mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-26 13:52:24 +09:00
Merge branch 'master' into develop
Conflicts: common/js/common.js common/js/xe.js common/js/xe.min.js modules/editor/skins/xpresseditor/js/xpresseditor.min.js
This commit is contained in:
bnu
commit
5c4b313eeb
19 changed files with 156 additions and 129 deletions
|
|
@ -337,11 +337,9 @@ class Context
|
|||
array(&$oSessionController, 'open'), array(&$oSessionController, 'close'), array(&$oSessionModel, 'read'), array(&$oSessionController, 'write'), array(&$oSessionController, 'destroy'), array(&$oSessionController, 'gc')
|
||||
);
|
||||
}
|
||||
|
||||
if($sess = $_POST[session_name()]) session_id($sess);
|
||||
session_start();
|
||||
if($sess = $_POST[session_name()])
|
||||
{
|
||||
session_id($sess);
|
||||
}
|
||||
|
||||
// set authentication information in Context and session
|
||||
if(self::isInstalled())
|
||||
|
|
|
|||
|
|
@ -380,6 +380,22 @@ class ModuleHandler extends Handler
|
|||
$kind = 'admin';
|
||||
}
|
||||
|
||||
if($kind == 'admin')
|
||||
{
|
||||
$oMemberController = ModuleHandler::getModuleInstance('member', 'controller');
|
||||
$validate_session = $oMemberController->validateSession();
|
||||
$oMemberController->regenerateSession();
|
||||
if(!$validate_session)
|
||||
{
|
||||
$this->error = 'security_invalid_session';
|
||||
$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
|
||||
// check REQUEST_METHOD in controller
|
||||
if($type == 'controller')
|
||||
{
|
||||
|
|
@ -579,7 +595,7 @@ class ModuleHandler extends Handler
|
|||
if($kind == 'admin')
|
||||
{
|
||||
$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
|
||||
if(!$grant->is_admin && !$grant->manager)
|
||||
if(!$grant->manager)
|
||||
{
|
||||
$this->_setInputErrorToContext();
|
||||
$this->error = 'msg_is_not_manager';
|
||||
|
|
@ -589,6 +605,19 @@ class ModuleHandler extends Handler
|
|||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
|
||||
{
|
||||
$this->_setInputErrorToContext();
|
||||
$this->error = 'msg_is_not_administrator';
|
||||
$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
|
||||
$oMessageObject->setError(-1);
|
||||
$oMessageObject->setMessage($this->error);
|
||||
$oMessageObject->dispMessage();
|
||||
return $oMessageObject;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
|
||||
|
|
|
|||
|
|
@ -596,25 +596,14 @@ function doDocumentLoad(obj) {
|
|||
}
|
||||
|
||||
/* 저장된 게시글의 선택 */
|
||||
function doDocumentSelect(document_srl, module) {
|
||||
function doDocumentSelect(document_srl) {
|
||||
if(!opener || !opener.objForSavedDoc) {
|
||||
window.close();
|
||||
return;
|
||||
}
|
||||
|
||||
if(module===undefined) {
|
||||
module = 'document';
|
||||
}
|
||||
|
||||
// 게시글을 가져와서 등록하기
|
||||
switch(module) {
|
||||
case 'page' :
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispPageAdminContentModify');
|
||||
break;
|
||||
default :
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
|
||||
break;
|
||||
}
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
|
||||
window.close();
|
||||
}
|
||||
|
||||
|
|
@ -911,7 +900,7 @@ function get_by_id(id) {
|
|||
|
||||
jQuery(function($){
|
||||
// display popup menu that contains member actions and document actions
|
||||
$(document).on('click touchstart', function(evt) {
|
||||
$(document).on('click', function(evt) {
|
||||
var $area = $('#popup_menu_area');
|
||||
if(!$area.length) $area = $('<div id="popup_menu_area" tabindex="0" style="display:none;z-index:9999" />').appendTo(document.body);
|
||||
|
||||
|
|
|
|||
131
common/js/xe.js
131
common/js/xe.js
|
|
@ -595,25 +595,14 @@ function doDocumentLoad(obj) {
|
|||
}
|
||||
|
||||
/* 저장된 게시글의 선택 */
|
||||
function doDocumentSelect(document_srl, module) {
|
||||
function doDocumentSelect(document_srl) {
|
||||
if(!opener || !opener.objForSavedDoc) {
|
||||
window.close();
|
||||
return;
|
||||
}
|
||||
|
||||
if(module===undefined) {
|
||||
module = 'document';
|
||||
}
|
||||
|
||||
// 게시글을 가져와서 등록하기
|
||||
switch(module) {
|
||||
case 'page' :
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispPageAdminContentModify');
|
||||
break;
|
||||
default :
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
|
||||
break;
|
||||
}
|
||||
opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
|
||||
window.close();
|
||||
}
|
||||
|
||||
|
|
@ -910,7 +899,7 @@ function get_by_id(id) {
|
|||
|
||||
jQuery(function($){
|
||||
// display popup menu that contains member actions and document actions
|
||||
$(document).on('click touchstart', function(evt) {
|
||||
$(document).on('click', function(evt) {
|
||||
var $area = $('#popup_menu_area');
|
||||
if(!$area.length) $area = $('<div id="popup_menu_area" tabindex="0" style="display:none;z-index:9999" />').appendTo(document.body);
|
||||
|
||||
|
|
@ -1662,55 +1651,31 @@ function xml2json(xml, tab, ignoreAttrib) {
|
|||
|
||||
if(typeof(xeVid)!='undefined') $.extend(data,{vid:xeVid});
|
||||
|
||||
try {
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
dataType: "json",
|
||||
url: request_uri,
|
||||
contentType: "application/json",
|
||||
data: $.param(data),
|
||||
success: function(data) {
|
||||
$(".wfsr").hide().trigger('cancel_confirm');
|
||||
if(data.error != '0' && data.error > -1000) {
|
||||
if(data.error == -1 && data.message == 'msg_is_not_administrator') {
|
||||
alert('You are not logged in as an administrator');
|
||||
if($.isFunction(callback_error)) callback_error(data);
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
dataType: "json",
|
||||
url: request_uri,
|
||||
contentType: "application/json",
|
||||
data: $.param(data),
|
||||
success: function(data) {
|
||||
$(".wfsr").hide().trigger('cancel_confirm');
|
||||
if(data.error != '0' && data.error > -1000) {
|
||||
if(data.error == -1 && data.message == 'msg_is_not_administrator') {
|
||||
alert('You are not logged in as an administrator');
|
||||
if($.isFunction(callback_error)) callback_error(data);
|
||||
|
||||
return;
|
||||
} else {
|
||||
alert(data.message);
|
||||
if($.isFunction(callback_error)) callback_error(data);
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if($.isFunction(callback_sucess)) callback_sucess(data);
|
||||
},
|
||||
error: function(xhr, textStatus) {
|
||||
$(".wfsr").hide();
|
||||
|
||||
var msg = '';
|
||||
|
||||
if (textStatus == 'parsererror') {
|
||||
msg = 'The result is not valid JSON :\n-------------------------------------\n';
|
||||
|
||||
if(xhr.responseText === "") return;
|
||||
|
||||
msg += xhr.responseText.replace(/<[^>]+>/g, '');
|
||||
return;
|
||||
} else {
|
||||
msg = textStatus;
|
||||
}
|
||||
alert(data.message);
|
||||
if($.isFunction(callback_error)) callback_error(data);
|
||||
|
||||
try{
|
||||
console.log(msg);
|
||||
} catch(ee){}
|
||||
return;
|
||||
}
|
||||
}
|
||||
});
|
||||
} catch(e) {
|
||||
alert(e);
|
||||
return;
|
||||
}
|
||||
|
||||
if($.isFunction(callback_sucess)) callback_sucess(data);
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
|
|
@ -1730,43 +1695,17 @@ function xml2json(xml, tab, ignoreAttrib) {
|
|||
if(show_waiting_message) $(".wfsr").html(waiting_message).show();
|
||||
|
||||
$.extend(data,{module:action[0],act:action[1]});
|
||||
try {
|
||||
$.ajax({
|
||||
type:"POST",
|
||||
dataType:"html",
|
||||
url:request_uri,
|
||||
data:$.param(data),
|
||||
success : function(html){
|
||||
$(".wfsr").hide().trigger('cancel_confirm');
|
||||
self[type](html);
|
||||
if($.isFunction(func)) func(args);
|
||||
},
|
||||
error: function(xhr, textStatus) {
|
||||
$(".wfsr").hide();
|
||||
|
||||
var msg = '';
|
||||
|
||||
if (textStatus == 'parsererror') {
|
||||
msg = 'The result is not valid page :\n-------------------------------------\n';
|
||||
|
||||
if(xhr.responseText === "") return;
|
||||
|
||||
msg += xhr.responseText.replace(/<[^>]+>/g, '');
|
||||
} else {
|
||||
msg = textStatus;
|
||||
}
|
||||
|
||||
try{
|
||||
console.log(msg);
|
||||
} catch(ee){}
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
} catch(e) {
|
||||
alert(e);
|
||||
return;
|
||||
}
|
||||
$.ajax({
|
||||
type:"POST",
|
||||
dataType:"html",
|
||||
url:request_uri,
|
||||
data:$.param(data),
|
||||
success : function(html){
|
||||
$(".wfsr").hide().trigger('cancel_confirm');
|
||||
self[type](html);
|
||||
if($.isFunction(func)) func(args);
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
|||
3
common/js/xe.min.js
vendored
3
common/js/xe.min.js
vendored
File diff suppressed because one or more lines are too long
|
|
@ -3717,6 +3717,19 @@
|
|||
<value xml:lang="mn"><![CDATA[%s-ын хэлбэр буруу байна. Зөвхөн тоогоор оруулах ёстой.]]></value>
|
||||
</item>
|
||||
</item>
|
||||
<item name="security_invalid_session">
|
||||
<value xml:lang="ko"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="jp"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="zh-CN"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="zh-TW"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="fr"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="de"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="es"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="tr"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="vi"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
<value xml:lang="mn"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
|
||||
</item>
|
||||
<item name="security_warning_embed">
|
||||
<value xml:lang="ko"><![CDATA[보안 문제로 관리자 아이디로는 embed를 볼 수 없습니다. 확인하려면 다른 아이디로 접속하세요]]></value>
|
||||
<value xml:lang="en"><![CDATA[Due to security concern, administrators are not allowed to view embedded items.<BR /> To view them, please use another non-administrator ID.]]></value>
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
|
|||
/**
|
||||
* Display XE's full version.
|
||||
*/
|
||||
define('__XE_VERSION__', '1.7.5.7');
|
||||
define('__XE_VERSION__', '1.7.6');
|
||||
define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
|
||||
define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
|
||||
define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@
|
|||
<permission action="procDocumentDeleteCategory" target="member" />
|
||||
<permission action="procDocumentMakeXmlFile" target="member" />
|
||||
<permission action="procDocumentAdminMoveToTrash" target="member" />
|
||||
|
||||
<permission action="procDocumentAdminInsertExtraVar" target="manager" />
|
||||
<permission action="procDocumentAdminDeleteExtraVar" target="manager" />
|
||||
</permissions>
|
||||
<actions>
|
||||
<action name="dispDocumentPrint" type="view" />
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -115,6 +115,7 @@ var uploadAutosaveChecker = false;
|
|||
}
|
||||
|
||||
if(is_def(window.xeVid)) settings.post_params.vid = xeVid;
|
||||
settings.sessionName = cfg.sessionName;
|
||||
settings.post_params[cfg.sessionName] = getCookie(cfg.sessionName);
|
||||
|
||||
uploaderSettings[seq] = settings;
|
||||
|
|
@ -166,6 +167,7 @@ var uploadAutosaveChecker = false;
|
|||
},
|
||||
onFileDialogComplete : function(numFilesSelected, numFilesQueued) {
|
||||
try {
|
||||
this.addPostParam(this.settings.sessionName, getCookie(this.settings.sessionName));
|
||||
this.startUpload();
|
||||
} catch (e) {
|
||||
this.debug(e);
|
||||
|
|
@ -173,6 +175,7 @@ var uploadAutosaveChecker = false;
|
|||
},
|
||||
onUploadStart : _true,
|
||||
onUploadProgress : function(file, bytesLoaded, bytesTotal) {
|
||||
this.addPostParam(this.settings.sessionName, getCookie(this.settings.sessionName));
|
||||
try {
|
||||
var $list, $lastopt, percent, filename;
|
||||
|
||||
|
|
|
|||
2
modules/editor/tpl/js/uploader.min.js
vendored
2
modules/editor/tpl/js/uploader.min.js
vendored
File diff suppressed because one or more lines are too long
|
|
@ -1,7 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<module>
|
||||
<grants />
|
||||
<permissions />
|
||||
<permissions>
|
||||
<permission action="procFileAdminInsertModuleConfig" target="manager" />
|
||||
</permissions>
|
||||
<actions>
|
||||
<action name="dispFileAdminList" type="view" admin_index="true" menu_name="file" menu_index="true" />
|
||||
<action name="dispFileAdminConfig" type="view" menu_name="fileUpload" menu_index="true" />
|
||||
|
|
|
|||
|
|
@ -1810,6 +1810,8 @@ class memberController extends member
|
|||
}
|
||||
}
|
||||
|
||||
$_SESSION['session_checkup'] = null;
|
||||
$this->regenerateSession();
|
||||
$this->setSessionInfo();
|
||||
|
||||
return $output;
|
||||
|
|
@ -1869,6 +1871,31 @@ class memberController extends member
|
|||
$this->addMemberMenu( 'dispMemberOwnDocument', 'cmd_view_own_document');
|
||||
}
|
||||
|
||||
function validateSession()
|
||||
{
|
||||
$destory_session = false;
|
||||
|
||||
if($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) $destory_session = true;
|
||||
|
||||
if($destory_session)
|
||||
{
|
||||
$this->destroySessionInfo();
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function regenerateSession()
|
||||
{
|
||||
if(!$_SESSION['session_checkup'] || time() - $_SESSION['session_checkup'] > 30)
|
||||
{
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['session_checkup'] = time();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Logged method for providing a personalized menu
|
||||
* Login information is used in the output widget, or personalized page
|
||||
|
|
|
|||
|
|
@ -234,6 +234,12 @@ class memberModel extends member
|
|||
}
|
||||
Context::set('logged_info', $logged_info);
|
||||
|
||||
if($logged_info->is_admin == 'Y' || $logged_info->is_site_admin)
|
||||
{
|
||||
$oMemberController = getController('member');
|
||||
$oMemberController->regenerateSession();
|
||||
}
|
||||
|
||||
return $logged_info;
|
||||
}
|
