From b125b4684a5e85a5bdde25f776b822d3a9c1bafc Mon Sep 17 00:00:00 2001
From: Min-Soo Kim <misol.kr@gmail.com>
Date: Wed, 23 Dec 2020 21:28:53 +0900
Subject: [PATCH] =?UTF-8?q?=ED=86=B5=ED=95=A9=EA=B2=80=EC=83=89=20?=
 =?UTF-8?q?=EB=AA=A8=EB=93=88=EC=97=90=EC=84=9C=20=EA=B2=80=EC=83=89?=
 =?UTF-8?q?=EC=96=B4=EA=B0=80=20=EC=9D=B4=EC=A4=91=EC=9C=BC=EB=A1=9C=20esc?=
 =?UTF-8?q?ape=20=EB=90=98=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=20(#1518)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 통합검색 모듈에서 검색어가 이중으로 escape 되는 문제 수정
* 파일 검색시에도 'search' operator 사용하도록 수정
---
 modules/file/file.admin.model.php             | 20 +++++++++----------
 modules/file/queries/getFileList.xml          |  8 ++++----
 .../queries/getFileListByTargetStatus.xml     | 10 +++++-----
 .../integration_search.view.php               |  7 ++++---
 4 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/modules/file/file.admin.model.php b/modules/file/file.admin.model.php
index 1bb074c63..b164d5458 100644
--- a/modules/file/file.admin.model.php
+++ b/modules/file/file.admin.model.php
@@ -10,7 +10,7 @@ class fileAdminModel extends file
 	 * Initialization
 	 * @return void
 	 */
-	function init()
+	public function init()
 	{
 	}
 
@@ -62,7 +62,7 @@ class fileAdminModel extends file
 	 * @param array $columnList Column list to get from DB
 	 * @return Object Object contains query result
 	 */
-	function getFileList($obj, $columnList = array())
+	public function getFileList($obj, $columnList = array())
 	{
 		$args = new stdClass();
 		$this->_makeSearchParam($obj, $args);
@@ -75,9 +75,9 @@ class fileAdminModel extends file
 		elseif($obj->direct_download == 'N') $args->direct_download= 'N';
 		// Set variables
 		$args->sort_index = $obj->sort_index;
-		$args->page = $obj->page?$obj->page:1;
-		$args->list_count = $obj->list_count?$obj->list_count:20;
-		$args->page_count = $obj->page_count?$obj->page_count:10;
+		$args->page = $obj->page?? 1;
+		$args->list_count = $obj->list_count?? 20;
+		$args->page_count = $obj->page_count?? 10;
 		$args->s_module_srl = $obj->module_srl;
 		$args->exclude_module_srl = $obj->exclude_module_srl;
 		if(toBool($obj->exclude_secret))
@@ -124,7 +124,7 @@ class fileAdminModel extends file
 	 * @param object $obj Search options (not used...)
 	 * @return array
 	 */
-	function getFilesCountByGroupValid($obj = '')
+	public function getFilesCountByGroupValid($obj = '')
 	{
 		//$this->_makeSearchParam($obj, $args);
 
@@ -138,7 +138,7 @@ class fileAdminModel extends file
 	 * @param string $date Date string
 	 * @return int
 	 */
-	function getFilesCountByDate($date = '')
+	public function getFilesCountByDate($date = '')
 	{
 		$args = new stdClass();
 		if($date)
@@ -162,11 +162,11 @@ class fileAdminModel extends file
 	 * @param object $args Result searach options
 	 * @return void
 	 */
-	function _makeSearchParam(&$obj, &$args)
+	protected function _makeSearchParam(&$obj, &$args)
 	{
 		// Search options
-		$search_target = $obj->search_target?$obj->search_target:trim(Context::get('search_target'));
-		$search_keyword = $obj->search_keyword?$obj->search_keyword:trim(Context::get('search_keyword'));
+		$search_target = $obj->search_target ?? trim(Context::get('search_target'));
+		$search_keyword = $obj->search_keyword ?? trim(Context::get('search_keyword'));
 
 		if($search_target && $search_keyword)
 		{
diff --git a/modules/file/queries/getFileList.xml b/modules/file/queries/getFileList.xml
index 9faf6fb1e..43461e9fd 100644
--- a/modules/file/queries/getFileList.xml
+++ b/modules/file/queries/getFileList.xml
@@ -20,15 +20,15 @@
         <condition operation="equal" column="files.direct_download" var="direct_download" pipe="and" />
 		<condition operation="below" column="files.regdate" var="regdate_before" pipe="and" />
         <group pipe="and">
-            <condition operation="like" column="files.source_filename" var="s_filename" pipe="or" />
+            <condition operation="search" column="files.source_filename" var="s_filename" pipe="or" />
             <condition operation="more" column="files.file_size" var="s_filesize_more" pipe="or" />
             <condition operation="less" column="files.file_size" var="s_filesize_less" pipe="or" />
             <condition operation="more" column="files.download_count" var="s_download_count" pipe="or" />
             <condition operation="like_prefix" column="files.regdate" var="s_regdate" pipe="or" />
             <condition operation="like_prefix" column="files.ipaddress" var="s_ipaddress" pipe="or" />
-            <condition operation="like" column="member.user_id" var="s_user_id" pipe="or" />
-            <condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
-            <condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="search" column="member.user_id" var="s_user_id" pipe="or" />
+            <condition operation="search" column="member.user_name" var="s_user_name" pipe="or" />
+            <condition operation="search" column="member.nick_name" var="s_nick_name" pipe="or" />
         </group>
     </conditions>
     <navigation>
diff --git a/modules/file/queries/getFileListByTargetStatus.xml b/modules/file/queries/getFileListByTargetStatus.xml
index 7092da25f..999d87e02 100644
--- a/modules/file/queries/getFileListByTargetStatus.xml
+++ b/modules/file/queries/getFileListByTargetStatus.xml
@@ -1,4 +1,4 @@
-<query id="getFileList" action="select">
+<query id="getFileListByTargetStatus" action="select">
     <tables>
         <table name="files" alias="files" />
         <table name="member" type="left join">
@@ -35,15 +35,15 @@
 			<condition operation="null" column="comments.is_secret" pipe="or" />
 		</group>
         <group pipe="and">
-            <condition operation="like" column="files.source_filename" var="s_filename" pipe="or" />
+            <condition operation="search" column="files.source_filename" var="s_filename" pipe="or" />
             <condition operation="more" column="files.file_size" var="s_filesize_more" pipe="or" />
             <condition operation="less" column="files.file_size" var="s_filesize_less" pipe="or" />
             <condition operation="more" column="files.download_count" var="s_download_count" pipe="or" />
             <condition operation="like_prefix" column="files.regdate" var="s_regdate" pipe="or" />
             <condition operation="like_prefix" column="files.ipaddress" var="s_ipaddress" pipe="or" />
-            <condition operation="like" column="member.user_id" var="s_user_id" pipe="or" />
-            <condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
-            <condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="search" column="member.user_id" var="s_user_id" pipe="or" />
+            <condition operation="search" column="member.user_name" var="s_user_name" pipe="or" />
+            <condition operation="search" column="member.nick_name" var="s_nick_name" pipe="or" />
         </group>
     </conditions>
     <navigation>
diff --git a/modules/integration_search/integration_search.view.php b/modules/integration_search/integration_search.view.php
index 2b9ec9b5e..080b79f2e 100644
--- a/modules/integration_search/integration_search.view.php
+++ b/modules/integration_search/integration_search.view.php
@@ -23,7 +23,7 @@ class integration_searchView extends integration_search
 	 *
 	 * @return void
 	 */
-	function init()
+	public function init()
 	{
 	}
 
@@ -32,7 +32,7 @@ class integration_searchView extends integration_search
 	 *
 	 * @return Object
 	 */
-	function IS()
+	public function IS()
 	{
 		$oFile = getClass('file');
 		$oModuleModel = getModel('module');
@@ -114,7 +114,8 @@ class integration_searchView extends integration_search
 
 		// Set a variable for search keyword
 		$is_keyword = Context::get('is_keyword');
-		$is_keyword = escape(trim(utf8_normalize_spaces($is_keyword)));
+		// As the variables from GET or POST will be escaped by setRequestArguments method at Context class, the double_escape variable should be "FALSE", and also the escape function might be useful when this method was called from the other way (for not escaped keyword).
+		$is_keyword = escape(trim(utf8_normalize_spaces($is_keyword)), false);
 		if (mb_strlen($is_keyword, 'UTF-8') > 40)
 		{
 			$is_keyword = mb_substr($is_keyword, 0, 40);