#226 지정된 mid 또는 module에 속하지 않은 action이 실행되지 않도록 제한 및 우회하기 위한 standalone 명세를 추가.

classes/module/ModuleHandler.class.php

@@ -145,7 +145,6 @@ class ModuleHandler extends Handler
 		{
 			
 			$module_info = $oModuleModel->getModuleInfoByDocumentSrl($this->document_srl);
-
 			// If the document does not exist, remove document_srl
 			if(!$module_info)
 			{
@@ -464,7 +463,8 @@ class ModuleHandler extends Handler
 			{
 				$module = strtolower($matches[2] . $matches[3]);
 				$xml_info = $oModuleModel->getModuleActionXml($module);
-				if($xml_info->action->{$this->act})
+
+				if($xml_info->action->{$this->act} && ($kind == 'admin' || $xml_info->action->{$this->act}->standalone === 'true'))
 				{
 					$forward = new stdClass();
 					$forward->module = $module;
@@ -472,6 +472,15 @@ class ModuleHandler extends Handler
 					$forward->ruleset = $xml_info->action->{$this->act}->ruleset;
 					$forward->act = $this->act;
 				}
+				else
+				{
+					$this->error = 'msg_invalid_request';
+					$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
+					$oMessageObject->setError(-1);
+					$oMessageObject->setMessage($this->error);
+					$oMessageObject->dispMessage();
+					return $oMessageObject;
+				}
 			}
 
 			if(!$forward)