||||
return NULL;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,16 @@
|
|||
<permissions>
|
||||
<permission action="dispModuleSelectList" target="member" />
|
||||
<permission action="getModuleAdminGrant" target="manager" />
|
||||
<permission action="getModuleAdminLangCode" target="manager" />
|
||||
<permission action="getModuleAdminLangListByName" target="manager" />
|
||||
<permission action="getModuleAdminLangListByValue" target="manager" />
|
||||
<permission action="getLangListByLangcodeForAutoComplete" target="manager" />
|
||||
<permission action="getLangByLangcode" target="manager" />
|
||||
<permission action="getModuleAdminMultilingualHtml" target="manager" />
|
||||
<permission action="getModuleAdminLangListHtml" target="manager" />
|
||||
<permission action="procModuleAdminInsertLang" target="manager" />
|
||||
<permission action="procModuleAdminInsertGrant" target="manager" />
|
||||
<permission action="procModuleAdminUpdateSkinInfo" target="manager" />
|
||||
</permissions>
|
||||
<actions>
|
||||
<action name="dispModuleSelectList" type="view" />
|
||||
|
|
|
|||
|
|
@ -1995,14 +1995,19 @@ class moduleModel extends module
|
|||
if(!$module_srl)
|
||||
{
|
||||
$grant->access = true;
|
||||
if($this->isSiteAdmin($member_info, $module_info->site_srl)) $grant->access = $grant->is_admin = $grant->manager = $grant->is_site_admin = true;
|
||||
else $grant->is_admin = $grant->manager = $member_info->is_admin=='Y'?true:false;
|
||||
// If module_srl exists
|
||||
if($this->isSiteAdmin($member_info, $module_info->site_srl))
|
||||
{
|
||||
$grant->access = $grant->manager = $grant->is_site_admin = true;
|
||||
}
|
||||
|
||||
$grant->is_admin = $grant->manager = ($member_info->is_admin == 'Y') ? true : false;
|
||||
}
|
||||
else
|
||||
{
|
||||
// If module_srl exists
|
||||
// Get a type of granted permission
|
||||
$grant->access = $grant->is_admin = $grant->manager = $grant->is_site_admin = ($member_info->is_admin=='Y'||$this->isSiteAdmin($member_info, $module_info->site_srl))?true:false;
|
||||
$grant->access = $grant->manager = $grant->is_site_admin = ($member_info->is_admin=='Y'||$this->isSiteAdmin($member_info, $module_info->site_srl))?true:false;
|
||||
$grant->is_admin = ($member_info->is_admin == 'Y') ? true : false;
|
||||
// If a just logged-in member is, check if the member is a module administrator
|
||||
if(!$grant->manager && $member_info->member_srl)
|
||||
{
|
||||
|
|
@ -2010,7 +2015,7 @@ class moduleModel extends module
|
|||
$args->module_srl = $module_srl;
|
||||
$args->member_srl = $member_info->member_srl;
|
||||
$output = executeQuery('module.getModuleAdmin',$args);
|
||||
if($output->data && $output->data->member_srl == $member_info->member_srl) $grant->manager = $grant->is_admin = true;
|
||||
if($output->data && $output->data->member_srl == $member_info->member_srl) $grant->manager = true;
|
||||
}
|
||||
// If not an administrator, get information from the DB and grant manager privilege.
|
||||
if(!$grant->manager)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<module>
|
||||
<grants />
|
||||
<permissions />
|
||||
<permissions>
|
||||
<permission action="procPointAdminInsertPointModuleConfig" target="manager" />
|
||||
</permissions>
|
||||
<actions>
|
||||
<action name="dispPointAdminConfig" type="view" admin_index="true" menu_name="point" menu_index="true" />
|
||||
<action name="dispPointAdminModuleConfig" type="view" menu_name="point" />
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<module>
|
||||
<grants />
|
||||
<permissions />
|
||||
<permissions>
|
||||
<permission action="procRssAdminInsertModuleConfig" target="manager" />
|
||||
</permissions>
|
||||
<actions>
|
||||
<action name="dispRssAdminIndex" type="view" index="true" admin_index="true" menu_name="rss" menu_index="true" />
|
||||
<action name="rss" type="view" />
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue