mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-06 18:21:39 +09:00
다국어 등 코드를 생성하여 만들어지는 cache 파일의 취약점 수정
- 관리자 메뉴, 사용자 지정 다국어 cache를 object cache로 변경 - xpressengine/xe-core#2182
This commit is contained in:
Kijin Sung
parent
999bc92753
commit
e48179aa05
6 changed files with 73 additions and 97 deletions
|
|
@ -45,6 +45,7 @@ class adminAdminController extends admin
|
|||
return $output;
|
||||
}
|
||||
|
||||
Rhymix\Framework\Cache::delete('admin_menu_langs:' . Context::getLangType());
|
||||
Rhymix\Framework\Storage::deleteDirectory(\RX_BASEDIR . 'files/cache/menu/admin_lang/');
|
||||
|
||||
$this->setRedirectUrl(Context::get('error_return_url'));
|
||||
|
|
|
|||
|
|
@ -624,38 +624,33 @@ class adminAdminModel extends admin
|
|||
*/
|
||||
function getAdminMenuLang()
|
||||
{
|
||||
$currentLang = Context::getLangType();
|
||||
$cacheFile = sprintf('./files/cache/menu/admin_lang/adminMenu.%s.lang.php', $currentLang);
|
||||
static $lang = null;
|
||||
|
||||
// Update if no cache file exists or it is older than xml file
|
||||
if(!is_readable($cacheFile))
|
||||
if ($lang === null)
|
||||
{
|
||||
$lang = new stdClass();
|
||||
$lang = Rhymix\Framework\Cache::get('admin_menu_langs:' . Context::getLangType());
|
||||
}
|
||||
if ($lang === null)
|
||||
{
|
||||
$lang = array();
|
||||
$oModuleModel = getModel('module');
|
||||
$installed_module_list = $oModuleModel->getModulesXmlInfo();
|
||||
|
||||
$this->gnbLangBuffer = '<?php $lang = new stdClass();';
|
||||
foreach($installed_module_list AS $key => $value)
|
||||
foreach($installed_module_list as $key => $value)
|
||||
{
|
||||
$moduleActionInfo = $oModuleModel->getModuleActionXml($value->module);
|
||||
if(is_object($moduleActionInfo->menu))
|
||||
{
|
||||
foreach($moduleActionInfo->menu AS $key2 => $value2)
|
||||
foreach($moduleActionInfo->menu as $key2 => $value2)
|
||||
{
|
||||
$lang->menu_gnb_sub[$key2] = $value2->title;
|
||||
$this->gnbLangBuffer .=sprintf('$lang->menu_gnb_sub[\'%s\'] = \'%s\';', $key2, $value2->title);
|
||||
$lang[$key2] = $value2->title;
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->gnbLangBuffer .= ' ?>';
|
||||
FileHandler::writeFile($cacheFile, $this->gnbLangBuffer);
|
||||
}
|
||||
else
|
||||
{
|
||||
include $cacheFile;
|
||||
}
|
||||
|
||||
return $lang->menu_gnb_sub;
|
||||
Rhymix\Framework\Cache::set('admin_menu_langs:' . Context::getLangType(), $lang, 0, true);
|
||||
}
|
||||
|
||||
return $lang;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2299,7 +2299,7 @@ class documentController extends document
|
|||
{
|
||||
foreach($langs as $key => $val)
|
||||
{
|
||||
$xml_header_buff .= sprintf('$_titles[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
$xml_header_buff .= sprintf('$_titles[%d][%s] = %s; ', $category_srl, var_export($key, true), var_export(escape($val, false), true));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -2308,12 +2308,12 @@ class documentController extends document
|
|||
{
|
||||
foreach($langx as $key => $val)
|
||||
{
|
||||
$xml_header_buff .= sprintf('$_descriptions[%d]["%s"] = "%s"; ', $category_srl, $key, str_replace('"','\\"',htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)));
|
||||
$xml_header_buff .= sprintf('$_descriptions[%d][%s] = %s; ', $category_srl, var_export($key, true), var_export(escape($val, false), true));
|
||||
}
|
||||
}
|
||||
|
||||
$attribute = sprintf(
|
||||
'mid="%s" module_srl="%d" node_srl="%d" parent_srl="%d" category_srl="%d" text="<?php echo (%s?($_titles[%d][$lang_type]):"")?>" url="%s" expand="%s" color="%s" description="<?php echo (%s?($_descriptions[%d][$lang_type]):"")?>" document_count="%d" ',
|
||||
'mid="%s" module_srl="%d" node_srl="%d" parent_srl="%d" category_srl="%d" text="<?php echo (%s?($_titles[%d][$lang_type]):"")?>" url=%s expand=%s color=%s description="<?php echo (%s?($_descriptions[%d][$lang_type]):"")?>" document_count="%d" ',
|
||||
$mid,
|
||||
$module_srl,
|
||||
$category_srl,
|
||||
|
|
@ -2321,9 +2321,9 @@ class documentController extends document
|
|||
$category_srl,
|
||||
$group_check_code,
|
||||
$category_srl,
|
||||
getUrl('','mid',$node->mid,'category',$category_srl),
|
||||
$expand,
|
||||
htmlspecialchars($color, ENT_COMPAT | ENT_HTML401, 'UTF-8', false),
|
||||
var_export(getUrl('','mid',$node->mid,'category',$category_srl), true),
|
||||
var_export($expand, true),
|
||||
var_export(escape($color, false), true),
|
||||
$group_check_code,
|
||||
$category_srl,
|
||||
$node->document_count
|
||||
|
|
@ -2388,10 +2388,10 @@ class documentController extends document
|
|||
{
|
||||
$val = htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$php_header_buff .= sprintf(
|
||||
'$_titles[%d]["%s"] = "%s"; ',
|
||||
'$_titles[%d][%s] = %s; ',
|
||||
$category_srl,
|
||||
$key,
|
||||
str_replace('"','\\"', $val)
|
||||
var_export($key, true),
|
||||
var_export($val, true)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -2404,17 +2404,17 @@ class documentController extends document
|
|||
{
|
||||
$val = htmlspecialchars($val, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$php_header_buff .= sprintf(
|
||||
'$_descriptions[%d]["%s"] = "%s"; ',
|
||||
'$_descriptions[%d][%s] = %s; ',
|
||||
$category_srl,
|
||||
$key,
|
||||
str_replace('"','\\"', $val)
|
||||
var_export($key, true),
|
||||
var_export($val, true)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Create attributes(Use the category_srl_list to check whether to belong to the menu's node. It seems to be tricky but fast fast and powerful;)
|
||||
$attribute = sprintf(
|
||||
'"mid" => "%s", "module_srl" => "%d","node_srl"=>"%s","category_srl"=>"%s","parent_srl"=>"%s","text"=>$_titles[%d][$lang_type],"selected"=>(in_array(Context::get("category"),array(%s))?1:0),"expand"=>"%s","color"=>"%s","description"=>$_descriptions[%d][$lang_type],"list"=>array(%s),"document_count"=>"%d","grant"=>%s?true:false',
|
||||
'"mid" => "%s", "module_srl" => "%d","node_srl"=>"%d","category_srl"=>"%d","parent_srl"=>"%d","text"=>$_titles[%d][$lang_type],"selected"=>(in_array(Context::get("category"),array(%s))?1:0),"expand"=>%s,"color"=>%s,"description"=>$_descriptions[%d][$lang_type],"list"=>array(%s),"document_count"=>"%d","grant"=>%s?true:false',
|
||||
$node->mid,
|
||||
$node->module_srl,
|
||||
$node->category_srl,
|
||||
|
|
@ -2422,8 +2422,8 @@ class documentController extends document
|
|||
$node->parent_srl,
|
||||
$node->category_srl,
|
||||
$selected,
|
||||
$expand,
|
||||
$node->color,
|
||||
var_export($expand, true),
|
||||
var_export($node->color, true),
|
||||
$node->category_srl,
|
||||
$child_buff,
|
||||
$node->document_count,
|
||||
|
|
|
|||
|
|
@ -1896,7 +1896,7 @@ class menuAdminController extends menu
|
|||
$names = $oMenuAdminModel->getMenuItemNames($node->name, $site_srl);
|
||||
foreach($names as $key => $val)
|
||||
{
|
||||
$name_arr_str .= sprintf('"%s"=>%s,', $key, var_export($val, true));
|
||||
$name_arr_str .= sprintf('%s => %s, ', var_export($key, true), var_export($val, true));
|
||||
}
|
||||
$name_str = sprintf('$_names = array(%s); print $_names[$lang_type];', $name_arr_str);
|
||||
|
||||
|
|
@ -1940,23 +1940,23 @@ class menuAdminController extends menu
|
|||
if($group_srls)$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged&&%s))',$group_srls,$group_srls == -1?1:0);
|
||||
else $group_check_code = "true";
|
||||
$attribute = sprintf(
|
||||
'node_srl="%s" parent_srl="%s" menu_name_key=\'%s\' text="<?php if(%s) { %s }?>" url="<?php print(%s?"%s":"")?>" href="<?php print(%s?%s:"")?>" is_shortcut="%s" desc="%s" open_window="%s" expand="%s" normal_btn="%s" hover_btn="%s" active_btn="%s" link="<?php if(%s) {?>%s<?php }?>"',
|
||||
'node_srl="%d" parent_srl="%d" menu_name_key=%s text="<?php if(%s) { %s }?>" url="<?php print(%s?%s:"")?>" href="<?php print(%s?%s:"")?>" is_shortcut=%s desc=%s open_window=%s expand=%s normal_btn=%s hover_btn=%s active_btn=%s link="<?php if(%s) {?>%s<?php }?>"',
|
||||
$menu_item_srl,
|
||||
$node->parent_srl,
|
||||
addslashes($node->name),
|
||||
var_export($node->name, true),
|
||||
$group_check_code,
|
||||
$name_str,
|
||||
$group_check_code,
|
||||
$url,
|
||||
var_export($url, true),
|
||||
$group_check_code,
|
||||
$href,
|
||||
$is_shortcut,
|
||||
$desc,
|
||||
$open_window,
|
||||
$expand,
|
||||
$normal_btn,
|
||||
$hover_btn,
|
||||
$active_btn,
|
||||
var_export($is_shortcut, true),
|
||||
var_export($desc, true),
|
||||
var_export($open_window, true),
|
||||
var_export($expand, true),
|
||||
var_export($normal_btn, true),
|
||||
var_export($hover_btn, true),
|
||||
var_export($active_btn, true),
|
||||
$group_check_code,
|
||||
$link
|
||||
);
|
||||
|
|
@ -2069,26 +2069,26 @@ class menuAdminController extends menu
|
|||
}
|
||||
// Create properties (check if it belongs to the menu node by url_list. It looks a trick but fast and powerful)
|
||||
$attribute = sprintf(
|
||||
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => \'%s\', "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? "%s" : ""), "is_shortcut" => "%s", "desc" => \'%s\', "open_window" => "%s", "normal_btn" => "%s", "hover_btn" => "%s", "active_btn" => "%s", "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => \'%s\', "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
|
||||
'"node_srl" => %d, "parent_srl" => %d, "menu_name_key" => %s, "isShow" => (%s ? true : false), "text" => (%s ? $_menu_names[%d][$lang_type] : ""), "href" => (%s ? %s : ""), "url" => (%s ? %s : ""), "is_shortcut" => %s, "desc" => %s, "open_window" => %s, "normal_btn" => %s, "hover_btn" => %s, "active_btn" => %s, "selected" => (array(%s) && in_array(Context::get("mid"), array(%s)) ? 1 : 0), "expand" => %s, "list" => array(%s), "link" => (%s ? (array(%s) && in_array(Context::get("mid"), array(%s)) ? %s : %s) : ""),',
|
||||
$node->menu_item_srl,
|
||||
$node->parent_srl,
|
||||
strip_tags(addslashes($node->name)),
|
||||
var_export(strip_tags($node->name), true),
|
||||
$group_check_code,
|
||||
$group_check_code,
|
||||
$node->menu_item_srl,
|
||||
$group_check_code,
|
||||
$href,
|
||||
$group_check_code,
|
||||
$url,
|
||||
$is_shortcut,
|
||||
$desc,
|
||||
$open_window,
|
||||
$normal_btn,
|
||||
$hover_btn,
|
||||
$active_btn,
|
||||
var_export($url, true),
|
||||
var_export($is_shortcut, true),
|
||||
var_export($desc, true),
|
||||
var_export($open_window, true),
|
||||
var_export($normal_btn, true),
|
||||
var_export($hover_btn, true),
|
||||
var_export($active_btn, true),
|
||||
$selected,
|
||||
$selected,
|
||||
$expand,
|
||||
var_export($expand, true),
|
||||
$child_buff,
|
||||
$group_check_code,
|
||||
$selected,
|
||||
|
|
|
|||
|
|
@ -864,14 +864,11 @@ class moduleAdminController extends module
|
|||
}
|
||||
$output = executeQueryArray('module.getLang', $args);
|
||||
if(!$output->toBool() || !$output->data) return;
|
||||
// Set the cache directory
|
||||
$cache_path = _XE_PATH_.'files/cache/lang_defined/';
|
||||
FileHandler::makeDir($cache_path);
|
||||
|
||||
$langMap = array();
|
||||
foreach($output->data as $val)
|
||||
foreach($output->data as $lang)
|
||||
{
|
||||
$langMap[$val->lang_code][$val->name] = $val->value;
|
||||
$langMap[$lang->lang_code][$lang->name] = $lang->value;
|
||||
}
|
||||
|
||||
$lang_supported = Context::loadLangSelected();
|
||||
|
|
@ -905,16 +902,10 @@ class moduleAdminController extends module
|
|||
$langMap[$langCode] += $langMap[$targetLangCode];
|
||||
}
|
||||
|
||||
$buff = array("<?php if(!defined('__XE__')) exit();");
|
||||
foreach($langMap[$langCode] as $code => $value)
|
||||
{
|
||||
$buff[] = sprintf('$lang[%s] = %s;', var_export(strval($code), true), var_export(strval($value), true));
|
||||
}
|
||||
if (!Rhymix\Framework\Storage::write(sprintf('%s/%d.%s.php', $cache_path, $args->site_srl, $langCode), implode(PHP_EOL, $buff)))
|
||||
{
|
||||
return;
|
||||
}
|
||||
Rhymix\Framework\Cache::set('site_and_module:user_defined_langs:' . $args->site_srl . ':' . $langCode, $langMap[$langCode], 0, true);
|
||||
}
|
||||
|
||||
return $langMap[Context::getLangType()];
|
||||
}
|
||||
|
||||
public function procModuleAdminSetDesignInfo()
|
||||
|
|
|
|||
|
|
@ -1041,44 +1041,33 @@ class moduleController extends module
|
|||
* @brief Change user-defined language
|
||||
*/
|
||||
function replaceDefinedLangCode(&$output, $isReplaceLangCode = true)
|
||||
{
|
||||
if($isReplaceLangCode)
|
||||
{
|
||||
$output = preg_replace_callback('!\$user_lang->([a-z0-9\_]+)!is', array($this,'_replaceLangCode'), $output);
|
||||
}
|
||||
}
|
||||
|
||||
function _replaceLangCode($matches)
|
||||
{
|
||||
static $lang = null;
|
||||
|
||||
if(is_null($lang))
|
||||
if($isReplaceLangCode)
|
||||
{
|
||||
$cache_file = sprintf('%sfiles/cache/lang_defined/%d.%s.php', _XE_PATH_, 0, Context::getLangType());
|
||||
if(!file_exists($cache_file))
|
||||
if($lang === null)
|
||||
{
|
||||
$lang = Rhymix\Framework\Cache::get('site_and_module:user_defined_langs:' . $args->site_srl . ':' . Context::getLangType());
|
||||
if($lang === null)
|
||||
{
|
||||
$oModuleAdminController = getAdminController('module');
|
||||
$oModuleAdminController->makeCacheDefinedLangCode(0);
|
||||
$lang = $oModuleAdminController->makeCacheDefinedLangCode($site_module_info->site_srl);
|
||||
}
|
||||
}
|
||||
|
||||
if(file_exists($cache_file))
|
||||
$output = preg_replace_callback('!\$user_lang->([a-z0-9\_]+)!is', function($matches) use($lang) {
|
||||
if(isset($lang[$matches[1]]) && !Context::get($matches[1]))
|
||||
{
|
||||
$moduleAdminControllerMtime = filemtime(_XE_PATH_ . 'modules/module/module.admin.controller.php');
|
||||
$cacheFileMtime = filemtime($cache_file);
|
||||
if($cacheFileMtime < $moduleAdminControllerMtime)
|
||||
return $lang[$matches[1]];
|
||||
}
|
||||
else
|
||||
{
|
||||
$oModuleAdminController = getAdminController('module');
|
||||
$oModuleAdminController->makeCacheDefinedLangCode(0);
|
||||
}
|
||||
|
||||
require_once($cache_file);
|
||||
}
|
||||
}
|
||||
if(!Context::get($matches[1]) && $lang[$matches[1]]) return $lang[$matches[1]];
|
||||
|
||||
return str_replace('$user_lang->', '', $matches[0]);
|
||||
}
|
||||
|
||||
}, $output);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Add and update a file into the file box
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue