From 7e82d37cfa299da555be41a18ede3bf79e2916f1 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 4 Feb 2022 01:41:56 +0900
Subject: [PATCH] Fix PHP warnings due to unitiated variables #1866 thanks to
 @Erictoby

---
 classes/module/ModuleObject.class.php         |  2 +-
 classes/xml/XmlJsFilter.class.php             | 16 +++----
 common/tpl/common_layout.html                 |  2 +-
 modules/board/board.view.php                  |  4 +-
 modules/document/document.controller.php      |  6 +--
 modules/document/document.item.php            |  2 +-
 modules/layout/layout.model.php               |  4 +-
 modules/module/module.model.php               | 10 ++--
 .../ncenterlite/ncenterlite.controller.php    |  4 +-
 modules/point/point.controller.php            |  8 ++--
 modules/poll/poll.controller.php              | 47 ++++++++++---------
 11 files changed, 54 insertions(+), 51 deletions(-)

diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php
index 781d234fc..95aaa2e4e 100644
--- a/classes/module/ModuleObject.class.php
+++ b/classes/module/ModuleObject.class.php
@@ -347,7 +347,7 @@ class ModuleObject extends BaseObject
 		}
 		
 		// Get permission types(guest, member, manager, root) of the currently requested action
-		$permission = $this->xml_info->action->{$this->act}->permission->target ?: $this->xml_info->permission->{$this->act};
+		$permission = $this->xml_info->action->{$this->act}->permission->target ?: ($this->xml_info->permission->{$this->act} ?? null);
 		
 		// If admin action, set default permission
 		if(empty($permission) && stripos($this->act, 'admin') !== false)
diff --git a/classes/xml/XmlJsFilter.class.php b/classes/xml/XmlJsFilter.class.php
index 59404479f..998cb6bde 100644
--- a/classes/xml/XmlJsFilter.class.php
+++ b/classes/xml/XmlJsFilter.class.php
@@ -129,31 +129,31 @@ class XmlJsFilter extends XeXmlParser
 
 		// XmlJsFilter handles three data; filter_name, field, and parameter
 		$filter_name = $attrs->name;
-		$confirm_msg_code = $attrs->confirm_msg_code;
+		$confirm_msg_code = $attrs->confirm_msg_code ?? null;
 		$module = $attrs->module;
 		$act = $attrs->act;
-		$extend_filter = $attrs->extend_filter;
+		$extend_filter = $attrs->extend_filter ?? null;
 
-
-		$field_node = $xml_obj->filter->form->node;
+		$field_node = $xml_obj->filter->form->node ?? null;
 		if($field_node && !is_array($field_node))
 		{
 			$field_node = array($field_node);
 		}
 
-		$parameter_param = $xml_obj->filter->parameter->param;
+		$parameter_param = $xml_obj->filter->parameter->param ?? null;
 		if($parameter_param && !is_array($parameter_param))
 		{
 			$parameter_param = array($parameter_param);
 		}
 
-		$response_tag = $xml_obj->filter->response->tag;
+		$response_tag = $xml_obj->filter->response->tag ?? null;
 		if($response_tag && !is_array($response_tag))
 		{
 			$response_tag = array($response_tag);
 		}
 
 		// If extend_filter exists, result returned by calling the method
+		$extend_filter_count = 0;
 		if($extend_filter)
 		{
 			// If extend_filter exists, it changes the name of cache not to use cache
@@ -261,9 +261,9 @@ class XmlJsFilter extends XeXmlParser
 				{
 					$target_list[] = $target;
 				}
-				if(!$target_type_list[$target])
+				if(!isset($target_type_list[$target]))
 				{
-					$target_type_list[$target] = $filter;
+					$target_type_list[$target] = $filter ?? null;
 				}
 			}
 		}
diff --git a/common/tpl/common_layout.html b/common/tpl/common_layout.html
index 7f9cf43b6..6e9db6b82 100644
--- a/common/tpl/common_layout.html
+++ b/common/tpl/common_layout.html
@@ -10,7 +10,7 @@
 <block loop="Context::getMetaTag() => $no, $val">
 <meta http-equiv="{$val['name']}"|cond="$val['is_http_equiv']" name="{$val['name']}"|cond="!$val['is_http_equiv']" content="{$val['content']}" />
 </block>
-<meta name="csrf-token" content="{($is_logged || $act) ? \Rhymix\Framework\Session::getGenericToken() : ''}" />
+<meta name="csrf-token" content="{($is_logged || ($act ?? '')) ? \Rhymix\Framework\Session::getGenericToken() : ''}" />
 
