From 565cfad15f0a177605fd3ee7a32b60f3b97ef5be Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 22 Sep 2023 02:05:14 +0900
Subject: [PATCH] Clean up trash handling logic

---
 modules/comment/comment.controller.php   |  9 ++--
 modules/document/document.controller.php | 64 ++++++------------------
 modules/trash/model/TrashVO.php          |  6 +--
 modules/trash/trash.admin.controller.php |  7 +--
 4 files changed, 25 insertions(+), 61 deletions(-)

diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 8bfd76b5d..59117d702 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -1365,16 +1365,16 @@ class CommentController extends Comment
 			}
 		}
 
-		$oDB = DB::getInstance();
-		$oDB->begin();
-
 		require_once(RX_BASEDIR.'modules/trash/model/TrashVO.php');
 		$oTrashVO = new TrashVO();
 		$oTrashVO->setTrashSrl(getNextSequence());
 		$oTrashVO->setTitle(mb_substr($oComment->getContentText(100), 0, 250, 'UTF-8'));
 		$oTrashVO->setOriginModule('comment');
 		$oTrashVO->setSerializedObject(serialize($oComment->variables));
-		$oTrashVO->setDescription($obj->description);
+		$oTrashVO->setDescription($obj->description ?? '');
+
+		$oDB = DB::getInstance();
+		$oDB->begin();
 
 		$oTrashAdminController = getAdminController('trash');
 		$output = $oTrashAdminController->insertTrash($oTrashVO);
@@ -1437,7 +1437,6 @@ class CommentController extends Comment
 		Rhymix\Framework\Storage::deleteDirectory(RX_BASEDIR . sprintf('files/thumbnails/%s', getNumberingPath($obj->comment_srl, 3)));
 
 		$output->add('document_srl', $oComment->document_srl);
-
 		return $output;
 	}
 
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index bfb1780ae..ad96d828d 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -1362,11 +1362,7 @@ class DocumentController extends Document
 	 */
 	function moveDocumentToTrash($obj)
 	{
-		$trash_args = new stdClass();
-		// Get trash_srl if a given trash_srl doesn't exist
-		if(!$obj->trash_srl) $trash_args->trash_srl = getNextSequence();
-		else $trash_args->trash_srl = $obj->trash_srl;
-		// Get its module_srl which the document belongs to
+		// Check the document and grants
 		$oDocument = DocumentModel::getDocument($obj->document_srl);
 		if(!$oDocument->isExists())
 		{
@@ -1384,48 +1380,23 @@ class DocumentController extends Document
 				return new BaseObject(-1, 'msg_admin_document_no_move_to_trash');
 			}
 		}
-
-		$trash_args->module_srl = $oDocument->get('module_srl');
-		$obj->module_srl = $oDocument->get('module_srl');
-		// Cannot throw data from the trash to the trash
-		if($trash_args->module_srl == 0)
+		if($oDocument->get('module_srl') == 0)
 		{
 			return new BaseObject(-1, 'Cannot throw data from the trash to the trash');
 		}
-		// Data setting
-		$trash_args->document_srl = $obj->document_srl;
-		$trash_args->description = $obj->description;
-		// Insert member's information only if the member is logged-in and not manually registered.
-		if($this->user->isMember())
-		{
-			$trash_args->member_srl = $this->user->member_srl;
-			$trash_args->user_id = htmlspecialchars_decode($this->user->user_id);
-			$trash_args->user_name = htmlspecialchars_decode($this->user->user_name);
-			$trash_args->nick_name = htmlspecialchars_decode($this->user->nick_name);
-		}
-		// Date setting for updating documents
-		$document_args = new stdClass;
-		$document_args->module_srl = 0;
-		$document_args->document_srl = $obj->document_srl;
 
-		// begin transaction
-		$oDB = DB::getInstance();
-		$oDB->begin();
-
-		/*$output = executeQuery('document.insertTrash', $trash_args);
-		  if (!$output->toBool()) {
-		  $oDB->rollback();
-		  return $output;
-		  }*/
-
-		// new trash module
+		// Create trash object.
 		require_once(RX_BASEDIR.'modules/trash/model/TrashVO.php');
 		$oTrashVO = new TrashVO();
 		$oTrashVO->setTrashSrl(getNextSequence());
 		$oTrashVO->setTitle($oDocument->variables['title']);
 		$oTrashVO->setOriginModule('document');
 		$oTrashVO->setSerializedObject(serialize($oDocument->variables));
-		$oTrashVO->setDescription($obj->description);
+		$oTrashVO->setDescription($obj->description ?? '');
+
+		// begin transaction
+		$oDB = DB::getInstance();
+		$oDB->begin();
 
 		$oTrashAdminController = getAdminController('trash');
 		$output = $oTrashAdminController->insertTrash($oTrashVO);
@@ -1435,24 +1406,18 @@ class DocumentController extends Document
 			return $output;
 		}
 
-		$output = executeQuery('document.deleteDocument', $trash_args);
+		$output = executeQuery('document.deleteDocument', ['document_srl' => $oDocument->document_srl]);
 		if(!$output->toBool())
 		{
 			$oDB->rollback();
 			return $output;
 		}
 
-		/*$output = executeQuery('document.updateDocument', $document_args);
-		  if (!$output->toBool()) {
-		  $oDB->rollback();
-		  return $output;
-		  }*/
-
 		// update category
-		if($oDocument->get('category_srl')) $this->updateCategoryCount($oDocument->get('module_srl'),$oDocument->get('category_srl'));
-
-		// remove thumbnails
-		Rhymix\Framework\Storage::deleteDirectory(RX_BASEDIR . sprintf('files/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
+		if ($oDocument->get('category_srl'))
+		{
+			$this->updateCategoryCount($oDocument->get('module_srl'), $oDocument->get('category_srl'));
+		}
 
 		// Set the attachment to be invalid state
 		if($oDocument->hasUploadedFiles())
@@ -1474,6 +1439,9 @@ class DocumentController extends Document
 		// commit
 		$oDB->commit();
 
+		// remove thumbnails
+		Rhymix\Framework\Storage::deleteDirectory(RX_BASEDIR . sprintf('files/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
+
 		// Clear cache
 		self::clearDocumentCache($oDocument->document_srl);
 		return $output;
diff --git a/modules/trash/model/TrashVO.php b/modules/trash/model/TrashVO.php
index f7b62dbe7..8c9e27c41 100644
--- a/modules/trash/model/TrashVO.php
+++ b/modules/trash/model/TrashVO.php
@@ -24,8 +24,8 @@ class TrashVO
 	}
 	function getTitle()
 	{
-		if(empty($this->title)) return $lang->untitle;
-		return htmlspecialchars($this->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+		if(empty($this->title)) return lang('untitle');
+		return escape($this->title, false);
 	}
 	function setTitle($title)
 	{
@@ -90,7 +90,7 @@ class TrashVO
 	}
 	function getNickName()
 	{
-		return htmlspecialchars($this->nickName, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+		return escape($this->nickName, false);
 	}
 	function setNickName($nickName)
 	{
diff --git a/modules/trash/trash.admin.controller.php b/modules/trash/trash.admin.controller.php
index 5d4c5388a..a211ced3f 100644
--- a/modules/trash/trash.admin.controller.php
+++ b/modules/trash/trash.admin.controller.php
@@ -12,16 +12,13 @@ class trashAdminController extends trash
 {
 	/**
 	 * object insert to trash
-	 * @param TrashVO $obj
+	 * @param TrashVO $oTrashVO
 	 * @return Object
 	 */
-	function insertTrash($obj)
+	function insertTrash($oTrashVO)
 	{
 		$logged_info = Context::get('logged_info');
 
-		$oTrashVO = new TrashVO();
-		$oTrashVO = &$obj;
-
 		if(!$oTrashVO->getTrashSrl()) $oTrashVO->setTrashSrl(getNextSequence());
 		if(!is_string($oTrashVO->getSerializedObject())) $oTrashVO->setSerializedObject(serialize($oTrashVO->getSerializedObject()));
 		$oTrashVO->setIpaddress(\RX_CLIENT_IP);