From 715ec4688cba16c68819d925355ae9222a517aec Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:08:55 +0900 Subject: [PATCH 01/17] Update point.controller.php --- modules/point/point.controller.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/point/point.controller.php b/modules/point/point.controller.php index 3e7cdc3c1..3337b5514 100644 --- a/modules/point/point.controller.php +++ b/modules/point/point.controller.php @@ -420,10 +420,12 @@ class pointController extends point // Get the defaul configurations of the Point Module $config = $oModuleModel->getModuleConfig('point'); // When the requested points are negative, compared it with the current point + $_SESSION['banned_document'][$obj->document_srl] = false; if($config->disable_read_document == 'Y' && $point < 0 && abs($point)>$cur_point) { $message = sprintf(Context::getLang('msg_disallow_by_point'), abs($point), $cur_point); $obj->add('content', $message); + $_SESSION['banned_document'][$obj->document_srl] = true; return new Object(-1, $message); } // If not logged in, pass From 238e54e27e1a0664d20eabe047795fc62e75eaba Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:09:48 +0900 Subject: [PATCH 02/17] Update document.controller.php --- modules/document/document.controller.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index accc182e3..65bc3484f 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -876,7 +876,10 @@ class documentController extends document } // Register session - $_SESSION['readed_document'][$document_srl] = true; + if(!$_SESSION['banned_document'][$document_srl]) + { + + $_SESSION['readed_document'][$document_srl] = true; + + } return TRUE; } From ad0d5a6a98531e58423794804f577215cf8e29c9 Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Thu, 22 Jan 2015 00:01:24 +0900 Subject: [PATCH 03/17] Update document.controller.php --- modules/document/document.controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 65bc3484f..f69cccedf 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -878,8 +878,8 @@ class documentController extends document // Register session if(!$_SESSION['banned_document'][$document_srl]) { - + $_SESSION['readed_document'][$document_srl] = true; - + } + $_SESSION['readed_document'][$document_srl] = true; + } return TRUE; } From 9f618fc33130f796ef901c23051b139829fd5e41 Mon Sep 17 00:00:00 2001 From: akasima Date: Wed, 11 Feb 2015 13:11:37 +0900 Subject: [PATCH 04/17] #603 site map folders set folded state --- modules/menu/tpl/css/sitemap.css | 3 ++ modules/menu/tpl/sitemap.html | 77 +++++++++++++++++++++++++++++++- 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/modules/menu/tpl/css/sitemap.css b/modules/menu/tpl/css/sitemap.css index d44e61b5b..d10971b5b 100644 --- a/modules/menu/tpl/css/sitemap.css +++ b/modules/menu/tpl/css/sitemap.css @@ -46,6 +46,9 @@ body>.x{max-width:none !important} .col>*>h1>a[target="_blank"]:after{vertical-align:middle;opacity:.75;filter:alpha(opacity=75)} .col>*>h1>a:hover, .col>*>h1>a:focus{color:#06C} +.col #menu_find{height:32px} +.col #menu_find input[type="text"]{margin-bottom: 0} +.col #menu_find button[type="button"]{visibility: hidden} .col>.x_close{position:absolute;top:0;right:0;width:30px;height:30px;color:#666;font-size:17px;opacity:.75;filter:alpha(opacity=75)} .col input[type="checkbox"], .col input[type="radio"]{margin:0} diff --git a/modules/menu/tpl/sitemap.html b/modules/menu/tpl/sitemap.html index 9c3794fc2..5ab616fad 100644 --- a/modules/menu/tpl/sitemap.html +++ b/modules/menu/tpl/sitemap.html @@ -22,6 +22,11 @@

{$lang->menu_gnb_sub['siteMap']} {$lang->help}

+
