#226 지정된 mid 또는 module에 속하지 않은 action이 실행되지 않도록 제한 및 우회하기 위한 standalone 명세를 추가.

2026-04-24 04:42:14 +09:00 · 2013-12-28 16:22:18 +09:00 · 2013-12-28 16:22:18 +09:00 · 2b4650ec34
commit 2b4650ec34
parent 2bd745b627
2 changed files with 17 additions and 5 deletions
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -145,7 +145,6 @@ class ModuleHandler extends Handler
 		{
 			
 			$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
-
 			// If the document does not exist, remove document_srl
 			if(!$module_info)
 			{
@ -464,7 +463,8 @@ class ModuleHandler extends Handler
 			{
 				$module = strtolower($matches[2] . $matches[3]);
 				$xml_info = $oModuleModel->getModuleActionXml($module);
-				if($xml_info->action->{$this->act})
+
+				if($xml_info->action->{$this->act} && ($kind == 'admin' || $xml_info->action->{$this->act}->standalone === 'true'))
 				{
 					$forward = new stdClass();
 					$forward->module = $module;
@ -472,6 +472,15 @@ class ModuleHandler extends Handler
 					$forward->ruleset = $xml_info->action->{$this->act}->ruleset;
 					$forward->act = $this->act;
 				}
+				else
+				{
+					$this->error = 'msg_invalid_request';
+					$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
+					$oMessageObject->setError(-1);
+					$oMessageObject->setMessage($this->error);
+					$oMessageObject->dispMessage();
+					return $oMessageObject;
+				}
 			}

 			if(!$forward)
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@ -895,6 +895,7 @@ class moduleModel extends module

 					$type = $action->attrs->type;
 					$grant = $action->attrs->grant?$action->attrs->grant:'guest';
+					$standalone = $action->attrs->standalone=='true'?'true':'false';
 					$ruleset = $action->attrs->ruleset?$action->attrs->ruleset:'';
 					$method = $action->attrs->method?$action->attrs->method:'';

@ -907,6 +908,7 @@ class moduleModel extends module
 					$info->action->{$name} = new stdClass();
 					$info->action->{$name}->type = $type;
 					$info->action->{$name}->grant = $grant;
+					$info->action->{$name}->standalone = ($standalone == 'true') ? TRUE : FALSE;
 					$info->action->{$name}->ruleset = $ruleset;
 					$info->action->{$name}->method = $method;
 					if($action->attrs->menu_name)
@ -929,6 +931,7 @@ class moduleModel extends module
 					$buff[] = sprintf('$info->action->%s = new stdClass;', $name);
 					$buff[] = sprintf('$info->action->%s->type=\'%s\';', $name, $type);
 					$buff[] = sprintf('$info->action->%s->grant=\'%s\';', $name, $grant);
+					$buff[] = sprintf('$info->action->%s->standalone=\'%s\';', $name, $standalone);
 					$buff[] = sprintf('$info->action->%s->ruleset=\'%s\';', $name, $ruleset);
 					$buff[] = sprintf('$info->action->%s->method=\'%s\';', $name, $method);

@ -959,6 +962,8 @@ class moduleModel extends module
 			$buff['simple_setup_index_act'] = sprintf($buff['simple_setup_index_act'], $simple_setup_index_act);
 			$buff['admin_index_act'] = sprintf($buff['admin_index_act'], $admin_index_act);

+			$buff[] = 'return $info;';
+
 			$buff = implode(PHP_EOL, $buff);

 			FileHandler::writeFile($cache_file, $buff);
@ -966,9 +971,7 @@ class moduleModel extends module
 			return $info;
 		}

-		if(file_exists($cache_file)) include($cache_file);
-
-		return $info;
+		if(file_exists($cache_file)) return include($cache_file);
 	}

 	/**