fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop' into next

Browse source
This commit is contained in:
bnu 2015-02-09 11:22:02 +09:00
commit 2bbe9603a2
44 changed files with 420 additions and 311 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.jshintignore Normal file
View file

@ -0,0 +1,9 @@
common/js/jquery*.js
common/js/modernizr.js
common/js/xe.js
common/js/x.js
common/js/*.min.js
common/js/unittest/*
common/js/plugins/*
common/js/foggyLayer.js
common/js/html5.js

68
.jshintrc Normal file
View file

@ -0,0 +1,68 @@
{
"globalstrict": false,
"undef": false,
"eqeqeq": false,
"browser": true,
"devel": true,
"jquery": true,
"evil": true,
"globals": {
"window": true,
"current_url": true,
"exec_json": true,
"exec_xml": true,
"procFilter": true,
"xe": true,
"request_uri": true,
"xAddEventListener": false,
"xResizeEvent": false,
"xScrollEvent": false,
"xAppendChild": false,
"xClientHeight": false,
"xClientWidth": false,
"xCreateElement": false,
"xDef": false,
"xDeleteCookie": false,
"xDisplay": false,
"xEvent": false,
"xFirstChild": false,
"xGetBodyWidth": false,
"xGetBodyHeight": false,
"xGetComputedStyle": false,
"xGetCookie": false,
"xGetElementById": false,
"xGetElementsByAttribute": false,
"xGetElementsByClassName": false,
"xGetElementsByTagName": false,
"xGetURLArguments": false,
"xHeight": false,
"xHex": false,
"xHide": false,
"xInnerHtml": false,
"xLeft": false,
"xMoveTo": false,
"xName": false,
"xNextSib": false,
"xNum": false,
"xOffsetLeft": false,
"xOffsetTop": false,
"xPad": false,
"xPageX": false,
"xPageY": false,
"xParent": false,
"xPreventDefault": false,
"xPrevSib": false,
"xRemoveEventListener": false,
"xResizeTo": false,
"xScrollLeft": false,
"xScrollTop": false,
"xSetCookie": false,
"xShow": false,
"xStr": false,
"xTop": false,
"xVisibility": false,
"xWidth": false,
"xZIndex": false,
"xStopPropagation": false
}
}

1
.travis.yml
View file

@ -1,6 +1,5 @@
language: php
php:
- 5.2
- 5.3
- 5.4
- 5.5

9
Gruntfile.js
View file

@ -172,15 +172,6 @@ module.exports = function(grunt) {
'modules/widget/tpl/js/*.js',
],
options : {
globalstrict: false,
undef : false,
eqeqeq: false,
browser : true,
globals: {
"jQuery" : true,
"console" : true,
"window" : true
},
ignores : [
'**/jquery*.js',
'**/swfupload.js',

13
addons/blogapi/blogapi.addon.php
View file

@ -30,8 +30,10 @@ if($_REQUEST['act'] != 'api')
// Read func file
require_once(_XE_PATH_ . 'addons/blogapi/blogapi.func.php');
$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
// If HTTP_RAW_POST_DATA is NULL, Print error message
if(!$GLOBALS['HTTP_RAW_POST_DATA'])
if(!$xml)
{
$content = getXmlRpcFailure(1, 'Invalid Method Call');
printContent($content);
@ -39,7 +41,14 @@ if(!$GLOBALS['HTTP_RAW_POST_DATA'])
// xmlprc parsing
// Parse the requested xmlrpc
$xml = new SimpleXMLElement($GLOBALS['HTTP_RAW_POST_DATA']);
if(Security::detectingXEE($xml))
{
header("HTTP/1.0 400 Bad Request");
exit;
}
if(version_compare(PHP_VERSION, '5.2.11', '<=')) libxml_disable_entity_loader(true);
$xml = new SimpleXMLElement($xml, LIBXML_NONET | LIBXML_NOENT);
$method_name = (string)$xml->methodName;
$params = $xml->params->param;

140
addons/oembed/jquery.oembed.js
View file

@ -781,12 +781,6 @@
from: 'htmlstring'
}
}),
new $.fn.oembed.OEmbedProvider("gravtar", "photo", ["mailto:.+"], null, {
templateRegex: /mailto:([^\/]+).*/,
template: function (wm, email) {
return '<img src="http://gravatar.com/avatar/' + email.md5() + '.jpg" alt="on Gravtar" class="jqoaImg">';
}
}),
//Rich
new $.fn.oembed.OEmbedProvider("twitter", "rich", ["twitter.com/.+"], "https://api.twitter.com/1/statuses/oembed.json"),
@ -1062,137 +1056,3 @@
})
];
})(jQuery);
//This is needed for gravatar :(
String.prototype.md5 = function () {
var a = function (a, b) {
var c = (a & 65535) + (b & 65535);
var d = (a >> 16) + (b >> 16) + (c >> 16);
return d << 16 | c & 65535
};
var b = function (a, b) {
return a << b | a >>> 32 - b
};
var c = function (c, d, e, f, g, h) {
return a(b(a(a(d, c), a(f, h)), g), e)
};
var d = function (a, b, d, e, f, g, h) {
return c(b & d | ~b & e, a, b, f, g, h)
};
var e = function (a, b, d, e, f, g, h) {
return c(b & e | d & ~e, a, b, f, g, h)
};
var f = function (a, b, d, e, f, g, h) {
return c(b ^ d ^ e, a, b, f, g, h)
};
var g = function (a, b, d, e, f, g, h) {
return c(d ^ (b | ~e), a, b, f, g, h)
};
var h = function (b) {
var c, h, i, j, k, l = b.length;
var m = 1732584193;
var n = -271733879;
var o = -1732584194;
var p = 271733878;
for(k = 0; k < l; k += 16) {
c = m;
h = n;
i = o;
j = p;
m = d(m, n, o, p, b[k + 0], 7, -680876936);
p = d(p, m, n, o, b[k + 1], 12, -389564586);
o = d(o, p, m, n, b[k + 2], 17, 606105819);
n = d(n, o, p, m, b[k + 3], 22, -1044525330);
m = d(m, n, o, p, b[k + 4], 7, -176418897);
p = d(p, m, n, o, b[k + 5], 12, 1200080426);
o = d(o, p, m, n, b[k + 6], 17, -1473231341);
n = d(n, o, p, m, b[k + 7], 22, -45705983);
m = d(m, n, o, p, b[k + 8], 7, 1770035416);
p = d(p, m, n, o, b[k + 9], 12, -1958414417);
o = d(o, p, m, n, b[k + 10], 17, -42063);
n = d(n, o, p, m, b[k + 11], 22, -1990404162);
m = d(m, n, o, p, b[k + 12], 7, 1804603682);
p = d(p, m, n, o, b[k + 13], 12, -40341101);
o = d(o, p, m, n, b[k + 14], 17, -1502002290);
n = d(n, o, p, m, b[k + 15], 22, 1236535329);
m = e(m, n, o, p, b[k + 1], 5, -165796510);
p = e(p, m, n, o, b[k + 6], 9, -1069501632);
o = e(o, p, m, n, b[k + 11], 14, 643717713);
n = e(n, o, p, m, b[k + 0], 20, -373897302);
m = e(m, n, o, p, b[k + 5], 5, -701558691);
p = e(p, m, n, o, b[k + 10], 9, 38016083);
o = e(o, p, m, n, b[k + 15], 14, -660478335);
n = e(n, o, p, m, b[k + 4], 20, -405537848);
m = e(m, n, o, p, b[k + 9], 5, 568446438);
p = e(p, m, n, o, b[k + 14], 9, -1019803690);
o = e(o, p, m, n, b[k + 3], 14, -187363961);
n = e(n, o, p, m, b[k + 8], 20, 1163531501);
m = e(m, n, o, p, b[k + 13], 5, -1444681467);
p = e(p, m, n, o, b[k + 2], 9, -51403784);
o = e(o, p, m, n, b[k + 7], 14, 1735328473);
n = e(n, o, p, m, b[k + 12], 20, -1926607734);
m = f(m, n, o, p, b[k + 5], 4, -378558);
p = f(p, m, n, o, b[k + 8], 11, -2022574463);
o = f(o, p, m, n, b[k + 11], 16, 1839030562);
n = f(n, o, p, m, b[k + 14], 23, -35309556);
m = f(m, n, o, p, b[k + 1], 4, -1530992060);
p = f(p, m, n, o, b[k + 4], 11, 1272893353);
o = f(o, p, m, n, b[k + 7], 16, -155497632);
n = f(n, o, p, m, b[k + 10], 23, -1094730640);
m = f(m, n, o, p, b[k + 13], 4, 681279174);
p = f(p, m, n, o, b[k + 0], 11, -358537222);
o = f(o, p, m, n, b[k + 3], 16, -722521979);
n = f(n, o, p, m, b[k + 6], 23, 76029189);
m = f(m, n, o, p, b[k + 9], 4, -640364487);
p = f(p, m, n, o, b[k + 12], 11, -421815835);
o = f(o, p, m, n, b[k + 15], 16, 530742520);
n = f(n, o, p, m, b[k + 2], 23, -995338651);
m = g(m, n, o, p, b[k + 0], 6, -198630844);
p = g(p, m, n, o, b[k + 7], 10, 1126891415);
o = g(o, p, m, n, b[k + 14], 15, -1416354905);
n = g(n, o, p, m, b[k + 5], 21, -57434055);
m = g(m, n, o, p, b[k + 12], 6, 1700485571);
p = g(p, m, n, o, b[k + 3], 10, -1894986606);
o = g(o, p, m, n, b[k + 10], 15, -1051523);
n = g(n, o, p, m, b[k + 1], 21, -2054922799);
m = g(m, n, o, p, b[k + 8], 6, 1873313359);
p = g(p, m, n, o, b[k + 15], 10, -30611744);
o = g(o, p, m, n, b[k + 6], 15, -1560198380);
n = g(n, o, p, m, b[k + 13], 21, 1309151649);
m = g(m, n, o, p, b[k + 4], 6, -145523070);
p = g(p, m, n, o, b[k + 11], 10, -1120210379);
o = g(o, p, m, n, b[k + 2], 15, 718787259);
n = g(n, o, p, m, b[k + 9], 21, -343485551);
m = a(m, c);
n = a(n, h);
o = a(o, i);
p = a(p, j)
}
return [m, n, o, p]
};
var i = function (a) {
var b = "0123456789abcdef",
c = "",
d, e = a.length * 4;
for(d = 0; d < e; d++) {
c += b.charAt(a[d >> 2] >> d % 4 * 8 + 4 & 15) + b.charAt(a[d >> 2] >> d % 4 * 8 & 15)
}
return c
};
var j = function (a) {
var b = (a.length + 8 >> 6) + 1;
var c = [],
d, e = b * 16,
f, g = a.length;
for(d = 0; d < e; d++) {
c.push(0)
}
for(f = 0; f < g; f++) {
c[f >> 2] |= (a.charCodeAt(f) & 255) << f % 4 * 8
}
c[f >> 2] |= 128 << f % 4 * 8;
c[b * 16 - 2] = g * 8;
return c
};
return i(h(j(this)))
}

4
addons/oembed/jquery.oembed.min.js vendored
View file

File diff suppressed because one or more lines are too long

2
addons/oembed/jquery.oembed.min.map
View file

File diff suppressed because one or more lines are too long

18
classes/context/Context.class.php
View file

@ -1240,8 +1240,15 @@ class Context
return;
}
$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
if(Security::detectingXEE($xml))
{
header("HTTP/1.0 400 Bad Request");
exit;
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
@ -1277,16 +1284,11 @@ class Context
return $stack;
}
$body = $this->_filterRequestVar($key, trim($val->body ? $val->body : ''), 0);
if($body)
{
return $body;
}
$body = $val->body;
unset($val->node_name, $val->attrs, $val->body);
if(!count(get_object_vars($val)))
{
return NULL;
return $this->_filterRequestVar($key, $body, 0);
}
$stack = new stdClass();

2
classes/display/HTMLDisplayHandler.php
View file

@ -432,7 +432,7 @@ class HTMLDisplayHandler
{
$oContext->loadFile(array('./modules/admin/tpl/css/admin.min.css', '', '', 10), true);
$oContext->loadFile(array("./modules/admin/tpl/css/admin_{$lang_type}.css", '', '', 10), true);
$oContext->loadFile(array("./modules/admin/tpl/css/admin.iefix.min.css", '', 'ie', 10), true);
$oContext->loadFile(array("./modules/admin/tpl/css/admin.iefix.css", '', 'ie', 10), true);
$oContext->loadFile('./modules/admin/tpl/js/admin.min.js', true);
$oContext->loadFile(array('./modules/admin/tpl/css/admin.bootstrap.min.css', '', '', 1), true);
$oContext->loadFile(array('./modules/admin/tpl/js/jquery.tmpl.js', '', '', 1), true);

4
classes/display/VirtualXMLDisplayHandler.php
View file

@ -14,8 +14,8 @@ class VirtualXMLDisplayHandler
$message = $oModule->getMessage();
$redirect_url = $oModule->get('redirect_url');
$request_uri = Context::get('xeRequestURI');
$request_url = Context::get('xeVirtualRequestUrl');
$output = new stdClass;
$request_url = Context::getRequestUri();
$output = new stdClass();
if(substr_compare($request_url, '/', -1) !== 0)
{

2
classes/extravar/Extravar.class.php
View file

@ -297,7 +297,7 @@ class ExtraItem
return ($value) ? sprintf('<a href="mailto:%s">%s</a>', $value, $value) : "";
case 'tel' :
return sprintf('%s - %s - %s', $value[0], $value[1], $value[2]);
return sprintf('%s-%s-%s', $value[0], $value[1], $value[2]);
case 'textarea' :
return nl2br($value);

17
classes/file/FileHandler.class.php
View file

@ -635,18 +635,13 @@ class FileHandler
*/
function returnBytes($val)
{
$last = strtolower(substr(trim($val), -1));
switch ($last)
$unit = strtoupper(substr($val, -1));
$val = (int)$val;
switch ($unit)
{
case 'g':
$val *= 1024 * 1024 * 1024;
break;
case 'm':
$val *= 1024 * 1024;
break;
case 'k':
$val *= 1024;
break;
case 'G': $val *= 1024;
case 'M': $val *= 1024;
case 'K': $val *= 1024;
}
return $val;

49
classes/security/Security.class.php
View file

@ -175,6 +175,55 @@ class Security
return $var;
}
/**
* @brief check XML External Entity
*
* @see from drupal. https://github.com/drupal/drupal/commit/90e884ad0f7f2cf269d953f7d70966de9fd821ff
*
* @param string $xml
* @return bool
*/
static function detectingXEE($xml)
{
if(!$xml) return FALSE;
if(strpos($xml, '<!ENTITY') !== FALSE)
{
return TRUE;
}
// Strip XML declaration.
$header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xml, 0, 100), 1);
$xml = trim(substr_replace($xml, $header, 0, 100));
if($xml == '')
{
return TRUE;
}
// Strip DTD.
$header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);
$xml = trim(substr_replace($xml, $header, 0, 200));
if($xml == '')
{
return TRUE;
}
// Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n]
$root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));
// Reject a second DTD.
if(strtoupper($root_tag) == '<!DOCTYPE')
{
return TRUE;
}
if(!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault')))
{
return TRUE;
}
return FALSE;
}
}
/* End of file : Security.class.php */
/* Location: ./classes/security/Security.class.php */

2
config/config.inc.php
View file

@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
/**
* Display XE's full version.
*/
define('__XE_VERSION__', '1.7.9');
define('__XE_VERSION__', '1.7.10');
define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));

54
config/func.inc.php
View file

@ -714,9 +714,43 @@ function zdate($str, $format = 'Y-m-d H:i:s', $conversion = TRUE)
}
}
$date = new DateTime($str);
$string = $date->format($format);
// If year value is less than 1970, handle it separately.
if((int) substr($str, 0, 4) < 1970)
{
$hour = (int) substr($str, 8, 2);
$min = (int) substr($str, 10, 2);
$sec = (int) substr($str, 12, 2);
$year = (int) substr($str, 0, 4);
$month = (int) substr($str, 4, 2);
$day = (int) substr($str, 6, 2);
// leading zero?
$lz = create_function('$n', 'return ($n>9?"":"0").$n;');
$trans = array(
'Y' => $year,
'y' => $lz($year % 100),
'm' => $lz($month),
'n' => $month,
'd' => $lz($day),
'j' => $day,
'G' => $hour,
'H' => $lz($hour),
'g' => $hour % 12,
'h' => $lz($hour % 12),
'i' => $lz($min),
's' => $lz($sec),
'M' => getMonthName($month),
'F' => getMonthName($month, FALSE)
);
$string = strtr($format, $trans);
}
else
{
// if year value is greater than 1970, get unixtime by using ztime() for date() function's argument.
$string = date($format, ztime($str));
}
// change day and am/pm for each language
$unit_week = Context::getLang('unit_week');
$unit_meridiem = Context::getLang('unit_meridiem');
@ -1067,8 +1101,22 @@ function removeHackTag($content)
*/
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)($|>|<)@i', 'removeSrcHack', $content);
// xmp tag ?뺤씤 <20>??<3F>붽?
$content = checkXmpTag($content);
$content = blockWidgetCode($content);
return $content;
}
/**
* blocking widget code
*
* @param string $content Taget content
* @return string
**/
function blockWidgetCode($content)
{
$content = preg_replace('/(<(?:img|div)(?:[^>]*))(widget)(?:(=([^>]*?)>))/is', '$1blocked-widget$3', $content);
return $content;
}

3
modules/admin/admin.admin.view.php
View file

@ -248,6 +248,9 @@ class adminAdminView extends admin
*/
function dispAdminIndex()
{
$db_info = Context::getDBInfo();
Context::set('db_info',$db_info);
// Get statistics
$args = new stdClass();
$args->date = date("Ymd000000", $_SERVER['REQUEST_TIME'] - 60 * 60 * 24);

7
modules/admin/lang/lang.xml
View file

@ -1606,4 +1606,11 @@
<value xml:lang="en"><![CDATA[Your IP]]></value>
<value xml:lang="jp"><![CDATA[接続したIP]]></value>
</item>
<item name="sitelock_in_use">
<value xml:lang="ko"><![CDATA[사이트 잠금을 사용중입니다.]]></value>
<value xml:lang="en"><![CDATA[Site lock in use]]></value>
</item>
<item name="about_sitelock_in_use">
<value xml:lang="ko"><![CDATA[관리자 페이지에서 허용한 IP를 제외한 사용자는 접속할 수 없습니다.]]></value>
</item>
</lang>

5
modules/admin/tpl/index.html
View file

@ -19,6 +19,11 @@
<p>{$XE_VALIDATOR_MESSAGE}</p>
</div>
<div class="message error" cond="$db_info->use_sitelock == 'Y'">
<h2>{$lang->sitelock_in_use}</h2>
<p>{$lang->about_sitelock_in_use}</p>
</div>
<form action="./" method="post" class="message info x_clearfix" cond="!$isLicenseAgreement">
<input type="hidden" name="success_return_url" value="{getUrl('', 'module', 'admin')}" />
<input type="hidden" name="module" value="install" />

10
modules/board/board.api.php
View file

@ -50,7 +50,7 @@ class boardAPI extends board {
/**
* @brief category list
**/
function dispBoardCatogoryList(&$oModule) {
function dispBoardCategoryList(&$oModule) {
$oModule->add('category_list',Context::get('category_list'));
}
@ -97,10 +97,18 @@ class boardAPI extends board {
function arrangeContent($content) {
$oBoardView = getView('board');
$output = new stdClass;
if($content){
$output = $content->gets('document_srl','category_srl','member_srl','nick_name','user_id','user_name','title','content','tags','readed_count','voted_count','blamed_count','comment_count','regdate','last_update','extra_vars','status');
if(!$oBoardView->grant->view)
{
unset($output->content);
unset($output->tags);
unset($output->extra_vars);
}
$t_width = Context::get('thumbnail_width');
$t_height = Context::get('thumbnail_height');
$t_type = Context::get('thumbnail_type');

70
modules/board/board.view.php
View file

@ -212,6 +212,13 @@ class boardView extends board
// check if the use_category option is enabled
if($this->module_info->use_category=='Y')
{
// check the grant
if(!$this->grant->list)
{
Context::set('category_list', array());
return;
}
$oDocumentModel = getModel('document');
Context::set('category_list', $oDocumentModel->getCategoryList($this->module_srl));
@ -323,6 +330,59 @@ class boardView extends board
* @brief display the document file list (can be used by API)
**/
function dispBoardContentFileList(){
/**
* check the access grant (all the grant has been set by the module object)
**/
if(!$this->grant->access)
{
return $this->dispBoardMessage('msg_not_permitted');
}
// check document view grant
$this->dispBoardContentView();
// Check if a permission for file download is granted
// Get configurations (using module model object)
$oModuleModel = getModel('module');
$file_module_config = $oModuleModel->getModulePartConfig('file',$this->module_srl);
$downloadGrantCount = 0;
if(is_array($file_module_config->download_grant))
{
foreach($file_module_config->download_grant AS $value)
if($value) $downloadGrantCount++;
}
if(is_array($file_module_config->download_grant) && $downloadGrantCount>0)
{
if(!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
$logged_info = Context::get('logged_info');
if($logged_info->is_admin != 'Y')
{
$oModuleModel =& getModel('module');
$columnList = array('module_srl', 'site_srl');
$module_info = $oModuleModel->getModuleInfoByModuleSrl($this->module_srl, $columnList);
if(!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
{
$oMemberModel =& getModel('member');
$member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl);
$is_permitted = false;
for($i=0;$i<count($file_module_config->download_grant);$i++)
{
$group_srl = $file_module_config->download_grant[$i];
if($member_groups[$group_srl])
{
$is_permitted = true;
break;
}
}
if(!$is_permitted) return $this->stop('msg_not_permitted_download');
}
}
}
$oDocumentModel = getModel('document');
$document_srl = Context::get('document_srl');
$oDocument = $oDocumentModel->getDocument($document_srl);
@ -336,6 +396,9 @@ class boardView extends board
* @brief display the document comment list (can be used by API)
**/
function dispBoardContentCommentList(){
// check document view grant
$this->dispBoardContentView();
$oDocumentModel = getModel('document');
$document_srl = Context::get('document_srl');
$oDocument = $oDocumentModel->getDocument($document_srl);
@ -360,6 +423,13 @@ class boardView extends board
* @brief display notice list (can be used by API)
**/
function dispBoardNoticeList(){
// check the grant
if(!$this->grant->list)
{
Context::set('notice_list', array());
return;
}
$oDocumentModel = getModel('document');
$args = new stdClass();
$args->module_srl = $this->module_srl;

2
modules/board/conf/module.xml
View file

@ -60,7 +60,7 @@
<action name="dispBoardNoticeList" type="view" />
<action name="dispBoardContentList" type="view" />
<action name="dispBoardContentView" type="view" />
<action name="dispBoardCatogoryList" type="view" />
<action name="dispBoardCategoryList" type="view" />
<action name="dispBoardContentCommentList" type="view" />
<action name="dispBoardContentFileList" type="view" />

2
modules/document/document.controller.php
View file

@ -443,7 +443,7 @@ class documentController extends document
if(Context::get('is_logged'))
{
$logged_info = Context::get('logged_info');
if($source_obj->get('member_srl')==$logged_info->member_srl || $bUseHistory)
if($source_obj->get('member_srl')==$logged_info->member_srl)
{
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);

26
modules/document/document.model.php
View file

@ -562,18 +562,10 @@ class documentModel extends document
*/
function getDocumentCount($module_srl, $search_obj = NULL)
{
// Additional search options
$args =new stdClass();
$args->module_srl = $module_srl;
$args->s_title = $search_obj->s_title;
$args->s_content = $search_obj->s_content;
$args->s_user_name = $search_obj->s_user_name;
$args->s_member_srl = $search_obj->s_member_srl;
$args->s_ipaddress = $search_obj->s_ipaddress;
$args->s_regdate = $search_obj->s_regdate;
$args->category_srl = $search_obj->category_srl;
if(is_null($search_obj)) $search_obj = new stdClass();
$search_obj->module_srl = $module_srl;
$output = executeQuery('document.getDocumentCount', $args);
$output = executeQuery('document.getDocumentCount', $search_obj);
// Return total number of
$total_count = $output->data->count;
return (int)$total_count;
@ -586,17 +578,7 @@ class documentModel extends document
*/
function getDocumentCountByGroupStatus($search_obj = NULL)
{
// Additional search options
$args->module_srl = $search_obj->module_srl;
$args->s_title = $search_obj->s_title;
$args->s_content = $search_obj->s_content;
$args->s_user_name = $search_obj->s_user_name;
$args->s_member_srl = $search_obj->s_member_srl;
$args->s_ipaddress = $search_obj->s_ipaddress;
$args->s_regdate = $search_obj->s_regdate;
$args->category_srl = $search_obj->category_srl;
$output = executeQuery('document.getDocumentCountByGroupStatus', $args);
$output = executeQuery('document.getDocumentCountByGroupStatus', $search_obj);
if(!$output->toBool()) return array();
return $output->data;

4
modules/document/queries/getDocumentCount.xml
View file

@ -8,7 +8,7 @@
<conditions>
<condition operation="equal" column="module_srl" var="module_srl" filter="number" notnull="notnull" />
<condition operation="notin" column="module_srl" var="exclude_module_srl" filter="number" pipe="and" />
<condition operation="equal" column="category_srl" var="category_srl" />
<condition operation="equal" column="category_srl" var="category_srl" filter="number" pipe="and" />
<condition operation="equal" column="is_notice" var="s_is_notice" pipe="and" />
<condition operation="equal" column="member_srl" var="member_srl" filter="number" pipe="and" />
<condition operation="in" column="status" var="statusList" pipe="and" />
@ -18,7 +18,7 @@
<condition operation="like" column="user_name" var="s_user_name" pipe="and" />
<condition operation="like" column="user_id" var="s_user_id" pipe="or" />
<condition operation="like" column="nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="tags" var="s_tags" pipe="or" />
<condition operation="equal" column="member_srl" var="s_member_srl" pipe="and" />

4
modules/document/queries/getDocumentCountByGroupStatus.xml
View file

@ -9,7 +9,7 @@
<conditions>
<condition operation="equal" column="module_srl" var="module_srl" filter="number" />
<condition operation="notin" column="module_srl" var="exclude_module_srl" filter="number" pipe="and" />
<condition operation="equal" column="category_srl" var="category_srl" />
<condition operation="equal" column="category_srl" var="category_srl" filter="number" pipe="and" />
<condition operation="equal" column="is_notice" var="s_is_notice" pipe="and" />
<condition operation="equal" column="member_srl" var="member_srl" filter="number" pipe="and" />
<condition operation="in" column="status" var="statusList" pipe="and" />
@ -19,7 +19,7 @@
<condition operation="like" column="user_name" var="s_user_name" pipe="and" />
<condition operation="like" column="user_id" var="s_user_id" pipe="or" />
<condition operation="like" column="nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="tags" var="s_tags" pipe="or" />
<condition operation="equal" column="member_srl" var="s_member_srl" pipe="and" />

2
modules/document/queries/getDocumentListExtraSort.xml
View file

@ -26,7 +26,7 @@
<condition operation="like" column="d.user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="d.user_id" var="s_user_id" pipe="or" />
<condition operation="like" column="d.nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="d.email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="d.email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="d.homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="d.tags" var="s_tags" pipe="or" />
<condition operation="equal" column="d.is_secret" var="s_is_secret" pipe="or" />

2
modules/document/queries/getDocumentListUseIndex.xml
View file

@ -25,7 +25,7 @@
<condition operation="like" column="user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="user_id" var="s_user_id" pipe="or" />
<condition operation="like" column="nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="tags" var="s_tags" pipe="or" />
<condition operation="equal" column="member_srl" var="s_member_srl" pipe="or" />

2
modules/document/queries/getDocumentListWithinMember.xml
View file

@ -15,7 +15,7 @@
<condition operation="like" column="documents.content" var="s_content" pipe="or" />
<condition operation="like" column="documents.user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="documents.nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="documents.email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="documents.email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="documents.homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="documents.tags" var="s_tags" pipe="or" />
<condition operation="equal" column="documents.is_notice" var="s_is_notice" pipe="or" />

1
modules/document/queries/getDocumentListWithinTag.xml
View file

@ -14,6 +14,7 @@
<condition operation="in" column="documents.category_srl" var="category_srl" filter="number" pipe="and" />
<condition operation="equal" column="documents.member_srl" var="member_srl" filter="number" pipe="and" />
<condition operation="like" column="tags.tag" var="s_tags" notnull="notnull" pipe="and" />
<condition operation="in" column="documents.status" var="statusList" pipe="and" />
</conditions>
<navigation>
<index var="sort_index" default="documents.list_order" order="order_type" />

2
modules/document/queries/getTrashList.xml
View file

@ -26,7 +26,7 @@
<condition operation="like" column="documents.user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="documents.user_id" var="s_user_id" pipe="or" />
<condition operation="like" column="documents.nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="documents.email_address" var="s_email_addres" pipe="or" />
<condition operation="like" column="documents.email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="documents.homepage" var="s_homepage" pipe="or" />
<condition operation="like" column="documents.tags" var="s_tags" pipe="or" />
<condition operation="equal" column="documents.is_secret" var="s_is_secret" pipe="or" />

2
modules/editor/tpl/js/uploader.js
View file

@ -49,7 +49,7 @@ var uploadAutosaveChecker = false;
settings = {
flash_url : request_uri + 'modules/editor/tpl/images/SWFUpload.swf',
upload_url : request_uri.replace(/^https/i, 'http')+'index.php',
upload_url : request_uri + 'index.php',
post_params : {
mid : current_mid,
act : 'procFileUpload',

2
modules/editor/tpl/js/uploader.min.js vendored
View file

File diff suppressed because one or more lines are too long

2
modules/editor/tpl/js/uploader.min.map
View file

File diff suppressed because one or more lines are too long

25
modules/file/file.admin.controller.php
View file

@ -134,10 +134,10 @@ class fileAdminController extends file
else $file_config->download_grant = $download_grant;
//관리자가 허용한 첨부파일의 사이즈가 php.ini의 값보다 큰지 확인하기 - by ovclas
$userFileAllowSize = $this->_changeBytes($file_config->allowed_filesize.'M');
$userAttachAllowSize = $this->_changeBytes($file_config->allowed_attach_size.'M');
$iniPostMaxSize = $this->_changeBytes(ini_get('post_max_size'));
$iniUploadMaxSize = $this->_changeBytes(ini_get('upload_max_filesize'));
$userFileAllowSize = FileHandler::returnbytes($file_config->allowed_filesize.'M');
$userAttachAllowSize = FileHandler::returnbytes($file_config->allowed_attach_size.'M');
$iniPostMaxSize = FileHandler::returnbytes(ini_get('post_max_size'));
$iniUploadMaxSize = FileHandler::returnbytes(ini_get('upload_max_filesize'));
$iniMinSzie = min($iniPostMaxSize, $iniUploadMaxSize);
if($userFileAllowSize > $iniMinSzie || $userAttachAllowSize > $iniMinSzie)
@ -178,23 +178,6 @@ class fileAdminController extends file
else $_SESSION['file_management'][$output->file_srl] = true;
}
}
/**
* Change value from human readable to byte unit
*
* @param string $size_str Size string
* @return int The byte value for input
*/
function _changeBytes($size_str)
{
switch (substr ($size_str, -1))
{
case 'M': case 'm': return (int)$size_str * 1048576;
case 'K': case 'k': return (int)$size_str * 1024;
case 'G': case 'g': return (int)$size_str * 1073741824;
default: return $size_str;
}
}
}
/* End of file file.admin.controller.php */
/* Location: ./modules/file/file.admin.controller.php */

6
modules/file/file.admin.view.php
View file

@ -201,7 +201,7 @@ class fileAdminView extends file
// Set a template
$security = new Security();
$security->encodeHTML('file_list..');
$security->encodeHTML('module_list..');
$security->encodeHTML('module_list..');
$this->setTemplatePath($this->module_path.'tpl');
$this->setTemplateFile('file_list');
@ -217,6 +217,10 @@ class fileAdminView extends file
$oFileModel = getModel('file');
$config = $oFileModel->getFileConfig();
Context::set('config',$config);
$iniPostMaxSize = FileHandler::returnbytes(ini_get('post_max_size'));
$iniUploadMaxSize = FileHandler::returnbytes(ini_get('upload_max_filesize'));
$iniMinSize = min($iniPostMaxSize, $iniUploadMaxSize);
Context::set('upload_max_filesize', FileHandler::filesize($iniMinSize));
// Set a template file
$this->setTemplatePath($this->module_path.'tpl');
$this->setTemplateFile('adminConfig');

4
modules/file/file.model.php
View file

@ -238,7 +238,9 @@ class fileModel extends file
if($logged_info->is_admin == 'Y')
{
$size = preg_replace('/[a-z]/is', '', ini_get('upload_max_filesize'));
$iniPostMaxSize = FileHandler::returnbytes(ini_get('post_max_size'));
$iniUploadMaxSize = FileHandler::returnbytes(ini_get('upload_max_filesize'));
$size = min($iniPostMaxSize, $iniUploadMaxSize) / 1048576;
$file_config->allowed_attach_size = $size;
$file_config->allowed_filesize = $size;
$file_config->allowed_filetypes = '*.*';

2
modules/file/tpl/adminConfig.html
View file

@ -34,7 +34,7 @@
<div class="x_control-group">
<label for="filesize" class="x_control-label">{$lang->allowed_filesize} <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_file_size" target="_blank">{$lang->help}</a></label>
<div class="x_controls">
<input type="number" id="filesize" name="allowed_filesize" value="{$config->allowed_filesize}" /> MB/{ini_get('upload_max_filesize')}
<input type="number" id="filesize" name="allowed_filesize" value="{$config->allowed_filesize}" /> MB/{$upload_max_filesize}
</div>
</div>
<div class="x_control-group">

2
modules/integration_search/integration_search.model.php
View file

@ -198,7 +198,7 @@ class integration_searchModel extends module
else if(preg_match('/\.(swf|flv|wmv|avi|mpg|mpeg|asx|asf|mp3)$/i', $val->source_filename))
{
$obj->type = 'multimedia';
$obj->src = sprintf('<script>displayMultimedia("%s",120,120);</script>', $obj->download_url);
$obj->src = sprintf('<script>displayMultimedia("%s",120,120);</script>', $val->uploaded_filename);
// Others
}
else

14
modules/member/member.model.php
View file

@ -138,8 +138,18 @@ class memberModel extends member
// When click other's nickname
if($member_srl != $logged_info->member_srl && $logged_info->member_srl)
{
// Send an email
if($member_info->email_address)
// Get email config
foreach($this->module_config->signupForm as $field)
{
if($field->name == 'email_address')
{
$email_config = $field;
break;
}
}
// Send an email only if email address is public
if(($logged_info->is_admin == 'Y' || $email_config->isPublic == 'Y') && $member_info->email_address)
{
$url = 'mailto:'.htmlspecialchars($member_info->email_address, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$oMemberController->addMemberPopupMenu($url,'cmd_send_email',$icon_path);

4
modules/module/module.view.php
View file

@ -140,6 +140,10 @@ class moduleView extends module
if($logged_info->is_admin !='Y' && !$logged_info->is_site_admin) return new Object(-1, 'msg_not_permitted');
$input_name = Context::get('input');
if(!preg_match('/^[a-z0-9_]+$/i', $input_name))
{
return new Object(-1, 'msg_invalid_request');
}
if(!$input_name) return new Object(-1, 'msg_not_permitted');

13
modules/point/tpl/member_list.html
View file

@ -78,7 +78,7 @@
<input cond="$search_keyword" type="hidden" name="search_keyword" value="{$search_keyword}" />
<ul>
<li class="x_disabled"|cond="!$page || $page == 1"><a href="{getUrl('page', '')}">&laquo; {$lang->first_page}</a></li>
<block cond="$page_navigation->first_page != 1 && $page_navigation->first_page + $page_navigation->page_count > $page_navigation->last_page - 1 && $page_navigation->page_count != $page_navigation->total_page">
{@$isGoTo = true}
<li>
@ -89,12 +89,12 @@
</span>
</li>
</block>
<!--@while($page_no = $page_navigation->getNextPage())-->
{@$last_page = $page_no}
<li class="x_active"|cond="$page_no == $page"><a href="{getUrl('page', $page_no)}">{$page_no}</a></li>
<!--@end-->
<block cond="$last_page != $page_navigation->last_page && $last_page + 1 != $page_navigation->last_page">
{@$isGoTo = true}
<li>
@ -104,9 +104,9 @@
<button type="submit" class="x_add-on">Go</button>
</span>
</li>
</block>
<li class="x_disabled"|cond="$page == $page_navigation->last_page"><a href="{getUrl('page', $page_navigation->last_page)}" title="{$page_navigation->last_page}">{$lang->last_page} &raquo;</a></li>
</ul>
</form>
@ -142,7 +142,6 @@
<input type="hidden" name="act" value="procPointAdminUpdatePoint" />
<input type="hidden" id="update_member_srl" name="member_srl" value="" />
<input type="hidden" id="update_point" name="point" />
<input type="hidden" name="success_return_url" value="{Context::getRequestUrl()}" />
<input type="hidden" name="xe_validator_id" value="modules/point/tpl/member_list/1" />
<input type="hidden" name="success_return_url" value="{getUrl()}">
</form>

