mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-09 03:32:00 +09:00
Merge remote-tracking branch 'remotes/upstream/develop' into develop
This commit is contained in:
canto87-mac
commit
8e0f63af3d
15 changed files with 231 additions and 281 deletions
|
|
@ -441,6 +441,23 @@ body,table,input,textarea,select,button{font-family:나눔고딕,NanumGothic,NG,
|
|||
<dd>파일박스를 관리할 수 있습니다. 파일박스는 관리자가 재사용할 수 있는 이미지 파일을 관리하는 기능입니다. 회원 그룹 아이콘을 등록하면 이미지 파일은 파일박스에 업로드됩니다.</dd>
|
||||
</dl>
|
||||
</section>
|
||||
<section class="h3">
|
||||
<h1 id="UMAN_config_embed_filter">embed Filter</h1>
|
||||
<p><iframe> 또는 <object>, <embed> 태그에 허용 할 URL을 지정할 수 있습니다.<br>주로 domain을 포함한 URL을 지정하여 허용 URL을 지정할 수 있습니다.</p>
|
||||
<p>domain을 포함하지 않은 짧거나 단순한 단어('video', 'swf' 등)만을 지정할 경우 손쉽게 악의적인 접근을 시도할 수 있으니 주의해야 합니다.</p>
|
||||
<dl>
|
||||
<dt id="UMAN_config_embed_filter_iframe">iFrame</dt>
|
||||
<dd>
|
||||
<p><iframe> 태그에 허용 할 URL을 지정할 수 있습니다.</p>
|
||||
<p>예시 : 'http://www.youtube.com/v/...'와 같은 URL을 <iframe>에 허용 하려면 'http://www.youtube.com/v/'처럼 입력하면 됩니다.</p>
|
||||
</dd>
|
||||
<dt id="UMAN_config_embed_filter_object">object / embed</dt>
|
||||
<dd>
|
||||
<p><object>, <embed> 태그에 허용 할 URL을 지정할 수 있습니다.</p>
|
||||
<p>주로 domain을 포함한 URL을 지정하여 허용 URL을 지정할 수 있습니다.<br>예시 : 'http://www.youtube.com/v/...'와 같은 URL을 <object>, <embed>에 허용 하려면 'http://www.youtube.com/v/'처럼 입력하면 됩니다.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
</section>
|
||||
<section class="h3">
|
||||
<h1 id="UMAN_advanced">고급</h1>
|
||||
<dl>
|
||||
|
|
|
|||
|
|
@ -39,12 +39,12 @@ class DisplayHandler extends Handler
|
|||
// Extract contents to display by the request method
|
||||
if(Context::get('xeVirtualRequestMethod') == 'xml')
|
||||
{
|
||||
require_once("./classes/display/VirtualXMLDisplayHandler.php");
|
||||
require_once(_XE_PATH_ . "classes/display/VirtualXMLDisplayHandler.php");
|
||||
$handler = new VirtualXMLDisplayHandler();
|
||||
}
|
||||
else if(Context::getRequestMethod() == 'XMLRPC')
|
||||
{
|
||||
require_once("./classes/display/XMLDisplayHandler.php");
|
||||
require_once(_XE_PATH_ . "classes/display/XMLDisplayHandler.php");
|
||||
$handler = new XMLDisplayHandler();
|
||||
if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
|
||||
{
|
||||
|
|
@ -53,17 +53,17 @@ class DisplayHandler extends Handler
|
|||
}
|
||||
else if(Context::getRequestMethod() == 'JSON')
|
||||
{
|
||||
require_once("./classes/display/JSONDisplayHandler.php");
|
||||
require_once(_XE_PATH_ . "classes/display/JSONDisplayHandler.php");
|
||||
$handler = new JSONDisplayHandler();
|
||||
}
|
||||
else if(Context::getRequestMethod() == 'JS_CALLBACK')
|
||||
{
|
||||
require_once("./classes/display/JSCallbackDisplayHandler.php");
|
||||
require_once(_XE_PATH_ . "classes/display/JSCallbackDisplayHandler.php");
|
||||
$handler = new JSCallbackDisplayHandler();
|
||||
}
|
||||
else
|
||||
{
|
||||
require_once("./classes/display/HTMLDisplayHandler.php");
|
||||
require_once(_XE_PATH_ . "classes/display/HTMLDisplayHandler.php");
|
||||
$handler = new HTMLDisplayHandler();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ class FileHandler
|
|||
$file = sprintf('%s%s', str_replace(_XE_PATH_, '', $path), $file);
|
||||
}
|
||||
|
||||
$output[] = str_replace(DIRECTORY_SEPARATOR, '', $file);
|
||||
$output[] = str_replace(array('/\\', '//'), DIRECTORY_SEPARATOR, $file);
|
||||
}
|
||||
|
||||
return $output;
|
||||
|
|
|
|||
|
|
@ -590,37 +590,55 @@ class EmbedFilter
|
|||
|
||||
/**
|
||||
* Make white domain list cache file from xml config file.
|
||||
* @param $whitelist array
|
||||
* @return void
|
||||
*/
|
||||
function _makeWhiteDomainList()
|
||||
function _makeWhiteDomainList($whitelist = NULL)
|
||||
{
|
||||
$whiteUrlXmlFile = FileHandler::getRealPath($this->whiteUrlXmlFile);
|
||||
$whiteUrlCacheFile = FileHandler::getRealPath($this->whiteUrlCacheFile);
|
||||
|
||||
$isMake = false;
|
||||
$isMake = FALSE;
|
||||
if(!file_exists($whiteUrlCacheFile))
|
||||
{
|
||||
$isMake = true;
|
||||
$isMake = TRUE;
|
||||
}
|
||||
if(file_exists($whiteUrlCacheFile) && filemtime($whiteUrlCacheFile) < filemtime($whiteUrlXmlFile))
|
||||
{
|
||||
$isMake = true;
|
||||
$isMake = TRUE;
|
||||
}
|
||||
|
||||
if(gettype($whitelist) == 'array' && gettype($whitelist['object']) == 'array' && gettype($whitelist['iframe']) == 'array')
|
||||
{
|
||||
$isMake = FALSE;
|
||||
}
|
||||
|
||||
if(isset($whitelist) && gettype($whitelist) == 'object')
|
||||
{
|
||||
$isMake = TRUE;
|
||||
}
|
||||
|
||||
if($isMake)
|
||||
{
|
||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
||||
$whiteUrlList = array();
|
||||
$whiteIframeUrlList = array();
|
||||
|
||||
$xmlParser = new XmlParser();
|
||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
||||
|
||||
$buff = '<?php if(!defined("__XE__")) exit();';
|
||||
$buff .= '$whiteUrlList = array();';
|
||||
$buff .= '$whiteIframeUrlList = array();';
|
||||
if(is_array($embedDomainList))
|
||||
if(gettype($whitelist->object) == 'array' && gettype($whitelist->iframe) == 'array')
|
||||
{
|
||||
$whiteUrlList = $whitelist->object;
|
||||
$whiteIframeUrlList = $whitelist->iframe;
|
||||
}
|
||||
else
|
||||
{
|
||||
$xmlBuff = FileHandler::readFile($this->whiteUrlXmlFile);
|
||||
|
||||
$xmlParser = new XmlParser();
|
||||
$domainListObj = $xmlParser->parse($xmlBuff);
|
||||
$embedDomainList = $domainListObj->whiteurl->embed->domain;
|
||||
$iframeDomainList = $domainListObj->whiteurl->iframe->domain;
|
||||
if(!is_array($embedDomainList)) $embedDomainList = array();
|
||||
if(!is_array($iframeDomainList)) $iframeDomainList = array();
|
||||
|
||||
foreach($embedDomainList AS $key => $value)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
|
|
@ -628,16 +646,15 @@ class EmbedFilter
|
|||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$buff .= sprintf('$whiteUrlList[] = \'%s\';', $value->body);
|
||||
$whiteUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
$buff .= sprintf('$whiteUrlList[] = \'%s\';', $patternList->body);
|
||||
{
|
||||
$whiteUrlList[] = $patternList->body;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(is_array($iframeDomainList))
|
||||
{
|
||||
foreach($iframeDomainList AS $key => $value)
|
||||
{
|
||||
$patternList = $value->pattern;
|
||||
|
|
@ -645,20 +662,39 @@ class EmbedFilter
|
|||
{
|
||||
foreach($patternList AS $key => $value)
|
||||
{
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', $value->body);
|
||||
$whiteIframeUrlList[] = $value->body;
|
||||
}
|
||||
}
|
||||
else
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', $patternList->body);
|
||||
{
|
||||
$whiteIframeUrlList[] = $patternList->body;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(Context::getDefaultUrl())
|
||||
$db_info = Context::getDBInfo();
|
||||
|
||||
if($db_info->embed_white_object)
|
||||
{
|
||||
$buff .= sprintf('$whiteIframeUrlList[] = \'%s\';', Context::getDefaultUrl());
|
||||
$whiteUrlList = array_merge($whiteUrlList, $db_info->embed_white_object);
|
||||
}
|
||||
$buff .= '?>';
|
||||
FileHandler::writeFile($this->whiteUrlCacheFile, $buff);
|
||||
|
||||
if($db_info->embed_white_iframe)
|
||||
{
|
||||
$whiteIframeUrlList = array_merge($whiteIframeUrlList, $db_info->embed_white_iframe);
|
||||
}
|
||||
|
||||
$whiteUrlList = array_unique($whiteUrlList);
|
||||
$whiteIframeUrlList = array_unique($whiteIframeUrlList);
|
||||
asort($whiteUrlList);
|
||||
asort($whiteIframeUrlList);
|
||||
|
||||
$buff = array();
|
||||
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
||||
$buff[] = '$whiteUrlList = ' . var_export($whiteUrlList, TRUE) . ';';
|
||||
$buff[] = '$whiteIframeUrlList = ' . var_export($whiteIframeUrlList, TRUE) . ';';
