fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

#18557491 : block embed, multimedia_link when administrators view non-administrator's articles

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@7063 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
haneul 2009-12-21 09:44:57 +00:00
parent f0621b76dc
commit 4a847a93ee
12 changed files with 75 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

27
modules/document/document.item.php
View file

@ -251,6 +251,32 @@
return htmlspecialchars($content);
}
function stripEmbedTagForAdmin(&$content)
{
if(!Context::get('is_logged')) return;
$oModuleModel = &getModel('module');
$logged_info = Context::get('logged_info');
$writer_member_srl = $this->get('member_srl');
if($writer_member_srl != $logged_info->member_srl && ($logged_info->is_admin == "Y" || $oModuleModel->isSiteAdmin($logged_info)) )
{
if($writer_member_srl)
{
$oMemberModel =& getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($writer_member_srl);
if($member_info->is_admin == "Y")
{
return;
}
}
$security_msg = "<div style='border: 1px solid #DDD; background: #FAFAFA; text-align:center; margin: 1em 0;'><p style='margin: 1em;'>".Context::getLang('security_warning_embed')."</p></div>";
$content = preg_replace('/<embed[^>]+>(\s*<\/embed>)?/is', $security_msg, $content);
$content = preg_replace('/<img[^>]+editor_component="multimedia_link"[^>]*>(\s*<\/img>)?/is', $security_msg, $content);
}
return;
}
function getContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true) {
if(!$this->document_srl) return;
@ -259,6 +285,7 @@
$_SESSION['accessible'][$this->document_srl] = true;
$content = $this->get('content');
$this->stripEmbedTagForAdmin($content);
// rewrite모듈을 사용하면 링크 재정의
$oContext = &Context::getInstance();