on* 자바스크립트 이벤트 처리방법을 변경하여 에디터 컴포넌트의 오류 수정. xe_default, 에디터 스킨의 position 스타일로 인한 문제 해결

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@4822 201d5d3c-b55e-5fd7-737f-ddc643e51545

config/func.inc.php

@@ -474,8 +474,11 @@
     }
 
     function removeJSEvent($matches) {
-        if(preg_match('/(src|href|lowsrc|dynsrc)=("|\'?)([\r\n]*)javascript/is',$matches[2])) $matches[0] = preg_replace('/(src|href|lowsrc|dynsrc)=("|\'?)([\r\n]*)javascript/is','$1=$2_javascript', $matches[0]);
-        return preg_replace('/([\r\n ]*)on([a-z]+)=/is',' _on$2=',$matches[0]);
+        $content = $matches[0];
+        if(preg_match('/(src|href|lowsrc|dynsrc)=("|\'?)([\r\n]*)(vbscript|javascript)/is',$matches[2])) $content = preg_replace('/(src|href|lowsrc|dynsrc)=("|\'?)([\r\n]*)(vbscript|javascript)/is','$1=$2_$4', $content);
+        $content = preg_replace('/([\r\n ]*)on([a-z]+)=/is',' _on$2=',$content);
+        $content = preg_replace('/_onclick=("|\')window\.open\(this\.href\);(.?)return false;("|\')/i','onclick=$1window.open(this.href);$2return false;$3',$content);
+        return str_replace('editor_comp _onent', 'editor_component', $content);
     }
 
     function removeSrcHack($matches) {
@@ -500,7 +503,6 @@
 
     function _isHackedSrc($src) {
         if(!$src) return false;
-        if($src && preg_match('/javascript:/i',$src)) return true;
         if($src) {
             $url_info = parse_url($src);
             $query = $url_info['query'];

modules/board/skins/xe_default/css/board.css

@@ -1,7 +1,7 @@
 @charset "utf-8"; 
 /* NHN > UIT Center > Open UI Platform Team > Jeong Chan Myeong(dece24@nhncorp.com) */
 
-/* Zeroboard XE */
+/* XE */
 
 /* Board Reset */
 .board{ font-family:Sans-serif; line-height:normal; font-size:1.1em;}
@@ -22,20 +22,20 @@
 .boardHeader .boardTitleText{ float:left; clear:both; margin-bottom:-3px; padding:5px 15px 5px 22px; border-bottom:3px solid; background-repeat:no-repeat; background-position:right bottom;}
 .boardHeader .boardTitleText a{ text-decoration:none;}
 .boardHeader .boardTitleText em{ font-style:normal; font-weight:normal;}
-.boardHeader .boardDescription{ ; padding:7px 15px; -moz-border-radius:3px; -webkit-border-radius:3px; }
+.boardHeader .boardDescription{ padding:7px 15px; -moz-border-radius:3px; -webkit-border-radius:3px; position:relative;}
 
 /* Board Information */
-.boardInformation{ ; width:100%; padding:10px 0; font-size:.85em; line-height:normal; *zoom:1;}
+.boardInformation{width:100%; padding:10px 0; font-size:.85em; line-height:normal; *zoom:1;}
 .boardInformation *{ margin:0; padding:0;}
 .boardInformation:after{ content:""; display:block; float:none; clear:both;}
-.boardInformation ul{ ; overflow:hidden;}
-.boardInformation li{ list-style:none; ; left:-1px; display:block; float:left; padding:0 7px; background-repeat:no-repeat; background-position:left center;}
+.boardInformation ul{ overflow:hidden;}
+.boardInformation li{ list-style:none; left:-1px; display:block; float:left; padding:0 7px; background-repeat:no-repeat; background-position:left center;}
 .boardInformation strong{ font:bold 11px Tahoma;}
 .boardInformation .infoLeft{ padding-left:18px; float:left; background-repeat:no-repeat; background-position:left center;}
 .boardInformation .infoRight{ float:right;}
 .boardInformation .infoRight li.icon{ padding:0; margin-right:3px;}
 .boardInformation .infoRight li.icon a{ display:block; float:left; width:12px; height:12px; overflow:hidden; background-repeat:no-repeat;}
-.boardInformation .infoRight li.icon a span{ display:block; width:12px; height:12px; ; z-index:-1; visibility:hidden;}
+.boardInformation .infoRight li.icon a span{ display:block; width:12px; height:12px; z-index:-1; visibility:hidden;}
 .boardInformation .infoRight li.rss a{ background-position:0 0;}
 .boardInformation .infoRight li.tag_info a{ background-position:-12px 0;}
 .boardInformation .infoRight li.listTypeClassic a{ background-position:-24px 0;}
@@ -46,7 +46,7 @@
 /* Board List Form */
 .boardListForm{ margin:0; line-height:normal;}
 .boardListForm *{ margin:0; padding:0;}
-.boardListForm fieldset{ border:0; ; clear:both;}
+.boardListForm fieldset{ border:0; clear:both;}
 .boardListForm fieldset:after{ content:""; display:block; float:none; clear:both;}
 .boardListForm legend{ position:absolute; width:0; height:0; overflow:hidden; font:0/0 Sans-serif; visibility:hidden;}
 .boardListForm em,
@@ -66,7 +66,7 @@
 .boardList td.num{ font:11px Tahoma;}
 .boardList td.check{ font:11px Tahoma;}
 .boardList td .category{ padding-right:7px; margin-right:2px; background-repeat:no-repeat; background-position:right center;}
-.boardList td.title{ width:100%; white-space:normal; text-align:left;}
+.boardList td.title { width:100%; white-space:normal; text-align:left;}
 .boardList td.title img{ vertical-align:middle; margin:0 1px;}
 .boardList td.title .replyNum{ font:11px Tahoma;}
 .boardList td.title .replyNum sup{ font:10px Tahoma;}
@@ -75,7 +75,7 @@
 .boardList td.reading{ font:11px Tahoma;}
 .boardList td.recommend{ font:11px Tahoma;}
 .boardList td.date{ font:11px Tahoma;}
-.boardList td .replyAnchor{ ; margin-right:10px; font-size:.9em;}
+.boardList td .replyAnchor{ margin-right:10px; font-size:.9em;}
 .boardList td .replyAnchor .bubble{ display:none; position:absolute; font:9px Tahoma; top:-7px; right:4px; text-decoration:none;}
 .boardList td .replyAnchor:hover .bubble,
 .boardList td .replyAnchor:active .bubble,
@@ -101,8 +101,8 @@
 .thumbList{ border-bottom:1px solid; *zoom:1;}
 .thumbList:after{ content:""; display:block; clear:both;}
 .thumbList li{ margin:10px; list-style:none; overflow:hidden; float:left;}
-.thumbList li .thumb{ ; float:left; clear:both; overflow:hidden; padding:2px; margin-bottom:5px; border:1px solid;}
-.thumbList li .thumb a{ ; display:block;}
+.thumbList li .thumb{ float:left; clear:both; overflow:hidden; padding:2px; margin-bottom:5px; border:1px solid;}
+.thumbList li .thumb a{ display:block;}
 .thumbList li .thumb a *{ cursor:pointer;}
 .thumbList li .thumb a img{ display:block;}
 .thumbList li .thumb a .text{ position:absolute; left:0; top:50%; margin-top:-.8em; *margin-top:-1.5em; display:block; width:100%; text-align:center; font-size:2em; font-weight:bold; white-space:nowrap; letter-spacing:-1px;}
@@ -115,7 +115,7 @@
 .thumbList li .date{ font:11px Tahoma;}
 
 /* Board Navigation */
-.board .boardNavigation{ ; padding:10px 0; *zoom:1; text-align:center;}
+.board .boardNavigation{ padding:10px 0; *zoom:1; text-align:center;}
 .board .boardNavigation:after{ content:""; display:block; float:none; clear:both;}
 .board .boardNavigation .pagination{ padding:5px 0;}
 .board .boardNavigation .buttonLeft{ float:left; text-align:left;}
@@ -124,7 +124,7 @@
 /* Search Form */
 .boardSearchForm{ margin:0; font-size:.75em; line-height:normal;}
 .boardSearchForm *{ margin:0; padding:0;}
-.boardSearchForm fieldset{ border:0; ; clear:both; text-align:center;}
+.boardSearchForm fieldset{ border:0; clear:both; text-align:center;}
 .boardSearchForm fieldset:after{ content:""; display:block; float:none; clear:both;}
 .boardSearchForm fieldset *{ vertical-align:middle;}
 .boardSearchForm legend{ position:absolute; width:0; height:0; overflow:hidden; font:0/0 Sans-serif; visibility:hidden;}
@@ -138,7 +138,7 @@
 .boardReadHeader:after{ content:""; display:block; float:none; clear:both;}
 .boardReadHeader *{ margin:0; padding:0;}
 .boardReadHeader .title{ float:left; font-size:1.5em;}
-.boardReadHeader em{ ; top:5px; float:right; font-style:normal; font-weight:bold; font-size:1em;}
+.boardReadHeader em{ top:5px; float:right; font-style:normal; font-weight:bold; font-size:1em;}
 .boardReadHeader a{ font-weight:bold; font-size:1em;}
 
 .boardReadBody{ padding-bottom:15px; border-bottom:1px solid; line-height:1.5em; overflow:hidden;}
@@ -197,7 +197,7 @@
 .attachedFile{ margin:0; padding:0; border:none; clear:both;}
 .item .attachedFile{ position:absolute; left:0; bottom:0;}
 .reply .attachedFile{ position:absolute; left:10px; bottom:0;}
-.attachedFile *{ ; font-size:11px; font-family:Tahoma; display:inline;}
+.attachedFile *{ font-size:11px; font-family:Tahoma; display:inline;}
 .attachedFile dt{ z-index:2; display:inline; font-weight:bold;}
 .attachedFile dd{ z-index:1; left:-5px; display:inline; padding-left:12px; *zoom:1; background:url(../images/common/iconFile.gif) no-repeat left 3px; }
 .attachedFile dd a{ text-decoration:underline; }
@@ -208,11 +208,11 @@
 
 .replyForm{ padding:10px 20px 15px 20px; font-size:.75em; margin-bottom:20px; -moz-border-radius:10px; -webkit-border-radius:10px;}
 .replyForm *{ margin:0; padding:0;}
-.replyForm fieldset{ border:0; ;}
+.replyForm fieldset{ border:0;}
 .replyForm fieldset:after{ content:""; display:block; float:none; clear:both;}
 .replyForm legend{ position:absolute; width:0; height:0; overflow:hidden; font:0/0 Sans-serif; visibility:hidden;}
 .replyForm .title{ font-weight:bold; font-size:1.5em; margin-bottom:10px;}
-.replyForm textarea{ ; width:95%; height:150px; font-size:1em; overflow:auto; padding:10px; margin-bottom:10px;}
+.replyForm textarea{ width:95%; height:150px; font-size:1em; overflow:auto; padding:10px; margin-bottom:10px;}
 .replyForm .inputText{ padding:2px 4px 4px 4px; width:190px; height:15px; vertical-align:middle; *margin:-1px 0;}
 .replyForm dl{ margin-bottom:10px;}
 .replyForm dt{ width:80px; float:left; padding-top:6px; font-weight:bold;}
@@ -221,16 +221,17 @@
 /* Board Write */
 .boardWrite *{ margin:0; padding:0;}
 .boardWrite li{ list-style:none;}
-.boardWrite fieldset{ border:0; ;}
+.boardWrite fieldset{ border:0;}
 .boardWrite legend{ position:absolute; width:0; height:0; overflow:hidden; font:0/0 Sans-serif; visibility:hidden;}
 
-.boardWrite .boardWriteHeader{ ;}
-.boardWrite .boardWriteHeader dl{ margin-bottom:5px;}
+.boardWrite .boardWriteHeader{ }
+.boardWrite .boardWriteHeader dl{ margin-bottom:5px; position:relative; }
 .boardWrite .boardWriteHeader dl *{ vertical-align:middle;}
 .boardWrite .boardWriteHeader dt{ font-weight:bold; display:inline;}
 .boardWrite .boardWriteHeader dd{ display:inline;}
 .boardWrite .boardWriteHeader dd select{ font-size:12px; vertical-align:top; height:23px;}
 .boardWrite .boardWriteHeader dd .inputText{ padding:3px 4px; height:15px; margin-bottom:5px; font-size:12px; *margin-top:-1px;}
+.boardWrite .boardWriteHeader dd select { *margin-top:3px; }
 
 .boardWrite .boardWriteHeader dl.title dd{ white-space:nowrap;}
 .boardWrite .boardWriteHeader dl.title dd .inputText{ width:60%;}
@@ -246,7 +247,7 @@
 /* UserName & Password */
 .board .userNameAndPw{ margin:0; padding:5px 10px 0 10px; border-top:1px solid;}
 .board .userNameAndPw dl{ display:inline; white-space:nowrap;}
-.board .userNameAndPw dt{ ; top:-3px; font-weight:bold; display:inline;}
+.board .userNameAndPw dt{ top:-3px; font-weight:bold; display:inline;}
 .board .userNameAndPw dd{ margin-right:5px; display:inline;}
 .board .userNameAndPw dd .inputText{}
 .board .userNameAndPw dd.userName .inputText{ width:70px;}

modules/comment/comment.item.php

@@ -175,9 +175,6 @@
 
             $content = $this->get('content');
 
