fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 12:32:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix #1748 메뉴 관리에서 일부 항목에 HTML 태그를 사용을 제한

Browse source
This commit is contained in:
bnu 2015-09-14 14:43:59 +09:00
parent 859e283746
commit 811e9f9823
2 changed files with 51 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

34
modules/menu/menu.admin.controller.php
View file

@ -543,6 +543,9 @@ class menuAdminController extends menu
if($request->menu_desc) $args->desc = $request->menu_desc; if($request->menu_desc) $args->desc = $request->menu_desc;
else $args->desc = ''; else $args->desc = '';
$args->name = strip_tags(removeHackTag($args->name));
$args->desc = strip_tags(removeHackTag($args->desc));
debugPrint($args);
if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0) if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
{ {
return new Object(-1, 'msg_invalid_request'); return new Object(-1, 'msg_invalid_request');
@ -646,7 +649,7 @@ class menuAdminController extends menu
public function procMenuAdminUpdateItem() public function procMenuAdminUpdateItem()
{ {
$request = Context::getRequestVars(); $request = Context::getRequestVars();
debugPrint($request);
if(!$request->menu_item_srl || !$request->menu_name) if(!$request->menu_item_srl || !$request->menu_name)
{ {
return new Object(-1, 'msg_invalid_request'); return new Object(-1, 'msg_invalid_request');
@ -729,10 +732,13 @@ class menuAdminController extends menu
if($request->menu_desc) $args->desc = $request->menu_desc; if($request->menu_desc) $args->desc = $request->menu_desc;
else $args->desc = ''; else $args->desc = '';
$args->name = removeHackTag($args->name);
$args->desc = removeHackTag($args->desc);
unset($args->group_srls); unset($args->group_srls);
$args->open_window = $request->menu_open_window; $args->open_window = $request->menu_open_window;
$args->expand = $request->menu_expand; $args->expand = $request->menu_expand;
$output = executeQuery('menu.updateMenuItem', $args); $output = $this->_updateMenuItem($args);
$this->makeXmlFile($args->menu_srl); $this->makeXmlFile($args->menu_srl);
@ -790,7 +796,7 @@ class menuAdminController extends menu
$item_info->active_btn = ''; $item_info->active_btn = '';
} }
$output = executeQuery('menu.updateMenuItem', $item_info); $output = $this->_updateMenuItem($item_info);
// recreate menu cache file // recreate menu cache file
$this->makeXmlFile($args->menu_srl); $this->makeXmlFile($args->menu_srl);
@ -798,13 +804,23 @@ class menuAdminController extends menu
public function updateMenuItem($itemInfo) public function updateMenuItem($itemInfo)
{ {
$output = executeQuery('menu.updateMenuItem', $itemInfo); $output = $this->_updateMenuItem($itemInfo);
// recreate menu cache file // recreate menu cache file
$this->makeXmlFile($itemInfo->menu_srl); $this->makeXmlFile($itemInfo->menu_srl);
return $output; return $output;
} }
public function _updateMenuItem($itemInfo)
{
$itemInfo->name = removeHackTag($itemInfo->name);
$itemInfo->desc = removeHackTag($itemInfo->desc);
$output = executeQuery('menu.updateMenuItem', $itemInfo);
return $output;
}
/** /**
* Delete menu item(menu of the menu) * Delete menu item(menu of the menu)
* @return void|Object * @return void|Object
@ -961,7 +977,7 @@ class menuAdminController extends menu
{ {
$output->data->url = ''; $output->data->url = '';
$referenceItem = $output->data; $referenceItem = $output->data;
$output = executeQuery('menu.updateMenuItem', $referenceItem); $output = $this->_updateMenuItem($referenceItem);
if(!$output->toBool()) if(!$output->toBool())
{ {
$oDB->rollback(); $oDB->rollback();
@ -1085,7 +1101,7 @@ class menuAdminController extends menu
$args = new stdClass(); $args = new stdClass();
$args->menu_srl = $menu_srl; $args->menu_srl = $menu_srl;
$args->menu_item_srl = $node['node_srl']; $args->menu_item_srl = $node['node_srl'];
$output = executeQuery('menu.updateMenuItemNode', $args); $output = $this->_updateMenuItem($args);
//module's menu_srl move also //module's menu_srl move also
if($node['is_shortcut'] == 'N' && !empty($node['url'])) if($node['is_shortcut'] == 'N' && !empty($node['url']))
@ -1249,7 +1265,7 @@ class menuAdminController extends menu
$update_item_info->normal_btn = $copied_info['normal_btn']; $update_item_info->normal_btn = $copied_info['normal_btn'];
$update_item_info->hover_btn = $copied_info['hover_btn']; $update_item_info->hover_btn = $copied_info['hover_btn'];
$update_item_info->active_btn = $copied_info['active_btn']; $update_item_info->active_btn = $copied_info['active_btn'];
executeQuery('menu.updateMenuItem', $update_item_info); $output = $this->_updateMenuItem($update_item_info);
} }
$this->insertedMenuItemSrlList[] = $insertedMenuItemSrl; $this->insertedMenuItemSrlList[] = $insertedMenuItemSrl;
} }
@ -1629,7 +1645,7 @@ class menuAdminController extends menu
// Update if exists // Update if exists
if($item_info->menu_item_srl == $args->menu_item_srl) if($item_info->menu_item_srl == $args->menu_item_srl)
{ {
$output = executeQuery('menu.updateMenuItem', $args); $output = $this->_updateMenuItem($args);
if(!$output->toBool()) return $output; if(!$output->toBool()) return $output;
} }
// Insert if not exist // Insert if not exist
@ -1680,7 +1696,7 @@ class menuAdminController extends menu
if($exposure) $args->group_srls = implode(',', $exposure); if($exposure) $args->group_srls = implode(',', $exposure);
} }
$output = executeQuery('menu.updateMenuItem', $args); $output = $this->_updateMenuItem($args);
if(!$output->toBool()) if(!$output->toBool())
{ {
return $output; return $output;

6
modules/module/module.controller.php
View file

@ -462,7 +462,7 @@ class moduleController extends module
$menuArgs->url = $args->mid; $menuArgs->url = $args->mid;
$menuArgs->expand = 'N'; $menuArgs->expand = 'N';
$menuArgs->is_shortcut = 'N'; $menuArgs->is_shortcut = 'N';
$menuArgs->name = $args->browser_title; $menuArgs->name = removeHackTag($args->browser_title);
$menuArgs->listorder = $args->menu_item_srl * -1; $menuArgs->listorder = $args->menu_item_srl * -1;
$menuItemOutput = executeQuery('menu.insertMenuItem', $menuArgs); $menuItemOutput = executeQuery('menu.insertMenuItem', $menuArgs);
@ -476,8 +476,9 @@ class moduleController extends module
} }
} }
$args->menu_srl = $menuArgs->menu_srl;
// Insert a module // Insert a module
$args->menu_srl = $menuArgs->menu_srl;
$args->browser_title = removeHackTag($args->browser_title);
$output = executeQuery('module.insertModule', $args); $output = executeQuery('module.insertModule', $args);
if(!$output->toBool()) if(!$output->toBool())
{ {
@ -520,6 +521,7 @@ class moduleController extends module
if(!$args->site_srl) $args->site_srl = (int)$module_info->site_srl; if(!$args->site_srl) $args->site_srl = (int)$module_info->site_srl;
if(!$args->browser_title) $args->browser_title = $module_info->browser_title; if(!$args->browser_title) $args->browser_title = $module_info->browser_title;
} }
$args->browser_title = removeHackTag($args->browser_title);
$output = executeQuery('module.isExistsModuleName', $args); $output = executeQuery('module.isExistsModuleName', $args);
if(!$output->toBool() || $output->data->count) if(!$output->toBool() || $output->data->count)