diff --git a/modules/editor/editor.class.php b/modules/editor/editor.class.php
index 4aff3dc22..6bd28688f 100644
--- a/modules/editor/editor.class.php
+++ b/modules/editor/editor.class.php
@@ -97,6 +97,10 @@ class editor extends ModuleObject
if(!$oDB->isColumnExists("editor_autosave","module_srl")) return true;
if(!$oDB->isIndexExists("editor_autosave","idx_module_srl")) return true;
+ // XEVE-17-030
+ if(!$oDB->isColumnExists('editor_autosave', 'certify_key')) return true;
+ if(!$oDB->isIndexExists('editor_autosave', 'idx_certify_key')) return true;
+
// 2007. 10. 17 Add a trigger to delete automatically saved document whenever the document(insert or update) is modified
if(!$oModuleModel->getTrigger('document.insertDocument', 'editor', 'controller', 'triggerDeleteSavedDoc', 'after')) return true;
if(!$oModuleModel->getTrigger('document.updateDocument', 'editor', 'controller', 'triggerDeleteSavedDoc', 'after')) return true;
@@ -120,15 +124,28 @@ class editor extends ModuleObject
{
$oModuleModel = getModel('module');
$oModuleController = getController('module');
-
$oDB = &DB::getInstance();
+
// Save module_srl when auto-saving 15/06/2009
- if(!$oDB->isColumnExists("editor_autosave","module_srl"))
- $oDB->addColumn("editor_autosave","module_srl","number",11);
-
- // create an index on module_srl
- if(!$oDB->isIndexExists("editor_autosave","idx_module_srl")) $oDB->addIndex("editor_autosave","idx_module_srl", "module_srl");
+ if(!$oDB->isColumnExists('editor_autosave', 'module_srl'))
+ {
+ $oDB->addColumn('editor_autosave', 'module_srl', 'number');
+ }
+ if(!$oDB->isIndexExists('editor_autosave', 'idx_module_srl'))
+ {
+ $oDB->addIndex('editor_autosave', 'idx_module_srl', 'module_srl');
+ }
+ // XEVE-17-030
+ if(!$oDB->isColumnExists('editor_autosave', 'certify_key'))
+ {
+ $oDB->addColumn('editor_autosave', 'certify_key', 'varchar', 32);
+ }
+ if(!$oDB->isIndexExists('editor_autosave', 'idx_certify_key'))
+ {
+ $oDB->addIndex('editor_autosave', 'idx_certify_key', 'certify_key');
+ }
+
// 2007. 10. 17 Add a trigger to delete automatically saved document whenever the document(insert or update) is modified
if(!$oModuleModel->getTrigger('document.insertDocument', 'editor', 'controller', 'triggerDeleteSavedDoc', 'after'))
$oModuleController->insertTrigger('document.insertDocument', 'editor', 'controller', 'triggerDeleteSavedDoc', 'after');
diff --git a/modules/editor/editor.controller.php b/modules/editor/editor.controller.php
index e2bcb1ba3..6204d2429 100644
--- a/modules/editor/editor.controller.php
+++ b/modules/editor/editor.controller.php
@@ -292,6 +292,15 @@ class editorController extends editor
function doSaveDoc($args)
{
if(!$args->document_srl) $args->document_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+
+ // Get the current module if module_srl doesn't exist
+ if(!$args->module_srl) $args->module_srl = Context::get('module_srl');
+ if(!$args->module_srl)
+ {
+ $current_module_info = Context::get('current_module_info');
+ $args->module_srl = $current_module_info->module_srl;
+ }
+
if(Context::get('is_logged'))
{
$logged_info = Context::get('logged_info');
@@ -299,20 +308,11 @@ class editorController extends editor
}
else
{
- $args->ipaddress = $_SERVER['REMOTE_ADDR'];
+ $args->ipaddress = RX_CLIENT_IP;
+ $args->certify_key = Rhymix\Framework\Security::getRandom(32);
+ setcookie('autosave_certify_key_' . $args->module_srl, $args->certify_key, time() + 86400, null, null, RX_SSL, true);
}
- // Get the current module if module_srl doesn't exist
- if(!$args->module_srl)
- {
- $args->module_srl = Context::get('module_srl');
- }
- if(!$args->module_srl)
- {
- $current_module_info = Context::get('current_module_info');
- $args->module_srl = $current_module_info->module_srl;
- }
- // Save
return executeQuery('editor.insertSavedDoc', $args);
