fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 09:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

코드 정리, 세션 없어서 전송받은 srl참고 할 때 권한 확인

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@6540 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
misol 2009-06-14 11:17:19 +00:00
parent 1a6c988db1
commit 4ac4a8cd21
4 changed files with 268 additions and 241 deletions
Download patch file Download diff file Expand all files Collapse all files

35
modules/document/document.controller.php
View file

@ -218,7 +218,7 @@
// trigger 호출 (after)
if($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('document.insertDocument', 'after', $obj);
$trigger_output = ModuleHandler::triggerCall('document.insertDocument', 'after', $obj);
if(!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
@ -501,7 +501,7 @@
return $output;
}
// update category
// update category
if($oDocument->get('category_srl')) $this->updateCategoryCount($oDocument->get('module_srl'),$oDocument->get('category_srl'));
// commit
@ -549,7 +549,7 @@
**/
function insertDocumentExtraKey($module_srl, $var_idx, $var_name, $var_type, $var_is_required = 'N', $var_search = 'N', $var_default = '', $var_desc = '', $eid) {
if(!$module_srl || !$var_idx || !$var_name || !$var_type || !$eid) return new Object(-1,'msg_invalid_request');
$obj->module_srl = $module_srl;
$obj->var_idx = $var_idx;
$obj->var_name = $var_name;
@ -558,14 +558,14 @@
$obj->var_search = $var_search=='Y'?'Y':'N';
$obj->var_default = $var_default;
$obj->var_desc = $var_desc;
$obj->eid = $eid;
$obj->eid = $eid;
$output = executeQuery('document.getDocumentExtraKeys', $obj);
if(!$output->data) return executeQuery('document.insertDocumentExtraKey', $obj);
$output = executeQuery('document.updateDocumentExtraKey', $obj);
// extra_vars에서 확장 변수 eid를 일괄 업데이트
$output = executeQuery('document.updateDocumentExtraVar', $obj);
// extra_vars에서 확장 변수 eid를 일괄 업데이트
$output = executeQuery('document.updateDocumentExtraVar', $obj);
return $output;
}
@ -589,13 +589,13 @@
function insertDocumentExtraVar($module_srl, $document_srl, $var_idx, $value, $eid = null, $lang_code = '') {
if(!$module_srl || !$document_srl || !$var_idx || !isset($value)) return new Object(-1,'msg_invalid_request');
if(!$lang_code) $lang_code = Context::getLangType();
$obj->module_srl = $module_srl;
$obj->document_srl = $document_srl;
$obj->var_idx = $var_idx;
$obj->value = $value;
$obj->lang_code = $lang_code;
$obj->eid = $eid;
$obj->eid = $eid;
executeQuery('document.insertDocumentExtraVar', $obj);
}
@ -612,7 +612,7 @@
$output = executeQuery('document.deleteDocumentExtraVars', $obj);
return $output;
}
/**
* @brief 해당 document의 추천수 증가
@ -1002,13 +1002,13 @@
function procDocumentInsertCategory($args = null) {
// 입력할 변수 정리
if(!$args) $args = Context::gets('module_srl','category_srl','parent_srl','title','expand','group_srls','color','mid');
if(!$args->module_srl && $args->mid){
$mid = $args->mid;
unset($args->mid);
$args->module_srl = $this->module_srl;
}
if(!$args->module_srl && $args->mid){
$mid = $args->mid;
unset($args->mid);
$args->module_srl = $this->module_srl;
}
// 권한 체크
$oModuleModel = &getModel('module');
$module_info = $oModuleModel->getModuleInfoByModuleSrl($args->module_srl);
@ -1596,6 +1596,5 @@
$this->setError(-1);
$this->setMessage('success_updated');
}
}
?>