\ No newline at end of file From 7cbb4d59ac4cef71e3b6f2b0c5e054aa12a32bf4 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 15:58:47 +0900 Subject: [PATCH 06/17] =?UTF-8?q?#1198=20=EC=9E=84=EC=8B=9C=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=EA=B8=80=EC=9D=B4=20=ED=91=9C=EC=8B=9C=EB=90=98?= =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EA=B2=8C=20=ED=95=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 권한이 있는 사람들만 임시 저장글을 VIEW 에서 볼 수 있게 수정 --- modules/board/board.view.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 97465b585..96a103f9d 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -267,6 +267,16 @@ class boardView extends board } } + // if the document is TEMP saved, check Grant + if($oDocument->getStatus() == 'TEMP') + { + $logged_info = Context::get('logged_info'); + if(!$oDocument->isGranted()) + { + $oDocument = $oDocumentModel->getDocument(0); + } + } + } else { From c9c98d6cae9821b8f8b6edefa72ec3c79c9ce000 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 16:04:50 +0900 Subject: [PATCH 07/17] =?UTF-8?q?#1198=20=EC=9D=98=EB=AF=B8=20=EC=97=86?= =?UTF-8?q?=EB=8A=94=20=EC=BD=94=EB=93=9C=20=ED=95=9C=20=EC=A4=84=20?= =?UTF-8?q?=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/board/board.view.php | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 96a103f9d..18aeed71a 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -270,7 +270,6 @@ class boardView extends board // if the document is TEMP saved, check Grant if($oDocument->getStatus() == 'TEMP') { - $logged_info = Context::get('logged_info'); if(!$oDocument->isGranted()) { $oDocument = $oDocumentModel->getDocument(0); From d3fba73ae6ab78df4da2ae18d7d9bb72b3021b68 Mon Sep 17 00:00:00 2001 From: bnu Date: Mon, 16 Feb 2015 17:42:59 +0900 Subject: [PATCH 08/17] =?UTF-8?q?fix=20#1262=20-=20parameter=20key?= =?UTF-8?q?=EB=A5=BC=20=ED=86=B5=ED=95=9C=20XSS=20=EB=B0=A9=EC=A7=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- classes/context/Context.class.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 1ed44854d..2f8ca22e6 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -367,6 +367,8 @@ class Context $this->allow_rewrite = ($this->db_info->use_rewrite == 'Y' ? TRUE : FALSE); // set locations for javascript use + $url = array(); + $current_url = self::getRequestUri(); if($_SERVER['REQUEST_METHOD'] == 'GET') { if($this->get_vars) @@ -386,17 +388,21 @@ class Context $url[] = $key . '=' . urlencode($val); } } - $this->set('current_url', self::getRequestUri() . '?' . join('&', $url)); + + $current_url = self::getRequestUri(); + if($url) $current_url .= '?' . join('&', $url); } else { - $this->set('current_url', $this->getUrl()); + $current_url = $this->getUrl(); } } else { - $this->set('current_url', self::getRequestUri()); + $current_url = self::getRequestUri(); } + + $this->set('current_url', $current_url); $this->set('request_uri', self::getRequestUri()); } @@ -1157,6 +1163,7 @@ class Context { continue; } + $key = htmlentities($key); $val = $this->_filterRequestVar($key, $val); if($requestMethod == 'GET' && isset($_GET[$key])) From 9277b9a3f184b3222dca378855fe3d86687e9732 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Tue, 17 Feb 2015 12:42:22 +0900 Subject: [PATCH 09/17] =?UTF-8?q?#944=20=EC=B6=94=EA=B0=80,=20=ED=8F=AC?= =?UTF-8?q?=EC=9D=B8=ED=8A=B8=20=EB=AA=A8=EB=93=88=20=EC=84=A4=EC=B9=98?= =?UTF-8?q?=EC=8B=9C=20=ED=8A=B8=EB=A6=AC=EA=B1=B0=20=EC=84=A4=EC=B9=98=20?= =?UTF-8?q?=EC=95=88=ED=95=98=EB=8F=84=EB=A1=9D=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 포인트 모듈 설치시는 트리거를 설치할 필요가 없다. --- modules/point/point.class.php | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/modules/point/point.class.php b/modules/point/point.class.php index f4c018ad5..7894854f8 100644 --- a/modules/point/point.class.php +++ b/modules/point/point.class.php @@ -70,24 +70,6 @@ class point extends ModuleObject // Cash act list for faster execution $oPointController = getAdminController('point'); $oPointController->cacheActList(); - // Add a trigger for registration/insert document/insert comment/upload a file/download - $oModuleController->insertTrigger('member.insertMember', 'point', 'controller', 'triggerInsertMember', 'after'); - $oModuleController->insertTrigger('document.insertDocument', 'point', 'controller', 'triggerInsertDocument', 'after'); - $oModuleController->insertTrigger('document.deleteDocument', 'point', 'controller', 'triggerBeforeDeleteDocument', 'before'); - $oModuleController->insertTrigger('document.deleteDocument', 'point', 'controller', 'triggerDeleteDocument', 'after'); - $oModuleController->insertTrigger('comment.insertComment', 'point', 'controller', 'triggerInsertComment', 'after'); - $oModuleController->insertTrigger('comment.deleteComment', 'point', 'controller', 'triggerDeleteComment', 'after'); - $oModuleController->insertTrigger('file.insertFile', 'point', 'controller', 'triggerInsertFile', 'after'); - $oModuleController->insertTrigger('file.deleteFile', 'point', 'controller', 'triggerDeleteFile', 'after'); - $oModuleController->insertTrigger('file.downloadFile', 'point', 'controller', 'triggerBeforeDownloadFile', 'before'); - $oModuleController->insertTrigger('file.downloadFile', 'point', 'controller', 'triggerDownloadFile', 'after'); - $oModuleController->insertTrigger('member.doLogin', 'point', 'controller', 'triggerAfterLogin', 'after'); - $oModuleController->insertTrigger('module.dispAdditionSetup', 'point', 'view', 'triggerDispPointAdditionSetup', 'after'); - $oModuleController->insertTrigger('document.updateReadedCount', 'point', 'controller', 'triggerUpdateReadedCount', 'after'); - // Add a trigger for voting up and down 2008.05.13 haneul - $oModuleController->insertTrigger('document.updateVotedCount', 'point', 'controller', 'triggerUpdateVotedCount', 'after'); - // Add a trigger for using points for permanent saving of a temporarily saved document 2009.05.19 zero - $oModuleController->insertTrigger('document.updateDocument', 'point', 'controller', 'triggerUpdateDocument', 'before'); return new Object(); } From 510fc05c1f1ac9b7739ce7c9f9d6846434baac22 Mon Sep 17 00:00:00 2001 From: bnu Date: Tue, 17 Feb 2015 14:51:51 +0900 Subject: [PATCH 10/17] fix #1246 --- common/tpl/redirect.html | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/common/tpl/redirect.html b/common/tpl/redirect.html index 72a28491c..e785edf71 100644 --- a/common/tpl/redirect.html +++ b/common/tpl/redirect.html @@ -5,8 +5,9 @@ - \ No newline at end of file + From 8c32b15967500cf824842253c1f9777602789870 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 15:58:47 +0900 Subject: [PATCH 11/17] =?UTF-8?q?#1198=20=EC=9E=84=EC=8B=9C=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=EA=B8=80=EC=9D=B4=20=ED=91=9C=EC=8B=9C=EB=90=98?= =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EA=B2=8C=20=ED=95=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 권한이 있는 사람들만 임시 저장글을 VIEW 에서 볼 수 있게 수정 --- modules/board/board.view.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 97465b585..96a103f9d 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -267,6 +267,16 @@ class boardView extends board } } + // if the document is TEMP saved, check Grant + if($oDocument->getStatus() == 'TEMP') + { + $logged_info = Context::get('logged_info'); + if(!$oDocument->isGranted()) + { + $oDocument = $oDocumentModel->getDocument(0); + } + } + } else { From 685486c86ef6fd54ae4c9907bb73a456e6c74490 Mon Sep 17 00:00:00 2001 From: MinSoo Kim Date: Mon, 16 Feb 2015 16:04:50 +0900 Subject: [PATCH 12/17] =?UTF-8?q?#1198=20=EC=9D=98=EB=AF=B8=20=EC=97=86?= =?UTF-8?q?=EB=8A=94=20=EC=BD=94=EB=93=9C=20=ED=95=9C=20=EC=A4=84=20?= =?UTF-8?q?=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/board/board.view.php | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 96a103f9d..18aeed71a 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -270,7 +270,6 @@ class boardView extends board // if the document is TEMP saved, check Grant if($oDocument->getStatus() == 'TEMP') { - $logged_info = Context::get('logged_info'); if(!$oDocument->isGranted()) { $oDocument = $oDocumentModel->getDocument(0); From 9e678a8da9712f57018f6dc4b286e285a456ed3a Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:08:55 +0900 Subject: [PATCH 13/17] Update point.controller.php --- modules/point/point.controller.