From 7e018573b9a4733f1d2a84b36b64eeca40be344c Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 26 Sep 2023 19:57:22 +0900
Subject: [PATCH 1/3] Fix RVE-2023-5

---
 modules/communication/communication.view.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php
index 1170d9f82..03ad980b8 100644
--- a/modules/communication/communication.view.php
+++ b/modules/communication/communication.view.php
@@ -259,7 +259,7 @@ class communicationView extends communication
 		if($message_srl)
 		{
 			$source_message = $oCommunicationModel->getSelectedMessage($message_srl);
-			if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl)
+			if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl && $source_message->receiver_srl == $logged_info->member_srl)
 			{
 				if(strncasecmp('[re]', $source_message->title, 4) !== 0)
 				{

From cbb5e3a5823ffe81e3532cacb6b3e800f83ab4fb Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 26 Sep 2023 19:59:30 +0900
Subject: [PATCH 2/3] Throw exception if RVE-2023-5 is violated

---
 modules/communication/communication.view.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php
index 03ad980b8..e0d711d15 100644
--- a/modules/communication/communication.view.php
+++ b/modules/communication/communication.view.php
@@ -268,6 +268,10 @@ class communicationView extends communication
 				$source_message->content = "\r\n<br />\r\n<br /><div style=\"padding-left:5px; border-left:5px solid #DDDDDD;\">" . trim($source_message->content) . "</div>";
 				Context::set('source_message', $source_message);
 			}
+			else
+			{
+				throw new Rhymix\Framework\Exceptions\InvalidRequest;
+			}
 		}
 
 		$receiver_info = $oMemberModel->getMemberInfoByMemberSrl($receiver_srl);

From c23dcd6cf52d40c7f21c2b3d7ae57da3189cf506 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 26 Sep 2023 20:00:17 +0900
Subject: [PATCH 3/3] General cleanup of receiver_srl verification logic

---
 modules/communication/communication.view.php | 26 +++++++-------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php
index e0d711d15..d3dd4c549 100644
--- a/modules/communication/communication.view.php
+++ b/modules/communication/communication.view.php
@@ -235,30 +235,30 @@ class communicationView extends communication
 			Context::set('mid', Context::get('site_module_info')->mid);
 		}
 
-		$logged_info = Context::get('logged_info');
-
-		// get receipient's information
-		// check inalid request
+		// Check receipient info
 		$receiver_srl = Context::get('receiver_srl');
 		if(!$receiver_srl)
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
-		// check receiver and sender are same
+		$logged_info = Context::get('logged_info');
 		if($logged_info->member_srl == $receiver_srl)
 		{
 			throw new Rhymix\Framework\Exception('msg_cannot_send_to_yourself');
 		}
+		$receiver_info = MemberModel::getMemberInfoByMemberSrl($receiver_srl);
+		if(!$receiver_info || !$receiver_info->member_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
 
-		$oCommunicationModel = getModel('communication');
-		$oMemberModel = getModel('member');
+		Context::set('receiver_info', $receiver_info);
 
 		// get message_srl of the original message if it is a reply
 		$message_srl = Context::get('message_srl');
 		if($message_srl)
 		{
-			$source_message = $oCommunicationModel->getSelectedMessage($message_srl);
+			$source_message = CommunicationModel::getSelectedMessage($message_srl);
 			if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl && $source_message->receiver_srl == $logged_info->member_srl)
 			{
 				if(strncasecmp('[re]', $source_message->title, 4) !== 0)
@@ -274,14 +274,6 @@ class communicationView extends communication
 			}
 		}
 
-		$receiver_info = $oMemberModel->getMemberInfoByMemberSrl($receiver_srl);
-		if(!$receiver_info || !$receiver_info->member_srl)
-		{
-			throw new Rhymix\Framework\Exceptions\InvalidRequest;
-		}
-
-		Context::set('receiver_info', $receiver_info);
-
 		// set a signiture by calling getEditor of the editor module
 		$oEditorModel = getModel('editor');
 		$option = $oEditorModel->getEditorConfig();