|
||||
|
||||
FileHandler::writeFile($this->whiteUrlCacheFile, implode(PHP_EOL, $buff));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,22 +7,8 @@
|
|||
<pattern>http://event.dn.naver.com/sbsplayer/vmplayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="네이버 뮤직 서비스">
|
||||
<pattern>http://test-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://alpha-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://beta-player.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://musicplayer.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://player.music.naver.com/naverPlayer/posting/</pattern>
|
||||
<pattern>http://dev.player.music.naver.com/</pattern>
|
||||
<pattern>http://test.player.music.naver.com/</pattern>
|
||||
<pattern>http://qa.player.music.naver.com/</pattern>
|
||||
<pattern>http://staging.player.music.naver.com/</pattern>
|
||||
<pattern>http://alpha.player.music.naver.com/</pattern>
|
||||
<pattern>http://beta.player.music.naver.com/</pattern>
|
||||
<pattern>http://stage.player.music.naver.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="네이버 아이두게임">
|
||||
<pattern>http://dev-idogame.hangame.com/idogame/ClientBin/iDoGamePlayer.xap</pattern>
|
||||
<pattern>http://idogame.hangame.com/idogame/ClientBin/iDoGamePlayer.xap</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.daum.net" desc="다음">
|
||||
<pattern>http://flvs.daum.net/flvPlayer.swf</pattern>
|
||||
|
|
@ -55,101 +41,17 @@
|
|||
<pattern>http://play.tagstory.com/player/</pattern>
|
||||
<pattern>http://www.tagstory.com/player/basic/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.pullbbang.com" desc="풀빵닷컴">
|
||||
<pattern>http://play.pullbbang.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="미래에셋 미디어">
|
||||
<pattern>http://media.miraeasset.com/swf/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="서울시 인터넷방송">
|
||||
<pattern>http://tv.seoul.go.kr/common/player/posting/window_media_player.asp</pattern>
|
||||
<pattern>http://stream.seoul.go.kr</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="게임스팟 동영상">
|
||||
<pattern>mms://vod.gamespot.lgcdn.com/</pattern>
|
||||
<pattern>http://image.com/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="광고정보센터">
|
||||
<pattern>mms://media.adic.co.kr/</pattern>
|
||||
<pattern>http://static.adwaple.net/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="비법닷컴">
|
||||
<pattern>http://www.vipup.com/scrap/scrap.asp</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="영상 역사관">
|
||||
<pattern>mms://125.60.2.110/e_history/</pattern>
|
||||
<pattern>mms://218.38.152.33/e_history/</pattern>
|
||||
<pattern>http://125.60.2.110/e_history/</pattern>
|
||||
<pattern>http://218.38.152.33/e_history/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="중소기업청">
|
||||
<pattern>http://www.smba.go.kr/mov/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="트라트라고">
|
||||
<pattern>http://ucc.tlatlago.com/html/uccPlayer/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="싸이월드">
|
||||
<pattern>http://dbi.video.cyworld.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="이글루스 동영상">
|
||||
<pattern>http://v.egloos.com/v.sk/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="뮤직쉐이크">
|
||||
<pattern>http://www.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://eng.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://us.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
<pattern>http://ip.musicshake.com/musicshakePlayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="아프리카">
|
||||
<pattern>http://live.afreeca.com:8057/</pattern>
|
||||
<pattern>http://afbbs.afreeca.com:8080/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="플레이NC">
|
||||
<pattern>http://static.plaync.co.kr/plaza/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="XTM">
|
||||
<pattern>http://img.xtmtv.com/images/</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="아이서브">
|
||||
<pattern>http://tv.co.kr/pum/tvcell_basic.swf</pattern>
|
||||
<pattern>http://tv.co.kr/pum/tvcell_mini.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="UC씽">
|
||||