 <!-- TITLE -->
 <title>{Context::getBrowserTitle()}</title>
diff --git a/modules/board/board.view.php b/modules/board/board.view.php
index 45c180ec7..8b456f23c 100644
--- a/modules/board/board.view.php
+++ b/modules/board/board.view.php
@@ -45,11 +45,11 @@ class boardView extends board
 		$count_category = count(DocumentModel::getCategoryList($this->module_info->module_srl));
 		if($count_category)
 		{
-			if($this->module_info->hide_category)
+			if(isset($this->module_info->hide_category))
 			{
 				$this->module_info->use_category = ($this->module_info->hide_category == 'Y') ? 'N' : 'Y';
 			}
-			else if($this->module_info->use_category)
+			elseif(isset($this->module_info->use_category))
 			{
 				$this->module_info->hide_category = ($this->module_info->use_category == 'Y') ? 'N' : 'Y';
 			}
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 868528ad8..8b7c7a1e5 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -1334,7 +1334,7 @@ class documentController extends document
 		);
 		
 		$config = DocumentModel::getDocumentConfig();
-		if (!$config->view_count_option || !isset($valid_options[$config->view_count_option]))
+		if (!isset($config->view_count_option) || !isset($valid_options[$config->view_count_option]))
 		{
 			$config->view_count_option = 'once';
 		}
@@ -1351,7 +1351,7 @@ class documentController extends document
 		$logged_info = Context::get('logged_info');
 		
 		// Option 'some': only count once per session.
-		if ($config->view_count_option != 'all' && $_SESSION['readed_document'][$document_srl])
+		if ($config->view_count_option != 'all' && isset($_SESSION['readed_document'][$document_srl]))
 		{
 			return false;
 		}
@@ -1370,7 +1370,7 @@ class documentController extends document
 			}
 			
 			// Pass if the author's member_srl is the same as the visitor's.
-			if($member_srl && $logged_info->member_srl && $logged_info->member_srl == $member_srl)
+			if($member_srl && $logged_info && $logged_info->member_srl && $logged_info->member_srl == $member_srl)
 			{
 				$_SESSION['readed_document'][$document_srl] = true;
 				return false;
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 371467d87..1ae3442bb 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -204,7 +204,7 @@ class documentItem extends BaseObject
 		}
 		
 		$logged_info = Context::get('logged_info');
-		if (!$logged_info->member_srl)
+		if (!$logged_info || !$logged_info->member_srl)
 		{
 			return $this->grant_cache = false;
 		}
diff --git a/modules/layout/layout.model.php b/modules/layout/layout.model.php
index f77f7aa6f..5467dcb2f 100644
--- a/modules/layout/layout.model.php
+++ b/modules/layout/layout.model.php
@@ -505,7 +505,7 @@ class layoutModel extends layout
 			$cache_file = $this->getUserLayoutCache($layout_srl, Context::getLangType());
 		}
 
-		if(file_exists($cache_file)&&filemtime($cache_file)>filemtime($xml_file))
+		if(file_exists($cache_file) && filemtime($cache_file) > filemtime($xml_file))
 		{
 			include($cache_file);
 
@@ -513,7 +513,7 @@ class layoutModel extends layout
 			{
 				foreach($vars as $key => $value)
 				{
-					if(!$layout_info->extra_var->{$key} && !$layout_info->{$key})
+					if(!isset($layout_info->extra_var->{$key}) && !isset($layout_info->{$key}))
 					{
 						$layout_info->{$key} = $value;
 					}
diff --git a/modules/module/module.model.php b/modules/module/module.model.php
index 5d9455a4b..a6c91bed9 100644
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@@ -1939,9 +1939,9 @@ class moduleModel extends module
 			$module_info->module = $module_info->module_srl = 0;
 		}
 		
-		if (isset($GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl ?? 0)][intval($member_info->member_srl)]))
+		if (isset($GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl ?? 0)][intval($member_info->member_srl ?? 0)]))
 		{
-			$__cache = &$GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl ?? 0)][intval($member_info->member_srl)];
+			$__cache = &$GLOBALS['__MODULE_GRANT__'][$module_info->module][intval($module_info->module_srl ?? 0)][intval($member_info->member_srl ?? 0)];
 			if (is_object($__cache) && !$xml_info)
 			{
 				return $__cache;
@@ -1975,7 +1975,7 @@ class moduleModel extends module
 		foreach($privilege_list as $val)
 		{
 			// If an administrator, grant all
-			if($member_info->is_admin == 'Y')
+			if($member_info && $member_info->is_admin == 'Y')
 			{
 				$grant->{$val} = true;
 			}
@@ -2018,7 +2018,7 @@ class moduleModel extends module
 				}
 				
 				// Log-in member only
-				if($member_info->member_srl)
+				if($member_info && $member_info->member_srl)
 				{
 					if($val->group_srl == -1 || $val->group_srl == -2)
 					{
@@ -2063,7 +2063,7 @@ class moduleModel extends module
 				}
 				
 				// Log-in member only
-				if($member_info->member_srl)
+				if($member_info && $member_info->member_srl)
 				{
 					if($item->default == 'member' || $item->default == 'site')
 					{
diff --git a/modules/ncenterlite/ncenterlite.controller.php b/modules/ncenterlite/ncenterlite.controller.php
index dcb3bd0ce..027a8659c 100644
--- a/modules/ncenterlite/ncenterlite.controller.php
+++ b/modules/ncenterlite/ncenterlite.controller.php
@@ -958,7 +958,7 @@ class ncenterliteController extends ncenterlite
 		{
 			$comment_srl = Context::get('comment_srl');
 			$logged_info = Context::get('logged_info');
-			if($comment_srl && $logged_info)
+			if($comment_srl && $logged_info && $logged_info->member_srl)
 			{
 				$args->target_srl = $comment_srl;
 				$args->member_srl = $logged_info->member_srl;
@@ -975,7 +975,7 @@ class ncenterliteController extends ncenterlite
 			$document_srl = Context::get('document_srl');
 			$logged_info = Context::get('logged_info');
 
-			if($document_srl && $config->document_read == 'Y' && $logged_info->member_srl)
+			if($document_srl && $config->document_read == 'Y' && $logged_info && $logged_info->member_srl)
 			{
 				$args->srl = $document_srl;
 				$args->member_srl = $logged_info->member_srl;
diff --git a/modules/point/point.controller.php b/modules/point/point.controller.php
index 844239f6f..27cf92fcd 100644
--- a/modules/point/point.controller.php
+++ b/modules/point/point.controller.php
@@ -410,7 +410,7 @@ class pointController extends point
 	public function triggerBeforeDownloadFile($obj)
 	{
 		$logged_info = Context::get('logged_info');
-		$logged_member_srl = $logged_info->member_srl;
+		$logged_member_srl = $logged_info ? $logged_info->member_srl : 0;
 		$author_member_srl = abs($obj->member_srl);
 		$module_srl = $obj->module_srl;
 		if ($logged_member_srl && $logged_member_srl == $author_member_srl)
@@ -443,7 +443,7 @@ class pointController extends point
 	public function triggerDownloadFile($obj)
 	{
 		$logged_info = Context::get('logged_info');
-		$logged_member_srl = $logged_info->member_srl;
+		$logged_member_srl = $logged_info ? $logged_info->member_srl : 0;
 		$author_member_srl = abs($obj->member_srl);
 		$module_srl = $obj->module_srl;
 		if ($logged_member_srl && $logged_member_srl == $author_member_srl)
@@ -481,7 +481,7 @@ class pointController extends point
 	public function triggerUpdateReadedCount($obj)
 	{
 		$logged_info = Context::get('logged_info');
-		$logged_member_srl = $logged_info->member_srl;
+		$logged_member_srl = $logged_info ? $logged_info->member_srl : 0;
 		$author_member_srl = abs($obj->get('member_srl'));
 		$module_srl = $obj->get('module_srl');
 		if ($logged_member_srl && $logged_member_srl == $author_member_srl)
@@ -587,7 +587,7 @@ class pointController extends point
 	public function triggerUpdateVotedCount($obj)
 	{
 		$logged_info = Context::get('logged_info');
-		$logged_member_srl = $logged_info->member_srl;
+		$logged_member_srl = $logged_info ? $logged_info->member_srl : 0;
 		$target_member_srl = abs($obj->member_srl);
 		if ($logged_member_srl && $logged_member_srl == $target_member_srl)
 		{
diff --git a/modules/poll/poll.controller.php b/modules/poll/poll.controller.php
index 6ed4741cd..e30c934ce 100644
--- a/modules/poll/poll.controller.php
+++ b/modules/poll/poll.controller.php
@@ -30,9 +30,7 @@ class pollController extends poll
 			$stop_date = date('YmdHis', $_SERVER['REQUEST_TIME']+60*60*24*30);
 		}
 
-		$logged_info = Context::get('logged_info');
 		$vars = Context::getRequestVars();
-
 		$args = new stdClass;
 		$tmp_args = array();
 
@@ -70,9 +68,9 @@ class pollController extends poll
 				$tmp_args[$poll_index]->item = array();
 			}
 
-			if($logged_info->is_admin != 'Y')
+			if(!$this->user->isAdmin())
 			{
-				$val = htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+				$val = escape($val, false);
 			}
 
 			switch($tmp_arr[0])
@@ -108,15 +106,14 @@ class pollController extends poll
 
 		// Configure the variables
 		$poll_srl = getNextSequence();
-		$member_srl = $logged_info->member_srl?$logged_info->member_srl:0;
 
-		$oDB = &DB::getInstance();
+		$oDB = DB::getInstance();
 		$oDB->begin();
 
 		// Register the poll
 		$poll_args = new stdClass;
 		$poll_args->poll_srl = $poll_srl;
-		$poll_args->member_srl = $member_srl;
+		$poll_args->member_srl = $this->user->member_srl;
 		$poll_args->list_order = $poll_srl*-1;
 		$poll_args->stop_date = $args->stop_date;
 		$poll_args->poll_count = 0;
@@ -180,8 +177,10 @@ class pollController extends poll
 
 		if($poll_item_title=='') throw new Rhymix\Framework\Exception('msg_item_title_cannot_empty');
 
-		$logged_info = Context::get('logged_info');
-		if(!$logged_info) throw new Rhymix\Framework\Exception('msg_cannot_add_item');
+		if(!$this->user->member_srl)
+		{
+			throw new Rhymix\Framework\Exception('msg_cannot_add_item');
+		}
 
 		if(!$poll_srl || !$poll_index_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
 
@@ -196,12 +195,12 @@ class pollController extends poll
 
 		if(!$this->isAbletoAddItem($type)) throw new Rhymix\Framework\Exception('msg_cannot_add_item');
 
-		if($logged_info->is_admin != 'Y')
+		if(!$this->user->isAdmin())
 		{
-			$poll_item_title = htmlspecialchars($poll_item_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+			$poll_item_title = escape($poll_item_title, false);
 		}
 
-		$oDB = &DB::getInstance();
+		$oDB = DB::getInstance();
 		$oDB->begin();
 
 		$item_args = new stdClass;
@@ -210,7 +209,7 @@ class pollController extends poll
 		$item_args->title = $poll_item_title;
 		$item_args->poll_count = 0;
 		$item_args->upload_target_srl = 0;
-		$item_args->add_user_srl = $logged_info->member_srl;
+		$item_args->add_user_srl = $this->user->member_srl;
 		$output = executeQuery('poll.insertPollItem', $item_args);
 		if(!$output->toBool())
 		{
@@ -226,8 +225,10 @@ class pollController extends poll
 		$poll_index_srl = (int) Context::get('index_srl');
 		$poll_item_srl = Context::get('item_srl');
 
-		$logged_info = Context::get('logged_info');
-		if(!$logged_info)  throw new Rhymix\Framework\Exception('msg_cannot_delete_item');
+		if(!$this->user->member_srl)
+		{
+			throw new Rhymix\Framework\Exception('msg_cannot_delete_item');
+		}
 
 		if(!$poll_srl || !$poll_index_srl || !$poll_item_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
 
@@ -248,8 +249,14 @@ class pollController extends poll
 		if(!$output->data) throw new Rhymix\Framework\Exception('poll_no_poll_or_deleted_poll');
 		$poll_member_srl = $output->data->member_srl;
 
-		if($add_user_srl!=$logged_info->member_srl && $poll_member_srl!=$logged_info->member_srl) throw new Rhymix\Framework\Exception('msg_cannot_delete_item');
-		if($poll_count>0) throw new Rhymix\Framework\Exception('msg_cannot_delete_item_poll_exist');
+		if($add_user_srl != $this->user->member_srl && $poll_member_srl != $this->user->member_srl)
+		{
+			throw new Rhymix\Framework\Exception('msg_cannot_delete_item');
+		}
+		if($poll_count > 0)
+		{
+			throw new Rhymix\Framework\Exception('msg_cannot_delete_item_poll_exist');
+		}
 
 		$oDB = &DB::getInstance();
 		$oDB->begin();
@@ -330,11 +337,7 @@ class pollController extends poll
 		$log_args = new stdClass;
 		$log_args->poll_srl = $poll_srl;
 		$log_args->poll_item = $args->poll_item_srl;
-
-		$logged_info = Context::get('logged_info');
-		$member_srl = $logged_info->member_srl?$logged_info->member_srl:0;
-
-		$log_args->member_srl = $member_srl;
+		$log_args->member_srl = $this->user->member_srl;
 		$log_args->ipaddress = \RX_CLIENT_IP;
 		$output = executeQuery('poll.insertPollLog', $log_args);