From fbe47e061012414bcd7f1a3cb7b105c46056ef33 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 18 Feb 2017 22:57:39 +0900 Subject: [PATCH 01/44] Remove temporary list of override domains in Session class --- common/framework/session.php | 9 --------- 1 file changed, 9 deletions(-) diff --git a/common/framework/session.php b/common/framework/session.php index d4524396d..73e475b3e 100644 --- a/common/framework/session.php +++ b/common/framework/session.php @@ -1185,15 +1185,6 @@ class Session public static function destroyCookiesFromConflictingDomains(array $cookies) { $override_domains = config('session.override_domains'); - if ($override_domains === null && !Config::get('session.domain') && !ini_get('session.cookie_domain')) - { - list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); - if (substr($domain, 0, 4) === 'www.') - { - $override_domains[] = $domain; - $override_domains[] = substr($domain, 4); - } - } if (!$override_domains) { return false; From 954d2c7ec634e544d9b2d337680faa4f174a714d Mon Sep 17 00:00:00 2001 From: bnu Date: Tue, 21 Feb 2017 17:01:07 +0900 Subject: [PATCH 02/44] =?UTF-8?q?Fix=20#2035=20XEVE-17-002=20=EC=89=AC?= =?UTF-8?q?=EC=9A=B4=20=EC=84=A4=EC=B9=98=20=ED=8E=98=EC=9D=B4=EC=A7=80?= =?UTF-8?q?=EC=97=90=EC=84=9C=20=EB=B0=9C=EC=83=9D=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EB=B3=B4=EC=95=88=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EA=B3=A0?= =?UTF-8?q?=EC=B9=A8=20-=20=EC=A0=9C=EB=B3=B4=EC=9E=90=20:=20=EC=B5=9C?= =?UTF-8?q?=EB=B4=89=ED=99=98(stayp05)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/autoinstall/autoinstall.admin.view.php | 2 +- modules/autoinstall/tpl/list.html | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/autoinstall/autoinstall.admin.view.php b/modules/autoinstall/autoinstall.admin.view.php index 856fb13aa..77f660fee 100644 --- a/modules/autoinstall/autoinstall.admin.view.php +++ b/modules/autoinstall/autoinstall.admin.view.php @@ -488,7 +488,7 @@ class autoinstallAdminView extends autoinstall $security = new Security(); $security->encodeHTML('package.', 'package.depends..', 'item_list..'); - $security->encodeHTML('search_target', 'search_keyword'); + $security->encodeHTML('search_target', 'search_keyword', 'order_target', 'order_type'); } /** diff --git a/modules/autoinstall/tpl/list.html b/modules/autoinstall/tpl/list.html index 3004245cd..180a81cb1 100644 --- a/modules/autoinstall/tpl/list.html +++ b/modules/autoinstall/tpl/list.html @@ -132,12 +132,12 @@
- {@ - $urlInfo = parse_url(getRequestUriByServerEnviroment()); - parse_str($urlInfo['query'], $param); - }
- + + + + +
- - + + + + + {$lang->cmd_cancel}
From 4ee115e4f3ff1c420fd567284d2c908e050cc68d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 19:49:49 +0900 Subject: [PATCH 03/44] Improve server environment display --- classes/db/DB.class.php | 1 + classes/db/DBCubrid.class.php | 1 + classes/db/DBMssql.class.php | 2 +- classes/db/DBMysql.class.php | 5 +- classes/db/DBMysqli.class.php | 1 + modules/admin/admin.admin.model.php | 120 ------------- modules/admin/admin.admin.view.php | 256 +++++++++++++++++++--------- modules/admin/lang/ko.php | 4 +- modules/admin/tpl/css/admin.css | 4 + modules/admin/tpl/server_env.html | 2 +- 10 files changed, 186 insertions(+), 210 deletions(-) diff --git a/classes/db/DB.class.php b/classes/db/DB.class.php index a91b32e9b..3aa523927 100644 --- a/classes/db/DB.class.php +++ b/classes/db/DB.class.php @@ -112,6 +112,7 @@ class DB * @var string */ public $db_type; + public $db_version = ''; /** * flag to decide if class prepared statements or not (when supported); can be changed from db.config.info diff --git a/classes/db/DBCubrid.class.php b/classes/db/DBCubrid.class.php index 7963ae620..f010c9894 100644 --- a/classes/db/DBCubrid.class.php +++ b/classes/db/DBCubrid.class.php @@ -87,6 +87,7 @@ class DBCubrid extends DB return; } + $this->db_version = __CUBRID_VERSION__; cubrid_set_autocommit($result, CUBRID_AUTOCOMMIT_TRUE); return $result; diff --git a/classes/db/DBMssql.class.php b/classes/db/DBMssql.class.php index b0ffa4bd2..b9822844d 100644 --- a/classes/db/DBMssql.class.php +++ b/classes/db/DBMssql.class.php @@ -74,13 +74,13 @@ class DBMssql extends DB $server_info = sqlsrv_server_info($result); $server_version = $server_info['SQLServerVersion']; + $this->db_version = $server_version; if ($server_version && version_compare($server_version, '10', '<')) { $this->setError(-1, 'Rhymix requires Microsoft SQL Server 2008 or later. Current version is ' . $server_version); return; } - return $result; } diff --git a/classes/db/DBMysql.class.php b/classes/db/DBMysql.class.php index 5ec68cc04..000783bc4 100644 --- a/classes/db/DBMysql.class.php +++ b/classes/db/DBMysql.class.php @@ -78,9 +78,10 @@ class DBMysql extends DB } // Error appears if the version is lower than 5.0.7 - if(version_compare(mysql_get_server_info($result), '5.0.7', '<')) + $this->db_version = mysql_get_server_info($result); + if(version_compare($this->db_version, '5.0.7', '<')) { - $this->setError(-1, 'Rhymix requires MySQL 5.0.7 or later. Current MySQL version is ' . mysql_get_server_info()); + $this->setError(-1, 'Rhymix requires MySQL 5.0.7 or later. Current MySQL version is ' . $this->db_version); return; } diff --git a/classes/db/DBMysqli.class.php b/classes/db/DBMysqli.class.php index ef8f845ba..c7f465a8d 100644 --- a/classes/db/DBMysqli.class.php +++ b/classes/db/DBMysqli.class.php @@ -39,6 +39,7 @@ class DBMysqli extends DBMysql return; } $this->charset = isset($connection['charset']) ? $connection['charset'] : 'utf8'; + $this->db_version = $result->server_info; mysqli_set_charset($result, $this->charset); return $result; } diff --git a/modules/admin/admin.admin.model.php b/modules/admin/admin.admin.model.php index bf3e652ef..8d26d9711 100644 --- a/modules/admin/admin.admin.model.php +++ b/modules/admin/admin.admin.model.php @@ -385,126 +385,6 @@ class adminAdminModel extends admin $this->add('list', $list); } - /** - * Parameter arrange for send to XE collect server - * @param string $type 'WORKING', 'INSTALL' - * @return string - */ - function getEnv($type = 'WORKING') - { - $skip = array( - 'ext' => array('pcre', 'json', 'hash', 'dom', 'session', 'spl', 'standard', 'date', 'ctype', 'tokenizer', 'apache2handler', 'filter', 'posix', 'reflection', 'pdo') - , 'module' => array('addon', 'admin', 'autoinstall', 'comment', 'communication', 'counter', 'document', 'editor', 'file', 'importer', 'install', 'integration_search', 'layout', 'member', 'menu', 'message', 'module', 'opage', 'page', 'point', 'poll', 'rss', 'session', 'spamfilter', 'tag', 'trackback', 'trash', 'widget') - , 'addon' => array('autolink', 'blogapi', 'captcha', 'counter', 'member_communication', 'member_extra_info', 'mobile', 'openid_delegation_id', 'point_level_icon', 'resize_image') - , 'layout' => array('default') - , 'widget' => array('content', 'language_select', 'login_info','mcontent') - , 'widgetstyle' => array(), - ); - $info = array(); - - $info['type'] = ($type != 'INSTALL' ? 'WORKING' : 'INSTALL'); - $info['location'] = _XE_LOCATION_; - $info['package'] = _XE_PACKAGE_; - $info['host'] = $db_type->default_url ? $db_type->default_url : getFullUrl(); - $info['app'] = $_SERVER['SERVER_SOFTWARE']; - $info['xe_version'] = __XE_VERSION__; - $info['php'] = phpversion(); - - $info['db_type'] = Context::getDBType(); - $info['use_rewrite'] = config('use_rewrite') ? 'Y' : 'N'; - $info['use_db_session'] = config('session.use_db') ? 'Y' : 'N'; - $info['use_ssl'] = config('url.ssl') ?: 'none'; - - $info['phpext'] = ''; - foreach(get_loaded_extensions() as $ext) - { - $ext = strtolower($ext); - if(in_array($ext, $skip['ext'])) - { - continue; - } - $info['phpext'] .= '|' . $ext; - } - $info['phpext'] = substr($info['phpext'], 1); - - $info['module'] = ''; - $oModuleModel = getModel('module'); - $module_list = $oModuleModel->getModuleList(); - if($module_list) foreach($module_list as $module) - { - if(in_array($module->module, $skip['module'])) - { - continue; - } - $info['module'] .= '|' . $module->module; - } - $info['module'] = substr($info['module'], 1); - - $info['addon'] = ''; - $oAddonAdminModel = getAdminModel('addon'); - $addon_list = $oAddonAdminModel->getAddonList(); - if($addon_list) foreach($addon_list as $addon) - { - if(in_array($addon->addon, $skip['addon'])) - { - continue; - } - $info['addon'] .= '|' . $addon->addon; - } - $info['addon'] = substr($info['addon'], 1); - - $info['layout'] = ""; - $oLayoutModel = getModel('layout'); - $layout_list = $oLayoutModel->getDownloadedLayoutList(); - if($layout_list) foreach($layout_list as $layout) - { - if(in_array($layout->layout, $skip['layout'])) - { - continue; - } - $info['layout'] .= '|' . $layout->layout; - } - $info['layout'] = substr($info['layout'], 1); - - $info['widget'] = ""; - $oWidgetModel = getModel('widget'); - $widget_list = $oWidgetModel->getDownloadedWidgetList(); - if($widget_list) foreach($widget_list as $widget) - { - if(in_array($widget->widget, $skip['widget'])) - { - continue; - } - $info['widget'] .