From eda9af546c10e33b6430acceaf16f6d09c64e0c9 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 2 Nov 2023 20:49:05 +0900
Subject: [PATCH] Automatically set module_srl in upload info, and check it
 strictly

---
 modules/file/file.controller.php | 27 ++++++++++++++++++---------
 modules/file/lang/en.php         |  1 +
 modules/file/lang/ko.php         |  1 +
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 8b1f2bcc7..b9111571b 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -36,11 +36,11 @@ class FileController extends File
 		$module_srl = $this->module_srl;
 		if (empty($_SESSION['upload_info'][$editor_sequence]->enabled))
 		{
-			throw new Rhymix\Framework\Exceptions\NotPermitted;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
-		if ($_SESSION['upload_info'][$editor_sequence]->module_srl && $_SESSION['upload_info'][$editor_sequence]->module_srl !== $module_srl)
+		if ($_SESSION['upload_info'][$editor_sequence]->module_srl !== $module_srl)
 		{
-			throw new Rhymix\Framework\Exceptions\NotPermitted;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
 
 		// Validate upload_target_srl.
@@ -48,7 +48,7 @@ class FileController extends File
 		$submitted_upload_target_srl = intval(Context::get('uploadTargetSrl')) ?: intval(Context::get('upload_target_srl'));
 		if ($submitted_upload_target_srl && $submitted_upload_target_srl !== intval($upload_target_srl))
 		{
-			throw new Rhymix\Framework\Exceptions\TargetNotFound;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
 		if (!$upload_target_srl)
 		{
@@ -180,11 +180,11 @@ class FileController extends File
 		$module_srl = $this->module_srl;
 		if (empty($_SESSION['upload_info'][$editor_sequence]->enabled))
 		{
-			throw new Rhymix\Framework\Exceptions\NotPermitted;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
-		if ($_SESSION['upload_info'][$editor_sequence]->module_srl && $_SESSION['upload_info'][$editor_sequence]->module_srl !== $module_srl)
+		if ($_SESSION['upload_info'][$editor_sequence]->module_srl !== $module_srl)
 		{
-			throw new Rhymix\Framework\Exceptions\NotPermitted;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
 
 		// Get upload_target_srl
@@ -192,7 +192,7 @@ class FileController extends File
 		$submitted_upload_target_srl = intval(Context::get('uploadTargetSrl')) ?: intval(Context::get('upload_target_srl'));
 		if ($submitted_upload_target_srl && $submitted_upload_target_srl !== intval($upload_target_srl))
 		{
-			throw new Rhymix\Framework\Exceptions\TargetNotFound;
+			throw new Rhymix\Framework\Exceptions\InvalidRequest('file.msg_invalid_upload_info');
 		}
 		if (!$upload_target_srl)
 		{
@@ -749,6 +749,14 @@ class FileController extends File
 			}
 			$editor_sequence = ++$_SESSION['_editor_sequence_'];
 		}
+		if(!$module_srl)
+		{
+			$current_module_info = Context::get('current_module_info');
+			if (!empty($current_module_info->module_srl))
+			{
+				$module_srl = $current_module_info->module_srl;
+			}
+		}
 		if(!isset($_SESSION['upload_info']) || !is_array($_SESSION['upload_info']))
 		{
 			$_SESSION['upload_info'] = array();
@@ -762,8 +770,9 @@ class FileController extends File
 		$_SESSION['upload_info'][$editor_sequence]->module_srl = (int)$module_srl;
 		if (!$module_srl)
 		{
-			trigger_error('FileController::setUploadInfo() called without module_srl', E_USER_WARNING);
+			trigger_error('No module_srl supplied to setUploadInfo(), and cannot determine automatically', E_USER_WARNING);
 		}
+
 		return $editor_sequence;
 	}
 
diff --git a/modules/file/lang/en.php b/modules/file/lang/en.php
index 5f7e32902..62c88a4f1 100644
--- a/modules/file/lang/en.php
+++ b/modules/file/lang/en.php
@@ -49,6 +49,7 @@ $lang->about_save_changelog = 'Keep a log of new and deleted files in the databa
 $lang->cmd_delete_checked_file = 'Delete Selected Item(s)';
 $lang->cmd_move_to_document = 'Move to Document';
 $lang->cmd_download = 'Download';
+$lang->msg_invalid_upload_info = 'Invalid upload target information.';
 $lang->msg_not_permitted_download = 'You do not have a permission to download.';
 $lang->msg_file_cart_is_null = 'Please select a file(s) to delete.';
 $lang->msg_checked_file_is_deleted = '%d attachment(s) was(were) deleted.';
diff --git a/modules/file/lang/ko.php b/modules/file/lang/ko.php
index 47691e443..d911843f1 100644
--- a/modules/file/lang/ko.php
+++ b/modules/file/lang/ko.php
@@ -49,6 +49,7 @@ $lang->about_save_changelog = '파일 저장 및 삭제 내역을 DB에 기록
 $lang->cmd_delete_checked_file = '선택항목 삭제';
 $lang->cmd_move_to_document = '문서로 이동';
 $lang->cmd_download = '다운로드';
+$lang->msg_invalid_upload_info = '업로드 대상 정보가 일치하지 않습니다.';
 $lang->msg_not_permitted_download = '다운로드할 수 있는 권한이 없습니다.';
 $lang->msg_file_cart_is_null = '삭제할 파일을 선택해주세요.';
 $lang->msg_checked_file_is_deleted = '%d개의 첨부 파일이 삭제되었습니다.';