From 99d16d84c324f2f6f1b0aa09aa24d82852b4b01f Mon Sep 17 00:00:00 2001
From: conory <conorycom@gmail.com>
Date: Fri, 5 Aug 2022 11:19:02 +0900
Subject: [PATCH] Fix potential vulnerabilities

---
 modules/comment/comment.controller.php   |  73 ++++++++++++----
 modules/comment/comment.view.php         |   2 +-
 modules/document/document.controller.php | 103 ++++++++++++++++++-----
 modules/document/document.view.php       |   2 +-
 4 files changed, 141 insertions(+), 39 deletions(-)

diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index c60fc5d70..d291112ab 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -39,16 +39,22 @@ class commentController extends comment
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
-		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
+		$oComment = CommentModel::getComment($comment_srl, false, false);
+		if(!$oComment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oComment->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		$module_srl = $oComment->get('module_srl');
 		if(!$module_srl)
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
 		$comment_config = ModuleModel::getModulePartConfig('comment', $module_srl);
-		if($comment_config->use_vote_up == 'N')
+		if($comment_config->use_vote_up === 'N')
 		{
 			throw new Rhymix\Framework\Exceptions\FeatureDisabled;
 		}
@@ -70,13 +76,24 @@ class commentController extends comment
 		}
 
 		$comment_srl = Context::get('target_srl');
-		if(!$comment_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
-		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
+		if(!$comment_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		$oComment = CommentModel::getComment($comment_srl, false, false);
+		if(!$oComment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oComment->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		if($oComment->get('voted_count') <= 0)
 		{
 			throw new Rhymix\Framework\Exception('failed_voted_canceled');
 		}
+		
 		$point = 1;
 		$output = $this->updateVotedCountCancel($comment_srl, $oComment, $point);
 
@@ -106,16 +123,22 @@ class commentController extends comment
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
-		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
+		$oComment = CommentModel::getComment($comment_srl, false, false);
+		if(!$oComment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oComment->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		$module_srl = $oComment->get('module_srl');
 		if(!$module_srl)
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
 		$comment_config = ModuleModel::getModulePartConfig('comment', $module_srl);
-		if($comment_config->use_vote_down == 'N')
+		if($comment_config->use_vote_down === 'N')
 		{
 			throw new Rhymix\Framework\Exceptions\FeatureDisabled;
 		}
@@ -137,13 +160,24 @@ class commentController extends comment
 		}
 
 		$comment_srl = Context::get('target_srl');
-		if(!$comment_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
-		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);
+		if(!$comment_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		$oComment = CommentModel::getComment($comment_srl, false, false);
+		if(!$oComment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oComment->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		if($oComment->get('blamed_count') >= 0)
 		{
 			throw new Rhymix\Framework\Exception('failed_blamed_canceled');
 		}
+		
 		$point = -1;
 		$output = $this->updateVotedCountCancel($comment_srl, $oComment, $point);
 
@@ -243,7 +277,16 @@ class commentController extends comment
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-
+		$oComment = CommentModel::getComment($comment_srl, false, false);
+		if(!$oComment->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oComment->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
+		
 		// if an user select message from options, message would be the option.
 		$message_option = strval(Context::get('message_option'));
 		$improper_comment_reasons = lang('improper_comment_reasons');
diff --git a/modules/comment/comment.view.php b/modules/comment/comment.view.php
index fe8cbbff7..f9e4c844b 100644
--- a/modules/comment/comment.view.php
+++ b/modules/comment/comment.view.php
@@ -80,7 +80,7 @@ class commentView extends comment
 			throw new Rhymix\Framework\Exceptions\TargetNotFound;
 		}
 		// Check permissions
-		if(!$oComment->isAccessible())
+		if(!$oComment->isAccessible(true))
 		{
 			throw new Rhymix\Framework\Exceptions\NotPermitted;
 		}
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index e584614db..fdeb62392 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -35,7 +35,6 @@ class documentController extends document
 		{
 			$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
 		}
-		
 		if($module_info->non_login_vote !== 'Y')
 		{
 			if(!Context::get('is_logged'))
@@ -45,11 +44,24 @@ class documentController extends document
 		}
 		
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);
+		if(!$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		$module_srl = $oDocument->get('module_srl');
-		if(!$module_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
-		$document_config = ModuleModel::getModulePartConfig('document',$module_srl);
-		if($document_config->use_vote_up=='N') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
+		if(!$module_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		$document_config = ModuleModel::getModulePartConfig('document', $module_srl);
+		if($document_config->use_vote_up === 'N')
+		{
+			throw new Rhymix\Framework\Exceptions\FeatureDisabled;
+		}
 
 		$point = 1;
 		$output = $this->updateVotedCount($document_srl, $point);
@@ -74,7 +86,6 @@ class documentController extends document
 		{
 			$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
 		}
-
 		if($module_info->non_login_vote !== 'Y')
 		{
 			if(!Context::get('is_logged'))
@@ -82,17 +93,25 @@ class documentController extends document
 				throw new Rhymix\Framework\Exceptions\NotPermitted;
 			}
 		}
-		
 		if($module_info->cancel_vote !== 'Y')
 		{
 			throw new Rhymix\Framework\Exception('failed_voted_cancel');
 		}
 
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);
+		if(!$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		if($oDocument->get('voted_count') <= 0)
 		{
 			throw new Rhymix\Framework\Exception('failed_voted_canceled');
 		}
+		
 		$point = 1;
 		$output = $this->updateVotedCountCancel($document_srl, $oDocument, $point);
 		if(!$output->toBool())
@@ -139,15 +158,30 @@ class documentController extends document
 		}
 
 		$document_srl = Context::get('target_srl');
-		if(!$document_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
+		if(!$document_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);
+		if(!$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		$module_srl = $oDocument->get('module_srl');
-		if(!$module_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
-		$document_config = ModuleModel::getModulePartConfig('document',$module_srl);
-		if($document_config->use_vote_down=='N') throw new Rhymix\Framework\Exceptions\FeatureDisabled;
-
+		if(!$module_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		$document_config = ModuleModel::getModulePartConfig('document', $module_srl);
+		if($document_config->use_vote_down === 'N')
+		{
+			throw new Rhymix\Framework\Exceptions\FeatureDisabled;
+		}
+		
 		$point = -1;
 		$output = $this->updateVotedCount($document_srl, $point);
 		if(!$output->toBool())
@@ -167,20 +201,30 @@ class documentController extends document
 				throw new Rhymix\Framework\Exceptions\NotPermitted;
 			}
 		}
-
 		if($this->module_info->cancel_vote !== 'Y')
 		{
 			return new Rhymix\Framework\Exception('failed_voted_canceled');
 		}
 
 		$document_srl = Context::get('target_srl');
-		if(!$document_srl) throw new Rhymix\Framework\Exceptions\InvalidRequest;
-
+		if(!$document_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);
+		if(!$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		if($oDocument->get('blamed_count') >= 0)
 		{
 			throw new Rhymix\Framework\Exception('failed_blamed_canceled');
 		}
+		
 		$point = -1;
 		$output = $this->updateVotedCountCancel($document_srl, $oDocument, $point);
 		if(!$output->toBool())
@@ -289,11 +333,20 @@ class documentController extends document
 			throw new Rhymix\Framework\Exceptions\MustLogin;
 		}
 
-		$document_srl = intval(Context::get('target_srl'));
+		$document_srl = Context::get('target_srl');
 		if(!$document_srl)
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
+		$oDocument = DocumentModel::getDocument($document_srl, false, false);
+		if(!$oDocument->isExists())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 
 		// if an user select message from options, message would be the option.
 		$message_option = strval(Context::get('message_option'));
@@ -321,15 +374,21 @@ class documentController extends document
 		{
 			throw new Rhymix\Framework\Exceptions\MustLogin;
 		}
-		
-		$document_srl = intval(Context::get('target_srl'));
 
-		$oDocument = DocumentModel::getDocument($document_srl);
+		$document_srl = Context::get('target_srl');
+		if(!$document_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+		$oDocument = DocumentModel::getDocument($document_srl, false, false);
 		if(!$oDocument->isExists())
 		{
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
-		
+		if(!$oDocument->isAccessible(true))
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
 		$module_info = ModuleModel::getModuleInfoByDocumentSrl($document_srl);
 		if($module_info->cancel_vote !== 'Y')
 		{
diff --git a/modules/document/document.view.php b/modules/document/document.view.php
index 0d9af378b..010567da9 100644
--- a/modules/document/document.view.php
+++ b/modules/document/document.view.php
@@ -238,7 +238,7 @@ class documentView extends document
 			throw new Rhymix\Framework\Exceptions\TargetNotFound;
 		}
 		// Check permissions
-		if(!$oDocument->isAccessible())
+		if(!$oDocument->isAccessible(true))
 		{
 			throw new Rhymix\Framework\Exceptions\NotPermitted;
 		}