Merge branch 'master' of github.com:Lastorder-DC/rhymix

classes/display/HTMLDisplayHandler.php

@@ -757,13 +757,20 @@ class HTMLDisplayHandler
 			'plugins/cookie/js.cookie.min.js',
 			'plugins/blankshield/blankshield.min.js',
 			'plugins/uri/URI.min.js',
-			'x.js',
-			'common.js',
-			'js_app.js',
-			'xml_handler.js',
-			'xml_js_filter.js',
 		);
 
+		if (str_contains($_SERVER['HTTP_USER_AGENT'] ?? '', 'Trident/'))
+		{
+			$original_file_list[] = 'polyfills/formdata.min.js';
+			$original_file_list[] = 'polyfills/promise.min.js';
+		}
+
+		$original_file_list[] = 'x.js';
+		$original_file_list[] = 'common.js';
+		$original_file_list[] = 'js_app.js';
+		$original_file_list[] = 'xml_handler.js';
+		$original_file_list[] = 'xml_js_filter.js';
+
 		if(config('view.minify_scripts') === 'none')
 		{
 			Context::loadFile(array('./common/js/jquery-' . $jquery_version . '.js', 'head', '', -1800000000), true);

classes/frontendfile/FrontEndFileHandler.class.php

@@ -430,6 +430,10 @@ class FrontEndFileHandler extends Handler
 	public function unloadFile($fileName, $unused = '', $media = 'all')
 	{
 		$file = $this->getFileInfo($fileName, $unused, $media);
+		if (!isset($file->key))
+		{
+			return;
+		}
 
 		if($file->fileExtension == 'css')
 		{

classes/module/ModuleObject.class.php

@@ -254,15 +254,15 @@ class ModuleObject extends BaseObject
 			// Get privileges(granted) information for target module by <permission check> of module.xml
 			if(($permission = $this->xml_info->action->{$this->act}->permission) && $permission->check_var)
 			{
-				// Check parameter
-				if(empty($check_module_srl = trim(Context::get($permission->check_var))))
+				// Ensure that the list of modules to check is the right type and not empty
+				$check_var = Context::get($permission->check_var);
+				if (is_scalar($check_var))
 				{
-					return false;
-				}
+					if (empty($check_module_srl = trim($check_var)))
+					{
+						return false;
+					}
 
-				// If value is not array
-				if(!is_array($check_module_srl))
-				{
 					// Convert string to array. delimiter is ,(comma) or |@|
 					if(preg_match('/,|\|@\|/', $check_module_srl, $delimiter) && $delimiter[0])
 					{
@@ -273,6 +273,14 @@ class ModuleObject extends BaseObject
 						$check_module_srl = array($check_module_srl);
 					}
 				}
+				else
+				{
+					$check_module_srl = array_map('trim', $check_var);
+					if (!count($check_var))
+					{
+						return false;
+					}
+				}
 
 				// Check permission by privileges(granted) information for target module
 				foreach($check_module_srl as $target_srl)
@@ -295,7 +303,15 @@ class ModuleObject extends BaseObject
 		}
 
 		// Check permission based on the grant information for the current module.
-		$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
+		if (isset($check_grant))
+		{
+			$grant = $check_grant;
+		}
+		else
+		{
+			$grant = ModuleModel::getInstance()->getGrant($this->module_info, $this->user, $this->xml_info);
+		}
+
 		if(!$this->checkPermission($grant, $this->user, $failed_requirement))
 		{
 			$this->stop($this->_generatePermissionError($failed_requirement));

common/constants.php

@@ -3,7 +3,7 @@
 /**
  * RX_VERSION is the version number of the Rhymix CMS.
  */
-define('RX_VERSION', '2.1.23');
+define('RX_VERSION', '2.1.25');
 
 /**
  * RX_MICROTIME is the startup time of the current script, in microseconds since the Unix epoch.

common/framework/parsers/template/TemplateParser_v2.php

@@ -185,7 +185,7 @@ class TemplateParser_v2
 		}, $content);
 
 		// Inline scripts.
-		$content = preg_replace_callback('#(?<=\s)(href="javascript:|on[a-z]+=")([^"]*?)"#i', function($match) {
+		$content = preg_replace_callback('#(?<=\s)(href="javascript:|pattern="|on[a-z]+=")([^"]*?)"#i', function($match) {
 			return $match[1] . '<?php $this->config->context = \'JS\'; ?>' . $match[2] . '<?php $this->config->context = \'HTML\'; ?>"';
 		}, $content);
 

common/js/common.js

@@ -262,14 +262,37 @@ Rhymix.isSameHost = function(url) {
  * Redirect to a URL, but reload instead if the target is the same as the current page
  *
  * @param string url
+ * @param int delay
  * @return void
  */
-Rhymix.redirectToUrl = function(url) {
-	if (this.isCurrentUrl(url)) {
-		window.location.href = url;
-		window.location.reload();
+Rhymix.redirectToUrl = function(url, delay) {
+	const callback = function() {
+		if (Rhymix.isCurrentUrl(url)) {
+			window.location.href = url;
+			window.location.reload();
+		} else {
+			window.location.href = url;
+		}
+	};
+	if (delay) {
+		this.pendingRedirect = setTimeout(callback, delay);
 	} else {
-		window.location.href = url;
+		callback();
+	}
+};
+
+/**
+ * Cancel any pending redirect
+ *
+ * @return bool
+ */
+Rhymix.cancelPendingRedirect = function() {
+	if (this.pendingRedirect) {
+		clearTimeout(this.pendingRedirect);
+		this.pendingRedirect = null;
+		return true;
+	} else {
+		return false;
 	}
 };
 
@@ -398,16 +421,26 @@ Rhymix.modal.close = function(id) {
  *
  * @param string action
  * @param object params
- * @param function success
- * @param function error
- * @return void
+ * @param function callback_success
+ * @param function callback_error
+ * @return Promise
  */
-Rhymix.ajax = function(action, params, success, error) {
+Rhymix.ajax = function(action, params, callback_success, callback_error) {
 
 	// Extract module and act
 	let isFormData = params instanceof FormData;
-	let module, act;
-	if (!action) {
+	let module, act, url, promise;
+	if (action) {
+		if (typeof action === 'string' && action.match(/^[a-z0-9_]+\.[a-z0-9_]+$/i)) {
+			let parts = action.split('.');
+			params = params || {};
+			params.module = module = parts[0];
+			params.act = act = parts[1];
+		} else {
+			url = action;
+			action = null;
+		}
+	} else {
 		if (isFormData) {
 			module = params.get('module');
 			act = params.get('act');
@@ -421,26 +454,22 @@ Rhymix.ajax = function(action, params, success, error) {
 		} else {
 			action = null;
 		}
-	} else {
-		action = action.split('.');
-		params = params || {};
-		params.module = module = action[0];
-		params.act = act = action[1];
-		action = action.join('.');
 	}
 
 	// Add action to URL if the current rewrite level supports it
-	let url = this.URI(window.request_uri).pathname() + 'index.php';
-	if (act) {
-		url = url + '?act=' + act;
+	if (!url) {
+		url = this.URI(window.request_uri).pathname() + 'index.php';
+		if (act) {
+			url = url + '?act=' + act;
+		}
+		/*
+		if (this.getRewriteLevel() >= 2 && action !== null) {
+			url = url + '_' + action.replace('.', '/');
+		} else {
+			url = url + 'index.php';
+		}
+		*/
 	}
-	/*
-	if (this.getRewriteLevel() >= 2 && action !== null) {
-		url = url + action.replace('.', '/');
-	} else {
-		url = url + 'index.php';
-	}
-	*/
 
 	// Add a CSRF token to the header, and remove it from the parameters
 	const headers = {
@@ -453,175 +482,137 @@ Rhymix.ajax = function(action, params, success, error) {
 		delete params._rx_csrf_token;
 	}
 
-	// Generate AJAX parameters
-	const args = {
-		type: 'POST',
-		dataType: 'json',
-		url: url,
-		data: isFormData ? params : JSON.stringify(params),
-		contentType: isFormData ? false : 'application/json; charset=UTF-8',
-		processData: false,
-		headers: headers,
-		success: function(data, textStatus, xhr) {
-			Rhymix._ajaxSuccessHandler(xhr, textStatus, action, data, params, success, error);
-		},
-		error: function(xhr, textStatus, errorThrown) {
-			Rhymix._ajaxErrorHandler(xhr, textStatus, action, url, params, success, error);
-		}
-	};
+	// Create and return a Promise for this AJAX request
+	return promise = new Promise(function(resolve, reject) {
 
-	// Send the AJAX request
-	try {
-		$.ajax(args);
-	} catch(e) {
-		alert(e);
-	}
-};
+		// Define the success wrapper.
+		const successWrapper = function(data, textStatus, xhr) {
 
-/**
- * Default success handler for AJAX requests
- *
- * @param object xhr
- * @param string textStatus
- * @param string action
- * @param object data
- * @param object params
- * @param function success
- * @param function errror
- * @return void
- */
-Rhymix._ajaxSuccessHandler = function(xhr, textStatus, action, data, params, success, error) {
-
-	// Add debug information.
-	if (data._rx_debug) {
-		data._rx_debug.page_title = "AJAX : " + action;
-		if (this.addDebugData) {
-			this.addDebugData(data._rx_debug);
-		} else {
-			this.pendingDebugData.push(data._rx_debug);
-		}
-	}
-
-	// If the response contains a Rhymix error code, display the error message.
-	if (typeof data.error !== 'undefined' && data.error != 0) {
-
-		// If an error callback is defined, call it. Abort if it returns false.
-		if ($.isFunction(error) && error(data, xhr) === false) {
-			return;
-		}
-
-		// If an error message was supplied, display it.
-		if (data.message) {
-			let msg = data.message.replace(/\\n/g, "\n");
-			if (data.errorDetail) {
-				msg += "\n\n" + data.errorDetail;
+			// Add debug information.
+			if (data._rx_debug) {
+				data._rx_debug.page_title = "AJAX : " + action;
+				if (Rhymix.addDebugData) {
+					Rhymix.addDebugData(data._rx_debug);
+				} else {
+					Rhymix.pendingDebugData.push(data._rx_debug);
+				}
 			}
-			alert(msg);
-			return;
-		}
 
-		// Rhymix should never return an error code without a message, but if someone does, we handle it here.
-		let msg = 'AJAX error: ' + (action || 'form submission') + "\n\n" + xhr.responseText;
-		if (msg.length > 1000) {
-			msg = msg.substring(0, 1000) + '...';
-		}
-		console.error(msg.trim().replace(/\n+/g, "\n"));
-		if (this.showAjaxErrors.indexOf('ALL') >= 0 || this.showAjaxErrors.indexOf(xhr.status) >= 0) {
-			alert(msg.trim());
-		}
-		return;
-	}
+			// If the response contains a Rhymix error code, display the error message.
+			if (typeof data.error !== 'undefined' && data.error != 0) {
+				return errorWrapper(data, textStatus, xhr);
+			}
 
-	// If a success callback was defined, call it.
-	if ($.isFunction(success)) {
-		success(data, xhr);
-		return;
-	}
+			// If a success callback was defined, call it.
+			if (typeof callback_success === 'function') {
+				callback_success(data, xhr);
+				resolve(data);
+				return;
+			}
 