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/point/point.controller.php b/modules/point/point.controller.php index 3e7cdc3c1..3337b5514 100644 --- a/modules/point/point.controller.php +++ b/modules/point/point.controller.php @@ -420,10 +420,12 @@ class pointController extends point // Get the defaul configurations of the Point Module $config = $oModuleModel->getModuleConfig('point'); // When the requested points are negative, compared it with the current point + $_SESSION['banned_document'][$obj->document_srl] = false; if($config->disable_read_document == 'Y' && $point < 0 && abs($point)>$cur_point) { $message = sprintf(Context::getLang('msg_disallow_by_point'), abs($point), $cur_point); $obj->add('content', $message); + $_SESSION['banned_document'][$obj->document_srl] = true; return new Object(-1, $message); } // If not logged in, pass From 6050f638869b217ae9f3053fb88efb89548df03d Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Wed, 21 Jan 2015 23:09:48 +0900 Subject: [PATCH 14/17] Update document.controller.php --- modules/document/document.controller.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 4a2bedfd0..b3d26e818 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -876,7 +876,10 @@ class documentController extends document } // Register session - $_SESSION['readed_document'][$document_srl] = true; + if(!$_SESSION['banned_document'][$document_srl]) + { + + $_SESSION['readed_document'][$document_srl] = true; + + } return TRUE; } From 238180b575a466f17487650d4687f6c85fe58cbf Mon Sep 17 00:00:00 2001 From: sejin7940 Date: Thu, 22 Jan 2015 00:01:24 +0900 Subject: [PATCH 15/17] Update document.controller.php --- modules/document/document.controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index b3d26e818..05f9ecafc 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -878,8 +878,8 @@ class documentController extends document // Register session if(!$_SESSION['banned_document'][$document_srl]) { - + $_SESSION['readed_document'][$document_srl] = true; - + } + $_SESSION['readed_document'][$document_srl] = true; + } return TRUE; } From 6aea065f131d4ed22a5ea2177cc59f4716a6bee3 Mon Sep 17 00:00:00 2001 From: bnu Date: Tue, 17 Feb 2015 14:56:49 +0900 Subject: [PATCH 16/17] version up to 1.7.11 --- config/config.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.inc.php b/config/config.inc.php index 5a4ec825f..d566e24dc 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -29,7 +29,7 @@ define('__ZBXE__', __XE__); /** * Display XE's full version. */ -define('__XE_VERSION__', '1.7.10'); +define('__XE_VERSION__', '1.7.11'); define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false)); define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false)); define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false)); From 39f8c9ce4270886abd064ccf32dc44490ccd112d Mon Sep 17 00:00:00 2001 From: YJSoft Date: Wed, 18 Feb 2015 19:49:16 +0900 Subject: [PATCH 17/17] =?UTF-8?q?#1281=20=EC=9E=98=EB=AA=BB=20=EC=82=AC?= =?UTF-8?q?=EC=9A=A9=ED=95=9C=20ini=5Fget=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ini_get은 인자로 string을 넘겨줘야 함에도 따옴표로 감싸지 않아 string으로 전달이 되지 않아 해당 ini값을 잘못 가져오는 문제가 있습니다. 따라서 session.auto_start값이 정상 체크되지 않아 XE 사용에 문제가 있을 수 있습니다. --- modules/install/install.controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/install/install.controller.php b/modules/install/install.controller.php index 2add76494..015b06968 100644 --- a/modules/install/install.controller.php +++ b/modules/install/install.controller.php @@ -355,7 +355,7 @@ class installController extends install if(function_exists('xml_parser_create')) $checklist['xml'] = true; else $checklist['xml'] = false; // 3. Check if ini_get (session.auto_start) == 1 - if(ini_get(session.auto_start)!=1) $checklist['session'] = true; + if(ini_get('session.auto_start')!=1) $checklist['session'] = true; else $checklist['session'] = false; // 4. Check if iconv exists if(function_exists('iconv')) $checklist['iconv'] = true;