Merge pull request #6 from xpressengine/develop

update
2026-04-13 15:32:15 +09:00 · 2014-10-01 10:25:30 +09:00 · 2014-10-01 10:25:30 +09:00 · 7d869fb24f
commit 7d869fb24f
parent 30dff8f131 9356022c31
23 changed files with 248 additions and 210 deletions
--- a/addons/counter/counter.addon.php
+++ b/addons/counter/counter.addon.php
@ -10,7 +10,7 @@ if(!defined('__XE__'))
 * @brief Counter add-on
 */
 // Execute if called_position is before_display_content
-if($called_position == 'before_module_init' && Context::get('module') != 'admin' && Context::getResponseMethod() == 'HTML' && Context::isInstalled())
+if($called_position == 'before_module_init' && Context::get('module') != 'admin' && Context::getResponseMethod() == 'HTML' && Context::isInstalled() && !isCrawler())
 {
 	$oCounterController = getController('counter');
 	$oCounterController->counterExecute();
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -337,11 +337,9 @@ class Context
 					array(&$oSessionController, 'open'), array(&$oSessionController, 'close'), array(&$oSessionModel, 'read'), array(&$oSessionController, 'write'), array(&$oSessionController, 'destroy'), array(&$oSessionController, 'gc')
 			);
 		}
+
+		if($sess = $_POST[session_name()]) session_id($sess);
 		session_start();
-		if($sess = $_POST[session_name()])
-		{
-			session_id($sess);
-		}

 		// set authentication information in Context and session
 		if(self::isInstalled())
@ -1283,15 +1281,17 @@ class Context
 			$val = array($val);
 		}

+		$result = array();
 		foreach($val as $k => $v)
 		{
+			$k = htmlentities($k);
 			if($key === 'page' || $key === 'cpage' || substr_compare($key, 'srl', -3) === 0)
 			{
-				$val[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
+				$result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
 			}
 			elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
 			{
-				$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
+				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
 			}
 			else
 			{
@ -1302,12 +1302,12 @@ class Context

 				if(!is_array($v))
 				{
-					$val[$k] = trim($v);
+					$result[$k] = trim($v);
 				}
 			}
 		}

-		return $isArray ? $val : $val[0];
+		return $isArray ? $result : $result[0];
 	}

 	/**
--- a/classes/db/DB.class.php
+++ b/classes/db/DB.class.php
@ -447,7 +447,8 @@ class DB
 		$log['act'] = Context::get('act');
 		$log['time'] = date('Y-m-d H:i:s');

-		$bt = debug_backtrace();
+		$bt = version_compare(PHP_VERSION, '5.3.6', '>=') ? debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS) : debug_backtrace();
+
 		foreach($bt as $no => $call)
 		{
 			if($call['function'] == 'executeQuery' || $call['function'] == 'executeQueryArray')
@ -455,6 +456,7 @@ class DB
 				$call_no = $no;
 				$call_no++;
 				$log['called_file'] = $bt[$call_no]['file'].':'.$bt[$call_no]['line'];
+				$log['called_file'] = str_replace(_XE_PATH_ , '', $log['called_file']);
 				$call_no++;
 				$log['called_method'] = $bt[$call_no]['class'].$bt[$call_no]['type'].$bt[$call_no]['function'];
 				break;
@ -487,20 +489,12 @@ class DB

 		$this->setQueryLog($log);

-		// if __LOG_SLOW_QUERY__ if defined, check elapsed time and leave query log
-		if(__LOG_SLOW_QUERY__ > 0 && $elapsed_time > __LOG_SLOW_QUERY__)
-		{
-			$buff = '';
-			$log_file = _XE_PATH_ . 'files/_db_slow_query.php';
-			if(!file_exists($log_file))
-			{
-				$buff = '<?php exit(); ?' . '>' . "\n";
-			}
-
-			$buff .= sprintf("%s\t%s\n\t%0.6f sec\tquery_id:%s\n\n", date("Y-m-d H:i"), $this->query, $elapsed_time, $this->query_id);
-
-			@file_put_contents($log_file, $buff, FILE_APPEND|LOCK_EX);
-		}
+		$log_args = new stdClass;
+		$log_args->query = $this->query;
+		$log_args->query_id = $this->query_id;
+		$log_args->caller = $log['called_method'] . '() in ' . $log['called_file'];
+		$log_args->connection = $log['connection'];
+		writeSlowlog('query', $elapsed_time, $log_args);
 	}

