fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix XEVE-18-006

Browse source
This commit is contained in:
Kijin Sung 2018-12-18 15:50:45 +09:00
parent 6b209f64da
commit 6a9a884680
7 changed files with 56 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/document/document.admin.controller.php
View file

@ -412,8 +412,9 @@ class documentAdminController extends document
}
if(!is_array($document_srl_list))
{
$document_srl_list = array_map('intval', array_map('trim', explode(',', $document_srl_list)));
$document_srl_list = array_map('trim', explode(',', $document_srl_list));
}
$document_srl_list = array_map('intval', $document_srl_list);
$obj = new stdClass;
$obj->document_srls = $document_srl_list;
@ -508,8 +509,9 @@ class documentAdminController extends document
}
if(!is_array($document_srl_list))
{
$document_srl_list = array_map('intval', array_map('trim', explode(',', $document_srl_list)));
$document_srl_list = array_map('trim', explode(',', $document_srl_list));
}
$document_srl_list = array_map('intval', $document_srl_list);
$obj = new stdClass;
$obj->document_srls = $document_srl_list;
@ -601,7 +603,7 @@ class documentAdminController extends document
{
$args = new stdClass;
$args->page = 0;
$args->module_srl = $module_srl;
$args->module_srl = intval($module_srl);
$document_list = executeQueryArray('document.getDocumentList', $args, array('document_srl'))->data;
// delete documents

22
modules/document/document.controller.php
View file

@ -399,6 +399,11 @@ class documentController extends document
if(!$isRestore) $obj->ipaddress = $_SERVER['REMOTE_ADDR'];
$obj->isRestore = $isRestore ? true : false;
// Sanitize variables
$obj->document_srl = intval($obj->document_srl);
$obj->category_srl = intval($obj->category_srl);
$obj->module_srl = intval($obj->module_srl);
// Default Status
if($obj->status)
{
@ -606,7 +611,15 @@ class documentController extends document
return new BaseObject(-1, 'msg_security_violation');
}
if(!$source_obj->document_srl || !$obj->document_srl) return new BaseObject(-1, 'msg_invalied_request');
if(!$source_obj->document_srl || !$obj->document_srl)
{
return new BaseObject(-1, 'msg_invalied_request');
}
// Sanitize variables
$obj->document_srl = intval($obj->document_srl);
$obj->category_srl = intval($obj->category_srl);
$obj->module_srl = intval($obj->module_srl);
// Default Status
if($obj->status)
@ -2234,6 +2247,7 @@ class documentController extends document
function makeCategoryFile($module_srl)
{
// Return if there is no information you need for creating a cache file
$module_srl = intval($module_srl);
if(!$module_srl) return false;
// Get module information (to obtain mid)
$oModuleModel = getModel('module');
@ -2243,8 +2257,8 @@ class documentController extends document
if(!is_dir('./files/cache/document_category')) FileHandler::makeDir('./files/cache/document_category');
// Cache file's name
$xml_file = sprintf("./files/cache/document_category/%s.xml.php", $module_srl);
$php_file = sprintf("./files/cache/document_category/%s.php", $module_srl);
$xml_file = sprintf("./files/cache/document_category/%d.xml.php", $module_srl);
$php_file = sprintf("./files/cache/document_category/%d.php", $module_srl);
// Get a category list
$args = new stdClass();
$args->module_srl = $module_srl;
@ -2628,7 +2642,7 @@ class documentController extends document
$obj->document_list = array();
$obj->document_srl_list = array();
$obj->target_module_srl = intval(Context::get('module_srl') ?: Context::get('target_module'));
$obj->target_category_srl = Context::get('target_category');
$obj->target_category_srl = intval(Context::get('target_category'));
$obj->manager_message = Context::get('message_content') ? nl2br(escape(strip_tags(Context::get('message_content')))) : '';
$obj->send_message = $obj->manager_message || Context::get('send_default_message') == 'Y';
$obj->return_message = '';

11
modules/document/document.model.php
View file

@ -671,7 +671,8 @@ class documentModel extends document
function getCategoryList($module_srl, $columnList = array())
{
// Category of the target module file swollen
$filename = sprintf("%sfiles/cache/document_category/%s.php", _XE_PATH_, $module_srl);
$module_srl = intval($module_srl);
$filename = sprintf("%sfiles/cache/document_category/%d.php", _XE_PATH_, $module_srl);
// If the target file to the cache file regeneration category
if(!file_exists($filename))
{
@ -771,7 +772,8 @@ class documentModel extends document
*/
function getCategoryXmlFile($module_srl)
{
$xml_file = sprintf('files/cache/document_category/%s.xml.php',$module_srl);
$module_srl = intval($module_srl);
$xml_file = sprintf('files/cache/document_category/%d.xml.php',$module_srl);
if(!file_exists($xml_file))
{
$oDocumentController = getController('document');
@ -787,7 +789,8 @@ class documentModel extends document
*/
function getCategoryPhpFile($module_srl)
{
$php_file = sprintf('files/cache/document_category/%s.php',$module_srl);
$module_srl = intval($module_srl);
$php_file = sprintf('files/cache/document_category/%d.php',$module_srl);
if(!file_exists($php_file))
{
$oDocumentController = getController('document');
@ -856,7 +859,7 @@ class documentModel extends document
function getDocumentCategories()
{
if(!Context::get('is_logged')) throw new Rhymix\Framework\Exceptions\NotPermitted;
$module_srl = Context::get('module_srl');
$module_srl = intval(Context::get('module_srl'));
$categories= $this->getCategoryList($module_srl);
$lang = Context::get('lang');
// No additional category