fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'remotes/upstream/develop' into develop

Browse source
This commit is contained in:
canto87-mac 2014-01-25 00:24:02 +09:00
commit 8e0f63af3d
15 changed files with 231 additions and 281 deletions
Download patch file Download diff file Expand all files Collapse all files

55
modules/admin/admin.admin.controller.php
View file

@ -490,7 +490,7 @@ class adminAdminController extends admin
$db_info->use_sitelock = ($vars->use_sitelock) ? $vars->use_sitelock : 'N';
$db_info->sitelock_title = $vars->sitelock_title;
$db_info->sitelock_message = $vars->sitelock_message;
$whitelist = $vars->sitelock_whitelist;
$whitelist = preg_replace("/[\r|\n|\r\n]+/",",",$whitelist);
$whitelist = preg_replace("/\s+/","",$whitelist);
@ -505,16 +505,15 @@ class adminAdminController extends admin
if(!IpFilter::validate($whitelist)) {
return new Object(-1, 'msg_invalid_ip');
}
$db_info->sitelock_whitelist = $whitelist;
$oInstallController = getController('install');
if(!$oInstallController->makeConfigFile())
{
return new Object(-1, 'msg_invalid_request');
}
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
{
$returnUrl = Context::get('success_return_url');
@ -522,12 +521,50 @@ class adminAdminController extends admin
header('location:' . $returnUrl);
return;
}
}
function procAdminUpdateEmbedWhitelist()
{
$vars = Context::getRequestVars();
$db_info = Context::getDbInfo();
$white_object = $vars->embed_white_object;
$white_object = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_object);
$white_object = preg_replace("/[\s\'\"]+/", '', $white_object);
$white_object = explode('|@|', $white_object);
$white_object = array_unique($white_object);
$white_iframe = $vars->embed_white_iframe;
$white_iframe = preg_replace("/[\r\n|\r|\n]+/", '|@|', $white_iframe);
$white_iframe = preg_replace("/[\s\'\"]+/", '', $white_iframe);
$white_iframe = explode('|@|', $white_iframe);
$white_iframe = array_unique($white_iframe);
$whitelist = new stdClass;
$whitelist->object = $white_object;
$whitelist->iframe = $white_iframe;
$db_info->embed_white_object = $white_object;
$db_info->embed_white_iframe = $white_iframe;
$oInstallController = getController('install');
if(!$oInstallController->makeConfigFile())
{
return new Object(-1, 'msg_invalid_request');
}
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
$oEmbedFilter = EmbedFilter::getInstance();
$oEmbedFilter->_makeWhiteDomainList($whitelist);
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
{
$returnUrl = Context::get('success_return_url');
if(!$returnUrl) $returnUrl = getNotEncodedUrl('', 'act', 'dispAdminConfigGeneral');
header('location:' . $returnUrl);
return;
}
}
}

5
modules/admin/admin.admin.view.php
View file

@ -446,6 +446,11 @@ class adminAdminView extends admin
Context::set('siteTitle', $config->siteTitle);
Context::set('htmlFooter', $config->htmlFooter);
// embed filter
require_once(_XE_PATH_ . 'classes/security/EmbedFilter.class.php');
$oEmbedFilter = EmbedFilter::getInstance();
context::set('embed_white_object', implode(PHP_EOL, $oEmbedFilter->whiteUrlList));
context::set('embed_white_iframe', implode(PHP_EOL, $oEmbedFilter->whiteIframeUrlList));
$columnList = array('modules.mid', 'modules.browser_title', 'sites.index_module_srl');
$start_module = $oModuleModel->getSiteInfo(0, $columnList);

1
modules/admin/conf/module.xml
View file

@ -19,6 +19,7 @@
<action name="procAdminDeleteLogo" type="controller" />
<action name="procAdminMenuReset" type="controller" />
<action name="procAdminUpdateSitelock" type="controller" />
<action name="procAdminUpdateEmbedWhitelist" type="controller" />
<action name="getAdminFTPList" type="model" />
<action name="getAdminFTPPath" type="model" />

32
modules/admin/tpl/config_general.html
View file

@ -131,6 +131,38 @@
</div>
</div>
</section>
<section class="section">
<h1>embed Filter {$lang->subtitle_embed_whitelist} <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter" target="_blank">{$lang->help}</a></h1>
<form action="./" method="post" class="x_form-horizontal">
<input type="hidden" name="module" value="admin" />
<input type="hidden" name="act" value="procAdminUpdateEmbedWhitelist" />
<input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_general/1" />
<div class="x_control-group">
<label class="x_control-label" for="embed_white_iframe">iFrame <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_embed_filter_iframe" target="_blank">{$lang->help}</a></label>
<div class="x_controls" style="margin-right:14px">
<textarea name="embed_white_iframe" id="embed_white_iframe" rows="4" style="width:100%;">{$embed_white_iframe}</textarea>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label" for="embed_white_object">object/embed</label>
<div class="x_controls" style="margin-right:14px">
<textarea name="embed_white_object" id="embed_white_object" rows="4" cols="42" style="width:100%;">{$embed_white_object}</textarea>
</div>
</div>
<div class="x_clearfix btnArea">
<div class="x_pull-right">
<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>
</div>
</div>
</form>
</section>
<section class="section collapsed">
<h1>{$lang->subtitle_advanced}</h1>
<form action="./" method="post" enctype="multipart/form-data" class="x_form-horizontal">

7
modules/board/board.controller.php
View file

@ -96,6 +96,13 @@ class boardController extends board
$obj->title_color = $oDocument->get('title_color');
$obj->title_bold = $oDocument->get('title_bold');
}
// modify list_order if document status is temp
if($oDocument->get('status') == 'TEMP')
{
$obj->last_update = $obj->regdate = date('YmdHis');
$obj->update_order = $obj->list_order = (getNextSequence() * -1);
}
$output = $oDocumentController->updateDocument($oDocument, $obj);
$msg_code = 'success_updated';

75
modules/install/install.controller.php
View file

@ -523,71 +523,24 @@ class installController extends install
return new Object();
}
function _getDbConnText($key, $val, $with_array = false)
{
$buff = array("\$db_info->$key = ");
if($with_array) $buff[] = "array(";
else $val = array($val);
foreach($val as $con_string)
{
$buff[] = 'array(';
foreach($con_string as $k => $v)
{
if($k == 'resource' || $k == 'is_connected') continue;
if($k == 'db_table_prefix' && !empty($v) && substr($v,-1)!='_') $v .= '_';
$buff[] = "'$k' => '$v',";
}
$buff[] = ($with_array) ? '),' : ')';
}
if($with_array) $buff[] = ')';
return join(PHP_EOL, $buff) . ';' . PHP_EOL;
}
function _getDBConfigFileContents($db_info)
{
if(substr($db_info->master_db['db_table_prefix'], -1) != '_')
{
$db_info->master_db['db_table_prefix'] .= '_';
}
foreach($db_info->slave_db as &$slave)
{
if(substr($slave['db_table_prefix'], -1) != '_')
{
$slave['db_table_prefix'] .= '_';
}
}
$buff = array();
$buff[] = '<?php if(!defined("__XE__")) exit();';
$buff[] = '$db_info = new stdClass;';
$db_info = get_object_vars($db_info);
foreach($db_info as $key => $val)
{
if($key == 'master_db')
{
$tmpValue = $this->_getDbConnText($key, $val);
}
else if($key == 'slave_db')
{
$tmpValue = $this->_getDbConnText($key, $val, true);
}
else if($key == 'sitelock_whitelist' || $key == 'admin_ip_list')
{
if(!is_array($val))
continue;
$tmpValue = sprintf('$db_info->%s = array(\'%s\');' . PHP_EOL, $key, implode('\', \'', $val));
}
else
{
if($key == 'default_url')
{
$tmpValue = sprintf("\$db_info->%s = '%s';" . PHP_EOL, $key, addslashes($val));
}
else
{
$tmpValue = sprintf("\$db_info->%s = '%s';" . PHP_EOL, $key, str_replace("'","\\'",$val));
}
}
if(preg_match('/(<\?|<\?php|\?>|fputs|fopen|fwrite|fgets|fread|\/\*|\*\/|chr\()/xsm', preg_replace('/\s/', '', $tmpValue)))
{
throw new Exception('msg_invalid_request');
}
$buff[] = $tmpValue;
}
$buff[] = '$db_info = (object)' . var_export(get_object_vars($db_info), TRUE) . ';';
return implode(PHP_EOL, $buff);
}

4
modules/layout/tpl/layout_info_view.html
View file

@ -145,8 +145,8 @@
<label class="x_control-label" for="{$menu_name}">{$menu_info->title}({$menu_name})</label>
<div class="x_controls">
<select name="{$menu_name}" id="{$menu_name}">
<option value="0">{$lang->cmd_select}</option>
<option selected="selected"|cond="!$menu_info->menu_srl||$menu_info->menu_srl == -1" value="-1">{$lang->sitemap_with_homemenu}</option>
<option value="0" selected="selected"|cond="!$menu_info->menu_srl">{$lang->cmd_select}</option>
<option selected="selected"|cond="$menu_info->menu_srl == -1" value="-1">{$lang->sitemap_with_homemenu}</option>
<option loop="$menu_list => $key, $val" value="{$val->menu_srl}" selected="selected"|cond="$val->menu_srl == $menu_info->menu_srl">{$val->title}</option>
</select>
</div>

69
modules/member/queries/getMemberListWithinGroup.xml
View file

@ -1,39 +1,42 @@
<query id="getMemberListWithinGroup" action="select">
<tables>
<table name="member" alias="member" />
<table name="member_group_member" alias="member_group" />
</tables>
<columns />
<conditions>
<condition operation="in" column="member_group.group_srl" var="selected_group_srl" notnull="notnull" />
<condition operation="equal" column="member.member_srl" var="member_group.member_srl" pipe="and" notnull="notnull" />
<group pipe="and">
<condition operation="equal" column="member.is_admin" var="is_admin" />
<condition operation="equal" column="member.denied" var="is_denied" pipe="and" />
<tables>
<table name="member" alias="member" />
<table name="member_group_member" alias="member_group" />
</tables>
<columns>
<column name="member_group.*" />
<column name="member.*" />
</columns>
<conditions>
<condition operation="in" column="member_group.group_srl" var="selected_group_srl" notnull="notnull" />
<condition operation="equal" column="member.member_srl" var="member_group.member_srl" pipe="and" notnull="notnull" />
<group pipe="and">
<condition operation="equal" column="member.is_admin" var="is_admin" />
<condition operation="equal" column="member.denied" var="is_denied" pipe="and" />
<condition operation="in" column="member.member_srl" var="member_srls" pipe="and" />
</group>
<group pipe="and">
<condition operation="like" column="member.user_id" var="s_user_id" />
<condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="member.nick_name" var="html_nick_name" pipe="or" />
<condition operation="like" column="member.email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
<condition operation="like_prefix" column="member.regdate" var="s_regdate" pipe="or" />
<condition operation="like_prefix" column="member.last_login" var="s_last_login" pipe="or" />
<condition operation="more" column="member.regdate" var="s_regdate_more" pipe="or" />
<condition operation="less" column="member.regdate" var="s_regdate_less" pipe="or" />
<condition operation="more" column="member.last_login" var="s_last_login_more" pipe="or" />
<condition operation="less" column="member.last_login" var="s_last_login_less" pipe="or" />
</group>
</conditions>
</group>
<group pipe="and">
<condition operation="like" column="member.user_id" var="s_user_id" />
<condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
<condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
<condition operation="like" column="member.nick_name" var="html_nick_name" pipe="or" />
<condition operation="like" column="member.email_address" var="s_email_address" pipe="or" />
<condition operation="like" column="extra_vars" var="s_extra_vars" pipe="or" />
<condition operation="like_prefix" column="member.regdate" var="s_regdate" pipe="or" />
<condition operation="like_prefix" column="member.last_login" var="s_last_login" pipe="or" />
<condition operation="more" column="member.regdate" var="s_regdate_more" pipe="or" />
<condition operation="less" column="member.regdate" var="s_regdate_less" pipe="or" />
<condition operation="more" column="member.last_login" var="s_last_login_more" pipe="or" />
<condition operation="less" column="member.last_login" var="s_last_login_less" pipe="or" />
</group>
</conditions>
<groups>
<group column="member.member_srl" />
</groups>
<navigation>
<index var="sort_index" default="member.list_order" order="sort_order" />
<list_count var="list_count" default="20" />
<page_count var="page_count" default="10" />
<page var="page" default="1" />
</navigation>
<navigation>
<index var="sort_index" default="member.list_order" order="sort_order" />
<list_count var="list_count" default="20" />
<page_count var="page_count" default="10" />
<page var="page" default="1" />
</navigation>
</query>

2
modules/module/module.model.php
View file

@ -580,6 +580,8 @@ class moduleModel extends module
{
$args = new stdClass();
$output = executeQueryArray('module.getActionForward',$args);
if(!$output->toBool()) return new stdClass;
if(!$output->data) $output->data = array();
$action_forward = array();
foreach($output->data as $item)

2
modules/page/tpl/header.html
View file

@ -11,7 +11,7 @@
<p id="aboutPage" class="x_alert x_alert-info" cond="!$module_info->mid" hidden>{nl2br($lang->about_page)}</p>
<ul class="x_nav x_nav-tabs" cond="$act != 'dispPageAdminDelete' && $module_info">
<li cond="$module=='admin'" class="x_active"|cond="$act=='dispPageAdminContent'"><a href="{getUrl('act','dispPageAdminContent','module_srl','')}">{$lang->cmd_list}</a></li>
<li cond="$module!='admin'"><a href="{getUrl('act','')}">{$lang->cmd_back}</a></li>
<li cond="$module!='admin'"><a href="{getUrl('act','','module_srl','')}">{$lang->cmd_back}</a></li>
<block cond="$module_srl">
<li class="x_active"|cond="$act=='dispPageAdminInfo'"><a href="{getUrl('act','dispPageAdminInfo')}">{$lang->module_info}</a></li>
<li class="x_active"|cond="$act=='dispPageAdminPageAdditionSetup'"><a href="{getUrl('act','dispPageAdminPageAdditionSetup')}">{$lang->cmd_addition_setup}</a></li>