 	/**
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -380,6 +380,22 @@ class ModuleHandler extends Handler
 			$kind = 'admin';
 		}

+		if($kind == 'admin')
+		{
+			$oMemberController = ModuleHandler::getModuleInstance('member', 'controller');
+			$validate_session = $oMemberController->validateSession();
+			$oMemberController->regenerateSession();
+			if(!$validate_session)
+			{
+				$this->error = 'security_invalid_session';
+				$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
+				$oMessageObject->setError(-1);
+				$oMessageObject->setMessage($this->error);
+				$oMessageObject->dispMessage();
+				return $oMessageObject;
+			}
+		}
+
 		// check REQUEST_METHOD in controller
 		if($type == 'controller')
 		{
@ -579,7 +595,7 @@ class ModuleHandler extends Handler
 				if($kind == 'admin')
 				{
 					$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
-					if(!$grant->is_admin && !$grant->manager)
+					if(!$grant->manager)
 					{
 						$this->_setInputErrorToContext();
 						$this->error = 'msg_is_not_manager';
@ -589,6 +605,19 @@ class ModuleHandler extends Handler
 						$oMessageObject->dispMessage();
 						return $oMessageObject;
 					}
+					else
+					{
+						if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
+						{
+							$this->_setInputErrorToContext();
+							$this->error = 'msg_is_not_administrator';
+							$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
+							$oMessageObject->setError(-1);
+							$oMessageObject->setMessage($this->error);
+							$oMessageObject->dispMessage();
+							return $oMessageObject;
+						}
+					}
 				}
 			}
 			else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))
@ -1152,7 +1181,7 @@ class ModuleHandler extends Handler
 		$before_trigger_time = NULL;
 		if(__LOG_SLOW_TRIGGER__> 0)
 		{
-		    $before_trigger_time = microtime(true);
+			$before_trigger_time = microtime(true);
 		}

 		foreach($triggers as $item)
@ -1160,12 +1189,6 @@ class ModuleHandler extends Handler
 			$module = $item->module;
 			$type = $item->type;
 			$called_method = $item->called_method;
-			
-			$before_each_trigger_time = NULL;
-			if(__LOG_SLOW_TRIGGER__> 0)
-			{
-			    $before_each_trigger_time = microtime(true);
-			}

 			// todo why don't we call a normal class object ?
 			$oModule = getModule($module, $type);
@ -1174,63 +1197,24 @@ class ModuleHandler extends Handler
 				continue;
 			}