-	// If the response contains a redirect URL, follow the redirect.
-	if (data.redirect_url) {
-		this.redirectToUrl(data.redirect_url.replace(/&/g, '&'));
-		return;
-	}
-};
+			// If the response contains a redirect URL, follow the redirect.
+			// This can be canceled by Rhymix.cancelPendingRedirect() within 100 milliseconds.
+			if (data.redirect_url) {
+				Rhymix.redirectToUrl(data.redirect_url.replace(/&/g, '&'), 100);
+			}
 
-/**
- * Default error handler for AJAX requests
- *
- * @param object xhr
- * @param string textStatus
- * @param string action
- * @param string url
- * @param object params
- * @param function success
- * @param function errror
- * @return void
- */
-Rhymix._ajaxErrorHandler = function(xhr, textStatus, action, url, params, success, error) {
+			// Resolve the promise with the response data.
+			resolve(data);
+		};
 
-	// If the user is navigating away, don't do anything.
-	if (xhr.status == 0 && this.unloading) {
-		return;
-	}
+		// Define the error wrapper.
+		const errorWrapper = function(data, textStatus, xhr) {
 
-	// If the response contains valid JSON, call the success callback instead.
-	if (xhr.status >= 400 && xhr.responseText) {
-		let data;
-		try {
-			data = JSON.parse(xhr.responseText);
-		} catch (e) { }
-		if (data && typeof data.error !== 'undefined') {
-			this._ajaxSuccessHandler(xhr, textStatus, action, data, params, success, error);
-			return;
-		}
-	}
+			// If an error callback is defined, call it.
+			// The promise will still be rejected, but silently.
+			if (typeof callback_error === 'function') {
+				callback_error(data, xhr);
+				promise.catch(function(dummy) { });
+				let dummy = new Error('Rhymix.ajax() error already handled by callback function');
+				dummy._rx_ajax_error = true;
+				dummy.cause = data;
+				dummy.details = '';
+				dummy.xhr = xhr;
+				reject(dummy);
+				return;
+			}
 
-	// If an error callback is defined, call it. Abort if it returns false.
-	if ($.isFunction(error)) {
-		let fakedata = { error: -3, message: textStatus };
-		if (error(fakedata, xhr) === false) {
-			return;
-		}
-	}
+			// Otherwise, generate a generic error message.
+			let error_message = 'AJAX error: ' + (action || 'form submission');
+			let error_details = '';
+			if (data.error != 0 && data.message) {
+				error_message = data.message.replace(/\\n/g, "\n");
+				if (data.errorDetail) {
+					error_details = data.errorDetail;
+				}
+			} else if (xhr.status == 0) {
+				error_details = 'Connection failed: ' + url + "\n\n" + (xhr.responseText || '');
+			} else {
+				error_details = (xhr.responseText || '');
+			}
+			if (error_details.length > 1000) {
+				error_details = error_details.substring(0, 1000) + '...';
+			}
 
-	// Otherwise, generate a simple error message.
-	let error_info, msg;
-	if (xhr.status == 0) {
-		error_info = 'Connection failed: ' + url + "\n\n" + (xhr.responseText || '');
-	} else {
-		error_info = 'Response code: ' + xhr.status + "\n\n" + (xhr.responseText || '');
-	}
-	msg = 'AJAX error: ' + (action || 'form submission') + "\n\n" + error_info;
-	if (msg.length > 1000) {
-		msg = msg.substring(0, 1000) + '...';
-	}
+			// Reject the promise with an error object.
+			// If uncaught, this will be handled by the 'unhandledrejection' event listener.
+			const err = new Error(error_message);
+			err._rx_ajax_error = true;
+			err.cause = data;
+			err.details = error_details;
+			err.xhr = xhr;
+			reject(err);
+		};
 
-	// Print the error message.
-	console.error(msg.trim().replace(/\n+/g, "\n"));
-	if (this.showAjaxErrors.indexOf('ALL') >= 0 || this.showAjaxErrors.indexOf(xhr.status) >= 0) {
-		alert(msg.trim());
-	}
+		// Pass off to jQuery with another wrapper around the success and error wrappers.
+		// This allows us to handle HTTP 400+ error codes with valid JSON responses.
+		$.ajax({
+			type: 'POST',
+			dataType: 'json',
+			url: url,
+			data: isFormData ? params : JSON.stringify(params),
+			contentType: isFormData ? false : 'application/json; charset=UTF-8',
+			processData: false,
+			headers: headers,
+			success: successWrapper,
+			error: function(xhr, textStatus, errorThrown) {
+				if (xhr.status == 0 && Rhymix.unloading) {
+					return;
+				}
+				if (xhr.status >= 400 && xhr.responseText) {
+					try {
+						let data = JSON.parse(xhr.responseText);
+						if (data) {
+							successWrapper(data, textStatus, xhr);
+							return;
+						}
+					} catch (e) { }
+				}
+				errorWrapper({ error: 0, message: textStatus }, textStatus, xhr);
+			}
+		});
+	});
 };
 
 /**
  * Submit a form using AJAX instead of navigating away
  *
  * @param HTMLElement form
- * @param function success
- * @param function error
+ * @param function callback_success
+ * @param function callback_error
  * @return void
  */
-Rhymix.ajaxForm = function(form, success, error) {
+Rhymix.ajaxForm = function(form, callback_success, callback_error) {
 	const $form = $(form);
 	// Get success and error callback functions.
-	if (typeof success === 'undefined') {
-		success = $form.data('callbackSuccess');
-		if (success && $.isFunction(success)) {
+	if (typeof callback_success === 'undefined') {
+		callback_success = $form.data('callbackSuccess');
+		if (callback_success && typeof callback_success === 'function') {
 			// no-op
-		} else if (success && window[success] && $.isFunction(window[success])) {
-			success = window[success];
+		} else if (callback_success && window[callback_success] && typeof window[callback_success] === 'function') {
+			callback_success = window[callback_success];
 		} else {
-			success = function(data) {
+			callback_success = function(data) {
 				if (data.message && data.message !== 'success') {
 					alert(data.message);
 				}
@@ -631,17 +622,17 @@ Rhymix.ajaxForm = function(form, success, error) {
 			};
 		}
 	}
-	if (typeof error === 'undefined') {
-		error = $form.data('callbackError');
-		if (error && $.isFunction(error)) {
+	if (typeof callback_error === 'undefined') {
+		callback_error = $form.data('callbackError');
+		if (callback_error && typeof callback_error === 'function') {
 			// no-op
-		} else if (error && window[error] && $.isFunction(window[error])) {
-			error = window[error];
+		} else if (callback_error && window[callback_error] && typeof window[callback_error] === 'function') {
+			callback_error = window[callback_error];
 		} else {
-			error = null;
+			callback_error = null;
 		}
 	}
-	this.ajax(null, new FormData($form[0]), success, error);
+	this.ajax(null, new FormData($form[0]), callback_success, callback_error);
 };
 
 /**
@@ -653,7 +644,7 @@ Rhymix.ajaxForm = function(form, success, error) {
  * @return void
  */
 Rhymix.checkboxToggleAll = function(name) {
-	if (!window[name]) {
+	if (typeof name === 'undefined') {
 		name='cart';
 	}
 	let options = {
@@ -1012,7 +1003,7 @@ $(function() {
 		e.preventDefault();
 		e.stopPropagation();
 
-		if (window[Rhymix.loadedPopupMenus[params.menu_id]]) {
+		if (Rhymix.loadedPopupMenus[params.menu_id]) {
 			return Rhymix.displayPopupMenu(params, response_tags, params);
 		}
 
@@ -1101,6 +1092,20 @@ window.addEventListener('beforeunload', function() {
 	Rhymix.unloading = true;
 });
 
+// General handler for unhandled Promise rejections
+window.addEventListener('unhandledrejection', function(event) {
+	if (event.reason && typeof event.reason['_rx_ajax_error'] === 'boolean') {
+		event.preventDefault();
+		const error_message = event.reason.message.trim();
+		const error_details = event.reason.details || '';
+		const error_xhr = event.reason.xhr || {};
+		console.error(error_message.replace(/\n+/g, "\n" + error_details));
+		if (Rhymix.showAjaxErrors.indexOf('ALL') >= 0 || Rhymix.showAjaxErrors.indexOf(error_xhr.status) >= 0) {
+			alert(error_message.trim() + (error_details ? ("\n\n" + error_details) : ''));
+		}
+	}
+});
+
 // General handler for popstate events
 window.addEventListener('popstate', function(event) {
 	// Close modal if it is open
@@ -1122,6 +1127,15 @@ window.addEventListener('popstate', function(event) {
 	}
 });
 
+// Fix for browsers that don't support the unhandledrejection event
+if (typeof Promise._unhandledRejectionFn !== 'undefined') {
+	Promise._unhandledRejectionFn = function(error) {
+		if (error['_rx_ajax_error']) {
+			alert(error.message.trim());
+		}
+	};
+}
+
 /**
  * =================
  * jQuery extensions
@@ -1457,12 +1471,16 @@ function popopen(url, target) {
  * @return void
  */
 function doAddDocumentCart(obj) {
-	Rhymix.addedDocument.push(obj.value);
+	if (obj && obj.value) {
+		Rhymix.addedDocument.push(obj.value);
+	}
 	setTimeout(function() {
-		exec_json('document.procDocumentAddCart', {
-			srls: Rhymix.addedDocument.join(',')
-		});
-		Rhymix.addedDocument = [];
+		if (Rhymix.addedDocument.length > 0) {
+			exec_json('document.procDocumentAddCart', {
+				srls: Rhymix.addedDocument
+			});
+			Rhymix.addedDocument = [];
+		}
 	}, 100);
 }
 