<pattern>http://ucsing.mnet.com/L_swf/ucsing_player.swf</pattern>
|
||||
<pattern>http://flvfile.mnet.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.snaps.co.kr" desc="SNAPS">
|
||||
<pattern>http://www.snaps.co.kr/swf/LinkedApp.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.nate.com" desc="네이트">
|
||||
<pattern>http://v.nate.com/v.sk/</pattern>
|
||||
<pattern>http://w.blogdoc.nate.com/</pattern>
|
||||
<pattern>http://blogdoc.nate.com/flash/blogdoc_widget_reco.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.paoin.com" desc="파오인 신문지면 뷰어">
|
||||
<pattern>http://www.paoin.com/Common/swf/ArticleViewer02.swf</pattern>
|
||||
<pattern>http://thumb.paoin.com/paoweb/common/flash/ArticleViewer02.swf</pattern>
|
||||
<pattern>http://thumb.paoin.com/paoweb/common/flash/ArticleShare.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.atzine.com" desc="엣진 서비스">
|
||||
<pattern>http://www.atzine.com/swf/TakeOutWrapper.swf?</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.ohmynews.com" desc="오마이뉴스">
|
||||
<pattern>http://www.ohmynews.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.jjanglive.com" desc="짱라이브 위젯">
|
||||
<pattern>http://www.jjanglive.com/flash/webClient.swf</pattern>
|
||||
<pattern>http://www.jjanglive.com/flash/AdShowClient.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.pmang.com" desc="피망">
|
||||
<pattern>http://file.pmang.com/images/pmang/fifaonline/season2/img/squad/squadmaker_ot.swf</pattern>
|
||||
<pattern>http://fifaonline.pmang.com/squad/t.nwz</pattern>
|
||||
<pattern>http://file.pmang.com/images/pmang/gamepub/player/pm_player.swf</pattern>
|
||||
<pattern>http://www.pmang.com/gamepub/media/player.nwz</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.ccmpia.com" desc="CCMPIA">
|
||||
<pattern>http://www.ccmpia.com/scripts/bgm2.php</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.kbs.co.kr" desc="KBS">
|
||||
<pattern>http://www.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
<pattern>http://vmark.kbs.co.kr/zzim/vmplayer/vmplayer.xap</pattern>
|
||||
|
|
@ -163,35 +65,6 @@
|
|||
<domain name="http://www.imbc.com" desc="MBC">
|
||||
<pattern>http://onemore.imbc.com/ClientBin/oneplus.xap</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.xtmtv.com" desc="XTM">
|
||||
<pattern>http://www.xtmtv.com/xtmPlayer/javascript/XTM_Scrap_Player.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.chtvn.com" desc="TVN">
|
||||
<pattern>http://player.chtvn.com/tvN_Scrap_Player.swf?</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.detailview.co.kr" desc="디테일뷰">
|
||||
<pattern>http://storage.detailview.co.kr/</pattern>
|
||||
<pattern>http://beta.detailview.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.brightcove.com" desc="Brightcove">
|
||||
<pattern>http://c.brightcove.com/services/viewer</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.hyundai-kiamotors.com" desc="현대기아자동차">
|
||||
<pattern>http://vod.hyundai-kiamotors.com/Flash/PlayerTest/WebPlayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.techdays.co.kr" desc="techdays">
|
||||
<pattern>http://www.techdays.co.kr/2010spring/remix10/ClientBin/MediaPlayerTemplate.xap</pattern>
|
||||
<pattern>http://www.microsoft.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.wowplan.co.kr" desc="와우플랜">
|
||||
<pattern>http://www.wowplan.co.kr/schedule/bin-debug/scheduleBlogPost.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.allblet.net" desc="allblet.net">
|
||||
<pattern>http://showman.allblet.net/abp.swf</pattern>
|
||||
</domain>
|
||||
<domain name="http://dotsub.com" desc="dotsub.com">
|
||||
<pattern>http://dotsub.com/static/players/portalplayer.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" isNAVER="true" desc="socialsearch">
|
||||
<pattern>http://static.campaign.naver.com/0/campaign/2010/10/socialsearch/swf/</pattern>
|
||||
</domain>
|
||||
|
|
@ -203,8 +76,8 @@
|
|||
<pattern>http://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>https://www.youtube-nocookie.com/</pattern>
|
||||
<pattern>//www.youtube.com/v/</pattern>
|
||||
<pattern>//www.youtube-nocookie.com/</pattern>
|
||||
<pattern>//www.youtube.com/embed/</pattern>
