From 4fe87edd1d4ca348395b0ae77f6947cd3ee2728f Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Mon, 9 Mar 2026 20:29:18 +0900 Subject: [PATCH 1/3] Don't call API class if HTTP status code is 4xx or 5xx --- classes/module/ModuleObject.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php index e2ede1a5b..687c07bad 100644 --- a/classes/module/ModuleObject.class.php +++ b/classes/module/ModuleObject.class.php @@ -921,7 +921,7 @@ class ModuleObject extends BaseObject // execute api methods of the module if view action is and result is XMLRPC or JSON if(isset($this->module_info->module_type) && in_array($this->module_info->module_type, ['view', 'mobile'])) { - if(Context::getResponseMethod() == 'XMLRPC' || Context::getResponseMethod() == 'JSON') + if ($this->getHttpStatusCode() < 400 && in_array(Context::getResponseMethod(), ['JSON', 'XMLRPC'])) { $oAPI = getAPI($this->module_info->module); if($oAPI instanceof ModuleObject && method_exists($oAPI, $this->act)) From 8b8dc99431d07100f94f44e668fc6b866b679b74 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Mon, 9 Mar 2026 20:29:59 +0900 Subject: [PATCH 2/3] Replace $oDocument with empty DocumentItem if access is not allowed --- modules/board/board.api.php | 35 +++++++++++++++++++++++++---------- modules/board/board.view.php | 2 ++ 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/modules/board/board.api.php b/modules/board/board.api.php index 6ca21a452..96519ef89 100644 --- a/modules/board/board.api.php +++ b/modules/board/board.api.php @@ -56,12 +56,19 @@ class BoardAPI extends Board public function dispBoardContentView($oModule) { $oDocument = Context::get('oDocument'); - if($oDocument->isGranted()) + if ($oDocument->isExists() && $oDocument->isAccessible()) { - $extra_vars = $oDocument->getExtraVars() ?: []; - $oDocument->add('extra_vars', $this->_arrangeExtraVars($extra_vars)); + if ($oDocument->isGranted()) + { + $extra_vars = $oDocument->getExtraVars() ?: []; + $oDocument->add('extra_vars', $this->_arrangeExtraVars($extra_vars)); + } + $oModule->add('oDocument', $this->_arrangeContent($oDocument, $oModule->grant)); + } + else + { + $oModule->add('oDocument', null); } - $oModule->add('oDocument', $this->_arrangeContent($oDocument, $oModule->grant)); } /** @@ -70,13 +77,13 @@ class BoardAPI extends Board public function dispBoardContentFileList($oModule) { $oDocument = Context::get('oDocument'); - if($oDocument->isAccessible()) + if ($oDocument->isExists() && $oDocument->isAccessible()) { $oModule->add('file_list', $this->_arrangeFiles(Context::get('file_list') ?: [])); } else { - $oModule->add('file_list', array()); + $oModule->add('file_list', []); } } @@ -93,12 +100,20 @@ class BoardAPI extends Board **/ public function dispBoardContentCommentList($oModule) { - $comment_list = Context::get('comment_list'); - if (!is_array($comment_list)) + $oDocument = Context::get('oDocument'); + if ($oDocument->isExists() && $oDocument->isAccessible()) { - $comment_list = []; + $comment_list = Context::get('comment_list'); + if (!is_array($comment_list)) + { + $comment_list = []; + } + $oModule->add('comment_list', $this->_arrangeComments($comment_list)); + } + else + { + $oModule->add('comment_list', []); } - $oModule->add('comment_list', $this->_arrangeComments($comment_list)); } /** diff --git a/modules/board/board.view.php b/modules/board/board.view.php index a24350ef5..f5cc7e84a 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -318,6 +318,7 @@ class BoardView extends Board { if (abs($oDocument->get('member_srl')) != $this->user->member_srl) { + $oDocument = DocumentModel::getDocument(0); Context::set('document_srl', null, true); $this->dispBoardMessage('msg_not_founded', 404); } @@ -326,6 +327,7 @@ class BoardView extends Board // if the document is TEMP saved, pretend that it doesn't exist. if($oDocument->getStatus() == 'TEMP') { + $oDocument = DocumentModel::getDocument(0); Context::set('document_srl', null, true); $this->dispBoardMessage('msg_not_founded', 404); } From 3ca12cca6fc2163588305b61a937d460826ff444 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Mon, 9 Mar 2026 20:34:34 +0900 Subject: [PATCH 3/3] Always set correct module_srl, even on empty documents --- modules/board/board.view.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/board/board.view.php b/modules/board/board.view.php index f5cc7e84a..198cee836 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -319,6 +319,7 @@ class BoardView extends Board if (abs($oDocument->get('member_srl')) != $this->user->member_srl) { $oDocument = DocumentModel::getDocument(0); + $oDocument->add('module_srl', $this->module_srl); Context::set('document_srl', null, true); $this->dispBoardMessage('msg_not_founded', 404); } @@ -328,6 +329,7 @@ class BoardView extends Board if($oDocument->getStatus() == 'TEMP') { $oDocument = DocumentModel::getDocument(0); + $oDocument->add('module_srl', $this->module_srl); Context::set('document_srl', null, true); $this->dispBoardMessage('msg_not_founded', 404); } @@ -357,6 +359,7 @@ class BoardView extends Board if(!$this->grant->view && !$oDocument->isGranted()) { $oDocument = DocumentModel::getDocument(0); + $oDocument->add('module_srl', $this->module_srl); Context::set('document_srl', null, true); $this->dispBoardMessage($this->user->isMember() ? 'msg_not_permitted' : 'msg_not_logged'); }