10
modules/document/document.item.php
View file

@ -312,8 +312,8 @@
function getSummary($str_size = 50, $tail = '...') {
$content = $this->getContent(false,false);
// 줄바꿈이 있을 때, 공백문자 삽입
$content = preg_replace('!(<br[\s]*/{0,1}>[\s]*)+!is', ' ', $content);
// 줄바꿈이 있을 때, 공백문자 삽입
$content = preg_replace('!(<br[\s]*/{0,1}>[\s]*)+!is', ' ', $content);
// </p>, </div>, </li> 등의 태그를 공백 문자로 치환
$content = str_replace(array('</p>', '</div>', '</li>'), ' ', $content);
@ -324,8 +324,8 @@
// < , > , " 를 치환
$content = str_replace(array('&lt;','&gt;','&quot;','&nbsp;'), array('<','>','"',' '), $content);
// 연속된 공백문자 삭제
$content = preg_replace('/ ( +)/is', ' ', $content);
// 연속된 공백문자 삭제
$content = preg_replace('/ ( +)/is', ' ', $content);
// 문자열을 자름
$content = trim(cut_str($content, $str_size, $tail));
@ -560,7 +560,7 @@
$cnt = count($matches);
for($i=0;$i<$cnt;$i++) {
$target_src = trim($matches[$i][2]);
if(!preg_match("/\.(jpg|png|jpeg|gif|bmp)$/i",$target_src)) continue;
if(!preg_match("/\.(jpg|png|jpeg|gif|bmp)$/i",$target_src)) continue;
if(preg_match('/\/(common|modules|widgets|addons|layouts)\//i', $target_src)) continue;
else {
if(!preg_match('/^(http|https):\/\//i',$target_src)) $target_src = Context::getRequestUri().$target_src;

12
modules/file/file.controller.php
View file

@ -28,7 +28,10 @@
// upload_target_srl 구함
$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
if(!$upload_target_srl) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
$oFileModel = &getModel('file');
if($oFileModel->getIsPermitted(Context::get('uploadTargetSrl'))) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
}
}
if(!$upload_target_srl) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
@ -57,7 +60,10 @@
// upload_target_srl 구함
$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
if(!$upload_target_srl) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
$oFileModel = &getModel('file');
if($oFileModel->getIsPermitted(Context::get('uploadTargetSrl'))) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('uploadTargetSrl');
}
}
if(!$upload_target_srl) {
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
@ -174,7 +180,7 @@
$fp = fopen($uploaded_filename, 'rb');
if(!$fp) return $this->stop('msg_file_not_found');
header("Cache-Control: ");
header("Pragma: ");
header("Content-Type: application/octet-stream");