|
||||
<pattern>//www.youtube-nocookie.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://maps.google.com" desc="구글맵스" mobile="true">
|
||||
<pattern>http://maps.google.com/</pattern>
|
||||
|
|
@ -213,25 +86,9 @@
|
|||
<domain name="http://flvs.daum.net" desc="다음 TV 팟 동영상" mobile="false">
|
||||
<pattern>http://flvs.daum.net/</pattern>
|
||||
</domain>
|
||||
<domain name="http://play.pullbbang.com" desc="풀빵 동영상" mobile="false">
|
||||
<pattern>http://play.pullbbang.com/#.swf</pattern>
|
||||
</domain>
|
||||
<domain name="" desc="게임스팟 동영상">
|
||||
<pattern>http://www.gamespot.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.sbs.co.kr" desc="SBS">
|
||||
<pattern>http://sbsplayer.sbs.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.techdays.co.kr" desc="techdays">
|
||||
<pattern>http://www.techdays.co.kr/2010spring/remix10/ClientBin/MediaPlayerTemplate.xap</pattern>
|
||||
<pattern>http://www.microsoft.com</pattern>
|
||||
</domain>
|
||||
<domain name="http://dotsub.com" desc="dotsub.com">
|
||||
<pattern>http://dotsub.com/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.travelro.co.kr" desc="트래블로">
|
||||
<pattern>http://www.travelro.co.kr/</pattern>
|
||||
</domain>
|
||||
<domain name="http://www.vimeo.com" desc="vimeo.com">
|
||||
<pattern>http://player.vimeo.com/</pattern>
|
||||
</domain>
|
||||
|
|
|
|||
|
|
@ -490,7 +490,7 @@ class adminAdminController extends admin
|
|||
$db_info->use_sitelock = ($vars->use_sitelock) ? $vars->use_sitelock : 'N';
|
||||
$db_info->sitelock_title = $vars->sitelock_title;
|
||||
$db_info->sitelock_message = $vars->sitelock_message;
|
||||
|
||||
|
||||
$whitelist = $vars->sitelock_whitelist;
|
||||
$whitelist = preg_replace("/[\r|\n|\r\n]+/",",",$whitelist);
|
||||
$whitelist = preg_replace("/\s+/","",$whitelist);
|
||||
|
|
@ -505,16 +505,15 @@ class adminAdminController extends admin
|
|||
if(!IpFilter::validate($whitelist)) {
|
||||
return new Object(-1, 'msg_invalid_ip');
|
||||
}
|
||||
|
||||
|
||||
$db_info->sitelock_whitelist = $whitelist;
|
||||
|
||||
|
||||
$oInstallController = getController('install');
|
||||
if(!$oInstallController->makeConfigFile())
|
||||
{
|
||||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
|
||||
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
|
|
@ -522,12 +521,50 @@ class adminAdminController extends admin
|
|||
header('location:' . $returnUrl);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
function procAdminUpdateEmbedWhitelist()
|
||||
{
|
||||
$vars = Context::getRequestVars();
|
||||
|
||||
$db_info = Context::getDbInfo();
|
||||
|
||||
$white_object = $vars->embed_white_object;
|
||||
$white_object = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_object);
|
||||
$white_object = preg_replace("/[\s\'\"]+/", '', $white_object);
|
||||
$white_object = explode('|@|', $white_object);
|
||||
$white_object = array_unique($white_object);
|
||||
|
||||
$white_iframe = $vars->embed_white_iframe;
|
||||
$white_iframe = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_iframe);
|
||||
$white_iframe = preg_replace("/[\s\'\"]+/", '', $white_iframe);
|
||||
$white_iframe = explode('|@|', $white_iframe);
|
||||
$white_iframe = array_unique($white_iframe);
|
||||
|
||||
$whitelist = new stdClass;
|
||||
$whitelist->object = $white_object;
|
||||
$whitelist->iframe = $white_iframe;
|
||||
|
||||
$db_info->embed_white_object = $white_object;
|
||||
$db_info->embed_white_iframe = $white_iframe;
|
||||
|
||||
$oInstallController = getController('install');
|
||||
if(!$oInstallController->makeConfigFile())
|
||||
{
|
||||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
|
||||
$oEmbedFilter = EmbedFilter::getInstance();
|
||||
$oEmbedFilter->_makeWhiteDomainList($whitelist);
|
||||
|
||||
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
if(!$returnUrl) $returnUrl = getNotEncodedUrl('', 'act', 'dispAdminConfigGeneral');
|
||||
header('location:' . $returnUrl);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -446,6 +446,11 @@ class adminAdminView extends admin
|
|||
Context::set('siteTitle', $config->siteTitle);
