From 2c610b1aed15614cb75135b80624be5726370bfc Mon Sep 17 00:00:00 2001 From: qw5414 Date: Wed, 10 Feb 2016 05:23:06 +0900 Subject: [PATCH 1/8] Fixed Modify can not be imported DBInfo SSL setting. --- classes/context/Context.class.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 056ce7c72..26b714a57 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -472,16 +472,16 @@ class Context { return; } - + // Copy to old format for backward compatibility. self::$_instance->db_info = self::convertDBInfo($config); self::$_instance->allow_rewrite = self::$_instance->db_info->use_rewrite; - self::set('_http_port', $db_info->http_port ?: null); - self::set('_https_port', $db_info->https_port ?: null); - self::set('_use_ssl', $db_info->use_ssl); - $GLOBALS['_time_zone'] = $db_info->time_zone; + self::set('_http_port', self::$_instance->db_info->http_port ?: null); + self::set('_https_port', self::$_instance->db_info->https_port ?: null); + self::set('_use_ssl', self::$_instance->db_info->use_ssl); + $GLOBALS['_time_zone'] = self::$_instance->db_info->time_zone; } - + /** * Convert Rhymix configuration to XE DBInfo format * From 646159e679e12fc2582729b52951582c26015311 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 09:33:24 +0900 Subject: [PATCH 2/8] Set use_mobile_view to 'true' if previous setting does not exist at all --- common/framework/compat/configparser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/framework/compat/configparser.php b/common/framework/compat/configparser.php index 201cc0f88..7f15cd809 100644 --- a/common/framework/compat/configparser.php +++ b/common/framework/compat/configparser.php @@ -243,7 +243,7 @@ class ConfigParser } // Convert miscellaneous configuration. - $config['use_mobile_view'] = $db_info->use_mobile_view === 'Y' ? true : false; + $config['use_mobile_view'] = $db_info->use_mobile_view === 'N' ? false : true; $config['use_prepared_statements'] = $db_info->use_prepared_statements === 'Y' ? true : false; $config['use_rewrite'] = $db_info->use_rewrite === 'Y' ? true : false; $config['use_sso'] = $db_info->use_sso === 'Y' ? true : false; From 095243277968a332c85741aee83dd85647375087 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 11:24:10 +0900 Subject: [PATCH 3/8] Fix master/slave DB handling during transaction --- classes/db/DB.class.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/classes/db/DB.class.php b/classes/db/DB.class.php index 823dcd7c9..a852608d9 100644 --- a/classes/db/DB.class.php +++ b/classes/db/DB.class.php @@ -999,7 +999,7 @@ class DB */ function _getConnection($type = 'master', $indx = NULL) { - if($type == 'master') + if($type == 'master' || $this->transactionNestedLevel) { if(!$this->master_db['is_connected']) { @@ -1014,11 +1014,20 @@ class DB $indx = $this->_getSlaveConnectionStringIndex($type); } + if($this->slave_db[$indx]['host'] == $this->master_db['host'] && $this->slave_db[$indx]['port'] == $this->master_db['port']) + { + if(!$this->master_db['is_connected']) + { + $this->_connect($type); + } + $this->connection = 'Master ' . $this->master_db['host']; + return $this->master_db["resource"]; + } + if(!$this->slave_db[$indx]['is_connected']) { $this->_connect($type, $indx); } - $this->connection = 'Slave ' . $this->slave_db[$indx]['host']; return $this->slave_db[$indx]["resource"]; } @@ -1271,7 +1280,7 @@ class DB { $connection = &$this->slave_db[$indx]; } - + $result = $this->__connect($connection); if($result === NULL || $result === FALSE) { From 079b04684ac75f9a223ccdcc7ff255b9ec401596 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 11:36:13 +0900 Subject: [PATCH 4/8] Fix #249 double-escape of site title and HTML footer --- modules/admin/admin.admin.controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/admin/admin.admin.controller.php b/modules/admin/admin.admin.controller.php index b6289fec1..91f014c0b 100644 --- a/modules/admin/admin.admin.controller.php +++ b/modules/admin/admin.admin.controller.php @@ -505,8 +505,8 @@ class adminAdminController extends admin // Site title and HTML footer $args = new stdClass; - $args->siteTitle = escape($vars->site_title); - $args->htmlFooter = escape($vars->html_footer); + $args->siteTitle = $vars->site_title; + $args->htmlFooter = $vars->html_footer; $oModuleController->updateModuleConfig('module', $args); // Index module From 8f9011a2350fe51bb9f573a34fe3286cf9e9704d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 11:42:36 +0900 Subject: [PATCH 5/8] Fix #247 missing title in sitelock page --- classes/context/Context.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 26b714a57..c9522e5d0 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -1453,7 +1453,7 @@ class Context // Set headers and constants for backward compatibility. header('HTTP/1.1 503 Service Unavailable'); define('_XE_SITELOCK_', TRUE); - define('_XE_SITELOCK_TITLE_', config('lock.title')); + define('_XE_SITELOCK_TITLE_', config('lock.title') ?: self::getLang('admin.sitelock_in_use')); define('_XE_SITELOCK_MESSAGE_', config('lock.message')); unset($_SESSION['XE_VALIDATOR_RETURN_URL']); @@ -1464,10 +1464,11 @@ class Context } else { + self::setBrowserTitle(self::getSiteTitle()); $oMessageObject = getView('message'); $oMessageObject->setHttpStatusCode(503); $oMessageObject->setError(-1); - $oMessageObject->setMessage(config('lock.title')); + $oMessageObject->setMessage(_XE_SITELOCK_TITLE_); $oMessageObject->dispMessage(); $oModuleHandler = new ModuleHandler; $oModuleHandler->displayContent($oMessageObject); From 82da535ec6ac82d9ba1e70c5afee2460df011e74 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 16:34:55 +0900 Subject: [PATCH 6/8] Prevent addons from overwriting