Merge remote-tracking branch 'upstream/master'

2026-01-04 01:01:41 +09:00 · 2025-12-24 03:07:48 +00:00 · 2025-12-24 03:07:48 +00:00 · 881b0fbac1
commit 881b0fbac1
parent 1c8ae0d766 aaf3791a78
58 changed files with 606 additions and 200 deletions
--- a/modules/document/document.class.php
+++ b/modules/document/document.class.php
@ -113,6 +113,7 @@ class Document extends ModuleObject
 		// 2025.10.23 Add sort to document_extra_keys table, and sort_value to document_extra_vars table
 		if(!$oDB->isColumnExists('document_extra_keys', 'var_sort')) return true;
 		if(!$oDB->isColumnExists('document_extra_vars', 'sort_value') || !$oDB->isIndexExists('document_extra_vars', 'idx_sort_value')) return true;
+		if(!$oDB->isIndexExists('document_extra_vars', 'idx_document_var_idx')) return true;
 		if(!$oDB->isIndexExists('document_extra_vars', 'idx_prefix_value')) return true;

 		// Delete unnecessary index
@ -238,6 +239,7 @@ class Document extends ModuleObject
 		if(!$oDB->isColumnExists('document_extra_keys', 'var_sort'))
 		{
 			$oDB->addColumn('document_extra_keys', 'var_sort', 'char', '1', 'N', true, 'var_search');
+			Rhymix\Framework\Cache::clearGroup('site_and_module');
 		}
 		if(!$oDB->isColumnExists('document_extra_vars', 'sort_value') || !$oDB->isIndexExists('document_extra_vars', 'idx_sort_value'))
 		{
@ -264,6 +266,10 @@ class Document extends ModuleObject
 			$oDB->commit();
 			$oDB->addIndex('document_extra_vars', 'idx_sort_value', array('module_srl', 'sort_value'));
 		}
+		if(!$oDB->isIndexExists('document_extra_vars', 'idx_document_var_idx'))
+		{
+			$oDB->addIndex('document_extra_vars', 'idx_document_var_idx', array('document_srl', 'var_idx'));
+		}
 		if(!$oDB->isIndexExists('document_extra_vars', 'idx_prefix_value'))
 		{
 			$oDB->addIndex('document_extra_vars', 'idx_prefix_value', array('module_srl', 'value(10)'));
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@ -612,7 +612,7 @@ class DocumentController extends Document
 	 */
 	function insertDocument($obj, $manual_inserted = false, $isRestore = false, $isLatest = true)
 	{
-		if (!$manual_inserted && !checkCSRF())
+		if (!$manual_inserted && !Rhymix\Framework\Security::checkCSRF())
 		{
 			return new BaseObject(-1, 'msg_security_violation');
 		}
@ -713,7 +713,7 @@ class DocumentController extends Document
 			$obj->user_id = htmlspecialchars_decode($logged_info->user_id);
 			$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
 			$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
-			$obj->email_address = $logged_info->email_address;
+			$obj->email_address = $logged_info->email_address ?? '';
 			$obj->homepage = $logged_info->homepage;
 		}
 		if(!$logged_info->member_srl && !$manual_inserted && !$isRestore)
@ -816,24 +816,31 @@ class DocumentController extends Document
 		}

 		// if use editor of nohtml, Remove HTML tags from the contents.
-		if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
+		if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
 		{
 			$obj->content = EditorModel::converter($obj, 'document');
 		}

 		// Remove iframe and script if not a top adminisrator in the session.
-		if($logged_info->is_admin != 'Y')
+		if ($logged_info->is_admin !== 'Y')
 		{
-			$obj->content = removeHackTag($obj->content);
+			$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
+		}
+
+		// Fix encoding of non-BMP UTF-8 characters.
+		if (config('db.master.charset') !== 'utf8mb4')
+		{
+			$obj->title = utf8_mbencode($obj->title);
+			$obj->content = utf8_mbencode($obj->content);
 		}

 		// An error appears if both log-in info and user name don't exist.
-		if(!$logged_info->member_srl && !$obj->nick_name) return new BaseObject(-1, 'msg_invalid_request');
-
-		// Fix encoding of non-BMP UTF-8 characters.
-		$obj->title = utf8_mbencode($obj->title);
-		$obj->content = utf8_mbencode($obj->content);
+		if (!$logged_info->member_srl && !$obj->nick_name)
+		{
+			return new BaseObject(-1, 'msg_invalid_request');
+		}