|
||||
Context::set('htmlFooter', $config->htmlFooter);
|
||||
|
||||
// embed filter
|
||||
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
|
||||
$oEmbedFilter = EmbedFilter::getInstance();
|
||||
context::set('embed_white_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
|
||||
context::set('embed_white_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));
|
||||
|
||||
$columnList = array('modules.mid', 'modules.browser_title', 'sites.index_module_srl');
|
||||
$start_module = $oModuleModel->getSiteInfo(0, $columnList);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
<action name="procAdminDeleteLogo" type="controller" />
|
||||
<action name="procAdminMenuReset" type="controller" />
|
||||
<action name="procAdminUpdateSitelock" type="controller" />
|
||||
<action name="procAdminUpdateEmbedWhitelist" type="controller" />
|
||||
|
||||
<action name="getAdminFTPList" type="model" />
|
||||
<action name="getAdminFTPPath" type="model" />
|
||||
|
|
|
|||
|
|
@ -131,6 +131,38 @@
|
|||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
|
||||
<section class="section">
|
||||
<h1>embed Filter {$lang->subtitle_embed_whitelist} <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter" target="_blank">{$lang->help}</a></h1>
|
||||
<form action="./" method="post" class="x_form-horizontal">
|
||||
<input type="hidden" name="module" value="admin" />
|
||||
<input type="hidden" name="act" value="procAdminUpdateEmbedWhitelist" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_general/1" />
|
||||
|
||||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="embed_white_iframe">iFrame <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter_iframe" target="_blank">{$lang->help}</a></label>
|
||||
<div class="x_controls" style="margin-right:14px">
|
||||
<textarea name="embed_white_iframe" id="embed_white_iframe" rows="4" style="width:100%;">{$embed_white_iframe}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="embed_white_object">object/embed</label>
|
||||
<div class="x_controls" style="margin-right:14px">
|
||||
<textarea name="embed_white_object" id="embed_white_object" rows="4" cols="42" style="width:100%;">{$embed_white_object}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="x_clearfix btnArea">
|
||||
<div class="x_pull-right">
|
||||
<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</section>
|
||||
|
||||
|
||||
<section class="section collapsed">
|
||||
<h1>{$lang->subtitle_advanced}</h1>
|
||||
<form action="./" method="post" enctype="multipart/form-data" class="x_form-horizontal">
|
||||
|
|
|
|||
|
|
@ -96,6 +96,13 @@ class boardController extends board
|
|||
$obj->title_color = $oDocument->get('title_color');
|
||||
$obj->title_bold = $oDocument->get('title_bold');
|
||||
}
|
||||
|
||||
// modify list_order if document status is temp
|
||||
if($oDocument->get('status') == 'TEMP')
|
||||
{
|
||||
$obj->last_update = $obj->regdate = date('YmdHis');
|
||||
$obj->update_order = $obj->list_order = (getNextSequence() * -1);
|
||||
}
|
||||
|
||||
$output = $oDocumentController->updateDocument($oDocument, $obj);
|
||||
$msg_code = 'success_updated';
|
||||
|
|
|
|||
|
|
@ -523,71 +523,24 @@ class installController extends install
|
|||
return new Object();
|
||||
}
|
||||
|
||||
function _getDbConnText($key, $val, $with_array = false)
|
||||
{
|
||||
$buff = array("\$db_info->$key = ");
|
||||
if($with_array) $buff[] = "array(";
|
||||
else $val = array($val);
|
||||
|
||||
foreach($val as $con_string)
|
||||
{
|
||||
$buff[] = 'array(';
|
||||
foreach($con_string as $k => $v)
|
||||
{
|
||||
if($k == 'resource' || $k == 'is_connected') continue;
|
||||
if($k == 'db_table_prefix' && !empty($v) && substr($v,-1)!='_') $v .= '_';
|
||||
$buff[] = "'$k' => '$v',";
|
||||
}
|
||||
$buff[] = ($with_array) ? '),' : ')';
|
||||
}
|
||||
|
||||
if($with_array) $buff[] = ')';
|
||||
|
||||
return join(PHP_EOL, $buff) . ';' . PHP_EOL;
|
||||
}
|
||||
|
||||
function _getDBConfigFileContents($db_info)
|
||||
{
|
||||
if(substr($db_info->master_db['db_table_prefix'], -1) != '_')
|
||||
{
|
||||
$db_info->master_db['db_table_prefix'] .= '_';
