fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'security/rve-2023-5' into develop

Browse source
This commit is contained in:
Kijin Sung 2023-09-27 09:52:55 +09:00
commit 6f124472bb
1 changed files with 14 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/communication/communication.view.php
View file

@ -235,31 +235,31 @@ class communicationView extends communication
Context::set('mid', Context::get('site_module_info')->mid); Context::set('mid', Context::get('site_module_info')->mid);
} }
$logged_info = Context::get('logged_info'); // Check receipient info
// get receipient's information
// check inalid request
$receiver_srl = Context::get('receiver_srl'); $receiver_srl = Context::get('receiver_srl');
if(!$receiver_srl) if(!$receiver_srl)
{ {
throw new Rhymix\Framework\Exceptions\InvalidRequest; throw new Rhymix\Framework\Exceptions\InvalidRequest;
} }
$logged_info = Context::get('logged_info');
// check receiver and sender are same
if($logged_info->member_srl == $receiver_srl) if($logged_info->member_srl == $receiver_srl)
{ {
throw new Rhymix\Framework\Exception('msg_cannot_send_to_yourself'); throw new Rhymix\Framework\Exception('msg_cannot_send_to_yourself');
} }
$receiver_info = MemberModel::getMemberInfoByMemberSrl($receiver_srl);
if(!$receiver_info || !$receiver_info->member_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
$oCommunicationModel = getModel('communication'); Context::set('receiver_info', $receiver_info);
$oMemberModel = getModel('member');
// get message_srl of the original message if it is a reply // get message_srl of the original message if it is a reply
$message_srl = Context::get('message_srl'); $message_srl = Context::get('message_srl');
if($message_srl) if($message_srl)
{ {
$source_message = $oCommunicationModel->getSelectedMessage($message_srl); $source_message = CommunicationModel::getSelectedMessage($message_srl);
if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl) if($source_message->message_srl == $message_srl && $source_message->sender_srl == $receiver_srl && $source_message->receiver_srl == $logged_info->member_srl)
{ {
if(strncasecmp('[re]', $source_message->title, 4) !== 0) if(strncasecmp('[re]', $source_message->title, 4) !== 0)
{ {
@ -268,16 +268,12 @@ class communicationView extends communication
$source_message->content = "\r\n<br />\r\n<br /><div style=\"padding-left:5px; border-left:5px solid #DDDDDD;\">" . trim($source_message->content) . "</div>"; $source_message->content = "\r\n<br />\r\n<br /><div style=\"padding-left:5px; border-left:5px solid #DDDDDD;\">" . trim($source_message->content) . "</div>";
Context::set('source_message', $source_message); Context::set('source_message', $source_message);
} }
else
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
} }
$receiver_info = $oMemberModel->getMemberInfoByMemberSrl($receiver_srl);
if(!$receiver_info || !$receiver_info->member_srl)
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
Context::set('receiver_info', $receiver_info);
// set a signiture by calling getEditor of the editor module // set a signiture by calling getEditor of the editor module
$oEditorModel = getModel('editor'); $oEditorModel = getModel('editor');
$option = $oEditorModel->getEditorConfig(); $option = $oEditorModel->getEditorConfig();