mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-02 01:52:10 +09:00
Merge branch 'security/rve-2026-1'
This commit is contained in:
Kijin Sung
commit
bcda659add
6 changed files with 45 additions and 20 deletions
|
|
@ -897,7 +897,7 @@ class DocumentController extends Document
|
|||
}
|
||||
|
||||
// Handle extra vars that support file upload.
|
||||
if ($extra_item->type === 'file' && is_array($value))
|
||||
if ($extra_item->type === 'file' && $value)
|
||||
{
|
||||
$ev_output = $extra_item->uploadFile($value, $obj->document_srl, 'doc');
|
||||
if (!$ev_output->toBool())
|
||||
|
|
@ -1295,16 +1295,20 @@ class DocumentController extends Document
|
|||
if ($extra_item->type === 'file')
|
||||
{
|
||||
// New upload
|
||||
if (is_array($value) && isset($value['name']))
|
||||
if (is_array($value) && isset($value['tmp_name']))
|
||||
{
|
||||
// Delete old file
|
||||
if (isset($old_extra_vars[$idx]->value))
|
||||
{
|
||||
$fc_output = FileController::getInstance()->deleteFile($old_extra_vars[$idx]->value);
|
||||
if (!$fc_output->toBool())
|
||||
$old_file = FileModel::getFile($old_extra_vars[$idx]->value);
|
||||
if ($old_file && $old_file->upload_target_srl == $obj->document_srl)
|
||||
{
|
||||
$oDB->rollback();
|
||||
return $fc_output;
|
||||
$fc_output = FileController::getInstance()->deleteFile($old_file->file_srl);
|
||||
if (!$fc_output->toBool())
|
||||
{
|
||||
$oDB->rollback();
|
||||
return $fc_output;
|
||||
}
|
||||
}
|
||||
}
|
||||
// Insert new file
|
||||
|
|
@ -1329,21 +1333,22 @@ class DocumentController extends Document
|
|||
return $ev_output;
|
||||
}
|
||||
// Delete old file
|
||||
$fc_output = FileController::getInstance()->deleteFile($old_extra_vars[$idx]->value);
|
||||
if (!$fc_output->toBool())
|
||||
$old_file = FileModel::getFile($old_extra_vars[$idx]->value);
|
||||
if ($old_file && $old_file->upload_target_srl == $obj->document_srl)
|
||||
{
|
||||
$oDB->rollback();
|
||||
return $fc_output;
|
||||
$fc_output = FileController::getInstance()->deleteFile($old_file->file_srl);
|
||||
if (!$fc_output->toBool())
|
||||
{
|
||||
$oDB->rollback();
|
||||
return $fc_output;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Leave current file unchanged
|
||||
elseif (!$value)
|
||||
elseif (isset($old_extra_vars[$idx]->value))
|
||||
{
|
||||
if (isset($old_extra_vars[$idx]->value))
|
||||
{
|
||||
$value = $old_extra_vars[$idx]->value;
|
||||
}
|
||||
$value = $old_extra_vars[$idx]->value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -111,6 +111,7 @@ class DocumentModel extends Document
|
|||
foreach($GLOBALS['XE_EXTRA_KEYS'][$module_srl] as $idx => $key)
|
||||
{
|
||||
$document_extra_vars[$idx] = clone($key);
|
||||
$document_extra_vars[$idx]->parent_srl = $document_srl;
|
||||
|
||||
// set variable value in user language
|
||||
if(isset($document_extra_values[$idx][$user_lang_code]))
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ class Value
|
|||
public $input_id = '';
|
||||
public $input_name = '';
|
||||
public $parent_type = 'document';
|
||||
public $parent_srl = null;
|
||||
public $type = 'text';
|
||||
public $value = null;
|
||||
public $name = '';
|
||||
|
|
@ -159,7 +160,7 @@ class Value
|
|||
*/
|
||||
public function getValueHTML(): string
|
||||
{
|
||||
return self::_getTypeValueHTML($this->type, $this->value);
|
||||
return self::_getTypeValueHTML($this->type, $this->value, $this->parent_type, $this->parent_srl);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -280,7 +281,7 @@ class Value
|
|||
$values = [$value];
|
||||
}
|
||||
|
||||
// Check if a required value is empty.
|
||||
// Check that a required value is not empty.
|
||||
if ($this->is_required === 'Y')
|
||||
{
|
||||
if ($this->type === 'file' && !$value && $old_value)
|
||||
|
|
@ -298,7 +299,7 @@ class Value
|
|||
}
|
||||
}
|
||||
|
||||
// Check if a strict value is not one of the specified options.
|
||||
// Check that a strict value equals one of the specified options.
|
||||
if ($this->is_strict === 'Y' && $value)
|
||||
{
|
||||
if ($this->canHaveOptions())
|
||||
|
|
@ -321,6 +322,15 @@ class Value
|
|||
}
|
||||
}
|
||||
|
||||
// Check that a file value is actually an uploaded file.
|
||||
if ($this->type === 'file' && $value)
|
||||
{
|
||||
if (!isset($value['tmp_name']) || !is_uploaded_file($value['tmp_name']))
|
||||
{
|
||||
return new BaseObject(-1, sprintf(lang('common.filter.invalid_file'), Context::replaceUserLang($this->name)));
|
||||
}
|
||||
}
|
||||
|
||||
return new BaseObject;
|
||||
}
|
||||
|
||||
|
|
@ -442,9 +452,11 @@ class Value
|
|||
*
|
||||
* @param string $type
|
||||
* @param string|array $value
|
||||
* @param string $parent_type
|
||||
* @param ?int $parent_srl
|
||||
* @return string
|
||||
*/
|
||||
protected static function _getTypeValueHTML(string $type, $value): string
|
||||
protected static function _getTypeValueHTML(string $type, $value, string $parent_type, ?int $parent_srl = null): string
|
||||
{
|
||||
// Return if the value is empty.
|
||||
$value = self::_getTypeValue($type, $value);
|
||||
|
|
@ -511,10 +523,14 @@ class Value
|
|||
if ($value)
|
||||
{
|
||||
$file = FileModel::getFile($value);
|
||||
if ($file)
|
||||
if ($file && $file->upload_target_srl == $parent_srl)
|
||||
{
|
||||
return sprintf('<span><a href="%s">%s</a> (%s)</span>', \RX_BASEURL . ltrim($file->download_url, './'), $file->source_filename, FileHandler::filesize($file->file_size));
|
||||
}
|
||||
elseif ($file)
|
||||
{
|
||||
return sprintf('<span>%s (%s)</span>', $file->source_filename, FileHandler::filesize($file->file_size));
|
||||
}
|
||||
else
|
||||
{
|
||||
return '';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue