Merge branch 'develop' into pr/session-class

classes/context/Context.class.php

@@ -1425,6 +1425,14 @@ class Context
 			{
 				$result[$k] = urlencode($v);
 			}
+			elseif($key === 'xe_validator_id')
+			{
+				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
+			}
+			elseif(starts_with('XE_VALIDATOR_', $key, false))
+			{
+				unset($result[$k]);
+			}
 			else
 			{
 				$result[$k] = $v;
@@ -1513,6 +1521,10 @@ class Context
 		}
 		
 		// Allow if the current user is in the list of allowed IPs.
+		if (PHP_SAPI === 'cli')
+		{
+			return;
+		}
 		if (Rhymix\Framework\Filters\IpFilter::inRanges(RX_CLIENT_IP, config('lock.allow')))
 		{
 			return;

classes/db/DB.class.php

@@ -369,7 +369,7 @@ class DB
 		$log['time'] = date('Y-m-d H:i:s');
 		$log['backtrace'] = array();
 
-		if (config('debug.enabled') && in_array('queries', config('debug.display_content')))
+		if (config('debug.enabled') && ($this->isError() || in_array('queries', config('debug.display_content'))))
 		{
 			$bt = debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS);
 			foreach($bt as $no => $call)

classes/display/HTMLDisplayHandler.php

@@ -201,7 +201,7 @@ class HTMLDisplayHandler
 		if(is_array(Context::get('INPUT_ERROR')))
 		{
 			$INPUT_ERROR = Context::get('INPUT_ERROR');
-			$keys = array_keys($INPUT_ERROR);
+			$keys = array_map(function($str) { return preg_quote($str, '@'); }, array_keys($INPUT_ERROR));
 			$keys = '(' . implode('|', $keys) . ')';
 
 			$output = preg_replace_callback('@(<input)([^>]*?)\sname="' . $keys . '"([^>]*?)/?>@is', array(&$this, '_preserveValue'), $output);
@@ -259,42 +259,28 @@ class HTMLDisplayHandler
 
 		// get type
 		$type = 'text';
-		if(preg_match('/\stype="([a-z]+)"/i', $str, $m))
+		if(preg_match('/\stype="([^"]+)"/i', $str, $m))
 		{
 			$type = strtolower($m[1]);
 		}
 
 		switch($type)
 		{
-			case 'text':
-			case 'hidden':
-			case 'email':
-			case 'search':
-			case 'tel':
-			case 'url':
-			case 'email':
-			case 'datetime':
-			case 'date':
-			case 'month':
-			case 'week':
-			case 'time':
-			case 'datetime-local':
-			case 'number':
-			case 'range':
-			case 'color':
-				$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str) . ' value="' . htmlspecialchars($INPUT_ERROR[$match[3]], ENT_COMPAT | ENT_HTML401, 'UTF-8', false) . '"';
-				break;
-			case 'password':
-				$str = preg_replace('@\svalue="[^"]*?"@', ' ', $str);
-				break;
 			case 'radio':
 			case 'checkbox':
-				$str = preg_replace('@\schecked(="[^"]*?")?@', ' ', $str);
-				if(@preg_match('@\s(?i:value)="' . $INPUT_ERROR[$match[3]] . '"@', $str))
+				if(preg_match('@\s(?i:value)="' . preg_quote($INPUT_ERROR[$match[3]], '@') . '"@', $str))
 				{
-					$str .= ' checked="checked"';
+					$str = preg_replace('@\schecked(="[^"]*?")?@', ' checked="checked"', $str);
 				}
 				break;
+			default:
+				if (!preg_match('@\svalue="([^"]*?)"@', $str))
+				{
+					$str = $str . ' value=""';
+				}
+				$str = preg_replace_callback('@\svalue="([^"]*?)"@', function() use($INPUT_ERROR, $match) {
+					return ' value="' . escape($INPUT_ERROR[$match[3]], true) . '"';
+				}, $str);
 		}
 
 		return $str . ' />';
@@ -333,7 +319,7 @@ class HTMLDisplayHandler
 	{
 		$INPUT_ERROR = Context::get('INPUT_ERROR');
 		preg_match('@<textarea.*?>@is', $matches[0], $mm);
-		return $mm[0] . $INPUT_ERROR[$matches[1]] . '</textarea>';
+		return $mm[0] . escape($INPUT_ERROR[$matches[1]], true) . '</textarea>';
 	}
 
 	/**
@@ -403,7 +389,7 @@ class HTMLDisplayHandler
 		if ($document_srl)
 		{
 			$oDocument = Context::get('oDocument') ?: getModel('document')->getDocument($document_srl, false, false);
-			if ($oDocument instanceof documentItem && $oDocument->document_srl == $document_srl && !$oDocument->isSecret())
+			if (is_object($oDocument) && $oDocument->document_srl == $document_srl && (!method_exists($oDocument, 'isSecret') || !$oDocument->isSecret()))
 			{
 				$page_type = 'article';
 			}

classes/file/FileHandler.class.php

@@ -208,15 +208,7 @@ class FileHandler
 	 */
 	public static function removeBlankDir($path)
 	{
-		$path = self::getRealPath($path);
-		if (Rhymix\Framework\Storage::isEmptyDirectory($path))
-		{
-			return Rhymix\Framework\Storage::deleteDirectory($path);
-		}
-		else
-		{
-			return false;
-		}
+		return Rhymix\Framework\Storage::deleteEmptyDirectory(self::getRealPath($path), false);
 	}
 
 	/**
@@ -256,12 +248,22 @@ class FileHandler
 			return $size . 'Bytes';
 		}
 
-		if($size >= 1024 && $size < 1024 * 1024)
+		if($size >= 1024 && $size < (1024 * 1024))
 		{
 			return sprintf("%0.1fKB", $size / 1024);
 		}
 
-		return sprintf("%0.2fMB", $size / (1024 * 1024));
+		if($size >= (1024 * 1024) && $size < (1024 * 1024 * 1024))
+		{
+			return sprintf("%0.2fMB", $size / (1024 * 1024));
+		}
+
+		if($size >= (1024 * 1024 * 1024) && $size < (1024 * 1024 * 1024 * 1024))
+		{
+			return sprintf("%0.2fGB", $size / (1024 * 1024 * 1024));
+		}
+
+		return sprintf("%0.2fTB", $size / (1024 * 1024 * 1024 * 1024));
 	}
 
 	/**
@@ -426,11 +428,14 @@ class FileHandler
 	 */
 	public static function returnBytes($val)
 	{
+		$val = preg_replace('/[^0-9\.PTGMK]/', '', $val);
 		$unit = strtoupper(substr($val, -1));
 		$val = (float)$val;
 
 		switch ($unit)
 		{
+			case 'P': $val *= 1024;
+			case 'T': $val *= 1024;
 			case 'G': $val *= 1024;
 			case 'M': $val *= 1024;
 			case 'K': $val *= 1024;

classes/module/ModuleHandler.class.php

@@ -909,7 +909,7 @@ class ModuleHandler extends Handler
 	public static function _setInputValueToSession()
 	{
 		$requestVars = Context::getRequestVars();
-		unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url);
+		unset($requestVars->act, $requestVars->mid, $requestVars->vid, $requestVars->success_return_url, $requestVars->error_return_url, $requestVars->xe_validator_id);
 		foreach($requestVars AS $key => $value)
 		{
 			$_SESSION['INPUT_ERROR'][$key] = $value;