From 6bc8376435a586e72837ef9f05dc2be71e1017af Mon Sep 17 00:00:00 2001 From: conory Date: Tue, 12 Dec 2017 13:10:15 +0900 Subject: [PATCH 1/5] =?UTF-8?q?isAccessible()=20=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/comment/comment.item.php | 129 +++++++++++++++------------- modules/document/document.class.php | 3 +- 2 files changed, 70 insertions(+), 62 deletions(-) diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php index 36cb26e38..808f42e4b 100644 --- a/modules/comment/comment.item.php +++ b/modules/comment/comment.item.php @@ -17,7 +17,11 @@ class commentItem extends BaseObject * @var int */ var $comment_srl = 0; - + /** + * grant + * @var bool + */ + var $grant_cache = null; /** * Get the column list int the table * @var array @@ -88,52 +92,85 @@ class commentItem extends BaseObject function isExists() { - return $this->comment_srl ? TRUE : FALSE; + return (bool) $this->comment_srl; } - + function isGranted() { - if($_SESSION['granted_comment'][$this->comment_srl]) + if ($_SESSION['granted_comment'][$this->comment_srl]) { - return TRUE; + return $this->grant_cache = true; } - - if(!Context::get('is_logged')) + + if ($this->grant_cache !== null) { - return FALSE; + return $this->grant_cache; } - + $logged_info = Context::get('logged_info'); - if($logged_info->is_admin == 'Y') + if (!$logged_info->member_srl) { - return TRUE; + return $this->grant_cache = false; } - - $grant = Context::get('grant'); - if($grant->manager) + if ($logged_info->is_admin == 'Y') { - return TRUE; + return $this->grant_cache = true; } - - if($this->get('member_srl') && ($this->get('member_srl') == $logged_info->member_srl || $this->get('member_srl') * -1 == $logged_info->member_srl)) + if ($this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl) { - return TRUE; + return $this->grant_cache = true; } - - return FALSE; + + $oModuleModel = getModel('module'); + $grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($this->get('module_srl')), $logged_info); + if ($grant->manager) + { + return $this->grant_cache = true; + } + + return $this->grant_cache = false; } - + function setGrant() { - $this->is_granted = TRUE; + $this->grant_cache = true; } - + function setGrantForSession() { $_SESSION['granted_comment'][$this->comment_srl] = true; $this->setGrant(); } - + + function isAccessible() + { + if ($_SESSION['accessible'][$this->comment_srl] === $this->get('last_update')) + { + return true; + } + + if ($this->get('status') == RX_STATUS_PUBLIC) + { + $this->setAccessible(); + return true; + } + + if ($this->isGranted()) + { + $this->setAccessible(); + return true; + } + + $oDocument = getModel('document')->getDocument($this->get('document_srl')); + if ($oDocument->isExists() && $oDocument->isGranted()) + { + $this->setAccessible(); + return true; + } + + return false; + } + function setAccessible() { if(Context::getSessionStatus()) @@ -141,58 +178,30 @@ class commentItem extends BaseObject $_SESSION['accessible'][$this->comment_srl] = $this->get('last_update'); } } - + function isEditable() { - if($this->isGranted() || !$this->get('member_srl')) - { - return TRUE; - } - return FALSE; + return !$this->get('member_srl') || $this->isGranted(); } - + function isSecret() { - return $this->get('is_secret') == 'Y' ? TRUE : FALSE; + return $this->get('is_secret') == 'Y'; } - + function isDeleted() { return $this->get('status') == RX_STATUS_DELETED || $this->get('status') == RX_STATUS_DELETED_BY_ADMIN; } - + function isDeletedByAdmin() { return $this->get('status') == RX_STATUS_DELETED_BY_ADMIN; } - - function isAccessible() - { - if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update')) - { - return TRUE; - } - - if (!$this->isSecret() || $this->isGranted()) - { - $this->setAccessible(); - return TRUE; - } - - $oDocumentModel = getModel('document'); - $oDocument = $oDocumentModel->getDocument($this->get('document_srl')); - if ($oDocument->isExists() && $oDocument->isGranted()) - { - $this->setAccessible(); - return TRUE; - } - - return FALSE; - } - + function useNotify() { - return $this->get('notify_message') == 'Y' ? TRUE : FALSE; + return $this->get('notify_message') == 'Y'; } /** diff --git a/modules/document/document.class.php b/modules/document/document.class.php index 2d6f17693..43cd110f6 100644 --- a/modules/document/document.class.php +++ b/modules/document/document.class.php @@ -373,8 +373,7 @@ class document extends ModuleObject */ function getConfigStatus($key) { - if(array_key_exists(strtolower($key), $this->statusList)) return $this->statusList[$key]; - else $this->getDefaultStatus(); + return $this->statusList[$key]; } } /* End of file document.class.php */ From 81986c40a9cfd4bb54bc61b4d166e2dcb997d9c0 Mon Sep 17 00:00:00 2001 From: conory Date: Tue, 12 Dec 2017 13:21:37 +0900 Subject: [PATCH 2/5] =?UTF-8?q?document=EC=9D=98=20isAccessible()=20?= =?UTF-8?q?=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/document/document.item.php | 221 ++++++++++++++++------------- 1 file changed, 119 insertions(+), 102 deletions(-) diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 49aef84d3..f1a941c9f 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -157,9 +157,9 @@ class documentItem extends BaseObject function isExists() { - return $this->document_srl ? true : false; + return (bool) $this->document_srl; } - + function isGranted() { if ($_SESSION['granted_document'][$this->document_srl]) @@ -185,17 +185,17 @@ class documentItem extends BaseObject { return $this->grant_cache = true; } - + $oModuleModel = getModel('module'); $grant = $oModuleModel->getGrant($oModuleModel->getModuleInfoByModuleSrl($this->get('module_srl')), $logged_info); if ($grant->manager) { return $this->grant_cache = true; } - + return $this->grant_cache = false; } - + function setGrant() { $this->grant_cache = true; @@ -206,52 +206,29 @@ class documentItem extends BaseObject $_SESSION['granted_document'][$this->document_srl] = true; $this->setGrant(); } - + function isAccessible() { - if (isset($_SESSION['accessible'][$this->document_srl]) && $_SESSION['accessible'][$this->document_srl] === $this->get('last_update')) + if ($_SESSION['accessible'][$this->document_srl] === $this->get('last_update')) { return true; } - if ($this->grant_cache === true) + if ($this->get('status') === $this->getConfigStatus('public') || $this->get('status') === $this->getConfigStatus('temp')) { $this->setAccessible(); return true; } - $logged_info = Context::get('logged_info'); - if ($logged_info->is_admin == 'Y') + if ($this->isGranted()) { $this->setAccessible(); return true; } - - $status = $this->get('status'); - if (empty($status)) - { - return false; - } - - $configStatusList = getModel('document')->getStatusList(); - - if ($status == $configStatusList['public'] || $status == $configStatusList['publish']) - { - $this->setAccessible(); - return true; - } - elseif ($status == $configStatusList['private'] || $status == $configStatusList['secret']) - { - if ($this->get('member_srl') == $logged_info->member_srl) - { - $this->setAccessible(); - return true; - } - } return false; } - + function setAccessible() { if(Context::getSessionStatus()) @@ -259,13 +236,16 @@ class documentItem extends BaseObject $_SESSION['accessible'][$this->document_srl] = $this->get('last_update'); } } - + function allowComment() { // init write, document is not exists. so allow comment status is true - if(!$this->isExists()) return true; - - return $this->get('comment_status') == 'ALLOW' ? true : false; + if(!$this->isExists()) + { + return true; + } + + return $this->get('comment_status') == 'ALLOW'; } function allowTrackback() @@ -307,33 +287,34 @@ class documentItem extends BaseObject function isLocked() { - if(!$this->isExists()) return false; - - return $this->get('comment_status') == 'ALLOW' ? false : true; + if(!$this->isExists()) + { + return false; + } + + return $this->get('comment_status') != 'ALLOW'; } function isEditable() { - if($this->isGranted() || !$this->get('member_srl')) return true; - return false; + return !$this->get('member_srl') || $this->isGranted(); } - + function isSecret() { - $oDocumentModel = getModel('document'); - return $this->get('status') == $oDocumentModel->getConfigStatus('secret') ? true : false; + return $this->get('status') == $this->getConfigStatus('secret'); } - + function isNotice() { - return $this->get('is_notice') == 'Y' ? true : false; + return $this->get('is_notice') == 'Y'; } - + function useNotify() { - return $this->get('notify_message')=='Y' ? true : false; + return $this->get('notify_message') == 'Y'; } - + function doCart() { if(!$this->document_srl) return false; @@ -394,7 +375,7 @@ class documentItem extends BaseObject { return $this->get('ipaddress'); } - + return '*' . strstr($this->get('ipaddress'), '.'); } @@ -496,45 +477,48 @@ class documentItem extends BaseObject function getContentPlainText($strlen = 0) { - if(!