important variables with nonsense --- classes/display/DisplayHandler.class.php | 7 ++++++- classes/module/ModuleObject.class.php | 25 ++++++++++++++++++------ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/classes/display/DisplayHandler.class.php b/classes/display/DisplayHandler.class.php index 17a5af501..20bcd4065 100644 --- a/classes/display/DisplayHandler.class.php +++ b/classes/display/DisplayHandler.class.php @@ -60,12 +60,17 @@ class DisplayHandler extends Handler // call a trigger before display ModuleHandler::triggerCall('display', 'before', $output); - + $original_output = $output; + // execute add-on $called_position = 'before_display_content'; $oAddonController = getController('addon'); $addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc"); if(file_exists($addon_file)) include($addon_file); + if($output === false || $output === null) + { + $output = $original_output; + } if(method_exists($handler, "prepareToPrint")) { diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php index 18838295b..6c2771c88 100644 --- a/classes/module/ModuleObject.class.php +++ b/classes/module/ModuleObject.class.php @@ -447,6 +447,18 @@ class ModuleObject extends Object return FALSE; } + // check return value of action + if($output instanceof Object) + { + $this->setError($output->getError()); + $this->setMessage($output->getMessage()); + $original_output = clone $output; + } + else + { + $original_output = null; + } + // trigger call $triggerOutput = ModuleHandler::triggerCall('moduleObject.proc', 'after', $this); if(!$triggerOutput->toBool()) @@ -462,16 +474,17 @@ class ModuleObject extends Object $addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc"); if(FileHandler::exists($addon_file)) include($addon_file); - if(is_a($output, 'Object') || is_subclass_of($output, 'Object')) + if($original_output instanceof Object && !$original_output->toBool()) + { + return FALSE; + } + elseif($output instanceof Object && $output->getError()) { $this->setError($output->getError()); $this->setMessage($output->getMessage()); - - if(!$output->toBool()) - { - return FALSE; - } + return FALSE; } + // execute api methods of the module if view action is and result is XMLRPC or JSON if($this->module_info->module_type == 'view' || $this->module_info->module_type == 'mobile') { From 53a24a0e8ad55508ad8f9b6bfe6281e9ff170b26 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 16:39:19 +0900 Subject: [PATCH 7/8] Also prevent addons from overwriting output with query object --- classes/display/DisplayHandler.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/display/DisplayHandler.class.php b/classes/display/DisplayHandler.class.php index 20bcd4065..0bb6867fb 100644 --- a/classes/display/DisplayHandler.class.php +++ b/classes/display/DisplayHandler.class.php @@ -67,7 +67,7 @@ class DisplayHandler extends Handler $oAddonController = getController('addon'); $addon_file = $oAddonController->getCacheFilePath(Mobile::isFromMobilePhone() ? "mobile" : "pc"); if(file_exists($addon_file)) include($addon_file); - if($output === false || $output === null) + if($output === false || $output === null || $output instanceof Object) { $output = $original_output; } From 11c9c8928e92b1a9a1369b0db66acf7be6352963 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 10 Feb 2016 17:07:48 +0900 Subject: [PATCH 8/8] Ensure consistency between the default URL and SSL/port settings --- modules/admin/admin.admin.controller.php | 21 +++++++++++++++++++-- modules/admin/lang/en.php | 3 +++ modules/admin/lang/ja.php | 4 ++++ modules/admin/lang/ko.php | 3 +++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/modules/admin/admin.admin.controller.php b/modules/admin/admin.admin.controller.php index 91f014c0b..f18f446cd 100644 --- a/modules/admin/admin.admin.controller.php +++ b/modules/admin/admin.admin.controller.php @@ -626,14 +626,31 @@ class adminAdminController extends admin { return new Object(-1, 'msg_invalid_default_url'); } - Rhymix\Framework\Config::set('url.default', $vars->default_url); // SSL and ports if ($vars->http_port == 80) $vars->http_port = null; if ($vars->https_port == 443) $vars->https_port = null; + $use_ssl = $vars->use_ssl ?: 'none'; + + // Check if all URL configuration is consistent + if ($use_ssl === 'always' && !preg_match('@^https://@', $default_url)) + { + return new Object(-1, 'msg_default_url_ssl_inconsistent'); + } + if ($vars->http_port && preg_match('@^http://@', $default_url) && parse_url($default_url, PHP_URL_PORT) != $vars->http_port) + { + return new Object(-1, 'msg_default_url_http_port_inconsistent'); + } + if ($vars->https_port && preg_match('@^https://@', $default_url) && parse_url($default_url, PHP_URL_PORT) != $vars->https_port) + { + return new Object(-1, 'msg_default_url_https_port_inconsistent'); + } + + // Set all URL configuration + Rhymix\Framework\Config::set('url.default', $default_url); Rhymix\Framework\Config::set('url.http_port', $vars->http_port ?: null); Rhymix\Framework\Config::set('url.https_port', $vars->https_port ?: null); - Rhymix\Framework\Config::set('url.ssl', $vars->use_ssl ?: 'none'); + Rhymix\Framework\Config::set('url.ssl', $use_ssl); // Other settings Rhymix\Framework\Config::set('use_mobile_view', $vars->use_mobile_view === 'Y'); diff --git a/modules/admin/lang/en.php b/modules/admin/lang/en.php index b71b7ea5b..0a746264e 100644 --- a/modules/admin/lang/en.php +++ b/modules/admin/lang/en.php @@ -87,6 +87,9 @@ $lang->use_gzip = 'gzip Compression'; $lang->delay_session = 'Delay session start'; $lang->about_delay_session = 'To improve performance when using a caching proxy server such as Varnish, do not issue sessions to visitors until they log in.
Selecting this option may cause view counts and visitor counts to become inaccurate.'; $lang->msg_invalid_default_url = 'The default URL is invalid.'; +$lang->msg_default_url_ssl_inconsistent = 'In order to use SSL always, the default URL must also begin with https://'; +$lang->msg_default_url_http_port_inconsistent = 'In order to change the HTTP port, the default URL must also include the port number.'; +$lang->msg_default_url_https_port_inconsistent = 'In order to change the HTTPS port, the default URL must also include the port number.'; $lang->sftp = 'Use SFTP'; $lang->ftp_get_list = 'Get List'; $lang->ftp_remove_info = 'Remove FTP Info.'; diff --git a/modules/admin/lang/ja.php b/modules/admin/lang/ja.php index 7d9edae8b..e7a686b32 100644 --- a/modules/admin/lang/ja.php +++ b/modules/admin/lang/ja.php @@ -86,6 +86,10 @@ $lang->about_minify_scripts = 'コアとすべてのモジュールに含まれ $lang->use_gzip = 'gzip 圧縮'; $lang->delay_session = 'セッションの開始を遅延'; $lang->about_delay_session = 'Varnishなどのプロキシキャッシュサーバ使用時のパフォーマンスを向上させるために、ログインしていないユーザーには、認証セッションを付与しません。
このオプションを選択した場合、訪問者数とヒット集計が正確でない場合があります。'; +$lang->msg_invalid_default_url = '基本URLが正しくありません。'; +$lang->msg_default_url_ssl_inconsistent = 'SSLを常に使用する場合、基本URLもhttps://で始まる必要があります。'; +$lang->msg_default_url_http_port_inconsistent = 'HTTPポートを変更する場合、基本URLも同じポートが含まれている必要があります。'; +$lang->msg_default_url_https_port_inconsistent = 'HTTPSポートを変更する場合、基本URLも同じポートが含まれている必要があります。'; $lang->sftp = 'SFTP使用'; $lang->ftp_get_list = 'ディレクトリを読み込む'; $lang->ftp_remove_info = 'FTP情報削除'; diff --git a/modules/admin/lang/ko.php b/modules/admin/lang/ko.php index e5133db73..cc0c838d0 100644 --- a/modules/admin/lang/ko.php +++ b/modules/admin/lang/ko.php @@ -87,6 +87,9 @@ $lang->use_gzip = 'gzip 압축'; $lang->delay_session = '세션 시작 지연'; $lang->about_delay_session = 'Varnish 등의 프록시 캐싱 서버 사용시 성능 개선을 위해, 로그인하지 않은 사용자에게는 인증 세션을 부여하지 않습니다.
이 옵션을 선택할 경우 방문자 수 및 조회수 집계가 정확하게 이루어지지 않을 수 있습니다.'; $lang->msg_invalid_default_url = '기본 URL이 올바르지 않습니다.'; +$lang->msg_default_url_ssl_inconsistent = 'SSL을 항상 사용하실 경우 기본 URL도 https://로 시작해야 합니다.'; +$lang->msg_default_url_http_port_inconsistent = 'HTTP 포트를 변경하실 경우 기본 URL에도 동일한 포트가 포함되어야 합니다.'; +$lang->msg_default_url_https_port_inconsistent = 'HTTPS 포트를 변경하실 경우 기본 URL에도 동일한 포트가 포함되어야 합니다.'; $lang->sftp = 'SFTP 사용'; $lang->msg_ftp_not_connected = 'FTP 서버에 접속할 수 없습니다. 주소와 포트를 확인해 주십시오.'; $lang->msg_ftp_invalid_auth_info = 'FTP 서버에 로그인할 수 없습니다. 아이디와 비밀번호를 확인해 주십시오.';