 +77,19 @@ class DBParser
}
/**
* escape the value
* Escape the value
*
* @param mixed $name
* @return string
*/
function escape($name)
{
return $this->escape_char_left . $name . $this->escape_char_right;
}
}
/**
* escape the string value
* Escape the string value
*
* @param string $name
* @return string
*/
@ -70,7 +99,8 @@ class DBParser
}
/**
* escape the string value
* Escape the string value
*
* @param string $value
* @return string
*/
@ -83,7 +113,9 @@ class DBParser
/**
* Return table full name
*
* @param string $name table name without table prefix
*
* @return string table full name with table prefix
*/
function parseTableName($name)
@ -92,8 +124,10 @@ class DBParser
}
/**
* Return colmun name after escape
* Return column name after escape
*
* @param string $name column name before escape
*
* @return string column name after escape
*/
function parseColumnName($name)
@ -102,7 +136,8 @@ class DBParser
}
/**
* Escape column
* Escape column name
*
* @param string $column_name
* @return string column name with db name
*/
@ -120,27 +155,53 @@ class DBParser
}
/**
* Column name is suitable for use in checking
* Checks to see if a given column name is unqualified
*
* Ex: "member_srl" -> unqualified <br />
* "member"."member_srl" -> qualified
*
* @param string $column_name
* @return bool
*/
function isUnqualifiedColumnName($column_name)
{
if(strpos($column_name,'.')===false && strpos($column_name,'(')===false) return true;
return false;
if(strpos($column_name,'.')===FALSE && strpos($column_name,'(')===FALSE) return TRUE;
return FALSE;
}
/**
* Column name is suitable for use in checking
* Checks to see if a given column name is qualified
*
* Ex: "member_srl" -> unqualified <br />
* "member"."member_srl" -> qualified
*
* @param string $column_name
* @return bool
*/
function isQualifiedColumnName($column_name)
{
if(strpos($column_name,'.')!==false && strpos($column_name,'(')===false) return true;
return false;
if(strpos($column_name,'.')!==FALSE && strpos($column_name,'(')===FALSE) return TRUE;
return FALSE;
}
/**
* Escapes a query expression
*
* An expression can be: <br />
* <ul>
* <li> a column name: "member_srl" or "xe_member"."member_srl"
* <li> an expression:
* <ul>
* <li> LEFT(UPPER("content")) <br />
* <li> readed_count + voted_count <br />
* <li> CAST(regdate as DATE) </li>
* </ul>
* </li>
* </ul>
*
* @param $column_name
* @return string
*/
function parseExpression($column_name)
{
$functions = preg_split('/([\+\-\*\/\ ])/', $column_name, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
@ -156,45 +217,47 @@ class DBParser
{
$match = &$matches[$i];
if($match == '(') {$brackets++; continue;}
if(strpos($match,')') !== false) continue;
if(strpos($match,')') !== FALSE) continue;
if(in_array($match, array(',', '.'))) continue;
if($brackets == $total_brackets)
{
if(!is_numeric($match))
if(!is_numeric($match) && !in_array(strtoupper($match), array('UNSIGNED', 'INTEGER', 'AS')))
{
$match = $this->escapeColumnExpression($match);
}
}
}
$function = implode('', $matches);
}
return implode('', $functions);
}
return implode('', $functions);
}
/*
* Checks argument is asterisk
/**
* Checks if a given argument is an asterisk
*
* @param string $column_name
* @return bool
*/
function isStar($column_name)
{
if(substr($column_name,-1) == '*') return true;
return false;
if(substr($column_name,-1) == '*') return TRUE;
return FALSE;
}
/*
/**
* Checks to see if expression is an aggregate star function
* like count(*)
*
* @param string $column_name
* @return bool
*/
function isStarFunction($column_name)
{
if(strpos($column_name, "(*)")!==false) return true;
return false;
if(strpos($column_name, "(*)")!==FALSE) return TRUE;
return FALSE;
}
/*
/**
* Return column name after escape
* @param string $column_name
* @return string
@ -206,9 +269,9 @@ class DBParser
{
return $column_name;
}
if(strpos(strtolower($column_name), 'distinct') !== false) return $column_name;
return $this->escapeColumn($column_name);
}
if(strpos(strtolower($column_name), 'distinct') !== FALSE) return $column_name;
return $this->escapeColumn($column_name);
}
}
/* End of file DBParser.class.php */
/* Location: ./classes/xml/xmlquery/DBParser.class.php */