common/js/polyfills/formdata.min.js

@@ -0,0 +1,21 @@
+/*! formdata-polyfill. MIT License. Jimmy W?rting <https://jimmy.warting.se/opensource> */
+;(function(){var h;function l(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var m="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};
+function n(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=n(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&m(c,a,{configurable:!0,writable:!0,value:b})}}
+r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.A=f;m(this,"description",{configurable:!0,writable:!0,value:g})}if(a)return a;c.prototype.toString=function(){return this.A};var d="jscomp_symbol_"+(1E9*Math.random()>>>0)+"_",e=0;return b});
+r("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=q[b[c]];"function"===typeof d&&"function"!=typeof d.prototype[a]&&m(d.prototype,a,{configurable:!0,writable:!0,value:function(){return u(l(this))}})}return a});function u(a){a={next:a};a[Symbol.iterator]=function(){return this};return a}
+function v(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:l(a)}}var w;if("function"==typeof Object.setPrototypeOf)w=Object.setPrototypeOf;else{var y;a:{var z={a:!0},A={};try{A.__proto__=z;y=A.a;break a}catch(a){}y=!1}w=y?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var B=w;function C(){this.m=!1;this.j=null;this.v=void 0;this.h=1;this.u=this.C=0;this.l=null}
+function D(a){if(a.m)throw new TypeError("Generator is already running");a.m=!0}C.prototype.o=function(a){this.v=a};C.prototype.s=function(a){this.l={D:a,F:!0};this.h=this.C||this.u};C.prototype.return=function(a){this.l={return:a};this.h=this.u};function E(a,b){a.h=3;return{value:b}}function F(a){this.g=new C;this.G=a}F.prototype.o=function(a){D(this.g);if(this.g.j)return G(this,this.g.j.next,a,this.g.o);this.g.o(a);return H(this)};
+function I(a,b){D(a.g);var c=a.g.j;if(c)return G(a,"return"in c?c["return"]:function(d){return{value:d,done:!0}},b,a.g.return);a.g.return(b);return H(a)}F.prototype.s=function(a){D(this.g);if(this.g.j)return G(this,this.g.j["throw"],a,this.g.o);this.g.s(a);return H(this)};
+function G(a,b,c,d){try{var e=b.call(a.g.j,c);if(!(e instanceof Object))throw new TypeError("Iterator result "+e+" is not an object");if(!e.done)return a.g.m=!1,e;var f=e.value}catch(g){return a.g.j=null,a.g.s(g),H(a)}a.g.j=null;d.call(a.g,f);return H(a)}function H(a){for(;a.g.h;)try{var b=a.G(a.g);if(b)return a.g.m=!1,{value:b.value,done:!1}}catch(c){a.g.v=void 0,a.g.s(c)}a.g.m=!1;if(a.g.l){b=a.g.l;a.g.l=null;if(b.F)throw b.D;return{value:b.return,done:!0}}return{value:void 0,done:!0}}
+function J(a){this.next=function(b){return a.o(b)};this.throw=function(b){return a.s(b)};this.return=function(b){return I(a,b)};this[Symbol.iterator]=function(){return this}}function K(a,b){b=new J(new F(b));B&&a.prototype&&B(b,a.prototype);return b}function L(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:function(){if(!d&&c<a.length){var f=c++;return{value:b(f,a[f]),done:!1}}d=!0;return{done:!0,value:void 0}}};e[Symbol.iterator]=function(){return e};return e}
+r("Array.prototype.entries",function(a){return a?a:function(){return L(this,function(b,c){return[b,c]})}});
+if("undefined"!==typeof Blob&&("undefined"===typeof FormData||!FormData.prototype.keys)){var M=function(a,b){for(var c=0;c<a.length;c++)b(a[c])},N=function(a){return a.replace(/\r?\n|\r/g,"\r\n")},O=function(a,b,c){if(b instanceof Blob){c=void 0!==c?String(c+""):"string"===typeof b.name?b.name:"blob";if(b.name!==c||"[object Blob]"===Object.prototype.toString.call(b))b=new File([b],c);return[String(a),b]}return[String(a),String(b)]},P=function(a,b){if(a.length<b)throw new TypeError(b+" argument required, but only "+
+a.length+" present.");},Q="object"===typeof globalThis?globalThis:"object"===typeof window?window:"object"===typeof self?self:this,R=Q.FormData,S=Q.XMLHttpRequest&&Q.XMLHttpRequest.prototype.send,T=Q.Request&&Q.fetch,U=Q.navigator&&Q.navigator.sendBeacon,V=Q.Element&&Q.Element.prototype,W=Q.Symbol&&Symbol.toStringTag;W&&(Blob.prototype[W]||(Blob.prototype[W]="Blob"),"File"in Q&&!File.prototype[W]&&(File.prototype[W]="File"));try{new File([],"")}catch(a){Q.File=function(b,c,d){b=new Blob(b,d||{});
+Object.defineProperties(b,{name:{value:c},lastModified:{value:+(d&&void 0!==d.lastModified?new Date(d.lastModified):new Date)},toString:{value:function(){return"[object File]"}}});W&&Object.defineProperty(b,W,{value:"File"});return b}}var escape=function(a){return a.replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22")},X=function(a){this.i=[];var b=this;a&&M(a.elements,function(c){if(c.name&&!c.disabled&&"submit"!==c.type&&"button"!==c.type&&!c.matches("form fieldset[disabled] *"))if("file"===
+c.type){var d=c.files&&c.files.length?c.files:[new File([],"",{type:"application/octet-stream"})];M(d,function(e){b.append(c.name,e)})}else"select-multiple"===c.type||"select-one"===c.type?M(c.options,function(e){!e.disabled&&e.selected&&b.append(c.name,e.value)}):"checkbox"===c.type||"radio"===c.type?c.checked&&b.append(c.name,c.value):(d="textarea"===c.type?N(c.value):c.value,b.append(c.name,d))})};h=X.prototype;h.append=function(a,b,c){P(arguments,2);this.i.push(O(a,b,c))};h.delete=function(a){P(arguments,
+1);var b=[];a=String(a);M(this.i,function(c){c[0]!==a&&b.push(c)});this.i=b};h.entries=function b(){var c,d=this;return K(b,function(e){1==e.h&&(c=0);if(3!=e.h)return c<d.i.length?e=E(e,d.i[c]):(e.h=0,e=void 0),e;c++;e.h=2})};h.forEach=function(b,c){P(arguments,1);for(var d=v(this),e=d.next();!e.done;e=d.next()){var f=v(e.value);e=f.next().value;f=f.next().value;b.call(c,f,e,this)}};h.get=function(b){P(arguments,1);var c=this.i;b=String(b);for(var d=0;d<c.length;d++)if(c[d][0]===b)return c[d][1];
+return null};h.getAll=function(b){P(arguments,1);var c=[];b=String(b);M(this.i,function(d){d[0]===b&&c.push(d[1])});return c};h.has=function(b){P(arguments,1);b=String(b);for(var c=0;c<this.i.length;c++)if(this.i[c][0]===b)return!0;return!1};h.keys=function c(){var d=this,e,f,g,k,p;return K(c,function(t){1==t.h&&(e=v(d),f=e.next());if(3!=t.h){if(f.done){t.h=0;return}g=f.value;k=v(g);p=k.next().value;return E(t,p)}f=e.next();t.h=2})};h.set=function(c,d,e){P(arguments,2);c=String(c);var f=[],g=O(c,
+d,e),k=!0;M(this.i,function(p){p[0]===c?k&&(k=!f.push(g)):f.push(p)});k&&f.push(g);this.i=f};h.values=function d(){var e=this,f,g,k,p,t;return K(d,function(x){1==x.h&&(f=v(e),g=f.next());if(3!=x.h){if(g.done){x.h=0;return}k=g.value;p=v(k);p.next();t=p.next().value;return E(x,t)}g=f.next();x.h=2})};X.prototype._asNative=function(){for(var d=new R,e=v(this),f=e.next();!f.done;f=e.next()){var g=v(f.value);f=g.next().value;g=g.next().value;d.append(f,g)}return d};X.prototype._blob=function(){var d="----formdata-polyfill-"+
+Math.random(),e=[],f="--"+d+'\r\nContent-Disposition: form-data; name="';this.forEach(function(g,k){return"string"==typeof g?e.push(f+escape(N(k))+('"\r\n\r\n'+N(g)+"\r\n")):e.push(f+escape(N(k))+('"; filename="'+escape(g.name)+'"\r\nContent-Type: '+(g.type||"application/octet-stream")+"\r\n\r\n"),g,"\r\n")});e.push("--"+d+"--");return new Blob(e,{type:"multipart/form-data; boundary="+d})};X.prototype[Symbol.iterator]=function(){return this.entries()};X.prototype.toString=function(){return"[object FormData]"};
+V&&!V.matches&&(V.matches=V.matchesSelector||V.mozMatchesSelector||V.msMatchesSelector||V.oMatchesSelector||V.webkitMatchesSelector||function(d){d=(this.document||this.ownerDocument).querySelectorAll(d);for(var e=d.length;0<=--e&&d.item(e)!==this;);return-1<e});W&&(X.prototype[W]="FormData");if(S){var Y=Q.XMLHttpRequest.prototype.setRequestHeader;Q.XMLHttpRequest.prototype.setRequestHeader=function(d,e){Y.call(this,d,e);"content-type"===d.toLowerCase()&&(this.B=!0)};Q.XMLHttpRequest.prototype.send=
+function(d){d instanceof X?(d=d._blob(),this.B||this.setRequestHeader("Content-Type",d.type),S.call(this,d)):S.call(this,d)}}T&&(Q.fetch=function(d,e){e&&e.body&&e.body instanceof X&&(e.body=e.body._blob());return T.call(this,d,e)});U&&(Q.navigator.sendBeacon=function(d,e){e instanceof X&&(e=e._asNative());return U.call(this,d,e)});Q.FormData=X};})();

common/js/polyfills/promise.min.js

@@ -0,0 +1 @@
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t():"function"==typeof define&&define.amd?define(t):t()}(0,function(){"use strict";function e(e){var t=this.constructor;return this.then(function(n){return t.resolve(e()).then(function(){return n})},function(n){return t.resolve(e()).then(function(){return t.reject(n)})})}function t(e){return new this(function(t,n){function r(e,n){if(n&&("object"==typeof n||"function"==typeof n)){var f=n.then;if("function"==typeof f)return void f.call(n,function(t){r(e,t)},function(n){o[e]={status:"rejected",reason:n},0==--i&&t(o)})}o[e]={status:"fulfilled",value:n},0==--i&&t(o)}if(!e||"undefined"==typeof e.length)return n(new TypeError(typeof e+" "+e+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var o=Array.prototype.slice.call(e);if(0===o.length)return t([]);for(var i=o.length,f=0;o.length>f;f++)r(f,o[f])})}function n(e,t){this.name="AggregateError",this.errors=e,this.message=t||""}function r(e){var t=this;return new t(function(r,o){if(!e||"undefined"==typeof e.length)return o(new TypeError("Promise.any accepts an array"));var i=Array.prototype.slice.call(e);if(0===i.length)return o();for(var f=[],u=0;i.length>u;u++)try{t.resolve(i[u]).then(r)["catch"](function(e){f.push(e),f.length===i.length&&o(new n(f,"All promises were rejected"))})}catch(c){o(c)}})}function o(e){return!(!e||"undefined"==typeof e.length)}function i(){}function f(e){if(!(this instanceof f))throw new TypeError("Promises must be constructed via new");if("function"!=typeof e)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=undefined,this._deferreds=[],s(e,this)}function u(e,t){for(;3===e._state;)e=e._value;0!==e._state?(e._handled=!0,f._immediateFn(function(){var n=1===e._state?t.onFulfilled:t.onRejected;if(null!==n){var r;try{r=n(e._value)}catch(o){return void a(t.promise,o)}c(t.promise,r)}else(1===e._state?c:a)(t.promise,e._value)})):e._deferreds.push(t)}function c(e,t){try{if(t===e)throw new TypeError("A promise cannot be resolved with itself.");if(t&&("object"==typeof t||"function"==typeof t)){var n=t.then;if(t instanceof f)return e._state=3,e._value=t,void l(e);if("function"==typeof n)return void s(function(e,t){return function(){e.apply(t,arguments)}}(n,t),e)}e._state=1,e._value=t,l(e)}catch(r){a(e,r)}}function a(e,t){e._state=2,e._value=t,l(e)}function l(e){2===e._state&&0===e._deferreds.length&&f._immediateFn(function(){e._handled||f._unhandledRejectionFn(e._value)});for(var t=0,n=e._deferreds.length;n>t;t++)u(e,e._deferreds[t]);e._deferreds=null}function s(e,t){var n=!1;try{e(function(e){n||(n=!0,c(t,e))},function(e){n||(n=!0,a(t,e))})}catch(r){if(n)return;n=!0,a(t,r)}}n.prototype=Error.prototype;var d=setTimeout;f.prototype["catch"]=function(e){return this.then(null,e)},f.prototype.then=function(e,t){var n=new this.constructor(i);return u(this,new function(e,t,n){this.onFulfilled="function"==typeof e?e:null,this.onRejected="function"==typeof t?t:null,this.promise=n}(e,t,n)),n},f.prototype["finally"]=e,f.all=function(e){return new f(function(t,n){function r(e,o){try{if(o&&("object"==typeof o||"function"==typeof o)){var u=o.then;if("function"==typeof u)return void u.call(o,function(t){r(e,t)},n)}i[e]=o,0==--f&&t(i)}catch(c){n(c)}}if(!o(e))return n(new TypeError("Promise.all accepts an array"));var i=Array.prototype.slice.call(e);if(0===i.length)return t([]);for(var f=i.length,u=0;i.length>u;u++)r(u,i[u])})},f.any=r,f.allSettled=t,f.resolve=function(e){return e&&"object"==typeof e&&e.constructor===f?e:new f(function(t){t(e)})},f.reject=function(e){return new f(function(t,n){n(e)})},f.race=function(e){return new f(function(t,n){if(!o(e))return n(new TypeError("Promise.race accepts an array"));for(var r=0,i=e.length;i>r;r++)f.resolve(e[r]).then(t,n)})},f._immediateFn="function"==typeof setImmediate&&function(e){setImmediate(e)}||function(e){d(e,0)},f._unhandledRejectionFn=function(e){void 0!==console&&console&&console.warn("Possible Unhandled Promise Rejection:",e)};var p=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw Error("unable to locate global object")}();"function"!=typeof p.Promise?p.Promise=f:(p.Promise.prototype["finally"]||(p.Promise.prototype["finally"]=e),p.Promise.allSettled||(p.Promise.allSettled=t),p.Promise.any||(p.Promise.any=r))});

common/js/xml_js_filter.js

@@ -467,13 +467,13 @@ function legacy_filter(filter_name, form, module, act, callback, responses, conf
 		};
 
 		if (!hasFile) {
-			Rhymix.ajax(module + '.' + act, params, callback_wrapper);
+			exec_json(module + '.' + act, params, callback_wrapper);
 		} else {
 			var fd = new FormData();
 			for (let key in params) {
 				fd.append(key, params[key]);
 			}
-			Rhymix.ajax(null, fd, callback_wrapper);
+			exec_json('raw', fd, callback_wrapper);
 		}
 	};
 

common/tpl/popup_layout.html

@@ -11,7 +11,9 @@
 		const iframe_sequence = '{{ $iframe_sequence }}';
 		window.opener = window.parent;
 		window.close = function() {
-			parent.closeModal('_rx_iframe_' + iframe_sequence);
+			setTimeout(function() {
+				parent.closeModal('_rx_iframe_' + iframe_sequence);
+			}, 100);
 		};
 	</script>
 	<style>

modules/admin/tpl/_header.html

@@ -1,7 +1,6 @@
 <config autoescape="on" />
 
 <include target="./_admin_common.html" />
-{@ Context::addMetaTag("viewport", "width=device-width, user-scalable=yes")}
 <script>
 	var admin_menu_srl = "{$admin_menu_srl}";
 	xe.lang.cmd_find = "{$lang->cmd_find}";

modules/board/conf/module.xml

@@ -41,11 +41,11 @@
 			<title xml:lang="zh-TW">發表評論</title>
 			<title xml:lang="es">yorum yaz</title>
 		</grant>
-		<grant name="vote_log_view" default="guest">
+		<grant name="vote_log_view" default="member">
 			<title xml:lang="ko">추천인 보기</title>
 			<title xml:lang="en">view recommender</title>
 		</grant>
-		<grant name="update_view" default="guest">
+		<grant name="update_view" default="member">
 			<title xml:lang="ko">수정 내역 보기</title>
 			<title xml:lang="en">view update history</title>
 		</grant>

modules/comment/comment.controller.php

@@ -2002,6 +2002,41 @@ class CommentController extends Comment
 		$this->setMessage('success_declared_cancel');
 	}
 
+	/**
+	 * Update the number of uploaded files in the comment
+	 *
+	 * @param int|array $comment_srl_list
+	 * @return void
+	 */
+	public function updateUploadedCount($comment_srl_list)
+	{
+		if (!is_array($comment_srl_list))
+		{
+			$comment_srl_list = array($comment_srl_list);
+		}
+
+		if (!count($comment_srl_list))
+		{
+			return;
+		}
+
+		$comment_srl_list = array_unique($comment_srl_list);
+
+		foreach($comment_srl_list as $comment_srl)
+		{
+			$comment_srl = (int)$comment_srl;
+			if ($comment_srl <= 0)
+			{
+				continue;
+			}
+
+			$args = new stdClass;
+			$args->comment_srl = $comment_srl;
+			$args->uploaded_count = FileModel::getFilesCount($comment_srl);
+			executeQuery('comment.updateUploadedCount', $args);
+		}
+	}
+
 	/**
 	 * Method to add a pop-up menu when clicking for displaying child comments
 	 * @param string $url

modules/comment/comment.item.php

@@ -816,10 +816,15 @@ class CommentItem extends BaseObject
 
 		// Call trigger for custom thumbnails.
 		$trigger_obj = (object)[
-			'document_srl' => $this->document_srl, 'comment_srl' => $this->comment_srl,
-			'width' => $width, 'height' => $height,
-			'image_type' => 'jpg', 'type' => $thumbnail_type, 'quality' => $config->thumbnail_quality,
-			'filename' => $thumbnail_file, 'url' => $thumbnail_url,
+			'document_srl' => $this->document_srl,
+			'comment_srl' => $this->comment_srl,
+			'width' => $width,
+			'height' => $height,
+			'image_type' => 'jpg',
+			'type' => $thumbnail_type,
+			'quality' => $config->thumbnail_quality,
+			'filename' => $thumbnail_file,
+			'url' => $thumbnail_url,
 		];
 		$output = ModuleHandler::triggerCall('comment.getThumbnail', 'before', $trigger_obj);
 		clearstatcache(true, $thumbnail_file);
@@ -877,8 +882,16 @@ class CommentItem extends BaseObject
 		// get an image file from the doc content if no file attached.
 		if(!$source_file && $config->thumbnail_target !== 'attachment')
 		{
-			$external_image_min_width = min(100, round($trigger_obj->width * 0.3));
-			$external_image_min_height = min(100, round($trigger_obj->height * 0.3));
+			$external_image_min_width = is_numeric($trigger_obj->width) ? min(100, round(intval($trigger_obj->width) * 0.3)) : 100;
+			if($trigger_obj->height === 'auto')
+			{
+				$external_image_min_height = min(100, $external_image_min_width * 0.5);
+			}
+			else
+			{
+				$external_image_min_height = is_numeric($trigger_obj->height) ? min(100, round(intval($trigger_obj->height) * 0.3)) : 100;
+			}
+
 			preg_match_all("!<img\s[^>]*?src=(\"|')([^\"' ]*?)(\"|')!is", $this->get('content'), $matches, PREG_SET_ORDER);
 			foreach($matches as $match)
 			{

modules/comment/queries/updateUploadedCount.xml

@@ -0,0 +1,11 @@
+<query id="updateUploadedCount" action="update">
+	<tables>
+		<table name="comments" />
+	</tables>
+	<columns>
+		<column name="uploaded_count" var="uploaded_count" default="0" filter="number" />
+	</columns>
+	<conditions>
+		<condition operation="equal" column="comment_srl" var="comment_srl" filter="number" notnull="notnull" />
+	</conditions>
+</query>

modules/document/document.controller.php

@@ -3307,16 +3307,23 @@ class DocumentController extends Document
 		}
 
 		// Get document_srl
-		$srls = explode(',',Context::get('srls'));
-		for($i = 0; $i < count($srls); $i++)
+		$srls = Context::get('srls');
+		if (is_array($srls))
 		{
-			$srl = trim($srls[$i]);
-
-			if(!$srl) continue;
-
-			$document_srls[] = $srl;
+			$document_srls = array_map('intval', $srls);
+		}
+		else
+		{
+			$document_srls = array_map('intval', explode(',', $srls));
+		}
+
+		$document_srls = array_unique(array_filter($document_srls, function($srl) {
+			return $srl > 0;
+		}));
+		if (!count($document_srls))
+		{
+			return;
 		}
-		if(!count($document_srls)) return;
 
 		// Get module_srl of the documents
 		$args = new stdClass;
@@ -3787,7 +3794,17 @@ Content;
 		}
 	}
 
+	/**
+	 * A typo of updateUploadedCount, maintained for backward compatibility.
+	 *
+	 * @deprecated
+	 */
 	public function updateUploaedCount($document_srl_list)
+	{
+		return $this->updateUploadedCount($document_srl_list);
+	}
+
+	public function updateUploadedCount($document_srl_list)
 	{
 		if(!is_array($document_srl_list))
 		{
@@ -3803,7 +3820,8 @@ Content;
 
 		foreach($document_srl_list as $document_srl)
 		{
-			if(!$document_srl = (int) $document_srl)
+			$document_srl = (int)$document_srl;
+			if ($document_srl <= 0)
 			{
 				continue;
 			}
@@ -3823,7 +3841,7 @@ Content;
 			return;
 		}
 
-		$this->updateUploaedCount($file->upload_target_srl);
+		$this->updateUploadedCount($file->upload_target_srl);
 	}
 
 	/**

modules/document/document.item.php

@@ -1146,9 +1146,14 @@ class DocumentItem extends BaseObject
 
 		// Call trigger for custom thumbnails.
 		$trigger_obj = (object)[
-			'document_srl' => $this->document_srl, 'width' => $width, 'height' => $height,
-			'image_type' => 'jpg', 'type' => $thumbnail_type, 'quality' => $config->thumbnail_quality,
-			'filename' => $thumbnail_file, 'url' => $thumbnail_url,
+			'document_srl' => $this->document_srl,
+			'width' => $width,
+			'height' => $height,
+			'image_type' => 'jpg',
+			'type' => $thumbnail_type,
+			'quality' => $config->thumbnail_quality,
+			'filename' => $thumbnail_file,
+			'url' => $thumbnail_url,
 		];
 		$output = ModuleHandler::triggerCall('document.getThumbnail', 'before', $trigger_obj);
 		clearstatcache(true, $thumbnail_file);
@@ -1220,8 +1225,16 @@ class DocumentItem extends BaseObject
 		// If not exists, file an image file from the content
 		if(!$source_file && $config->thumbnail_target !== 'attachment')
 		{
-			$external_image_min_width = min(100, round($trigger_obj->width * 0.3));
-			$external_image_min_height = min(100, round($trigger_obj->height * 0.3));
+			$external_image_min_width = is_numeric($trigger_obj->width) ? min(100, round(intval($trigger_obj->width) * 0.3)) : 100;
+			if($trigger_obj->height === 'auto')
+			{
+				$external_image_min_height = min(100, $external_image_min_width * 0.5);
+			}
+			else
+			{
+				$external_image_min_height = is_numeric($trigger_obj->height) ? min(100, round(intval($trigger_obj->height) * 0.3)) : 100;
+			}
+
 			preg_match_all("!<img\s[^>]*?src=(\"|')([^\"' ]*?)(\"|')!is", $content, $matches, PREG_SET_ORDER);
 			foreach($matches as $match)
 			{

modules/document/tpl/extra_keys.html

@@ -61,7 +61,7 @@
 			<div class="x_control-group" data-invisible-types="file">
 				<label class="x_control-label" for="default">{$lang->default_value}</label>
 				<div class="x_controls">
-					<input type="text" name="default" id="default" value="{$selected_var->default}" />
+					<input type="text" name="default" id="default" value="{$selected_var ? $selected_var->getDefaultValue() : ''}" />
 					<p class="x_help-block">{$lang->about_extra_vars_default_value}</p>
 				</div>
 			</div>

modules/extravar/models/Value.php

@@ -195,9 +195,9 @@ class Value
 		{
 			return $this->default;
 		}
-		elseif ($this->default)
+		elseif ($this->default && $this->parent_type !== 'member' && !in_array($this->type, ['checkbox', 'radio']))
 		{
-			return array_first($this->getOptions());
+			return is_array($this->default) ? array_first($this->default) : array_first(explode(',', $this->default));
 		}
 		else
 		{

modules/extravar/skins/default/assets/file_upload.js

@@ -1,16 +1,16 @@
 'use strict';
 
-(function($) {
-	$(function() {
-		$('button.evFileRemover').on('click', function() {
-			const container = $(this).parents('.ev_file_upload');
+$(function() {
+	$('.ev_file_upload').each(function() {
+		const container = $(this);
+		container.find('button.evFileRemover').on('click', function() {
 			container.find('span.filename').text('');
 			container.find('span.filesize').text('');
 			container.find('input[type=hidden][name^=_delete_]').val('Y');
 			container.find('input[type=file]').val('');
+			$(this).remove();
 		});
-		$('input.rx_ev_file').on('change', function() {
-			const container = $(this).parents('.ev_file_upload');
+		container.find('input.rx_ev_file').on('change', function() {
 			const max_size = parseInt($(this).data('allowedFilesize'), 10);
 			const file_count = this.files.length;
 			for (let i = 0; i < file_count; i++) {
@@ -23,4 +23,4 @@
 			container.find('input[type=hidden][name^=_delete_]').val('N');
 		});
 	});
-})(jQuery);
+});

modules/extravar/skins/default/assets/number.js

@@ -0,0 +1,7 @@
+'use strict';
+
+$(function() {
+	$('input.rx_ev_number').on('input', function() {
+		this.value = this.value.replace(/[^0-9]/g, '');
+	});
+});

modules/extravar/skins/default/form_types/password.blade.php

@@ -2,6 +2,7 @@
 	id="{{ $input_id }}"|if="$input_id" class="password rx_ev_password"
 	style="{{ $definition->style }}"|if="$definition->style"
 	value="{{ strval($value) !== '' ? $value : strval($default) }}"
+	autocomplete="off" autocapitalize="none"
 	@required(toBool($definition->is_required))
 	@disabled(toBool($definition->is_disabled))
 	@readonly(toBool($definition->is_readonly))

modules/extravar/skins/default/form_types/text.blade.php

@@ -17,7 +17,8 @@
 		@readonly(toBool($definition->is_readonly))
 	/>
 @elseif ($type === 'number')
-	<input type="number" name="{{ $input_name }}"
+	@load('../assets/number.js')
+	<input type="text" inputmode="numeric" name="{{ $input_name }}"
 		id="{{ $input_id }}"|if="$input_id" class="number rx_ev_number"
 		style="{{ $definition->style }}"|if="$definition->style"
 		value="{{ strval($value) !== '' ? $value : strval($default) }}"

modules/file/file.controller.php

@@ -2002,6 +2002,8 @@ class FileController extends File
 		}
 
 		$this->copyFiles($obj->source->document_srl, $obj->copied->module_srl, $obj->copied->document_srl, $obj->copied->content);
+		$this->setFilesValid($obj->copied->document_srl, 'doc');
+		DocumentController::getInstance()->updateUploadedCount($obj->copied->document_srl);
 	}
 
 	function triggerAddCopyCommentByDocument(&$obj)
@@ -2012,6 +2014,8 @@ class FileController extends File
 		}
 
 		$this->copyFiles($obj->source->comment_srl, $obj->copied->module_srl, $obj->copied->comment_srl, $obj->copied->content);
+		$this->setFilesValid($obj->copied->comment_srl, 'com');
+		CommentController::getInstance()->updateUploadedCount($obj->copied->comment_srl);
 	}
 
 	function triggerCopyModule(&$obj)

modules/member/member.admin.controller.php

@@ -878,21 +878,27 @@ class MemberAdminController extends Member
 		$args->column_type = Context::get('column_type');
 		$args->column_name = strtolower(Context::get('column_id'));
 		$args->column_title = Context::get('column_title');
-		$args->default_value = explode("\n", str_replace("\r", '', Context::get('default_value')));
-		$args->required = Context::get('required');
-		$args->is_active = (isset($args->required));
-		if(!in_array(strtoupper($args->required), array('Y','N')))$args->required = 'N';
-		$args->description = Context::get('description') ? Context::get('description') : '';
-		// Default values
-		if(in_array($args->column_type, array('checkbox','select','radio')) && count($args->default_value))
+		$args->default_value = trim(utf8_clean(Context::get('default_value')));
+		$args->options = trim(utf8_clean(Context::get('options')));
+		if ($args->options !== '')
 		{
-			$args->default_value = serialize($args->default_value);
+			$args->options = array_map('trim', explode("\n", $args->options));
+			$args->options = json_encode($args->options, \JSON_UNESCAPED_UNICODE | \JSON_UNESCAPED_SLASHES);
 		}
 		else
 		{
-			$args->default_value = '';
+			$args->options = null;
 		}
 
+		$args->required = Context::get('required');
+		if (!in_array(strtoupper($args->required), array('Y','N')))
+		{
+			$args->required = 'N';
+		}
+
+		$args->is_active = (isset($args->required));
+		$args->description = Context::get('description') ? Context::get('description') : '';
+
 		// Check ID duplicated
 		if (Context::isReservedWord($args->column_name))
 		{
@@ -909,7 +915,7 @@ class MemberAdminController extends Member
 			}
 		}
 		// Fix if member_join_form_srl exists. Add if not exists.
-		$isInsert;
+		$isInsert = false;
 		if(!$args->member_join_form_srl)
 		{
 			$isInsert = true;

modules/member/member.admin.model.php

@@ -288,13 +288,24 @@ class MemberAdminModel extends Member
 		if($output->toBool() && $output->data)
 		{
 			$formInfo = $output->data;
-			$default_value = $formInfo->default_value;
-			if($default_value)
+			$default_value = '';
+			$options = '';
+			if (isset($formInfo->options) && $formInfo->options !== '')
 			{
-				$default_value = unserialize($default_value);
-				Context::set('default_value', $default_value);
+				$default_value = $formInfo->default_value;
+				$options = json_decode($formInfo->options, true);
+			}
+			elseif (preg_match('/^a:\d+:\{i:/', $formInfo->default_value))
+			{
+				$options = unserialize($formInfo->default_value);
+			}
+			else
+			{
+				$default_value = $formInfo->default_value;
 			}
 			Context::set('formInfo', $output->data);
+			Context::set('default_value', $default_value);
+			Context::set('options', $options);
 		}
 
 		$oMemberModel = getModel('member');
@@ -314,7 +325,7 @@ class MemberAdminModel extends Member
 		$oTemplate = TemplateHandler::getInstance();
 		$tpl = $oTemplate->compile($this->module_path.'tpl', 'insert_join_form');
 
-		$this->add('tpl', str_replace("\n"," ",$tpl));
+		$this->add('tpl', $tpl);
 	}
 
 	/**

modules/member/member.admin.view.php

@@ -486,7 +486,7 @@ class MemberAdminView extends Member
 	{
 		$extend_form_list = MemberModel::getCombineJoinForm($memberInfo);
 		$security = new Security($extend_form_list);
-		$security->encodeHTML('..column_title', '..description', '..default_value.');
+		$security->encodeHTML('..column_title', '..description', '..default_value', '..options.');
 
 		if ($memberInfo)
 		{
@@ -725,6 +725,7 @@ class MemberAdminView extends Member
 					$input->input_id = $extendForm->column_name;
 					$input->value = $extendForm->value ?? '';
 					$input->default = $extendForm->default_value ?? null;
+					$input->options = $extendForm->options ?? null;
 					if ($extendForm->column_type === 'tel' || $extendForm->column_type === 'tel_intl')
 					{
 						$input->style = 'width:33.3px';

modules/member/member.class.php

@@ -167,6 +167,9 @@ class Member extends ModuleObject
 		if(!$oDB->isIndexExists('member_auth_mail', 'idx_member_srl')) return true;
 		if($oDB->isIndexExists('member_auth_mail', 'unique_key')) return true;
 
+		// Check join form options column
+		if(!$oDB->isColumnExists('member_join_form', 'options')) return true;
+
 		// Update status column
 		$output = executeQuery('member.getDeniedAndStatus');
 		if ($output->data->count)
@@ -403,6 +406,12 @@ class Member extends ModuleObject
 			$oDB->dropIndex('member_auth_mail', 'unique_key');
 		}
 
+		// Check join form options column
+		if(!$oDB->isColumnExists('member_join_form', 'options'))
+		{
+			$oDB->addColumn('member_join_form', 'options', 'text', null, null, null, 'default_value');
+		}
+
 		// Update status column
 		$output = executeQuery('member.getDeniedAndStatus');
 		if ($output->data->count)

modules/member/member.controller.php

@@ -2867,7 +2867,7 @@ class MemberController extends Member
 
 		$extend_form_list = MemberModel::getJoinFormlist();
 		$security = new Security($extend_form_list);
-		$security->encodeHTML('..column_title', '..description', '..default_value.');
+		$security->encodeHTML('..column_title', '..description', '..default_value', '..options.');
 		if($config->signupForm)
 		{
 			foreach($config->signupForm as $no => $formInfo)
@@ -3163,7 +3163,7 @@ class MemberController extends Member
 
 		$extend_form_list = MemberModel::getJoinFormlist();
 		$security = new Security($extend_form_list);
-		$security->encodeHTML('..column_title', '..description', '..default_value.');
+		$security->encodeHTML('..column_title', '..description', '..default_value', '..options.');
 		if($config->signupForm)
 		{
 			foreach($config->signupForm as $no => $formInfo)

modules/member/member.model.php

@@ -806,31 +806,38 @@ class MemberModel extends Member
 			if(!$join_form_list) return NULL;
 			// Need to unserialize because serialized array is inserted into DB in case of default_value
 			if(!is_array($join_form_list)) $join_form_list = array($join_form_list);
-			$join_form_count = count($join_form_list);
-			for($i=0;$i<$join_form_count;$i++)
+			foreach ($join_form_list as $i => $join_form)
 			{
-				$join_form_list[$i]->column_name = strtolower($join_form_list[$i]->column_name);
+				$join_form->column_name = strtolower($join_form->column_name);
 