|
||||
}
|
||||
|
||||
foreach($db_info->slave_db as &$slave)
|
||||
{
|
||||
if(substr($slave['db_table_prefix'], -1) != '_')
|
||||
{
|
||||
$slave['db_table_prefix'] .= '_';
|
||||
}
|
||||
}
|
||||
|
||||
$buff = array();
|
||||
$buff[] = '<?php if(!defined("__XE__")) exit();';
|
||||
$buff[] = '$db_info = new stdClass;';
|
||||
|
||||
$db_info = get_object_vars($db_info);
|
||||
foreach($db_info as $key => $val)
|
||||
{
|
||||
if($key == 'master_db')
|
||||
{
|
||||
$tmpValue = $this->_getDbConnText($key, $val);
|
||||
}
|
||||
else if($key == 'slave_db')
|
||||
{
|
||||
$tmpValue = $this->_getDbConnText($key, $val, true);
|
||||
}
|
||||
else if($key == 'sitelock_whitelist' || $key == 'admin_ip_list')
|
||||
{
|
||||
if(!is_array($val))
|
||||
continue;
|
||||
$tmpValue = sprintf('$db_info->%s = array(\'%s\');' . PHP_EOL, $key, implode('\', \'', $val));
|
||||
}
|
||||
else
|
||||
{
|
||||
if($key == 'default_url')
|
||||
{
|
||||
$tmpValue = sprintf("\$db_info->%s = '%s';" . PHP_EOL, $key, addslashes($val));
|
||||
}
|
||||
else
|
||||
{
|
||||
$tmpValue = sprintf("\$db_info->%s = '%s';" . PHP_EOL, $key, str_replace("'","\\'",$val));
|
||||
}
|
||||
}
|
||||
|
||||
if(preg_match('/(<\?|<\?php|\?>|fputs|fopen|fwrite|fgets|fread|\/\*|\*\/|chr\()/xsm', preg_replace('/\s/', '', $tmpValue)))
|
||||
{
|
||||
throw new Exception('msg_invalid_request');
|
||||
}
|
||||
|
||||
$buff[] = $tmpValue;
|
||||
}
|
||||
$buff[] = '$db_info = (object)' . var_export(get_object_vars($db_info), TRUE) . ';';
|
||||
|
||||
return implode(PHP_EOL, $buff);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -145,8 +145,8 @@
|
|||
<label class="x_control-label" for="{$menu_name}">{$menu_info->title}({$menu_name})</label>
|
||||
<div class="x_controls">
|
||||
<select name="{$menu_name}" id="{$menu_name}">
|
||||
<option value="0">{$lang->cmd_select}</option>
|
||||
<option selected="selected"|cond="!$menu_info->menu_srl||$menu_info->menu_srl == -1" value="-1">{$lang->sitemap_with_homemenu}</option>
|
||||
<option value="0" selected="selected"|cond="!$menu_info->menu_srl">{$lang->cmd_select}</option>
|
||||
<option selected="selected"|cond="$menu_info->menu_srl == -1" value="-1">{$lang->sitemap_with_homemenu}</option>
|
||||
<option loop="$menu_list => $key, $val" value="{$val->menu_srl}" selected="selected"|cond="$val->menu_srl == $menu_info->menu_srl">{$val->title}</option>
|
||||
</select>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -1,39 +1,42 @@
|
|||
<query id="getMemberListWithinGroup" action="select">
|
||||
<tables>
|
||||
<table name="member" alias="member" />
|
||||
<table name="member_group_member" alias="member_group" />
|
||||
</tables>
|
||||
<columns />
|
||||
<conditions>
|
||||
<condition operation="in" column="member_group.group_srl" var="selected_group_srl" notnull="notnull" />
|
||||
<condition operation="equal" column="member.member_srl" var="member_group.member_srl" pipe="and" notnull="notnull" />
|
||||
<group pipe="and">
|
||||
<condition operation="equal" column="member.is_admin" var="is_admin" />
|
||||
<condition operation="equal" column="member.denied" var="is_denied" pipe="and" />
|
||||
<tables>
|
||||
<table name="member" alias="member" />
|
||||
<table name="member_group_member" alias="member_group" />
|
||||
</tables>
|
||||
<columns>
|
||||
<column name="member_group.*" />
|
||||
<column name="member.*" />
|
||||
</columns>
|
||||
<conditions>
|
||||
<condition operation="in" column="member_group.group_srl" var="selected_group_srl" notnull="notnull" />
|
||||
<condition operation="equal" column="member.member_srl" var="member_group.member_srl" pipe="and" notnull="notnull" />
|
||||
<group pipe="and">
|
||||
<condition operation="equal" column="member.is_admin" var="is_admin" />
|
||||
<condition operation="equal" column="member.denied" var="is_denied" pipe="and" />
|
||||
<condition operation="in" column="member.member_srl" var="member_srls" pipe="and" />
|
||||
</group>
|
||||
<group pipe="and">
|
||||
<condition operation="like" column="member.user_id" var="s_user_id" />
|
||||
<condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
|
||||
<condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
|
||||
<condition operation="like" column="member.nick_name" var="html_nick_name" pipe="or" />
|
||||
<condition operation="like" column="member.email_address" var="s_email_address" pipe="or" />
|
||||
<condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
|
||||
<condition operation="like_prefix" column="member.regdate" var="s_regdate" pipe="or" />
|
||||
<condition operation="like_prefix" column="member.last_login" var="s_last_login" pipe="or" />
|
||||
<condition operation="more" column="member.regdate" var="s_regdate_more" pipe="or" />
|
||||
<condition operation="less" column="member.regdate" var="s_regdate_less" pipe="or" />
|
||||
<condition operation="more" column="member.last_login" var="s_last_login_more" pipe="or" />
|
||||
<condition operation="less" column="member.last_login" var="s_last_login_less" pipe="or" />
|
||||
</group>
|
||||
</conditions>
|
||||
</group>
|
||||
<group pipe="and">
|
||||
<condition operation="like" column="member.user_id" var="s_user_id" />
|
||||
<condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
|
||||
<condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
|
||||
<condition operation="like" column="member.nick_name" var="html_nick_name" pipe="or" />
|
||||
<condition operation="like" column="member.email_address" var="s_email_address" pipe="or" />
|
||||
<condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
|
||||
<condition operation="like_prefix" column="member.regdate" var="s_regdate" pipe="or" />
|
||||
<condition operation="like_prefix" column="member.last_login" var="s_last_login" pipe="or" />
|
||||
<condition operation="more" column="member.regdate" var="s_regdate_more" pipe="or" />
|
||||
<condition operation="less" column="member.regdate" var="s_regdate_less" pipe="or" />
|
||||
<condition operation="more" column="member.last_login" var="s_last_login_more" pipe="or" />
|
||||
<condition operation="less" column="member.last_login" var="s_last_login_less" pipe="or" />
|
||||
</group>
|
||||
</conditions>
|
||||
<groups>
|
||||
<group column="member.member_srl" />
|
||||
</groups>
|
||||
<navigation>
|
||||
<index var="sort_index" default="member.list_order" order="sort_order" />
|
||||
<list_count var="list_count" default="20" />
|
||||
<page_count var="page_count" default="10" />
|
||||
<page var="page" default="1" />
|
||||
</navigation>
|
||||
<navigation>
|
||||
<index var="sort_index" default="member.list_order" order="sort_order" />
|
||||
<list_count var="list_count" default="20" />
|
||||
<page_count var="page_count" default="10" />
|
||||
<page var="page" default="1" />
|
||||
</navigation>
|
||||
</query>
|
||||
|
|
|
|||
|
|
@ -580,6 +580,8 @@ class moduleModel extends module
|
|||
{
|
||||
$args = new stdClass();
|
||||
$output = executeQueryArray('module.getActionForward',$args);
|
||||
if(!$output->toBool()) return new stdClass;
|
||||
if(!$output->data) $output->data = array();
|
||||
|
||||
$action_forward = array();
|
||||
foreach($output->data as $item)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
<p id="aboutPage" class="x_alert x_alert-info" cond="!$module_info->mid" hidden>{nl2br($lang->about_page)}</p>
|
||||
<ul class="x_nav x_nav-tabs" cond="$act != 'dispPageAdminDelete' && $module_info">
|
||||
<li cond="$module=='admin'" class="x_active"|cond="$act=='dispPageAdminContent'"><a href="{getUrl('act','dispPageAdminContent','module_srl','')}">{$lang->cmd_list}</a></li>
|
||||
<li cond="$module!='admin'"><a href="{getUrl('act','')}">{$lang->cmd_back}</a></li>
|
||||
<li cond="$module!='admin'"><a href="{getUrl('act','','module_srl','')}">{$lang->cmd_back}</a></li>
|
||||
<block cond="$module_srl">
|
||||
<li class="x_active"|cond="$act=='dispPageAdminInfo'"><a href="{getUrl('act','dispPageAdminInfo')}">{$lang->module_info}</a></li>
|
||||
<li class="x_active"|cond="$act=='dispPageAdminPageAdditionSetup'"><a href="{getUrl('act','dispPageAdminPageAdditionSetup')}">{$lang->cmd_addition_setup}</a></li>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue