Merge branch 'security/rve-2026-9'

2026-05-17 07:53:21 +09:00 · 2026-05-11 18:17:46 +09:00 · 2026-05-11 18:17:46 +09:00 · 877c85ff29
commit 877c85ff29
parent a0af01c76a abda55c926
6 changed files with 5 additions and 97 deletions
--- a/addons/autolink/autolink.js
+++ b/addons/autolink/autolink.js
@ -36,7 +36,7 @@
 			var content  = textNode.nodeValue;
 			var dummy    = $('<span>');

-			content = content.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+			content = content.escape();
 			content = content.replace(url_regex, function(match, p1, offset, string) {
 				var match;
 				var suffix = '';
@ -107,5 +107,5 @@
 			$this.attr("target", "_blank");
 		}
 	});
-	
+
 })(jQuery);
--- a/modules/layout/conf/module.xml
+++ b/modules/layout/conf/module.xml
@ -2,7 +2,6 @@
 <module>
 	<grants />
 	<actions>
-		<action name="dispLayoutPreview" type="view" permission="root" meta-noindex="true" />
 		<action name="dispLayoutPreviewWithModule" type="view" permission="root" meta-noindex="true" />
 		<action name="getLayoutInstanceListForJSONP" type="model" permission="root" />

--- a/modules/layout/layout.view.php
+++ b/modules/layout/layout.view.php
@ -301,6 +301,9 @@ class LayoutView extends Layout
 		Context::set('skin_type', null);
 		Context::set('skin_vars', null);

+		// Set dummy variable
+		Context::set('layout_info', Context::get('layout_info') ?: new stdClass());
+
 		// Proc module
 		$oModule = $oModuleHandler->procModule();
 		if(!$oModule->toBool())
@ -314,76 +317,6 @@ class LayoutView extends Layout
 		return $handler->toDoc($oModule);
 	}

-	/**
-	 * Preview a layout
-	 * @return void|Object (void : success, Object : fail)
-	 */
-	function dispLayoutPreview()
-	{
-		if(!Rhymix\Framework\Security::checkCSRF())
-		{
-			throw new Rhymix\Framework\Exceptions\InvalidRequest;
-		}
-
-		// admin check
-		// this act is admin view but in normal view because do not load admin css/js files
-		$logged_info = Context::get('logged_info');
-		if($logged_info->is_admin != 'Y') throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
-		$layout_srl = Context::get('layout_srl');
-		$code = Context::get('code');
-
-		$code_css = Context::get('code_css');
-		if(!$layout_srl || !$code) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-		// Get the layout information
-		$oLayoutModel = getModel('layout');
-		$layout_info = $oLayoutModel->getLayout($layout_srl);
-		if(!$layout_info) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-		// Separately handle the layout if its type is faceoff
-		if($layout_info && $layout_info->type == 'faceoff') $oLayoutModel->doActivateFaceOff($layout_info);
-		// Apply CSS directly
-		Context::addHtmlHeader("<style type=\"text/css\" charset=\"UTF-8\">".$code_css."</style>");
-		// Set names and values of extra_vars to $layout_info
-		if($layout_info->extra_var_count)
-		{
-			foreach($layout_info->extra_var as $var_id => $val)
-			{
-				$layout_info->{$var_id} = $val->value;
-			}
-		}
-		// menu in layout information becomes an argument for Context:: set
-		if($layout_info->menu_count)
-		{
-			foreach($layout_info->menu as $menu_id => $menu)
-			{
-				$menu->php_file = FileHandler::getRealPath($menu->php_file);
-				if(FileHandler::exists($menu->php_file)) include($menu->php_file);
-
-				Context::set($menu_id, $menu);
-			}
-		}
-
-		Context::set('layout_info', $layout_info);
-		Context::set('content', lang('layout_preview_content'));
-		// Temporary save the codes
-		$edited_layout_file = RX_BASEDIR . 'files/cache/layout/tmp.tpl';
-		FileHandler::writeFile($edited_layout_file, $code);
-
-		// Compile
-		$oTemplate = TemplateHandler::getInstance();
-
-		$layout_path = $layout_info->path;
-		$layout_file = 'layout';
-
-		$layout_tpl = $oTemplate->compile($layout_path, $layout_file, $edited_layout_file);
-		Context::set('layout','none');
-		// Convert widgets and others
-		Context::set('layout_tpl', $layout_tpl);
-		// Delete Temporary Files
-		FileHandler::removeFile($edited_layout_file);
-		$this->setTemplateFile('layout_preview');
-	}
-
 	private function getRealLayoutFile($layoutSrl)
 	{
 		$oLayoutModel = getModel('layout');
--- a/modules/layout/tpl/js/adminEdit.js
+++ b/modules/layout/tpl/js/adminEdit.js
@ -1,16 +1,3 @@
-function doPreviewLayoutCode()
-{
-	var $form = jQuery('#fo_layout'), $act = $form.find('input[name=act]');
-	var og_act = $act.val();
-
-	$form.attr('target', '_LayoutPreview');
-	$act.val('dispLayoutPreview');
-	$form.submit();
-
-	$form.removeAttr('target');
-	$act.val(og_act);
-}
-
 $(function() {
 	$('.reset_layout').on('click', function(e) {
 		var msg = $(this).data('confirmationMsg');
--- a/modules/layout/tpl/js/layout_admin.js
+++ b/modules/layout/tpl/js/layout_admin.js
@ -70,16 +70,6 @@ function addLayoutCopyInputbox()

 (function($){

-/* preview layout */
-function doPreviewLayoutCode(layout_srl) {
-	var fo  = $('#fo_layout');
-	var act = fo.find('input[name=act]:first').val();
-	fo.attr('target', '_LayoutPreview').find('input[name=act]').val('dispLayoutAdminPreview');
-	fo.submit();
-	//.removeAttr('target').find('input[name=act]').val(act);
-}
-window.doPreviewLayoutCode = doPreviewLayoutCode;
-
 /* restore layout code */
 function doResetLayoutCode(layout_srl) {
    procFilter($('#fo_layout')[0], reset_layout_code);
--- a/modules/layout/tpl/layout_edit.html
+++ b/modules/layout/tpl/layout_edit.html
@ -102,7 +102,6 @@
 			<button type="submit" class="x_btn reset_layout" name="mode" value="reset" data-confirmation-msg="{$lang->layout_reset_confirmation}">{$lang->cmd_reset}</button>
 		</span>
 		<span class="x_pull-right x_btn-group">
-			<button type="button" class="x_btn" onclick="doPreviewLayoutCode()">{$lang->cmd_preview}</button>
 			<button type="submit" class="x_btn x_btn-primary" name="mode" value="save">{$lang->cmd_save}</button>
 		</span>
 	</div>