fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity

procDocumentTempSave, procBoardInsertDocument 코드 정리

Browse source 
- procDocumentTempSave
아무나 제목 굵기, 색상을 적용할 수 있는 문제 수정
게시판 제한 설정을 우회하여 게시물을 수정할 수 있는 문제 수정

- procBoardInsertDocument
게시물을 비공개(PRIVATE)로 전환할 수 있는 문제 수정 (글쓰기 포인트 획득용으로 악용 방지)
익명 이름에서 '$DOCNUM'가 제대로 작동하지 않는 문제 수정
임시 문서를 게시할 경우 게시판 제한 설정에 걸려 게시가 안될 수 있는 문제 수정
This commit is contained in:
conory 2017-06-03 14:13:34 +09:00
parent 4ca1c8e073
commit 937cbf58f0
2 changed files with 182 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

288
modules/board/board.controller.php
View file

@ -9,44 +9,43 @@
class boardController extends board class boardController extends board
{ {
/** /**
* @brief initialization * @brief initialization
**/ **/
function init() function init()
{ {
if($this->module_info->module != 'board')
{
return new Object(-1, 'msg_invalid_request');
}
} }
/** /**
* @brief insert document * @brief insert document
**/ **/
function procBoardInsertDocument() function procBoardInsertDocument()
{ {
// check grant // check grant
if($this->module_info->module != "board")
{
return new Object(-1, "msg_invalid_request");
}
if(!$this->grant->write_document) if(!$this->grant->write_document)
{ {
return new Object(-1, 'msg_not_permitted'); return new Object(-1, 'msg_not_permitted');
} }
$logged_info = Context::get('logged_info');
// setup variables // setup variables
$obj = Context::getRequestVars(); $obj = Context::getRequestVars();
$obj->module_srl = $this->module_srl; $obj->module_srl = $this->module_srl;
if($obj->is_notice!='Y'||!$this->grant->manager) $obj->is_notice = 'N';
$obj->commentStatus = $obj->comment_status; $obj->commentStatus = $obj->comment_status;
settype($obj->title, "string"); // Return error if content is empty.
if($obj->title == '') $obj->title = cut_str(trim(strip_tags(nl2br($obj->content))),20,'...'); if (is_empty_html_content($obj->content))
//setup dpcument title tp 'Untitled' {
if($obj->title == '') $obj->title = 'Untitled'; return new Object(-1, 'msg_empty_content');
}
// unset document style if the user is not the document manager
// unset document style if not manager
if(!$this->grant->manager) if(!$this->grant->manager)
{ {
unset($obj->is_notice);
unset($obj->title_color); unset($obj->title_color);
unset($obj->title_bold); unset($obj->title_bold);
} }
@ -54,173 +53,186 @@ class boardController extends board
{ {
$obj->is_admin = 'Y'; $obj->is_admin = 'Y';
} }
// generate document module model object
$oDocumentModel = getModel('document'); $oDocumentModel = getModel('document');
// generate document module의 controller object
$oDocumentController = getController('document'); $oDocumentController = getController('document');
// check if the document is existed $_SECRET = $oDocumentModel->getConfigStatus('secret');
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager); $use_status = explode('|@|', $this->module_info->use_status);
// update the document if it is existed // Set status
$is_update = false; if(($obj->is_secret == 'Y' || $obj->status == $_SECRET) && is_array($use_status) && in_array($_SECRET, $use_status))
if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl)
{ {
$is_update = true; $obj->status = $_SECRET;
}
$oMemberModel = getModel('member');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{
return new Object(-1, 'msg_admin_document_no_modify');
}
// if use anonymous is true
if($this->module_info->use_anonymous == 'Y')
{
$this->module_info->admin_mail = '';
$obj->notify_message = 'N';
if($is_update===false)
{
$obj->member_srl = -1*$logged_info->member_srl;
}
$obj->email_address = $obj->homepage = $obj->user_id = '';
$obj->user_name = $obj->nick_name = $this->createAnonymousName($this->module_info->anonymous_name ?: 'anonymous', $logged_info->member_srl, $obj->document_srl);
$bAnonymous = true;
if($is_update===false)
{
$oDocument->add('member_srl', $obj->member_srl);
}
} }
else else
{ {
$bAnonymous = false; unset($obj->is_secret);
$obj->status = $oDocumentModel->getConfigStatus('public');
} }
if($obj->is_secret == 'Y' || strtoupper($obj->status == 'SECRET')) // Set update log
{
$use_status = explode('|@|', $this->module_info->use_status);
if(!is_array($use_status) || !in_array('SECRET', $use_status))
{
unset($obj->is_secret);
$obj->status = 'PUBLIC';
}
}
if($this->module_info->update_log == 'Y') if($this->module_info->update_log == 'Y')
{ {
$obj->update_log_setting = 'Y'; $obj->update_log_setting = 'Y';
} }
// UPDATE if the document already exists. $manual = false;