+			$before_each_trigger_time = microtime(true);
+
 			$output = $oModule->{$called_method}($obj);
+
+			$after_each_trigger_time = microtime(true);
+			$elapsed_time_trigger = $after_each_trigger_time - $before_each_trigger_time;
+
+			$slowlog = new stdClass;
+			$slowlog->caller = $trigger_name . '.' . $called_position;
+			$slowlog->called = $module . '.' . $called_method;
+			$slowlog->called_extension = $module;
+			if($trigger_name != 'XE.writeSlowlog') writeSlowlog('trigger', $elapsed_time_trigger, $slowlog);
+
 			if(is_object($output) && method_exists($output, 'toBool') && !$output->toBool())
 			{
 				return $output;
 			}
 			unset($oModule);
-			
-			//store after trigger call time
-			$after_each_trigger_time = NULL;
-			//init value to 0
-			$elapsed_time_trigger = 0;
-			
-			if(__LOG_SLOW_TRIGGER__> 0)
-			{
-				$after_each_trigger_time = microtime(true);
-				$elapsed_time_trigger = ($after_each_trigger_time - $before_each_trigger_time) * 1000;
-			}
-			
-			// if __LOG_SLOW_TRIGGER__ is defined, check elapsed time and leave trigger time log
-			if(__LOG_SLOW_TRIGGER__> 0 && $elapsed_time_trigger > __LOG_SLOW_TRIGGER__)
-			{
-				$buff = '';
-				$log_file = _XE_PATH_ . 'files/_db_slow_trigger.php';
-				if(!file_exists($log_file))
-				{
-					$buff = '<?php exit(); ?' . '>' . "\n";
-				}
-			
-				$buff .= sprintf("%s\t%s.%s.%s.%s(%s)\n\t%0.6f msec\n\n", date("Y-m-d H:i"), $item->trigger_name,$item->module,$item->called_method,$item->called_position,$item->type, $elapsed_time_trigger);
-				
-				@file_put_contents($log_file, $buff, FILE_APPEND|LOCK_EX);
-			}
-		}
-		
-		//store after trigger call time
-		$after_trigger_time = NULL;
-		//init value to 0
-		$elapsed_time = 0;
-		if(__LOG_SLOW_TRIGGER__> 0)
-		{
-		    $after_trigger_time = microtime(true);
-		    $elapsed_time = ($after_trigger_time - $before_trigger_time) * 1000;
-		}
-
-		// if __LOG_SLOW_TRIGGER__ is defined, check elapsed time and leave trigger time log
-		if(__LOG_SLOW_TRIGGER__> 0 && $elapsed_time > __LOG_SLOW_TRIGGER__)
-		{
-			$buff = '';
-			$log_file = _XE_PATH_ . 'files/_slow_trigger.php';
-			if(!file_exists($log_file))
-			{
-				$buff = '<?php exit(); ?' . '>' . "\n";
-			}
-
-			$buff .= sprintf("%s\t%s.totaltime\n\t%0.6f msec\n\n", date("Y-m-d H:i"), $trigger_name,$elapsed_time);
-
-			@file_put_contents($log_file, $buff, FILE_APPEND|LOCK_EX);
 		}

 		return new Object();
--- a/common/js/common.js
+++ b/common/js/common.js
@ -596,25 +596,14 @@ function doDocumentLoad(obj) {
 }

 /* 저장된 게시글의 선택 */
-function doDocumentSelect(document_srl, module) {
+function doDocumentSelect(document_srl) {
 	if(!opener || !opener.objForSavedDoc) {
 		window.close();
 		return;
 	}

-	if(module===undefined) {
-		module = 'document';
-	}
-
 	// 게시글을 가져와서 등록하기
-	switch(module) {
-		case 'page' :
-			opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispPageAdminContentModify');
-			break;
-		default :	
-			opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
-			break;
-	}
+	opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
 	window.close();
 }

@ -911,7 +900,7 @@ function get_by_id(id) {

 jQuery(function($){
 	// display popup menu that contains member actions and document actions
-	$(document).on('click touchstart', function(evt) {
+	$(document).on('click', function(evt) {
 		var $area = $('#popup_menu_area');
 		if(!$area.length) $area = $('<div id="popup_menu_area" tabindex="0" style="display:none;z-index:9999" />').appendTo(document.body);

--- a/common/js/xe.js
+++ b/common/js/xe.js
@ -595,25 +595,14 @@ function doDocumentLoad(obj) {
 }

 /* 저장된 게시글의 선택 */
-function doDocumentSelect(document_srl, module) {
+function doDocumentSelect(document_srl) {
 	if(!opener || !opener.objForSavedDoc) {
 		window.close();
 		return;
 	}

-	if(module===undefined) {
-		module = 'document';
-	}
-
 	// 게시글을 가져와서 등록하기
-	switch(module) {
-		case 'page' :
-			opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispPageAdminContentModify');
-			break;
-		default :	
-			opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
-			break;
-	}
+	opener.location.href = opener.current_url.setQuery('document_srl', document_srl).setQuery('act', 'dispBoardWrite');
 	window.close();
 }

@ -910,7 +899,7 @@ function get_by_id(id) {

 jQuery(function($){
 	// display popup menu that contains member actions and document actions
-	$(document).on('click touchstart', function(evt) {
+	$(document).on('click', function(evt) {
 		var $area = $('#popup_menu_area');
 		if(!$area.length) $area = $('<div id="popup_menu_area" tabindex="0" style="display:none;z-index:9999" />').appendTo(document.body);

@ -1662,55 +1651,31 @@ function xml2json(xml, tab, ignoreAttrib) {

 			if(typeof(xeVid)!='undefined') $.extend(data,{vid:xeVid});

-			try {
-				$.ajax({
-					type: "POST",
-					dataType: "json",
-					url: request_uri,
-					contentType: "application/json",
-					data: $.param(data),
-					success: function(data) {
-						$(".wfsr").hide().trigger('cancel_confirm');
-						if(data.error != '0' && data.error > -1000) {
-							if(data.error == -1 && data.message == 'msg_is_not_administrator') {
-								alert('You are not logged in as an administrator');
-								if($.isFunction(callback_error)) callback_error(data);
+			$.ajax({
+				type: "POST",
+				dataType: "json",
+				url: request_uri,
+				contentType: "application/json",
+				data: $.param(data),
+				success: function(data) {
+					$(".wfsr").hide().trigger('cancel_confirm');
+					if(data.error != '0' && data.error > -1000) {
+						if(data.error == -1 && data.message == 'msg_is_not_administrator') {
+							alert('You are not logged in as an administrator');
+							if($.isFunction(callback_error)) callback_error(data);

-								return;
-							} else {
-								alert(data.message);
-								if($.isFunction(callback_error)) callback_error(data);
-
-								return;
-							}
-						}
-
-						if($.isFunction(callback_sucess)) callback_sucess(data);
-					},
-					error: function(xhr, textStatus) {
-						$(".wfsr").hide();
-
-						var msg = '';
-
-						if (textStatus == 'parsererror') {
-							msg  = 'The result is not valid JSON :\n-------------------------------------\n';
-
-							if(xhr.responseText === "") return;
-
-							msg += xhr.responseText.replace(/<[^>]+>/g, '');
+							return;
 						} else {
-							msg = textStatus;
-						}
+							alert(data.message);
+							if($.isFunction(callback_error)) callback_error(data);

-						try{
-							console.log(msg);
-						} catch(ee){}
+							return;
+						}
 					}
-				});
-			} catch(e) {
-				alert(e);
-				return;
-			}
+
+					if($.isFunction(callback_sucess)) callback_sucess(data);
+				}
+			});
 		}
 	};

@ -1730,43 +1695,17 @@ function xml2json(xml, tab, ignoreAttrib) {
 			if(show_waiting_message) $(".wfsr").html(waiting_message).show();

 			$.extend(data,{module:action[0],act:action[1]});
-			try {
-				$.ajax({
-					type:"POST",
-					dataType:"html",
-					url:request_uri,
-					data:$.param(data),
-					success : function(html){
-						$(".wfsr").hide().trigger('cancel_confirm');
-						self[type](html);
-						if($.isFunction(func)) func(args);
-					},
-					error: function(xhr, textStatus) {
-						$(".wfsr").hide();
-
-						var msg = '';
-
-						if (textStatus == 'parsererror') {
-							msg  = 'The result is not valid page :\n-------------------------------------\n';
-
-							if(xhr.responseText === "") return;
-
-							msg += xhr.responseText.replace(/<[^>]+>/g, '');
-						} else {
-							msg = textStatus;
-						}
-
-						try{
-							console.log(msg);
-						} catch(ee){}
-					}
-
-				});
-
-			} catch(e) {
-				alert(e);
-				return;
-			}
+			$.ajax({
+				type:"POST",
+				dataType:"html",
+				url:request_uri,
+				data:$.param(data),
+				success : function(html){
+					$(".wfsr").hide().trigger('cancel_confirm');
+					self[type](html);
+					if($.isFunction(func)) func(args);
+				}
+			});
 		}
 	};

--- a/common/js/xe.min.js
+++ b/common/js/xe.min.js
--- a/common/lang/lang.xml
+++ b/common/lang/lang.xml
@ -3717,6 +3717,19 @@
 			<value xml:lang="mn"><![CDATA[%s-ын хэлбэр буруу байна. Зөвхөн тоогоор оруулах ёстой.]]></value>
 		</item>
 	</item>
+	<item name="security_invalid_session">
+			<value xml:lang="ko"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="en"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="jp"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="zh-CN"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="zh-TW"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="fr"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="de"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="es"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="tr"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="vi"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+			<value xml:lang="mn"><![CDATA[바르지 않은 접근입니다. 인증을 위해 다시 로그인해야 합니다.]]></value>
+	</item>
 	<item name="security_warning_embed">
 		<value xml:lang="ko"><![CDATA[보안 문제로 관리자 아이디로는 embed를 볼 수 없습니다. 확인하려면 다른 아이디로 접속하세요]]></value>
 		<value xml:lang="en"><![CDATA[Due to security concern, administrators are not allowed to view embedded items.<BR /> To view them, please use another non-administrator ID.]]></value>
--- a/config/config.inc.php
+++ b/config/config.inc.php
@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
 /**
 * Display XE's full version.
 */
-define('__XE_VERSION__', '1.7.5.7');
+define('__XE_VERSION__', '1.7.7.1');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));
--- a/config/func.inc.php
+++ b/config/func.inc.php
@ -838,6 +838,60 @@ function debugPrint($debug_output = NULL, $display_option = TRUE, $file = '_debu
 	}
 }

+/**
+ * @param string $type query, trigger
+ * @param float $elapsed_time
+ * @param object $obj
+ */
+function writeSlowlog($type, $elapsed_time, $obj)
+{
+	static $log_filename = array(
+		'query' => 'files/_slowlog_query.php',
+		'trigger' => 'files/_slowlog_trigger.php',
+		'addon' => 'files/_slowlog_addon.php'
+	);
+	$write_file = true;
+
+	$log_file = _XE_PATH_ . $log_filename[$type];
+
+	$buff = array();
+	$buff[] = '<?php exit(); ?>';
+	$buff[] = date('c');
+
+	if($type == 'trigger' && __LOG_SLOW_TRIGGER__ > 0 && $elapsed_time > __LOG_SLOW_TRIGGER__)
+	{
+		$buff[] = "\tCaller : " . $obj->caller;
+		$buff[] = "\tCalled : " . $obj->called;
+	}
+	else if($type == 'query' && __LOG_SLOW_QUERY__ > 0 && $elapsed_time > __LOG_SLOW_QUERY__)
+	{
+
+		$buff[] = $obj->query;
+		$buff[] = "\tQuery ID   : " . $obj->query_id;
+		$buff[] = "\tCaller     : " . $obj->caller;
+		$buff[] = "\tConnection : " . $obj->connection;
+	}
+	else
+	{
+		$write_file = false;
+	}
+
+	if($write_file)
+	{
+		$buff[] = sprintf("\t%0.6f sec", $elapsed_time);
+		$buff[] = PHP_EOL . PHP_EOL;
+		file_put_contents($log_file, implode(PHP_EOL, $buff), FILE_APPEND);
+	}
+
+	$trigger_args = $obj;
+	$trigger_args->_log_type = $type;
+	$trigger_args->_elapsed_time = $elapsed_time;
+	if($type != 'query')
+	{
+		ModuleHandler::triggerCall('XE.writeSlowlog', 'after', $trigger_args);
+	}
+}
+
 /**
 * microtime() return
 *
--- a/modules/document/conf/module.xml
+++ b/modules/document/conf/module.xml
@ -15,6 +15,9 @@
        <permission action="procDocumentDeleteCategory" target="member" />
        <permission action="procDocumentMakeXmlFile" target="member" />
        <permission action="procDocumentAdminMoveToTrash" target="member" />
+
+        <permission action="procDocumentAdminInsertExtraVar" target="manager" />
+        <permission action="procDocumentAdminDeleteExtraVar" target="manager" />
    </permissions>
    <actions>
        <action name="dispDocumentPrint" type="view" />
--- a/modules/editor/components/image_gallery/tpl/popup.min.css
+++ b/modules/editor/components/image_gallery/tpl/popup.min.css
--- a/modules/editor/skins/xpresseditor/js/xpresseditor.min.js
+++ b/modules/editor/skins/xpresseditor/js/xpresseditor.min.js
--- a/modules/editor/tpl/js/uploader.js
+++ b/modules/editor/tpl/js/uploader.js
@ -115,6 +115,7 @@ var uploadAutosaveChecker = false;
 		}

 		if(is_def(window.xeVid)) settings.post_params.vid = xeVid;
+		settings.sessionName = cfg.sessionName;
 		settings.post_params[cfg.sessionName] = getCookie(cfg.sessionName);

 		uploaderSettings[seq] = settings;
@ -166,6 +167,7 @@ var uploadAutosaveChecker = false;
 		},
 		onFileDialogComplete : function(numFilesSelected, numFilesQueued) {
 			try {
+				this.addPostParam(this.settings.sessionName, getCookie(this.settings.sessionName));
 				this.startUpload();
 			} catch (e)  {
 				this.debug(e);
@ -173,6 +175,7 @@ var uploadAutosaveChecker = false;
 		},
 		onUploadStart : _true,
 		onUploadProgress : function(file, bytesLoaded, bytesTotal) {
+			this.addPostParam(this.settings.sessionName, getCookie(this.settings.sessionName));
 			try {
 				var $list, $lastopt, percent, filename;

--- a/modules/editor/tpl/js/uploader.min.js
+++ b/modules/editor/tpl/js/uploader.min.js
--- a/modules/file/conf/module.xml
+++ b/modules/file/conf/module.xml
@ -1,7 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
    <grants />
-    <permissions />
+    <permissions>
+        <permission action="procFileAdminInsertModuleConfig" target="manager" />
+    </permissions>
    <actions>
        <action name="dispFileAdminList" type="view" admin_index="true" menu_name="file" menu_index="true" />
        <action name="dispFileAdminConfig" type="view" menu_name="fileUpload" menu_index="true" />
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -1810,6 +1810,8 @@ class memberController extends member
 			}
 		}

+		$_SESSION['session_checkup'] = null;
+		$this->regenerateSession();
 		$this->setSessionInfo();

 		return $output;
@ -1869,6 +1871,37 @@ class memberController extends member
 		$this->addMemberMenu( 'dispMemberOwnDocument', 'cmd_view_own_document');
 	}

+	function validateSession()
+	{
+		$destory_session = false;
+		if($_SESSION['destroyed'] === true) $destory_session = true;
+
+		if($destory_session)
+		{
+			$this->destroySessionInfo();
+			return false;
+		}
+
+		return true;
+	}
+
+	function regenerateSession()
+	{
+		if(!$_SESSION['session_checkup'])
+		{
+			$_SESSION['session_checkup'] = time();
+		}
+
+		if(time() - $_SESSION['session_checkup'] > 30)
+		{
+			$_SESSION['destroyed'] = true;
+			session_regenerate_id();
+			$_SESSION['destroyed'] = false;
+			$_SESSION['session_checkup'] = time();
+		}
+	}
+
+
 	/**
 	 * Logged method for providing a personalized menu
 	 * Login information is used in the output widget, or personalized page
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@ -234,6 +234,12 @@ class memberModel extends member
 			}
 			Context::set('logged_info', $logged_info);

+			if($logged_info->is_admin == 'Y' || $logged_info->is_site_admin)
+			{
+				$oMemberController = getController('member');
+				$oMemberController->regenerateSession();
+			}
+
 			return $logged_info;
 		}
 		return NULL;
--- a/modules/member/skins/default/find_member_account.html
+++ b/modules/member/skins/default/find_member_account.html
@ -6,7 +6,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="{getUrl('')}" method="get" ruleset="findAccount">
+	<form action="{getUrl('', 'act', 'procMemberFindAccount')}" method="get" ruleset="findAccount">
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="act" value="procMemberFindAccount" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />
@ -25,7 +25,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/2'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="./" method="get" ruleset="@find_member_account_by_question">
+	<form action="{getUrl('', 'act', 'procMemberFindAccountByQuestion')}" method="get" ruleset="@find_member_account_by_question">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />	
@ -59,7 +59,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/3'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form ruleset="resendAuthMail" action="./" method="post">
+	<form ruleset="resendAuthMail" action="{getUrl('', 'act', 'procMemberResendAuthMail')}" method="post">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="act" value="procMemberResendAuthMail" />
 		<input type="hidden" name="success_return_url" value="{getUrl(act, $act)}" />
--- a/modules/module/conf/module.xml
+++ b/modules/module/conf/module.xml
@ -4,6 +4,16 @@
    <permissions>
        <permission action="dispModuleSelectList" target="member" />
        <permission action="getModuleAdminGrant" target="manager" />
+		<permission action="getModuleAdminLangCode" target="manager" />
+		<permission action="getModuleAdminLangListByName" target="manager" />
+		<permission action="getModuleAdminLangListByValue" target="manager" />
+		<permission action="getLangListByLangcodeForAutoComplete" target="manager" />
+		<permission action="getLangByLangcode" target="manager" />
+		<permission action="getModuleAdminMultilingualHtml" target="manager" />
+		<permission action="getModuleAdminLangListHtml" target="manager" />
+		<permission action="procModuleAdminInsertLang" target="manager" />
+		<permission action="procModuleAdminInsertGrant" target="manager" />
+		<permission action="procModuleAdminUpdateSkinInfo" target="manager" />
    </permissions>
    <actions>
        <action name="dispModuleSelectList" type="view" />
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@ -1995,14 +1995,19 @@ class moduleModel extends module
 		if(!$module_srl)
 		{
 			$grant->access = true;
-			if($this->isSiteAdmin($member_info, $module_info->site_srl)) $grant->access = $grant->is_admin = $grant->manager = $grant->is_site_admin = true;
-			else $grant->is_admin = $grant->manager = $member_info->is_admin=='Y'?true:false;
-			// If module_srl exists
+			if($this->isSiteAdmin($member_info, $module_info->site_srl))
+			{
+				$grant->access = $grant->manager = $grant->is_site_admin = true;
+			}
+
+			$grant->is_admin = $grant->manager = ($member_info->is_admin == 'Y') ? true : false;
 		}
 		else
 		{
+			// If module_srl exists
 			// Get a type of granted permission
-			$grant->access = $grant->is_admin = $grant->manager = $grant->is_site_admin = ($member_info->is_admin=='Y'||$this->isSiteAdmin($member_info, $module_info->site_srl))?true:false;
+			$grant->access = $grant->manager = $grant->is_site_admin = ($member_info->is_admin=='Y'||$this->isSiteAdmin($member_info, $module_info->site_srl))?true:false;
+			$grant->is_admin = ($member_info->is_admin == 'Y') ? true : false;
 			// If a just logged-in member is, check if the member is a module administrator
 			if(!$grant->manager && $member_info->member_srl)
 			{
@ -2010,7 +2015,7 @@ class moduleModel extends module
 				$args->module_srl = $module_srl;
 				$args->member_srl = $member_info->member_srl;
 				$output = executeQuery('module.getModuleAdmin',$args);
-				if($output->data && $output->data->member_srl == $member_info->member_srl) $grant->manager = $grant->is_admin = true;
+				if($output->data && $output->data->member_srl == $member_info->member_srl) $grant->manager = true;
 			}
 			// If not an administrator, get information from the DB and grant manager privilege.
 			if(!$grant->manager)
--- a/modules/point/conf/module.xml
+++ b/modules/point/conf/module.xml
@ -1,7 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <module>
    <grants />
-    <permissions />
+    <permissions>
+        <permission action="procPointAdminInsertPointModuleConfig" target="manager" />
+    </permissions>
    <actions>
        <action name="dispPointAdminConfig" type="view" admin_index="true" menu_name="point" menu_index="true" />
        <action name="dispPointAdminModuleConfig" type="view" menu_name="point" />
--- a/modules/rss/conf/module.xml
+++ b/modules/rss/conf/module.xml
@ -1,7 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module>
    <grants />
-    <permissions />
+    <permissions>
+        <permission action="procRssAdminInsertModuleConfig" target="manager" />
+    </permissions>
    <actions>
        <action name="dispRssAdminIndex" type="view" index="true" admin_index="true" menu_name="rss" menu_index="true" />
        <action name="rss" type="view" />