diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php
index d08369569..d66b15181 100644
--- a/modules/comment/comment.item.php
+++ b/modules/comment/comment.item.php
@@ -320,6 +320,33 @@ class commentItem extends Object
return $_SESSION['voted_comment'][$this->comment_srl] = false;
}
+ function getContentPlainText($strlen = 0)
+ {
+ if($this->isDeletedByAdmin())
+ {
+ $content = lang('msg_admin_deleted_comment');
+ }
+ elseif($this->isDeleted())
+ {
+ $content = lang('msg_deleted_comment');
+ }
+ elseif($this->isSecret() && !$this->isAccessible())
+ {
+ $content = lang('msg_is_secret');
+ }
+ else
+ {
+ $content = $this->get('content');
+ }
+
+ $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+ if($strlen)
+ {
+ $content = cut_str($content, $strlen, '...');
+ }
+ return escape($content);
+ }
+
/**
* Return content with htmlspecialchars
* @return string
@@ -345,10 +372,10 @@ class commentItem extends Object
if($strlen)
{
- return cut_str(trim(strip_tags($content)), $strlen, '...');
+ $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+ $content = cut_str($content, $strlen, '...');
}
-
- return htmlspecialchars($content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+ return escape($content);
}
/**
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 9e93e4fc2..b5359c132 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -142,7 +142,7 @@ class documentItem extends Object
if($this->get('tags'))
{
$tag_list = explode(',', $this->get('tags'));
- $tag_list = array_map('trim', $tag_list);
+ $tag_list = array_map('utf8_trim', $tag_list);
$this->add('tag_list', $tag_list);
}
@@ -484,8 +484,34 @@ class documentItem extends Object
if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;";
if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".$this->get('title_color');
- if(count($attrs)) return sprintf("%s", implode(';',$attrs), htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
- else return htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+ if(count($attrs))
+ {
+ return sprintf("%s", implode(';', $attrs), escape($title, false));
+ }
+ else
+ {
+ return escape($title, false);
+ }
+ }
+
+ function getContentPlainText($strlen = 0)
+ {
+ if(!$this->document_srl) return;
+ if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret');
+
+ $result = $this->_checkAccessibleFromStatus();
+ if($result && Context::getSessionStatus())
+ {
+ $this->setAccessible();
+ }
+
+ $content = $this->get('content');
+ $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+ if($strlen)
+ {
+ $content = cut_str($content, $strlen, '...');
+ }
+ return escape($content);
}
function getContentText($strlen = 0)
@@ -504,9 +530,12 @@ class documentItem extends Object
$content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content);
$content = preg_replace_callback('/]*>/is', array($this, '_addAllowScriptAccess'), $content);
- if($strlen) return cut_str(strip_tags($content),$strlen,'...');
-
- return htmlspecialchars($content);
+ if($strlen)
+ {
+ $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content))));
+ $content = cut_str($content, $strlen, '...');
+ }
+ return escape($content);
}
function _addAllowScriptAccess($m)
diff --git a/modules/document/document.model.php b/modules/document/document.model.php
index f0be0ee21..194e2bdb0 100644
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@@ -980,7 +980,7 @@ class documentModel extends document
// Get a list of member groups
$oMemberModel = getModel('member');
- $group_list = $oMemberModel->getGroups($module_info->site_srl);
+ $group_list = $oMemberModel->getGroups();
Context::set('group_list', $group_list);
$security = new Security();
diff --git a/modules/module/module.model.php b/modules/module/module.model.php
index 1b75631de..2e809a031 100644
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@@ -1120,7 +1120,7 @@ class moduleModel extends module
{
$type = 'M';
}
- $defaultSkinName = $this->getModuleDefaultSkin($module, $type, $site_info->site_srl);
+ $defaultSkinName = $this->getModuleDefaultSkin($module, $type);
if(isset($defaultSkinName))
{
@@ -1167,6 +1167,7 @@ class moduleModel extends module
if($xml_obj->version && $xml_obj->attrs->version == '0.2')
{
// skin format v0.2
+ $date_obj = (object)array('y' => 0, 'm' => 0, 'd' => 0);
sscanf($xml_obj->date->body, '%d-%d-%d', $date_obj->y, $date_obj->m, $date_obj->d);
$skin_info->version = $xml_obj->version->body;
$skin_info->date = sprintf('%04d%02d%02d', $date_obj->y, $date_obj->m, $date_obj->d);
@@ -1253,6 +1254,7 @@ class moduleModel extends module
else
{
// skin format v0.1
+ $date_obj = (object)array('y' => 0, 'm' => 0, 'd' => 0);
sscanf($xml_obj->maker->attrs->date, '%d-%d-%d', $date_obj->y, $date_obj->m, $date_obj->d);
$skin_info->version = $xml_obj->version->body;
diff --git a/modules/rss/tpl/rss10.html b/modules/rss/tpl/rss10.html
index 8997eee10..69ac18b69 100644
--- a/modules/rss/tpl/rss10.html
+++ b/modules/rss/tpl/rss10.html
@@ -19,7 +19,11 @@
-
{$oDocument->getTitleText()}
{$oDocument->getPermanentUrl()}
- {$oDocument->getContentText(200)}
+
+ {$oDocument->getContentPlainText()}
+
+ {$oDocument->getContentText(100)}
+
{$oDocument->getRegdate('Y-m-d\TH:i:sP')}
diff --git a/modules/rss/tpl/rss20.html b/modules/rss/tpl/rss20.html
index cc7a37aa3..cfac71c4f 100644
--- a/modules/rss/tpl/rss20.html
+++ b/modules/rss/tpl/rss20.html
@@ -29,7 +29,7 @@
{$oDocument->getPermanentUrl()}#comment
- {$oDocument->getTransContent(false,false,true)}
+ {escape($oDocument->getTransContent(false,false,true))}
{$oDocument->getContentText(100)}
diff --git a/modules/tag/tag.controller.php b/modules/tag/tag.controller.php
index 23ca9db42..1eac058fb 100644
--- a/modules/tag/tag.controller.php
+++ b/modules/tag/tag.controller.php
@@ -21,18 +21,24 @@ class tagController extends tag
{
if(!$obj->tags) return new Object();
// tags by variable
+ $arranged_tag_list = array();
$tag_list = explode(',', $obj->tags);
- $tag_count = count($tag_list);
- $tag_list = array_unique($tag_list);
- if(!count($tag_list)) return new Object();
-
foreach($tag_list as $tag)
{
- if(!trim($tag)) continue;
- $arranged_tag_list[] = trim($tag);
+ $tag = utf8_trim(utf8_normalize_spaces($tag));
+ if($tag)
+ {
+ $arranged_tag_list[$tag] = $tag;
+ }
+ }
+ if(!count($arranged_tag_list))
+ {
+ $obj->tags = null;
+ }
+ else
+ {
+ $obj->tags = implode(',', $arranged_tag_list);
}
- if(!count($arranged_tag_list)) $obj->tags = null;
- else $obj->tags = implode(',',$arranged_tag_list);
return new Object();
}
@@ -54,12 +60,10 @@ class tagController extends tag
$args->module_srl = $module_srl;
$args->document_srl = $document_srl;
- $tag_list = explode(',',$tags);
- $tag_count = count($tag_list);
- for($i=0;$i<$tag_count;$i++)
+ $tag_list = explode(',', $tags);
+ foreach($tag_list as $tag)
{
- unset($args->tag);
- $args->tag = trim($tag_list[$i]);
+ $args->tag = utf8_trim(utf8_normalize_spaces($tag));
if(!$args->tag) continue;
$output = executeQuery('tag.insertTag', $args);
if(!$output->toBool()) return $output;