From 811e9f9823db8fd015ed7ad3cf3ba93829d15f04 Mon Sep 17 00:00:00 2001
From: bnu <bnufactory@gmail.com>
Date: Mon, 14 Sep 2015 14:43:59 +0900
Subject: [PATCH] =?UTF-8?q?fix=20#1748=20=EB=A9=94=EB=89=B4=20=EA=B4=80?=
 =?UTF-8?q?=EB=A6=AC=EC=97=90=EC=84=9C=20=EC=9D=BC=EB=B6=80=20=ED=95=AD?=
 =?UTF-8?q?=EB=AA=A9=EC=97=90=20HTML=20=ED=83=9C=EA=B7=B8=EB=A5=BC=20?=
 =?UTF-8?q?=EC=82=AC=EC=9A=A9=EC=9D=84=20=EC=A0=9C=ED=95=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/menu/menu.admin.controller.php | 78 ++++++++++++++++----------
 modules/module/module.controller.php   |  6 +-
 2 files changed, 51 insertions(+), 33 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index bd4105a18..12b5ebf79 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -103,7 +103,7 @@ class menuAdminController extends menu
 		$output->add('menuSrl', $args->menu_srl);
 		return $output;
 	}
-	
+
 	function linkAllModuleInstancesToSitemap()
 	{
 		$unlinked_modules = false;
@@ -114,7 +114,7 @@ class menuAdminController extends menu
 		{
 			$unlinked_modules = $output->data;
 		}
-		
+
 		if($unlinked_modules)
 		{
 			$unlinked_menu_srl = $this->getUnlinkedMenu();
@@ -122,7 +122,7 @@ class menuAdminController extends menu
 		}
 
 	}
-	
+
 	function getUnlinkedMenu()
 	{
 		// 'unlinked' menu 존재여부 확인
@@ -139,7 +139,7 @@ class menuAdminController extends menu
 				unset($moduleConfig->unlinked_menu_srl);
 			}
 		}
-		
+
 		if(!$moduleConfig->unlinked_menu_srl)
 		{
 			$output = $this->addMenu('unlinked', 0);
@@ -154,10 +154,10 @@ class menuAdminController extends menu
 				return false;
 			}
 		}
-		
+
 		return $moduleConfig->unlinked_menu_srl;
 	}
-	
+
 	/**
 	 * insert menu when not linked module.
 	 *
@@ -172,7 +172,7 @@ class menuAdminController extends menu
 		{
 			return new Object(-1, 'msg_invalid_request');
 		}
-	
+
 		foreach($moduleInfos as $moduleInfo)
 		{
 			// search menu.
@@ -180,9 +180,9 @@ class menuAdminController extends menu
 			$args->url = $moduleInfo->mid;
 			$args->site_srl = $moduleInfo->site_srl;
 			$args->is_shortcut = 'N';
-	
+
 			$output = executeQuery('menu.getMenuItemByUrl', $args);
-	
+
 			if($output->toBool() && $output->data)
 			{
 				$moduleInfo->menu_srl = $output->data->menu_srl;
@@ -195,7 +195,7 @@ class menuAdminController extends menu
 				$item_args->name = $moduleInfo->mid;
 				$item_args->menu_item_srl = getNextSequence();
 				$item_args->listorder = -1*$item_args->menu_item_srl;
-	
+
 				$output = executeQuery('menu.insertMenuItem', $item_args);
 				if(!$output->toBool())
 				{
@@ -203,9 +203,9 @@ class menuAdminController extends menu
 				}
 				$moduleInfo->menu_srl = $menuSrl;
 			}
-	
+
 			$output = executeQuery('module.updateModule', $moduleInfo);
-			
+
 			return $output;
 		}
 
@@ -214,14 +214,14 @@ class menuAdminController extends menu
 		{
 			$oCacheHandler->invalidateGroupKey('site_and_module');
 		}
-		
+
 		$oMenuAdminController = getAdminController('menu');
 		$oMenuAdminController->makeXmlFile($menuSrl);
-	
+
 		return new Object();
 	}
-	
-	
+
+
 
 	/**
 	 * Change the menu title
@@ -418,7 +418,7 @@ class menuAdminController extends menu
 
 		// recreate menu cache file
 		$this->makeXmlFile($request->menu_srl);
-		
+
 		if(!$isProc)
 		{
 			return $this->get('menu_item_srl');
@@ -504,7 +504,7 @@ class menuAdminController extends menu
 			$args->is_shortcut = $request->is_shortcut;
 			$args->url = '#';
 		}
-		
+
 		if($request->menu_desc) $args->desc = $request->menu_desc;
 		else $args->desc = '';
 
@@ -539,10 +539,13 @@ class menuAdminController extends menu
 
 		if($request->menu_name_key) $args->name = $request->menu_name_key;
 		else $args->name = $request->menu_name;
-		
+
 		if($request->menu_desc) $args->desc = $request->menu_desc;
 		else $args->desc = '';
 
+		$args->name = strip_tags(removeHackTag($args->name));
+		$args->desc = strip_tags(removeHackTag($args->desc));
+debugPrint($args);
 		if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
 		{
 			return new Object(-1, 'msg_invalid_request');
@@ -616,7 +619,7 @@ class menuAdminController extends menu
 		{
 			$cmArgs->use_mobile = 'Y';
 		}
-		
+
 		// if mid is empty, auto create mid
 		if(!$request->module_id)
 		{
@@ -646,7 +649,7 @@ class menuAdminController extends menu
 	public function procMenuAdminUpdateItem()
 	{
 		$request = Context::getRequestVars();
-
+debugPrint($request);
 		if(!$request->menu_item_srl || !$request->menu_name)
 		{
 			return new Object(-1, 'msg_invalid_request');
@@ -725,14 +728,17 @@ class menuAdminController extends menu
 		{
 			$args->name = $request->menu_name;
 		}
-		
+
 		if($request->menu_desc) $args->desc = $request->menu_desc;
 		else $args->desc = '';
-		
+
+		$args->name = removeHackTag($args->name);
+		$args->desc = removeHackTag($args->desc);
+
 		unset($args->group_srls);
 		$args->open_window = $request->menu_open_window;
 		$args->expand = $request->menu_expand;
-		$output = executeQuery('menu.updateMenuItem', $args);
+		$output = $this->_updateMenuItem($args);
 
 		$this->makeXmlFile($args->menu_srl);
 
@@ -790,7 +796,7 @@ class menuAdminController extends menu
 			$item_info->active_btn = '';
 		}
 
-		$output = executeQuery('menu.updateMenuItem', $item_info);
+		$output = $this->_updateMenuItem($item_info);
 
 		// recreate menu cache file
 		$this->makeXmlFile($args->menu_srl);
@@ -798,13 +804,23 @@ class menuAdminController extends menu
 
 	public function updateMenuItem($itemInfo)
 	{
-		$output = executeQuery('menu.updateMenuItem', $itemInfo);
+		$output = $this->_updateMenuItem($itemInfo);
 
 		// recreate menu cache file
 		$this->makeXmlFile($itemInfo->menu_srl);
 		return $output;
 	}
 
+	public function _updateMenuItem($itemInfo)
+	{
+		$itemInfo->name = removeHackTag($itemInfo->name);
+		$itemInfo->desc = removeHackTag($itemInfo->desc);
+
+		$output = executeQuery('menu.updateMenuItem', $itemInfo);
+
+		return $output;
+	}
+
 	/**
 	 * Delete menu item(menu of the menu)
 	 * @return void|Object
@@ -961,7 +977,7 @@ class menuAdminController extends menu
 			{
 				$output->data->url = '';
 				$referenceItem = $output->data;
-				$output = executeQuery('menu.updateMenuItem', $referenceItem);
+				$output = $this->_updateMenuItem($referenceItem);
 				if(!$output->toBool())
 				{
 					$oDB->rollback();
@@ -1085,7 +1101,7 @@ class menuAdminController extends menu
 				$args = new stdClass();
 				$args->menu_srl = $menu_srl;
 				$args->menu_item_srl = $node['node_srl'];
-				$output = executeQuery('menu.updateMenuItemNode', $args);
+				$output = $this->_updateMenuItem($args);
 
 				//module's menu_srl move also
 				if($node['is_shortcut'] == 'N' && !empty($node['url']))
@@ -1249,7 +1265,7 @@ class menuAdminController extends menu
 				$update_item_info->normal_btn = $copied_info['normal_btn'];
 				$update_item_info->hover_btn = $copied_info['hover_btn'];
 				$update_item_info->active_btn = $copied_info['active_btn'];
-				executeQuery('menu.updateMenuItem', $update_item_info);
+				$output = $this->_updateMenuItem($update_item_info);
 			}
 			$this->insertedMenuItemSrlList[] = $insertedMenuItemSrl;
 		}
@@ -1629,7 +1645,7 @@ class menuAdminController extends menu
 		// Update if exists
 		if($item_info->menu_item_srl == $args->menu_item_srl)
 		{
-			$output = executeQuery('menu.updateMenuItem', $args);
+			$output = $this->_updateMenuItem($args);
 			if(!$output->toBool()) return $output;
 		}
 		// Insert if not exist
@@ -1680,7 +1696,7 @@ class menuAdminController extends menu
 			if($exposure) $args->group_srls = implode(',', $exposure);
 		}
 
-		$output = executeQuery('menu.updateMenuItem', $args);
+		$output = $this->_updateMenuItem($args);
 		if(!$output->toBool())
 		{
 			return $output;
diff --git a/modules/module/module.controller.php b/modules/module/module.controller.php
index de217b10b..f24feed63 100644
--- a/modules/module/module.controller.php
+++ b/modules/module/module.controller.php
@@ -462,7 +462,7 @@ class moduleController extends module
 				$menuArgs->url = $args->mid;
 				$menuArgs->expand = 'N';
 				$menuArgs->is_shortcut = 'N';
-				$menuArgs->name = $args->browser_title;
+				$menuArgs->name = removeHackTag($args->browser_title);
 				$menuArgs->listorder = $args->menu_item_srl * -1;
 
 				$menuItemOutput = executeQuery('menu.insertMenuItem', $menuArgs);
@@ -476,8 +476,9 @@ class moduleController extends module
 			}
 		}
 
-		$args->menu_srl = $menuArgs->menu_srl;
 		// Insert a module
+		$args->menu_srl = $menuArgs->menu_srl;
+		$args->browser_title = removeHackTag($args->browser_title);
 		$output = executeQuery('module.insertModule', $args);
 		if(!$output->toBool())
 		{
@@ -520,6 +521,7 @@ class moduleController extends module
 			if(!$args->site_srl) $args->site_srl = (int)$module_info->site_srl;
 			if(!$args->browser_title) $args->browser_title = $module_info->browser_title;
 		}
+		$args->browser_title = removeHackTag($args->browser_title);
 
 		$output = executeQuery('module.isExistsModuleName', $args);
 		if(!$output->toBool() || $output->data->count)