if($is_update) $logged_info = Context::get('logged_info');
// Set anonymous information
if($this->module_info->use_anonymous == 'Y')
{
if(!$obj->document_srl)
{
$obj->document_srl = getNextSequence();
}
$manual = true;
$anonymous_name = $this->module_info->anonymous_name ?: 'anonymous';
$anonymous_name = $this->createAnonymousName($anonymous_name, $logged_info->member_srl, $obj->document_srl);
$this->module_info->admin_mail = '';
$obj->notify_message = 'N';
$obj->email_address = $obj->homepage = $obj->user_id = '';
$obj->user_name = $obj->nick_name = $anonymous_name;
}
// Update if the document already exists.
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
if($oDocument->isExists())
{ {
if(!$oDocument->isGranted()) if(!$oDocument->isGranted())
{ {
return new Object(-1,'msg_not_permitted'); return new Object(-1, 'msg_not_permitted');
}
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_update_content == 'Y')
{
if($oDocument->get('comment_count') > 0 && $this->grant->manager == false)
{
return new Object(-1, 'msg_protect_update_content');
}
}
if($this->module_info->use_anonymous == 'Y') {
$obj->member_srl = abs($oDocument->get('member_srl')) * -1;
$oDocument->add('member_srl', $obj->member_srl);
}
if($this->module_info->protect_document_regdate > 0 && $this->grant->manager == false)
{
if($oDocument->get('regdate') < date('YmdHis', strtotime('-'.$this->module_info->protect_document_regdate.' day')))
{
$format = lang('msg_protect_regdate_document');
$massage = sprintf($format, $this->module_info->protect_document_regdate);
return new Object(-1, $massage);
}
}
if(!$this->grant->manager)
{
// notice & document style same as before if not manager
$obj->is_notice = $oDocument->get('is_notice');
$obj->title_color = $oDocument->get('title_color');
$obj->title_bold = $oDocument->get('title_bold');
} }
// modify list_order if document status is temp // Protect admin document
if($oDocument->get('status') == 'TEMP') $member_info = getModel('member')->getMemberInfoByMemberSrl($oDocument->get('member_srl'));
if($member_info->is_admin == 'Y' && $logged_info->is_admin != 'Y')
{ {
return new Object(-1, 'msg_admin_document_no_modify');
}
// if document status is temp
if($oDocument->get('status') == $oDocumentModel->getConfigStatus('temp'))
{
// if use anonymous, set the member_srl to a negative number
if($this->module_info->use_anonymous == 'Y')
{
$obj->member_srl = abs($oDocument->get('member_srl')) * -1;
$oDocument->add('member_srl', $obj->member_srl);
}
// Update list order, date
$obj->last_update = $obj->regdate = date('YmdHis'); $obj->last_update = $obj->regdate = date('YmdHis');
$obj->update_order = $obj->list_order = (getNextSequence() * -1); $obj->update_order = $obj->list_order = (getNextSequence() * -1);
} }
$obj->reason_update = escape($obj->reason_update); else
$output = $oDocumentController->updateDocument($oDocument, $obj, $bAnonymous); {
// Protect document by comment
if($this->module_info->protect_content == 'Y' || $this->module_info->protect_update_content == 'Y')
{
if($oDocument->get('comment_count') > 0 && !$this->grant->manager)
{
return new Object(-1, 'msg_protect_update_content');
}
}
// Protect document by date
if($this->module_info->protect_document_regdate > 0 && !$this->grant->manager)
{
if($oDocument->get('regdate') < date('YmdHis', strtotime('-' . $this->module_info->protect_document_regdate . ' day')))
{
return new Object(-1, sprintf(lang('msg_protect_regdate_document'), $this->module_info->protect_document_regdate));
}
}
// notice & document style same as before if not manager
if(!$this->grant->manager)
{
$obj->is_notice = $oDocument->get('is_notice');
$obj->title_color = $oDocument->get('title_color');
$obj->title_bold = $oDocument->get('title_bold');
}
$obj->reason_update = escape($obj->reason_update);
}
// Update
$output = $oDocumentController->updateDocument($oDocument, $obj, $manual);
$msg_code = 'success_updated'; $msg_code = 'success_updated';
} }
// INSERT a new document. // Insert a new document.
else else
{ {
// if use anonymous, set the member_srl to a negative number
if($this->module_info->use_anonymous == 'Y')
{
$obj->member_srl = $logged_info->member_srl * -1;
}
// Update list order if document_srl is already assigned
if ($obj->document_srl) if ($obj->document_srl)
{ {
$obj->update_order = $obj->list_order = (getNextSequence() * -1); $obj->update_order = $obj->list_order = (getNextSequence() * -1);
} }
$output = $oDocumentController->insertDocument($obj, $bAnonymous, false, $obj->document_srl ? false : true); // Insert