452
modules/file/file.model.php
View file

@ -1,225 +1,247 @@
<?php
/**
* @class fileModel
* @author zero (zero@nzeo.com)
* @brief file 모듈의 model 클래스
**/
class fileModel extends file {
/**
* @brief 초기화
**/
function init() {
}
/**
* @brief 특정 문서에 속한 첨부파일 목록을 return
**/
function getFileList() {
$mid = Context::get("mid");
$oModuleModel = &getModel('module');
$config = $oModuleModel->getModuleInfoByMid($mid);
Context::set("module_srl",$config->module_srl);
$editor_sequence = Context::get("editor_sequence");
$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
<?php
/**
* @class fileModel
* @author zero (zero@nzeo.com)
* @brief file 모듈의 model 클래스
**/
class fileModel extends file {
/**
* @brief 초기화
**/
function init() {
}
/**
* @brief 특정 문서에 속한 첨부파일 목록을 return
**/
function getFileList() {
$mid = Context::get("mid");
$oModuleModel = &getModel('module');
$config = $oModuleModel->getModuleInfoByMid($mid);
Context::set("module_srl",$config->module_srl);
$editor_sequence = Context::get("editor_sequence");
$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
if(!$upload_target_srl) {
if($this->getIsPermitted(Context::get('upload_target_srl')))
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('upload_target_srl');
}
if($upload_target_srl) {
$tmp_files = $this->getFiles($upload_target_srl);
$file_count = count($tmp_files);
for($i=0;$i<$file_count;$i++) {
$file_info = $tmp_files[$i];
if(!$file_info->file_srl) continue;
$obj = null;
$obj->file_srl = $file_info->file_srl;
$obj->source_filename = $file_info->source_filename;
$obj->file_size = $file_info->file_size;
$obj->disp_file_size = FileHandler::filesize($file_info->file_size);
if($file_info->direct_download=='N') $obj->download_url = $this->getDownloadUrl($file_info->file_srl, $file_info->sid);
else $obj->download_url = str_replace('./', '', $file_info->uploaded_filename);
$obj->direct_download = $file_info->direct_download;
$files[] = $obj;
$attached_size += $file_info->file_size;
}
} else {
$upload_target_srl = 0;
$attached_size = 0;
$files = array();
}
// 업로드 상태 표시 작성
$upload_status = $this->getUploadStatus($attached_size);
// 남은 용량 체크
$file_config = $this->getUploadConfig();
$left_size = $file_config->allowed_attach_size*1024*1024 - $attached_size;
// 필요한 정보들 세팅
$this->add("files",$files);
$this->add("editor_sequence",$editor_sequence);
$this->add("upload_target_srl",$upload_target_srl);
$this->add("upload_status",$upload_status);
$this->add("left_size",$left_size);
}
/**
* @brief 특정 문서에 속한 첨부파일의 개수를 return
**/
function getFilesCount($upload_target_srl) {
$args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getFilesCount', $args);
return (int)$output->data->count;
}
/**
* @brief 다운로드 경로를 구함
**/
function getDownloadUrl($file_srl, $sid) {
return sprintf('?module=%s&amp;act=%s&amp;file_srl=%s&amp;sid=%s', 'file', 'procFileDownload', $file_srl, $sid);
}
/**
* @brief 파일 설정 정보를 구함
**/
function getFileConfig($module_srl = null) {
// 설정 정보를 받아옴 (module model 객체를 이용)
$oModuleModel = &getModel('module');
$file_module_config = $oModuleModel->getModuleConfig('file');
if($module_srl) $file_config = $oModuleModel->getModulePartConfig('file',$module_srl);
if(!$file_config) $file_config = $file_module_config;
if($file_config) {
$config->allowed_filesize = $file_config->allowed_filesize;
$config->allowed_attach_size = $file_config->allowed_attach_size;
$config->allowed_filetypes = $file_config->allowed_filetypes;
$config->download_grant = $file_config->download_grant;
$config->allow_outlink = $file_config->allow_outlink;
$config->allow_outlink_site = $file_config->allow_outlink_site;
$config->allow_outlink_format = $file_config->allow_outlink_format;
}
// 전체 파일첨부 속성을 먼저 따른다
if(!$config->allowed_filesize) $config->allowed_filesize = $file_module_config->allowed_filesize;
if(!$config->allowed_attach_size) $config->allowed_attach_size = $file_module_config->allowed_attach_size;
if(!$config->allowed_filetypes) $config->allowed_filetypes = $file_module_config->allowed_filetypes;
if(!$config->allow_outlink) $config->allow_outlink = $file_module_config->allow_outlink;
if(!$config->allow_outlink_site) $config->allow_outlink_site = $file_module_config->allow_outlink_site;
if(!$config->allow_outlink_format) $config->allow_outlink_format = $file_module_config->allow_outlink_format;
if(!$config->download_grant) $config->download_grant = $file_module_config->download_grant;
// 그래도 없으면 default로
if(!$config->allowed_filesize) $config->allowed_filesize = '2';
if(!$config->allowed_attach_size) $config->allowed_attach_size = '3';
if(!$config->allowed_filetypes) $config->allowed_filetypes = '*.*';
if(!$config->allow_outlink) $config->allow_outlink = 'Y';
if(!$config->download_grant) $config->download_grant = array();
return $config;
}
/**
* @brief 파일 정보를 구함
**/
function getFile($file_srl) {
$args->file_srl = $file_srl;
$output = executeQuery('file.getFile', $args);
if(!$output->toBool()) return $output;
$file = $output->data;
$file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
return $file;
}
/**
* @brief 특정 문서에 속한 파일을 모두 return
**/
function getFiles($upload_target_srl) {
$args->upload_target_srl = $upload_target_srl;
$args->sort_index = 'file_srl';
$output = executeQuery('file.getFiles', $args);
if(!$output->data) return;
$file_list = $output->data;
if($file_list && !is_array($file_list)) $file_list = array($file_list);
$file_count = count($file_list);
for($i=0;$i<$file_count;$i++) {
$file = $file_list[$i];
$file->source_filename = stripslashes($file->source_filename);
$file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
$file_list[$i] = $file;
}
return $file_list;
}
/**
* @brief 첨부파일에 대한 설정을 return (관리자/비관리자 자동 구분)
**/
function getUploadConfig() {
$logged_info = Context::get('logged_info');
if($logged_info->is_admin == 'Y') {
$file_config->allowed_filesize = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
$file_config->allowed_attach_size = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
$file_config->allowed_filetypes = '*.*';
} else {
$module_srl = Context::get('module_srl');
// module_srl이 없으면 현재 모듈
if(!$module_srl) {
$current_module_info = Context::get('current_module_info');
$module_srl = $current_module_info->module_srl;
}
$file_config = $this->getFileConfig($module_srl);
}
return $file_config;
}
/**
* @brief 파일 업로드를 위한 관리자/비관리자에 따른 안내문구 return
**/
function getUploadStatus($attached_size = 0) {
$file_config = $this->getUploadConfig();
// 업로드 상태 표시 작성
$upload_status = sprintf(
'%s : %s/ %s<br /> %s : %s (%s : %s)',
Context::getLang('allowed_attach_size'),
FileHandler::filesize($attached_size),
FileHandler::filesize($file_config->allowed_attach_size*1024*1024),
Context::getLang('allowed_filesize'),
FileHandler::filesize($file_config->allowed_filesize*1024*1024),
Context::getLang('allowed_filetypes'),
$file_config->allowed_filetypes
);
return $upload_status;
}
/**
* @brief 특정 모듈의 file 설정을 return
**/
function getFileModuleConfig($module_srl) {
return $this->getFileConfig($module_srl);
}
$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = Context::get('upload_target_srl');
}
if($upload_target_srl) {
$tmp_files = $this->getFiles($upload_target_srl);
$file_count = count($tmp_files);
/**
* @brief 사용자가 해당 SRL에 첨부된 파일 수정 권한이 있는지 확인 - 트리거를 통해 반환되는 정보를 이용.
for($i=0;$i<$file_count;$i++) {
$file_info = $tmp_files[$i];
if(!$file_info->file_srl) continue;
$obj = null;
$obj->file_srl = $file_info->file_srl;
$obj->source_filename = $file_info->source_filename;
$obj->file_size = $file_info->file_size;
$obj->disp_file_size = FileHandler::filesize($file_info->file_size);
if($file_info->direct_download=='N') $obj->download_url = $this->getDownloadUrl($file_info->file_srl, $file_info->sid);
else $obj->download_url = str_replace('./', '', $file_info->uploaded_filename);
$obj->direct_download = $file_info->direct_download;
$files[] = $obj;
$attached_size += $file_info->file_size;
}
} else {
$upload_target_srl = 0;
$attached_size = 0;
$files = array();
}
// 업로드 상태 표시 작성
$upload_status = $this->getUploadStatus($attached_size);
// 남은 용량 체크
$file_config = $this->getUploadConfig();
$left_size = $file_config->allowed_attach_size*1024*1024 - $attached_size;
// 필요한 정보들 세팅
$this->add("files",$files);
$this->add("editor_sequence",$editor_sequence);
$this->add("upload_target_srl",$upload_target_srl);
$this->add("upload_status",$upload_status);
$this->add("left_size",$left_size);
}
/**
* @brief 특정 문서에 속한 첨부파일의 개수를 return
**/
function getFilesCount($upload_target_srl) {
$args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getFilesCount', $args);
return (int)$output->data->count;
}
/**
* @brief 다운로드 경로를 구함
**/
function getDownloadUrl($file_srl, $sid) {
return sprintf('?module=%s&amp;act=%s&amp;file_srl=%s&amp;sid=%s', 'file', 'procFileDownload', $file_srl, $sid);
}
/**
* @brief 파일 설정 정보를 구함
**/
function getFileConfig($module_srl = null) {
// 설정 정보를 받아옴 (module model 객체를 이용)
$oModuleModel = &getModel('module');
$file_module_config = $oModuleModel->getModuleConfig('file');
if($module_srl) $file_config = $oModuleModel->getModulePartConfig('file',$module_srl);
if(!$file_config) $file_config = $file_module_config;
if($file_config) {
$config->allowed_filesize = $file_config->allowed_filesize;
$config->allowed_attach_size = $file_config->allowed_attach_size;
$config->allowed_filetypes = $file_config->allowed_filetypes;
$config->download_grant = $file_config->download_grant;
$config->allow_outlink = $file_config->allow_outlink;
$config->allow_outlink_site = $file_config->allow_outlink_site;
$config->allow_outlink_format = $file_config->allow_outlink_format;
}
// 전체 파일첨부 속성을 먼저 따른다
if(!$config->allowed_filesize) $config->allowed_filesize = $file_module_config->allowed_filesize;
if(!$config->allowed_attach_size) $config->allowed_attach_size = $file_module_config->allowed_attach_size;
if(!$config->allowed_filetypes) $config->allowed_filetypes = $file_module_config->allowed_filetypes;
if(!$config->allow_outlink) $config->allow_outlink = $file_module_config->allow_outlink;
if(!$config->allow_outlink_site) $config->allow_outlink_site = $file_module_config->allow_outlink_site;
if(!$config->allow_outlink_format) $config->allow_outlink_format = $file_module_config->allow_outlink_format;
if(!$config->download_grant) $config->download_grant = $file_module_config->download_grant;
// 그래도 없으면 default로
if(!$config->allowed_filesize) $config->allowed_filesize = '2';
if(!$config->allowed_attach_size) $config->allowed_attach_size = '3';
if(!$config->allowed_filetypes) $config->allowed_filetypes = '*.*';
if(!$config->allow_outlink) $config->allow_outlink = 'Y';
if(!$config->download_grant) $config->download_grant = array();
return $config;
}
/**
* @brief 파일 정보를 구함
**/
function getFile($file_srl) {
$args->file_srl = $file_srl;
$output = executeQuery('file.getFile', $args);
if(!$output->toBool()) return $output;
$file = $output->data;
$file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
return $file;
}
/**
* @brief 특정 문서에 속한 파일을 모두 return
**/
function getFiles($upload_target_srl) {
$args->upload_target_srl = $upload_target_srl;
$args->sort_index = 'file_srl';
$output = executeQuery('file.getFiles', $args);
if(!$output->data) return;
$file_list = $output->data;
if($file_list && !is_array($file_list)) $file_list = array($file_list);
$file_count = count($file_list);
for($i=0;$i<$file_count;$i++) {
$file = $file_list[$i];
$file->source_filename = stripslashes($file->source_filename);
$file->download_url = $this->getDownloadUrl($file->file_srl, $file->sid);
$file_list[$i] = $file;
}
return $file_list;
}
/**
* @brief 첨부파일에 대한 설정을 return (관리자/비관리자 자동 구분)
**/
function getUploadConfig() {
$logged_info = Context::get('logged_info');
if($logged_info->is_admin == 'Y') {
$file_config->allowed_filesize = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
$file_config->allowed_attach_size = preg_replace("/[a-z]/is","",ini_get('upload_max_filesize'));
$file_config->allowed_filetypes = '*.*';
} else {
$module_srl = Context::get('module_srl');
// module_srl이 없으면 현재 모듈
if(!$module_srl) {
$current_module_info = Context::get('current_module_info');
$module_srl = $current_module_info->module_srl;
}
$file_config = $this->getFileConfig($module_srl);
}
return $file_config;
}
/**
* @brief 파일 업로드를 위한 관리자/비관리자에 따른 안내문구 return
**/
function getUploadStatus($attached_size = 0) {
$file_config = $this->getUploadConfig();
// 업로드 상태 표시 작성
$upload_status = sprintf(
'%s : %s/ %s<br /> %s : %s (%s : %s)',
Context::getLang('allowed_attach_size'),
FileHandler::filesize($attached_size),
FileHandler::filesize($file_config->allowed_attach_size*1024*1024),
Context::getLang('allowed_filesize'),
FileHandler::filesize($file_config->allowed_filesize*1024*1024),
Context::getLang('allowed_filetypes'),
$file_config->allowed_filetypes
);
return $upload_status;
}
/**
* @brief 특정 모듈의 file 설정을 return
**/
function getFileModuleConfig($module_srl) {
return $this->getFileConfig($module_srl);
}
/**
* @brief 사용자가 해당 SRL에 첨부된 파일 수정 권한이 있는지 확인 - 트리거를 통해 반환되는 정보를 이용.
**/
function getIsPermitted($checking_target) {
Context::set("getIsPermitted", '');
// 문서가 있는지 확인
$oDocumentModel = &getModel('document');
$oDocument = $oDocumentModel->getDocument($checking_target);
if($oDocument->isExists() && $oDocument->document_srl == $document_srl) {
if($oDocument->isGranted()) {
Context::set("getIsPermitted", $checking_target);
return $checking_target;
}
}
// 댓글이 있는지 확인
$oCommentModel = &getModel('comment');
$oComment = $oCommentModel->getComment($checking_target);
if($comment->comment_srl == $comment_srl) {
if($oComment->isGranted()) {
Context::set("getIsPermitted", $checking_target);
return $checking_target;
}
}
// 그 외 모듈에 있는지 확인 (eg. 자동저장 문서)
$obj->uploadTargetSrl = $checking_target;
$output = ModuleHandler::triggerCall('file.getIsPermitted', 'before', $obj);
return Context::get("getIsPermitted");
}
}
?>
}
?>