From 39093a73801f61973d351de927501892829cc30d Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 30 Oct 2022 21:16:58 +0900
Subject: [PATCH] Fix #2004 allow customizing the number of digits in an
 anonymous nickname variable

---
 modules/board/board.controller.php | 52 ++++++++++++++----------------
 modules/board/lang/en.php          |  2 +-
 modules/board/lang/ko.php          |  2 +-
 3 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php
index 25fd61979..86ed1f08e 100644
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@@ -789,33 +789,29 @@ class boardController extends board
 	 */
 	public function createAnonymousName($format, $member_srl, $document_srl)
 	{
-		if (strpos($format, '$NUM') !== false)
-		{
-			$num = hash_hmac('sha256', $member_srl ?: \RX_CLIENT_IP, config('crypto.authentication_key'));
-			$num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000);
-			return strtr($format, array('$NUM' => $num));
-		}
-		elseif (strpos($format, '$DAILYNUM') !== false)
-		{
-			$num = hash_hmac('sha256', ($member_srl ?: \RX_CLIENT_IP) . ':date:' . date('Y-m-d'), config('crypto.authentication_key'));
-			$num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000);
-			return strtr($format, array('$DAILYNUM' => $num));
-		}
-		elseif (strpos($format, '$DOCNUM') !== false)
-		{
-			$num = hash_hmac('sha256', ($member_srl ?: \RX_CLIENT_IP) . ':document_srl:' . $document_srl, config('crypto.authentication_key'));
-			$num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000);
-			return strtr($format, array('$DOCNUM' => $num));
-		}
-		elseif (strpos($format, '$DOCDAILYNUM') !== false)
-		{
-			$num = hash_hmac('sha256', ($member_srl ?: \RX_CLIENT_IP) . ':document_srl:' . $document_srl . ':date:' . date('Y-m-d'), config('crypto.authentication_key'));
-			$num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000);
-			return strtr($format, array('$DOCDAILYNUM' => $num));
-		}
-		else
-		{
-			return $format;
-		}
+		return preg_replace_callback('/\$((?:DAILY|DOC|DOCDAILY|)NUM)(?::([0-9]))?/', function($matches) use($member_srl, $document_srl) {
+			$digits = empty($matches[2]) ? 8 : max(1, min(8, intval($matches[2])));
+			switch ($matches[1])
+			{
+				case 'NUM': return self::_createHash($member_srl ?: \RX_CLIENT_IP, $digits);
+				case 'DAILYNUM': return self::_createHash(($member_srl ?: \RX_CLIENT_IP) . ':date:' . date('Y-m-d'), $digits);
+				case 'DOCNUM': return self::_createHash(($member_srl ?: \RX_CLIENT_IP) . ':document_srl:' . $document_srl, $digits);
+				case 'DOCDAILYNUM': return self::_createHash(($member_srl ?: \RX_CLIENT_IP) . ':document_srl:' . $document_srl . ':date:' . date('Y-m-d'), $digits);
+			}
+		}, $format);
+	}
+	
+	/**
+	 * Subroutine for hashing anonymous nickname.
+	 * 
+	 * @param string $content
+	 * @param int $digits
+	 * @return string
+	 */
+	protected static function _createHash(string $content, int $digits = 8): string
+	{
+		$hash = hash_hmac('sha256', $content, config('crypto.authentication_key'));
+		$num = sprintf('%0' . $digits . 'd', hexdec(substr($hash, 0, 8)) % pow(10, $digits));
+		return $num;
 	}
 }
diff --git a/modules/board/lang/en.php b/modules/board/lang/en.php
index f1070292c..dbe6a3f4d 100644
--- a/modules/board/lang/en.php
+++ b/modules/board/lang/en.php
@@ -34,7 +34,7 @@ $lang->about_customize_bottom_list = 'Calculating the bottom list consumes a lot
 $lang->about_use_anonymous_part1 = 'Hide the author\'s nickname to turn this board into an anonymous board.';
 $lang->about_use_anonymous_part2 = 'It is more useful if you also hide the nickname in the skin.<br>Please also turn off document history, or the author\'s information may be revealed by the history.';
 $lang->about_anonymous_except_admin = 'The administrator\'s nickname will not be hidden.';
-$lang->about_anonymous_name = 'You can customize the anonymous name that is displayed instead of the author\'s nickname.<br><b>$NUM</b> will be replaced with a random number that is unique to each member. (e.g. anon_$NUM → anon_12345678)<br><b>$DAILYNUM</b> will be replaced with a random number that is unique to each member but changes every day.<br><b>$DOCNUM</b> will be replaced with a random number that is unique to each member and changes from document to document.<br><b>$DOCDAILYNUM</b> will be replaced with a random number that is unique to each member and changes every day from document to document.';
+$lang->about_anonymous_name = 'You can customize the anonymous name that is displayed instead of the author\'s nickname.<br><b>$NUM</b> will be replaced with a random number that is unique to each member. (e.g. anon_$NUM → anon_12345678)<br><b>$DAILYNUM</b> will be replaced with a random number that is unique to each member but changes every day.<br><b>$DOCNUM</b> will be replaced with a random number that is unique to each member and changes from document to document.<br><b>$DOCDAILYNUM</b> will be replaced with a random number that is unique to each member and changes every day from document to document.<br>You can append a number to each variable, like <strong>$DAILYNUM:5</strong> to control the number of digits from 1 to 8.';
 $lang->about_board = 'This module is for creating and managing boards.';
 $lang->about_consultation = 'Non-administrator members would see their own articles. Non-members would not be able to write articles when using consultation.';
 $lang->about_secret = 'Users will be able to write secret articles or comments.';
diff --git a/modules/board/lang/ko.php b/modules/board/lang/ko.php
index f5cacc355..bb4cfb5fb 100644
--- a/modules/board/lang/ko.php
+++ b/modules/board/lang/ko.php
@@ -35,7 +35,7 @@ $lang->about_customize_bottom_list = '게시물이 많은 경우 하단목록 
 $lang->about_use_anonymous_part1 = '글쓴이의 정보를 제거하고 익명으로 게시판을 사용하도록 합니다.';
 $lang->about_use_anonymous_part2 = '스킨 설정에서 글쓴이 정보 등을 숨기도록 설정하면 더욱 유용합니다.<br>추가 설정에서 문서 히스토리가 켜져 있으면 문서 수정시 작성자가 표시될 수 있으니 주의하십시오.';
 $lang->about_anonymous_except_admin = '관리권한이 있는 회원은 익명으로 표시되지 않도록 합니다.';
-$lang->about_anonymous_name = '익명 기능을 사용할 때 표시할 익명 닉네임을 정할 수 있습니다.<br><b>$NUM</b>을 사용하면 회원마다 고유한 난수를 부여할 수 있습니다. (예: 익명_$NUM → 익명_12345678)<br><b>$DAILYNUM</b>을 사용하면 매일 난수가 변경되고, <b>$DOCNUM</b>을 사용하면 문서마다 변경됩니다.<br><b>$DOCDAILYNUM</b>을 사용하면 문서마다 각각, 그리고 매일 변경됩니다.';
+$lang->about_anonymous_name = '익명 기능을 사용할 때 표시할 익명 닉네임을 정할 수 있습니다.<br><b>$NUM</b>을 사용하면 회원마다 고유한 난수를 부여할 수 있습니다. (예: 익명_$NUM → 익명_12345678)<br><b>$DAILYNUM</b>을 사용하면 매일 난수가 변경되고, <b>$DOCNUM</b>을 사용하면 문서마다 변경됩니다.<br><b>$DOCDAILYNUM</b>을 사용하면 문서마다 각각, 그리고 매일 변경됩니다.<br>각 변수 뒤에 <strong>$DAILYNUM:5</strong>와 같이 1~8 숫자를 붙여 자릿수를 조정할 수 있습니다.';
 $lang->about_board = '게시판을 생성하고 관리할 수 있습니다.';
 $lang->about_consultation = '상담 기능은 관리권한이 없는 회원은 자신이 쓴 글만 보이도록 하는 기능입니다. 단 상담기능 사용시 비회원 글쓰기는 자동으로 금지됩니다.';
 $lang->about_secret = '게시판 및 댓글의 비밀글 기능을 사용할 수 있도록 합니다.';