mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-03 16:51:40 +09:00
Fix potential vulnerabilities
This commit is contained in:
conory
parent
0dd567bc00
commit
99d16d84c3
4 changed files with 141 additions and 39 deletions
|
|
@ -39,16 +39,22 @@ class commentController extends comment
|
|||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
|
||||
$oComment = CommentModel::getComment($comment_srl, false, false);
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
$module_srl = $oComment->get('module_srl');
|
||||
if(!$module_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$comment_config = ModuleModel::getModulePartConfig('comment', $module_srl);
|
||||
if($comment_config->use_vote_up == 'N')
|
||||
if($comment_config->use_vote_up === 'N')
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
}
|
||||
|
|
@ -70,13 +76,24 @@ class commentController extends comment
|
|||
}
|
||||
|
||||
$comment_srl = Context::get('target_srl');
|
||||
if(!$comment_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
|
||||
if(!$comment_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oComment = CommentModel::getComment($comment_srl, false, false);
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
if($oComment->get('voted_count') <= 0)
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('failed_voted_canceled');
|
||||
}
|
||||
|
||||
$point = 1;
|
||||
$output = $this->updateVotedCountCancel($comment_srl, $oComment, $point);
|
||||
|
||||
|
|
@ -106,16 +123,22 @@ class commentController extends comment
|
|||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
|
||||
$oComment = CommentModel::getComment($comment_srl, false, false);
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
$module_srl = $oComment->get('module_srl');
|
||||
if(!$module_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$comment_config = ModuleModel::getModulePartConfig('comment', $module_srl);
|
||||
if($comment_config->use_vote_down == 'N')
|
||||
if($comment_config->use_vote_down === 'N')
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
}
|
||||
|
|
@ -137,13 +160,24 @@ class commentController extends comment
|
|||
}
|
||||
|
||||
$comment_srl = Context::get('target_srl');
|
||||
if(!$comment_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
|
||||
if(!$comment_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oComment = CommentModel::getComment($comment_srl, false, false);
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
if($oComment->get('blamed_count') >= 0)
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('failed_blamed_canceled');
|
||||
}
|
||||
|
||||
$point = -1;
|
||||
$output = $this->updateVotedCountCancel($comment_srl, $oComment, $point);
|
||||
|
||||
|
|
@ -243,7 +277,16 @@ class commentController extends comment
|
|||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
$oComment = CommentModel::getComment($comment_srl, false, false);
|
||||
if(!$oComment->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
|
||||
// if an user select message from options, message would be the option.
|
||||
$message_option = strval(Context::get('message_option'));
|
||||
$improper_comment_reasons = lang('improper_comment_reasons');
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ class commentView extends comment
|
|||
throw new Rhymix\Framework\Exceptions\TargetNotFound;
|
||||
}
|
||||
// Check permissions
|
||||
if(!$oComment->isAccessible())
|
||||
if(!$oComment->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ class documentController extends document
|
|||
{
|
||||
$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
|
||||
}
|
||||
|
||||
if($module_info->non_login_vote !== 'Y')
|
||||
{
|
||||
if(!Context::get('is_logged'))
|
||||
|
|
@ -45,11 +44,24 @@ class documentController extends document
|
|||
}
|
||||
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
$module_srl = $oDocument->get('module_srl');
|
||||
if(!$module_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
$document_config = ModuleModel::getModulePartConfig('document',$module_srl);
|
||||
if($document_config->use_vote_up=='N') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
if(!$module_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$document_config = ModuleModel::getModulePartConfig('document', $module_srl);
|
||||
if($document_config->use_vote_up === 'N')
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
}
|
||||
|
||||
$point = 1;
|
||||
$output = $this->updateVotedCount($document_srl, $point);
|
||||
|
|
@ -74,7 +86,6 @@ class documentController extends document
|
|||
{
|
||||
$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
|
||||
}
|
||||
|
||||
if($module_info->non_login_vote !== 'Y')
|
||||
{
|
||||
if(!Context::get('is_logged'))
|
||||
|
|
@ -82,17 +93,25 @@ class documentController extends document
|
|||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
}
|
||||
|
||||
if($module_info->cancel_vote !== 'Y')
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('failed_voted_cancel');
|
||||
}
|
||||
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
if($oDocument->get('voted_count') <= 0)
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('failed_voted_canceled');
|
||||
}
|
||||
|
||||
$point = 1;
|
||||
$output = $this->updateVotedCountCancel($document_srl, $oDocument, $point);
|
||||
if(!$output->toBool())
|
||||
|
|
@ -139,15 +158,30 @@ class documentController extends document
|
|||
}
|
||||
|
||||
$document_srl = Context::get('target_srl');
|
||||
if(!$document_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
if(!$document_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
$module_srl = $oDocument->get('module_srl');
|
||||
if(!$module_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
$document_config = ModuleModel::getModulePartConfig('document',$module_srl);
|
||||
if($document_config->use_vote_down=='N') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
|
||||
if(!$module_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$document_config = ModuleModel::getModulePartConfig('document', $module_srl);
|
||||
if($document_config->use_vote_down === 'N')
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\FeatureDisabled;
|
||||
}
|
||||
|
||||
$point = -1;
|
||||
$output = $this->updateVotedCount($document_srl, $point);
|
||||
if(!$output->toBool())
|
||||
|
|
@ -167,20 +201,30 @@ class documentController extends document
|
|||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
}
|
||||
|
||||
if($this->module_info->cancel_vote !== 'Y')
|
||||
{
|
||||
return new Rhymix\Framework\Exception('failed_voted_canceled');
|
||||
}
|
||||
|
||||
$document_srl = Context::get('target_srl');
|
||||
if(!$document_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
|
||||
if(!$document_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
if($oDocument->get('blamed_count') >= 0)
|
||||
{
|
||||
throw new Rhymix\Framework\Exception('failed_blamed_canceled');
|
||||
}
|
||||
|
||||
$point = -1;
|
||||
$output = $this->updateVotedCountCancel($document_srl, $oDocument, $point);
|
||||
if(!$output->toBool())
|
||||
|
|
@ -289,11 +333,20 @@ class documentController extends document
|
|||
throw new Rhymix\Framework\Exceptions\MustLogin;
|
||||
}
|
||||
|
||||
$document_srl = intval(Context::get('target_srl'));
|
||||
$document_srl = Context::get('target_srl');
|
||||
if(!$document_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
|
||||
// if an user select message from options, message would be the option.
|
||||
$message_option = strval(Context::get('message_option'));
|
||||
|
|
@ -321,15 +374,21 @@ class documentController extends document
|
|||
{
|
||||
throw new Rhymix\Framework\Exceptions\MustLogin;
|
||||
}
|
||||
|
||||
$document_srl = intval(Context::get('target_srl'));
|
||||
|
||||
$oDocument = DocumentModel::getDocument($document_srl);
|
||||
$document_srl = Context::get('target_srl');
|
||||
if(!$document_srl)
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
$oDocument = DocumentModel::getDocument($document_srl, false, false);
|
||||
if(!$oDocument->isExists())
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\InvalidRequest;
|
||||
}
|
||||
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
|
||||
if($module_info->cancel_vote !== 'Y')
|
||||
{
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ class documentView extends document
|
|||
throw new Rhymix\Framework\Exceptions\TargetNotFound;
|
||||
}
|
||||
// Check permissions
|
||||
if(!$oDocument->isAccessible())
|
||||
if(!$oDocument->isAccessible(true))
|
||||
{
|
||||
throw new Rhymix\Framework\Exceptions\NotPermitted;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue