From 04b158c5441417475002b0088a12f7f60806a196 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Wed, 24 Dec 2025 21:45:02 +0900
Subject: [PATCH 1/7] Fix fatal error if CAPTCHA is configured but disabled

---
 modules/spamfilter/spamfilter.controller.php | 6 +++++-
 modules/spamfilter/spamfilter.model.php      | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/spamfilter/spamfilter.controller.php b/modules/spamfilter/spamfilter.controller.php
index ceea7c0f0..d85fd8bfc 100644
--- a/modules/spamfilter/spamfilter.controller.php
+++ b/modules/spamfilter/spamfilter.controller.php
@@ -337,8 +337,12 @@ class SpamfilterController extends Spamfilter
 		if (count($target_actions))
 		{
 			$captcha_class = 'Rhymix\\Modules\\Spamfilter\\Captcha\\' . $config->captcha->type;
-			$captcha_class::init($config->captcha);
+			if (!class_exists($captcha_class))
+			{
+				return;
+			}
 
+			$captcha_class::init($config->captcha);
 			if (strncasecmp('proc', $obj->act, 4) === 0)
 			{
 				$captcha_class::check();
diff --git a/modules/spamfilter/spamfilter.model.php b/modules/spamfilter/spamfilter.model.php
index c7f73f217..379cf776c 100644
--- a/modules/spamfilter/spamfilter.model.php
+++ b/modules/spamfilter/spamfilter.model.php
@@ -218,7 +218,7 @@ class SpamfilterModel extends Spamfilter
 	{
 		$config = ModuleModel::getModuleConfig('spamfilter');
 		$user = Context::get('logged_info');
-		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
+		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || $config->captcha->type === 'none' || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
 		{
 			return false;
 		}
@@ -253,7 +253,7 @@ class SpamfilterModel extends Spamfilter
 	public static function getCaptcha($target_action = null)
 	{
 		$config = ModuleModel::getModuleConfig('spamfilter');
-		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
+		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || $config->captcha->type === 'none' || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
 		{
 			return null;
 		}
@@ -285,7 +285,7 @@ class SpamfilterModel extends Spamfilter
 	public static function checkCaptchaResponse(?string $response = null): void
 	{
 		$config = ModuleModel::getModuleConfig('spamfilter');
-		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
+		if (!isset($config) || empty($config->captcha) || empty($config->captcha->type) || $config->captcha->type === 'none' || empty($config->captcha->site_key) || empty($config->captcha->secret_key))
 		{
 			throw new Exception('msg_recaptcha_not_configured');
 		}

From 94a5b404352022bc4fe3b549eb3c603b6b3332ec Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 1 Jan 2026 18:30:19 +0900
Subject: [PATCH 2/7] Fix missing check for required extra variable #2641

---
 modules/document/document.controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index c8e54b5ec..dc3e0506b 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -889,7 +889,7 @@ class DocumentController extends Document
 					if (!$manual_inserted)
 					{
 						$ev_output = $extra_item->validate($value);
-						if ($ev_output && !$output->toBool())
+						if ($ev_output && !$ev_output->toBool())
 						{
 							$oDB->rollback();
 							return $ev_output;

From d6b7cb52b88301c4298bcbf4bce8cb5c70951273 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 1 Jan 2026 18:39:20 +0900
Subject: [PATCH 3/7] Fix deprecations in PHP 8.5 #2639

---
 addons/adminlogging/adminlogging.addon.php |  4 ++--
 classes/object/Object.class.php            |  2 +-
 common/framework/DB.php                    | 11 ++++++++++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/addons/adminlogging/adminlogging.addon.php b/addons/adminlogging/adminlogging.addon.php
index 42f5bd581..97750ca50 100644
--- a/addons/adminlogging/adminlogging.addon.php
+++ b/addons/adminlogging/adminlogging.addon.php
@@ -10,9 +10,9 @@ if(!defined('__XE__'))
  * @brief admin log
  */
 $logged_info = Context::get('logged_info');
-if(Context::get('is_logged') && $logged_info->is_admin == 'Y' && stripos(Context::get('act'), 'admin') !== false && $called_position == 'before_module_proc')
+if ($called_position === 'before_module_proc' && $logged_info->is_admin === 'Y' && stripos(Context::get('act') ?? '', 'admin') !== false)
 {
-	$oAdminloggingController = getController('adminlogging');
+	$oAdminloggingController = adminloggingController::getInstance();
 	$oAdminloggingController->insertLog($this->module, $this->act);
 }
 /* End of file adminlogging.php */
diff --git a/classes/object/Object.class.php b/classes/object/Object.class.php
index 6c574b4be..abc5e2b87 100644
--- a/classes/object/Object.class.php
+++ b/classes/object/Object.class.php
@@ -185,7 +185,7 @@ class BaseObject
 	{
 		$type = $this->get('message_type');
 		$typeList = array('error' => 1, 'info' => 1, 'update' => 1);
-		if(!isset($typeList[$type]))
+		if (!isset($type) || !isset($typeList[$type]))
 		{
 			$type = $this->getError() ? 'error' : 'info';
 		}
diff --git a/common/framework/DB.php b/common/framework/DB.php
index 31fb26104..084299617 100644
--- a/common/framework/DB.php
+++ b/common/framework/DB.php
@@ -127,9 +127,18 @@ class DB
 			\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
 			\PDO::ATTR_EMULATE_PREPARES => false,
 			\PDO::ATTR_STATEMENT_CLASS => array('\Rhymix\Framework\Helpers\DBStmtHelper'),
-			\PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false,
 		);
 
+		// Use unbuffered queries to reduce memory usage.
+		if (\PHP_VERSION_ID >= 80400)
+		{
+			$options[\PDO\MySQL::ATTR_USE_BUFFERED_QUERY] = false;
+		}
+		else
+		{
+			$options[\PDO::MYSQL_ATTR_USE_BUFFERED_QUERY] = false;
+		}
+
 		// Preload the statement helper class.
 		class_exists('\Rhymix\Framework\Helpers\DBStmtHelper');
 

From 333f214b8cec2cf44c5927a70abac21cd44d7697 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 1 Jan 2026 19:43:06 +0900
Subject: [PATCH 4/7] Display search result count in admin list #2642

---
 modules/comment/tpl/comment_list.html   | 2 ++
 modules/document/tpl/document_list.html | 2 ++
 modules/file/file.admin.view.php        | 2 ++
 modules/file/tpl/file_list.html         | 4 +++-
 modules/member/lang/en.php              | 3 ++-
 modules/member/lang/ko.php              | 1 +
 modules/member/tpl/member_list.html     | 2 +-
 7 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/modules/comment/tpl/comment_list.html b/modules/comment/tpl/comment_list.html
index 71d9b2c87..4ae81ff36 100644
--- a/modules/comment/tpl/comment_list.html
+++ b/modules/comment/tpl/comment_list.html
@@ -9,6 +9,8 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 <form id="fo_list" action="./" method="post">
 	<table id="commentListTable" class="x_table x_table-striped x_table-hover dsTg">
 		<caption>
+			<a href="{getUrl('search_target', $search_target, 'search_keyword', $search_keyword)}" cond="!empty($search_target) && $search_target !== 'is_secret' && !empty($search_keyword)" class="active">{$lang->cmd_search}({number_format($total_count)})</a>
+			<i>|</i>
 			<a href="{getUrl('','module','admin','act','dispCommentAdminList','Y')}" class="active"|cond="$search_keyword == ''">{$lang->all}<block cond="$search_keyword == ''">({number_format($total_count)})</block></a>
 			<i>|</i>
 			<a href="{getUrl('search_target','is_secret','search_keyword','N')}" class="active"|cond="$search_target == 'is_secret' && $search_keyword == 'N'">{$secret_name_list['N']}<block cond="$search_target == 'is_secret' && $search_keyword == 'N'">({number_format($total_count)})</block></a>
diff --git a/modules/document/tpl/document_list.html b/modules/document/tpl/document_list.html
index d93c38115..51833e29d 100644
--- a/modules/document/tpl/document_list.html
+++ b/modules/document/tpl/document_list.html
@@ -11,6 +11,8 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 	<input type="hidden" name="page" value="{$page}" />
 	<table id="documentListTable" class="x_table x_table-striped x_table-hover dsTg">
 		<caption>
+			<a href="{getUrl('search_target', $search_target, 'search_keyword', $search_keyword)}" cond="!empty($search_target) && $search_target !== 'is_secret' && !empty($search_keyword)" class="active">{$lang->cmd_search}({number_format($total_count)})</a>
+			<i>|</i>
 			<a href="{getUrl('', 'module', 'admin', 'act', 'dispDocumentAdminList')}" class="active"|cond="$search_keyword == ''">{$lang->all}<block cond="$search_keyword == ''">({number_format($total_count)})</block></a>
 			<i>|</i>
 			<a href="{getUrl('search_target', 'is_secret', 'search_keyword', 'N')}" class="active"|cond="$search_target == 'is_secret' && $search_keyword == 'N'">{$status_name_list['PUBLIC']}<block cond="$search_target == 'is_secret' && $search_keyword == 'N'">({number_format($total_count)})</block></a>
diff --git a/modules/file/file.admin.view.php b/modules/file/file.admin.view.php
index abd23c5b1..d19fc4e8f 100644
--- a/modules/file/file.admin.view.php
+++ b/modules/file/file.admin.view.php
@@ -189,6 +189,8 @@ class FileAdminView extends File
 		Context::set('total_page', $output->total_page);
 		Context::set('page', $output->page);
 		Context::set('page_navigation', $output->page_navigation);
+		Context::set('isvalid', $args->isvalid);
+
 		// Set a template
 		$security = new Security();
 		$security->encodeHTML('file_list..');
diff --git a/modules/file/tpl/file_list.html b/modules/file/tpl/file_list.html
index ba4ec7439..eb51ee2bd 100644
--- a/modules/file/tpl/file_list.html
+++ b/modules/file/tpl/file_list.html
@@ -12,7 +12,9 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 	<input type="hidden" name="module" value="file" />
 	<table id="fileListTable" class="x_table x_table-striped x_table-hover">
 		<caption>
-			<a href="{getUrl('', 'module', 'admin', 'act', 'dispFileAdminList')}" class="active"|cond="!$isvalid">{$lang->all}<block cond="!$isvalid">({number_format($total_count)})</block></a>
+			<a href="{getUrl('search_target', $search_target, 'search_keyword', $search_keyword)}" cond="!empty($search_target) && !empty($search_keyword)" class="active">{$lang->cmd_search}({number_format($total_count)})</a>
+			<i>|</i>
+			<a href="{getUrl('', 'module', 'admin', 'act', 'dispFileAdminList')}" class="active"|cond="empty($isvalid) && empty($search_target) && empty($search_keyword)">{$lang->all}<block cond="empty($isvalid) && empty($search_target) && empty($search_keyword)">({number_format($total_count)})</block></a>
 			<i>|</i>
 			<a href="{getUrl('isvalid', 'Y')}" class="active"|cond="$isvalid == 'Y'">{$lang->is_valid}<block cond="$isvalid == 'Y'">({number_format($total_count)})</block></a>
 			<i>|</i>
diff --git a/modules/member/lang/en.php b/modules/member/lang/en.php
index 874008eb8..5f701c334 100644
--- a/modules/member/lang/en.php
+++ b/modules/member/lang/en.php
@@ -341,7 +341,8 @@ $lang->set_manage_id = 'Separated by line breaks.';
 $lang->count_manage_id = 'There are <span class="_deniedIDCount">%s</span> prohibited ID.';
 $lang->count_manage_nick_name = 'There are <span class="_deniedNickNameCount">%s</span> prohibited nick name.';
 $lang->user_list = 'Member List';
-$lang->cmd_show_all_member = 'All Member';
+$lang->cmd_show_all_member = 'All Members';
+$lang->cmd_show_searched_member = 'Searched Members';
 $lang->cmd_show_super_admin_member = 'Super Admin';
 $lang->cmd_show_site_admin_member = 'Site Admin';
 $lang->approval = 'Approval';
diff --git a/modules/member/lang/ko.php b/modules/member/lang/ko.php
index fd29a4d81..ca5014207 100644
--- a/modules/member/lang/ko.php
+++ b/modules/member/lang/ko.php
@@ -346,6 +346,7 @@ $lang->count_manage_id = '<span class="_deniedIDCount">%s</span>개의 금지 
 $lang->count_manage_nick_name = '<span class="_deniedNickNameCount">%s</span>개의 금지 닉네임이 있습니다.';
 $lang->user_list = '회원 목록';
 $lang->cmd_show_all_member = '모든 회원';
+$lang->cmd_show_searched_member = '검색된 회원';
 $lang->cmd_show_super_admin_member = '최고 관리자';
 $lang->cmd_show_site_admin_member = '사이트 관리자';
 $lang->approval = '승인';
diff --git a/modules/member/tpl/member_list.html b/modules/member/tpl/member_list.html
index dfd63161a..09ce416ad 100644
--- a/modules/member/tpl/member_list.html
+++ b/modules/member/tpl/member_list.html
@@ -14,7 +14,7 @@
 <form action="" method="post">
 	<table id="memberList" class="x_table x_table-striped x_table-hover dsTg">
 		<caption>
-			<a href="{getUrl('filter_type', '', 'page', '')}" class="active"|cond="!$filter_type">{$lang->cmd_show_all_member}<block cond="!$filter_type">({$total_count})</block></a>
+			<a href="{getUrl('filter_type', '', 'page', '')}" class="active"|cond="empty($filter_type)">{empty($search_keyword) ? $lang->cmd_show_all_member : $lang->cmd_show_searched_member}<block cond="empty($filter_type)">({$total_count})</block></a>
 			<i>|</i>
 			<a href="{getUrl('filter_type', 'admin', 'page', '')}" class="active"|cond="$filter_type=='admin'">{$lang->cmd_show_super_admin_member}<block cond="$filter_type=='admin'">({$total_count})</block></a>
 			<i>|</i>