33
classes/xml/xmlquery/QueryParser.class.php
View file

@ -1,32 +1,46 @@
<?php
/**
* QueryParser class
* @author NHN (developers@xpressengine.com)
* @package /classes/xml/xmlquery
* File containing the QueryParser class
*/
/**
* Parses an XML Object and returns a string used for generating the PHP cache file <br />
* The XML Object structure must be the one defined in the XmlParser class
*
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery
* @version 0.1
*/
class QueryParser
{
/**
* QueryTag object
* Property containing the associated QueryTag object
*
* @var QueryTag object
*/
var $queryTag;
/**
* constructor
* @param object $query
* Constructor
*
* @param object $query XML object obtained after reading the XML Query file
* @param bool $isSubQuery
* @return void
*/
function QueryParser($query = NULL, $isSubQuery = false)
function QueryParser($query = NULL, $isSubQuery = FALSE)
{
if($query)
{
$this->queryTag = new QueryTag($query, $isSubQuery);
}
}
/**
* Return table information
* Returns table information
*
* Used for finding column type info (string/numeric) <br />
* Obtains the table info from XE's XML schema files
*
* @param object $query_id
* @param bool $table_name
* @return array
@ -90,7 +104,8 @@ class QueryParser
}
/**
* Change code string from queryTag object
* Returns the contents for the query cache file
*
* @return string
*/
function toString()

5
classes/xml/xmlquery/argument/Argument.class.php
View file

@ -109,6 +109,7 @@ class Argument
function getUnescapedValue()
{
if($this->value === 'null') return null;
return $this->value;
}
@ -228,8 +229,10 @@ class Argument
function isColumnName()
{
$type = $this->getType();
$value = $this->getUnescapedValue();
if($type == 'column_name') return true;
if($type == 'number' && !is_numeric($this->value) && $this->uses_default_value) return true;
if($type == 'number' && is_null($value)) return false;
if($type == 'number' && !is_numeric($value) && $this->uses_default_value) return true;
return false;
}

13
classes/xml/xmlquery/tags/column/ColumnTag.class.php
View file

@ -1,13 +1,12 @@
<?php
/**
* ColumnTag class
* Models the <column> tag inside an XML Query file
* Since the <column> tag supports different attributes depending on
* Models the &lt;column&gt; tag inside an XML Query file <br />
* Since the &lt;column&gt; tag supports different attributes depending on
* the type of query (select, update, insert, delete) this is only
* the base class for the classes that will model each type <column> tag.
* the base class for the classes that will model each type <column> tag.
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class ColumnTag
@ -19,7 +18,7 @@ class ColumnTag
var $name;
/**
* constructor
* Constructor
* @param string $name
* @return void
*/

26
classes/xml/xmlquery/tags/column/InsertColumnTag.class.php
View file

@ -1,23 +1,25 @@
<?php
/**
* InsertColumnTag
* Models the <column> tag inside an XML Query file whose action is 'insert'
* Models the &lt;column&gt; tag inside an XML Query file whose action is 'insert'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class InsertColumnTag extends ColumnTag
{
/**
* argument
* Argument
*
* @var QueryArgument object
*/
var $argument;
/**
* constructor
* Constructor
*
* @param object $column
*
* @return void
*/
function InsertColumnTag($column)
@ -28,6 +30,13 @@ class InsertColumnTag extends ColumnTag
$this->argument = new QueryArgument($column);
}
/**
* Returns the string to be output in the cache file
* used for instantiating an InsertExpression when a
* query is executed
*
* @return string
*/
function getExpressionString()
{
return sprintf('new InsertExpression(\'%s\', ${\'%s_argument\'})'
@ -35,6 +44,11 @@ class InsertColumnTag extends ColumnTag
, $this->argument->argument_name);
}
/**
* Returns the QueryArgument object associated with this INSERT statement
*
* @return QueryArgument
*/
function getArgument()
{
return $this->argument;

22
classes/xml/xmlquery/tags/column/InsertColumnTagWithoutArgument.class.php
View file

@ -1,16 +1,16 @@
<?php
/**
* InsertColumnTagWithoutArgument
* Models the <column> tag inside an XML Query file whose action is 'insert-select'
* Models the &lt;column&gt; tag inside an XML Query file whose action is 'insert-select'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class InsertColumnTagWithoutArgument extends ColumnTag
{
/**
* constructor
* Constructor
*
* @param object $column
* @return void
*/
@ -21,14 +21,24 @@ class InsertColumnTagWithoutArgument extends ColumnTag
$this->name = $dbParser->parseColumnName($this->name);
}
/**
* Returns the string to be output in the cache file
*
* @return string
*/
function getExpressionString()
{
return sprintf('new Expression(\'%s\')', $this->name);
}
/**
* Returns the QueryArgument object associated with this INSERT statement
*
* @return null
*/
function getArgument()
{
return null;
return NULL;
}
}

13
classes/xml/xmlquery/tags/column/InsertColumnsTag.class.php
View file

@ -1,22 +1,23 @@
<?php
/**
* InsertColumnsTag class
* Models the <column> tag inside an XML Query file whose action is 'insert'
* Models the &lt;columns&gt; tag inside an XML Query file whose action is 'insert'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class InsertColumnsTag
{
/**
* Column list
*
* @var array value is InsertColumnTag object
*/
var $columns;
/**
* constructor
* Constructor
*
* @param array|string $xml_columns
* @return void
*/
@ -39,6 +40,7 @@ class InsertColumnsTag
/**
* InsertColumnTag object to string
*
* @return string
*/
function toString()
@ -55,6 +57,7 @@ class InsertColumnsTag
/**
* Return argument list
*
* @return array
*/
function getArguments()

33
classes/xml/xmlquery/tags/column/SelectColumnTag.class.php
View file

@ -1,27 +1,30 @@
<?php
/**
* SelectColumnTag
* Models the <column> tag inside an XML Query file whose action is 'select'
* Models the &lt;column&gt; tag inside an XML Query file whose action is 'select'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class SelectColumnTag extends ColumnTag
{
/**
* alias
* Column alias
*
* @var string
*/
var $alias;
/**
* click count status
* Click count status
*
* @var bool
*/
var $click_count;
/**
* constructor
* Constructor
*
* @param string|object $column
* @return void
*/
@ -43,15 +46,27 @@ class SelectColumnTag extends ColumnTag
}
}
/**
* Returns the string to be output in the cache file
*
* A select column tag in an XML query can be used for:
* <ul>
* <li> a star expression: SELECT *
* <li> a click count expression: SELECT + UPDATE
* <li> any other select expression (column name, function call etc). </li>
* </ul>
*
* @return string
*/
function getExpressionString()
{
if($this->name == '*') return "new StarExpression()";
if($this->click_count)
return sprintf('new ClickCountExpression(%s, %s, $args->%s)', $this->name, $this->alias,$this->click_count);
return sprintf('new ClickCountExpression(\'%s\', %s, $args->%s)', $this->name, $this->alias ? '\'' . $this->alias . '\'' : "''",$this->click_count);
if(strpos($this->name, '$') === 0)
return sprintf('new SelectExpression($args->%s)', substr($this->name, 1));
$dbParser = DB::getParser();
return sprintf('new SelectExpression(\'%s\'%s)', $this->name, $this->alias ? ', \''.$dbParser->escape($this->alias) .'\'': '');
return sprintf('new SelectExpression(\'%s\'%s)', $this->name, $this->alias ? ', \''.$dbParser->escape($this->alias) .'\'': '');
}
}
/* End of file SelectColumnTag.class.php */

19
classes/xml/xmlquery/tags/column/SelectColumnsTag.class.php
View file

@ -1,22 +1,25 @@
<?php
/**
* SelectColumnTag class
* Models the &lt;columns&gt; tag inside an XML Query file whose action is 'select'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class SelectColumnsTag
{
/**
* Column list
*
* @var array value is SelectColumnTag object
*/
var $columns;
/**
* constructor
* @param Xml_Node_ $xml_columns
* Constructor
*
* @param $xml_columns_tag
* @internal param \Xml_Node_ $xml_columns
* @return void
*/
function SelectColumnsTag($xml_columns_tag)
@ -52,12 +55,13 @@ class SelectColumnsTag
foreach($xml_queries as $column)
{
$this->columns[] = new QueryTag($column, true);
$this->columns[] = new QueryTag($column, TRUE);
}
}
/**
* SelectColumnTag object to string
* Returns the string to be output in the cache file
*
* @return string
*/
function toString()
@ -77,6 +81,7 @@ class SelectColumnsTag
/**
* Return argument list
*
* @return array
*/
function getArguments()

37
classes/xml/xmlquery/tags/column/UpdateColumnTag.class.php
View file

@ -1,46 +1,55 @@
<?php
/**
* UpdateColumnTag
* Models the <column> tag inside an XML Query file whose action is 'update'
* Models the &lt;column&gt; tag inside an XML Query file whose action is 'update'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class UpdateColumnTag extends ColumnTag
{
/**
* argument
* Argument
*
* @var QueryArgument object
*/
var $argument;
/**
* default value
* Default value
*
* @var string
*/
var $default_value;
/**
* constructor
* Constructor
*
* @param object $column
* @return void
*/
function UpdateColumnTag($column)
{
parent::ColumnTag($column->attrs->name);
$dbParser = DB::getParser();
$this->name = $dbParser->parseColumnName($this->name);
if($column->attrs->var)
$this->argument = new QueryArgument($column);
else
{
if(strpos($column->attrs->default, '.') !== false)
if(strpos($column->attrs->default, '.') !== FALSE)
{
$this->default_value = "'" . $dbParser->parseColumnName($column->attrs->default) . "'";
}
else
{
$default_value = new DefaultValue($this->name, $column->attrs->default);
if($default_value->isOperation())
$this->argument = new QueryArgument($column, true);
{
$this->argument = new QueryArgument($column, TRUE);
}
//else $this->default_value = $dbParser->parseColumnName($column->attrs->default);
else
{
@ -58,6 +67,11 @@ class UpdateColumnTag extends ColumnTag
}
}
/**
* Returns the string to be output in the cache file
*
* @return string
*/
function getExpressionString()
{
if($this->argument)
@ -74,6 +88,11 @@ class UpdateColumnTag extends ColumnTag
}
}
/**
* Returns the Argument associated with this update statement
*
* @return QueryArgument
*/
function getArgument()
{
return $this->argument;

17
classes/xml/xmlquery/tags/column/UpdateColumnsTag.class.php
View file

@ -1,23 +1,24 @@
<?php
/**
* UpdateColumnsTag
* Models the <column> tag inside an XML Query file whose action is 'update'
* Models the &lt;columns&gt; tag inside an XML Query file whose action is 'update'
*
* @author Arnia Software
* @package /classes/xml/xmlquery/tags/column
* @author Corina Udrescu (corina.udrescu@arnia.ro)
* @package classes\xml\xmlquery\tags\column
* @version 0.1
*/
class UpdateColumnsTag
{
/**
* Column list
*
* @var array value is UpdateColumnTag object
*/
var $columns;
/**
* constructor
* @param array|string $xml_columns
* Constructor
*
* @param array|object $xml_columns
* @return void
*/
function UpdateColumnsTag($xml_columns)
@ -34,7 +35,8 @@ class UpdateColumnsTag
}
/**
* UpdateColumnTag object to string
* Returns the string to be output in the cache file
*
* @return string
*/
function toString()
@ -51,6 +53,7 @@ class UpdateColumnsTag
/**
* Return argument list
*
* @return array
*/
function getArguments()

38
config/func.inc.php
View file

@ -845,7 +845,7 @@ function removeHackTag($content)
purifierHtml($content);
// change the specific tags to the common texts
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*)[\w\s>])@i', '&lt;$1', $content);
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*).*?>)@i', '&lt;$1', $content);
/**
* Remove codes to abuse the admin session in src by tags of imaages and video postings
@ -853,7 +853,7 @@ function removeHackTag($content)
*/
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)($|>|<)@i', 'removeSrcHack', $content);
// xmp tag ?•ì<EFBFBD>¸ ë°?추ê?
// xmp tag ?뺤씤 è«??°ë¶½?
$content = checkXmpTag($content);
return $content;
}
@ -887,7 +887,7 @@ function removeSrcHack($match)
{
$tag = strtolower($match[2]);
// xmp tag ?•ë¦¬
// xmp tag ?뺣â”<EFBFBD>
if($tag=='xmp') return "<{$match[1]}xmp>";
if($match[1]) return $match[0];
if($match[4]) $match[4] = ' '.$match[4];
@ -1223,6 +1223,38 @@ function requirePear()
}
}
function checkCSRF()
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
return false;
}
$defaultUrl = Context::getDefaultUrl();
$referer = parse_url($_SERVER["HTTP_REFERER"]);
$oModuleModel = &getModel('module');
$siteModuleInfo = $oModuleModel->getDefaultMid();
if($siteModuleInfo->site_srl == 0)
{
if(!strstr(strtolower($defaultUrl), strtolower($referer['host'])))
{
return false;
}
}
else
{
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
if(strtolower($virtualSiteInfo->domain) != strtolower(Context::get('vid')) && !strstr(strtolower($virtualSiteInfo->domain), strtolower($referer['host'])))
{
return false;
}
}
return true;
}
/**
* Print raw html header
*

2
layouts/xe_official/conf/info.xml
View file

@ -210,7 +210,7 @@
<title xml:lang="ge">Top Menü</title>
<title xml:lang="ru">Верхнее меню</title>
<title xml:lang="es">Menú Principal</title>
<title xml:lang="vi">Menu trên</title>
<title xml:lang="vi">Menu trên</title>
<title xml:lang="tr">Ana Menü</title>
</menu>
</menus>

2
modules/comment/comment.item.php
View file

@ -353,7 +353,7 @@ class commentItem extends Object
if(!$this->get('uploaded_count')) return;
$oFileModel = &getModel('file');
$file_list = $oFileModel->getFiles($this->comment_srl, $is_admin);
$file_list = $oFileModel->getFiles($this->comment_srl, array(), 'file_srl', true);
return $file_list;
}

3
modules/document/document.admin.view.php
View file

@ -62,6 +62,9 @@ class documentAdminView extends document
Context::set('status_name_list', $statusNameList);
Context::set('page_navigation', $output->page_navigation);
$oSecurity = new Security();
$oSecurity->encodeHTML('document_list..variables.');
// set a search option used in the template
$count_search_option = count($this->search_option);
for($i=0;$i<$count_search_option;$i++)

15
modules/document/document.controller.php
View file

@ -184,6 +184,11 @@ class documentController extends document
*/
function insertDocument($obj, $manual_inserted = false, $isRestore = false, $isLatest = true)
{
if(!checkCSRF())
{
return new Object(-1, 'msg_invalid_request');
}
// begin transaction
$oDB = &DB::getInstance();
$oDB->begin();
@ -327,6 +332,11 @@ class documentController extends document
*/
function updateDocument($source_obj, $obj)
{
if(!checkCSRF())
{
return new Object(-1, 'msg_invalid_request');
}
if(!$source_obj->document_srl || !$obj->document_srl) return new Object(-1,'msg_invalied_request');
if(!$obj->status && $obj->is_secret == 'Y') $obj->status = 'SECRET';
if(!$obj->status) $obj->status = 'PUBLIC';
@ -1975,6 +1985,11 @@ class documentController extends document
set_time_limit(0);
if(!Context::get('is_logged')) return new Object(-1,'msg_not_permitted');
if(!checkCSRF())
{
return new Object(-1, 'msg_invalid_request');
}
$type = Context::get('type');
$target_module = Context::get('target_module');
$module_srl = Context::get('module_srl');

4
modules/document/document.item.php
View file

@ -754,7 +754,7 @@ class documentItem extends Object
if($this->get('uploaded_count'))
{
$oFileModel = &getModel('file');
$file_list = $oFileModel->getFiles($this->document_srl);
$file_list = $oFileModel->getFiles($this->document_srl, array(), 'file_srl', true);
if(count($file_list))
{
foreach($file_list as $file)
@ -910,7 +910,7 @@ class documentItem extends Object
if(!$this->uploadedFiles[$sortIndex])
{
$oFileModel = &getModel('file');
$this->uploadedFiles[$sortIndex] = $oFileModel->getFiles($this->document_srl, array(), $sortIndex);
$this->uploadedFiles[$sortIndex] = $oFileModel->getFiles($this->document_srl, array(), $sortIndex, true);
}
return $this->uploadedFiles[$sortIndex];

2
modules/editor/tpl/js/uploader.js
View file

@ -142,7 +142,7 @@ function _true(){ return true };
defaultHandlers = {
onFileQueued : _true,
onFileQueueError : function(flie, errorCode, message) {
onFileQueueError : function(file, errorCode, message) {
try {
switch(errorCode) {
case SWFUpload.QUEUE_ERROR.QUEUE_LIMIT_EXCEEDED :

3
modules/file/file.model.php
View file

@ -188,10 +188,11 @@ class fileModel extends file
* @param string $sortIndex The column that used as sort index
* @return array Returns array of object that contains file information. If no result returns null.
*/
function getFiles($upload_target_srl, $columnList = array(), $sortIndex = 'file_srl')
function getFiles($upload_target_srl, $columnList = array(), $sortIndex = 'file_srl', $ckValid = false)
{
$args->upload_target_srl = $upload_target_srl;
$args->sort_index = $sortIndex;
if($ckValid) $args->isvalid = 'Y';
$output = executeQuery('file.getFiles', $args, $columnList);
if(!$output->data) return;

1
modules/file/queries/getFiles.xml
View file

@ -4,6 +4,7 @@
</tables>
<conditions>
<condition operation="equal" column="upload_target_srl" var="upload_target_srl" filter="number" notnull="notnull" />
<condition operation="equal" column="isvalid" var="isvalid" pipe="and" />
</conditions>
<navigation>
<index var="sort_index" defualt="source_filename" order="asc" />

2
modules/install/install.admin.controller.php
View file

@ -188,7 +188,7 @@ class installAdminController extends install
foreach($ftp_info as $key => $val)
{
if(!$val) continue;
if(preg_match('/(<\?|<\?php|\?>)/xsm', preg_replace('/\s/', '', $val)))
if(preg_match('/(<\?|<\?php|\?>|fputs|fopen|fwrite|fgets|fread|\/\*|\*\/|chr\()/xsm', preg_replace('/\s/', '', $val)))
{
continue;
}

2
modules/integration_search/skins/default/header.html
View file

@ -11,8 +11,6 @@
<!--%import("white.css")-->
<!--@end-->
<!--%import("is.js")-->
<div id="spot">
<form action="{getUrl()}" method="post" class="search" id="fo_is" no-error-return-url="true" >
<input type="hidden" name="mid" value="{$mid}" />

12
modules/member/member.admin.controller.php
View file

@ -636,6 +636,18 @@ class memberAdminController extends member
{
$args->default_value = '';
}
// Check ID duplicated
$oMemberModel = &getModel('member');
$config = $oMemberModel->getMemberConfig();
foreach($config->signupForm as $item)
{
if($item->name == $args->column_name)
{
if($args->member_join_form_srl && $args->member_join_form_srl == $item->member_join_form_srl) continue;
return new Object(-1,'msg_exists_user_id');
}
}
// Fix if member_join_form_srl exists. Add if not exists.
$isInsert;
if(!$args->member_join_form_srl)

10
modules/member/member.admin.model.php
View file

@ -265,6 +265,16 @@ class memberAdminModel extends member
Context::set('formInfo', $output->data);
}
$oMemberModel = &getModel('member');
$config = $oMemberModel->getMemberConfig();
foreach($config->signupForm as $item)
{
$list[] = $item->name;
}
$id_list = implode(',',$list);
Context::set('id_list',$id_list);
$oTemplate = &TemplateHandler::getInstance();
$tpl = $oTemplate->compile($this->module_path.'tpl', 'insert_join_form');

4
modules/member/member.controller.php
View file

@ -1072,7 +1072,7 @@ class memberController extends member
}
// Get content of the email to send a member
Context::set('auth_args', $auth_args);
Context::set('member_info', $member_info);
Context::set('memberInfo', $member_info);
$oModuleModel = &getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
@ -1134,7 +1134,7 @@ class memberController extends member
if(!$output->data || !$output->data[0]->auth_key) return new Object(-1, 'msg_invalid_request');
$auth_info = $output->data[0];
// Get content of the email to send a member
Context::set('member_info', $memberInfo);
Context::set('memberInfo', $memberInfo);
$oModuleModel = &getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
if(!$member_config->skin) $member_config->skin = "default";

2
modules/member/queries/getMemberInfoByEmailAddress.xml
View file

@ -6,6 +6,6 @@
<column name="*" />
</columns>
<conditions>
<condition operation="equal" column="email_address" var="email_address" notnull="notnull" />
<condition operation="equal" column="lower(email_address)" var="email_address" notnull="notnull" />
</conditions>
</query>

2
modules/member/tpl/insert_join_form.html
View file

@ -1,3 +1,5 @@
<input type="hidden" name="join_form_id_list" value="{$id_list}" />
<input type="hidden" name="old_column_id" value="{$formInfo->column_name}" />
<input type="hidden" name="member_join_form_srl" value="{$formInfo->member_join_form_srl}" />
<div class="x_modal-header">
<h1>{$lang->cmd_input_extend_form}</h1>

13
modules/member/tpl/js/signup_config.js
View file

@ -191,5 +191,18 @@ jQuery(function($){
// add sticky class
}
});
$('#userDefine form').submit(function(e) {
var id_list = $(this).find('input[name=join_form_id_list]').val();
var id_list_arr = id_list.split(',');
var column_id = $(this).find('input[name=column_id]').val();
var old_column_id = $(this).find('input[name=old_column_id]').val();
if($.inArray(column_id, id_list_arr) > -1 && column_id != old_column_id) {
alert(xe.lang.msg_exists_user_id);
return false;
}
else return true;
});
});

1
modules/member/tpl/signup_config.html
View file

@ -7,6 +7,7 @@
xe.lang.cmd_delete = '{$lang->cmd_delete}';
xe.lang.msg_null_prohibited_id = '{$lang->msg_null_prohibited_id}';
xe.lang.msg_null_prohibited_nick_name = '{$lang->msg_null_prohibited_nick_name}';
xe.lang.msg_exists_user_id= '{$lang->msg_exists_user_id}';
</script>
<form action="./" class="x_form-horizontal" method="post">
<input type="hidden" name="module" value="member" />

2
modules/menu/menu.admin.controller.php
View file

@ -1610,6 +1610,7 @@ class menuAdminController extends menu
$xml_buff = sprintf(
'<?php '.
'define(\'__ZBXE__\', true); '.
'define(\'__XE__\', true); '.
'require_once(\''.FileHandler::getRealPath('./config/config.inc.php').'\'); '.
'$oContext = &Context::getInstance(); '.
'$oContext->init(); '.
@ -1631,6 +1632,7 @@ class menuAdminController extends menu
$php_buff = sprintf(
'<?php '.
'if(!defined("__ZBXE__")) exit(); '.
'if(!defined("__XE__")) exit(); '.
'%s; '.
'%s; '.
'$menu->list = array(%s); '.

6
modules/widget/widget.controller.php
View file

@ -127,7 +127,7 @@ class widgetController extends widget
if(in_array($group_srl, $manager_group)) $is_admin = true;
}
}
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_infoi->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
// Enter post
$oDocumentModel = &getModel('document');
$oDocumentController = &getController('document');
@ -185,7 +185,7 @@ class widgetController extends widget
if(in_array($group_srl, $manager_group)) $is_admin = true;
}
}
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_infoi->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
$output = $oDocumentAdminController->copyDocumentModule(array($oDocument->get('document_srl')), $oDocument->get('module_srl'),0);
if(!$output->toBool()) return $output;
@ -225,7 +225,7 @@ class widgetController extends widget
if(in_array($group_srl, $manager_group)) $is_admin = true;
}
}
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_infoi->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted');
$output = $oDocumentController->deleteDocument($oDocument->get('document_srl'), true);
if(!$output->toBool()) return $output;

1
tests/classes/db/config/config.inc.php
View file

@ -36,6 +36,7 @@
require_once(_XE_PATH_.'classes/db/queryparts/expression/InsertExpression.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/expression/UpdateExpression.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/expression/UpdateExpressionWithoutArgument.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/expression/ClickCountExpression.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/table/Table.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/table/JoinTable.class.php');
require_once(_XE_PATH_.'classes/db/queryparts/table/CubridTableWithHint.class.php');

8
tests/classes/db/db/DBTest.php
View file

@ -20,8 +20,12 @@ class DBTest extends PHPUnit_Framework_TestCase {
$querySql = $db->{$methodName}($output);
// Remove whitespaces, tabs and all
$querySql = Helper::cleanString($querySql);
$expected = Helper::cleanString($expected);
if(is_a($querySql, 'Object'))
{
$querySql = $querySql->getMessage();
}
$querySql = Helper::cleanString($querySql);
$expected = Helper::cleanString($expected);
}
$this->assertEquals($expected, $querySql);
}

13
tests/classes/db/db/xml_query/cubrid/CubridSelectTest.php
View file

@ -439,6 +439,17 @@
$argsString = '$args->package_srl = 18325662;';
$expectedArgs = array(18325662);
$this->_testPreparedQuery($xml_file, $argsString, $expected, 'getSelectSql', $expectedArgs);
}
}
/**
* Issue 1431 - xml click count error
*/
function testClickCount()
{
$xml_file = _TEST_PATH_ . "db/xml_query/mysql/data/click_count.xml";
$argsString = '$args->incr_expose_count = true;';
$expected = 'select INCR("expose_count") from "xe_modules" as "modules"';
$this->_test($xml_file, $argsString, $expected);
}
}

8
tests/classes/db/db/xml_query/cubrid/data/click_count.xml Normal file
View file

@ -0,0 +1,8 @@
<query id="getNewestDocuments" action="select">
<tables>
<table name="modules" />
</tables>
<columns>
<column name="expose_count" click_count="incr_expose_count"/>
</columns>
</query>

35
tests/classes/db/db/xml_query/mysql/MysqlSelectTest.php
View file

@ -380,4 +380,37 @@ class MysqlSelectTest extends MysqlTest {
limit 5";
$this->_test($xml_file, $argsString, $expected);
}
}
/**
* Add support for CAST / CONVERT function
*/
function testCast()
{
$xml_file = _TEST_PATH_ . "db/xml_query/mysql/data/cast.xml";
$argsString = '';
$expected = "select cast(`document_srl` as unsigned integer) from `xe_documents` as `documents`";
$this->_test($xml_file, $argsString, $expected);
}
/**
* Add support for CAST / CONVERT function
*/
function testConvert()
{
$xml_file = _TEST_PATH_ . "db/xml_query/mysql/data/convert.xml";
$argsString = '';
$expected = "select convert(`document_srl`, unsigned integer) from `xe_documents` as `documents`";
$this->_test($xml_file, $argsString, $expected);
}
/**
* Issue 1431 - xml click count error
*/
function testClickCount()
{
$xml_file = _TEST_PATH_ . "db/xml_query/mysql/data/click_count.xml";
$argsString = '$args->incr_expose_count = true;';
$expected = "select `expose_count` from `xe_modules` as `modules`";
$this->_test($xml_file, $argsString, $expected);
}
}

8
tests/classes/db/db/xml_query/mysql/data/cast.xml Normal file
View file

@ -0,0 +1,8 @@
<query id="getDocumentListWithinComment" action="select">
<tables>
<table name="documents" alias="documents" />
</tables>
<columns>
<column name="CAST(document_srl as UNSIGNED INTEGER)" />
</columns>
</query>

8
tests/classes/db/db/xml_query/mysql/data/click_count.xml Normal file
View file

@ -0,0 +1,8 @@
<query id="getNewestDocuments" action="select">
<tables>
<table name="modules" />
</tables>
<columns>
<column name="expose_count" click_count="incr_expose_count"/>
</columns>
</query>

8
tests/classes/db/db/xml_query/mysql/data/convert.xml Normal file
View file

@ -0,0 +1,8 @@
<query id="getDocumentListWithinComment" action="select">
<tables>
<table name="documents" alias="documents" />
</tables>
<columns>
<column name="CONVERT(document_srl, UNSIGNED INTEGER)" />
</columns>
</query>

5
tests/classes/frontendfile/FrontEndFileHandlerTest.php
View file

@ -4,6 +4,7 @@ if(!defined('__XE__')) require dirname(__FILE__).'/../../Bootstrap.php';
require_once _XE_PATH_.'classes/handler/Handler.class.php';
require_once _XE_PATH_.'classes/frontendfile/FrontEndFileHandler.class.php';
require_once _XE_PATH_.'classes/file/FileHandler.class.php';
class FrontEndFileHandlerTest extends PHPUnit_Framework_TestCase
@ -16,12 +17,12 @@ class FrontEndFileHandlerTest extends PHPUnit_Framework_TestCase
$handler = new FrontEndFileHandler();
// js(head)
$handler->loadFile(array('./common/js/jquery.js'));
$handler->loadFile(array('./common/js/jquery.min.js'));
$handler->loadFile(array('./common/js/js_app.js'));
$handler->loadFile(array('./common/js/common.js'));
$handler->loadFile(array('./common/js/xml_handler.js'));
$handler->loadFile(array('./common/js/xml_js_filter.js'));
$expected[] = array('file' => '/xe/common/js/jquery.js', 'targetie' => '');
$expected[] = array('file' => '/xe/common/js/js_app.js', 'targetie' => '');
$expected[] = array('file' => '/xe/common/js/common.js', 'targetie' => '');