= '|' . $widget->widget; - } - $info['widget'] = substr($info['widget'], 1); - - $info['widgetstyle'] = ""; - $oWidgetModel = getModel('widget'); - $widgetstyle_list = $oWidgetModel->getDownloadedWidgetStyleList(); - if($widgetstyle_list) foreach($widgetstyle_list as $widgetstyle) - { - if(in_array($widgetstyle->widgetStyle, $skip['widgetstyle'])) - { - continue; - } - $info['widgetstyle'] .= '|' . $widgetstyle->widgetStyle; - } - $info['widgetstyle'] = substr($info['widgetstyle'], 1); - - $param = ''; - foreach($info as $k => $v) - { - if($v) - { - $param .= sprintf('&%s=%s', $k, urlencode($v)); - } - } - $param = substr($param, 1); - - return $param; - } - /** * Return theme info list by theme directory list * @return array diff --git a/modules/admin/admin.admin.view.php b/modules/admin/admin.admin.view.php index da728a2ae..cc51bde70 100644 --- a/modules/admin/admin.admin.view.php +++ b/modules/admin/admin.admin.view.php @@ -697,93 +697,181 @@ class adminAdminView extends admin function dispAdminViewServerEnv() { $info = array(); - - $oAdminModel = getAdminModel('admin'); - $envInfo = $oAdminModel->getEnv(); - $tmp = explode("&", $envInfo); - $arrInfo = array(); - $xe_check_env = array(); - foreach($tmp as $value) { - $arr = explode("=", $value); - if($arr[0]=="type") { - continue; - }elseif($arr[0]=="phpext" ) { - $str = urldecode($arr[1]); - $xe_check_env[$arr[0]]= str_replace("|", ", ", $str); - } elseif($arr[0]=="module" ) { - $str = urldecode($arr[1]); - $arrModuleName = explode("|", $str); - $oModuleModel = getModel("module"); - $mInfo = array(); - foreach($arrModuleName as $moduleName) { - $moduleInfo = $oModuleModel->getModuleInfoXml($moduleName); - $mInfo[] = "{$moduleName}({$moduleInfo->version})"; - } - $xe_check_env[$arr[0]]= join(", ", $mInfo); - } elseif($arr[0]=="addon") { - $str = urldecode($arr[1]); - $arrAddonName = explode("|", $str); - $oAddonModel = getAdminModel("addon"); - $mInfo = array(); - foreach($arrAddonName as $addonName) { - $addonInfo = $oAddonModel->getAddonInfoXml($addonName); - $mInfo[] = "{$addonName}({$addonInfo->version})"; - } - $xe_check_env[$arr[0]]= join(", ", $mInfo); - } elseif($arr[0]=="widget") { - $str = urldecode($arr[1]); - $arrWidgetName = explode("|", $str); - $oWidgetModel = getModel("widget"); - $mInfo = array(); - foreach($arrWidgetName as $widgetName) { - $widgetInfo = $oWidgetModel->getWidgetInfo($widgetName); - $mInfo[] = "{$widgetName}({$widgetInfo->version})"; - } - $xe_check_env[$arr[0]]= join(", ", $mInfo); - } elseif($arr[0]=="widgetstyle") { - $str = urldecode($arr[1]); - $arrWidgetstyleName = explode("|", $str); - $oWidgetModel = getModel("widget"); - $mInfo = array(); - foreach($arrWidgetstyleName as $widgetstyleName) { - $widgetstyleInfo = $oWidgetModel->getWidgetStyleInfo($widgetstyleName); - $mInfo[] = "{$widgetstyleName}({$widgetstyleInfo->version})"; - } - $xe_check_env[$arr[0]]= join(", ", $mInfo); - - } elseif($arr[0]=="layout") { - $str = urldecode($arr[1]); - $arrLayoutName = explode("|", $str); - $oLayoutModel = getModel("layout"); - $mInfo = array(); - foreach($arrLayoutName as $layoutName) { - $layoutInfo = $oLayoutModel->getLayoutInfo($layoutName); - $mInfo[] = "{$layoutName}({$layoutInfo->version})"; - } - $xe_check_env[$arr[0]]= join(", ", $mInfo); - } else { - $xe_check_env[$arr[0]] = urldecode($arr[1]); + $skip = array( + 'phpext' => array('core', 'session', 'spl', 'standard', 'date', 'ctype', 'tokenizer', 'apache2handler', 'filter', 'reflection'), + 'module' => array('addon', 'admin', 'autoinstall', 'comment', 'communication', 'counter', 'document', 'editor', 'file', 'importer', 'install', 'integration_search', 'layout', 'member', 'menu', 'message', 'module', 'opage', 'page', 'point', 'poll', 'rss', 'session', 'spamfilter', 'tag', 'trackback', 'trash', 'widget'), + 'addon' => array('autolink', 'blogapi', 'captcha', 'counter', 'member_communication', 'member_extra_info', 'mobile', 'openid_delegation_id', 'point_level_icon', 'resize_image'), + 'layout' => array('default'), + 'widget' => array('content', 'language_select', 'login_info', 'mcontent'), + 'widgetstyle' => array(), + ); + + // Basic environment + $info[] = '[Basic Information]'; + $info['rhymix_version'] = RX_VERSION; + $info['date'] = date('Y-m-d H:i:s O'); + $info['php'] = sprintf('%s (%d-bit)', phpversion(), PHP_INT_SIZE * 8); + $info['server'] = $_SERVER['SERVER_SOFTWARE']; + $info['os'] = sprintf('%s %s', php_uname('s'), php_uname('r')); + $info['baseurl'] = Context::getRequestUri(); + $info['basedir'] = RX_BASEDIR; + $info['owner'] = sprintf('%s (%d:%d)', get_current_user(), getmyuid(), getmygid()); + if (function_exists('posix_getpwuid') && function_exists('posix_geteuid') && $user = @posix_getpwuid(posix_geteuid())) + { + $info['user'] = sprintf('%s (%d:%d)', $user['name'], $user['uid'], $user['gid']); + } + else + { + $info['user'] = 'unknown'; + } + $info['ssl'] = Context::get('site_module_info')->security ?: Context::getDbInfo()->use_ssl; + $info[] = ''; + + // System settings + $info[] = '[System Settings]'; + $info['db.type'] = config('db.master.type'); + $db_extra_info = array(); + if (config('db.master.engine')) $db_extra_info[] = config('db.master.engine'); + if (config('db.master.charset')) $db_extra_info[] = config('db.master.charset'); + if (count($db_extra_info)) + { + $info['db.type'] .= ' (' . implode(', ', $db_extra_info) . ')'; + } + $info['db.version'] = DB::getInstance()->db_version; + if (preg_match('/\d+\.\d+\.\d+-MariaDB.*$/', $info['db.version'], $matches)) + { + $info['db.version'] = $matches[0]; + } + $info['cache.type'] = config('cache.type') ?: 'none'; + $info['locale.default_lang'] = config('locale.default_lang'); + $info['locale.default_timezone'] = config('locale.default_timezone'); + $info['locale.internal_timezone'] = config('locale.internal_timezone'); + $info['mobile.enabled'] = config('mobile.enabled') ? 'true' : 'false'; + $info['mobile.tablets'] = config('mobile.tablets') ? 'true' : 'false'; + $info['session.use_db'] = config('session.use_db') ? 'true' : 'false'; + $info['session.use_keys'] = config('session.use_keys') ? 'true' : 'false'; + $info['session.use_ssl'] = config('session.use_ssl') ? 'true' : 'false'; + $info['view.concat_scripts'] = config('view.concat_scripts'); + $info['view.minify_scripts'] = config('view.minify_scripts'); + $info['use_rewrite'] = config('use_rewrite') ? 'true' : 'false'; + $info['use_sso'] = config('use_sso') ? 'true' : 'false'; + $info[] = ''; + + // PHP settings + $ini_info = ini_get_all(); + $info[] = '[PHP Settings]'; + $info['session.auto_start'] = $ini_info['session.auto_start']['local_value']; + $info['max_file_uploads'] = $ini_info['max_file_uploads']['local_value']; + $info['memory_limit'] = $ini_info['memory_limit']['local_value']; + $info['post_max_size'] = $ini_info['post_max_size']['local_value']; + $info['upload_max_filesize'] = $ini_info['upload_max_filesize']['local_value']; + $info['extensions'] = array(); + foreach(get_loaded_extensions() as $ext) + { + $ext = strtolower($ext); + if (!in_array($ext, $skip['phpext'])) + { + $info['extensions'][] = $ext; } } - $info['XE_Check_Evn'] = $xe_check_env; - - $ini_info = ini_get_all(); - $php_core = array(); - $php_core['max_file_uploads'] = "{$ini_info['max_file_uploads']['local_value']}"; - $php_core['post_max_size'] = "{$ini_info['post_max_size']['local_value']}"; - $php_core['memory_limit'] = "{$ini_info['memory_limit']['local_value']}"; - $info['PHP_Core'] = $php_core; - - $str_info = "[Rhymix Server Environment " . date("Y-m-d") . "]\n\n"; - $str_info .= "realpath : ".realpath('./')."\n"; - foreach( $info as $key=>$value ) + natcasesort($info['extensions']); + $info[] = ''; + + // Modules + $info[] = '[Modules]'; + $info['module'] = array(); + $oModuleModel = getModel('module'); + $module_list = $oModuleModel->getModuleList() ?: array(); + foreach ($module_list as $module) { - if( is_array( $value ) == false ) { - $str_info .= "{$key} : {$value}\n"; - } else { - //$str_info .= "\n{$key} \n"; - foreach( $value as $key2=>$value2 ) - $str_info .