From eba7b75c3ab70dfb5bb3964a367ac38bf325b9ef Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 1 Jun 2025 18:45:46 +0900
Subject: [PATCH] Fix undefined values and other warnings

---
 common/framework/Image.php                    |  2 +-
 modules/board/board.controller.php            |  2 +-
 modules/comment/comment.controller.php        |  8 +-
 modules/document/document.controller.php      | 86 +++++++++++++------
 modules/file/file.controller.php              |  6 +-
 modules/module/module.model.php               |  4 +
 .../ncenterlite/ncenterlite.controller.php    |  2 +-
 7 files changed, 73 insertions(+), 37 deletions(-)

diff --git a/common/framework/Image.php b/common/framework/Image.php
index 4b814abc7..0cad986e2 100644
--- a/common/framework/Image.php
+++ b/common/framework/Image.php
@@ -15,7 +15,7 @@ class Image
 	 */
 	public static function isImage(string $filename): bool
 	{
-		return array_shift(explode('/', MIME::getContentType($filename))) === 'image';
+		return preg_match('!^image/!', MIME::getContentType($filename));
 	}
 
 	/**
diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php
index fe693d38f..766535f41 100644
--- a/modules/board/board.controller.php
+++ b/modules/board/board.controller.php
@@ -581,7 +581,7 @@ class BoardController extends Board
 			$update_document = $this->module_info->update_order_on_comment === 'N' ? false : true;
 
 			// Check parent comment.
-			if($obj->parent_srl)
+			if (!empty($obj->parent_srl))
 			{
 				$parent_comment = CommentModel::getComment($obj->parent_srl);
 				if(!$parent_comment->comment_srl || $parent_comment->get('document_srl') != $oDocument->get('document_srl'))
diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 3d6c39e32..f57f067f6 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -571,7 +571,7 @@ class CommentController extends Comment
 		$obj->comment_srl = intval($obj->comment_srl);
 		$obj->module_srl = intval($obj->module_srl);
 		$obj->document_srl = intval($obj->document_srl);
-		$obj->parent_srl = intval($obj->parent_srl);
+		$obj->parent_srl = intval($obj->parent_srl ?? 0);
 
 		// Only managers can customize dates.
 		$grant = Context::get('grant');
@@ -615,7 +615,7 @@ class CommentController extends Comment
 		}
 
 		// even for manual_inserted if password exists, hash it.
-		if($obj->password)
+		if(!empty($obj->password))
 		{
 			$obj->password = \Rhymix\Framework\Password::hashPassword($obj->password, \Rhymix\Framework\Password::getBackwardCompatibleAlgorithm());
 		}
@@ -876,7 +876,7 @@ class CommentController extends Comment
 		$module_info = ModuleModel::getModuleInfoByDocumentSrl($obj->document_srl);
 
 		// If there is no problem to register comment then send an email to all admin were set in module admin panel
-		if($module_info->admin_mail && $member_info->is_admin != 'Y')
+		if(isset($module_info->admin_mail) && $module_info->admin_mail && $member_info->is_admin != 'Y')
 		{
 			$browser_title = Context::replaceUserLang($module_info->browser_title);
 			$mail_title = sprintf(lang('msg_comment_notify_mail'), $browser_title, cut_str($oDocument->getTitleText(), 20, '...'));
@@ -1521,12 +1521,12 @@ class CommentController extends Comment
 		}
 
 		// get a list of comments and then execute a trigger(way to reduce the processing cost for delete all)
+		$commentSrlList = array();
 		$args = new stdClass();
 		$args->document_srl = $document_srl;
 		$comments = executeQueryArray('comment.getAllComments', $args);
 		if($comments->data)
 		{
-			$commentSrlList = array();
 			foreach($comments->data as $comment)
 			{
 				$commentSrlList[] = $comment->comment_srl;
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 06bb24238..0bc2dc7c9 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -607,17 +607,39 @@ class DocumentController extends Document
 	 */
 	function insertDocument($obj, $manual_inserted = false, $isRestore = false, $isLatest = true)
 	{
-		if(!$manual_inserted && !checkCSRF())
+		if (!$manual_inserted && !checkCSRF())
 		{
 			return new BaseObject(-1, 'msg_security_violation');
 		}
 
-		// List variables
-		if($obj->comment_status) $obj->commentStatus = $obj->comment_status;
-		if(!$obj->commentStatus) $obj->commentStatus = 'DENY';
-		if($obj->commentStatus == 'DENY') $this->_checkCommentStatusForOldVersion($obj);
-		if($obj->allow_trackback!='Y') $obj->allow_trackback = 'N';
-		if($obj->homepage)
+		// Comment status
+		if (isset($obj->comment_status) && $obj->comment_status)
+		{
+			$obj->commentStatus = $obj->comment_status;
+		}
+		if (!isset($obj->commentStatus) || !$obj->commentStatus)
+		{
+			$obj->commentStatus = 'DENY';
+		}
+		if ($obj->commentStatus === 'DENY')
+		{
+			$this->_checkCommentStatusForOldVersion($obj);
+		}
+
+		if (!isset($obj->allow_trackback) || $obj->allow_trackback !== 'Y')
+		{
+			$obj->allow_trackback = 'N';
+		}
+		if (!isset($obj->notify_message) || $obj->notify_message !== 'Y')
+		{
+			$obj->notify_message = 'N';
+		}
+		if (!isset($obj->email_address))
+		{
+			$obj->email_address = '';
+		}
+
+		if (!empty($obj->homepage))
 		{
 			$obj->homepage = escape($obj->homepage);
 			if(!preg_match('/^[a-z]+:\/\//i',$obj->homepage))
@@ -626,20 +648,21 @@ class DocumentController extends Document
 			}
 		}
 
-		if($obj->notify_message != 'Y') $obj->notify_message = 'N';
-		if(!$obj->email_address) $obj->email_address = '';
-		if(!$isRestore) $obj->ipaddress = \RX_CLIENT_IP;
+		if (!$isRestore)
+		{
+			$obj->ipaddress = \RX_CLIENT_IP;
+		}
 		$obj->isRestore = $isRestore ? true : false;
 
 		// Sanitize variables
-		$obj->document_srl = intval($obj->document_srl);
-		$obj->category_srl = intval($obj->category_srl);
-		$obj->module_srl = intval($obj->module_srl);
+		$obj->document_srl = intval($obj->document_srl ?? 0);
+		$obj->category_srl = intval($obj->category_srl ?? 0);
+		$obj->module_srl = intval($obj->module_srl ?? 0);
 
 		// Default Status
-		if($obj->status)
+		if (isset($obj->status) && $obj->status)
 		{
-			if(!in_array($obj->status, $this->getStatusList()))
+			if (!in_array($obj->status, $this->getStatusList()))
 			{
 				$obj->status = $this->getDefaultStatus();
 			}
@@ -652,16 +675,16 @@ class DocumentController extends Document
 		// Check publish status
 		$is_publish = $obj->status !== 'TEMP';
 
-		// can modify regdate only manager
+		// Dates can only be manipulated by administrators.
 		$grant = Context::get('grant');
-		if(!$grant->manager)
+		if (!$grant->manager)
 		{
 			unset($obj->regdate);
 			unset($obj->last_update);
 			unset($obj->last_updater);
 		}
 
-		// Serialize the $extra_vars, check the extra_vars type, because duplicate serialized avoid
+		// Serialize the $extra_vars, but avoid duplicate serialization.
 		if (!isset($obj->extra_vars))
 		{
 			$obj->extra_vars = new stdClass;
@@ -744,18 +767,27 @@ class DocumentController extends Document
 		}
 
 		// Set the read counts and update order.
-		if(!$obj->readed_count) $obj->readed_count = 0;
-		if($isLatest) $obj->update_order = $obj->list_order = $obj->document_srl * -1;
-		else $obj->update_order = $obj->list_order;
+		if (!isset($obj->readed_count))
+		{
+			$obj->readed_count = 0;
+		}
+		if ($isLatest)
+		{
+			$obj->update_order = $obj->list_order = $obj->document_srl * -1;
+		}
+		else
+		{
+			$obj->update_order = $obj->list_order;
+		}
 
 		// Check the status of password hash for manually inserting. Apply hashing for otherwise.
-		if($obj->password && !$obj->password_is_hashed)
+		if(!empty($obj->password) && !$obj->password_is_hashed)
 		{
 			$obj->password = \Rhymix\Framework\Password::hashPassword($obj->password, \Rhymix\Framework\Password::getBackwardCompatibleAlgorithm());
 		}
 
 		// If the tile is empty, extract string from the contents.
-		$obj->title = escape($obj->title, false);
+		$obj->title = escape($obj->title ?? '', false);
 		if ($obj->title === '')
 		{
 			$obj->title = escape(cut_str(trim(utf8_normalize_spaces(strip_tags($obj->content))), 20, '...'), false);
@@ -1326,7 +1358,7 @@ class DocumentController extends Document
 		if($obj->update_log_setting === 'Y')
 		{
 			$obj->extra_vars = serialize($extra_vars);
-			if($this->grant->manager)
+			if($grant->manager)
 			{
 				$obj->is_admin = 'Y';
 			}
@@ -1394,13 +1426,13 @@ class DocumentController extends Document
 		$update_args->document_srl = $obj->document_srl;
 		$update_args->update_member_srl = intval($logged_info->member_srl ?? 0);
 		$update_args->title = $obj->title;
-		$update_args->title_bold = $obj->title_bold;
-		$update_args->title_color = $obj->title_color;
+		$update_args->title_bold = $obj->title_bold ?? 'N';
+		$update_args->title_color = $obj->title_color ?? null;
 		$update_args->content = $obj->content;
 		$update_args->update_nick_name = strval($logged_info->nick_name ?? $obj->nick_name);
 		$update_args->tags = $obj->tags;
 		$update_args->extra_vars = $obj->extra_vars;
-		$update_args->reason_update = $obj->reason_update;
+		$update_args->reason_update = $obj->reason_update ?? '';
 		$update_args->is_admin = $obj->is_admin;
 		$update_output = executeQuery('document.insertDocumentUpdateLog', $update_args);
 
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index dccee31b7..c46e633c1 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -60,7 +60,7 @@ class FileController extends File
 		}
 
 		// Handle chunking
-		if (preg_match('!^bytes (\d+)-(\d+)/(\d+)$!', $_SERVER['HTTP_CONTENT_RANGE'], $matches))
+		if (preg_match('!^bytes (\d+)-(\d+)/(\d+)$!', $_SERVER['HTTP_CONTENT_RANGE'] ?? '', $matches))
 		{
 			// Check basic sanity
 			$chunk_start = intval($matches[1]);
@@ -325,7 +325,7 @@ class FileController extends File
 
 		// Not allow the file outlink
 		$file_module_config = FileModel::getFileConfig($file_obj->module_srl);
-		if($file_module_config->allow_outlink == 'N' && $_SERVER["HTTP_REFERER"])
+		if($file_module_config->allow_outlink == 'N' && !empty($_SERVER['HTTP_REFERER']))
 		{
 			// Handles extension to allow outlink
 			if($file_module_config->allow_outlink_format)
@@ -886,7 +886,7 @@ class FileController extends File
 		$file_info['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($file_info['name']);
 		$file_info['type'] = Rhymix\Framework\MIME::getContentType($file_info['tmp_name']);
 		$file_info['original_type'] = $file_info['type'];
-		$file_info['extension'] = strtolower(array_pop(explode('.', $file_info['name'])));
+		$file_info['extension'] = strtolower(array_last(explode('.', $file_info['name'])));
 		$file_info['original_extension'] = $file_info['extension'];
 		$file_info['width'] = null;
 		$file_info['height'] = null;
diff --git a/modules/module/module.model.php b/modules/module/module.model.php
index f15de98ca..32f7d0479 100644
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@@ -529,6 +529,10 @@ class ModuleModel extends Module
 
 		foreach($target_module_info as $key => $val)
 		{
+			if (!isset($val->module_srl) || !$val->module_srl)
+			{
+				continue;
+			}
 			if (!isset($extra_vars[$val->module_srl]))
 			{
 				continue;
diff --git a/modules/ncenterlite/ncenterlite.controller.php b/modules/ncenterlite/ncenterlite.controller.php
index 983fba6b2..449aa9364 100644
--- a/modules/ncenterlite/ncenterlite.controller.php
+++ b/modules/ncenterlite/ncenterlite.controller.php
@@ -339,7 +339,7 @@ class NcenterliteController extends Ncenterlite
 
 	function triggerAfterInsertDocument(&$obj)
 	{
-		if ($obj->disable_triggers[$this->module] === true)
+		if (isset($obj->disable_triggers[$this->module]) && $obj->disable_triggers[$this->module] === true)
 		{
 			return;
 		}