-				$member_join_form_srl = $join_form_list[$i]->member_join_form_srl;
-				$column_type = $join_form_list[$i]->column_type;
-				$column_name = $join_form_list[$i]->column_name;
-				$column_title = $join_form_list[$i]->column_title;
-				$default_value = $join_form_list[$i]->default_value;
 				// Add language variable
-				if(!isset($lang->extend_vars)) $lang->extend_vars = array();
-				$lang->extend_vars[$column_name] = $column_title;
-				// unserialize if the data type if checkbox, select and so on
-				if(in_array($column_type, array('checkbox','select','radio')))
+				$column_name = $join_form->column_name;
+				$column_title = $join_form->column_title;
+				if (!isset($lang->extend_vars))
 				{
-					$join_form_list[$i]->default_value = unserialize($default_value);
-					if(!$join_form_list[$i]->default_value[0]) $join_form_list[$i]->default_value = '';
+					$lang->extend_vars = array();
+				}
+				$lang->extend_vars[$column_name] = $column_title;
+
+				// unserialize if the data type if checkbox, select and so on
+				if (in_array($join_form->column_type, ['checkbox','select','radio']))
+				{
+					if (isset($join_form->options) && $join_form->options !== '')
+					{
+						$join_form->options = json_decode($join_form->options, true);
+					}
+					elseif (preg_match('/^a:\d+:\{i:/', $join_form->default_value))
+					{
+						$join_form->options = unserialize($join_form->default_value);
+						$join_form->default_value = '';
+					}
 				}
 				else
 				{
-					$join_form_list[$i]->default_value = '';
+					$join_form->default_value = '';
 				}
 
-				$list[$member_join_form_srl] = $join_form_list[$i];
+				$list[$join_form->member_join_form_srl] = $join_form;
 			}
 			self::$_join_form_list = $list;
 		}
@@ -958,12 +965,17 @@ class MemberModel extends Member
 		$join_form = $output->data;
 		if(!$join_form) return NULL;
 
-		$column_type = $join_form->column_type;
-		$default_value = $join_form->default_value;
-
-		if(in_array($column_type, array('checkbox','select','radio')))
+		if (in_array($join_form->column_type, ['checkbox','select','radio']))
 		{
-			$join_form->default_value = unserialize($default_value);
+			if (isset($join_form->options) && $join_form->options !== '')
+			{
+				$join_form->options = json_decode($join_form->options, true);
+			}
+			elseif (preg_match('/^a:\d+:\{i:/', $join_form->default_value))
+			{
+				$join_form->options = unserialize($join_form->default_value);
+				$join_form->default_value = '';
+			}
 		}
 		else
 		{

modules/member/member.view.php

@@ -280,6 +280,7 @@ class MemberView extends Member
 				$extvalue->input_id = $formInfo->name;
 				$extvalue->value = $extendFormInfo[$formInfo->member_join_form_srl]->value ?? null;
 				$extvalue->default = $extendFormInfo[$formInfo->member_join_form_srl]->default_value ?? null;
+				$extvalue->options = $extendFormInfo[$formInfo->member_join_form_srl]->options ?? null;
 				$item->value = $extvalue->getValueHTML();
 			}
 

modules/member/queries/insertJoinForm.xml

@@ -9,6 +9,7 @@
         <column name="column_title" var="column_title" />
         <column name="required" var="required" default="N" />
         <column name="default_value" var="default_value" />
+		<column name="options" var="options" />
         <column name="is_active" var="is_active" default="N" />
         <column name="description" var="description" />
         <column name="regdate" default="curdate()" />

modules/member/queries/updateJoinForm.xml

@@ -8,6 +8,7 @@
         <column name="column_title" var="column_title" />
         <column name="required" var="required" default="N" />
         <column name="default_value" var="default_value" />
+		<column name="options" var="options" />
         <column name="is_active" var="is_active" default="N" />
         <column name="description" var="description" />
     </columns>

modules/member/schemas/member_join_form.xml

@@ -5,6 +5,7 @@
     <column name="column_title" type="varchar" size="60" notnull="notnull" />
     <column name="required" type="char" size="1" default="N" notnull="notnull" />
     <column name="default_value" type="text" />
+	<column name="options" type="text" />
     <column name="is_active" type="char" size="1" default="Y" />
     <column name="description" type="text" />
     <column name="list_order" type="number" size="11" notnull="notnull" default="1" index="idx_list_order" />

modules/member/tpl/insert_join_form.html

@@ -26,11 +26,17 @@
 				</select>
 			</div>
 		</div>
-		<div class="x_control-group multiExample">
-			<label for="multiSelect" class="x_control-label"><em style="color:red">*</em> {$lang->options}</label>
+		<div class="x_control-group">
+			<label for="default_value" class="x_control-label"> {$lang->default_value}</label>
 			<div class="x_controls">
-				<textarea rows="4" cols="42" id="multiSelect" name="default_value" style="vertical-align:top"><block cond="$default_value">{implode('|@|', $default_value)}</block></textarea>
-				<p class="x_help-inline">{$lang->about_multi_type}</p>
+				<input type="text" id="default_value" name="default_value" value="{$default_value}" />
+			</div>
+		</div>
+		<div class="x_control-group multiExample">
+			<label for="multiSelect" class="x_control-label"> {$lang->options}</label>
+			<div class="x_controls">
+				<textarea rows="4" cols="42" id="multiSelect" name="options" style="vertical-align:top"><block cond="$options">{implode("\n", $options)}</block></textarea>
+				<p class="x_help-block">{$lang->about_multi_type}</p>
 			</div>
 		</div>
 		<div class="x_control-group">
@@ -51,7 +57,6 @@
 		<span class="x_pull-right"><button class="x_btn x_btn-primary" type="submit" name="mode" <!--@if($formInfo)-->value="update"<!--@else-->value="insert"<!--@end--> >{$lang->cmd_save}</button></span>
 	</div>
 <script>
-	var $ = jQuery;
 	var typeSelect = $('.typeSelect');
 	var multiOption = $('.typeSelect>option[value=checkbox], .typeSelect>option[value=radio], .typeSelect>option[value=select_multiple], .typeSelect>option[value=select]');
 	var multiExample = $('.multiExample');

modules/menu/menu.admin.controller.php

@@ -2003,7 +2003,7 @@ class MenuAdminController extends Menu
 			// If the value of node->group_srls exists
 			if($node->group_srls) {
 				$group_srls_exported = json_encode(array_values(is_array($node->group_srls) ? $node->group_srls : array_map('intval', explode(',', $node->group_srls))));
-				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged&&%s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0);
+				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged&&%s)||(!$is_logged&&%s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0, $node->group_srls == '-4' ? 1 : 0);
 			}
 			else
 			{
@@ -2099,7 +2099,7 @@ class MenuAdminController extends Menu
 			if($node->group_srls)
 			{
 				$group_srls_exported = json_encode(array_values(is_array($node->group_srls) ? $node->group_srls : array_map('intval', explode(',', $node->group_srls))));
-				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged && %s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0);
+				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged && %s)||(!$is_logged && %s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0, $node->group_srls == '-4' ? 1 : 0);
 			}
 			else
 			{

modules/menu/menu.admin.model.php

@@ -216,6 +216,10 @@ class MenuAdminModel extends Menu
 			{
 				$menuItem->grant = 'manager';
 			}
+			else if($menuItem->group_srls[0] == -4)
+			{
+				$menuItem->grant = 'not_member';
+			}
 			else
 			{
 				$menuItem->grant = 'group';

modules/menu/tpl/sitemap.html

@@ -2361,39 +2361,29 @@ jQuery(function($){
 				$node.find('._groups').append($groupNode);
 			}
 
-			if(i === 0){
-				$node.find('._group_signedup').remove();
-				//$node.find('._group_manager').remove();
-			}else{
-				/*
-					guest : 모든 옵션 사용 가능, 항상 권한 있음.
-					member : '모든 사용자' 제외하고 사용 가능, 로그인 정보가 있을 경우 true
-					not_member : 비로그인 사용자, 로그인 정보가 *없을* 경우 true
-					manager : '관리자만','선택그룹 사용자' 옵션만 사용가능, 관리자일 경우에만 true
-					root : manager와 동일.
-				*/
-				switch(sDefault){
-					case 'guest':
-						//
+			/*
+				guest : 모든 옵션 사용 가능, 항상 권한 있음.
+				member : '모든 사용자' 제외하고 사용 가능, 로그인 정보가 있을 경우 true
+				not_member : 비로그인 사용자, 로그인 정보가 *없을* 경우 true
+				manager : '관리자만','선택그룹 사용자' 옵션만 사용가능, 관리자일 경우에만 true
+				root : manager와 동일.
+			*/
+			switch(sDefault) {
+				case 'guest':
 					break;
-					case 'member':
-						$node.find('._group_all').remove();
+				case 'member':
+				case 'not_member':
+				case 'site':
+					$node.find('._group_loggedin').prop('selected', true);
 					break;
-					case 'not_member':
-						$node.find('._group_all').remove();
-					break;
-					case 'site':
-						$node.find('._group_all').remove();
-					break;
-					case 'manager':
-					case 'root':
-					default:
-						$node.find('._group_all').remove();
-						$node.find('._group_loggedin').remove();
-						$node.find('._group_signedup').remove();
-				}
+				case 'manager':
+				case 'root':
+				default:
+					$node.find('._group_manager').prop('selected', true);
+					$node.find('._group_all').remove();
+					$node.find('._group_loggedin').remove();
+					$node.find('._group_not_loggedin').remove();
 			}
-			//console.log(22, $node);
 			$List.append($node);
 			$('#auth select').trigger('change');
 		}

modules/message/message.view.php

@@ -71,9 +71,9 @@ class MessageView extends Message
 
 		Context::set('ssl_mode', \RX_SSL);
 		Context::set('system_message', nl2br($this->getMessage()));
-		Context::set('system_message_detail', nl2br($detail));
-		Context::set('system_message_help', self::getErrorHelp(strval($detail)));
-		Context::set('system_message_location', escape($location));
+		Context::set('system_message_detail', nl2br($detail ?? ''));
+		Context::set('system_message_help', self::getErrorHelp(strval($detail ?? '')));
+		Context::set('system_message_location', escape($location ?? ''));
 
 		if ($this->getError())
 		{

modules/module/models/Permission.php

@@ -103,7 +103,11 @@ class Permission
 		// Check if each permission is granted to the current user.
 		foreach ($this->_spec as $key => $requirement)
 		{
-			if ($requirement === 'guest')
+			if ($key === 'manager' && $this->manager)
+			{
+				continue;
+			}
+			elseif ($requirement === 'guest')
 			{
 				$this->{$key} = true;
 			}

modules/module/module.admin.model.php

@@ -171,9 +171,18 @@ class ModuleAdminModel extends Module
 		$grant_list->manager->title = lang('grant_manager');
 		$grant_list->manager->default = 'manager';
 		Context::set('grant_list', $grant_list);
+
 		// Get a permission group granted to the current module
 		$selected_group = array();
 		$default_grant = array();
+		foreach ($grant_list as $key => $val)
+		{
+			if (!empty($val->default))
+			{
+				$default_grant[$key] = $val->default;
+			}
+		}
+
 		$args = new stdClass();
 		$args->module_srl = $module_srl;
 		$output = executeQueryArray('module.getModuleGrants', $args);

modules/widget/tpl/widget_generate_code.include.html

@@ -37,15 +37,15 @@
 	</div>
 </div>
 
-{@$suggestion_id = 0}
+{@ $group = ''; $not_first = false; $suggestion_id = 0; }
 <block loop="$widget_info->extra_var => $id, $var">
-	{@$suggestion_id++}
+	{@ $suggestion_id++; }
 	<block cond="!$not_first && !$var->group"><section class="extra_vars section"></block>
 	<block cond="$group != $var->group">
 		<block cond="$not_first"></section></block>
 		<section class="extra_vars section">
 		<h1>{$var->group}</h1>
-		{@$group = $var->group}
+		{@ $group = $var->group; }
 	</block>
 
 	{@$not_first = true}
@@ -53,21 +53,21 @@
 		<label class="x_control-label" for="{$id}"|cond="$var->type != 'radio' && $var->type != 'checkbox'">{$var->name}</label>
 		<div class="x_controls">
 			<block cond="$var->type == 'text'">
-				<input type="text" name="{$id}" />
+				<input type="text" name="{$id}" value="{$var->default}" />
 			</block>
 			<block cond="$var->type == 'color'">
 				<input type="text" name="{$id}" value="" id="{$id}" class="rx-spectrum" style="width:178px" />
 			</block>
 			<block cond="$var->type == 'textarea'">
-				<textarea cond="$var->type == 'textarea'" name="{$id}" id="{$id}" rows="8" cols="42"></textarea>
+				<textarea cond="$var->type == 'textarea'" name="{$id}" id="{$id}" rows="8" cols="42">{$var->default}</textarea>
 			</block>
 			<block cond="$var->type == 'select'">
 				<select name="{$id}" id="{$id}">
-					<option loop="$var->options => $key, $val" value="{$key}">{$val}</option>
+					<option loop="$var->options => $key, $val" value="{$key}" selected="selected"|cond="$var->default !== '' && $key == $var->default">{$val}</option>
 				</select>
 			</block>
 			<block cond="$var->type == 'select-multi-order'">
-				<!--@if($var->init_options && is_array($var->init_options))-->
+				<!--@if(isset($var->init_options) && is_array($var->init_options))-->
 				{@$inits = array_keys($var->init_options)}
 				<input type="hidden" name="{$id}" value="{implode(',', $inits)}" />
 				<!--@else-->
@@ -76,7 +76,7 @@
 				<div style="display:inline-block;padding-top:3px">
 					<label>{$lang->display_no}</label>
 					<select class="multiorder_show" size="8" multiple="multiple" style="vertical-align:top;margin-bottom:5px">
-						<option loop="$var->options => $key, $val" cond="!$var->init_options[$key]" value="{$key}" default="true"|cond="$var->default_options[$key]">{$val}</option>
+						<option loop="$var->options => $key, $val" cond="empty($var->init_options[$key])" value="{$key}" default="true"|cond="!empty($var->default_options[$key])">{$val}</option>
 					</select>
 					<br>
 					<button type="button" class="x_btn multiorder_add" style="vertical-align:top">{$lang->cmd_insert}</button>
@@ -84,7 +84,7 @@
 				<div style="display:inline-block;padding-top:3px">
 					<label>{$lang->display_yes}</label>
 					<select class="multiorder_selected" size="8" multiple="multiple" style="vertical-align:top;margin-bottom:5px">
-						<option loop="$var->options => $key, $val" cond="$var->init_options[$key]" value="{$key}" default="true"|cond="$var->default_options[$key]">{$val}</option>
+						<option loop="$var->options => $key, $val" cond="!empty($var->init_options[$key])" value="{$key}" default="true"|cond="!empty($var->default_options[$key])">{$val}</option>
 					</select>
 					<br>
 					<button type="button" class="x_btn multiorder_up" style="margin:0 -5px 0 0;border-radius:2px 0 0 2px">{$lang->cmd_move_up}</button>

modules/widget/tpl/widget_generate_code_in_page.html

@@ -21,7 +21,7 @@
 	</div>
 	<div id="content" class="x_modal-body">
 		<p>{$widget_info->description} {$lang->about_widget_code_in_page}</p>
-		<form cond="$type=='faceoff'" class="x_form-horizontal">
+		<form cond="isset($type) && $type === 'faceoff'" class="x_form-horizontal">
 			<input type="hidden" name="module" value="widget" />
 			<input type="hidden" name="type" value="faceoff" />
 			<input type="hidden" name="act" value="dispWidgetGenerateCodeInPage" />

modules/widget/tpl/widget_style_generate_code_in_page.html

@@ -28,9 +28,9 @@
 		</div>
 		<div class="x_modal-body x_form-horizontal">
 			<a href="{getUrl('widgetstyle','none')}" class="widgetStyle"><img src="images/widgetstyle_none.gif" title="{$lang->notuse}" /></a>
-			<a loop="$widgetStyle_list => $key, $widgetStyle" cond="$widgetStyle->preview" href="{getUrl('widgetstyle',$widgetStyle->widgetStyle)}" class="widgetStyle <!--@if($widgetStyle->widgetStyle==$widgetstyle)-->selected<!--@end-->"><img src="{getUrl()}{$widgetStyle->preview}" title="{$widgetStyle->title}" /><span>{$widgetStyle->title}</span></a>
+			<a loop="$widgetStyle_list => $key, $widgetStyle" cond="$widgetStyle->preview" href="{getUrl('widgetstyle',$widgetStyle->widgetStyle)}" class="widgetStyle <!--@if($widgetStyle->widgetStyle == ($widgetstyle ?? ''))-->selected<!--@end-->"><img src="{getUrl()}{$widgetStyle->preview}" title="{$widgetStyle->title}" /><span>{$widgetStyle->title}</span></a>
 			<block cond="$widgetstyle_info">
-	
+
 				<h2>{$widgetstyle_info->title} ver {$widgetstyle_info->version}</h2>
 				<div class="x_control-group">
 					<label class="x_control-label">{$lang->description}</label>
@@ -52,45 +52,46 @@
 						{zdate($widgetstyle_info->date,'Y-m-d')}
 					</div>
 				</div>
-	
+
+				{@ $group = ''; $not_first = false; $suggestion_id = 0; }
 				<block loop="$widgetstyle_info->extra_var => $id, $var">
-					{@$suggestion_id++}
+					{@ $suggestion_id++; }
 					<block cond="!$not_first && !$var->group"><section class="section"></block>
 					<block cond="$group != $var->group">
 						<block cond="$not_first"></section></block>
 						<h1>{$var->group}</h1>
 						<section class="section">
-						{@$group = $var->group}
+						{@ $group = $var->group; }
 					</block>
-					{@$not_first = true}
+					{@ $not_first = true; }
 					<div class="x_control-group">
 						<label class="x_control-label" for="{$id}"|cond="$var->type!='text'&&$var->type!='textarea'" for="lang_{$id}"|cond="$var->type=='text'||$var->type=='textarea'">{$var->name}</label>
 						<div class="x_controls extra_vars">
 							<div cond="$var->type == 'text'">
-								<input type="text" name="{$id}" value="" class="lang_code" />
+								<input type="text" name="{$id}" value="{$var->default}" class="lang_code" />
 							</div>
-	
-							<input cond="$var->type == 'color'" type="text" name="{$id}" class="rx-spectrum" />
-	
+
+							<input cond="$var->type == 'color'" type="text" name="{$id}" value="{$var->default}" class="rx-spectrum" />
+
 							<div cond="$var->type == 'textarea'">
-								<textarea name="{$id}" rows="8" cols="42" class="lang_code"></textarea>
+								<textarea name="{$id}" rows="8" cols="42" class="lang_code">{$var->default}</textarea>
 							</div>
-	
+
 							<select cond="$var->type == 'select'" name="{$id}">
-								<option loop="$var->options => $key, $val" value="{$key}">{$val}</option>
+								<option loop="$var->options ?? [] => $key, $val" value="{$key}" selected="selected"|cond="$var->default !== '' && $key == $var->default">{$val}</option>
 							</select>
-	
+
 							<block cond="$var->type == 'filebox'">
 								<input type="hidden" name="{$id}" />
 								<a href="#modalFilebox" class="modalAnchor filebox">{$lang->cmd_select}</a>
 								{@$use_filebox = TRUE}
 							</block>
 
-							<label loop="$var->options => $key, $val" cond="$var->type == 'radio'">
+							<label loop="$var->options ?? [] => $key, $val" cond="$var->type == 'radio'">
 								<input type="radio" name="{$id}" id="{$id}_{$key}" value="{$key}" > {$val}
 							</label>
 
-							<label loop="$var->options => $key, $val" cond="$var->type == 'checkbox'">
+							<label loop="$var->options ?? [] => $key, $val" cond="$var->type == 'checkbox'">
 								<input type="checkbox" name="{$id}" id="{$id}_{$key}" value="{$key}" > {$val}
 							</label>
 							<span class="x_help-block">{$var->description}</span>

modules/widget/widget.controller.php

@@ -382,7 +382,7 @@ class WidgetController extends Widget
 			}
 
 			$args->widget_sequence = $args->widget_sequence ?? 0;
-			$args->colorset = $args->colorset ?? null;
+			$args->colorset = $args->colorset ?? '';
 
 			foreach ($lang_list as $lang_type => $val)
 			{
@@ -430,6 +430,14 @@ class WidgetController extends Widget
 				return;
 			}
 
+			foreach (WidgetModel::getWidgetInfo($widget)->extra_var ?? [] as $key => $val)
+			{
+				if (!isset($args->{$key}))
+				{
+					$args->{$key} = $val->default !== '' ? $val->default : null;
+				}
+			}
+
 			$widget_content = $oWidget->proc($args);
 			return Context::replaceUserLang($widget_content);
 		}
@@ -453,6 +461,14 @@ class WidgetController extends Widget
 			return;
 		}
 
+		foreach (WidgetModel::getWidgetInfo($widget)->extra_var ?? [] as $key => $val)
+		{
+			if (!isset($args->{$key}))
+			{
+				$args->{$key} = $val->default !== '' ? $val->default : null;
+			}
+		}
+
 		$oFrontEndFileHandler = FrontEndFileHandler::getInstance();
 		$oFrontEndFileHandler->startLog();
 
@@ -498,7 +514,7 @@ class WidgetController extends Widget
 		// Set default
 		$args->widget_sequence = $args->widget_sequence ?? 0;
 		$args->widget_cache = $args->widget_cache ?? 0;
-		$args->colorset = $args->colorset ?? null;
+		$args->colorset = $args->colorset ?? '';
 
 		/**
 		 * Widgets widgetContent/widgetBox Wanted If you are not content
@@ -600,25 +616,30 @@ class WidgetController extends Widget
 					{
 						foreach($args as $key => $val)
 						{
+							$val = (string)$val;
 							if(in_array($key, array('class','style','widget_padding_top','widget_padding_right','widget_padding_bottom','widget_padding_left','widget','widgetstyle','document_srl'))) continue;
 							if(strpos($val,'|@|')>0) $val = str_replace('|@|',',',$val);
 							$attribute[] = sprintf('%s="%s"', $key, htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
 						}
 					}
 
-					$oWidgetController = getController('widget');
-
-					$widget_content_header = sprintf(
-						'<div class="rhymix_content xe_content widgetOutput ' . $args->css_class . '" widgetstyle="%s" style="%s" widget_padding_left="%s" widget_padding_right="%s" widget_padding_top="%s" widget_padding_bottom="%s" widget="widgetContent" document_srl="%d" %s>'.
+					$widget_content_header = vsprintf(
+						'<div class="rhymix_content xe_content widgetOutput ' . ($args->css_class ?? '') . '" widgetstyle="%s" style="%s" widget_padding_left="%s" widget_padding_right="%s" widget_padding_top="%s" widget_padding_bottom="%s" widget="widgetContent" document_srl="%d" %s>'.
 						'<div class="widgetResize"></div>'.
 						'<div class="widgetResizeLeft"></div>'.
 						'<div class="widgetBorder">'.
-						'<div style="%s">',$args->widgetstyle,
+						'<div style="%s">',
+					[
+						$args->widgetstyle ?? '',
 						$style,
-						$args->widget_padding_left, $args->widget_padding_right, $args->widget_padding_top, $args->widget_padding_bottom,
+						$args->widget_padding_left,
+						$args->widget_padding_right,
+						$args->widget_padding_top,
+						$args->widget_padding_bottom,
 						$args->document_srl,
-						implode(' ',$attribute),
-						$inner_style);
+						implode(' ', $attribute),
+						$inner_style,
+					]);
 
 					$widget_content_body = $body;
 					$widget_content_footer = sprintf('</div>'.
@@ -642,11 +663,21 @@ class WidgetController extends Widget
 						}
 					}
 
-					$widget_content_header = sprintf(
-						'<div class="widgetOutput ' . $args->css_class . '" widgetstyle="%s" widget="widgetBox" style="%s;" widget_padding_top="%s" widget_padding_right="%s" widget_padding_bottom="%s" widget_padding_left="%s" %s >'.
+					$widget_content_header = vsprintf(
+						'<div class="widgetOutput ' . ($args->css_class ?? '') . '" widgetstyle="%s" widget="widgetBox" style="%s;" widget_padding_top="%s" widget_padding_right="%s" widget_padding_bottom="%s" widget_padding_left="%s" %s >'.
 						'<div class="widgetBoxResize"></div>'.
 						'<div class="widgetBoxResizeLeft"></div>'.
-						'<div class="widgetBoxBorder"><div class="nullWidget" style="%s">',$args->widgetstyle,$style, $widget_padding_top, $widget_padding_right, $widget_padding_bottom, $widget_padding_left,implode(' ',$attribute),$inner_style);
+						'<div class="widgetBoxBorder"><div class="nullWidget" style="%s">',
+					[
+						$args->widgetstyle ?? '',
+						$style,
+						$widget_padding_top,
+						$widget_padding_right,
+						$widget_padding_bottom,
+						$widget_padding_left,
+						implode(' ', $attribute),
+						$inner_style,
+					]);
 
 					$widget_content_body = $widgetbox_content;
 
@@ -667,12 +698,20 @@ class WidgetController extends Widget
 						}
 					}
 
-					$widget_content_header = sprintf('<div class="widgetOutput ' . $args->css_class . '" widgetstyle="%s" style="%s" widget_padding_top="%s" widget_padding_right="%s" widget_padding_bottom="%s" widget_padding_left="%s" widget="%s" %s >'.
+					$widget_content_header = vsprintf('<div class="widgetOutput ' . ($args->css_class ?? '') . '" widgetstyle="%s" style="%s" widget_padding_top="%s" widget_padding_right="%s" widget_padding_bottom="%s" widget_padding_left="%s" widget="%s" %s >'.
 						'<div class="widgetResize"></div>'.
 						'<div class="widgetResizeLeft"></div>'.
-						'<div class="widgetBorder">',$args->widgetstyle,$style,
-						$widget_padding_top, $widget_padding_right, $widget_padding_bottom, $widget_padding_left,
-						$widget, implode(' ',$attribute));
+						'<div class="widgetBorder">',
+					[
+						$args->widgetstyle ?? '',
+						$style,
+						$widget_padding_top,
+						$widget_padding_right,
+						$widget_padding_bottom,
+						$widget_padding_left,
+						$widget,
+						implode(' ', $attribute),
+					]);
 
 					$widget_content_body = sprintf('<div style="%s">%s</div>',$inner_style, $widget_content);
 
@@ -831,25 +870,20 @@ class WidgetController extends Widget
 		$vars->widget_padding_bottom = trim($request_vars->widget_padding_bottom);
 		$vars->document_srl= trim($request_vars->document_srl);
 
-		if(countobj($widget_info->extra_var))
+		foreach ($widget_info->extra_var ?? [] as $key => $val)
 		{
-			foreach($widget_info->extra_var as $key=>$val)
-			{
-				$vars->{$key} = trim($request_vars->{$key} ?? '');
-			}
+			$vars->{$key} = trim($request_vars->{$key} ?? '');
 		}
-		// If the widget style
+
+		// Additional configuration for widget styles
 		if($request_vars->widgetstyle)
 		{
 			$widgetStyle_info = WidgetModel::getWidgetStyleInfo($request_vars->widgetstyle);
-			if(countobj($widgetStyle_info->extra_var))
+			foreach ($widgetStyle_info->extra_var ?? [] as $key => $val)
 			{
-				foreach($widgetStyle_info->extra_var as $key=>$val)
+				if (in_array($val->type, ['color', 'text', 'select', 'filebox', 'textarea']))
 				{
-					if($val->type =='color' || $val->type =='text' || $val->type =='select' || $val->type =='filebox' || $val->type == 'textarea')
-					{
-						$vars->{$key} = trim($request_vars->{$key} ?? '');
-					}
+					$vars->{$key} = trim($request_vars->{$key} ?? '');
 				}
 			}
 		}

modules/widget/widget.model.php

@@ -128,12 +128,19 @@ class WidgetModel extends Widget
 			return;
 		}
 
-		// Check the cache.
+		// Check the local cache.
 		$xml_mtime = filemtime($xml_file);
+		if (isset($GLOBALS['__widget_info__'][$widget][$xml_mtime]))
+		{
+			return $GLOBALS['__widget_info__'][$widget][$xml_mtime];
+		}
+
+		// Check the system cache.
 		$cache_key = sprintf('widget_info:%s:%d', $widget, $xml_mtime);
 		$widget_info = Rhymix\Framework\Cache::get($cache_key);
 		if ($widget_info)
 		{
+			$GLOBALS['__widget_info__'][$widget][$xml_mtime] = $widget_info;
 			return $widget_info;
 		}
 
@@ -145,6 +152,7 @@ class WidgetModel extends Widget
 		}
 
 		Rhymix\Framework\Cache::set($cache_key, $widget_info);
+		$GLOBALS['__widget_info__'][$widget][$xml_mtime] = $widget_info;
 		return $widget_info;
 	}
 
@@ -155,7 +163,7 @@ class WidgetModel extends Widget
 	public static function getWidgetStyleInfo($widgetStyle)
 	{
 		// Check the widget style path.
-		$widgetStyle = preg_replace('/[^a-zA-Z0-9-_]/', '', $widgetStyle);
+		$widgetStyle = preg_replace('/[^a-zA-Z0-9-_]/', '', (string)$widgetStyle);
 		$widgetStyle_path = self::getWidgetStylePath($widgetStyle);
 		if (!$widgetStyle_path)
 		{
@@ -169,12 +177,19 @@ class WidgetModel extends Widget
 			return;
 		}
 
-		// Check the cache.
+		// Check the local cache.
 		$xml_mtime = filemtime($xml_file);
+		if (isset($GLOBALS['__widgetstyle_info__'][$widgetStyle][$xml_mtime]))
+		{
+			return $GLOBALS['__widgetstyle_info__'][$widgetStyle][$xml_mtime];
+		}
+
+		// Check the system cache.
 		$cache_key = sprintf('widgetstyle_info:%s:%d', $widgetStyle, $xml_mtime);
 		$widgetStyle_info = Rhymix\Framework\Cache::get($cache_key);
 		if ($widgetStyle_info)
 		{
+			$GLOBALS['__widgetstyle_info__'][$widgetStyle][$xml_mtime] = $widgetStyle_info;
 			return $widgetStyle_info;
 		}
 
@@ -186,6 +201,7 @@ class WidgetModel extends Widget
 		}
 
 		Rhymix\Framework\Cache::set($cache_key, $widgetStyle_info);
+		$GLOBALS['__widgetstyle_info__'][$widgetStyle][$xml_mtime] = $widgetStyle_info;
 		return $widgetStyle_info;
 	}
 }

tests/unit/framework/parsers/TemplateParserV2Test.php

@@ -265,6 +265,14 @@ class TemplateParserV2Test extends \Codeception\Test\Unit
 		$target = '<div class="foo" onClick="<?php $this->config->context = \'JS\'; ?>bar.barr()<?php $this->config->context = \'HTML\'; ?>">Hello</div>';
 		$this->assertEquals($target, $this->_parse($source, true, false));
 
+		// pattern attribute in <input> tag
+		$source = '<input type="text" pattern="[a-z0-9]{4,8}" value="Hello" />';
+		$target = '<input type="text" pattern="<?php $this->config->context = \'JS\'; ?>[a-z0-9]{4,8}<?php $this->config->context = \'HTML\'; ?>" value="Hello" />';
+		$this->assertEquals($target, $this->_parse($source, true, false));
+		$source = '<input type="text" pattern="[{{ $chars }}]{4,8}" value="Hello" />';
+		$target = '<input type="text" pattern="<?php $this->config->context = \'JS\'; ?>[<?php echo $this->config->context === \'HTML\' ? htmlspecialchars($__Context->chars ?? \'\', \ENT_QUOTES, \'UTF-8\', false) : $this->_v2_escape($__Context->chars ?? \'\'); ?>]{4,8}<?php $this->config->context = \'HTML\'; ?>" value="Hello" />';
+		$this->assertEquals($target, $this->_parse($source, true, false));
+
 		// <style> tag
 		$source = '<style> body { font-size: 16px; } </style>';
 		$target = '<style<?php $this->config->context = \'CSS\'; ?>> body { font-size: 16px; } <?php $this->config->context = \'HTML\'; ?></style>';

widgets/content/conf/info.xml

@@ -246,7 +246,7 @@
                     <name xml:lang="tr">UL (list)</name>
                 </options>
             </var>
-            <var id="list_count" type="text">
+            <var id="list_count" type="text" default="5">
                 <name xml:lang="ko">목록수</name>
                 <name xml:lang="zh-CN">目录数</name>
                 <name xml:lang="jp">リスト数</name>
@@ -266,7 +266,7 @@
                 <description xml:lang="zh-TW">設置要顯示的目錄數。(預設是5個)</description>
                 <description xml:lang="tr">Görüntülenecek yazıların sayısını ayarlayabilirsiniz. (varsayılan değer 5'tir)</description>
             </var>
-            <var id="cols_list_count" type="text">
+            <var id="cols_list_count" type="text" default="5">
                 <name xml:lang="ko">가로 이미지 수</name>
                 <name xml:lang="jp">横並びイメージ数</name>
                 <name xml:lang="zh-CN">横向图片数</name>