mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 17:21:39 +09:00
Fix #2117: don't allow adding comments to secret posts
- 비밀글이나 비밀댓글에 댓글이나 대댓글을 달 수 없도록 변경 - 댓글 작성을 시도중인 글이 부모댓글의 document_srl과 일치하는지 확인 - 문서 체크를 본문 내용 검증보다 먼저 수행
This commit is contained in:
Kijin Sung
parent
054d79cc28
commit
51a910a310
1 changed files with 24 additions and 17 deletions
|
|
@ -407,6 +407,20 @@ class boardController extends board
|
|||
// get the relevant data for inserting comment
|
||||
$obj = Context::getRequestVars();
|
||||
|
||||
// Check the document.
|
||||
$oDocument = DocumentModel::getDocument($obj->document_srl);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\TargetNotFound;
|
||||
}
|
||||
if(!$oDocument->isAccessible())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
|
||||
// Comments belong in the same module_srl as the document.
|
||||
$obj->module_srl = $oDocument->get('module_srl');
|
||||
|
||||
// Remove disallowed Unicode symbols.
|
||||
if ($this->module_info->filter_specialchars !== 'N')
|
||||
{
|
||||
|
|
@ -445,15 +459,6 @@ class boardController extends board
|
|||
$this->module_info->secret = 'N';
|
||||
}
|
||||
|
||||
// check if the doument is existed
|
||||
$oDocument = DocumentModel::getDocument($obj->document_srl);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\TargetNotFound;
|
||||
}
|
||||
|
||||
$obj->module_srl = $oDocument->get('module_srl');
|
||||
|
||||
// For anonymous use, remove writer's information and notifying information
|
||||
if($this->module_info->use_anonymous == 'Y' && (!$this->grant->manager || ($this->module_info->anonymous_except_admin ?? 'N') !== 'Y'))
|
||||
{
|
||||
|
|
@ -506,25 +511,27 @@ class boardController extends board
|
|||
// Update document last_update info?
|
||||
$update_document = $this->module_info->update_order_on_comment === 'N' ? false : true;
|
||||
|
||||
// Parent exists.
|
||||
// Check parent comment.
|
||||
if($obj->parent_srl)
|
||||
{
|
||||
$parent_comment = CommentModel::getComment($obj->parent_srl);
|
||||
if(!$parent_comment->comment_srl)
|
||||
if(!$parent_comment->comment_srl || $parent_comment->get('document_srl') != $oDocument->get('document_srl'))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\TargetNotFound;
|
||||
}
|
||||
if(!$parent_comment->isAccessible())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
if($parent_comment->isSecret() && $this->module_info->secret === 'Y')
|
||||
{
|
||||
$obj->is_secret = 'Y';
|
||||
}
|
||||
$output = $oCommentController->insertComment($obj, $manual, $update_document);
|
||||
}
|
||||
// Parent does not exist.
|
||||
else
|
||||
{
|
||||
$output = $oCommentController->insertComment($obj, $manual, $update_document);
|
||||
}
|
||||
|
||||
// Insert comment.
|
||||
$output = $oCommentController->insertComment($obj, $manual, $update_document);
|
||||
|
||||
// Set grant for the new comment.
|
||||
if ($output->toBool())
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue