fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'security/rve-2023-5' into develop

Browse source
This commit is contained in:
Kijin Sung 2023-09-27 09:52:55 +09:00
commit 6f124472bb
1 changed files with 14 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/communication/communication.view.php
View file

@ -235,31 +235,31 @@ class communicationView extends communication
Context::set('mid', Context::get('site_module_info')->mid);
}
$logged_info = Context::get('logged_info');
// get receipient's information
// check inalid request
// Check receipient info
$receiver_srl = Context::get('receiver_srl');
if(!$receiver_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
// check receiver and sender are same
$logged_info = Context::get('logged_info');
if($logged_info->member_srl == $receiver_srl)
{
throw new Rhymix\Framework\Exception('msg_cannot_send_to_yourself');
}
$receiver_info = MemberModel::getMemberInfoByMemberSrl($receiver_srl);
if(!$receiver_info || !$receiver_info->member_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
$oCommunicationModel = getModel('communication');
$oMemberModel = getModel('member');
Context::set('receiver_info', $receiver_info);
// get message_srl of the original message if it is a reply
$message_srl = Context::get('message_srl');
if($message_srl)
{
$source_message = $oCommunicationModel->getSelectedMessage($message_srl);
if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl)
$source_message = CommunicationModel::getSelectedMessage($message_srl);
if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl && $source_message->receiver_srl == $logged_info->member_srl)
{
if(strncasecmp('[re]', $source_message->title, 4) !== 0)
{
@ -268,16 +268,12 @@ class communicationView extends communication
$source_message->content = "\r\n<br />\r\n<br /><div style=\"padding-left:5px; border-left:5px solid #DDDDDD;\">" . trim($source_message->content) . "</div>";
Context::set('source_message', $source_message);
}
else
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
}
$receiver_info = $oMemberModel->getMemberInfoByMemberSrl($receiver_srl);
if(!$receiver_info || !$receiver_info->member_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
Context::set('receiver_info', $receiver_info);
// set a signiture by calling getEditor of the editor module
$oEditorModel = getModel('editor');
$option = $oEditorModel->getEditorConfig();