From 8b1da6a98a43981791eed3a1ff37cbf7baa959c3 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 6 Jan 2026 21:36:10 +0900
Subject: [PATCH 5/7] Fix incorrect handling of nested context switches (CSS
 inside HTML inside JS) in template v2 #2646

---
 .../parsers/template/TemplateParser_v2.php    | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/common/framework/parsers/template/TemplateParser_v2.php b/common/framework/parsers/template/TemplateParser_v2.php
index f85f30ccc..d71af7947 100644
--- a/common/framework/parsers/template/TemplateParser_v2.php
+++ b/common/framework/parsers/template/TemplateParser_v2.php
@@ -179,14 +179,18 @@ class TemplateParser_v2
 	 */
 	protected function _addContextSwitches(string $content): string
 	{
+		$context_index = random_int(12000, 99000);
+
 		// Inline styles.
 		$content = preg_replace_callback('#(?<=\s)(style=")([^"]*?)"#i', function($match) {
 			return $match[1] . '<?php $this->config->context = \'CSS\'; ?>' . $match[2] . '<?php $this->config->context = \'HTML\'; ?>"';
 		}, $content);
 
 		// Inline scripts.
-		$content = preg_replace_callback('#(?<=\s)(href="javascript:|pattern="|on[a-z]+=")([^"]*?)"#i', function($match) {
-			return $match[1] . '<?php $this->config->context = \'JS\'; ?>' . $match[2] . '<?php $this->config->context = \'HTML\'; ?>"';
+		$content = preg_replace_callback('#(?<=\s)(href="javascript:|pattern="|on[a-z]+=")([^"]*?)"#i', function($match) use(&$context_index) {
+			$context_index++;
+			return $match[1] . '<?php $this->config->context = \'JS\'; /* !CTX' . $context_index . '! */?>' .
+				$match[2] . '<?php $this->config->context = \'HTML\'; /* !CTX' . $context_index . '! */?>"';
 		}, $content);
 
 		// <style> tags.
@@ -202,14 +206,15 @@ class TemplateParser_v2
 		}, $content);
 
 		// <script> tags that aren't links.
-		$content = preg_replace_callback('#(<script\b([^>]*)|</script)#i', function($match) {
+		$content = preg_replace_callback('#(<script\b([^>]*)|</script)#i', function($match) use(&$context_index) {
 			if (substr($match[1], 1, 1) === '/')
 			{
-				return '<?php $this->config->context = \'HTML\'; ?>' . $match[1];
+				return '<?php $this->config->context = \'HTML\'; /* !CTX' . $context_index . '! */?>' . $match[1];
 			}
 			elseif (!str_contains($match[2] ?? '', 'src="'))
 			{
-				return $match[1] . '<?php $this->config->context = \'JS\'; ?>';
+				$context_index++;
+				return $match[1] . '<?php $this->config->context = \'JS\'; /* !CTX' . $context_index . '! */?>';
 			}
 			else
 			{
@@ -217,6 +222,18 @@ class TemplateParser_v2
 			}
 		}, $content);
 
+		// Remove nested context switches.
+		if ($context_index > 0)
+		{
+			$content = preg_replace_callback('#(<\?php \$this->config->context = \'JS\'; /\* !CTX([0-9]+)! \*/\?>)(.*?)(<\?php \$this->config->context = \'HTML\'; /\* !CTX\2! \*/\?>)#s', function($match) {
+				return preg_replace('#/\* !CTX\d+! \*/#', '', $match[1]) .
+					preg_replace('#<\?php \$this->config->context = \'[A-Z]+\'; \?>#', '', $match[3]) .
+					preg_replace('#/\* !CTX\d+! \*/#', '', $match[4]);
+			}, $content);
+
+			$content = preg_replace('#(<\?php \$this->config->context = \'[A-Z]+\'; )/\* !CTX[0-9]+! \*/(\?>)#', '$1$2', $content);
+		}
+
 		return $content;
 	}
 

From 6243b0321dbd42380eb1a76439aff1e3fa230766 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 6 Jan 2026 21:43:24 +0900
Subject: [PATCH 6/7] Fix excessive load and broken table when temp saved
 documents are long #2644

---
 modules/document/tpl/saved_list_popup.html | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/modules/document/tpl/saved_list_popup.html b/modules/document/tpl/saved_list_popup.html
index 59cbe43a5..8ac7d1bd1 100644
--- a/modules/document/tpl/saved_list_popup.html
+++ b/modules/document/tpl/saved_list_popup.html
@@ -10,8 +10,8 @@
 		<caption>Total : {number_format($total_count)}, Page {number_format($page)}/{number_format($total_page)}</caption>
 		<thead>
 			<tr>
-				<th class="title">{$lang->date}</th>
 				<th class="title">{$lang->title}</th>
+				<th class="title">{$lang->date}</th>
 				<th class="title" style="width:60px">{$lang->cmd_select}</th>
 				<th class="title" style="width:60px">{$lang->cmd_delete}</th>
 			</tr>
@@ -19,14 +19,18 @@
 		<tbody>
 			<!--@foreach($document_list as $no => $val)-->
 			<tr>
-				<td>{$val->getRegdate("Y-m-d H:i:s")}</td>
 				<td>
-					<a href="#" class="toggle_content">{$val->getTitle()}</a>
-					<div id="saved_document_{$val->document_srl}" class="saved_content" style="display:none;margin:20px -120px 0 0">{$val->getContent(false)}</div>
+					<a href="#" class="toggle_content" data-document-srl="{$val->document_srl}">{$val->getTitle()}</a>
 				</td>
+				<td>{$val->getRegdate("Y-m-d H:i:s")}</td>
 				<td><a href="#" class="btn btn_select_temp_saved" data-document-srl="{$val->document_srl}" data-document-type="{$val->getDocumentType()}">{$lang->cmd_select}</a></td>
 				<td><a href="#" class="btn btn_delete_temp_saved" data-document-srl="{$val->document_srl}">{$lang->cmd_delete}</a></td>
 			</tr>
+			<tr id="saved_document_{$val->document_srl}" class="saved_content" style="display:none">
+				<td colspan="4">
+					{$val->getSummary(200)}
+				</td>
+			</tr>
 			<!--@end-->
 		</tbody>
 	</table>
@@ -49,7 +53,8 @@
 	$(function() {
 		$('.toggle_content').on('click', function(event) {
 			event.preventDefault();
-			$(this).next('.saved_content').toggle();
+			var document_srl = $(this).data('documentSrl');
+			$('#saved_document_' + document_srl).toggle();
 			setFixedPopupSize();
 		});
 		$('.btn_select_temp_saved').on('click', function(event) {

From 26d645da4d5dff29bc1a963510d55fb63543e664 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 6 Jan 2026 23:43:21 +0900
Subject: [PATCH 7/7] Fix nested JS contexts in template v2 #2646

---
 common/framework/parsers/template/TemplateParser_v2.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/framework/parsers/template/TemplateParser_v2.php b/common/framework/parsers/template/TemplateParser_v2.php
index d71af7947..1376616ce 100644
--- a/common/framework/parsers/template/TemplateParser_v2.php
+++ b/common/framework/parsers/template/TemplateParser_v2.php
@@ -227,7 +227,7 @@ class TemplateParser_v2
 		{
 			$content = preg_replace_callback('#(<\?php \$this->config->context = \'JS\'; /\* !CTX([0-9]+)! \*/\?>)(.*?)(<\?php \$this->config->context = \'HTML\'; /\* !CTX\2! \*/\?>)#s', function($match) {
 				return preg_replace('#/\* !CTX\d+! \*/#', '', $match[1]) .
-					preg_replace('#<\?php \$this->config->context = \'[A-Z]+\'; \?>#', '', $match[3]) .
+					preg_replace('#<\?php \$this->config->context = \'[A-Z]+\'; (?:/\* !CTX[0-9]+! \*/)?\?>#', '', $match[3]) .
 					preg_replace('#/\* !CTX\d+! \*/#', '', $match[4]);
 			}, $content);