$msg_code = 'success_registed'; $output = $oDocumentController->insertDocument($obj, $manual, false, $obj->document_srl ? false : true);
$obj->document_srl = $output->get('document_srl');
// Set grant for the new document.
if ($output->toBool()) if ($output->toBool())
{ {
// Set grant for the new document.
$oDocument = $oDocumentModel->getDocument($output->get('document_srl')); $oDocument = $oDocumentModel->getDocument($output->get('document_srl'));
$oDocument->setGrantForSession(); $oDocument->setGrantForSession();
}
// send an email to admin user
// send an email to admin user if($this->module_info->admin_mail)
if($output->toBool() && $this->module_info->admin_mail)
{
$oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
if($member_config->webmaster_email)
{ {
$mail_title = sprintf(lang('msg_document_notify_mail'), $this->module_info->browser_title, cut_str($obj->title, 20, '...')); $oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
$oMail = new Mail(); if($member_config->webmaster_email)
$oMail->setTitle($mail_title);
$oMail->setContent( sprintf("From : <a href=\"%s\">%s</a><br/>\r\n%s", getFullUrl('','document_srl',$obj->document_srl), getFullUrl('','document_srl',$obj->document_srl), $obj->content));
$oMail->setSender($member_config->webmaster_name ?: null, $member_config->webmaster_email);
$target_mail = explode(',',$this->module_info->admin_mail);
for($i=0;$i<count($target_mail);$i++)
{ {
$email_address = trim($target_mail[$i]); $mail_title = sprintf(lang('msg_document_notify_mail'), $this->module_info->browser_title, cut_str($obj->title, 20, '...'));
if(!$email_address) continue; $mail_content = sprintf("From : <a href=\"%s\">%s</a><br/>\r\n%s", getFullUrl('', 'document_srl', $output->get('document_srl')), getFullUrl('', 'document_srl', $output->get('document_srl')), $obj->content);
$oMail->setReceiptor($email_address, $email_address);
$oMail->send(); $oMail = new Mail();
$oMail->setTitle($mail_title);
$oMail->setContent($mail_content);
$oMail->setSender($member_config->webmaster_name ?: null, $member_config->webmaster_email);
$target_mail = explode(',', $this->module_info->admin_mail);
for($i = 0; $i < count($target_mail); $i++)
{
if(!$email_address = trim($target_mail[$i]))
{
continue;
}
$oMail->setReceiptor($email_address, $email_address);
$oMail->send();
}
} }
} }
} }
$msg_code = 'success_registed';
} }
// if there is an error // if there is an error
if(!$output->toBool()) if(!$output->toBool())
{ {
return $output; return $output;
} }
// return the results // return the results
$this->setRedirectUrl(getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '', 'document_srl', $output->get('document_srl')));
$this->add('mid', Context::get('mid')); $this->add('mid', Context::get('mid'));
$this->add('document_srl', $output->get('document_srl')); $this->add('document_srl', $output->get('document_srl'));
$this->setRedirectUrl(getNotEncodedUrl('', 'mid', Context::get('mid'), 'document_srl', $output->get('document_srl')));
// alert a message // alert a message
$this->setMessage($msg_code); $this->setMessage($msg_code);
} }
@ -392,11 +404,11 @@ class boardController extends board
$obj->member_srl = -1*$logged_info->member_srl; $obj->member_srl = -1*$logged_info->member_srl;
$obj->email_address = $obj->homepage = $obj->user_id = ''; $obj->email_address = $obj->homepage = $obj->user_id = '';
$obj->user_name = $obj->nick_name = $this->createAnonymousName($this->module_info->anonymous_name ?: 'anonymous', $logged_info->member_srl, $obj->document_srl); $obj->user_name = $obj->nick_name = $this->createAnonymousName($this->module_info->anonymous_name ?: 'anonymous', $logged_info->member_srl, $obj->document_srl);
$bAnonymous = true; $manual = true;
} }
else else
{ {
$bAnonymous = false; $manual = false;
} }
// generate comment module model object // generate comment module model object
@ -446,12 +458,12 @@ class boardController extends board
{ {
return new Object(-1, 'msg_invalid_request'); return new Object(-1, 'msg_invalid_request');
} }
$output = $oCommentController->insertComment($obj, $bAnonymous, $update_document); $output = $oCommentController->insertComment($obj, $manual, $update_document);
} }
// Parent does not exist. // Parent does not exist.
else else
{ {
$output = $oCommentController->insertComment($obj, $bAnonymous, $update_document); $output = $oCommentController->insertComment($obj, $manual, $update_document);
} }
// Set grant for the new comment. // Set grant for the new comment.
if ($output->toBool()) if ($output->toBool())

69
modules/document/document.controller.php
View file

@ -2739,64 +2739,59 @@ class documentController extends document
*/ */
function procDocumentTempSave() function procDocumentTempSave()
{ {
// Check login information
if(!Context::get('is_logged')) return new Object(-1, 'msg_not_logged');
$module_info = Context::get('module_info');
$logged_info = Context::get('logged_info');
// Get form information
$obj = Context::getRequestVars(); $obj = Context::getRequestVars();
// Change the target module to log-in information
$obj->module_srl = $module_info->module_srl;
$obj->status = $this->getConfigStatus('temp'); $obj->status = $this->getConfigStatus('temp');
unset($obj->is_notice);
if(!$obj->module_srl = $this->module_srl)
// Extract from beginning part of contents in the guestbook
if(!$obj->title)
{ {
$obj->title = cut_str(strip_tags($obj->content), 20, '...'); return new Object(-1, 'msg_invalid_request');
} }
$oDocumentModel = getModel('document'); // unset document style if not manager
$oDocumentController = getController('document'); if(!$this->grant->manager)
// Check if already exist geulinji {
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager); unset($obj->is_notice);
unset($obj->title_color);
// Update if already exists unset($obj->title_bold);
if($oDocument->isExists() && $oDocument->document_srl == $obj->document_srl) }
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($obj->document_srl);
// Update if already exists
if($oDocument->isExists())
{ {
if($oDocument->get('module_srl') != $obj->module_srl)
{
return new Object(-1, 'msg_invalid_request');
}
if(!$oDocument->isGranted()) if(!$oDocument->isGranted())
{ {
return new Object(-1, 'msg_invalid_request'); return new Object(-1, 'msg_invalid_request');
} }
//if exist document status is already public, use temp status can point problem
$obj->status = $oDocument->get('status'); if($oDocument->get('status') != $this->getConfigStatus('temp'))
$output = $oDocumentController->updateDocument($oDocument, $obj); {
$msg_code = 'success_updated'; return new Object(-1, 'msg_invalid_request');
// Otherwise, get a new }
$output = $this->updateDocument($oDocument, $obj);
} }
// Otherwise, get a new
else else
{ {
$output = $oDocumentController->insertDocument($obj); $output = $this->insertDocument($obj);
$msg_code = 'success_registed';
$obj->document_srl = $output->get('document_srl'); $oDocument = $oDocumentModel->getDocument($output->get('document_srl'));
$oDocument = $oDocumentModel->getDocument($obj->document_srl, $this->grant->manager);
} }
// Set the attachment to be invalid state // Set the attachment to be invalid state
if($oDocument->hasUploadedFiles()) if($oDocument->hasUploadedFiles())
{ {
$args = new stdClass; $args = new stdClass;
$args->upload_target_srl = $oDocument->document_srl;
$args->isvalid = 'N'; $args->isvalid = 'N';
$args->upload_target_srl = $oDocument->document_srl;
executeQuery('file.updateFileValid', $args); executeQuery('file.updateFileValid', $args);
} }
$this->setMessage('success_saved'); $this->setMessage('success_saved');
$this->add('document_srl', $obj->document_srl); $this->add('document_srl', $output->get('document_srl'));
} }
/** /**