From 92332c8ebb05f02c63d7bf884f6c05275c30c8a4 Mon Sep 17 00:00:00 2001 From: devjin Date: Fri, 27 May 2011 06:03:31 +0000 Subject: [PATCH 1/2] merge 1.4.5.7 git-svn-id: http://xe-core.googlecode.com/svn/trunk@8398 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- classes/db/DB.class.php | 9 + classes/db/DBCubrid.class.php | 8 +- classes/db/DBFirebird.class.php | 3 +- classes/db/DBMssql.class.php | 5 +- classes/db/DBMysql.class.php | 6 +- classes/db/DBPostgresql.class.php | 10 +- classes/db/DBSqlite2.class.php | 8 +- classes/db/DBSqlite3_pdo.class.php | 4 +- common/lang/zh-TW.lang.php | 4 +- config/config.inc.php | 2 +- .../welcome_content_zh-TW.html | 16 +- modules/member/lang/zh-TW.lang.php | 481 +++++++++--------- 12 files changed, 286 insertions(+), 270 deletions(-) diff --git a/classes/db/DB.class.php b/classes/db/DB.class.php index 67f860af1..8b682404f 100644 --- a/classes/db/DB.class.php +++ b/classes/db/DB.class.php @@ -694,5 +694,14 @@ return $arr; } + + /** + * @brief Just like numbers, and operations needed to remove the rest + **/ + function _filterNumber(&$value) + { + $value = preg_replace('/[^\d\w\+\-\*\/\.\(\)]/', '', $value); + if(!$value) $value = 0; + } } ?> diff --git a/classes/db/DBCubrid.class.php b/classes/db/DBCubrid.class.php index 2de93e28e..e8d349aa9 100644 --- a/classes/db/DBCubrid.class.php +++ b/classes/db/DBCubrid.class.php @@ -679,9 +679,7 @@ } } } - elseif (!$value || is_numeric ($value)) { - $value = (int) $value; - } + else $this->_filterNumber(&$value); $column_list[] = '"'.$name.'"'; $value_list[] = $value; @@ -734,9 +732,7 @@ $check_column = false; $value = "'".$this->addQuotes ($value)."'"; } - elseif (!$value || is_numeric ($value)) { - $value = (int) $value; - } + else $this->_filterNumber(&$value); $column_list[] = sprintf ("\"%s\" = %s", $name, $value); } diff --git a/classes/db/DBFirebird.class.php b/classes/db/DBFirebird.class.php index 12ab747a4..e7ee592fe 100644 --- a/classes/db/DBFirebird.class.php +++ b/classes/db/DBFirebird.class.php @@ -706,7 +706,8 @@ } else if($output->column_type[$name]!='number') { // if(!$value) $value = 'null'; - } elseif(!$value || is_numeric($value)) $value = (int)$value; + } + else $this->_filterNumber(&$value); $column_list[] = '"'.$name.'"'; $value_list[] = $value; diff --git a/classes/db/DBMssql.class.php b/classes/db/DBMssql.class.php index 13651a35a..0d5055759 100644 --- a/classes/db/DBMssql.class.php +++ b/classes/db/DBMssql.class.php @@ -548,6 +548,8 @@ } elseif(!$value){ $value = ''; } + // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 + else $this->_filterNumber(&$value); $column_list[] = '['.$name.']'; $value_list[] = '?'; @@ -591,10 +593,9 @@ $column_list[] = sprintf("[%s] = ?", $name); }else{ if(!$value) $value = ''; + $this->_filterNumber(&$value); $column_list[] = sprintf("[%s] = %s", $name, $value); } - - } } diff --git a/classes/db/DBMysql.class.php b/classes/db/DBMysql.class.php index 8a5072850..7e5be0f3e 100644 --- a/classes/db/DBMysql.class.php +++ b/classes/db/DBMysql.class.php @@ -455,7 +455,9 @@ } } - } elseif(!$value || is_numeric($value)) $value = (int)$value; + } + //elseif(!$value || is_numeric($value)) $value = (int)$value; + else $this->_filterNumber(&$value); $column_list[] = '`'.$name.'`'; $value_list[] = $value; @@ -482,7 +484,7 @@ if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; - elseif(!$value || is_numeric($value)) $value = (int)$value; + else $this->_filterNumber(&$value); $column_list[] = sprintf("`%s` = %s", $name, $value); } diff --git a/classes/db/DBPostgresql.class.php b/classes/db/DBPostgresql.class.php index 308b495b4..88264e9c6 100644 --- a/classes/db/DBPostgresql.class.php +++ b/classes/db/DBPostgresql.class.php @@ -581,8 +581,10 @@ class DBPostgresql extends DB $value = "'" . $this->addQuotes($value) . "'"; if (!$value) $value = 'null'; - } elseif (!$value || is_numeric($value)) - $value = (int)$value; + } + // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 + // elseif (!$value || is_numeric($value)) $value = (int)$value; + else $this->_filterNumber(&$value); $column_list[] = $name; $value_list[] = $value; @@ -615,8 +617,8 @@ class DBPostgresql extends DB else { if ($output->column_type[$name] != 'number') $value = "'" . $this->addQuotes($value) . "'"; - elseif (!$value || is_numeric($value)) - $value = (int)$value; + // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 + else $this->_filterNumber(&$value); $column_list[] = sprintf("%s = %s", $name, $value); } diff --git a/classes/db/DBSqlite2.class.php b/classes/db/DBSqlite2.class.php index 833628ad8..eb1cd6bbc 100644 --- a/classes/db/DBSqlite2.class.php +++ b/classes/db/DBSqlite2.class.php @@ -430,7 +430,10 @@ if($output->column_type[$name]!='number') { $value = "'".$this->addQuotes($value)."'"; if(!$value) $value = 'null'; - } elseif(!$value || is_numeric($value)) $value = (int)$value; + } + // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 + // elseif(!$value || is_numeric($value)) $value = (int)$value; + else $this->_filterNumber(&$value); $column_list[] = $name; $value_list[] = $value; @@ -460,7 +463,8 @@ if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; - elseif(!$value || is_numeric($value)) $value = (int)$value; + // sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환 + else $this->_filterNumber(&$value); $column_list[] = sprintf("%s = %s", $name, $value); } diff --git a/classes/db/DBSqlite3_pdo.class.php b/classes/db/DBSqlite3_pdo.class.php index 83ebfcddc..d641876b3 100644 --- a/classes/db/DBSqlite3_pdo.class.php +++ b/classes/db/DBSqlite3_pdo.class.php @@ -462,7 +462,7 @@ if($output->column_type[$name]!='number') $val_list[] = $this->addQuotes($value); else { - if(!$value || is_numeric($value)) $value = (int)$value; + $this->_filterNumber(&$value); $val_list[] = $value; } @@ -499,7 +499,7 @@ if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'"; - elseif(!$value || is_numeric($value)) $value = (int)$value; + else $this->_filterNumber(&$value); $column_list[] = sprintf("%s = %s", $name, $value); } diff --git a/common/lang/zh-TW.lang.php b/common/lang/zh-TW.lang.php index 6df968a76..0beedddb9 100644 --- a/common/lang/zh-TW.lang.php +++ b/common/lang/zh-TW.lang.php @@ -255,6 +255,7 @@ $lang->confirm_submit = '確定要送出嗎?'; $lang->confirm_logout = '確定要登出嗎?'; $lang->confirm_vote = '確定要推薦嗎?'; $lang->confirm_delete = '確定要刪除嗎?'; +$lang->confirm_restore = '確定要復原嗎?'; $lang->confirm_move = '確定要移動嗎?'; $lang->confirm_reset = '確定要重置嗎?'; $lang->confirm_leave = '確定要退出嗎?'; @@ -305,7 +306,6 @@ $lang->ftp_path_title = '請輸入 FTP 路經'; $lang->msg_ftp_installed_realpath = 'XE絕對路經'; $lang->msg_ftp_installed_ftp_realpath = 'XE的 FTP 絕對路經'; - // 在 xml filter 中所使用的 JavaScript 警告訊息 $lang->filter->isnull = '請輸入%s'; $lang->filter->outofrange = '請確認%s字數'; @@ -320,5 +320,5 @@ $lang->filter->invalid_alpha_number = '%s只能輸入英文或數字'; $lang->filter->invalid_number = '%s只能輸入數字'; $lang->security_warning_embed = "由於安全的關係,管理員無法檢視嵌入的物件。
請使用其他非管理員帳號檢視。"; -$lang->msg_pc_to_mobile = '이 페이지는 모바일 보기가 있습니다. 모바일 보기로 이동하시겠습니까?'; +$lang->msg_pc_to_mobile = '此頁面有手機頁面,要移至手機頁面嗎?'; ?> \ No newline at end of file diff --git a/config/config.inc.php b/config/config.inc.php index 00078c0b6..bf7de570b 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -13,7 +13,7 @@ * @brief XE의 전체 버전 표기 * 이 파일의 수정이 없더라도 공식 릴리즈시에 수정되어 함께 배포되어야 함 **/ - define('__ZBXE_VERSION__', '1.4.5.5'); + define('__ZBXE_VERSION__', '1.4.5.7'); /** * @brief zbXE가 설치된 장소의 base path를 구함 diff --git a/modules/install/script/welcome_content/welcome_content_zh-TW.html b/modules/install/script/welcome_content/welcome_content_zh-TW.html index b88945202..e00809f42 100644 --- a/modules/install/script/welcome_content/welcome_content_zh-TW.html +++ b/modules/install/script/welcome_content/welcome_content_zh-TW.html @@ -1,26 +1,26 @@
-

XE core '{$version}' has been successfully installed!

-

We recommend you to delete this demo page before launching the site.
Please check the following list to verify whether the installation has been properly completed.
You can see all the components on the administration page.

+

XE core '{$version}'

+

ءߢ
?
ʦη̸졣

  1. - When the layout has been successfully installed, you can see the screen containing a header, a content body, and a footer. + ͪ ʦ̸ Ү ڭ
  2. - When Menu module has been successfully installed, you can see both global and local navigations. + Ӥټ ʦ̸ ӤӤ
  3. - When Integrated Search module has been successfully installed, you can see the search form. + ټ ʦ̸ ?
  4. - When Login widget has been successfully installed, you can see the login form. + Login widget ʦ̸ ?
  5. - When Page module has been successfully installed, you see this page. + ټ ʦ̸
-

You can replace it with some other module on the Settings page.

+

ټڡ

diff --git a/modules/member/lang/zh-TW.lang.php b/modules/member/lang/zh-TW.lang.php index 93a8c4d0b..60a463ea1 100644 --- a/modules/member/lang/zh-TW.lang.php +++ b/modules/member/lang/zh-TW.lang.php @@ -1,240 +1,241 @@ -member = '會員'; - $lang->member_default_info = '基本資料'; - $lang->member_extend_info = '延伸資料'; - $lang->default_group_1 = "準會員"; - $lang->default_group_2 = "正會員"; - $lang->admin_group = "管理組"; - $lang->keep_signed = '自動登入'; - $lang->remember_user_id = '儲存 ID'; - $lang->already_logged = '您已經登入!'; - $lang->denied_user_id = '被禁止的帳號。'; - $lang->null_user_id = '請輸入帳號。'; - $lang->null_password = '請輸入密碼。'; - $lang->invalid_authorization = '還沒有認證!'; - $lang->invalid_user_id= '該帳號不存在,請檢查您的輸入是否有誤!'; - $lang->invalid_password = '您的密碼不正確!'; - $lang->invalid_new_password = '新密碼不能與舊密碼相同'; - $lang->allow_mailing = '接收郵件'; - $lang->denied = '禁止使用'; - $lang->is_admin = '最高管理權限'; - $lang->group = '群組'; - $lang->group_title = '群組標題'; - $lang->group_srl = '群組編號'; - $lang->signature = '簽名檔'; - $lang->profile_image = '個人圖片'; - $lang->profile_image_max_width = '寬度限制'; - $lang->profile_image_max_height = '高度限制'; - $lang->image_name = '暱稱圖片'; - $lang->image_name_max_width = '寬度限制'; - $lang->image_name_max_height = '高度限制'; - $lang->image_mark = '用戶圖示'; - $lang->image_mark_max_width = '寬度限制'; - $lang->image_mark_max_height = '高度限制'; - $lang->group_image_mark = '群組圖示'; - $lang->group_image_mark_max_width = '寬度限制'; - $lang->group_image_mark_max_height = '高度限制'; - $lang->group_image_mark_order = '群組圖示順序'; - $lang->signature_max_height = '簽名檔高度限制'; - $lang->enable_openid = '支援 OpenID'; - $lang->enable_join = '允許會員註冊'; - $lang->enable_confirm = '使用郵件認證'; - $lang->enable_ssl = '使用 SSL 功能'; - $lang->security_sign_in = '使用安全登入'; - $lang->limit_day = '認證限制'; - $lang->limit_date = '限制日期'; - $lang->after_login_url = '登入後頁面轉向'; - $lang->after_logout_url = '登出後頁面轉向'; - $lang->redirect_url = '會員註冊後頁面轉向'; - $lang->agreement = '會員使用條款'; - $lang->accept_agreement = '同意條款'; - $lang->member_info = '會員資料'; - $lang->current_password = '舊密碼'; - $lang->openid = 'OpenID'; - $lang->allow_message = '接收短訊息'; - $lang->allow_message_type = array( - 'Y' => '全部允許', - 'F' => '允許好友', - 'N' => '全部禁止', - ); - $lang->about_allow_message = '可選擇是否接收短訊息。'; - $lang->logged_users = '線上會員'; - - $lang->webmaster_name = '管理員名稱'; - $lang->webmaster_email = '管理員電子郵件'; - - $lang->about_keep_signed = '關閉瀏覽器後也將維持登入狀態。
使用此功能,可解決每次訪問都要輸入帳號及密碼的麻煩。
為防止個人資料洩露,在網咖,學校等公共場所,請務必要確認解除登入狀態。'; - $lang->about_keep_warning = '關閉瀏覽器後也將維持登入狀態。
使用此功能,可解決每次訪問都要輸入帳號及密碼的麻煩。
為防止個人資料洩露,在網咖,學校等公共場所,請務必要確認解除登入狀態。'; - $lang->about_webmaster_name = '請輸入認證所需的電子郵件地址或管理其他網站時要使用的網站管理員名稱。(預設 : webmaster)'; - $lang->about_webmaster_email = '請輸入網站管理員的電子郵件地址。'; - - $lang->search_target_list = array( - 'user_id' => '帳號', - 'user_name' => '姓名', - 'nick_name' => '暱稱', - 'email_address' => '電子郵件', - 'regdate' => '註冊日期', - 'regdate_more' => '註冊日期(以上)', - 'regdate_less' => '註冊日期(以下)', - 'last_login' => '最近登入', - 'last_login_more' => '最近登入(以上)', - 'last_login_less' => '最近登入(以下)', - 'extra_vars' => '延伸變數', - ); - - $lang->cmd_login = '登入'; - $lang->cmd_logout = '登出'; - $lang->cmd_signup = '會員註冊'; - $lang->cmd_site_signup = '加入'; - $lang->cmd_modify_member_info = '修改會員資料'; - $lang->cmd_modify_member_password = '修改密碼'; - $lang->cmd_view_member_info = '檢視會員資料'; - $lang->cmd_leave = '退出'; - $lang->cmd_find_member_account = '查詢帳號/密碼'; - $lang->cmd_resend_auth_mail = '重寄認證郵件'; - - $lang->cmd_member_list = '會員列表'; - $lang->cmd_module_config = '基本設置'; - $lang->cmd_member_group = '群組管理'; - $lang->cmd_send_mail = '發送郵件'; - $lang->cmd_manage_id = '禁止帳號管理'; - $lang->cmd_manage_form = '註冊表單管理'; - $lang->cmd_view_own_document = '檢視發表主題'; - $lang->cmd_manage_member_info = '管理會員資料'; - $lang->cmd_trace_document = '主題追蹤'; - $lang->cmd_trace_comment = '評論追蹤'; - $lang->cmd_view_scrapped_document = '檢視收藏'; - $lang->cmd_view_saved_document = '檢視臨時儲存箱'; - $lang->cmd_send_email = '發送郵件'; - - $lang->msg_email_not_exists = '找不到您輸入的郵件地址。'; - - $lang->msg_alreay_scrapped = '已收藏的主題!'; - - $lang->msg_cart_is_null = '請選擇對象。'; - $lang->msg_checked_file_is_deleted = '已刪除%d個附檔。'; - - $lang->msg_find_account_title = '註冊資料。'; - $lang->msg_find_account_info = '您要尋找的註冊資料如下。'; - $lang->msg_find_account_comment = '按底下的連結,您的註冊密碼將更新為上述系統自動建立的密碼。
請重新登入,將密碼更改為您想要的密碼。'; - $lang->msg_confirm_account_title = '會員註冊'; - $lang->msg_confirm_account_info = '您的註冊資料如下:'; - $lang->msg_confirm_account_comment = '請按下面連結完成會員認證。'; - $lang->msg_auth_mail_sent = '已向%s發送了認證郵件。請確認!!'; - $lang->msg_confirm_mail_sent = '已向%s發送了認證郵件。請確認!!'; - $lang->msg_invalid_auth_key = '錯誤的註冊資料請求。
請重新尋找帳號及密碼,或聯繫管理員。'; - $lang->msg_success_authed = '新註冊的資料已得到認證。請用郵件中的新密碼修改成您要想使用的密碼。'; - $lang->msg_success_confirmed = '註冊資料已成功確認!'; - - $lang->msg_new_member = '會員註冊'; - $lang->msg_update_member = '修改會員資料'; - $lang->msg_leave_member = '會員退出'; - $lang->msg_group_is_null = '無群組。'; - $lang->msg_not_delete_default = '無法刪除基本項目'; - $lang->msg_not_exists_member = '不存在的帳號'; - $lang->msg_cannot_delete_admin = '無法解除管理員帳號,請解除管理後再刪除'; - $lang->msg_exists_user_id = '重複的帳號,請重新輸入。'; - $lang->msg_exists_email_address = '重複的電子郵件地址,請重新輸入電子郵件地址。'; - $lang->msg_exists_nick_name = '重複的暱稱,請重新輸入。'; - $lang->msg_signup_disabled = '無法註冊會員'; - $lang->msg_already_logged = '您是註冊會員。'; - $lang->msg_not_logged = '您還沒登入。'; - $lang->msg_insert_group_name = '請輸入群組名稱'; - $lang->msg_check_group = '請選擇群組'; - - $lang->msg_not_uploaded_profile_image = '無法登錄個人圖片!'; - $lang->msg_not_uploaded_image_name = '無法登錄暱稱圖片!'; - $lang->msg_not_uploaded_image_mark = '無法登錄用戶圖示!'; - $lang->msg_not_uploaded_group_image_mark = '無法登錄群組圖示!'; - - $lang->msg_accept_agreement = '您必須同意條款。'; - - $lang->msg_user_denied = '您輸入的帳號已禁止使用!'; - $lang->msg_user_not_confirmed = '您的註冊資料還沒有被確認,請確認您的電子郵箱。'; - $lang->msg_user_limited = '您輸入的帳號%s以後才可以開始使用。'; - - $lang->about_user_id = '帳號必須由 3~20 字以內的英文+數字組成,開頭必須是英文。'; - $lang->about_password = '密碼必須在 6~20 字以內。'; - $lang->about_user_name = '姓名必須是 2~20 字以內。'; - $lang->about_nick_name = '暱稱必須是 2~20 字以內。'; - $lang->about_email_address = '電子郵件地址除郵件認證外,當修改密碼或忘記密碼時也可以使用。'; - $lang->about_homepage = '請輸入您的網址。'; - $lang->about_blog_url = '請輸入部落格網址。'; - $lang->about_birthday = '請輸入您的出生年月日。'; - $lang->about_allow_mailing = '不選擇此項,以後無法接收站內發送的重要資料。'; - $lang->about_denied = '選擇時不能使用此帳號。'; - $lang->about_is_admin = '選擇時將具有最高管理權限。'; - $lang->about_member_description = '管理員對會員的註記。'; - $lang->about_group = '一個帳號可擁有多個群組。'; - - $lang->about_column_type = '請選擇要新增的註冊表單格式。'; - $lang->about_column_name = '請輸入在樣板中可以使用的英文名稱。(變數名稱)'; - $lang->about_column_title = '註冊或修改/檢視資料時要顯示的標題。'; - $lang->about_default_value = '可以設置預設值。'; - $lang->about_active = '必須選擇此項後才可以正常啟用。'; - $lang->about_form_description = '說明欄裡輸入的內容,在註冊時會顯示。'; - $lang->about_required = '註冊時成為必填項目。'; - - $lang->about_enable_openid = '想要網站支援 OpenID 時,請勾選此項。'; - $lang->about_enable_join = '選擇此項後,用戶才可以註冊。'; - $lang->about_enable_confirm = '為確認會員註冊資料,會向會員輸入的郵件地址發送註冊認證郵件。'; - $lang->about_enable_ssl = '如主機提供 SSL 認證服務,新會員註冊/修改會員資料/登入等資料的傳送將使用 SSL(https) 認證。'; - $lang->about_limit_day = '註冊會員後的認證有效期限。'; - $lang->about_limit_date = '直到指定日期,否則該帳號都無法登入。'; - $lang->about_after_login_url = '可以指定登入後的頁面轉向網址(留空為目前頁面)。'; - $lang->about_after_logout_url = '可以指定登出後的頁面轉向網址(留空為目前頁面)。'; - $lang->about_redirect_url = '請輸入會員註冊後的頁面轉向網址。(留空為返回前頁)'; - $lang->about_agreement = '沒有會員條款時不會顯示。'; - - $lang->about_image_name = '用戶暱稱可以用圖片替代。'; - $lang->about_image_mark = '顯示在用戶暱稱前的圖示。'; - $lang->about_group_image_mark = '顯示在用戶群組前的圖示。'; - $lang->about_profile_image = '可以使用個人圖片。'; - $lang->about_signature_max_height = '可以限制簽名檔高度(零或留空為不限制)。'; - $lang->about_accept_agreement = '已閱讀全部條款並同意。'; - - $lang->about_member_default = '將成為註冊會員時的預設群組。'; - - $lang->about_openid = '用 OpenID 註冊時,該網站只儲存帳號和郵件等基本資料,密碼和認證處理是在提供 OpenID 服務的網站中得到解決。'; - $lang->about_openid_leave = '刪除 OpenID 就等於永久刪除站內會員的資料。
被刪除後,再重新登錄就等於新會員註冊,因此對以前自己寫的主題將失去其權限。'; - $lang->about_find_member_account = '帳號/密碼將發送到您註冊時,所輸入的電子郵件當中。
輸入註冊時的電子郵件地址後,請按「查詢帳號/密碼」按鈕。
'; - - $lang->about_member = "可以新增/修改/刪除會員及管理群組或註冊表單的會員管理模組。\n此模組不僅可以建立預設群組以外的其他群組來管理會員,並且通過註冊表單的管理獲得會員基本資料以外的延伸資料。"; - $lang->about_ssl_port = '請輸入想要使用 SSL 預設埠口以外的埠口。'; - $lang->add_openid = '新增 OpenID'; - - $lang->about_resend_auth_mail = '如果沒有收到認證郵件可以再重寄一次。'; - $lang->no_article = '主題不存在'; - - $lang->find_account_question = '密碼提示問答'; - $lang->find_account_answer = '비밀번호 찾기 답변'; - - $lang->about_find_account_question = '可透過帳號、電子郵件和設定提示問答來獲得臨時密碼。'; - $lang->find_account_question_items = array('' - ,'其他電子郵件?' - ,'我最愛的是?' - ,'我讀的國小是?' - ,'我的出生地?' - ,'我的理想?' - ,'母親的姓名?' - ,'父親的姓名?' - ,'最喜歡的顏色?' - ,'最愛的食物是?' - ); - - $lang->temp_password = '臨時密碼'; - $lang->cmd_get_temp_password = '取得臨時密碼'; - $lang->about_get_temp_password = '請再登入後變更密碼。'; - $lang->msg_question_not_exists = '尚未輸入提示問答'; - $lang->msg_answer_not_matches = '答案不正確'; - - $lang->change_password_date = '密碼更新'; - $lang->about_change_password_date = '可設定密碼更新週期,將會定期通知更換密碼。 (設為零則不使用)'; - -?> +member = '會員'; + $lang->member_default_info = '基本資料'; + $lang->member_extend_info = '延伸資料'; + $lang->default_group_1 = "準會員"; + $lang->default_group_2 = "正會員"; + $lang->admin_group = "管理組"; + $lang->keep_signed = '自動登入'; + $lang->remember_user_id = '儲存 ID'; + $lang->already_logged = '您已經登入!'; + $lang->denied_user_id = '被禁止的帳號。'; + $lang->null_user_id = '請輸入帳號。'; + $lang->null_password = '請輸入密碼。'; + $lang->invalid_authorization = '還沒有認證!'; + $lang->invalid_user_id= '該帳號不存在,請檢查您的輸入是否有誤!'; + $lang->invalid_password = '您的密碼不正確!'; + $lang->invalid_new_password = '新密碼不能與舊密碼相同'; + $lang->allow_mailing = '接收郵件'; + $lang->denied = '禁止使用'; + $lang->is_admin = '最高管理權限'; + $lang->group = '群組'; + $lang->group_title = '群組標題'; + $lang->group_srl = '群組編號'; + $lang->signature = '簽名檔'; + $lang->profile_image = '個人圖片'; + $lang->profile_image_max_width = '寬度限制'; + $lang->profile_image_max_height = '高度限制'; + $lang->image_name = '暱稱圖片'; + $lang->image_name_max_width = '寬度限制'; + $lang->image_name_max_height = '高度限制'; + $lang->image_mark = '用戶圖示'; + $lang->image_mark_max_width = '寬度限制'; + $lang->image_mark_max_height = '高度限制'; + $lang->group_image_mark = '群組圖示'; + $lang->group_image_mark_max_width = '寬度限制'; + $lang->group_image_mark_max_height = '高度限制'; + $lang->group_image_mark_order = '群組圖示順序'; + $lang->signature_max_height = '簽名檔高度限制'; + $lang->enable_openid = '支援 OpenID'; + $lang->enable_join = '允許會員註冊'; + $lang->enable_confirm = '使用郵件認證'; + $lang->enable_ssl = '使用 SSL 功能'; + $lang->security_sign_in = '使用安全登入'; + $lang->limit_day = '認證限制'; + $lang->limit_date = '限制日期'; + $lang->after_login_url = '登入後頁面轉向'; + $lang->after_logout_url = '登出後頁面轉向'; + $lang->redirect_url = '會員註冊後頁面轉向'; + $lang->agreement = '會員使用條款'; + $lang->accept_agreement = '同意條款'; + $lang->member_info = '會員資料'; + $lang->current_password = '舊密碼'; + $lang->openid = 'OpenID'; + $lang->allow_message = '接收短訊息'; + $lang->allow_message_type = array( + 'Y' => '全部允許', + 'F' => '允許好友', + 'N' => '全部禁止', + ); + $lang->about_allow_message = '可選擇是否接收短訊息。'; + $lang->logged_users = '線上會員'; + + $lang->webmaster_name = '管理員名稱'; + $lang->webmaster_email = '管理員電子郵件'; + + $lang->about_keep_signed = '關閉瀏覽器後也將維持登入狀態。
使用此功能,可解決每次訪問都要輸入帳號及密碼的麻煩。
為防止個人資料洩露,在網咖,學校等公共場所,請務必要確認解除登入狀態。'; + $lang->about_keep_warning = '關閉瀏覽器後也將維持登入狀態。
使用此功能,可解決每次訪問都要輸入帳號及密碼的麻煩。
為防止個人資料洩露,在網咖,學校等公共場所,請務必要確認解除登入狀態。'; + $lang->about_webmaster_name = '請輸入認證所需的電子郵件地址或管理其他網站時要使用的網站管理員名稱。(預設 : webmaster)'; + $lang->about_webmaster_email = '請輸入網站管理員的電子郵件地址。'; + + $lang->search_target_list = array( + 'user_id' => '帳號', + 'user_name' => '姓名', + 'nick_name' => '暱稱', + 'email_address' => '電子郵件', + 'regdate' => '註冊日期', + 'regdate_more' => '註冊日期(以上)', + 'regdate_less' => '註冊日期(以下)', + 'last_login' => '最近登入', + 'last_login_more' => '最近登入(以上)', + 'last_login_less' => '最近登入(以下)', + 'extra_vars' => '延伸變數', + ); + + $lang->cmd_login = '登入'; + $lang->cmd_logout = '登出'; + $lang->cmd_signup = '會員註冊'; + $lang->cmd_site_signup = '加入'; + $lang->cmd_modify_member_info = '修改會員資料'; + $lang->cmd_modify_member_password = '修改密碼'; + $lang->cmd_view_member_info = '檢視會員資料'; + $lang->cmd_leave = '退出'; + $lang->cmd_find_member_account = '查詢帳號/密碼'; + $lang->cmd_resend_auth_mail = '重寄認證郵件'; + + $lang->cmd_member_list = '會員列表'; + $lang->cmd_module_config = '基本設置'; + $lang->cmd_member_group = '群組管理'; + $lang->cmd_send_mail = '發送郵件'; + $lang->cmd_manage_id = '禁止帳號管理'; + $lang->cmd_manage_form = '註冊表單管理'; + $lang->cmd_view_own_document = '檢視發表主題'; + $lang->cmd_manage_member_info = '管理會員資料'; + $lang->cmd_trace_document = '主題追蹤'; + $lang->cmd_trace_comment = '評論追蹤'; + $lang->cmd_view_scrapped_document = '檢視收藏'; + $lang->cmd_view_saved_document = '檢視臨時儲存箱'; + $lang->cmd_send_email = '發送郵件'; + + $lang->msg_email_not_exists = '找不到您輸入的郵件地址。'; + + $lang->msg_alreay_scrapped = '已收藏的主題!'; + + $lang->msg_cart_is_null = '請選擇對象。'; + $lang->msg_checked_file_is_deleted = '已刪除%d個附檔。'; + + $lang->msg_find_account_title = '註冊資料。'; + $lang->msg_find_account_info = '您要尋找的註冊資料如下。'; + $lang->msg_find_account_comment = '按底下的連結,您的註冊密碼將更新為上述系統自動建立的密碼。
請重新登入,將密碼更改為您想要的密碼。'; + $lang->msg_confirm_account_title = '會員註冊'; + $lang->msg_confirm_account_info = '您的註冊資料如下:'; + $lang->msg_confirm_account_comment = '請按下面連結完成會員認證。'; + $lang->msg_auth_mail_sent = '已向%s發送了認證郵件。請確認!!'; + $lang->msg_confirm_mail_sent = '已向%s發送了認證郵件。請確認!!'; + $lang->msg_invalid_auth_key = '錯誤的註冊資料請求。
請重新尋找帳號及密碼,或聯繫管理員。'; + $lang->msg_success_authed = '新註冊的資料已得到認證。請用郵件中的新密碼修改成您要想使用的密碼。'; + $lang->msg_success_confirmed = '註冊資料已成功確認!'; + + $lang->msg_new_member = '會員註冊'; + $lang->msg_update_member = '修改會員資料'; + $lang->msg_leave_member = '會員退出'; + $lang->msg_group_is_null = '無群組。'; + $lang->msg_not_delete_default = '無法刪除基本項目'; + $lang->msg_not_exists_member = '不存在的帳號'; + $lang->msg_cannot_delete_admin = '無法解除管理員帳號,請解除管理後再刪除'; + $lang->msg_exists_user_id = '重複的帳號,請重新輸入。'; + $lang->msg_exists_email_address = '重複的電子郵件地址,請重新輸入電子郵件地址。'; + $lang->msg_exists_nick_name = '重複的暱稱,請重新輸入。'; + $lang->msg_signup_disabled = '無法註冊會員'; + $lang->msg_already_logged = '您是註冊會員。'; + $lang->msg_not_logged = '您還沒登入。'; + $lang->msg_insert_group_name = '請輸入群組名稱'; + $lang->msg_check_group = '請選擇群組'; + + $lang->msg_not_uploaded_profile_image = '無法登錄個人圖片!'; + $lang->msg_not_uploaded_image_name = '無法登錄暱稱圖片!'; + $lang->msg_not_uploaded_image_mark = '無法登錄用戶圖示!'; + $lang->msg_not_uploaded_group_image_mark = '無法登錄群組圖示!'; + + $lang->msg_accept_agreement = '您必須同意條款。'; + + $lang->msg_user_denied = '您輸入的帳號已禁止使用!'; + $lang->msg_user_not_confirmed = '您的註冊資料還沒有被確認,請確認您的電子郵箱。'; + $lang->msg_user_limited = '您輸入的帳號%s以後才可以開始使用。'; + + $lang->about_user_id = '帳號必須由 3~20 字以內的英文+數字組成,開頭必須是英文。'; + $lang->about_password = '密碼必須在 6~20 字以內。'; + $lang->about_user_name = '姓名必須是 2~20 字以內。'; + $lang->about_nick_name = '暱稱必須是 2~20 字以內。'; + $lang->about_email_address = '電子郵件地址除郵件認證外,當修改密碼或忘記密碼時也可以使用。'; + $lang->about_homepage = '請輸入您的網址。'; + $lang->about_blog_url = '請輸入部落格網址。'; + $lang->about_birthday = '請輸入您的出生年月日。'; + $lang->about_allow_mailing = '不選擇此項,以後無法接收站內發送的重要資料。'; + $lang->about_denied = '選擇時不能使用此帳號。'; + $lang->about_is_admin = '選擇時將具有最高管理權限。'; + $lang->about_member_description = '管理員對會員的註記。'; + $lang->about_group = '一個帳號可擁有多個群組。'; + + $lang->about_column_type = '請選擇要新增的註冊表單格式。'; + $lang->about_column_name = '請輸入在樣板中可以使用的英文名稱。(變數名稱)'; + $lang->about_column_title = '註冊或修改/檢視資料時要顯示的標題。'; + $lang->about_default_value = '可以設置預設值。'; + $lang->about_active = '必須選擇此項後才可以正常啟用。'; + $lang->about_form_description = '說明欄裡輸入的內容,在註冊時會顯示。'; + $lang->about_required = '註冊時成為必填項目。'; + + $lang->about_enable_openid = '想要網站支援 OpenID 時,請勾選此項。'; + $lang->about_enable_join = '選擇此項後,用戶才可以註冊。'; + $lang->about_enable_confirm = '為確認會員註冊資料,會向會員輸入的郵件地址發送註冊認證郵件。'; + $lang->about_enable_ssl = '如主機提供 SSL 認證服務,新會員註冊/修改會員資料/登入等資料的傳送將使用 SSL(https) 認證。'; + $lang->about_limit_day = '註冊會員後的認證有效期限。'; + $lang->about_limit_date = '直到指定日期,否則該帳號都無法登入。'; + $lang->about_after_login_url = '可以指定登入後的頁面轉向網址(留空為目前頁面)。'; + $lang->about_after_logout_url = '可以指定登出後的頁面轉向網址(留空為目前頁面)。'; + $lang->about_redirect_url = '請輸入會員註冊後的頁面轉向網址。(留空為返回前頁)'; + $lang->about_agreement = '沒有會員條款時不會顯示。'; + + $lang->about_image_name = '用戶暱稱可以用圖片替代。'; + $lang->about_image_mark = '顯示在用戶暱稱前的圖示。'; + $lang->about_group_image_mark = '顯示在用戶群組前的圖示。'; + $lang->about_profile_image = '可以使用個人圖片。'; + $lang->about_signature_max_height = '可以限制簽名檔高度(零或留空為不限制)。'; + $lang->about_accept_agreement = '已閱讀全部條款並同意。'; + + $lang->about_member_default = '將成為註冊會員時的預設群組。'; + + $lang->about_openid = '用 OpenID 註冊時,該網站只儲存帳號和郵件等基本資料,密碼和認證處理是在提供 OpenID 服務的網站中得到解決。'; + $lang->about_openid_leave = '刪除 OpenID 就等於永久刪除站內會員的資料。
被刪除後,再重新登錄就等於新會員註冊,因此對以前自己寫的主題將失去其權限。'; + $lang->about_find_member_account = '帳號/密碼將發送到您註冊時,所輸入的電子郵件當中。
輸入註冊時的電子郵件地址後,請按「查詢帳號/密碼」按鈕。
'; + + $lang->about_member = "可以新增/修改/刪除會員及管理群組或註冊表單的會員管理模組。\n此模組不僅可以建立預設群組以外的其他群組來管理會員,並且通過註冊表單的管理獲得會員基本資料以外的延伸資料。"; + $lang->about_ssl_port = '請輸入想要使用 SSL 預設埠口以外的埠口。'; + $lang->add_openid = '新增 OpenID'; + + $lang->about_resend_auth_mail = '如果沒有收到認證郵件可以再重寄一次。'; + $lang->no_article = '主題不存在'; + + $lang->find_account_question = '密碼提示問答'; + $lang->find_account_answer = '비밀번호 찾기 답변'; + $lang->about_find_account_question = '可透過帳號、電子郵件和設定提示問答來獲得臨時密碼。'; + $lang->find_account_question_items = array('' + ,'其他電子郵件?' + ,'我最愛的是?' + ,'我讀的國小是?' + ,'我的出生地?' + ,'我的理想?' + ,'母親的姓名?' + ,'父親的姓名?' + ,'最喜歡的顏色?' + ,'最愛的食物是?' + ); + + $lang->temp_password = '臨時密碼'; + $lang->cmd_get_temp_password = '取得臨時密碼'; + $lang->about_get_temp_password = '請再登入後變更密碼。'; + $lang->msg_question_not_exists = '尚未輸入提示問答'; + $lang->msg_answer_not_matches = '答案不正確'; + + $lang->change_password_date = '密碼更新'; + $lang->about_change_password_date = '可設定密碼更新週期,將會定期通知更換密碼。 (設為零則不使用)'; + $lang->msg_kr_address = '읍, 면, 동 이름으로 검색하세요.'; + $lang->msg_kr_address_etc = '請輸入剩餘的地址(街道)。'; + $lang->cmd_search_again = '再找一次'; +?> From a0d57a320fc0b21a5f2241d76dfcf90c419a45f4 Mon Sep 17 00:00:00 2001 From: flyskyko Date: Thu, 22 Sep 2011 05:29:04 +0000 Subject: [PATCH 2/2] merge with 1.4.5 branch(1.4.5.10) git-svn-id: http://xe-core.googlecode.com/svn/trunk@9269 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- .../member_extra_info.lib.php | 2 +- .../point_level_icon/point_level_icon.lib.php | 7 +- classes/db/DB.class.php | 1 + classes/db/DBSqlite2.class.php | 2 +- classes/db/DBSqlite3_pdo.class.php | 2 +- classes/module/ModuleHandler.class.php | 26 ++- classes/security/Security.class.php | 111 +++++++++++++ classes/template/TemplateHandler.class.php | 37 ++++- common/js/common.js | 152 +++++------------- common/js/src/common.js | 17 +- common/js/unittest/unittest_common.html | 2 +- config/config.inc.php | 3 +- config/func.inc.php | 2 +- modules/addon/addon.admin.controller.php | 3 +- modules/addon/addon.admin.view.php | 11 +- modules/admin/admin.admin.view.php | 29 ++-- modules/admin/tpl/index.html | 2 +- .../autoinstall/autoinstall.admin.view.php | 47 +++--- modules/autoinstall/tpl/list.html | 16 +- modules/comment/comment.admin.view.php | 2 +- modules/comment/tpl/comment_list.html | 2 +- .../communication.admin.model.php | 4 + .../communication.admin.view.php | 5 + .../document/document.admin.controller.php | 2 + modules/document/document.admin.view.php | 3 +- modules/document/document.controller.php | 15 +- modules/document/document.item.php | 3 +- modules/document/document.model.php | 12 +- modules/document/tpl/extra_keys.html | 4 +- modules/editor/editor.admin.view.php | 13 +- modules/editor/editor.view.php | 12 +- modules/file/file.admin.view.php | 11 +- modules/file/file.controller.php | 32 +++- modules/file/file.model.php | 20 +++ modules/file/tpl/file_list.html | 2 +- modules/install/script/ko.install.php | 2 +- .../integration_search.admin.view.php | 15 +- modules/integration_search/tpl/skin_info.html | 4 +- modules/krzip/krzip.admin.view.php | 4 + modules/krzip/tpl/index.html | 6 +- modules/layout/layout.admin.view.php | 46 +++++- modules/layout/tpl/index.html | 2 +- modules/layout/tpl/layout_modify.html | 4 +- modules/layout/tpl/mindex.html | 2 +- modules/member/conf/module.xml | 2 +- modules/member/lang/ko.lang.php | 3 +- modules/member/member.admin.controller.php | 17 +- modules/member/member.admin.model.php | 1 + modules/member/member.admin.view.php | 69 +++++--- modules/member/member.class.php | 11 +- modules/member/member.controller.php | 6 + modules/member/member.model.php | 45 +++--- modules/member/queries/getGroups.xml | 2 +- modules/member/queries/getMemberList.xml | 1 + .../queries/getMemberListWithinGroup.xml | 1 + modules/member/queries/insertGroup.xml | 3 +- .../queries/updateAllMemberGroupListOrder.xml | 8 + .../queries/updateMemberGroupListOrder.xml | 11 ++ modules/member/schemas/member_group.xml | 1 + modules/member/skins/default/modify_info.html | 8 +- modules/member/tpl/group_list.html | 17 +- modules/member/tpl/insert_join_form.html | 6 +- modules/member/tpl/insert_member.html | 38 ++--- modules/member/tpl/join_form_list.html | 2 +- modules/member/tpl/js/member_admin.js | 48 +++--- modules/member/tpl/member_info.html | 28 ++-- modules/member/tpl/member_list.html | 10 +- modules/menu/menu.admin.model.php | 18 ++- modules/menu/menu.admin.view.php | 35 ++-- modules/menu/tpl/index.html | 4 +- modules/menu/tpl/menu_item_info.html | 4 +- modules/menu/tpl/menu_management.html | 2 +- modules/menu/tpl/mid_list.html | 1 + modules/message/message.admin.view.php | 5 + modules/module/module.admin.controller.php | 22 +-- modules/module/module.admin.model.php | 13 +- modules/module/module.admin.view.php | 29 +++- modules/module/tpl/skin_config.html | 4 +- modules/opage/opage.admin.view.php | 44 ++++- modules/opage/opage.view.php | 3 +- modules/opage/tpl/index.html | 2 +- modules/opage/tpl/opage_insert.html | 8 +- modules/page/page.admin.view.php | 59 ++++++- modules/page/tpl/index.html | 6 +- modules/page/tpl/page_info.html | 2 +- modules/page/tpl/page_insert.html | 2 +- modules/point/point.admin.view.php | 30 ++-- modules/point/tpl/member_list.html | 6 +- modules/poll/poll.admin.view.php | 12 +- modules/poll/tpl/config.html | 2 +- modules/poll/tpl/poll_list.html | 2 +- modules/rss/rss.admin.view.php | 11 +- modules/rss/tpl/rss_admin_index.html | 4 +- modules/spamfilter/spamfilter.admin.view.php | 10 +- .../syndication/syndication.admin.view.php | 6 + modules/trackback/tpl/trackback_list.html | 4 +- modules/trackback/trackback.admin.view.php | 7 +- modules/widget/widget.admin.view.php | 8 +- 98 files changed, 970 insertions(+), 432 deletions(-) create mode 100644 classes/security/Security.class.php create mode 100644 modules/member/queries/updateAllMemberGroupListOrder.xml create mode 100644 modules/member/queries/updateMemberGroupListOrder.xml diff --git a/addons/member_extra_info/member_extra_info.lib.php b/addons/member_extra_info/member_extra_info.lib.php index 10d6ef72c..75fe982ea 100644 --- a/addons/member_extra_info/member_extra_info.lib.php +++ b/addons/member_extra_info/member_extra_info.lib.php @@ -36,7 +36,7 @@ if($image_name_file) $nick_name = sprintf('id: %s', Context::getRequestUri(),$image_name_file, strip_tags($nick_name), strip_tags($nick_name)); if($image_mark_file) $nick_name = sprintf('id: %s%s', Context::getRequestUri(),$image_mark_file, strip_tags($nick_name), strip_tags($nick_name), $nick_name); - if($group_image) $nick_name = sprintf('%s', $group_image->src, $nick_name); + if($group_image) $nick_name = sprintf('%s%s', $group_image->src, $group_image->title, $group_image->description, $nick_name); $orig_text = preg_replace('/'.preg_quote($matches[5],'/').'<\/'.$matches[6].'>$/', '', $matches[0]); diff --git a/addons/point_level_icon/point_level_icon.lib.php b/addons/point_level_icon/point_level_icon.lib.php index 471025c80..749eda5a7 100644 --- a/addons/point_level_icon/point_level_icon.lib.php +++ b/addons/point_level_icon/point_level_icon.lib.php @@ -6,6 +6,12 @@ $member_srl = $matches[3]; if($member_srl<1) return $matches[0]; + $orig_text = preg_replace('/'.preg_quote($matches[5],'/').'<\/'.$matches[6].'>$/', '', $matches[0]); + + // Check Group Image Mark + $oMemberModel = &getModel('member'); + if($oMemberModel->getGroupImageMark($member_srl)) return $orig_text.$matches[5].''; + if(!isset($GLOBALS['_pointLevelIcon'][$member_srl])) { // 포인트 설정을 구해옴 if(!$GLOBALS['_pointConfig']) { @@ -45,7 +51,6 @@ } $text = $GLOBALS['_pointLevelIcon'][$member_srl]; - $orig_text = preg_replace('/'.preg_quote($matches[5],'/').'<\/'.$matches[6].'>$/', '', $matches[0]); return $orig_text.$text.$matches[5].''; } ?> diff --git a/classes/db/DB.class.php b/classes/db/DB.class.php index 8b682404f..8b38d39e6 100644 --- a/classes/db/DB.class.php +++ b/classes/db/DB.class.php @@ -701,6 +701,7 @@ function _filterNumber(&$value) { $value = preg_replace('/[^\d\w\+\-\*\/\.\(\)]/', '', $value); + $value = preg_replace('@\b(?:select|update|delete)\b|[/+\*]{2,}|(-){2,}@i', '$1', $value); if(!$value) $value = 0; } } diff --git a/classes/db/DBSqlite2.class.php b/classes/db/DBSqlite2.class.php index eb1cd6bbc..51a5664ab 100644 --- a/classes/db/DBSqlite2.class.php +++ b/classes/db/DBSqlite2.class.php @@ -26,7 +26,7 @@ var $column_type = array( 'bignumber' => 'INTEGER', 'number' => 'INTEGER', - 'varchar' => 'VARHAR', + 'varchar' => 'VARCHAR', 'char' => 'CHAR', 'text' => 'TEXT', 'bigtext' => 'TEXT', diff --git a/classes/db/DBSqlite3_pdo.class.php b/classes/db/DBSqlite3_pdo.class.php index d641876b3..96301a1a2 100644 --- a/classes/db/DBSqlite3_pdo.class.php +++ b/classes/db/DBSqlite3_pdo.class.php @@ -32,7 +32,7 @@ var $column_type = array( 'bignumber' => 'INTEGER', 'number' => 'INTEGER', - 'varchar' => 'VARHAR', + 'varchar' => 'VARCHAR', 'char' => 'CHAR', 'text' => 'TEXT', 'bigtext' => 'TEXT', diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php index f29ff0c5f..7d70d6b9f 100644 --- a/classes/module/ModuleHandler.class.php +++ b/classes/module/ModuleHandler.class.php @@ -266,16 +266,36 @@ $oModule = &$this->getModuleInstance($forward->module, $type, $kind); } $xml_info = $oModuleModel->getModuleActionXml($forward->module); + $oMemberModel = &getModel('member'); + $logged_info = $oMemberModel->getLoggedInfo(); + if($this->module == "admin" && $type == "view") { - $oMemberModel = &getModel('member'); - - $logged_info = $oMemberModel->getLoggedInfo(); if($logged_info->is_admin=='Y') { $orig_module->loadSideBar(); $oModule->setLayoutPath("./modules/admin/tpl"); $oModule->setLayoutFile("layout.html"); } + else{ + $this->error = 'msg_is_not_administrator'; + $oMessageObject = &ModuleHandler::getModuleInstance('message',$type); + $oMessageObject->setError(-1); + $oMessageObject->setMessage($this->error); + $oMessageObject->dispMessage(); + return $oMessageObject; + } + } + if ($kind == 'admin'){ + $grant = $oModuleModel->getGrant($this->module_info, $logged_info); + if(!$grant->is_admin && !$grant->manager) { + $this->error = 'msg_is_not_manager'; + $oMessageObject = &ModuleHandler::getModuleInstance('message',$type); + $oMessageObject->setError(-1); + $oMessageObject->setMessage($this->error); + $oMessageObject->dispMessage(); + return $oMessageObject; + } + } } else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act)) diff --git a/classes/security/Security.class.php b/classes/security/Security.class.php new file mode 100644 index 000000000..ab0387b38 --- /dev/null +++ b/classes/security/Security.class.php @@ -0,0 +1,111 @@ +_targetVar = $var; + } + + /** + * @brief Convert special characters to HTML entities for the target variables. + * The results of conversion are equivalent to the results of htmlspecialchars() which is a native function of PHP. + * @params string $varName + * A variable's name to convert + * To process properties of an object or elements of an array, + * separate the owner(object or array) and the item(property or element) using a dot(.) + * @public + */ + function encodeHTML(/*, $varName1, $varName2, ... */) + { + $varNames = func_get_args(); + if(count($varNames) < 0) return false; + + $use_context = is_null($this->_targetVar); + if(!$use_context) { + if(!count($varNames) || (!is_object($this->_targetVar) && !is_array($this->_targetVar)) ) return $this->_encodeHTML($this->_targetVar); + + $is_object = is_object($this->_targetVar); + } + + foreach($varNames as $varName) { + $varName = explode('.', $varName); + $varName0 = array_shift($varName); + if($use_context) { + $var = Context::get($varName0); + } else { + $var = $is_object ? $this->_targetVar->{$varName0} : $this->_targetVar[$varName0]; + } + $var = $this->_encodeHTML($var, $varName); + + if($var !== false) { + if($use_context) { + Context::set($varName0, $var); + } elseif($is_object) { + $this->_targetVar->{$varName0} = $var; + } else { + $this->_targetVar[$varName0] = $var; + } + } + } + + if (!$use_context) return $this->_targetVar; + } + + /** + * @protected + */ + function _encodeHTML($var, $name=array()) + { + if(is_string($var)) { + if (!preg_match('/^\$user_lang->/', $var)) $var = htmlspecialchars($var); + return $var; + } + + if(!count($name) || (!is_array($var) && !is_object($var)) ) return false; + + $is_object = is_object($var); + $name0 = array_shift($name); + + if(strlen($name0)) { + $target = $is_object ? $var->{$name0} : $var[$name0]; + $target = $this->_encodeHTML($target, $name); + + if($target === false) return $var; + + if($is_object) $var->{$name0} = $target; + else $var[$name0] = $target; + + return $var; + } + + foreach($var as $key=>$target) { + $cloned_name = array_slice($name, 0); + $target = $this->_encodeHTML($target, $name); + $name = $cloned_name; + + if($target === false) continue; + + if($is_object) $var->{$key} = $target; + else $var[$key] = $target; + } + + return $var; + } +} + +/* End of file : Security.class.php */ diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 1b9c1bd1d..a56d0f2db 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -258,11 +258,18 @@ $pre_pos = strrpos($pre, '<'); preg_match('/^ loop="([^"]+)"/i',$next,$m); - $tag = substr($next,0,strlen($m[0])); + $orgTag = $tag = substr($next,0,strlen($m[0])); $next = substr($next,strlen($m[0])); $next_pos = strpos($next, '<'); $tag = substr($pre, $pre_pos). $tag. substr($next, 0, $next_pos); + // search end tag + /* tag as '
blahblah' to be '
' */ + preg_match('/\/>(\w+)/',$tag, $mm); + if ($mm[1]){ + $next_pos = strpos($next, $mm[1]); + $tag = substr($pre, $pre_pos). $orgTag. substr($next, 0, $next_pos); + } $pre = substr($pre, 0, $pre_pos); $next = substr($next, $next_pos); @@ -285,21 +292,30 @@ if(false!== $fpos = strpos($loop,'=>')) { $target = trim(substr($loop,0,$fpos)); + if(substr($target, 0, 1) == '$') $target = sprintf('$__Context->%s ', substr($target, 1)); + $vars = trim(substr($loop,$fpos+2)); if(false===strpos($vars,',')) { + if(substr($vars, 0, 1) == '$') $vars = sprintf('$__Context->%s ', substr($vars, 1)); + $tag_head .= ''; $tag_tail .= ''; } else { $t = explode(',',$vars); + foreach($t as $key => $val){ + if(substr(trim($val), 0, 1) == '$') $val = sprintf('$__Context->%s ', substr(trim($val), 1)); + $t[$key] = trim($val); + } $tag_head .= ' '.trim($t[1]).') { ?>'; $tag_tail .= ''; } } elseif(false!==strpos($loop,';')) { + $loop = preg_replace('/\$(\w+)/', '$__Context->$1', $loop); $tag_head .= ''; $tag_tail .= ''; } @@ -337,8 +353,10 @@ { if(strpos($matches[0],'|cond')!==false) { while(strpos($matches[0],'|cond="')!==false) { - if(preg_match('/ (\w+)=\"([^\"]+)\"\|cond=\"([^\"]+)\"/is', $matches[0], $m)) + if(preg_match('/ (\w+)=\"([^\"]+)\"\|cond=\"([^\"]+)\"/is', $matches[0], $m)){ + $m[3] = preg_replace('/^\$(\w+)/', '$__Context->$1', $m[3]); $matches[0] = str_replace($m[0], sprintf(' %s="%s"', $m[3], $m[1], $m[2]), $matches[0]); + } } } @@ -362,6 +380,14 @@ $next_pos = strpos($next, $m[0]); $tag = substr($pre, $pre_pos). substr($next, 0, $next_pos); + + // search end tag + /* tag as '
blahblah' to be '
' */ + preg_match('/\/>(\w+)/',$tag, $mm); + if ($mm[1]){ + $next_pos = strpos($next, $mm[1]); + $tag = substr($pre, $pre_pos). substr($next, 0, $next_pos); + } $pre = substr($pre, 0, $pre_pos); $next = substr($next, $next_pos); $tag_name = trim(substr($tag,1,strpos($tag,' '))); @@ -371,6 +397,7 @@ { for($i=0,$c=count($m[0]);$i<$c;$i++) { + $m[1][$i] = preg_replace('/^\$(\w+)/', '$__Context->$1', $m[1][$i]); $tag_head .= ''; $tag_tail .= ''; } @@ -478,9 +505,11 @@ // otherwise try to load xml, css, js file } else { - if(substr($target,0,1)!='/') $source_filename = $base_path.$target; + if(substr($target,0,1)!='/' && !preg_match('/^(http|https)/i',$target)) $source_filename = $base_path.$target; else $source_filename = $target; - $source_filename = str_replace(array('/./','//'),'/',$source_filename); + + if(!preg_match('/^(http|https)/i',$source_filename)) + $source_filename = str_replace(array('/./','//'),'/',$source_filename); // get filename and path $tmp_arr = explode("/",$source_filename); diff --git a/common/js/common.js b/common/js/common.js index edb2957fd..e1c795c4d 100644 --- a/common/js/common.js +++ b/common/js/common.js @@ -2,112 +2,46 @@ * @file common.js * @author NHN (developers@xpressengine.com) * @brief 몇가지 유용한 & 기본적으로 자주 사용되는 자바스크립트 함수들 모음 - **/ -if(jQuery)jQuery.noConflict();(function($){var UA=navigator.userAgent.toLowerCase();$.os={Linux:/linux/.test(UA),Unix:/x11/.test(UA),Mac:/mac/.test(UA),Windows:/win/.test(UA)};$.os.name=($.os.Windows)?'Windows':($.os.Linux)?'Linux':($.os.Unix)?'Unix':($.os.Mac)?'Mac':'';window.XE={loaded_popup_menus:new Array(),addedDocument:new Array(),checkboxToggleAll:function(){var itemName='cart';var options={wrap:null,checked:'toggle',doClick:false};switch(arguments.length){case 1:if(typeof(arguments[0])=="string"){itemName=arguments[0];}else{$.extend(options,arguments[0]||{});} -break;case 2:itemName=arguments[0];$.extend(options,arguments[1]||{});} -if(options.doClick==true)options.checked=null;if(typeof(options.wrap)=="string")options.wrap='#'+options.wrap;if(options.wrap){var obj=$(options.wrap).find('input[name='+itemName+']:checkbox');}else{var obj=$('input[name='+itemName+']:checkbox');} -if(options.checked=='toggle'){obj.each(function(){$(this).attr('checked',($(this).attr('checked'))?false:true);});}else{(options.doClick==true)?obj.click():obj.attr('checked',options.checked);}},displayPopupMenu:function(ret_obj,response_tags,params){var target_srl=params["target_srl"];var menu_id=params["menu_id"];var menus=ret_obj['menus'];var html="";if(this.loaded_popup_menus[menu_id]){html=this.loaded_popup_menus[menu_id];}else{if(menus){var item=menus['item'];if(typeof(item.length)=='undefined'||item.length<1)item=new Array(item);if(item.length){for(var i=0;i'+str+' ';}}} -this.loaded_popup_menus[menu_id]=html;} -if(html){var area=$('#popup_menu_area').html('
    '+html+'
');var areaOffset={top:params['page_y'],left:params['page_x']};if(area.outerHeight()+areaOffset.top>$(window).height()+$(window).scrollTop()) -areaOffset.top=$(window).height()-area.outerHeight()+$(window).scrollTop();if(area.outerWidth()+areaOffset.left>$(window).width()+$(window).scrollLeft()) -areaOffset.left=$(window).width()-area.outerWidth()+$(window).scrollLeft();area.css({top:areaOffset.top,left:areaOffset.left}).show();}}}})(jQuery);jQuery(function($){if(!$('#popup_menu_area').length){var menuObj=$('
').attr('id','popup_menu_area').css({display:'none',zIndex:9999});$(document.body).append(menuObj);} -$(document).click(function(evt){var area=$('#popup_menu_area');if(!area.length)return;area.hide();var targetObj=$(evt.target);if(!targetObj.length)return;if(targetObj.length&&$.inArray(targetObj.attr('nodeName'),['DIV','SPAN','A'])==-1)targetObj=targetObj.parent();if(!targetObj.length||$.inArray(targetObj.attr('nodeName'),['DIV','SPAN','A'])==-1)return;var class_name=targetObj.attr('className');if(class_name.indexOf('_')<=0)return;var class_name_list=class_name.split(' ');var menu_id='';var menu_id_regx=/^([a-zA-Z]+)_([0-9]+)$/;for(var i=0,c=class_name_list.length;i-1)?first_enable[i]:j;}} -if(!disabled_exists)return;sels.oldonchange=sels.onchange;sels.onchange=function(){if(this.options[this.selectedIndex].disabled){this.selectedIndex=first_enable[i];}else{if(this.oldonchange)this.oldonchange();}};if(sels.selectedIndex>=0&&sels.options[sels.selectedIndex].disabled)sels.onchange();});} -var drEditorFold=$('.xe_content .fold_button');if(drEditorFold.size()){var fold_container=$('div.fold_container',drEditorFold);$('button.more',drEditorFold).click(function(){$(this).hide().next('button').show().parent().next(fold_container).show();});$('button.less',drEditorFold).click(function(){$(this).hide().prev('button').show().parent().next(fold_container).hide();});}});String.prototype.getQuery=function(key){var idx=this.indexOf('?');if(idx==-1)return null;var query_string=this.substr(idx+1,this.length);var args={};query_string.replace(/([^=]+)=([^&]*)(&|$)/g,function(){args[arguments[1]]=arguments[2];});var q=args[key];if(typeof(q)=="undefined")q="";return q;} -String.prototype.setQuery=function(key,val){var idx=this.indexOf('?');var uri=this.replace(/#$/,'');if(idx!=-1){var query_string=uri.substr(idx+1,this.length),args={},q_list=[];uri=this.substr(0,idx);query_string.replace(/([^=]+)=([^&]*)(&|$)/g,function(all,key,val){args[key]=val;});args[key]=val;jQuery.each(args,function(key,val){if(!jQuery.trim(val))return;q_list.push(key+'='+decodeURI(val));});query_string=q_list.join('&');uri=uri+(query_string?'?'+query_string:'');}else{if(val.toString().trim())uri=uri+"?"+key+"="+val;} -var re=/https:\/\/([^:\/]+)(:\d+|)/i;var check=re.exec(uri);if(check) -{var toReplace="http://"+check[1];if(typeof(http_port)!='undefined'&&http_port!=80) -{toReplace+=":"+http_port;} -uri=uri.replace(re,toReplace);} -var bUseSSL=false;if(typeof(enforce_ssl)!='undefined'&&enforce_ssl) -{bUseSSL=true;} -else if(typeof(ssl_actions)!='undefined'&&typeof(ssl_actions.length)!='undefined'&&uri.getQuery('act')){var act=uri.getQuery('act');for(i=0;i-1&&!url.getQuery('vid'))url=url.setQuery('vid',xeVid);try{if(target!="_blank"&&winopen_list[target]){winopen_list[target].close();winopen_list[target]=null;}}catch(e){} -if(typeof(target)=='undefined')target='_blank';if(typeof(attribute)=='undefined')attribute='';var win=window.open(url,target,attribute);win.focus();if(target!="_blank")winopen_list[target]=win;} -function popopen(url,target){if(typeof(target)=="undefined")target="_blank";if(typeof(xeVid)!='undefined'&&url.indexOf(request_uri)>-1&&!url.getQuery('vid'))url=url.setQuery('vid',xeVid);winopen(url,target,"left=10,top=10,width=10,height=10,scrollbars=no,resizable=yes,toolbars=no");} -function sendMailTo(to){location.href="mailto:"+to;} -function move_url(url,open_wnidow){if(!url)return false;if(typeof(open_wnidow)=='undefined')open_wnidow='N';if(open_wnidow=='N'){open_wnidow=false;}else{open_wnidow=true;} -if(/^\./.test(url))url=request_uri+url;if(open_wnidow){winopen(url);}else{location.href=url;} -return false;} -function displayMultimedia(src,width,height,options){var html=_displayMultimedia(src,width,height,options);if(html)document.writeln(html);} -function _displayMultimedia(src,width,height,options){if(src.indexOf('files')==0)src=request_uri+src;var defaults={wmode:'transparent',allowScriptAccess:'sameDomain',quality:'high',flashvars:'',autostart:false};var params=jQuery.extend(defaults,options||{});var autostart=(params.autostart&¶ms.autostart!='false')?'true':'false';delete(params.autostart);var clsid="";var codebase="";var html="";if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){html='';}else if(/\.flv$/i.test(src)||/\.mov$/i.test(src)||/\.moov$/i.test(src)||/\.m4v$/i.test(src)){html='';}else if(/\.swf/i.test(src)){clsid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000';if(typeof(enforce_ssl)!='undefined'&&enforce_ssl){codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0";} -else{codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0";} -html='';html+='';for(var name in params){if(params[name]!='undefined'&¶ms[name]!=''){html+='';}} -html+='' -+'' -+'';}else{if(jQuery.browser.mozilla||jQuery.browser.opera){autostart=(params.autostart&¶ms.autostart!='false')?'1':'0';} -html='400){$body.css({overflow:'auto',overflowX:'hidden',height:400+'px'});}} -var $win=$(window);var $pc=$('#popup_content');var w=Math.max($pc[0].offsetWidth,600);var h=$pc[0].offsetHeight;var dw=$win.width();var dh=$win.height();var _w=0,_h=0;if(w!=dw)_w=w-dw;if(h!=dh)_h=h-dh;if(_w||_h){window.resizeBy(_w,_h);} -if(!arguments.callee.executed){setTimeout(setFixedPopupSize,300);arguments.callee.executed=true;}} -function doCallModuleAction(module,action,target_srl){var params=new Array();params['target_srl']=target_srl;params['cur_mid']=current_mid;exec_xml(module,action,params,completeCallModuleAction);} -function completeCallModuleAction(ret_obj,response_tags){if(ret_obj['message']!='success')alert(ret_obj['message']);location.reload();} -function completeMessage(ret_obj){alert(ret_obj['message']);location.reload();} -function doChangeLangType(obj){if(typeof(obj)=="string"){setLangType(obj);}else{var val=obj.options[obj.selectedIndex].value;setLangType(val);} -location.href=location.href.setQuery('l','');} -function setLangType(lang_type){var expire=new Date();expire.setTime(expire.getTime()+(7000*24*3600000));setCookie('lang_type',lang_type,expire,'/');} -function doDocumentPreview(obj){var fo_obj=obj;while(fo_obj.nodeName!="FORM"){fo_obj=fo_obj.parentNode;} -if(fo_obj.nodeName!="FORM")return;var editor_sequence=fo_obj.getAttribute('editor_sequence');var content=editorGetContent(editor_sequence);var win=window.open("","previewDocument","toolbars=no,width=700px;height=800px,scrollbars=yes,resizable=yes");var dummy_obj=jQuery("#previewDocument");if(!dummy_obj.length){jQuery('
'+''+''+''+'
').appendTo(document.body);dummy_obj=jQuery("#previewDocument")[0];} -if(dummy_obj){dummy_obj.content.value=content;dummy_obj.submit();}} -function doDocumentSave(obj){var editor_sequence=obj.form.getAttribute('editor_sequence');var prev_content=editorRelKeys[editor_sequence]['content'].value;if(typeof(editor_sequence)!='undefined'&&editor_sequence&&typeof(editorRelKeys)!='undefined'&&typeof(editorGetContent)=='function'){var content=editorGetContent(editor_sequence);editorRelKeys[editor_sequence]['content'].value=content;} -var params={},responses=['error','message','document_srl'],elms=obj.form.elements,data=jQuery(obj.form).serializeArray();;jQuery.each(data,function(i,field){var val=jQuery.trim(field.value);if(!val)return true;if(/\[\]$/.test(field.name))field.name=field.name.replace(/\[\]$/,'');if(params[field.name])params[field.name]+='|@|'+val;else params[field.name]=field.value;});exec_xml('member','procMemberSaveDocument',params,completeDocumentSave,responses,params,obj.form);editorRelKeys[editor_sequence]['content'].value=prev_content;return false;} -function completeDocumentSave(ret_obj){jQuery('input[name=document_srl]').eq(0).val(ret_obj['document_srl']);alert(ret_obj['message']);} -var objForSavedDoc=null;function doDocumentLoad(obj){objForSavedDoc=obj.form;popopen(request_uri.setQuery('module','member').setQuery('act','dispSavedDocumentList'));} -function doDocumentSelect(document_srl){if(!opener||!opener.objForSavedDoc){window.close();return;} -opener.location.href=opener.current_url.setQuery('document_srl',document_srl).setQuery('act','dispBoardWrite');window.close();} -function viewSkinInfo(module,skin){popopen("./?module=module&act=dispModuleSkinInfo&selected_module="+module+"&skin="+skin,'SkinInfo');} -var addedDocument=new Array();function doAddDocumentCart(obj){var srl=obj.value;addedDocument[addedDocument.length]=srl;setTimeout(function(){callAddDocumentCart(addedDocument.length);},100);} -function callAddDocumentCart(document_length){if(addedDocument.length<1||document_length!=addedDocument.length)return;var params=new Array();params["srls"]=addedDocument.join(",");exec_xml("document","procDocumentAddCart",params,null);addedDocument=new Array();} -function transRGB2Hex(value){if(!value)return value;if(value.indexOf('#')>-1)return value.replace(/^#/,'');if(value.toLowerCase().indexOf('rgb')<0)return value;value=value.replace(/^rgb\(/i,'').replace(/\)$/,'');value_list=value.split(',');var hex='';for(var i=0;i>2;enc2=((chr1&3)<<4)|(chr2>>4);enc3=((chr2&15)<<2)|(chr3>>6);enc4=chr3&63;if(isNaN(chr2)){enc3=enc4=64;}else if(isNaN(chr3)){enc4=64;} -output=output+ -this._keyStr.charAt(enc1)+this._keyStr.charAt(enc2)+ -this._keyStr.charAt(enc3)+this._keyStr.charAt(enc4);} -return output;},decode:function(input){var output="";var chr1,chr2,chr3;var enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");while(i>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;output=output+String.fromCharCode(chr1);if(enc3!=64){output=output+String.fromCharCode(chr2);} -if(enc4!=64){output=output+String.fromCharCode(chr3);}} -output=Base64._utf8_decode(output);return output;},_utf8_encode:function(string){string=string.replace(/\r\n/g,"\n");var utftext="";for(var n=0;n127)&&(c<2048)){utftext+=String.fromCharCode((c>>6)|192);utftext+=String.fromCharCode((c&63)|128);} -else{utftext+=String.fromCharCode((c>>12)|224);utftext+=String.fromCharCode(((c>>6)&63)|128);utftext+=String.fromCharCode((c&63)|128);}} -return utftext;},_utf8_decode:function(utftext){var string="";var i=0;var c=c1=c2=0;while(i191)&&(c<224)){c2=utftext.charCodeAt(i+1);string+=String.fromCharCode(((c&31)<<6)|(c2&63));i+=2;} -else{c2=utftext.charCodeAt(i+1);c3=utftext.charCodeAt(i+2);string+=String.fromCharCode(((c&15)<<12)|((c2&63)<<6)|(c3&63));i+=3;}} -return string;}} -if(typeof(resizeImageContents)=='undefined'){function resizeImageContents(){}} -if(typeof(activateOptionDisabled)=='undefined'){function activateOptionDisabled(){}} -objectExtend=jQuery.extend;function toggleDisplay(objId){jQuery('#'+objId).toggle();} -function checkboxSelectAll(formObj,name,checked){var itemName=name;var option={};if(typeof(formObj)!="undefined")option.wrap=formObj;if(typeof(checked)!="undefined")option.checked=checked;XE.checkboxToggleAll(itemName,option);} -function clickCheckBoxAll(formObj,name){var itemName=name;var option={doClick:true};if(typeof(formObj)!="undefined")option.wrap=formObj;XE.checkboxToggleAll(itemName,option);} -function svc_folder_open(id){jQuery("#_folder_open_"+id).hide();jQuery("#_folder_close_"+id).show();jQuery("#_folder_"+id).show();} -function svc_folder_close(id){jQuery("#_folder_open_"+id).show();jQuery("#_folder_close_"+id).hide();jQuery("#_folder_"+id).hide();} -function open_calendar(fo_id,day_str,callback_func){if(typeof(day_str)=="undefined")day_str="";var url="./common/tpl/calendar.php?";if(fo_id)url+="fo_id="+fo_id;if(day_str)url+="&day_str="+day_str;if(callback_func)url+="&callback_func="+callback_func;popopen(url,'Calendar');} -var loaded_popup_menus=XE.loaded_popup_menus;function createPopupMenu(){} -function chkPopupMenu(){} -function displayPopupMenu(ret_obj,response_tags,params){XE.displayPopupMenu(ret_obj,response_tags,params);} -function GetObjLeft(obj){return jQuery(obj).offset().left;} -function GetObjTop(obj){return jQuery(obj).offset().top;} -function replaceOuterHTML(obj,html){jQuery(obj).replaceWith(html);} -function getOuterHTML(obj){return jQuery(obj).html().trim();} -function setCookie(name,value,expire,path){var s_cookie=name+"="+escape(value)+ -((!expire)?"":("; expires="+expire.toGMTString()))+"; path="+((!path)?"/":path);document.cookie=s_cookie;} -jQuery(function(){jQuery(".lang_code").each(function() -{var objText=jQuery(this);var targetName=objText.attr("id");if(typeof(targetName)=="undefined")targetName=objText.attr("name");if(typeof(targetName)=="undefined")return;objText.after("find_langcode");});}); \ No newline at end of file + **/ +if(jQuery)jQuery.noConflict();(function($){var UA=navigator.userAgent.toLowerCase();$.os={Linux:/linux/.test(UA),Unix:/x11/.test(UA),Mac:/mac/.test(UA),Windows:/win/.test(UA)};$.os.name=($.os.Windows)?'Windows':($.os.Linux)?'Linux':($.os.Unix)?'Unix':($.os.Mac)?'Mac':'';window.XE={loaded_popup_menus:new Array(),addedDocument:new Array(),checkboxToggleAll:function(){var itemName='cart',options={wrap:null,checked:'toggle',doClick:false};switch(arguments.length){case 1:if(typeof (arguments[0])=="string"){itemName=arguments[0]}else $.extend(options,arguments[0]||{});break;case 2:itemName=arguments[0];$.extend(options,arguments[1]||{})};if(options.doClick==true)options.checked=null;if(typeof (options.wrap)=="string")options.wrap='#'+options.wrap;if(options.wrap){var obj=$(options.wrap).find('input[name='+itemName+']:checkbox')}else var obj=$('input[name='+itemName+']:checkbox');if(options.checked=='toggle'){obj.each(function(){$(this).attr('checked',($(this).attr('checked'))?false:true)})}else (options.doClick==true)?obj.click():obj.attr('checked',options.checked)},displayPopupMenu:function(ret_obj,response_tags,params){var target_srl=params.target_srl,menu_id=params.menu_id,menus=ret_obj.menus,html="";if(this.loaded_popup_menus[menu_id]){html=this.loaded_popup_menus[menu_id]}else{if(menus){var item=menus.item;if(typeof (item.length)=='undefined'||item.length<1)item=new Array(item);if(item.length)for(var i=0;i'+str+' '}};this.loaded_popup_menus[menu_id]=html};if(html){var area=$('#popup_menu_area').html('
    '+html+'
'),areaOffset={top:params.page_y,left:params.page_x};if(area.outerHeight()+areaOffset.top>$(window).height()+$(window).scrollTop())areaOffset.top=$(window).height()-area.outerHeight()+$(window).scrollTop();if(area.outerWidth()+areaOffset.left>$(window).width()+$(window).scrollLeft())areaOffset.left=$(window).width()-area.outerWidth()+$(window).scrollLeft();area.css({top:areaOffset.top,left:areaOffset.left}).show()}}}})(jQuery);jQuery(function($){if(!$('#popup_menu_area').length){var menuObj=$('
').attr('id','popup_menu_area').css({display:'none',zIndex:9999});$(document.body).append(menuObj)};$(document).click(function(evt){var area=$('#popup_menu_area');if(!area.length)return;area.hide();var targetObj=$(evt.target);if(!targetObj.length)return;if(targetObj.length&&$.inArray(targetObj.attr('nodeName'),['DIV','SPAN','A'])==-1)targetObj=targetObj.parent();if(!targetObj.length||$.inArray(targetObj.attr('nodeName'),['DIV','SPAN','A'])==-1)return;var class_name=targetObj.attr('className');if(class_name.indexOf('_')<=0)return;var class_name_list=class_name.split(' '),menu_id='',menu_id_regx=/^([a-zA-Z]+)_([0-9]+)$/;for(var i=0,c=class_name_list.length;i-1)?first_enable[i]:j;if(!disabled_exists)return;sels.oldonchange=sels.onchange;sels.onchange=function(){if(this.options[this.selectedIndex].disabled){this.selectedIndex=first_enable[i]}else if(this.oldonchange)this.oldonchange()};if(sels.selectedIndex>=0&&sels.options[sels.selectedIndex].disabled)sels.onchange()});var drEditorFold=$('.xe_content .fold_button');if(drEditorFold.size()){var fold_container=$('div.fold_container',drEditorFold);$('button.more',drEditorFold).click(function(){$(this).hide().next('button').show().parent().next(fold_container).show()});$('button.less',drEditorFold).click(function(){$(this).hide().prev('button').show().parent().next(fold_container).hide()})}});String.prototype.getQuery=function(key){var idx=this.indexOf('?');if(idx==-1)return null;var query_string=this.substr(idx+1,this.length),args={};query_string.replace(/([^=]+)=([^&]*)(&|$)/g,function(){args[arguments[1]]=arguments[2]});var q=args[key];if(typeof (q)=="undefined")q="";return q};String.prototype.setQuery=function(key,val){var idx=this.indexOf('?'),uri=this.replace(/#$/,'');if(idx!=-1){var query_string=uri.substr(idx+1,this.length),args={},q_list=[];uri=this.substr(0,idx);query_string.replace(/([^=]+)=([^&]*)(&|$)/g,function(all,key,val){args[key]=val});args[key]=val;jQuery.each(args,function(key,val){if(!jQuery.trim(val))return;q_list.push(decodeURIComponent(key)+'='+decodeURIComponent(val))});query_string=q_list.join('&');uri=uri+(query_string?'?'+query_string:'')}else if(val.toString().trim())uri=uri+"?"+decodeURIComponent(key)+"="+decodeURIComponent(val);var re=/https:\/\/([^:\/]+)(:\d+|)/i,check=re.exec(uri);if(check){var toReplace="http://"+check[1];if(typeof (http_port)!='undefined'&&http_port!=80)toReplace+=":"+http_port;uri=uri.replace(re,toReplace)};var bUseSSL=false;if(typeof (enforce_ssl)!='undefined'&&enforce_ssl){bUseSSL=true}else if(typeof (ssl_actions)!='undefined'&&typeof (ssl_actions.length)!='undefined'&&uri.getQuery('act')){var act=uri.getQuery('act');for(i=0;i-1&&!url.getQuery('vid'))url=url.setQuery('vid',xeVid);try{if(target!="_blank"&&winopen_list[target]){winopen_list[target].close();winopen_list[target]=null}}catch(e){};if(typeof (target)=='undefined')target='_blank';if(typeof (attribute)=='undefined')attribute='';var win=window.open(url,target,attribute);win.focus();if(target!="_blank")winopen_list[target]=win} +function popopen(url,target){if(typeof (target)=="undefined")target="_blank";if(typeof (xeVid)!='undefined'&&url.indexOf(request_uri)>-1&&!url.getQuery('vid'))url=url.setQuery('vid',xeVid);winopen(url,target,"left=10,top=10,width=10,height=10,scrollbars=no,resizable=yes,toolbars=no")} +function sendMailTo(to){location.href="mailto:"+to} +function move_url(url,open_wnidow){if(!url)return false;if(typeof (open_wnidow)=='undefined')open_wnidow='N';if(open_wnidow=='N'){open_wnidow=false}else open_wnidow=true;if(/^\./.test(url))url=request_uri+url;if(open_wnidow){winopen(url)}else location.href=url;return false} +function displayMultimedia(src,width,height,options){var html=_displayMultimedia(src,width,height,options);if(html)document.writeln(html)} +function _displayMultimedia(src,width,height,options){if(src.indexOf('files')==0)src=request_uri+src;var defaults={wmode:'transparent',allowScriptAccess:'sameDomain',quality:'high',flashvars:'',autostart:false},params=jQuery.extend(defaults,options||{}),autostart=(params.autostart&¶ms.autostart!='false')?'true':'false';delete (params.autostart);var clsid="",codebase="",html="";if(/\.(gif|jpg|jpeg|bmp|png)$/i.test(src)){html=''}else if(/\.flv$/i.test(src)||/\.mov$/i.test(src)||/\.moov$/i.test(src)||/\.m4v$/i.test(src)){html=''}else if(/\.swf/i.test(src)){clsid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000';if(typeof (enforce_ssl)!='undefined'&&enforce_ssl){codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0"}else codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0";html='';html+='';for(var name in params)if(params[name]!='undefined'&¶ms[name]!='')html+='';html+=''}else{if(jQuery.browser.mozilla||jQuery.browser.opera)autostart=(params.autostart&¶ms.autostart!='false')?'1':'0';html='400)$body.css({overflow:'auto',overflowX:'hidden',height:400+'px'});var $win=$(window),$pc=$('#popup_content'),w=Math.max($pc[0].offsetWidth,600),h=$pc[0].offsetHeight,dw=$win.width(),dh=$win.height(),_w=0,_h=0;if(w!=dw)_w=w-dw;if(h!=dh)_h=h-dh;if(_w||_h)window.resizeBy(_w,_h);if(!arguments.callee.executed){setTimeout(setFixedPopupSize,300);arguments.callee.executed=true}} +function doCallModuleAction(module,action,target_srl){var params=new Array();params.target_srl=target_srl;params.cur_mid=current_mid;exec_xml(module,action,params,completeCallModuleAction)} +function completeCallModuleAction(ret_obj,response_tags){if(ret_obj.message!='success')alert(ret_obj.message);location.reload()} +function completeMessage(ret_obj){alert(ret_obj.message);location.reload()} +function doChangeLangType(obj){if(typeof (obj)=="string"){setLangType(obj)}else{var val=obj.options[obj.selectedIndex].value;setLangType(val)};location.href=location.href.setQuery('l','')} +function setLangType(lang_type){var expire=new Date();expire.setTime(expire.getTime()+(7000*24*3600000));setCookie('lang_type',lang_type,expire,'/')} +function doDocumentPreview(obj){var fo_obj=obj;while(fo_obj.nodeName!="FORM")fo_obj=fo_obj.parentNode;if(fo_obj.nodeName!="FORM")return;var editor_sequence=fo_obj.getAttribute('editor_sequence'),content=editorGetContent(editor_sequence),win=window.open("","previewDocument","toolbars=no,width=700px;height=800px,scrollbars=yes,resizable=yes"),dummy_obj=jQuery("#previewDocument");if(!dummy_obj.length)dummy_obj=jQuery('
').appendTo(document.body);dummy_obj.find('input[name="content"]').val(content).end().submit()} +function doDocumentSave(obj){var editor_sequence=obj.form.getAttribute('editor_sequence'),prev_content=editorRelKeys[editor_sequence]['content'].value;if(typeof (editor_sequence)!='undefined'&&editor_sequence&&typeof (editorRelKeys)!='undefined'&&typeof (editorGetContent)=='function'){var content=editorGetContent(editor_sequence);editorRelKeys[editor_sequence]['content'].value=content};var params={},responses=['error','message','document_srl'],elms=obj.form.elements,data=jQuery(obj.form).serializeArray();jQuery.each(data,function(i,field){var val=jQuery.trim(field.value);if(!val)return true;if(/\[\]$/.test(field.name))field.name=field.name.replace(/\[\]$/,'');if(params[field.name]){params[field.name]+='|@|'+val}else params[field.name]=field.value});exec_xml('member','procMemberSaveDocument',params,completeDocumentSave,responses,params,obj.form);editorRelKeys[editor_sequence]['content'].value=prev_content;return false} +function completeDocumentSave(ret_obj){jQuery('input[name=document_srl]').eq(0).val(ret_obj.document_srl);alert(ret_obj.message)};var objForSavedDoc=null +function doDocumentLoad(obj){objForSavedDoc=obj.form;popopen(request_uri.setQuery('module','member').setQuery('act','dispSavedDocumentList'))} +function doDocumentSelect(document_srl){if(!opener||!opener.objForSavedDoc){window.close();return};opener.location.href=opener.current_url.setQuery('document_srl',document_srl).setQuery('act','dispBoardWrite');window.close()} +function viewSkinInfo(module,skin){popopen("./?module=module&act=dispModuleSkinInfo&selected_module="+module+"&skin="+skin,'SkinInfo')};var addedDocument=new Array() +function doAddDocumentCart(obj){var srl=obj.value;addedDocument[addedDocument.length]=srl;setTimeout(function(){callAddDocumentCart(addedDocument.length)},100)} +function callAddDocumentCart(document_length){if(addedDocument.length<1||document_length!=addedDocument.length)return;var params=new Array();params.srls=addedDocument.join(",");exec_xml("document","procDocumentAddCart",params,null);addedDocument=new Array()} +function transRGB2Hex(value){if(!value)return value;if(value.indexOf('#')>-1)return value.replace(/^#/,'');if(value.toLowerCase().indexOf('rgb')<0)return value;value=value.replace(/^rgb\(/i,'').replace(/\)$/,'');value_list=value.split(',');var hex='';for(var i=0;i>2;enc2=((chr1&3)<<4)|(chr2>>4);enc3=((chr2&15)<<2)|(chr3>>6);enc4=chr3&63;if(isNaN(chr2)){enc3=enc4=64}else if(isNaN(chr3))enc4=64;output=output+this._keyStr.charAt(enc1)+this._keyStr.charAt(enc2)+this._keyStr.charAt(enc3)+this._keyStr.charAt(enc4)};return output},decode:function(input){var output="",chr1,chr2,chr3,enc1,enc2,enc3,enc4,i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");while(i>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;output=output+String.fromCharCode(chr1);if(enc3!=64)output=output+String.fromCharCode(chr2);if(enc4!=64)output=output+String.fromCharCode(chr3)};output=Base64._utf8_decode(output);return output},_utf8_encode:function(string){string=string.replace(/\r\n/g,"\n");var utftext="";for(var n=0;n127)&&(c<2048)){utftext+=String.fromCharCode((c>>6)|192);utftext+=String.fromCharCode((c&63)|128)}else{utftext+=String.fromCharCode((c>>12)|224);utftext+=String.fromCharCode(((c>>6)&63)|128);utftext+=String.fromCharCode((c&63)|128)}};return utftext},_utf8_decode:function(utftext){var string="",i=0,c=c1=c2=0;while(i191)&&(c<224)){c2=utftext.charCodeAt(i+1);string+=String.fromCharCode(((c&31)<<6)|(c2&63));i+=2}else{c2=utftext.charCodeAt(i+1);c3=utftext.charCodeAt(i+2);string+=String.fromCharCode(((c&15)<<12)|((c2&63)<<6)|(c3&63));i+=3}};return string}};if(typeof (resizeImageContents)=='undefined')function resizeImageContents(){};if(typeof (activateOptionDisabled)=='undefined')function activateOptionDisabled(){};objectExtend=jQuery.extend +function toggleDisplay(objId){jQuery('#'+objId).toggle()} +function checkboxSelectAll(formObj,name,checked){var itemName=name,option={};if(typeof (formObj)!="undefined")option.wrap=formObj;if(typeof (checked)!="undefined")option.checked=checked;XE.checkboxToggleAll(itemName,option)} +function clickCheckBoxAll(formObj,name){var itemName=name,option={doClick:true};if(typeof (formObj)!="undefined")option.wrap=formObj;XE.checkboxToggleAll(itemName,option)} +function svc_folder_open(id){jQuery("#_folder_open_"+id).hide();jQuery("#_folder_close_"+id).show();jQuery("#_folder_"+id).show()} +function svc_folder_close(id){jQuery("#_folder_open_"+id).show();jQuery("#_folder_close_"+id).hide();jQuery("#_folder_"+id).hide()} +function open_calendar(fo_id,day_str,callback_func){if(typeof (day_str)=="undefined")day_str="";var url="./common/tpl/calendar.php?";if(fo_id)url+="fo_id="+fo_id;if(day_str)url+="&day_str="+day_str;if(callback_func)url+="&callback_func="+callback_func;popopen(url,'Calendar')};var loaded_popup_menus=XE.loaded_popup_menus +function createPopupMenu(){} +function chkPopupMenu(){} +function displayPopupMenu(ret_obj,response_tags,params){XE.displayPopupMenu(ret_obj,response_tags,params)} +function GetObjLeft(obj){return jQuery(obj).offset().left} +function GetObjTop(obj){return jQuery(obj).offset().top} +function replaceOuterHTML(obj,html){jQuery(obj).replaceWith(html)} +function getOuterHTML(obj){return jQuery(obj).html().trim()} +function setCookie(name,value,expire,path){var s_cookie=name+"="+escape(value)+((!expire)?"":("; expires="+expire.toGMTString()))+"; path="+((!path)?"/":path);document.cookie=s_cookie};jQuery(function(){jQuery(".lang_code").each(function(){var objText=jQuery(this),targetName=objText.attr("id");if(typeof (targetName)=="undefined")targetName=objText.attr("name");if(typeof (targetName)=="undefined")return;objText.after("find_langcode")})}) \ No newline at end of file diff --git a/common/js/src/common.js b/common/js/src/common.js index 3a739c137..8d0cc0f93 100644 --- a/common/js/src/common.js +++ b/common/js/src/common.js @@ -296,13 +296,13 @@ String.prototype.setQuery = function(key, val) { jQuery.each(args, function(key,val){ if (!jQuery.trim(val)) return; - q_list.push(key+'='+decodeURI(val)); + q_list.push(decodeURIComponent(key)+'='+decodeURIComponent(val)); }); query_string = q_list.join('&'); uri = uri+(query_string?'?'+query_string:''); } else { - if(val.toString().trim()) uri = uri+"?"+key+"="+val; + if(val.toString().trim()) uri = uri+"?"+decodeURIComponent(key)+"="+decodeURIComponent(val); } var re = /https:\/\/([^:\/]+)(:\d+|)/i; @@ -345,7 +345,7 @@ String.prototype.setQuery = function(key, val) { uri = uri.replace(re,toReplace); } } - + return encodeURI(uri); } @@ -605,21 +605,16 @@ function doDocumentPreview(obj) { var dummy_obj = jQuery("#previewDocument"); if(!dummy_obj.length) { - jQuery( + dummy_obj = jQuery( '
'+ ''+ ''+ ''+ '
' ).appendTo(document.body); - - dummy_obj = jQuery("#previewDocument")[0]; } - if(dummy_obj) { - dummy_obj.content.value = content; - dummy_obj.submit(); - } + dummy_obj.find('input[name="content"]').val(content).end().submit(); } /* 게시글 저장 */ @@ -982,4 +977,4 @@ jQuery(function(){ objText.after("find_langcode"); } ); -}); \ No newline at end of file +}); diff --git a/common/js/unittest/unittest_common.html b/common/js/unittest/unittest_common.html index 7cfdf728a..c2b27eb69 100644 --- a/common/js/unittest/unittest_common.html +++ b/common/js/unittest/unittest_common.html @@ -43,7 +43,7 @@ describe('SetQuery', { 'should remove https port and add http port if http port is defined' : function() { targetsp = "https://xpressengine.com:443/?q=r"; http_port = 8000; - value_of(targetsp.setQuery("act","dispLogin2")).should_be("http://xpressengine.com/:8000/?q=r&act=dispLogin2"); + value_of(targetsp.setQuery("act","dispLogin2")).should_be("http://xpressengine.com:8000/?q=r&act=dispLogin2"); }, 'should only remove https port and if http port is defined as 80' : function() { targetsp = "https://xpressengine.com:443/?q=r"; diff --git a/config/config.inc.php b/config/config.inc.php index bf7de570b..5bc9b77d1 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -13,7 +13,7 @@ * @brief XE의 전체 버전 표기 * 이 파일의 수정이 없더라도 공식 릴리즈시에 수정되어 함께 배포되어야 함 **/ - define('__ZBXE_VERSION__', '1.4.5.7'); + define('__ZBXE_VERSION__', '1.4.5.10'); /** * @brief zbXE가 설치된 장소의 base path를 구함 @@ -158,6 +158,7 @@ require(_XE_PATH_.'classes/mail/Mail.class.php'); require(_XE_PATH_.'classes/page/PageHandler.class.php'); require(_XE_PATH_.'classes/mobile/Mobile.class.php'); + require(_XE_PATH_.'classes/security/Security.class.php'); if(__DEBUG__) $GLOBALS['__elapsed_class_load__'] = getMicroTime() - __ClassLoadStartTime__; } ?> diff --git a/config/func.inc.php b/config/func.inc.php index e1cff33ce..6da46b091 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -413,7 +413,7 @@ * @brief YmdHis의 시간 형식을 지금으로 부터 몇분/몇시간전, 1일 이상 차이나면 format string return **/ function getTimeGap($date, $format = 'Y.m.d') { - $gap = time() - ztime($date); + $gap = time() - zgap() - ztime($date); $lang_time_gap = Context::getLang('time_gap'); if($gap<60) $buff = sprintf($lang_time_gap['min'], (int)($gap / 60)+1); diff --git a/modules/addon/addon.admin.controller.php b/modules/addon/addon.admin.controller.php index 49267b4dc..0909619ba 100644 --- a/modules/addon/addon.admin.controller.php +++ b/modules/addon/addon.admin.controller.php @@ -4,7 +4,8 @@ * @author NHN (developers@xpressengine.com) * @brief addon 모듈의 admin controller class **/ - include_once('addon.controller.php'); + + require_once(_XE_PATH_.'modules/addon/addon.controller.php'); class addonAdminController extends addonController { diff --git a/modules/addon/addon.admin.view.php b/modules/addon/addon.admin.view.php index ed6e3a177..9e4b575a6 100644 --- a/modules/addon/addon.admin.view.php +++ b/modules/addon/addon.admin.view.php @@ -25,6 +25,9 @@ $addon_list = $oAddonModel->getAddonList($site_module_info->site_srl); Context::set('addon_list', $addon_list); + $security = new Security(); + $security->encodeHTML('addon_list..', 'addon_list..author..'); + // 템플릿 패스 및 파일을 지정 $this->setTemplateFile('addon_list'); } @@ -57,7 +60,7 @@ if($mid_list) { foreach($mid_list as $module_srl => $module) { - $module_categories[$module->module_category_srl]->list[$module_srl] = $module; + $module_categories[$module->module_category_srl]->list[$module_srl] = $module; } } } else { @@ -71,6 +74,9 @@ // 템플릿 패스 및 파일을 지정 $this->setTemplateFile('setup_addon'); + + $security = new Security(); + $security->encodeHTML('addon_info.', 'addon_info.author..', 'mid_list....'); } /** @@ -92,6 +98,9 @@ // 템플릿 패스 및 파일을 지정 $this->setTemplateFile('addon_info'); + + $security = new Security(); + $security->encodeHTML('addon_info.', 'addon_info.author..'); } } diff --git a/modules/admin/admin.admin.view.php b/modules/admin/admin.admin.view.php index c9961939c..8e467dd5c 100644 --- a/modules/admin/admin.admin.view.php +++ b/modules/admin/admin.admin.view.php @@ -18,14 +18,14 @@ $logged_info = $oMemberModel->getLoggedInfo(); if($logged_info->is_admin!='Y') return $this->stop("msg_is_not_administrator"); - // change into administration layout + // change into administration layout $this->setTemplatePath($this->module_path.'tpl'); $this->setLayoutPath($this->getTemplatePath()); $this->setLayoutFile('layout.html'); $this->loadSideBar(); - // Retrieve the list of installed modules + // Retrieve the list of installed modules $db_info = Context::getDBInfo(); @@ -56,7 +56,7 @@ if($val->category == 'statistics') $val->category = 'accessory'; if($val->module == 'admin' || !$val->admin_index_act) continue; - // get action information + // get action information $action_spec = $oModuleModel->getModuleActionXml($val->module); $actions = array(); if($action_spec->default_index_act) $actions[] = $action_spec->default_index_act; @@ -70,14 +70,14 @@ $obj->index_act = $val->admin_index_act; if(in_array(Context::get('act'), $actions)) $obj->selected = true; - // Packages + // Packages if($val->category == 'package') { if($package_idx == 0) $obj->position = "first"; else $obj->position = "mid"; $package_modules[] = $obj; $package_idx ++; if($obj->selected) Context::set('package_selected',true); - // Modules + // Modules } else { $installed_modules[] = $obj; } @@ -94,6 +94,9 @@ // add javascript tooltip plugin - gony Context::loadJavascriptPlugin('qtip'); Context::loadJavascriptPlugin('watchinput'); + + $security = new Security(); + $security->encodeHTML('selected_module_info.', 'selected_module_info.author..', 'package_modules..', 'installed_modules..'); } /** @@ -128,12 +131,11 @@ } Context::set('news', $news); } - Context::set('released_version', $buff->zbxe_news->attrs->released_version); Context::set('download_link', $buff->zbxe_news->attrs->download_link); } - // DB Information + // DB Information $db_info = Context::getDBInfo(); Context::set('selected_lang', $db_info->lang_type); @@ -210,7 +212,6 @@ $args->regdate = date("Ymd"); $output = executeQuery('admin.getTodayTrackbackCount', $args); $status->trackback_count = $output->data->count; - Context::set('status', $status); // Get statistics @@ -245,7 +246,7 @@ $output = executeQuery("admin.getDocumentCount", $args); $status->document->total = $output->data->count; - // Comment Status + // Comment Status $output = executeQueryArray("admin.getCommentStatus", $args); if($output->data) { foreach($output->data as $var) { @@ -259,7 +260,7 @@ $output = executeQuery("admin.getCommentCount", $args); $status->comment->total = $output->data->count; - // Trackback Status + // Trackback Status $output = executeQueryArray("admin.getTrackbackStatus", $args); if($output->data) { foreach($output->data as $var) { @@ -273,7 +274,7 @@ $output = executeQuery("admin.getTrackbackCount", $args); $status->trackback->total = $output->data->count; - // Attached files Status + // Attached files Status $output = executeQueryArray("admin.getFileStatus", $args); if($output->data) { foreach($output->data as $var) { @@ -317,11 +318,15 @@ $site_args->site_srl = 0; $output = executeQuery('module.getSiteInfo', $site_args); + Context::set('start_module', $output->data); Context::set('status', $status); Context::set('layout','none'); $this->setTemplateFile('index'); + + $security = new Security(); + $security->encodeHTML('news..', 'released_version', 'download_link', 'selected_lang', 'module_list..', 'module_list..author..', 'addon_list..', 'addon_list..author..', 'start_module.'); } /** @@ -342,7 +347,7 @@ Context::set('lang_selected', Context::loadLangSelected()); Context::set('use_mobile_view', $db_info->use_mobile_view=="Y"?'Y':'N'); - + $ftp_info = Context::getFTPInfo(); Context::set('ftp_info', $ftp_info); diff --git a/modules/admin/tpl/index.html b/modules/admin/tpl/index.html index 39108db6f..e4663d929 100644 --- a/modules/admin/tpl/index.html +++ b/modules/admin/tpl/index.html @@ -158,7 +158,7 @@

{$lang->env_information} {$lang->cmd_setup}

- +

{nl2br($lang->about_download_link)} [{$lang->cmd_download}]

diff --git a/modules/autoinstall/autoinstall.admin.view.php b/modules/autoinstall/autoinstall.admin.view.php index 9b594c560..004c75314 100644 --- a/modules/autoinstall/autoinstall.admin.view.php +++ b/modules/autoinstall/autoinstall.admin.view.php @@ -20,7 +20,7 @@ $ftp_info = Context::getFTPInfo(); if(!$ftp_info->ftp_root_path) Context::set('show_ftp_note', true); else $this->ftp_set = true; - + $this->dispCategory(); $oModel = &getModel('autoinstall'); @@ -69,9 +69,9 @@ } if($v->type == "core") $v->avail_remove = false; else if($v->type == "module") { - $v->avail_remove = $oModel->checkRemovable($packages[$v->package_srl]->path); + $v->avail_remove = $oModel->checkRemovable($packages[$v->package_srl]->path); } - else $v->avail_remove = true; + else $v->avail_remove = true; } $item_list[$v->package_srl] = $v; } @@ -96,6 +96,7 @@ $title = $xmlDoc->{$type}->title->body; $installed[$key]->title = $title; } + Context::set('installed', $installed); foreach($installed as $key=>$val) { @@ -113,14 +114,14 @@ function dispAutoinstallAdminInstalledPackages() { $page = Context::get('page'); - if(!$page) $page = 1; + if(!$page) $page = 1; Context::set('page', $page); $oModel = &getModel('autoinstall'); $output = $oModel->getInstalledPackageList($page); $package_list = $output->data; $params["act"] = "getResourceapiPackages"; - $params["package_srls"] = implode(",", array_keys($package_list)); + $params["package_srls"] = implode(",", array_keys($package_list)); $body = XmlGenerater::generate($params); $buff = FileHandler::getRemoteResource($this->uri, $body, 3, "POST", "application/xml"); $xml_lUpdate = new XmlParser(); @@ -133,11 +134,14 @@ { $res[] = $item_list[$package_srl]; } - Context::set('item_list', $res); + Context::set('item_list', $res); } Context::set('page_navigation', $output->page_navigation); - $this->setTemplateFile('index'); + $this->setTemplateFile('index'); + + $security = new Security(); + $security->encodeHTML('item_list..'); } function dispAutoinstallAdminInstall() { @@ -201,7 +205,6 @@ $package->cur_version = $installedPackage->current_version; $package->need_update = version_compare($package->version, $installedPackage->current_version, ">"); } - Context::set("package", $package); } if(!$_SESSION['ftp_password']) @@ -209,6 +212,9 @@ Context::set('need_password', true); } $this->setTemplateFile('install'); + + $security = new Security(); + $security->encodeHTML('package.' , 'package.depends..'); } function dispAutoinstallAdminIndex() { @@ -231,13 +237,13 @@ $item = $oModel->getLatestPackage(); if(!$item || $item->updatedate < $updateDate || count($this->categories) < 1) { - Context::set('need_update', true); + Context::set('need_update', true); return; } $page = Context::get('page'); - if(!$page) $page = 1; + if(!$page) $page = 1; Context::set('page', $page); $order_type = Context::get('order_type'); @@ -263,17 +269,20 @@ { $params["search_keyword"] = $search_keyword; } - $xmlDoc = XmlGenerater::getXmlDoc($params); + $xmlDoc = XmlGenerater::getXmlDoc($params); if($xmlDoc && $xmlDoc->response->packagelist->item) { $item_list = $this->rearranges($xmlDoc->response->packagelist->item); - Context::set('item_list', $item_list); + Context::set('item_list', $item_list); $array = array('total_count', 'total_page', 'cur_page', 'page_count', 'first_page', 'last_page'); - $page_nav = $this->rearrange($xmlDoc->response->page_navigation, $array); + $page_nav = $this->rearrange($xmlDoc->response->page_navigation, $array); $page_navigation = new PageHandler($page_nav->total_count, $page_nav->total_page, $page_nav->cur_page, $page_nav->page_count); Context::set('page_navigation', $page_navigation); } + $security = new Security(); + $security->encodeHTML('package.' , 'package.depends..'); + } function dispCategory() @@ -298,22 +307,24 @@ $installedPackage = $oModel->getPackage($package_srl); $path = $installedPackage->path; $type = $oModel->getTypeFromPath($path); - if(!$type || $type == "core") $this->stop("msg_invalid_request"); + if(!$type || $type == "core") $this->stop("msg_invalid_request"); $config_file = $oModel->getConfigFilePath($type); - if(!$config_file) $this->stop("msg_invalid_request"); + if(!$config_file) $this->stop("msg_invalid_request"); $xml = new XmlParser(); $xmlDoc = $xml->loadXmlFile(FileHandler::getRealPath($path).$config_file); - if(!$xmlDoc) $this->stop("msg_invalid_request"); + if(!$xmlDoc) $this->stop("msg_invalid_request"); if($type == "drcomponent") $type = "component"; if($type == "style") $type = "skin"; $title = $xmlDoc->{$type}->title->body; $installedPackage->title = $title; $installedPackage->type = $type; Context::set('package', $installedPackage); - - $this->setTemplateFile('uninstall'); + $this->setTemplateFile('uninstall'); Context::addJsFilter($this->module_path.'tpl/filter', 'uninstall_package.xml'); + + $security = new Security(); + $security->encodeHTML('package.'); } } ?> diff --git a/modules/autoinstall/tpl/list.html b/modules/autoinstall/tpl/list.html index a7c2343b3..73bba111e 100644 --- a/modules/autoinstall/tpl/list.html +++ b/modules/autoinstall/tpl/list.html @@ -25,7 +25,7 @@
- + {@ $target_url = $original_site."?mid=download&package_srl=".$val->package_srl; }
@@ -34,15 +34,15 @@ [{$categories[$val->category_srl]->title}] - {htmlspecialchars($val->title)} ver. {htmlspecialchars($val->item_version)} + {$val->title} ver. {$val->item_version} -

{$lang->current_version} : {$val->current_version} +

{$lang->current_version} : {$val->current_version} -
+
{$lang->dependant_list} : - {$installed[$package_srl]->title}. + {$installed[$package_srl]->title}.

@@ -61,7 +61,7 @@
-

{cut_str(htmlspecialchars($val->package_description),200)}

+

{cut_str($val->package_description,200)}

@@ -83,10 +83,10 @@