Merge branch 'develop' into pr/1051

modules/admin/admin.admin.controller.php

@@ -726,6 +726,9 @@ class adminAdminController extends admin
 		
 		Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip));
 		Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip));
+		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
+		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
+		Rhymix\Framework\Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');
 		
 		// Save
 		if (!Rhymix\Framework\Config::save())
@@ -824,8 +827,6 @@ class adminAdminController extends admin
 		Rhymix\Framework\Config::set('use_rewrite', $vars->use_rewrite === 'Y');
 		Rhymix\Framework\Config::set('session.delay', $vars->delay_session === 'Y');
 		Rhymix\Framework\Config::set('session.use_db', $vars->use_db_session === 'Y');
-		Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
-		Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
 		Rhymix\Framework\Config::set('view.minify_scripts', $vars->minify_scripts ?: 'common');
 		Rhymix\Framework\Config::set('view.concat_scripts', $vars->concat_scripts ?: 'none');
 		Rhymix\Framework\Config::set('view.server_push', $vars->use_server_push === 'Y');

modules/admin/admin.admin.view.php

@@ -450,6 +450,11 @@ class adminAdminView extends admin
 		Context::set('admin_denied_ip', implode(PHP_EOL, $denied_ip));
 		Context::set('remote_addr', RX_CLIENT_IP);
 		
+		// Session and cookie security settings
+		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
+		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
+		Context::set('use_cookies_ssl', Rhymix\Framework\Config::get('session.use_ssl_cookies'));
+		
 		$this->setTemplateFile('config_security');
 	}
 	
@@ -538,8 +543,6 @@ class adminAdminView extends admin
 		Context::set('mobile_viewport', config('mobile.viewport') ?: 'width=device-width, initial-scale=1.0, user-scalable=yes');
 		Context::set('use_ssl', Rhymix\Framework\Config::get('url.ssl'));
 		Context::set('delay_session', Rhymix\Framework\Config::get('session.delay'));
-		Context::set('use_session_keys', Rhymix\Framework\Config::get('session.use_keys'));
-		Context::set('use_session_ssl', Rhymix\Framework\Config::get('session.use_ssl'));
 		Context::set('use_db_session', Rhymix\Framework\Config::get('session.use_db'));
 		Context::set('minify_scripts', Rhymix\Framework\Config::get('view.minify_scripts'));
 		Context::set('concat_scripts', Rhymix\Framework\Config::get('view.concat_scripts'));
@@ -779,6 +782,7 @@ class adminAdminView extends admin
 		$info['session.use_db'] = config('session.use_db') ? 'true' : 'false';
 		$info['session.use_keys'] = config('session.use_keys') ? 'true' : 'false';
 		$info['session.use_ssl'] = config('session.use_ssl') ? 'true' : 'false';
+		$info['session.use_ssl_cookies'] = config('session.use_ssl_cookies') ? 'true' : 'false';
 		$info['view.concat_scripts'] = config('view.concat_scripts');
 		$info['view.minify_scripts'] = config('view.minify_scripts');
 		$info['use_rewrite'] = config('use_rewrite') ? 'true' : 'false';

modules/admin/lang/en.php

@@ -162,7 +162,9 @@ $lang->about_delay_session = 'To improve performance when using a caching proxy
 $lang->use_session_keys = 'Use session security keys';
 $lang->about_use_session_keys = 'Use additional security keys to guard against session theft. This setting is highly recommended if you don\'t use SSL-only sessions.<br>This setting may cause some users to become logged out.';
 $lang->use_session_ssl = 'Use SSL-only session';
-$lang->about_use_session_ssl = 'Prevent the session from being used on non-SSL pages.<br>This helps improve security if your site always uses SSL and your server is configured to redirect all non-SSL pages to SSL.';
+$lang->about_use_session_ssl = 'Force the session to be SSL-only.<br>This helps improve security if your site always uses SSL.';
+$lang->use_cookies_ssl = 'Use SSL-only cookies';
+$lang->about_use_cookies_ssl = 'Force all cookies to be SSL-only.';
 $lang->use_object_cache = 'Use Cache';
 $lang->cache_default_ttl = 'Cache default TTL';
 $lang->cache_host = 'Host';

modules/admin/lang/ko.php

@@ -163,7 +163,9 @@ $lang->about_delay_session = 'Varnish 등의 프록시 캐싱 서버 사용시
 $lang->use_session_keys = '세션 보안키 사용';
 $lang->about_use_session_keys = '세션 탈취를 방지하기 위한 보안키를 사용합니다. SSL 전용 세션을 사용하지 않을 경우 반드시 보안키를 사용하시기를 권장합니다.<br>사용자 환경에 따라 로그인이 풀리는 문제가 발생할 수 있습니다.';
 $lang->use_session_ssl = 'SSL 전용 세션 사용';
-$lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서 사용할 수 없도록 합니다.<br>SSL을 항상 사용하고, SSL이 아닌 페이지 방문시 자동으로 SSL 페이지로 리다이렉트되도록 서버가 설정되어 있는 경우<br>이 옵션을 사용하면 보안이 향상됩니다. (애드온 등을 사용하여 리다이렉트하는 경우 제외)';
+$lang->about_use_session_ssl = '세션을 SSL 전용으로 지정하여 SSL이 아닌 페이지에서는 사용할 수 없도록 합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
+$lang->use_cookies_ssl = 'SSL 전용 쿠키 사용';
+$lang->about_use_cookies_ssl = '세션뿐 아니라 모든 쿠키를 SSL 전용으로 지정합니다.<br>SSL을 항상 사용하도록 설정되어 있는 경우에만 활성화됩니다.';
 $lang->use_object_cache = '캐시 사용';
 $lang->cache_default_ttl = '캐시 기본 TTL';
 $lang->cache_host = '호스트';

modules/admin/tpl/config_advanced.html

@@ -105,24 +105,6 @@
 				<p class="x_help-block">{$lang->about_delay_session}</p>
 			</div>
 		</div>
-		<div class="x_control-group">
-			<label class="x_control-label">{$lang->use_session_keys}</label>
-			<div class="x_controls">
-				<label for="use_session_keys_y" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_y" value="Y" checked="checked"|cond="$use_session_keys !== false" /> {$lang->cmd_yes}</label>
-				<label for="use_session_keys_n" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_n" value="N" checked="checked"|cond="$use_session_keys === false" /> {$lang->cmd_no}</label>
-				<br />
-				<p class="x_help-block">{$lang->about_use_session_keys}</p>
-			</div>
-		</div>
-		<div class="x_control-group">
-			<label class="x_control-label">{$lang->use_session_ssl}</label>
-			<div class="x_controls">
-				<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
-				<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
-				<br />
-				<p class="x_help-block">{$lang->about_use_session_ssl}</p>
-			</div>
-		</div>
 		<div class="x_control-group">
 			<label class="x_control-label">{$lang->thumbnail_target}</label>
 			<div class="x_controls">

modules/admin/tpl/config_security.html

@@ -39,6 +39,33 @@
 				<p class="x_help-block">{$lang->about_admin_ip_deny}</p>
 			</div>
 		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_session_keys}</label>
+			<div class="x_controls">
+				<label for="use_session_keys_y" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_y" value="Y" checked="checked"|cond="$use_session_keys !== false" /> {$lang->cmd_yes}</label>
+				<label for="use_session_keys_n" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_n" value="N" checked="checked"|cond="$use_session_keys === false" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_session_keys}</p>
+			</div>
+		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_session_ssl}</label>
+			<div class="x_controls">
+				<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
+				<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_session_ssl}</p>
+			</div>
+		</div>
+		<div class="x_control-group">
+			<label class="x_control-label">{$lang->use_cookies_ssl}</label>
+			<div class="x_controls">
+				<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $use_ssl === 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_yes}</label>
+				<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $use_ssl !== 'always'" disabled="disabled"|cond="$use_ssl !== 'always'" /> {$lang->cmd_no}</label>
+				<br />
+				<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
+			</div>
+		</div>
 		<div class="x_clearfix btnArea">
 			<div class="x_pull-right">
 				<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>

modules/board/skins/default/_comment.html

@@ -15,7 +15,11 @@
 				</h3>
 				<p class="time">{$comment->getRegdate('Y.m.d H:i')}</p>
 			</div>
-			<!--@if(!$comment->isAccessible())-->
+			<!--@if($comment->status == RX_STATUS_DELETED)-->
+				<div class="xe_content deleted">{$lang->msg_deleted_comment}</div>
+			<!--@elseif($comment->status == RX_STATUS_DELETED_BY_ADMIN)-->
+				<div class="xe_content deleted deleted_by_admin">{$lang->msg_admin_deleted_comment}</div>
+			<!--@elseif(!$comment->isAccessible())-->
 			<form action="./" method="get" class="xe_content" onsubmit="return procFilter(this, input_password)">
 				<p><label for="cpw_{$comment->comment_srl}">{$lang->msg_is_secret} {$lang->msg_input_password}</label></p>
 				<p><input type="password" name="password" id="cpw_{$comment->comment_srl}" class="iText" /><input type="submit" class="btn" value="{$lang->cmd_input}" /></p>
@@ -25,14 +29,7 @@
 				<input type="hidden" name="comment_srl" value="{$comment->get('comment_srl')}" />
 			</form>
 			<!--@else-->
-				<!--@if($comment->status == 7)-->
-				{$lang->msg_deleted_comment}
-				<!--@elseif($comment->status == 8)-->
-				{$lang->msg_admin_deleted_comment}
-				<!--@end-->
-				<block cond="$comment->status < 7">
-					{$comment->getContent(false)}
-				</block>
+				{$comment->getContent(false)}
 			<!--@end-->
 			<div cond="$comment->hasUploadedFiles()" class="fileList">
 				<button type="button" class="toggleFile" onclick="jQuery(this).next('ul.files').toggle();">{$lang->uploaded_file} [<strong>{$comment->get('uploaded_count')}</strong>]</button>

modules/board/skins/xedition/_comment.html

@@ -15,7 +15,11 @@
 				</h3>
 				<p class="time">{$comment->getRegdate('Y.m.d H:i')}</p>
 			</div>
-			<!--@if(!$comment->isAccessible())-->
+			<!--@if($comment->status == RX_STATUS_DELETED)-->
+				<div class="xe_content deleted">{$lang->msg_deleted_comment}</div>
+			<!--@elseif($comment->status == RX_STATUS_DELETED_BY_ADMIN)-->
+				<div class="xe_content deleted deleted_by_admin">{$lang->msg_admin_deleted_comment}</div>
+			<!--@elseif(!$comment->isAccessible())-->
 			<form action="./" method="get" class="xe_content secretForm" onsubmit="return procFilter(this, input_password)">
 				<p><label for="cpw_{$comment->comment_srl}">{$lang->msg_is_secret} {$lang->msg_input_password}</label></p>
 				<p><input type="password" name="password" id="cpw_{$comment->comment_srl}" class="iText" /><input type="submit" class="btn" value="{$lang->cmd_input}" /></p>
@@ -25,7 +29,7 @@
 				<input type="hidden" name="comment_srl" value="{$comment->get('comment_srl')}" />
 			</form>
 			<!--@else-->
-			{$comment->getContent(false)}
+				{$comment->getContent(false)}
 			<!--@end-->
 			<div cond="$comment->hasUploadedFiles()" class="fileList">
 				<button type="button" class="toggleFile" onclick="jQuery(this).next('ul.files').toggle();"><i class="xi-diskette"></i> {$lang->uploaded_file} [<strong>{$comment->get('uploaded_count')}</strong>]</button>

modules/document/document.model.php

@@ -81,7 +81,7 @@ class documentModel extends document
 		$output = $this->getDocumentExtraVarsFromDB($document_srls);
 		foreach($output->data as $key => $val)
 		{
-			if(!$val->value)
+			if(strval($val->value) === '')
 			{
 				continue;
 			}

modules/page/page.view.php

@@ -204,17 +204,32 @@ class pageView extends page
 			FileHandler::writeFile($cache_file, $script);
 		}
 
+		// Import Context and lang as local variables.
 		$__Context = &$GLOBALS['__Context__'];
 		$__Context->tpl_path = $filepath;
+		global $lang;
 
+		// Start the output buffer.
+		$__ob_level_before_fetch = ob_get_level();
 		ob_start();
-		include($cache_file);
+		
+		// Include the compiled template.
+		include $cache_file;
 
+		// Fetch contents of the output buffer until the buffer level is the same as before.
 		$contents = '';
-		while (ob_get_level() - $level > 0) {
-			$contents .= ob_get_contents();
-			ob_end_clean();
+		while (ob_get_level() > $__ob_level_before_fetch)
+		{
+			$contents .= ob_get_clean();
 		}
+		
+		// Insert template path comment tag.
+		if(Rhymix\Framework\Debug::isEnabledForCurrentUser() && Context::getResponseMethod() === 'HTML' && !starts_with('<!DOCTYPE', $contents) && !starts_with('<?xml', $contents))
+		{
+			$sign = PHP_EOL . '<!-- Template %s : ' . $target_file . ' -->' . PHP_EOL;
+			$contents = sprintf($sign, 'start') . $contents . sprintf($sign, 'end');
+		}
+		
 		return $contents;
 	}