$this->document_srl) return; - if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret'); - - $result = $this->_checkAccessibleFromStatus(); - if($result && Context::getSessionStatus()) + if(!$this->document_srl) { - $this->setAccessible(); + return; } - + + if(!$this->isAccessible()) + { + return lang('msg_is_secret'); + } + $content = $this->get('content'); $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content)))); if($strlen) { $content = cut_str($content, $strlen, '...'); } + return escape($content); } function getContentText($strlen = 0) { - if(!$this->document_srl) return; - - if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret'); - - $result = $this->_checkAccessibleFromStatus(); - if($result && Context::getSessionStatus()) + if(!$this->document_srl) { - $this->setAccessible(); + return; } - + + if(!$this->isAccessible()) + { + return lang('msg_is_secret'); + } + $content = $this->get('content'); $content = preg_replace_callback('/<(object|param|embed)[^>]*/is', array($this, '_checkAllowScriptAccess'), $content); $content = preg_replace_callback('/]*>/is', array($this, '_addAllowScriptAccess'), $content); - + if($strlen) { $content = trim(utf8_normalize_spaces(html_entity_decode(strip_tags($content)))); $content = cut_str($content, $strlen, '...'); } + return escape($content); } @@ -583,21 +567,24 @@ class documentItem extends BaseObject function getContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true, $stripEmbedTagException = false) { - if(!$this->document_srl) return; - - if($this->isSecret() && !$this->isGranted() && !$this->isAccessible()) return lang('msg_is_secret'); - - $result = $this->_checkAccessibleFromStatus(); - if($result) + if(!$this->document_srl) { - $this->setAccessible(); + return; } - + + if(!$this->isAccessible()) + { + return lang('msg_is_secret'); + } + $content = $this->get('content'); - if(!$stripEmbedTagException) stripEmbedTagForAdmin($content, $this->get('member_srl')); - + if(!$stripEmbedTagException) + { + stripEmbedTagForAdmin($content, $this->get('member_srl')); + } + // Define a link if using a rewrite module - $oContext = &Context::getInstance(); + $oContext = Context::getInstance(); if($oContext->allow_rewrite) { $content = preg_replace('/document_srl, $memberSrl, $this->document_srl, $memberSrl ); - // Add xe_content class although accessing content is not required } - else + // Add xe_content class although accessing content is not required + elseif($add_xe_content_class) { - if($add_xe_content_class) $content = sprintf('
%s
', $content); + $content = sprintf('
%s
', $content); } // Change the image path to a valid absolute path if resource_realpath is true if($resource_realpath) { $content = preg_replace_callback('/]+)>/i',array($this,'replaceResourceRealPath'), $content); } - + return $content; } @@ -843,12 +830,19 @@ class documentItem extends BaseObject function getComments() { - if(!$this->getCommentCount()) return; - if(!$this->isGranted() && $this->isSecret()) return; + if(!$this->getCommentCount()) + { + return; + } + + if(!$this->isAccessible()) + { + return; + } + // cpage is a number of comment pages $cpageStr = sprintf('%d_cpage', $this->document_srl); $cpage = Context::get($cpageStr); - if(!$cpage) { $cpage = Context::get('cpage'); @@ -966,11 +960,11 @@ class documentItem extends BaseObject $thumbnail_type = $config->thumbnail_type ?: 'crop'; } - if($this->isSecret() && !$this->isGranted()) + if(!$this->isAccessible()) { return; } - + // If not specify its height, create a square if(!$height) $height = $width; if($this->get('content')) @@ -1223,25 +1217,42 @@ class documentItem extends BaseObject function hasUploadedFiles() { - if(!$this->document_srl) return; - - if($this->isSecret() && !$this->isGranted()) return false; + if(!$this->document_srl) + { + return false; + } + + if(!$this->isAccessible()) + { + return false; + } + return $this->get('uploaded_count')? true : false; } function getUploadedFiles($sortIndex = 'file_srl') { - if(!$this->document_srl) return; - - if($this->isSecret() && !$this->isGranted()) return; - if(!$this->get('uploaded_count')) return; - + if(!$this->document_srl) + { + return; + } + + if(!$this->isAccessible()) + { + return; + } + + if(!$this->get('uploaded_count')) + { + return; + } + if(!$this->uploadedFiles[$sortIndex]) { $oFileModel = getModel('file'); $this->uploadedFiles[$sortIndex] = $oFileModel->getFiles($this->document_srl, array(), $sortIndex, true); } - + return $this->uploadedFiles[$sortIndex]; } @@ -1266,9 +1277,16 @@ class documentItem extends BaseObject function isEnableComment() { // Return false if not authorized, if a secret document, if the document is set not to allow any comment - if (!$this->allowComment()) return false; - if(!$this->isGranted() && $this->isSecret()) return false; - + if (!$this->allowComment()) + { + return false; + } + + if(!$this->isAccessible()) + { + return false; + } + return true; } @@ -1336,9 +1354,8 @@ class documentItem extends BaseObject } /** - * Check accessible by document status - * @param array $matches - * @return mixed + * Compatible function + * For only XE third party */ function _checkAccessibleFromStatus() { From f8ac11bda6781c1b9760bba0641f467daf01bb4a Mon Sep 17 00:00:00 2001 From: conory Date: Tue, 12 Dec 2017 13:23:45 +0900 Subject: [PATCH 3/5] =?UTF-8?q?isAccessible()=EB=A1=9C=20=ED=86=B5?= =?UTF-8?q?=EC=9D=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- classes/module/ModuleHandler.class.php | 7 ++----- modules/board/board.view.php | 5 ++--- modules/board/m.skins/default/read.html | 2 +- modules/board/m.skins/simpleGray/read.html | 2 +- modules/board/skins/default/_read.html | 4 ++-- modules/board/skins/xedition/_read.html | 4 ++-- modules/comment/comment.model.php | 2 +- modules/document/tpl/print_page.html | 6 ++---- modules/file/file.model.php | 4 ++-- modules/member/member.controller.php | 2 +- 10 files changed, 16 insertions(+), 22 deletions(-) diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php index 473f5e4e7..788700463 100644 --- a/classes/module/ModuleHandler.class.php +++ b/classes/module/ModuleHandler.class.php @@ -228,12 +228,9 @@ class ModuleHandler extends Handler { $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($this->document_srl); - if($oDocument->isSecret() || $oDocument->get('status') === $oDocumentModel->getConfigStatus('temp')) + if(!$oDocument->isAccessible()) { - if(!$oDocument->isGranted() && !$oDocument->isAccessible()) - { - $this->httpStatusCode = '403'; - } + $this->httpStatusCode = '403'; } } } diff --git a/modules/board/board.view.php b/modules/board/board.view.php index fc143777b..2ff089812 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -328,13 +328,12 @@ class boardView extends board )); // update the document view count (if the document is not secret) - if(!$oDocument->isSecret() || $oDocument->isGranted()) + if($oDocument->isAccessible()) { $oDocument->updateReadedCount(); } - // disappear the document if it is secret - if($oDocument->isSecret() && !$oDocument->isGranted()) + else { $oDocument->add('content',lang('thisissecret')); } diff --git a/modules/board/m.skins/default/read.html b/modules/board/m.skins/default/read.html index 8edf5975e..00cb61c47 100644 --- a/modules/board/m.skins/default/read.html +++ b/modules/board/m.skins/default/read.html @@ -8,7 +8,7 @@ {$lang->cmd_write}
- +
diff --git a/modules/board/m.skins/simpleGray/read.html b/modules/board/m.skins/simpleGray/read.html index cfe1ba937..320d2e779 100644 --- a/modules/board/m.skins/simpleGray/read.html +++ b/modules/board/m.skins/simpleGray/read.html @@ -9,7 +9,7 @@ {$oDocument->getRegdate()}
- +
diff --git a/modules/board/skins/default/_read.html b/modules/board/skins/default/_read.html index 7615cf8c8..91b4316cb 100644 --- a/modules/board/skins/default/_read.html +++ b/modules/board/skins/default/_read.html @@ -20,7 +20,7 @@
-
+
@@ -31,7 +31,7 @@
- + diff --git a/modules/board/skins/xedition/_read.html b/modules/board/skins/xedition/_read.html index 239d18661..776a0ac22 100644 --- a/modules/board/skins/xedition/_read.html +++ b/modules/board/skins/xedition/_read.html @@ -24,7 +24,7 @@
-
+
{$val->name}
@@ -35,7 +35,7 @@
- + diff --git a/modules/comment/comment.model.php b/modules/comment/comment.model.php index e80c943eb..ab8b9fdaa 100644 --- a/modules/comment/comment.model.php +++ b/modules/comment/comment.model.php @@ -297,7 +297,7 @@ class commentModel extends comment * @param bool $published * @return int */ - function getCommentAllCount($module_srl, $published = null) + function getCommentAllCount($module_srl, $published = false) { $args = new stdClass(); $args->module_srl = $module_srl; diff --git a/modules/document/tpl/print_page.html b/modules/document/tpl/print_page.html index 0fc174353..56961e537 100644 --- a/modules/document/tpl/print_page.html +++ b/modules/document/tpl/print_page.html @@ -2,14 +2,12 @@

{$oDocument->getTitleText()}

{$oDocument->get('nick_name')} {$oDocument->getRegdate()} - + {$val->name}: {$val->getValueHtml()} {$oDocument->getContent(false, false)} diff --git a/modules/file/file.model.php b/modules/file/file.model.php index 9a41b0b66..cf0958fc0 100644 --- a/modules/file/file.model.php +++ b/modules/file/file.model.php @@ -43,7 +43,7 @@ class fileModel extends file if(!$oDocument->isExists()) { $oComment = $oCommentModel->getComment($upload_target_srl); - if($oComment->isExists() && $oComment->isSecret() && !$oComment->isGranted()) + if($oComment->isExists() && !$oComment->isAccessible()) { return $this->setError('msg_not_permitted'); } @@ -52,7 +52,7 @@ class fileModel extends file } // document 권한 확인 - if($oDocument->isExists() && $oDocument->isSecret() && !$oDocument->isGranted()) + if($oDocument->isExists() && !$oDocument->isAccessible()) { return $this->setError('msg_not_permitted'); } diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index ddcba0857..51b8642f5 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -130,7 +130,7 @@ class memberController extends member $oDocument = $oDocumentModel->getDocument($document_srl); // Check document - if($oDocument->isSecret() && !$oDocument->isGranted()) + if(!$oDocument->isAccessible()) { return $this->setError('msg_is_secret'); } From 48c818d7de42c766267ea8c24f14e08ba423aa4b Mon Sep 17 00:00:00 2001 From: conory Date: Tue, 12 Dec 2017 14:30:27 +0900 Subject: [PATCH 4/5] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=A7=80?= =?UTF-8?q?=EC=A0=95=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/document/document.item.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/document/document.item.php b/modules/document/document.item.php index f1a941c9f..49a05a47e 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -214,7 +214,8 @@ class documentItem extends BaseObject return true; } - if ($this->get('status') === $this->getConfigStatus('public') || $this->get('status') === $this->getConfigStatus('temp')) + $status_list = getModel('document')->getStatusList(); + if ($this->get('status') === $status_list['public'] || $this->get('status') === $status_list['temp']) { $this->setAccessible(); return true; @@ -302,7 +303,7 @@ class documentItem extends BaseObject function isSecret() { - return $this->get('status') == $this->getConfigStatus('secret'); + return $this->get('status') == getModel('document')->getConfigStatus('secret'); } function isNotice() From f93ad9c0f639636d52620279c9122e3a57e0055b Mon Sep 17 00:00:00 2001 From: conory Date: Wed, 13 Dec 2017 21:10:46 +0900 Subject: [PATCH 5/5] =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=A0=95=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- addons/blogapi/blogapi.addon.php | 2 +- modules/board/board.view.php | 2 +- modules/comment/comment.controller.php | 2 +- modules/comment/comment.item.php | 35 ++-- modules/document/document.item.php | 224 +++++++++++++++---------- 5 files changed, 163 insertions(+), 102 deletions(-) diff --git a/addons/blogapi/blogapi.addon.php b/addons/blogapi/blogapi.addon.php index c5f8ed69a..0d1ae6ead 100644 --- a/addons/blogapi/blogapi.addon.php +++ b/addons/blogapi/blogapi.addon.php @@ -233,7 +233,7 @@ if($called_position == 'before_module_proc') { $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($document_srl); - if(!$oDocument->isExists() || !$oDocument->isGranted()) + if(!$oDocument->isGranted()) { printContent(getXmlRpcFailure(1, 'no permission')); } diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 2ff089812..f9d3e9392 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -782,7 +782,7 @@ class boardView extends board // if the document is not granted, then back to the password input form $oModuleModel = getModel('module'); - if($oDocument->isExists()&&!$oDocument->isGranted()) + if($oDocument->isExists() && !$oDocument->isGranted()) { return $this->setTemplateFile('input_password_form'); } diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index f2f14cfa3..03cfe7671 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -1257,7 +1257,7 @@ class commentController extends comment $oDocument = $oDocumentModel->getDocument($document_srl); } - if(!$oDocument->isExists() || !$oDocument->isGranted()) + if(!$oDocument->isGranted()) { return new BaseObject(-1, 'msg_not_permitted'); } diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php index 808f42e4b..654070481 100644 --- a/modules/comment/comment.item.php +++ b/modules/comment/comment.item.php @@ -92,14 +92,19 @@ class commentItem extends BaseObject function isExists() { - return (bool) $this->comment_srl; + return (bool) ($this->comment_srl); } function isGranted() { - if ($_SESSION['granted_comment'][$this->comment_srl]) + if(!$this->isExists()) { - return $this->grant_cache = true; + return false; + } + + if (isset($_SESSION['granted_comment'][$this->comment_srl])) + { + return true; } if ($this->grant_cache !== null) @@ -144,7 +149,12 @@ class commentItem extends BaseObject function isAccessible() { - if ($_SESSION['accessible'][$this->comment_srl] === $this->get('last_update')) + if(!$this->isExists()) + { + return false; + } + + if (isset($_SESSION['accessible'][$this->comment_srl]) && $_SESSION['accessible'][$this->comment_srl] === $this->get('last_update')) { return true; } @@ -162,7 +172,7 @@ class commentItem extends BaseObject } $oDocument = getModel('document')->getDocument($this->get('document_srl')); - if ($oDocument->isExists() && $oDocument->isGranted()) + if ($oDocument->isGranted()) { $this->setAccessible(); return true; @@ -515,25 +525,26 @@ class commentItem extends BaseObject function hasUploadedFiles() { - if(($this->isSecret() && !$this->isAccessible()) && !$this->isGranted()) + if(!$this->isAccessible()) { - return FALSE; + return false; } + return $this->get('uploaded_count') ? TRUE : FALSE; } function getUploadedFiles() { - if(($this->isSecret() && !$this->isAccessible()) && !$this->isGranted()) + if(!$this->isAccessible()) { return; } - + if(!$this->get('uploaded_count')) { return; } - + $oFileModel = getModel('file'); $file_list = $oFileModel->getFiles($this->comment_srl, array(), 'file_srl', TRUE); return $file_list; @@ -646,11 +657,11 @@ class commentItem extends BaseObject $thumbnail_type = $config->thumbnail_type ?: 'crop'; } - if($this->isSecret() && !$this->isGranted()) + if(!$this->isAccessible()) { return; } - + // If signiture height setting is omitted, create a square if(!$height) { diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 49a05a47e..cb867ee6a 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -62,7 +62,6 @@ class documentItem extends BaseObject { $this->document_srl = $document_srl; $this->columnList = $columnList; - $this->_loadFromDB($load_extra_vars); } @@ -79,10 +78,12 @@ class documentItem extends BaseObject */ function _loadFromDB($load_extra_vars = true) { - if(!$this->document_srl) return; - + if(!$this->document_srl) + { + return; + } + $document_item = false; - $cache_put = false; $columnList = array(); $reload_counts = true; @@ -127,17 +128,18 @@ class documentItem extends BaseObject $this->setAttribute($document_item, $load_extra_vars); } - function setAttribute($attribute, $load_extra_vars=true) + function setAttribute($attribute, $load_extra_vars = true) { if(!$attribute->document_srl) { $this->document_srl = null; return; } + $this->document_srl = $attribute->document_srl; $this->lang_code = $attribute->lang_code; $this->adds($attribute); - + // Tags if($this->get('tags')) { @@ -145,26 +147,30 @@ class documentItem extends BaseObject $tag_list = array_map('utf8_trim', $tag_list); $this->add('tag_list', $tag_list); } - - $oDocumentModel = getModel('document'); + if($load_extra_vars) { - $GLOBALS['XE_DOCUMENT_LIST'][$attribute->document_srl] = $this; - $oDocumentModel->setToAllDocumentExtraVars(); + getModel('document')->setToAllDocumentExtraVars(); } + $GLOBALS['XE_DOCUMENT_LIST'][$this->document_srl] = $this; } function isExists() { - return (bool) $this->document_srl; + return (bool) ($this->document_srl); } function isGranted() { - if ($_SESSION['granted_document'][$this->document_srl]) + if(!$this->isExists()) { - return $this->grant_cache = true; + return false; + } + + if (isset($_SESSION['granted_document'][$this->document_srl])) + { + return true; } if ($this->grant_cache !== null) @@ -209,13 +215,18 @@ class documentItem extends BaseObject function isAccessible() { - if ($_SESSION['accessible'][$this->document_srl] === $this->get('last_update')) + if(!$this->isExists()) + { + return false; + } + + if (isset($_SESSION['accessible'][$this->document_srl]) && $_SESSION['accessible'][$this->document_srl] === $this->get('last_update')) { return true; } $status_list = getModel('document')->getStatusList(); - if ($this->get('status') === $status_list['public'] || $this->get('status') === $status_list['temp']) + if ($this->get('status') === $status_list['public']) { $this->setAccessible(); return true; @@ -246,7 +257,7 @@ class documentItem extends BaseObject return true; } - return $this->get('comment_status') == 'ALLOW'; + return (bool) ($this->get('comment_status') == 'ALLOW'); } function allowTrackback() @@ -293,34 +304,37 @@ class documentItem extends BaseObject return false; } - return $this->get('comment_status') != 'ALLOW'; + return (bool) ($this->get('comment_status') != 'ALLOW'); } function isEditable() { - return !$this->get('member_srl') || $this->isGranted(); + return (bool) (!$this->get('member_srl') || $this->isGranted()); } function isSecret() { - return $this->get('status') == getModel('document')->getConfigStatus('secret'); + return (bool) ($this->get('status') == getModel('document')->getConfigStatus('secret')); } function isNotice() { - return $this->get('is_notice') == 'Y'; + return (bool) ($this->get('is_notice') == 'Y'); } function useNotify() { - return $this->get('notify_message') == 'Y'; + return (bool) ($this->get('notify_message') == 'Y'); } function doCart() { - if(!$this->document_srl) return false; - if($this->isCarted()) $this->removeCart(); - else $this->addCart(); + if(!$this->isExists()) + { + return false; + } + + $this->isCarted() ? $this->removeCart() : $this->addCart(); } function addCart() @@ -335,7 +349,7 @@ class documentItem extends BaseObject function isCarted() { - return $_SESSION['document_management'][$this->document_srl]; + return isset($_SESSION['document_management'][$this->document_srl]); } /** @@ -346,23 +360,35 @@ class documentItem extends BaseObject */ function notify($type, $content) { - if(!$this->document_srl) return; + if(!$this->isExists()) + { + return; + } // return if it is not useNotify - if(!$this->useNotify()) return; + if(!$this->useNotify()) + { + return; + } // Pass if an author is not a logged-in user - if(!$this->get('member_srl')) return; + if(!$this->get('member_srl')) + { + return; + } + // Return if the currently logged-in user is an author $logged_info = Context::get('logged_info'); - if($logged_info->member_srl == $this->get('member_srl')) return; + if($logged_info->member_srl == $this->get('member_srl')) + { + return; + } + // List variables - if($type) $title = "[".$type."] "; - $title .= cut_str(strip_tags($content), 10, '...'); - $content = sprintf('%s

from : %s',$content, getFullUrl('','document_srl',$this->document_srl), getFullUrl('','document_srl',$this->document_srl)); - $receiver_srl = $this->get('member_srl'); - $sender_member_srl = $logged_info->member_srl; + $title = ($type ? sprintf('[%s] ', $type) : '') . cut_str(strip_tags($content), 10, '...'); + $content = sprintf('%s

from : %s',$content, getFullUrl('', 'document_srl', $this->document_srl), getFullUrl('', 'document_srl', $this->document_srl)); + // Send a message - $oCommunicationController = getController('communication'); - $oCommunicationController->sendMessage($sender_member_srl, $receiver_srl, $title, $content, false); + $sender_member_srl = $logged_info->member_srl ?: $this->get('member_srl'); + getController('communication')->sendMessage($sender_member_srl, $this->get('member_srl'), $title, $content, false); } function getLangCode() @@ -382,17 +408,21 @@ class documentItem extends BaseObject function isExistsHomepage() { - if(trim($this->get('homepage'))) return true; - return false; + return (bool) trim($this->get('homepage')); } function getHomepageUrl() { - $url = trim($this->get('homepage')); - if(!$url) return; - - if(strncasecmp('http://', $url, 7) !== 0 && strncasecmp('https://', $url, 8) !== 0) $url = 'http://' . $url; - + if(!$url = trim($this->get('homepage'))) + { + return; + } + + if(!preg_match('@^[a-z]+://@i', $url)) + { + $url = 'http://' . $url; + } + return $url; } @@ -403,82 +433,94 @@ class documentItem extends BaseObject function getUserID() { - return htmlspecialchars($this->get('user_id'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false); + return escape($this->get('user_id'), false); } function getUserName() { - return htmlspecialchars($this->get('user_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false); + return escape($this->get('user_name'), false); } function getNickName() { - return htmlspecialchars($this->get('nick_name'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false); + return escape($this->get('nick_name'), false); } function getLastUpdater() { - return htmlspecialchars($this->get('last_updater'), ENT_COMPAT | ENT_HTML401, 'UTF-8', false); + return escape($this->get('last_updater'), false); } - function getTitleText($cut_size = 0, $tail='...') + function getTitleText($cut_size = 0, $tail = '...') { - if(!$this->document_srl) return; - - if($cut_size) $title = cut_str($this->get('title'), $cut_size, $tail); - else $title = $this->get('title'); - - return $title; + if(!$this->isExists()) + { + return; + } + + return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title'); } function getVoted() { - if(!$this->document_srl) return false; + if(!$this->isExists()) + { + return false; + } + + $logged_info = Context::get('logged_info'); + if(!$logged_info->member_srl) + { + return false; + } + if(isset($_SESSION['voted_document'][$this->document_srl])) { return $_SESSION['voted_document'][$this->document_srl]; } - - $logged_info = Context::get('logged_info'); - if(!$logged_info->member_srl) return false; - - $args = new stdClass(); + + $args = new stdClass; $args->member_srl = $logged_info->member_srl; $args->document_srl = $this->document_srl; $output = executeQuery('document.getDocumentVotedLog', $args); - if($output->data->point) { return $_SESSION['voted_document'][$this->document_srl] = $output->data->point; } - + return $_SESSION['voted_document'][$this->document_srl] = false; } - function getTitle($cut_size = 0, $tail='...') + function getTitle($cut_size = 0, $tail = '...') { - if(!$this->document_srl) return; - - $title = $this->getTitleText($cut_size, $tail); - - $attrs = array(); + if(!$this->isExists()) + { + return false; + } + + $title = escape($this->getTitleText($cut_size, $tail), false); $this->add('title_color', trim($this->get('title_color'))); - if($this->get('title_bold')=='Y') $attrs[] = "font-weight:bold;"; - if($this->get('title_color') && $this->get('title_color') != 'N') $attrs[] = "color:#".ltrim($this->get('title_color'), '#'); - + + $attrs = array(); + if($this->get('title_bold') == 'Y') + { + $attrs[] = 'font-weight:bold'; + } + if($this->get('title_color') && $this->get('title_color') != 'N') + { + $attrs[] = 'color:#' . ltrim($this->get('title_color'), '#'); + } if(count($attrs)) { - return sprintf("%s", implode(';', $attrs), escape($title, false)); - } - else - { - return escape($title, false); + return sprintf('%s', implode(';', $attrs), $title); } + + return $title; } function getContentPlainText($strlen = 0) { - if(!$this->document_srl) + if(!$this->isExists()) { return; } @@ -500,7 +542,7 @@ class documentItem extends BaseObject function getContentText($strlen = 0) { - if(!$this->document_srl) + if(!$this->isExists()) { return; } @@ -568,7 +610,7 @@ class documentItem extends BaseObject function getContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true, $stripEmbedTagException = false) { - if(!$this->document_srl) + if(!$this->isExists()) { return; } @@ -640,11 +682,14 @@ class documentItem extends BaseObject */ function getTransContent($add_popup_menu = true, $add_content_info = true, $resource_realpath = false, $add_xe_content_class = true) { - $oEditorController = getController('editor'); - + if(!$this->isExists()) + { + return; + } + $content = $this->getContent($add_popup_menu, $add_content_info, $resource_realpath, $add_xe_content_class); - $content = $oEditorController->transComponent($content); - + $content = getController('editor')->transComponent($content); + return $content; } @@ -712,11 +757,16 @@ class documentItem extends BaseObject function getTrackbackUrl() { - if(!$this->document_srl) return; - + if(!$this->isExists()) + { + return; + } + // Generate a key to prevent spams - $oTrackbackModel = getModel('trackback'); - if($oTrackbackModel) return $oTrackbackModel->getTrackbackUrl($this->document_srl, $this->getDocumentMid()); + if($oTrackbackModel = getModel('trackback')) + { + return $oTrackbackModel->getTrackbackUrl($this->document_srl, $this->getDocumentMid()); + } } /**
{$val->name}