= "{$key2} : {$value2}\n"; + if (!in_array($module->module, $skip['module'])) + { + $moduleInfo = $oModuleModel->getModuleInfoXml($module->module); + $info['module'][] = sprintf('%s (%s)', $module->module, $moduleInfo->version); + } + } + natcasesort($info['module']); + $info[] = ''; + + // Addons + $info[] = '[Addons]'; + $info['addon'] = array(); + $oAddonAdminModel = getAdminModel('addon'); + $addon_list = $oAddonAdminModel->getAddonList() ?: array(); + foreach ($addon_list as $addon) + { + if (!in_array($addon->addon, $skip['addon'])) + { + $addonInfo = $oAddonAdminModel->getAddonInfoXml($addon->addon); + $info['addon'][] = sprintf('%s (%s)', $addon->addon, $addonInfo->version); + } + } + natcasesort($info['addon']); + $info[] = ''; + + // Layouts + $info[] = '[Layouts]'; + $info['layout'] = array(); + $oLayoutModel = getModel('layout'); + $layout_list = $oLayoutModel->getDownloadedLayoutList() ?: array(); + foreach($layout_list as $layout) + { + if (!in_array($layout->layout, $skip['layout'])) + { + $layoutInfo = $oLayoutModel->getLayoutInfo($layout->layout); + $info['layout'][] = sprintf('%s (%s)', $layout->layout, $layoutInfo->version); + } + } + natcasesort($info['layout']); + $info[] = ''; + + // Widgets + $info[] = '[Widgets]'; + $info['widget'] = ""; + $oWidgetModel = getModel('widget'); + $widget_list = $oWidgetModel->getDownloadedWidgetList() ?: array(); + foreach ($widget_list as $widget) + { + if (!in_array($widget->widget, $skip['widget'])) + { + $widgetInfo = $oWidgetModel->getWidgetInfo($widget->widget); + $info['widget'][] = sprintf('%s (%s)', $widget->widget, $widgetInfo->version); + } + } + natcasesort($info['widget']); + $info[] = ''; + + // Widgetstyles + $info[] = '[Widgetstyles]'; + $info['widgetstyle'] = array(); + $oWidgetModel = getModel('widget'); + $widgetstyle_list = $oWidgetModel->getDownloadedWidgetStyleList() ?: array(); + foreach ($widgetstyle_list as $widgetstyle) + { + if (!in_array($widgetstyle->widgetStyle, $skip['widgetstyle'])) + { + $widgetstyleInfo = $oWidgetModel->getWidgetStyleInfo($widgetstyle->widgetStyle); + $info['widgetstyle'][] = sprintf('%s (%s)', $widgetstyle->widgetStyle, $widgetstyleInfo->version); + } + } + natcasesort($info['widgetstyle']); + $info[] = ''; + + // Convert to string. + foreach ($info as $key => $value) + { + if (is_array($value)) + { + $value = implode(', ', $value); + } + + if (is_int($key) || ctype_digit($key)) + { + $str_info .= "$value\n"; + } + else + { + $str_info .= "$key : $value\n"; } } diff --git a/modules/admin/lang/ko.php b/modules/admin/lang/ko.php index e407791f1..e2b1d2a13 100644 --- a/modules/admin/lang/ko.php +++ b/modules/admin/lang/ko.php @@ -266,8 +266,8 @@ $lang->admin_menu_setup = '관리자 메뉴 설정'; $lang->no_data = '등록된 데이터가 없습니다.'; $lang->cmd_admin_menu_reset = '관리자 메뉴 초기화'; $lang->confirm_reset_admin_menu = '관리자 메뉴를 초기화하시겠습니까?'; -$lang->cmd_view_server_env = '서버정보출력'; -$lang->server_env = '서버 정보'; +$lang->cmd_view_server_env = '서버 환경 표시'; +$lang->server_env = '서버 환경'; $lang->ftp_form_title = 'FTP 계정 정보 입력'; $lang->ftp = 'FTP'; $lang->ftp_host = 'FTP 서버 주소'; diff --git a/modules/admin/tpl/css/admin.css b/modules/admin/tpl/css/admin.css index f38aa5585..77a34ef05 100644 --- a/modules/admin/tpl/css/admin.css +++ b/modules/admin/tpl/css/admin.css @@ -2388,6 +2388,10 @@ html[lang="mn"] .x .g11n.active>[disabled], height: 1px; overflow: hidden; } +.server_env { + white-space: pre-wrap; + font-family: Consolas, Courier New, monospace; +} /* language specific styles */ /* English admin_en.css */ diff --git a/modules/admin/tpl/server_env.html b/modules/admin/tpl/server_env.html index 5e63724b4..2a2b81a64 100644 --- a/modules/admin/tpl/server_env.html +++ b/modules/admin/tpl/server_env.html @@ -4,5 +4,5 @@
- +
{$str_info}
From 8ad6f40abd0b31371e759c5f1b0b55beca7ee42d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 20:20:55 +0900 Subject: [PATCH 04/44] Enable ztime() function to process Unix timestamps --- common/legacy.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/legacy.php b/common/legacy.php index b2c92e581..a976c5a6f 100644 --- a/common/legacy.php +++ b/common/legacy.php @@ -520,6 +520,11 @@ function ztime($str) { return null; } + if (strlen($str) === 9 || (strlen($str) === 10 && $str <= 2147483647)) + { + return intval($str); + } + $year = (int)substr($str, 0, 4); $month = (int)substr($str, 4, 2) ?: 1; $day = (int)substr($str, 6, 2) ?: 1; From 0c2079421912cab59fafa8cf9d34ae66cc567680 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 20:58:37 +0900 Subject: [PATCH 05/44] Implement several template filters --- classes/template/TemplateHandler.class.php | 163 +++++++++++++++++++-- 1 file changed, 147 insertions(+), 16 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 1dd8364cf..7af89d0c9 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -554,26 +554,127 @@ class TemplateHandler } else { - $escape_option = $this->config->autoescape !== null ? 'auto' : 'noescape'; - if(preg_match('@^(.+)\\|((?:no)?escape)$@', $m[1], $mm)) - { - $m[1] = $mm[1]; - $escape_option = $mm[2]; - } - elseif($m[1] === '$content' && preg_match('@/layouts/.+/layout\.html$@', $this->file)) + // Get escape options. + if($m[1] === '$content' && preg_match('@/layouts/.+/layout\.html$@', $this->file)) { $escape_option = 'noescape'; } - $m[1] = self::_replaceVar($m[1]); - switch($escape_option) + else { - case 'auto': - return "config->autoescape === 'on' ? htmlspecialchars({$m[1]}, ENT_COMPAT, 'UTF-8', false) : {$m[1]}) ?>"; - case 'escape': - return ""; - case 'noescape': - return ""; + $escape_option = $this->config->autoescape !== null ? 'autoescape' : 'noescape'; } + + // Separate filters from variable. + if (preg_match('@^(.+?)(?_applyEscapeOption($var, $escape_option); + $var = "nl2br({$var})"; + $escape_option = 'noescape'; + break; + + case 'join': + $var = $filter_option ? "implode({$filter_option}, {$var})" : "implode(', ', {$var})"; + break; + + case 'date': + $var = $filter_option ? "getDisplayDateTime(ztime({$var}), {$filter_option})" : "getDisplayDateTime(ztime({$var}), 'Y-m-d H:i:s')"; + break; + + case 'format': + case 'number_format': + $var = $filter_option ? "number_format({$var}, {$filter_option})" : "number_format({$var})"; + break; + + case 'link': + $var = $this->_applyEscapeOption($var, $escape_option); + if ($filter_option) + { + $filter_option = $this->_applyEscapeOption($filter_option, $escape_option); + $var = "'' . {$var} . ''"; + } + else + { + $var = "'' . {$var} . ''"; + } + $escape_option = 'noescape'; + break; + + default: + $var = "INVALID FILTER ({$filter})"; + } + } + + // Apply the escape option and return. + return '_applyEscapeOption($var, $escape_option) . ' ?>'; } } @@ -773,6 +874,24 @@ class TemplateHandler return $m[0]; } + /** + * Apply escape option to an expression. + */ + private function _applyEscapeOption($str, $escape_option) + { + switch($escape_option) + { + case 'escape': + return "htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', true)"; + case 'noescape': + return "{$str}"; + case 'auto': + case 'autoescape': + default: + return "(\$this->config->autoescape === 'on' ? htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', false) : {$str})"; + } + } + /** * change relative path * @param string $path @@ -810,9 +929,21 @@ class TemplateHandler return $path; } + + /** + * Check if a string seems to contain a variable. + * + * @param string $str + * @return bool + */ + private static function _isVar($str) + { + return preg_match('@(?varname */ From 0c4dbc34ff885544903862a6f2d355ad0173c1f1 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 21:24:10 +0900 Subject: [PATCH 06/44] Add 'trim' filter and adjust some other settings --- classes/template/TemplateHandler.class.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 7af89d0c9..0807d60ed 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -623,6 +623,10 @@ class TemplateHandler $var = $filter_option ? "strip_tags({$var}, {$filter_option})" : "strip_tags({$var})"; break; + case 'trim': + $var = "trim({$var})"; + break; + case 'urlencode': $var = "rawurlencode({$var})"; break; @@ -669,7 +673,8 @@ class TemplateHandler break; default: - $var = "INVALID FILTER ({$filter})"; + $filter = escape_sqstr($filter); + $var = "'INVALID FILTER ({$filter})'"; } } From 7fd0f5df7b717cee3fd528be90f9836362a6259d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 21:24:26 +0900 Subject: [PATCH 07/44] Add unit tests for template filters --- tests/unit/classes/TemplateHandlerTest.php | 114 +++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/tests/unit/classes/TemplateHandlerTest.php b/tests/unit/classes/TemplateHandlerTest.php index 529c7230f..188ba4a09 100644 --- a/tests/unit/classes/TemplateHandlerTest.php +++ b/tests/unit/classes/TemplateHandlerTest.php @@ -300,6 +300,120 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test array( '{\RX_BASEDIR}', '?>' + ), + // Rhymix autoescape + array( + '{$foo}', + PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' + ), + array( + '{$foo}', + PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' + ), + array( + '{$foo|auto}', + PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' + ), + array( + '{$foo|autoescape}', + PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' + ), + array( + '{$foo|escape}', + PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', true) ?>' + ), + array( + '{$foo|escape}', + PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', true) ?>' + ), + array( + '{$foo|noescape}', + PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo $__Context->foo ?>' + ), + array( + '{$foo|noescape}', + PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo $__Context->foo ?>' + ), + // Rhymix filters + array( + '

{$foo|escape}

', + '?>

foo, ENT_COMPAT, \'UTF-8\', true) ?>

' + ), + array( + '

{$foo|json}

', + '?>

foo) ?>

' + ), + array( + '

{$foo|urlencode}

', + '?>

foo) ?>

' + ), + array( + '

{$foo|lower|nl2br}

', + '?>

foo)) ?>

' + ), + array( + '

{$foo|join:/|upper}

', + '?>

foo)) ?>

' + ), + array( + '

{$foo|join:\||upper}

', + '?>

foo)) ?>

' + ), + array( + '

{$foo|join:$separator}

', + '?>

separator, $__Context->foo) ?>

' + ), + array( + '

{$foo|strip}

', + '?>

foo) ?>

' + ), + array( + '

{$foo|strip:
}

', + '?>

foo, \'
\') ?>

' + ), + array( + '

{$foo|strip:$mytags}

', + '?>

foo, $__Context->mytags) ?>

' + ), + array( + '

{$foo|strip:myfunc($mytags)}

', + '?>

foo, myfunc($__Context->mytags)) ?>

' + ), + array( + '

{$foo|trim|date}

', + '?>

foo)), \'Y-m-d H:i:s\') ?>

' + ), + array( + '

{$foo|date:His}

', + '?>

foo), \'His\') ?>

' + ), + array( + '

{$foo|format:2}

', + '?>

foo, \'2\') ?>

' + ), + array( + '

{$foo|date:His}

', + '?>

foo), \'His\') ?>

' + ), + array( + '

{$foo|link}

', + '?>

foo . \'">\' . $__Context->foo . \'\' ?>

' + ), + array( + '

{$foo|link:http://www.rhymix.org}

', + '?>

\' . $__Context->foo . \'\' ?>

' + ), + array( + '

{$foo|link:$url}

', + '?>

url . \'">\' . $__Context->foo . \'\' ?>

' + ), + array( + '

{$foo|link:$url}

', + PHP_EOL . '$this->config->autoescape = \'on\'; ?>

config->autoescape === \'on\' ? htmlspecialchars($__Context->url, ENT_COMPAT, \'UTF-8\', false) : $__Context->url) . \'">\' . ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) . \'\' ?>

' + ), + array( + '

{$foo|dafuq}

', + '?>

' ), ); From 5638207fb021b95212f9b6d0c794b8f0c7a63fc0 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 21:29:15 +0900 Subject: [PATCH 08/44] Change behavior of 'autoescape' filter to always escape (but not double-escape) --- classes/template/TemplateHandler.class.php | 5 +++-- tests/unit/classes/TemplateHandlerTest.php | 10 +++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 0807d60ed..5a7a3e4b2 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -561,7 +561,7 @@ class TemplateHandler } else { - $escape_option = $this->config->autoescape !== null ? 'autoescape' : 'noescape'; + $escape_option = $this->config->autoescape !== null ? 'auto' : 'noescape'; } // Separate filters from variable. @@ -890,8 +890,9 @@ class TemplateHandler return "htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', true)"; case 'noescape': return "{$str}"; - case 'auto': case 'autoescape': + return "htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', false)"; + case 'auto': default: return "(\$this->config->autoescape === 'on' ? htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', false) : {$str})"; } diff --git a/tests/unit/classes/TemplateHandlerTest.php b/tests/unit/classes/TemplateHandlerTest.php index 188ba4a09..e84e45d7f 100644 --- a/tests/unit/classes/TemplateHandlerTest.php +++ b/tests/unit/classes/TemplateHandlerTest.php @@ -315,9 +315,17 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' ), array( - '{$foo|autoescape}', + '{$foo|auto}', PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>' ), + array( + '{$foo|autoescape}', + PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) ?>' + ), + array( + '{$foo|autoescape}', + PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) ?>' + ), array( '{$foo|escape}', PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', true) ?>' From ad21b1e706a7dd59d9d85549f72b5ab198cbef7c Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 22 Feb 2017 23:11:29 +0900 Subject: [PATCH 09/44] Fix warning in fileAdminView when upload target type does not exist --- modules/file/file.admin.view.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/file/file.admin.view.php b/modules/file/file.admin.view.php index ab1cb5e75..314a70fbd 100644 --- a/modules/file/file.admin.view.php +++ b/modules/file/file.admin.view.php @@ -127,7 +127,7 @@ class fileAdminView extends file } } - if($file->upload_target_type) + if($file->upload_target_type && is_array(${$file->upload_target_type.'_srls'})) { if(!in_array($file->upload_target_srl, ${$file->upload_target_type.'_srls'})) { From 628242a387cfc0e78f84a6d4ae8a591275a30556 Mon Sep 17 00:00:00 2001 From: bnu Date: Thu, 23 Feb 2017 15:57:06 +0900 Subject: [PATCH 10/44] =?UTF-8?q?Fix=20#2036=20XEVE-17-003=20=EC=BB=A4?= =?UTF-8?q?=EB=AE=A4=EB=8B=88=EC=BC=80=EC=9D=B4=EC=85=98=20=EB=AA=A8?= =?UTF-8?q?=EB=93=88=EC=9D=98=20=EC=AA=BD=EC=A7=80=EB=A5=BC=20=EC=9E=84?= =?UTF-8?q?=EC=9D=98=EB=A1=9C=20=EC=82=AD=EC=A0=9C=ED=95=A0=20=EC=88=98=20?= =?UTF-8?q?=EC=9E=88=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=EA=B3=A0=EC=B9=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/communication/conf/module.xml | 2 +- modules/communication/skins/default/messages.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/communication/conf/module.xml b/modules/communication/conf/module.xml index 1070ca261..dd12c05a1 100644 --- a/modules/communication/conf/module.xml +++ b/modules/communication/conf/module.xml @@ -16,7 +16,7 @@ - + diff --git a/modules/communication/skins/default/messages.html b/modules/communication/skins/default/messages.html index 8b7934a23..d9fbaf7c8 100644 --- a/modules/communication/skins/default/messages.html +++ b/modules/communication/skins/default/messages.html @@ -38,7 +38,7 @@ -
+ From 1974f21482916361950bf67d4eb17071aae7154e Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 23 Feb 2017 16:11:06 +0900 Subject: [PATCH 11/44] Version 1.8.30 --- common/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/constants.php b/common/constants.php index d0359ff2e..ab2364941 100644 --- a/common/constants.php +++ b/common/constants.php @@ -3,7 +3,7 @@ /** * RX_VERSION is the version number of the Rhymix CMS. */ -define('RX_VERSION', '1.8.29'); +define('RX_VERSION', '1.8.30'); /** * RX_MICROTIME is the startup time of the current script, in microseconds since the Unix epoch. From d03c64d069602cfd8e0dd703321b81fecf0e4fb0 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 23 Feb 2017 22:14:51 +0900 Subject: [PATCH 12/44] Make the test for filters more strict to prevent unintended parsing --- classes/template/TemplateHandler.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 5a7a3e4b2..f3ab187d3 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -565,7 +565,7 @@ class TemplateHandler } // Separate filters from variable. - if (preg_match('@^(.+?)(? Date: Thu, 23 Feb 2017 22:15:03 +0900 Subject: [PATCH 13/44] Add more unit tests for edge cases --- tests/unit/classes/TemplateHandlerTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/unit/classes/TemplateHandlerTest.php b/tests/unit/classes/TemplateHandlerTest.php index e84e45d7f..17550f586 100644 --- a/tests/unit/classes/TemplateHandlerTest.php +++ b/tests/unit/classes/TemplateHandlerTest.php @@ -423,6 +423,18 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test '

{$foo|dafuq}

', '?>

' ), + array( + '

{$foo||$bar}

', + '?>

foo||$__Context->bar ?>

' + ), + array( + '

{htmlspecialchars($var, ENT_COMPAT|ENT_HTML401)}

', + '?>

var, ENT_COMPAT|ENT_HTML401) ?>

' + ), + array( + '

{$foo | $bar}

', + '?>

foo | $__Context->bar ?>

' + ), ); foreach ($tests as $test) From f338d385381e92ec3b28fb893ca83fdba0ad367e Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 23 Feb 2017 22:25:13 +0900 Subject: [PATCH 14/44] Improve regexp for template filters --- classes/template/TemplateHandler.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index f3ab187d3..0105173f8 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -565,10 +565,10 @@ class TemplateHandler } // Separate filters from variable. - if (preg_match('@^(.+?)(? Date: Thu, 23 Feb 2017 22:25:25 +0900 Subject: [PATCH 15/44] Add even more unit tests for malformed filter detection --- tests/unit/classes/TemplateHandlerTest.php | 33 +++++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/tests/unit/classes/TemplateHandlerTest.php b/tests/unit/classes/TemplateHandlerTest.php index 17550f586..17a578e2c 100644 --- a/tests/unit/classes/TemplateHandlerTest.php +++ b/tests/unit/classes/TemplateHandlerTest.php @@ -419,17 +419,42 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test '

{$foo|link:$url}

', PHP_EOL . '$this->config->autoescape = \'on\'; ?>

config->autoescape === \'on\' ? htmlspecialchars($__Context->url, ENT_COMPAT, \'UTF-8\', false) : $__Context->url) . \'">\' . ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) . \'\' ?>

' ), + // Rhymix filters (reject malformed filters) array( '

{$foo|dafuq}

', '?>

' ), array( - '

{$foo||$bar}

', - '?>

foo||$__Context->bar ?>

' + '

{$foo|4}

', + '?>

foo|4 ?>

' ), array( - '

{htmlspecialchars($var, ENT_COMPAT|ENT_HTML401)}

', - '?>

var, ENT_COMPAT|ENT_HTML401) ?>

' + '

{$foo|a+7|lower}

', + '?>

foo|a+7) ?>

' + ), + array( + '

{$foo|Filter}

', + '?>

foo|Filter ?>

' + ), + array( + '

{$foo|filter++}

', + '?>

foo|filter++ ?>

' + ), + array( + '

{$foo|filter:}

', + '?>

foo|filter: ?>

' + ), + array( + '

{$foo|$bar}

', + '?>

foo|$__Context->bar ?>

' + ), + array( + '

{$foo||bar}

', + '?>

foo||bar ?>

' + ), + array( + '

{htmlspecialchars($var, ENT_COMPAT | ENT_HTML401)}

', + '?>

var, ENT_COMPAT | ENT_HTML401) ?>

' ), array( '

{$foo | $bar}

', From 6df32746c339242a6adf422bd32fff182198c5fe Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 24 Feb 2017 15:46:52 +0900 Subject: [PATCH 16/44] Refresh isAccessible() if document or comment is updated https://www.xetown.com/qna/510717 --- modules/comment/comment.item.php | 8 ++-- modules/document/document.item.php | 74 +++++++++++++++++++++--------- 2 files changed, 57 insertions(+), 25 deletions(-) diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php index e1e3d3672..34f5e3c27 100644 --- a/modules/comment/comment.item.php +++ b/modules/comment/comment.item.php @@ -133,7 +133,7 @@ class commentItem extends Object { if(Context::getSessionStatus()) { - $_SESSION['accessibled_comment'][$this->comment_srl] = TRUE; + $_SESSION['accessible'][$this->comment_srl] = $this->get('last_update'); } } @@ -163,12 +163,12 @@ class commentItem extends Object function isAccessible() { - if($_SESSION['accessibled_comment'][$this->comment_srl]) + if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update')) { return TRUE; } - if($this->isGranted() || !$this->isSecret()) + if (!$this->isSecret() || $this->isGranted()) { $this->setAccessible(); return TRUE; @@ -176,7 +176,7 @@ class commentItem extends Object $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($this->get('document_srl')); - if($oDocument->isGranted()) + if ($oDocument->isExists() && $oDocument->isGranted()) { $this->setAccessible(); return TRUE; diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 294b62aec..dbd5ffcc9 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -204,7 +204,55 @@ class documentItem extends Object function isAccessible() { - return $_SESSION['accessible'][$this->document_srl]==true?true:false; + if (isset($_SESSION['accessible'][$this->document_srl]) && $_SESSION['accessible'][$this->document_srl] === $this->get('last_update')) + { + return true; + } + + if ($this->grant_cache === true) + { + $this->setAccessible(); + return true; + } + + $logged_info = Context::get('logged_info'); + if ($logged_info->is_admin == 'Y') + { + $this->setAccessible(); + return true; + } + + $status = $this->get('status'); + if (empty($status)) + { + return false; + } + + $configStatusList = getModel('document')->getStatusList(); + + if ($status == $configStatusList['public'] || $status == $configStatusList['publish']) + { + $this->setAccessible(); + return true; + } + elseif ($status == $configStatusList['private'] || $status == $configStatusList['secret']) + { + if ($this->get('member_srl') == $logged_info->member_srl) + { + $this->setAccessible(); + return true; + } + } + + return false; + } + + function setAccessible() + { + if(Context::getSessionStatus()) + { + $_SESSION['accessible'][$this->document_srl] = $this->get('last_update'); + } } function allowComment() @@ -444,7 +492,7 @@ class documentItem extends Object $result = $this->_checkAccessibleFromStatus(); if($result && Context::getSessionStatus()) { - $_SESSION['accessible'][$this->document_srl] = true; + $this->setAccessible(); } $content = $this->get('content'); @@ -506,9 +554,9 @@ class documentItem extends Object if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret'); $result = $this->_checkAccessibleFromStatus(); - if($result && Context::getSessionStatus()) + if($result) { - $_SESSION['accessible'][$this->document_srl] = true; + $this->setAccessible(); } $content = $this->get('content'); @@ -1252,23 +1300,7 @@ class documentItem extends Object */ function _checkAccessibleFromStatus() { - $logged_info = Context::get('logged_info'); - if($logged_info->is_admin == 'Y') return true; - - $status = $this->get('status'); - if(empty($status)) return false; - - $oDocumentModel = getModel('document'); - $configStatusList = $oDocumentModel->getStatusList(); - - if($status == $configStatusList['public'] || $status == $configStatusList['publish']) - return true; - else if($status == $configStatusList['private'] || $status == $configStatusList['secret']) - { - if($this->get('member_srl') == $logged_info->member_srl) - return true; - } - return false; + return $this->isAccessible(); } function getTranslationLangCodes() From f3a43d071e26fa8987299fec6ef42b469f4a4673 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 25 Feb 2017 15:08:42 +0900 Subject: [PATCH 17/44] Fix vulnerability in procMemberDeleteSavedDocument --- modules/member/member.controller.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index e54f8d529..70e5dbab9 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -199,9 +199,22 @@ class memberController extends member $document_srl = (int)Context::get('document_srl'); if(!$document_srl) return new Object(-1,'msg_invalid_request'); + + $oDocumentModel = getModel('document'); + $oDocument = $oDocumentModel->getDocument($document_srl); + if ($oDocument->get('member_srl') != $logged_info->member_srl) + { + return new Object(-1,'msg_invalid_request'); + } + $configStatusList = $oDocumentModel->getStatusList(); + if ($oDocument->get('status') != $configStatusList['temp']) + { + return new Object(-1,'msg_invalid_request'); + } + // Variables $oDocumentController = getController('document'); - $oDocumentController->deleteDocument($document_srl, true); + $oDocumentController->deleteDocument($document_srl); } /** From 24c29cfbdb6615c6713de7c401f20dd7ba7be186 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 25 Feb 2017 15:35:16 +0900 Subject: [PATCH 18/44] Version 1.8.31 --- common/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/constants.php b/common/constants.php index ab2364941..ddb95201c 100644 --- a/common/constants.php +++ b/common/constants.php @@ -3,7 +3,7 @@ /** * RX_VERSION is the version number of the Rhymix CMS. */ -define('RX_VERSION', '1.8.30'); +define('RX_VERSION', '1.8.31'); /** * RX_MICROTIME is the startup time of the current script, in microseconds since the Unix epoch. From aa879e7326b0af6b6fee9ae472bb9a7aa9e23034 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 25 Feb 2017 17:37:58 +0900 Subject: [PATCH 19/44] Improve HTMLFilter handling of editor component properties --- common/framework/filters/htmlfilter.php | 9 +++++++-- tests/unit/framework/filters/HTMLFilterTest.php | 8 ++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/common/framework/filters/htmlfilter.php b/common/framework/filters/htmlfilter.php index 9afe6879a..7ee1fa77e 100644 --- a/common/framework/filters/htmlfilter.php +++ b/common/framework/filters/htmlfilter.php @@ -516,11 +516,16 @@ class HTMLFilter { return $attr[0]; } - if (preg_match('/^(?:on|data-|(?:accesskey|class|contextmenu|contenteditable|dir|draggable|dropzone|editor_component|hidden|id|lang|name|style|tabindex|title)$)/', $attrkey)) + if (preg_match('/^(?:on|data-|(?:accesskey|class|contextmenu|contenteditable|dir|draggable|dropzone|editor_component|hidden|id|lang|name|style|tabindex|title|rx_encoded_properties)$)/i', $attrkey)) { return $attr[0]; } - $attrs[$attrkey] = htmlspecialchars_decode($attr[2]); + $attrval = utf8_normalize_spaces(utf8_clean(html_entity_decode($attr[2]))); + if (preg_match('/^javascript:/i', preg_replace('/\s+/', '', $attrval))) + { + return ''; + } + $attrs[$attrkey] = $attrval; return ''; }, $match[0]); if ($tag === 'img' && !preg_match('/\ssrc="/', $html)) diff --git a/tests/unit/framework/filters/HTMLFilterTest.php b/tests/unit/framework/filters/HTMLFilterTest.php index 5c676c29a..790b044a6 100644 --- a/tests/unit/framework/filters/HTMLFilterTest.php +++ b/tests/unit/framework/filters/HTMLFilterTest.php @@ -187,6 +187,14 @@ class HTMLFilterTest extends \Codeception\TestCase\Test $target = 'My Picture'; $this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source, false, false)); + $source = 'Picture'; + $target = 'Picture'; + $this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source)); + + $source = 'Picture'; + $target = 'Picture'; + $this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source)); + $source = ''; $target = ''; $this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source, false, false)); From 8843f8b05d1bd51f41e78deb31d7d67d2b182f46 Mon Sep 17 00:00:00 2001 From: conory Date: Sat, 25 Feb 2017 20:46:38 +0900 Subject: [PATCH 20/44] =?UTF-8?q?=EC=97=85=EB=8D=B0=EC=9D=B4=ED=8A=B8?= =?UTF-8?q?=EC=8B=9C=20=EB=B0=9C=EC=83=9D=ED=95=A0=20=EC=88=98=20=EC=9E=88?= =?UTF-8?q?=EB=8A=94=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20Uncaught?= =?UTF-8?q?=20TypeError:=20Argument=201=20passed=20to=20array=20first()=20?= =?UTF-8?q?must=20be=20of=20the=20type=20array?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/ncenterlite/ncenterlite.model.php | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/modules/ncenterlite/ncenterlite.model.php b/modules/ncenterlite/ncenterlite.model.php index 149b4d3a9..dbc51719e 100644 --- a/modules/ncenterlite/ncenterlite.model.php +++ b/modules/ncenterlite/ncenterlite.model.php @@ -11,14 +11,29 @@ class ncenterliteModel extends ncenterlite { $oModuleModel = getModel('module'); $config = $oModuleModel->getModuleConfig('ncenterlite'); - + if(!$config) { $config = new stdClass(); } - if(!$config->use) + + if(!is_array($config->use)) { - $config->use = array('message' => 1); + if($config->use != 'N') + { + $config->use = array( + 'mention' => array('web' => 1), + 'comment' => array('web' => 1), + 'comment_comment' => array('web' => 1), + 'vote' => array('web' => 1), + 'message' => array('web' => 1), + 'admin_content' => array('web' => 1), + ); + } + else + { + $config->use = array(); + } } else { @@ -32,8 +47,8 @@ class ncenterliteModel extends ncenterlite getController('module')->insertModuleConfig('ncenterlite', $config); } } + if(!$config->display_use) $config->display_use = 'all'; - if(!$config->mention_names) $config->mention_names = 'nick_name'; if(!$config->mention_suffixes) { From b1ba03111740dde3428b555d6bb990b91d935ccd Mon Sep 17 00:00:00 2001 From: conory Date: Sat, 25 Feb 2017 21:15:54 +0900 Subject: [PATCH 21/44] =?UTF-8?q?=EC=95=8C=EB=A6=BC=EC=84=BC=ED=84=B0=20?= =?UTF-8?q?=EA=B5=AC=EB=B2=84=EC=A0=84=EC=9D=98=20=ED=99=9C=EC=84=B1?= =?UTF-8?q?=ED=99=94=20=EC=84=A4=EC=A0=95=EC=9D=84=20=EA=B0=80=EC=A0=B8?= =?UTF-8?q?=EC=99=80=EC=84=9C=20=EC=85=8B=ED=8C=85=ED=95=98=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/ncenterlite/ncenterlite.model.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ncenterlite/ncenterlite.model.php b/modules/ncenterlite/ncenterlite.model.php index dbc51719e..54ff10e8a 100644 --- a/modules/ncenterlite/ncenterlite.model.php +++ b/modules/ncenterlite/ncenterlite.model.php @@ -19,7 +19,7 @@ class ncenterliteModel extends ncenterlite if(!is_array($config->use)) { - if($config->use != 'N') + if($config->use == 'Y') { $config->use = array( 'mention' => array('web' => 1), @@ -32,7 +32,7 @@ class ncenterliteModel extends ncenterlite } else { - $config->use = array(); + $config->use = array('message' => array('web' => 1)); } } else From 1c45a5fc1c1a9eb67b1864105df941e5c90da7a0 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 25 Feb 2017 23:01:16 +0900 Subject: [PATCH 22/44] Fix unauthorized modification and deletion of documents via widget controller --- modules/widget/widget.controller.php | 65 ++++++++++++++-------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/modules/widget/widget.controller.php b/modules/widget/widget.controller.php index 25ba43df8..7715121fc 100644 --- a/modules/widget/widget.controller.php +++ b/modules/widget/widget.controller.php @@ -105,6 +105,7 @@ class widgetController extends widget $oLayoutModel = getModel('layout'); $layout_info = $oLayoutModel->getLayout($module_srl); if(!$layout_info || $layout_info->type != 'faceoff') $err++; + // Destination Information Wanted page module $oModuleModel = getModel('module'); $columnList = array('module_srl', 'module'); @@ -112,20 +113,19 @@ class widgetController extends widget if(!$page_info->module_srl || $page_info->module != 'page') $err++; if($err > 1) return new Object(-1,'msg_invalid_request'); + // Check permissions - $is_logged = Context::get('is_logged'); $logged_info = Context::get('logged_info'); - $user_group = $logged_info->group_list; - $is_admin = false; - if(count($user_group)&&count($page_info->grants['manager'])) + if (!$logged_info->member_srl) { - $manager_group = $page_info->grants['manager']; - foreach($user_group as $group_srl => $group_info) - { - if(in_array($group_srl, $manager_group)) $is_admin = true; - } + return new Object(-1,'msg_not_permitted'); } - if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted'); + $module_grant = $oModuleModel->getGrant($page_info, $logged_info); + if (!$module_grant->manager) + { + return new Object(-1,'msg_not_permitted'); + } + // Enter post $oDocumentModel = getModel('document'); $oDocumentController = getController('document'); @@ -145,8 +145,10 @@ class widgetController extends widget $output = $oDocumentController->insertDocument($obj); $obj->document_srl = $output->get('document_srl'); } + // Stop when an error occurs if(!$output->toBool()) return $output; + // Return results $this->add('document_srl', $obj->document_srl); } @@ -166,28 +168,28 @@ class widgetController extends widget $oDocument = $oDocumentModel->getDocument($document_srl, true); if(!$oDocument->isExists()) return new Object(-1,'msg_invalid_request'); $module_srl = $oDocument->get('module_srl'); + // Destination Information Wanted page module $oModuleModel = getModel('module'); $columnList = array('module_srl', 'module'); $page_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl, $columnList); if(!$page_info->module_srl || $page_info->module != 'page') return new Object(-1,'msg_invalid_request'); + // Check permissions - $is_logged = Context::get('is_logged'); $logged_info = Context::get('logged_info'); - $user_group = $logged_info->group_list; - $is_admin = false; - if(count($user_group)&&count($page_info->grants['manager'])) + if (!$logged_info->member_srl) { - $manager_group = $page_info->grants['manager']; - foreach($user_group as $group_srl => $group_info) - { - if(in_array($group_srl, $manager_group)) $is_admin = true; - } + return new Object(-1,'msg_not_permitted'); } - if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted'); - + $module_grant = $oModuleModel->getGrant($page_info, $logged_info); + if (!$module_grant->manager) + { + return new Object(-1,'msg_not_permitted'); + } + $output = $oDocumentAdminController->copyDocumentModule(array($oDocument->get('document_srl')), $oDocument->get('module_srl'),0); if(!$output->toBool()) return $output; + // Return results $copied_srls = $output->get('copied_srls'); $this->add('document_srl', $copied_srls[$oDocument->get('document_srl')]); @@ -207,25 +209,24 @@ class widgetController extends widget $oDocument = $oDocumentModel->getDocument($document_srl, true); if(!$oDocument->isExists()) return new Object(); $module_srl = $oDocument->get('module_srl'); + // Destination Information Wanted page module $oModuleModel = getModel('module'); $page_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl); if(!$page_info->module_srl || $page_info->module != 'page') return new Object(-1,'msg_invalid_request'); + // Check permissions - $is_logged = Context::get('is_logged'); $logged_info = Context::get('logged_info'); - $user_group = $logged_info->group_list; - $is_admin = false; - if(count($user_group)&&count($page_info->grants['manager'])) + if (!$logged_info->member_srl) { - $manager_group = $page_info->grants['manager']; - foreach($user_group as $group_srl => $group_info) - { - if(in_array($group_srl, $manager_group)) $is_admin = true; - } + return new Object(-1,'msg_not_permitted'); } - if(!$is_admin && !$is_logged && $logged_info->is_admin != 'Y' && !$oModuleModel->isSiteAdmin($logged_info) && !(is_array($page_info->admin_id) && in_array($logged_info->user_id, $page_info->admin_id))) return new Object(-1,'msg_not_permitted'); - + $module_grant = $oModuleModel->getGrant($page_info, $logged_info); + if (!$module_grant->manager) + { + return new Object(-1,'msg_not_permitted'); + } + $output = $oDocumentController->deleteDocument($oDocument->get('document_srl'), true); if(!$output->toBool()) return $output; } From f3871e5cd39970f2c5c27d01e876daa57746171d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 25 Feb 2017 23:35:52 +0900 Subject: [PATCH 23/44] Fix exposure of other members' point and level info via getMembersPointInto API call --- modules/point/point.model.php | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/point/point.model.php b/modules/point/point.model.php index a50638745..28bfcfacd 100644 --- a/modules/point/point.model.php +++ b/modules/point/point.model.php @@ -75,9 +75,25 @@ class pointModel extends point function getMembersPointInfo() { $member_srls = Context::get('member_srls'); - $member_srls = explode(',',$member_srls); - if(count($member_srls)==0) return; - array_unique($member_srls); + $member_srls = array_unique(explode(',', $member_srls)); + if (!count($member_srls)) + { + return; + } + + $logged_info = Context::get('logged_info'); + if (!$logged_info->member_srl) + { + return; + } + if (!getModel('module')->isSiteAdmin($logged_info)) + { + $member_srls = array_filter($member_srls, function($member_srl) use($logged_info) { return $member_srl == $logged_info->member_srl; }); + if (!count($member_srls)) + { + return; + } + } $oModuleModel = getModel('module'); $config = $oModuleModel->getModuleConfig('point'); From 01ca005cf5352e99bc80d0c65c2de47654732705 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sun, 26 Feb 2017 00:07:48 +0900 Subject: [PATCH 24/44] Fix editor module to prevent modification of editor config by non-admins --- modules/editor/editor.controller.php | 30 ++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/modules/editor/editor.controller.php b/modules/editor/editor.controller.php index 420f08303..b0bb9b992 100644 --- a/modules/editor/editor.controller.php +++ b/modules/editor/editor.controller.php @@ -80,10 +80,30 @@ class editorController extends editor */ function procEditorInsertModuleConfig() { - $module_srl = Context::get('target_module_srl'); // To configure many of modules at once - if(preg_match('/^([0-9,]+)$/',$module_srl)) $module_srl = explode(',',$module_srl); - else $module_srl = array($module_srl); + $target_module_srl = Context::get('target_module_srl'); + $target_module_srl = array_map('trim', explode(',', $target_module_srl)); + $logged_info = Context::get('logged_info'); + $module_srl = array(); + $oModuleModel = getModel('module'); + foreach ($target_module_srl as $srl) + { + if (!$srl) continue; + + $module_info = $oModuleModel->getModuleInfoByModuleSrl($srl); + if (!$module_info->module_srl) + { + return new Object(-1, 'msg_invalid_request'); + } + + $module_grant = $oModuleModel->getGrant($module_info, $logged_info); + if (!$module_grant->manager) + { + return new Object(-1, 'msg_not_permitted'); + } + + $module_srl[] = $srl; + } $editor_config = new stdClass; $editor_config->default_editor_settings = Context::get('default_editor_settings'); @@ -134,10 +154,8 @@ class editorController extends editor if($editor_config->enable_autosave != 'Y') $editor_config->enable_autosave = 'N'; $oModuleController = getController('module'); - for($i=0;$iinsertModulePartConfig('editor',$srl,$editor_config); } From 5140047b5fc9ffcc137b206c62c71daa87abd1d9 Mon Sep 17 00:00:00 2001 From: Min-Soo Kim Date: Sun, 26 Feb 2017 01:05:57 +0900 Subject: [PATCH 25/44] =?UTF-8?q?=EB=84=A4=EB=AA=A8=EC=9D=98=20=EA=BF=88/?= =?UTF-8?q?=20=EC=BB=A8=ED=85=90=EC=B8=A0=20=EC=9C=84=EC=A0=AF=20=EC=8A=A4?= =?UTF-8?q?=ED=82=A8=20(#712)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 컨텐츠 모듈 스킨 - 사이트 테마를 따르지 않고 다른 색을 선택할 수 있도록 네모의 꿈 회원 스킨 컬러셋 추가. - 탭이 많을 때 터치 환경이 아니면 좌우로 넘기기 어려운 점을 고려하여서 메뉴를 펼침. - 작은 화면에서 화면을 최대한 활용하도록, 레이아웃 햄버거 메뉴를 부드럽게 나타내고 감춥니다. ## 위젯에서 LESS/SCSS 의 사용 - 변수를 위젯 캐시에도 전달할 수 있도록 해서 LESS 나 SCSS 에 값 전달이 가능하도록 함. - LESS 나 SCSS 를 사용한 경우에 위젯 코드 캐싱 코드가 적절하게 기록되도록 해서 LESS나 SCSS 를 사용 가능하도록 수정. ## 그 외 변화 - Reduce the number of regular expressions. --- classes/display/HTMLDisplayHandler.php | 14 +- classes/template/TemplateHandler.class.php | 11 +- layouts/simple_world/layout.html | 2 +- layouts/simple_world/layout.js | 6 +- .../skins/simple_world/common_header.html | 7 +- .../member/skins/simple_world/css/css.less | 7 +- modules/member/skins/simple_world/skin.xml | 90 ++++- .../skins/simple_world/common_header.html | 4 +- .../skins/xedition/http_status_code.html | 2 +- modules/page/page.mobile.php | 2 +- modules/page/page.view.php | 2 +- modules/widget/widget.controller.php | 30 +- widgets/content/content.class.php | 26 +- .../skins/simple_rectangle/_tab_left.html | 38 ++ .../skins/simple_rectangle/_tab_none.html | 15 + .../skins/simple_rectangle/_tab_top.html | 18 + .../skins/simple_rectangle/content.html | 79 +++++ .../skins/simple_rectangle/css/css.css | 274 +++++++++++++++ .../skins/simple_rectangle/css/css.less | 328 ++++++++++++++++++ .../skins/simple_rectangle/gallery.html | 32 ++ .../skins/simple_rectangle/image_title.html | 1 + .../simple_rectangle/image_title_content.html | 39 +++ .../simple_rectangle/js/content_widget.js | 42 +++ .../skins/simple_rectangle/normal.html | 29 ++ .../content/skins/simple_rectangle/skin.xml | 107 ++++++ .../skins/simple_rectangle/title_content.html | 108 ++++++ 26 files changed, 1286 insertions(+), 27 deletions(-) create mode 100644 widgets/content/skins/simple_rectangle/_tab_left.html create mode 100644 widgets/content/skins/simple_rectangle/_tab_none.html create mode 100644 widgets/content/skins/simple_rectangle/_tab_top.html create mode 100644 widgets/content/skins/simple_rectangle/content.html create mode 100644 widgets/content/skins/simple_rectangle/css/css.css create mode 100644 widgets/content/skins/simple_rectangle/css/css.less create mode 100644 widgets/content/skins/simple_rectangle/gallery.html create mode 100644 widgets/content/skins/simple_rectangle/image_title.html create mode 100644 widgets/content/skins/simple_rectangle/image_title_content.html create mode 100644 widgets/content/skins/simple_rectangle/js/content_widget.js create mode 100644 widgets/content/skins/simple_rectangle/normal.html create mode 100644 widgets/content/skins/simple_rectangle/skin.xml create mode 100644 widgets/content/skins/simple_rectangle/title_content.html diff --git a/classes/display/HTMLDisplayHandler.php b/classes/display/HTMLDisplayHandler.php index 71f12b91a..aa67124a2 100644 --- a/classes/display/HTMLDisplayHandler.php +++ b/classes/display/HTMLDisplayHandler.php @@ -174,7 +174,7 @@ class HTMLDisplayHandler $output = preg_replace_callback('!!is', array($this, '_moveMetaToHeader'), $output); // change a meta fine(widget often put the tag like to the content because of caching) - $output = preg_replace_callback('//is', array($this, '_transMeta'), $output); + $output = preg_replace_callback('//is', array($this, '_transMeta'), $output); // handles a relative path generated by using the rewrite module if(Context::isAllowRewrite()) @@ -370,9 +370,17 @@ class HTMLDisplayHandler { return ''; } - Context::loadFile($matches[2]); + if($matches[3]) + { + $vars = Context::get(str_replace('?$__Context->', '', $matches[3])); + Context::loadFile(array($matches[2], null, null, null, $vars)); + } + else + { + Context::loadFile($matches[2]); + } } - + /** * Add OpenGraph metadata tags. * diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 0105173f8..b91bf8db8 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -805,6 +805,7 @@ class TemplateHandler else { $metafile = $attr['target']; + $metavars = ($attr['vars'] ? self::_replaceVar($attr['vars']) : ''); $result = "\$__tmp=array('{$attr['target']}','{$attr['media']}','{$attr['targetie']}','{$attr['index']}'," . ($attr['vars'] ? self::_replaceVar($attr['vars']) : 'array()') . ");Context::loadFile(\$__tmp);unset(\$__tmp);"; } break; @@ -813,7 +814,15 @@ class TemplateHandler $result = ""; if($metafile) { - $result = "" . $result; + if(!$metavars) + { + $result = "" . $result; + } + else + { + // LESS or SCSS needs the variables to be substituted. + $result = "" . $result; + } } return $result; diff --git a/layouts/simple_world/layout.html b/layouts/simple_world/layout.html index 0df133005..fa7b72184 100644 --- a/layouts/simple_world/layout.html +++ b/layouts/simple_world/layout.html @@ -48,7 +48,7 @@ {Context::addMetaTag("theme-color", $material_colors[$layout_info->primary_color])} -{Context::set('layout_scss_value', array('grey' => $material_colors['grey'], 'primary_color' => $material_colors[$layout_info->primary_color], 'menu_position' => $layout_info->menu_position, 'content_color' => $layout_info->content_color))} +{@Context::set('layout_scss_value', array('grey' => $material_colors['grey'], 'primary_color' => $material_colors[$layout_info->primary_color], 'menu_position' => $layout_info->menu_position, 'content_color' => $layout_info->content_color))} diff --git a/layouts/simple_world/layout.js b/layouts/simple_world/layout.js index 6e2798cbf..9f1c21668 100644 --- a/layouts/simple_world/layout.js +++ b/layouts/simple_world/layout.js @@ -67,8 +67,10 @@ $(function() { if($("#layout_menu_toggle").css( 'position' ) === 'fixed') { - $("#layout_menu_toggle").fadeIn(); - $("#layout_menu_toggle").css('display', ''); + $("#layout_menu_toggle").fadeIn(400, function() { + $("#layout_menu_toggle").css('display', '') + }); + ; } } previousScroll = currentScroll; diff --git a/modules/member/skins/simple_world/common_header.html b/modules/member/skins/simple_world/common_header.html index 7cf42c832..6092d1867 100644 --- a/modules/member/skins/simple_world/common_header.html +++ b/modules/member/skins/simple_world/common_header.html @@ -41,8 +41,8 @@ {@$layout_info->primary_color = 'blue';} - +{@$colorset = $material_colors[$member_config->colorset];} {@$skin_color = $material_colors[$layout_info->primary_color];} @@ -54,7 +54,10 @@ {@$skin_color = '#f44336'} -{Context::set('simple_less_value', array('red' => hexdec(substr($skin_color, 1, 2)), 'green' => hexdec(substr($skin_color, 3, 2)), 'blue' => hexdec(substr($skin_color, 5, 2)) ))} + + {@$skin_color = $colorset} + +{@Context::set('simple_less_value', array('red' => hexdec(substr($skin_color, 1, 2)), 'green' => hexdec(substr($skin_color, 3, 2)), 'blue' => hexdec(substr($skin_color, 5, 2)) ))}
diff --git a/modules/member/skins/simple_world/css/css.less b/modules/member/skins/simple_world/css/css.less index 00efe8d14..43156161b 100644 --- a/modules/member/skins/simple_world/css/css.less +++ b/modules/member/skins/simple_world/css/css.less @@ -188,9 +188,6 @@ script, style .rx_simple_member div.rx_simple_tab{ background: #ffffff; margin: 5px 0; - height: 52px; - overflow: hidden; - white-space: nowrap; box-shadow: 0 1px 2px rgba(0,0,0,0.16), 0 1px 2px rgba(0,0,0,0.23); box-sizing: border-box; } @@ -198,9 +195,7 @@ script, style list-style: outside none none; margin: 0; display: block; - overflow-x: auto; - -webkit-overflow-scrolling: touch; - padding: 6px 0px 100px; + padding: 6px 0; text-decoration: none; } diff --git a/modules/member/skins/simple_world/skin.xml b/modules/member/skins/simple_world/skin.xml index 4bf108777..6bb950ac7 100644 --- a/modules/member/skins/simple_world/skin.xml +++ b/modules/member/skins/simple_world/skin.xml @@ -11,6 +11,94 @@ misol - + + + 사이트 테마 색 + The site theme color + + + 붉은 색 + Red + + + 크림슨 + Crimson + + + 분홍 + Pink + + + 보라 + Purple + + + 진보라 + Deep Purple + + + 인디고 + Indigo + + + 짙은 파랑 + Deep Blue + + + 파랑 + Blue + + + 밝은 파랑 + Light Blue + + + 시안 + Cyan + + + + Teal + + + 초록 + Green + + + 연한 초록 + Light Green + + + 라임 + Lime + + + 노랑 + Yellow + + + 앰버 + Amber + + + 주황 + Orange + + + 진한 주황 + Deep Orange + + + 갈색 + Brown + + + 회색 + Grey + + + 푸른 회색 + Blue Grey + diff --git a/modules/message/skins/simple_world/common_header.html b/modules/message/skins/simple_world/common_header.html index e92d2b510..3f5be653b 100644 --- a/modules/message/skins/simple_world/common_header.html +++ b/modules/message/skins/simple_world/common_header.html @@ -1,5 +1,5 @@ -{Context::addMetaTag("viewport", "width=device-width, user-scalable=yes")} +{@Context::addMetaTag("viewport", "width=device-width, user-scalable=yes")} {@ @@ -57,6 +57,6 @@ {@$skin_color = '#f44336'} -{Context::set('simple_less_value', array('red' => hexdec(substr($skin_color, 1, 2)), 'green' => hexdec(substr($skin_color, 3, 2)), 'blue' => hexdec(substr($skin_color, 5, 2)) ))} +{@Context::set('simple_less_value', array('red' => hexdec(substr($skin_color, 1, 2)), 'green' => hexdec(substr($skin_color, 3, 2)), 'blue' => hexdec(substr($skin_color, 5, 2)) ))}
\ No newline at end of file diff --git a/modules/message/skins/xedition/http_status_code.html b/modules/message/skins/xedition/http_status_code.html index 5666332e7..39cc450d6 100644 --- a/modules/message/skins/xedition/http_status_code.html +++ b/modules/message/skins/xedition/http_status_code.html @@ -1,5 +1,5 @@ -{Context::addHtmlHeader('')} +{@Context::addHtmlHeader('')}