fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 03:52:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add FeatureDisabled and SecurityViolation exception classes

Browse source
This commit is contained in:
Kijin Sung 2018-09-06 10:00:47 +09:00
parent 88dc76501a
commit 10c8d11785
11 changed files with 33 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

8
classes/module/ModuleHandler.class.php
View file

@ -86,7 +86,7 @@ class ModuleHandler extends Handler
if($isInvalid) if($isInvalid)
{ {
htmlHeader(); htmlHeader();
echo lang("msg_invalid_request"); echo lang('msg_security_violation');
htmlFooter(); htmlFooter();
Context::close(); Context::close();
exit; exit;
@ -464,7 +464,7 @@ class ModuleHandler extends Handler
if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
{ {
$this->error = "msg_invalid_request"; $this->error = 'msg_invalid_request';
$oMessageObject = self::getModuleInstance('message', $display_mode); $oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1); $oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error); $oMessageObject->setMessage($this->error);
@ -620,7 +620,7 @@ class ModuleHandler extends Handler
if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) if(!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList))
{ {
$this->error = "msg_invalid_request"; $this->error = 'msg_security_violation';
$oMessageObject = self::getModuleInstance('message', $display_mode); $oMessageObject = self::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1); $oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error); $oMessageObject->setMessage($this->error);
@ -635,7 +635,7 @@ class ModuleHandler extends Handler
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF()) if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{ {
$this->_setInputErrorToContext(); $this->_setInputErrorToContext();
$this->error = 'msg_invalid_request'; $this->error = 'msg_security_violation';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1); $oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error); $oMessageObject->setMessage($this->error);

2
classes/module/ModuleObject.class.php
View file

@ -136,7 +136,7 @@ class ModuleObject extends BaseObject
// Set privileges(granted) information // Set privileges(granted) information
if($this->setPrivileges() !== true) if($this->setPrivileges() !== true)
{ {
$this->stop('msg_invalid_request'); $this->stop('msg_not_permitted');
return; return;
} }

2
common/lang/en.php
View file

@ -231,6 +231,8 @@ $lang->msg_input_password = 'Please type the password.';
$lang->msg_invalid_document = 'Invalid Article Number'; $lang->msg_invalid_document = 'Invalid Article Number';
$lang->msg_invalid_request = 'Invalid Request'; $lang->msg_invalid_request = 'Invalid Request';
$lang->msg_invalid_password = 'The password you entered is incorrect.'; $lang->msg_invalid_password = 'The password you entered is incorrect.';
$lang->msg_security_violation = 'Security Violation';
$lang->msg_feature_disabled = 'This feature is disabled.';
$lang->msg_error_occured = 'An error has occured.'; $lang->msg_error_occured = 'An error has occured.';
$lang->msg_not_founded = 'Cannot find the target.'; $lang->msg_not_founded = 'Cannot find the target.';
$lang->msg_no_result = 'No results found.'; $lang->msg_no_result = 'No results found.';

2
common/lang/ko.php
View file

@ -231,6 +231,8 @@ $lang->msg_input_password = '비밀번호를 입력하세요.';
$lang->msg_invalid_document = '잘못된 문서번호입니다.'; $lang->msg_invalid_document = '잘못된 문서번호입니다.';
$lang->msg_invalid_request = '잘못된 요청입니다.'; $lang->msg_invalid_request = '잘못된 요청입니다.';
$lang->msg_invalid_password = '비밀번호가 올바르지 않습니다.'; $lang->msg_invalid_password = '비밀번호가 올바르지 않습니다.';
$lang->msg_security_violation = '보안정책상 허용되지 않습니다.';
$lang->msg_feature_disabled = '사용할 수 없는 기능입니다.';
$lang->msg_error_occured = '오류가 발생했습니다.'; $lang->msg_error_occured = '오류가 발생했습니다.';
$lang->msg_not_founded = '대상을 찾을 수 없습니다.'; $lang->msg_not_founded = '대상을 찾을 수 없습니다.';
$lang->msg_no_result = '검색 결과가 없습니다.'; $lang->msg_no_result = '검색 결과가 없습니다.';

14
modules/board/board.view.php
View file

@ -679,18 +679,18 @@ class boardView extends board
$document_srl = Context::get('document_srl'); $document_srl = Context::get('document_srl');
if(!$document_srl) if(!$document_srl)
{ {
throw new Rhymix\Framework\Exception("msg_invalid_request"); throw new Rhymix\Framework\Exceptions\InvalidRequest;
} }
if($this->grant->view == false || ($this->module_info->consultation == 'Y' && !$this->grant->manager && !$this->grant->consultation_read)) if($this->grant->view == false || ($this->module_info->consultation == 'Y' && !$this->grant->manager && !$this->grant->consultation_read))
{ {
throw new Rhymix\Framework\Exception("msg_not_permitted"); throw new Rhymix\Framework\Exceptions\NotPermitted;
} }
$oDocument = getModel('document')->getDocument($document_srl); $oDocument = getModel('document')->getDocument($document_srl);
if(!$oDocument->isExists()) if(!$oDocument->isExists())
{ {
throw new Rhymix\Framework\Exception("msg_invalid_request"); throw new Rhymix\Framework\Exceptions\InvalidRequest;
} }
Context::set('oDocument', $oDocument); Context::set('oDocument', $oDocument);
@ -960,7 +960,7 @@ class boardView extends board
$oDocument = $oDocumentModel->getDocument($document_srl); $oDocument = $oDocumentModel->getDocument($document_srl);
if(!$oDocument->isExists()) if(!$oDocument->isExists())
{ {
return $this->dispBoardMessage('msg_invalid_request'); return $this->dispBoardMessage('msg_not_founded');
} }
// Check allow comment // Check allow comment
@ -1015,11 +1015,11 @@ class boardView extends board
// if the comment is not existed, opoup an error message // if the comment is not existed, opoup an error message
if(!$oSourceComment->isExists()) if(!$oSourceComment->isExists())
{ {
return $this->dispBoardMessage('msg_invalid_request'); return $this->dispBoardMessage('msg_not_founded');
} }
if(Context::get('document_srl') && $oSourceComment->get('document_srl') != Context::get('document_srl')) if(Context::get('document_srl') && $oSourceComment->get('document_srl') != Context::get('document_srl'))
{ {
return $this->dispBoardMessage('msg_invalid_request'); return $this->dispBoardMessage('msg_not_founded');
} }
// Check allow comment // Check allow comment
@ -1102,7 +1102,7 @@ class boardView extends board
// if the comment is not exited, alert an error message // if the comment is not exited, alert an error message
if(!$oComment->isExists()) if(!$oComment->isExists())
{ {
return $this->dispBoardMessage('msg_invalid_request'); return $this->dispBoardMessage('msg_not_founded');
} }
// if the comment is not granted, then back to the password input form // if the comment is not granted, then back to the password input form

4
modules/comment/comment.controller.php
View file

@ -315,7 +315,7 @@ class commentController extends comment
{ {
if(!$manual_inserted && !checkCSRF()) if(!$manual_inserted && !checkCSRF())
{ {
return new BaseObject(-1, 'msg_invalid_request'); return new BaseObject(-1, 'msg_security_violation');
} }
if(!is_object($obj)) if(!is_object($obj))
@ -717,7 +717,7 @@ class commentController extends comment
{ {
if(!$manual_updated && !checkCSRF()) if(!$manual_updated && !checkCSRF())
{ {
return new BaseObject(-1, 'msg_invalid_request'); return new BaseObject(-1, 'msg_security_violation');
} }
if(!is_object($obj)) if(!is_object($obj))

4
modules/comment/comment.model.php
View file

@ -1003,7 +1003,7 @@ class commentModel extends comment
{ {
if($comment_config->use_vote_down != 'S') if($comment_config->use_vote_down != 'S')
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$args->below_point = 0; $args->below_point = 0;
@ -1012,7 +1012,7 @@ class commentModel extends comment
{ {
if($comment_config->use_vote_up != 'S') if($comment_config->use_vote_up != 'S')
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$args->more_point = 0; $args->more_point = 0;

4
modules/document/document.controller.php
View file

@ -347,7 +347,7 @@ class documentController extends document
{ {
if(!$manual_inserted && !checkCSRF()) if(!$manual_inserted && !checkCSRF())
{ {
return new BaseObject(-1, 'msg_invalid_request'); return new BaseObject(-1, 'msg_security_violation');
} }
// begin transaction // begin transaction
@ -576,7 +576,7 @@ class documentController extends document
{ {
if(!$manual_updated && !checkCSRF()) if(!$manual_updated && !checkCSRF())
{ {
return new BaseObject(-1, 'msg_invalid_request'); return new BaseObject(-1, 'msg_security_violation');
} }
if(!$source_obj->document_srl || !$obj->document_srl) return new BaseObject(-1, 'msg_invalied_request'); if(!$source_obj->document_srl || !$obj->document_srl) return new BaseObject(-1, 'msg_invalied_request');

4
modules/document/document.model.php
View file

@ -1153,12 +1153,12 @@ class documentModel extends document
$document_config = $oModuleModel->getModulePartConfig('document',$module_srl); $document_config = $oModuleModel->getModulePartConfig('document',$module_srl);
if($point == -1) if($point == -1)
{ {
if($document_config->use_vote_down!='S') throw new Rhymix\Framework\Exceptions\InvalidRequest; if($document_config->use_vote_down!='S') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
$args->below_point = 0; $args->below_point = 0;
} }
else else
{ {
if($document_config->use_vote_up!='S') throw new Rhymix\Framework\Exceptions\InvalidRequest; if($document_config->use_vote_up!='S') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
$args->more_point = 0; $args->more_point = 0;
} }

4
modules/member/member.controller.php
View file

@ -578,7 +578,7 @@ class memberController extends member
{ {
if (Context::getRequestMethod() == 'GET') if (Context::getRequestMethod() == 'GET')
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\SecurityViolation;
} }
$oMemberModel = &getModel ('member'); $oMemberModel = &getModel ('member');
@ -588,7 +588,7 @@ class memberController extends member
$trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config); $trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config);
if(!$trigger_output->toBool ()) return $trigger_output; if(!$trigger_output->toBool ()) return $trigger_output;
// Check if an administrator allows a membership // Check if an administrator allows a membership
if($config->enable_join != 'Y') throw new Rhymix\Framework\Exception('msg_signup_disabled'); if($config->enable_join != 'Y') throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled');
// Check if the user accept the license terms (only if terms exist) // Check if the user accept the license terms (only if terms exist)
$accept_agreement = Context::get('accept_agreement'); $accept_agreement = Context::get('accept_agreement');

14
modules/member/member.view.php
View file

@ -203,7 +203,7 @@ class memberView extends member
$trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config); $trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config);
if(!$trigger_output->toBool()) return $trigger_output; if(!$trigger_output->toBool()) return $trigger_output;
// Error appears if the member is not allowed to join // Error appears if the member is not allowed to join
if($member_config->enable_join != 'Y') throw new Rhymix\Framework\Exception('msg_signup_disabled'); if($member_config->enable_join != 'Y') throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled');
$formTags = getAdminView('member')->_getMemberInputTag(); $formTags = getAdminView('member')->_getMemberInputTag();
Context::set('formTags', $formTags); Context::set('formTags', $formTags);
@ -351,7 +351,7 @@ class memberView extends member
{ {
if ($this->member_config->features['my_documents'] === false) if ($this->member_config->features['my_documents'] === false)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
// A message appears if the user is not logged-in // A message appears if the user is not logged-in
@ -385,7 +385,7 @@ class memberView extends member
{ {
if ($this->member_config->features['my_comments'] === false) if ($this->member_config->features['my_comments'] === false)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$oMemberModel = getModel('member'); $oMemberModel = getModel('member');
@ -417,7 +417,7 @@ class memberView extends member
{ {
if ($this->member_config->features['scrapped_documents'] === false) if ($this->member_config->features['scrapped_documents'] === false)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$oMemberModel = getModel('member'); $oMemberModel = getModel('member');
@ -493,7 +493,7 @@ class memberView extends member
{ {
if ($this->member_config->features['saved_documents'] === false) if ($this->member_config->features['saved_documents'] === false)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$oMemberModel = getModel('member'); $oMemberModel = getModel('member');
@ -524,7 +524,7 @@ class memberView extends member
{ {
if ($this->member_config->features['active_logins'] === false) if ($this->member_config->features['active_logins'] === false)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$logged_info = Context::get('logged_info'); $logged_info = Context::get('logged_info');
@ -803,7 +803,7 @@ class memberView extends member
{ {
if ($this->member_config->features['nickname_log'] === false || $this->member_config->update_nickname_log != 'Y') if ($this->member_config->features['nickname_log'] === false || $this->member_config->update_nickname_log != 'Y')
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\FeatureDisabled;
} }
$member_srl = Context::get('member_srl'); $member_srl = Context::get('member_srl');