+		// Set lang_code to the current user's language
 		$obj->lang_code = Context::getLangType();

 		// begin transaction
@ -923,7 +930,7 @@ class DocumentController extends Document
 		}

 		// Call a trigger (after)
-		if($obj->update_log_setting === 'Y')
+		if (isset($obj->update_log_setting) && $obj->update_log_setting === 'Y')
 		{
 			$obj->extra_vars = serialize($extra_vars);
 			$update_output = $this->insertDocumentUpdateLog($obj);
@ -972,7 +979,7 @@ class DocumentController extends Document
 	 */
 	function updateDocument($source_obj, $obj, $manual_updated = FALSE)
 	{
-		if(!$manual_updated && !checkCSRF())
+		if(!$manual_updated && !Rhymix\Framework\Security::checkCSRF())
 		{
 			return new BaseObject(-1, 'msg_security_violation');
 		}
@ -1172,14 +1179,17 @@ class DocumentController extends Document
 		}

 		// Remove iframe and script if not a top adminisrator in the session.
-		if($logged_info->is_admin != 'Y')
+		if ($logged_info->is_admin !== 'Y')
 		{
-			$obj->content = removeHackTag($obj->content);
+			$obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
 		}

 		// Fix encoding of non-BMP UTF-8 characters.
-		$obj->title = utf8_mbencode($obj->title);
-		$obj->content = utf8_mbencode($obj->content);
+		if (config('db.master.charset') !== 'utf8mb4')
+		{
+			$obj->title = utf8_mbencode($obj->title);
+			$obj->content = utf8_mbencode($obj->content);
+		}

 		// Begin transaction
 		$oDB = DB::getInstance();
@ -1376,7 +1386,7 @@ class DocumentController extends Document
 		}

 		// Update log
-		if($obj->update_log_setting === 'Y')
+		if (isset($obj->update_log_setting) && $obj->update_log_setting === 'Y')
 		{
 			$obj->extra_vars = serialize($extra_vars);
 			if($grant->manager)
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@ -65,14 +65,13 @@ class DocumentItem extends BaseObject
 	 * Constructor
 	 * @param int $document_srl
 	 * @param bool $load_extra_vars
-	 * @param array columnList
+	 * @param bool $reload_counts
 	 * @return void
 	 */
-	function __construct($document_srl = 0, $load_extra_vars = true, $columnList = array())
+	function __construct($document_srl = 0, $load_extra_vars = true, $reload_counts = true)
 	{
 		$this->document_srl = $document_srl;
-		$this->columnList = $columnList;
-		$this->_loadFromDB($load_extra_vars);
+		$this->_loadFromDB($load_extra_vars, $reload_counts);
 	}

 	function setDocument($document_srl, $load_extra_vars = true)
@ -86,23 +85,13 @@ class DocumentItem extends BaseObject
 	 * @param bool $load_extra_vars
 	 * @return void
 	 */
-	function _loadFromDB($load_extra_vars = true)
+	function _loadFromDB($load_extra_vars = true, $reload_counts = true)
 	{
 		if(!$this->document_srl)
 		{
 			return;
 		}

-		$document_item = false;
-		$columnList = array();
-		$reload_counts = true;
-
-		if ($this->columnList === false)
-		{
-			$reload_counts = false;
-		}
-		$this->columnList = array();
-
 		// cache controll
 		$cache_key = 'document_item:' . getNumberingPath($this->document_srl) . $this->document_srl;
 		$document_item = Rhymix\Framework\Cache::get($cache_key);
@ -110,8 +99,12 @@ class DocumentItem extends BaseObject
 		{
 			$columnList = array('readed_count', 'voted_count', 'blamed_count', 'comment_count', 'trackback_count');
 		}
+		else
+		{
+			$columnList = [];
+		}

-		if(!$document_item || $reload_counts)
+		if(!$document_item || $reload_counts !== false)
 		{
 			$args = new stdClass();
 			$args->document_srl = $this->document_srl;
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@ -149,10 +149,10 @@ class DocumentModel extends Document
 	 * @param int $document_srl
 	 * @param bool $is_admin
 	 * @param bool $load_extra_vars
-	 * @param array $columnList
+	 * @param bool $reload_counts
 	 * @return documentItem
 	 */
-	public static function getDocument($document_srl = 0, $is_admin = false, $load_extra_vars = true, $columnList = array())
+	public static function getDocument($document_srl = 0, $is_admin = false, $load_extra_vars = true, $reload_counts = true)
 	{
 		if(!$document_srl)
 		{
@ -160,7 +160,7 @@ class DocumentModel extends Document
 		}
 		if(!isset($GLOBALS['XE_DOCUMENT_LIST'][$document_srl]))
 		{
-			$oDocument = new documentItem($document_srl, $load_extra_vars, $columnList);
+			$oDocument = new documentItem($document_srl, $load_extra_vars, $reload_counts);
 			if(!$oDocument->isExists())
 			{
 				return $oDocument;
--- a/modules/document/document.view.php
+++ b/modules/document/document.view.php
@ -50,16 +50,15 @@ class DocumentView extends Document
 	 */
 	function dispDocumentPreview()
 	{
-		if(!checkCSRF())
+		if(!Rhymix\Framework\Security::checkCSRF())
 		{
 			throw new Rhymix\Framework\Exceptions\SecurityViolation;
 		}

-		$content = Context::get('content');
-
-		if(Context::get('logged_info')->is_admin != 'Y')
+		$content = (string)Context::get('content');
+		if (Context::get('logged_info')->is_admin !== 'Y')
 		{
-			$content = removeHackTag($content);
+			$content = Rhymix\Framework\Filters\HTMLFilter::clean($content);
 		}

 		// Editor converter
--- a/modules/document/queries/getDocumentExtraVars.xml
+++ b/modules/document/queries/getDocumentExtraVars.xml
@ -6,7 +6,6 @@
        <column name="*" />
    </columns>
    <conditions>
-        <condition operation="more" column="extra_vars.module_srl" default="-1" notnull="notnull" pipe="and" />
        <condition operation="in" column="extra_vars.document_srl" var="document_srl" notnull="notnull" pipe="and" />
        <condition operation="more" column="extra_vars.var_idx" default="-2" pipe="and" />
    </conditions>
--- a/modules/document/schemas/document_extra_vars.xml
+++ b/modules/document/schemas/document_extra_vars.xml
@ -6,6 +6,7 @@
 	<column name="value" type="bigtext" />
 	<column name="sort_value" type="bigint" />
 	<column name="eid" type="varchar" size="40" />
+	<index name="idx_document_var_idx" columns="document_srl,var_idx" />
 	<index name="idx_prefix_value" columns="module_srl,value(10)" />
 	<index name="idx_sort_value" columns="module_srl,sort_value" />
 </table>
--- a/modules/document/tpl/document_list.html
+++ b/modules/document/tpl/document_list.html
@ -167,8 +167,20 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 				<tbody>
 				</tbody>
 			</table>
-			<div class="x_control-group" style="padding-right:14px;border-top:0">
-				<label for="message">{$lang->message_notice}</label>
+			<div class="x_control-group" id="message_options" style="padding-right:14px;border-top:0">
+				<label for="send_default_message" class="x_inline">
+					<input type="radio" name="send_message" id="send_default_message" value="default" checked="checked" />
+					{$lang->send_default_message}
+				</label>
+				<label for="send_custom_message" class="x_inline">
+					<input type="radio" name="send_message" id="send_custom_message" value="custom" />
+					{$lang->send_custom_message}
+				</label>
+				<label for="send_no_message" class="x_inline">
+					<input type="radio" name="send_message" id="send_no_message" value="none" />
+					{$lang->send_no_message}
+				</label>
+				<br />
 				<textarea rows="4" cols="42" name="message_content" id="message" style="width:100%"></textarea>
 			</div>
 		</section>
@ -231,5 +243,13 @@ jQuery(function($){
 			}
 		}
 	});
+	$('#message').prop('disabled', true);
+	$('#message_options').on('change', 'input[name="send_message"]', function(){
+		if($('#send_custom_message').is(':checked')) {
+			$('#message').prop("disabled", false);
+		} else {
+			$('#message').prop("disabled", true);
+		}
+	});
 });
 </script>