-            // url에 대해서 정규표현식으로 치환
-            //$content = preg_replace('!([^>^"^\'^=])(http|https|ftp|mms):\/\/([^ ^<^"^\']*)!is','$1<a href="$2://$3" onclick="window.open(this.href);return false;">$2://$3</a>',' '.$content);
-
             // 이 댓글을... 팝업메뉴를 출력할 경우
             if($add_popup_menu && Context::get('is_logged') ) {
                 $content = sprintf(

modules/document/document.item.php

@@ -244,9 +244,6 @@
 
             $content = $this->get('content');
 
-            // CSRF등의 보안 취약점 문제를 막기위한 코드로 인하여 새창 띄우기 코드가 무효화 된것을 원상태로 변경
-            $content = str_replace('_onclick="window.open(this.href);return false;"','onclick="window.open(this.href);return false;"',$content);
-            
             // rewrite모듈을 사용하면 링크 재정의
             $oContext = &Context::getInstance();
             if($oContext->allow_rewrite) {

modules/editor/skins/default/css/black.css

@@ -24,7 +24,7 @@
 /* ToolBox Button Default */
 
 /* Auto Save */
-.xeEditor .editor_autosaved_message{ background:#333; border-color:#666;}
+.xeEditor .editor_autosaved_message{ background:#000; color:#aaa; }
 
 /* Edit Area */
 .xeEditor .editorBox{ border-color:#000; background:#000;}

modules/editor/skins/default/css/editor.css

@@ -205,10 +205,10 @@ a.skipToolBox:active span{ width:auto; height:auto; padding:3px 15px; font-weigh
 .toolBox .item .emoticon button:active{ background-position:-558px -42px;}
 
 /* Auto Save */
-.xeEditor .editor_autosaved_message{ display:none; border:1px solid; margin:10px 5px; padding:5px 10px; clear:both;}
+.xeEditor .editor_autosaved_message{background:none; border:none; text-align:right; clear:both; padding-right:5px; }
 
 /* Edit Area */
-.xeEditor .editorBox{ border-top:5px solid; border-bottom:5px solid; position:relative;}
+.xeEditor .editorBox{ border-bottom:5px solid; position:relative;}
 .xeEditor .editorBox .editorMargin{ margin:0 5px;}
 
 /* Editor Display */

modules/editor/skins/default/css/white.css

@@ -24,7 +24,7 @@
 /* ToolBox Button Default */
 
 /* Auto Save */
-.xeEditor .editor_autosaved_message{ background:#fafafa; border-color:#ddd;}
+.xeEditor .editor_autosaved_message{ background:#fff; color:#666; }
 
 /* Edit Area */
 .xeEditor .editorBox{ border-color:#fff; background:#fff;}

modules/editor/skins/default/editor.html

@@ -169,7 +169,7 @@
         </div>
 
         <!--@if($enable_autosave)-->
-        <p class="editor_autosaved_message" id="editor_autosaved_message_{$editor_sequence}"></p>
+        <p class="editor_autosaved_message" id="editor_autosaved_message_{$editor_sequence}">&nbsp;</p>
         <!--@end-->
 
         <!-- 에디터 출력 -->

widgets/login_info/skins/xe_official/css/white.css

@@ -1,7 +1,7 @@
 .login_white { margin:0; padding:0; border:2px solid #d9d9d9; width:196px; position:relative; _padding-top:2px; display:block;}
 *:first-child+html body#white .login_white { padding-top:2px;}
 .login_white legend { display:none; width:0; height:0; overflow:hidden; font-size:0;}
-.login_white form { position:relative; border:1px solid #cacaca; padding:11px 11px 7px 11px; width:172px;}
+.login_white form { position:relative; border:1px solid #cacaca; padding:11px 11px 7px 11px; width:172px; overflow:hidden;}
 .login_white form .idpwWrap { overflow:hidden; clear:both; width:172px;}
 .login_white form .idpw { float:left; width:110px;}
 .login_white form .idpw input { border:1px solid #c9c9c9; color:#282828; width:105px; background:#fbfbfb; padding:1px 5px; margin-bottom:2px; font:.9em Tahoma;}