Merge branch 'develop' of https://github.com/rhymix/rhymix into pr/nohtml

# Conflicts:
#	modules/module/module.model.php

modules/comment/comment.item.php

@@ -320,6 +320,33 @@ class commentItem extends Object
 		return $_SESSION['voted_comment'][$this->comment_srl] = false;
 	}
 
+	function getContentPlainText($strlen = 0)
+	{
+		if($this->isDeletedByAdmin())
+		{
+			$content = lang('msg_admin_deleted_comment');
+		}
+		elseif($this->isDeleted())
+		{
+			$content = lang('msg_deleted_comment');
+		}
+		elseif($this->isSecret() && !$this->isAccessible())
+		{
+			$content = lang('msg_is_secret');
+		}
+		else
+		{
+			$content = $this->get('content');
+		}
+		
+		$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+		if($strlen)
+		{
+			$content = cut_str($content, $strlen, '...');
+		}
+		return escape($content);
+	}
+
 	/**
 	 * Return content with htmlspecialchars
 	 * @return string
@@ -345,10 +372,10 @@ class commentItem extends Object
 
 		if($strlen)
 		{
-			return cut_str(trim(strip_tags($content)), $strlen, '...');
+			$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+			$content = cut_str($content, $strlen, '...');
 		}
-
-		return htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+		return escape($content);
 	}
 
 	/**

modules/document/document.item.php

@@ -142,7 +142,7 @@ class documentItem extends Object
 		if($this->get('tags'))
 		{
 			$tag_list = explode(',', $this->get('tags'));
-			$tag_list = array_map('trim', $tag_list);
+			$tag_list = array_map('utf8_trim', $tag_list);
 			$this->add('tag_list', $tag_list);
 		}
 
@@ -484,8 +484,34 @@ class documentItem extends Object
 		if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;";
 		if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".$this->get('title_color');
 
-		if(count($attrs)) return sprintf("<span style=\"%s\">%s</span>", implode(';',$attrs), htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
-		else return htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+		if(count($attrs))
+		{
+			return sprintf("<span style=\"%s\">%s</span>", implode(';', $attrs), escape($title, false));
+		}
+		else
+		{
+			return escape($title, false);
+		}
+	}
+
+	function getContentPlainText($strlen = 0)
+	{
+		if(!$this->document_srl) return;
+		if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
+
+		$result = $this->_checkAccessibleFromStatus();
+		if($result && Context::getSessionStatus())
+		{
+			$this->setAccessible();
+		}
+
+		$content = $this->get('content');
+		$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+		if($strlen)
+		{
+			$content = cut_str($content, $strlen, '...');
+		}
+		return escape($content);
 	}
 
 	function getContentText($strlen = 0)
@@ -504,9 +530,12 @@ class documentItem extends Object
 		$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
 		$content = preg_replace_callback('/<object[^>]*>/is', array($this, '_addAllowScriptAccess'), $content);
 
-		if($strlen) return cut_str(strip_tags($content),$strlen,'...');
-
-		return htmlspecialchars($content);
+		if($strlen)
+		{
+			$content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+			$content = cut_str($content, $strlen, '...');
+		}
+		return escape($content);
 	}
 
 	function _addAllowScriptAccess($m)

modules/document/document.model.php

@@ -980,7 +980,7 @@ class documentModel extends document
 
 		// Get a list of member groups
 		$oMemberModel = getModel('member');
-		$group_list = $oMemberModel->getGroups($module_info->site_srl);
+		$group_list = $oMemberModel->getGroups();
 		Context::set('group_list', $group_list);
 
 		$security = new Security();

modules/module/module.model.php

@@ -1120,7 +1120,7 @@ class moduleModel extends module
 			{
 				$type = 'M';
 			}
-			$defaultSkinName = $this->getModuleDefaultSkin($module, $type, $site_info->site_srl);
+			$defaultSkinName = $this->getModuleDefaultSkin($module, $type);
 
 			if(isset($defaultSkinName))
 			{
@@ -1167,6 +1167,7 @@ class moduleModel extends module
 		if($xml_obj->version && $xml_obj->attrs->version == '0.2')
 		{
 			// skin format v0.2
+			$date_obj = (object)array('y' => 0, 'm' => 0, 'd' => 0);
 			sscanf($xml_obj->date->body, '%d-%d-%d', $date_obj->y, $date_obj->m, $date_obj->d);
 			$skin_info->version = $xml_obj->version->body;
 			$skin_info->date = sprintf('%04d%02d%02d', $date_obj->y, $date_obj->m, $date_obj->d);
@@ -1253,6 +1254,7 @@ class moduleModel extends module
 		else
 		{
 			// skin format v0.1
+			$date_obj = (object)array('y' => 0, 'm' => 0, 'd' => 0);
 			sscanf($xml_obj->maker->attrs->date, '%d-%d-%d', $date_obj->y, $date_obj->m, $date_obj->d);
 
 			$skin_info->version = $xml_obj->version->body;

modules/rss/tpl/rss10.html

@@ -19,7 +19,11 @@
 	<item rdf:about="{$oDocument->getPermanentUrl()}">
 		<title>{$oDocument->getTitleText()}</title> 
 		<link>{$oDocument->getPermanentUrl()}</link>
-		<description>{$oDocument->getContentText(200)}</description>
+		<!--@if($open_rss_config[$oDocument->get('module_srl')]=='Y')-->
+		<description>{$oDocument->getContentPlainText()}</description>
+		<!--@else-->
+		<description>{$oDocument->getContentText(100)}</description>
+		<!--@end-->
 		<dc:date>{$oDocument->getRegdate('Y-m-d\TH:i:sP')}</dc:date> 
 	</item>
 	<!--@end-->

modules/rss/tpl/rss20.html

@@ -29,7 +29,7 @@
 			<comments>{$oDocument->getPermanentUrl()}#comment</comments>
 			<!--@end-->
 			<!--@if($open_rss_config[$oDocument->get('module_srl')]=='Y')-->
-			<description>{$oDocument->getTransContent(false,false,true)}</description>
+			<description>{escape($oDocument->getTransContent(false,false,true))}</description>
 			<!--@else-->
 			<description>{$oDocument->getContentText(100)}</description>
 			<!--@end-->

modules/tag/tag.controller.php

@@ -21,18 +21,24 @@ class tagController extends tag
 	{
 		if(!$obj->tags) return new Object();
 		// tags by variable
+		$arranged_tag_list = array();
 		$tag_list = explode(',', $obj->tags);
-		$tag_count = count($tag_list);
-		$tag_list = array_unique($tag_list);
-		if(!count($tag_list)) return new Object();
-
 		foreach($tag_list as $tag)
 		{
-			if(!trim($tag)) continue;
-			$arranged_tag_list[] = trim($tag); 
+			$tag = utf8_trim(utf8_normalize_spaces($tag));
+			if($tag)
+			{
+				$arranged_tag_list[$tag] = $tag;
+			}
+		}
+		if(!count($arranged_tag_list))
+		{
+			$obj->tags = null;
+		}
+		else
+		{
+			$obj->tags = implode(',', $arranged_tag_list);
 		}
-		if(!count($arranged_tag_list)) $obj->tags = null;
-		else $obj->tags = implode(',',$arranged_tag_list);
 		return new Object();
 	}
 
@@ -54,12 +60,10 @@ class tagController extends tag
 		$args->module_srl = $module_srl;
 		$args->document_srl = $document_srl;
 
-		$tag_list = explode(',',$tags);
-		$tag_count = count($tag_list);
-		for($i=0;$i<$tag_count;$i++)
+		$tag_list = explode(',', $tags);
+		foreach($tag_list as $tag)
 		{
-			unset($args->tag);
-			$args->tag = trim($tag_list[$i]);
+			$args->tag = utf8_trim(utf8_normalize_spaces($tag));
 			if(!$args->tag) continue;
 			$output = executeQuery('tag.insertTag', $args);
 			if(!$output->toBool()) return $output;