102
modules/widget/widget.model.php
View file

@ -281,86 +281,88 @@ class widgetModel extends widget
$xml_obj = $tmp_xml_obj->widgetstyle;
if(!$xml_obj) return;
$buff = '';
$buff = array();
$buff[] = '<?php if(!defined("__XE__")) exit();';
$buff[] = '$widgetStyle_info = new stdClass();';
// Title of the widget, version
$buff .= sprintf('$widgetStyle_info->widgetStyle = "%s";', $widgetStyle);
$buff .= sprintf('$widgetStyle_info->path = "%s";', $widgetStyle_path);
$buff .= sprintf('$widgetStyle_info->title = "%s";', $xml_obj->title->body);
$buff .= sprintf('$widgetStyle_info->description = "%s";', $xml_obj->description->body);
$buff .= sprintf('$widgetStyle_info->version = "%s";', $xml_obj->version->body);
$buff[] = sprintf('$widgetStyle_info->widgetStyle = "%s";', $widgetStyle);
$buff[] = sprintf('$widgetStyle_info->path = "%s";', $widgetStyle_path);
$buff[] = sprintf('$widgetStyle_info->title = "%s";', $xml_obj->title->body);
$buff[] = sprintf('$widgetStyle_info->description = "%s";', $xml_obj->description->body);
$buff[] = sprintf('$widgetStyle_info->version = "%s";', $xml_obj->version->body);
sscanf($xml_obj->date->body, '%d-%d-%d', $date_obj->y, $date_obj->m, $date_obj->d);
$date = sprintf('%04d%02d%02d', $date_obj->y, $date_obj->m, $date_obj->d);
$buff .= sprintf('$widgetStyle_info->date = "%s";', $date);
$buff .= sprintf('$widgetStyle_info->homepage = "%s";', $xml_obj->link->body);
$buff .= sprintf('$widgetStyle_info->license = "%s";', $xml_obj->license->body);
$buff .= sprintf('$widgetStyle_info->license_link = "%s";', $xml_obj->license->attrs->link);
$buff[] = sprintf('$widgetStyle_info->date = "%s";', $date);
$buff[] = sprintf('$widgetStyle_info->homepage = "%s";', $xml_obj->link->body);
$buff[] = sprintf('$widgetStyle_info->license = "%s";', $xml_obj->license->body);
$buff[] = sprintf('$widgetStyle_info->license_link = "%s";', $xml_obj->license->attrs->link);
// preview
if(!$xml_obj->preview->body) $xml_obj->preview->body = 'preview.jpg';
$preview_file = sprintf("%s%s", $widgetStyle_path,$xml_obj->preview->body);
if(file_exists($preview_file)) $buff .= sprintf('$widgetStyle_info->preview = "%s";', $preview_file);
// Author information
if(!is_array($xml_obj->author)) $author_list[] = $xml_obj->author;
else $author_list = $xml_obj->author;
if(file_exists($preview_file)) $buff[] = sprintf('$widgetStyle_info->preview = "%s";', $preview_file);
for($i=0; $i < count($author_list); $i++)
// Author information
$author_list = (!is_array($author_list)) ? array($author_list) : $author_list;
foreach($author_list as $idx => $author)
{
$buff .= '$widgetStyle_info->author['.$i.'] = new stdClass;';
$buff .= sprintf('$widgetStyle_info->author['.$i.']->name = "%s";', $author_list[$i]->name->body);
$buff .= sprintf('$widgetStyle_info->author['.$i.']->email_address = "%s";', $author_list[$i]->attrs->email_address);
$buff .= sprintf('$widgetStyle_info->author['.$i.']->homepage = "%s";', $author_list[$i]->attrs->link);
$buff[] = sprintf('$widgetStyle_info->author[%d] = new stdClass();', $idx);
$buff[] = sprintf('$widgetStyle_info->author[%d]->name = "%s";', $idx, $author->name->body);
$buff[] = sprintf('$widgetStyle_info->author[%d]->email_address = "%s";', $idx, $author->attrs->email_address);
$buff[] = sprintf('$widgetStyle_info->author[%d]->homepage = "%s";', $idx, $author->attrs->link);
}
// Extra vars (user defined variables to use in a template)
$extra_var_groups = $xml_obj->extra_vars->group;
if(!$extra_var_groups) $extra_var_groups = $xml_obj->extra_vars;
if(!is_array($extra_var_groups)) $extra_var_groups = array($extra_var_groups);
$extra_var_count = 0;
$buff[] = sprintf('$widgetStyle_info->extra_var = new stdClass();', $extra_var_count);
foreach($extra_var_groups as $group)
{
$extra_vars = $group->var;
if(!is_array($group->var)) $extra_vars = array($group->var);
$extra_vars = (!is_array($group->var)) ? array($group->var) : $group->var;
if($extra_vars[0]->attrs->id || $extra_vars[0]->attrs->name)
{
$extra_var_count = count($extra_vars);
$buff .= sprintf('$widgetStyle_info->extra_var_count = "%s";$widgetStyle_info->extra_var = new stdClass;', $extra_var_count);
for($i=0;$i<$extra_var_count;$i++)
foreach($extra_vars as $var)
{
unset($var);
unset($options);
$var = $extra_vars[$i];
$extra_var_count++;
$id = ($var->attrs->id) ? $var->attrs->id : $var->attrs->name;
$name = ($var->name->body) ? $var->name->body : $var->title->body;
$type = ($var->attrs->type) ? $var->attrs->type : $var->type->body;
$id = $var->attrs->id?$var->attrs->id:$var->attrs->name;
$name = $var->name->body?$var->name->body:$var->title->body;
$type = $var->attrs->type?$var->attrs->type:$var->type->body;
$buff .= sprintf('$widgetStyle_info->extra_var->%s = new stdClass;', $id);
$buff .= sprintf('$widgetStyle_info->extra_var->%s->group = "%s";', $id, $group->title->body);
$buff .= sprintf('$widgetStyle_info->extra_var->%s->name = "%s";', $id, $name);
$buff .= sprintf('$widgetStyle_info->extra_var->%s->type = "%s";', $id, $type);
if($type =='filebox') $buff .= sprintf('$widgetStyle_info->extra_var->%s->filter = "%s";', $id, $var->attrs->filter);
if($type =='filebox') $buff .= sprintf('$widgetStyle_info->extra_var->%s->allow_multiple = "%s";', $id, $var->attrs->allow_multiple);
$buff .= sprintf('$widgetStyle_info->extra_var->%s->value = $vars->%s;', $id, $id);
$buff .= sprintf('$widgetStyle_info->extra_var->%s->description = "%s";', $id, str_replace('"','\"',$var->description->body));
$options = $var->options;
if(!$options) continue;
if(!is_array($options)) $options = array($options);
$options_count = count($options);
for($j=0;$j<$options_count;$j++)
$buff[] = sprintf('$widgetStyle_info->extra_var->%s = new stdClass();', $id);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->group = "%s";', $id, $group->title->body);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->name = "%s";', $id, $name);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->type = "%s";', $id, $type);
if($type =='filebox')
{
$buff .= sprintf('$widgetStyle_info->extra_var->%s->options["%s"] = "%s";', $id, $options[$j]->value->body, $options[$j]->name->body);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->filter = "%s";', $id, $var->attrs->filter);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->allow_multiple = "%s";', $id, $var->attrs->allow_multiple);
}
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->value = $vars->%s;', $id, $id);
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->description = "%s";', $id, str_replace('"','\"',$var->description->body));
if($var->options)
{
$var_options = (!is_array($var->options)) ? array($var->options) : $var->options;
foreach($var_options as $option_item)
{
$buff[] = sprintf('$widgetStyle_info->extra_var->%s->options["%s"] = "%s";', $id, $option_item->value->body, $option_item->name->body);
}
}
}
}
}
$buff[] = sprintf('$widgetStyle_info->extra_var_count = %d;', $extra_var_count);
$buff = '<?php if(!defined("__XE__")) exit(); '.$buff.' ?>';
FileHandler::writeFile($cache_file, $buff);
FileHandler::writeFile($cache_file, implode(PHP_EOL, $buff));
if(file_exists($cache_file)) @include($cache_file);
return $widgetStyle_info;
}
}

17
widgets/content/content.class.php
View file

@ -811,37 +811,36 @@ class contentItem extends Object
}
function setLink($url)
{
$this->add('url',$url);
$this->add('url', strip_tags($url));
}
function setTitle($title)
{
$this->add('title',$title);
$this->add('title', strip_tags($title));
}
function setThumbnail($thumbnail)
{
$this->add('thumbnail',$thumbnail);
$this->add('thumbnail', $thumbnail);
}
function setContent($content)
{
$this->add('content',$content);
$this->add('content', removeHackTag($content));
}
function setRegdate($regdate)
{
$this->add('regdate',$regdate);
$this->add('regdate', strip_tags($regdate));
}
function setNickName($nick_name)
{
$this->add('nick_name',$nick_name);
$this->add('nick_name', strip_tags($nick_name));
}
// Save author's homepage url. By misol
function setAuthorSite($site_url)
{
$this->add('author_site',$site_url);
$this->add('author_site', strip_tags($site_url));
}
function setCategory($category)
{
$this->add('category',$category);
$this->add('category', strip_tags($category));
}
function getBrowserTitle()
{