}
@@ -352,26 +352,36 @@ class editorController extends editor
function deleteSavedDoc($mode = false)
{
$args = new stdClass();
- if(Context::get('is_logged'))
- {
- $logged_info = Context::get('logged_info');
- $args->member_srl = $logged_info->member_srl;
- }
- else
- {
- $args->ipaddress = $_SERVER['REMOTE_ADDR'];
- }
$args->module_srl = Context::get('module_srl');
+
// Get the current module if module_srl doesn't exist
if(!$args->module_srl)
{
$current_module_info = Context::get('current_module_info');
$args->module_srl = $current_module_info->module_srl;
}
+ if(Context::get('is_logged'))
+ {
+ $logged_info = Context::get('logged_info');
+ $args->member_srl = $logged_info->member_srl;
+ }
+ elseif($_COOKIE['autosave_certify_key_' . $args->module_srl])
+ {
+ $args->certify_key = $_COOKIE['autosave_certify_key_' . $args->module_srl];
+ }
+ else
+ {
+ $args->ipaddress = RX_CLIENT_IP;
+ }
+
// Check if the auto-saved document already exists
$output = executeQuery('editor.getSavedDocument', $args);
$saved_doc = $output->data;
if(!$saved_doc) return;
+ if($saved_doc->certify_key && !isset($args->certify_key))
+ {
+ return;
+ }
$oDocumentModel = getModel('document');
$oSaved = $oDocumentModel->getDocument($saved_doc->document_srl);
@@ -383,8 +393,9 @@ class editorController extends editor
$output = ModuleHandler::triggerCall('editor.deleteSavedDoc', 'after', $saved_doc);
}
}
- // Delete the saved document
- return executeQuery('editor.deleteSavedDoc', $args);
+
+ $output = executeQuery('editor.deleteSavedDoc', $args);
+ return $output;
}
/**
diff --git a/modules/editor/editor.model.php b/modules/editor/editor.model.php
index 4d7874781..bf9082de9 100644
--- a/modules/editor/editor.model.php
+++ b/modules/editor/editor.model.php
@@ -409,32 +409,48 @@ class editorModel extends editor
function getSavedDoc($upload_target_srl)
{
$auto_save_args = new stdClass();
- // Find a document by using member_srl for logged-in user and ipaddress for non-logged user
- if(Context::get('is_logged'))
- {
- $logged_info = Context::get('logged_info');
- $auto_save_args->member_srl = $logged_info->member_srl;
- }
- else
- {
- $auto_save_args->ipaddress = $_SERVER['REMOTE_ADDR'];
- }
$auto_save_args->module_srl = Context::get('module_srl');
+
// Get the current module if module_srl doesn't exist
if(!$auto_save_args->module_srl)
{
$current_module_info = Context::get('current_module_info');
$auto_save_args->module_srl = $current_module_info->module_srl;
}
+
+ // Find a document by using member_srl for logged-in user and ipaddress for non-logged user
+ if(Context::get('is_logged'))
+ {
+ $logged_info = Context::get('logged_info');
+ $auto_save_args->member_srl = $logged_info->member_srl;
+ }
+ elseif($_COOKIE['autosave_certify_key_' . $auto_save_args->module_srl])
+ {
+ $auto_save_args->certify_key = $_COOKIE['autosave_certify_key_' . $auto_save_args->module_srl];
+ }
+ else
+ {
+ $auto_save_args->ipaddress = RX_CLIENT_IP;
+ }
+
// Extract auto-saved data from the DB
$output = executeQuery('editor.getSavedDocument', $auto_save_args);
$saved_doc = $output->data;
+
// Return null if no result is auto-saved
if(!$saved_doc) return;
+
+ // Return null if certify key does not match
+ if($saved_doc->certify_key && !isset($auto_save_args->certify_key))
+ {
+ return;
+ }
+
// Check if the auto-saved document already exists
$oDocumentModel = getModel('document');
$oSaved = $oDocumentModel->getDocument($saved_doc->document_srl);
if($oSaved->isExists()) return;
+
// Move all the files if the auto-saved data contains document_srl and file
// Then set document_srl to editor_sequence
if($saved_doc->document_srl && $upload_target_srl && !Context::get('document_srl'))
@@ -443,8 +459,18 @@ class editorModel extends editor
$oFileController = getController('file');
$oFileController->moveFile($saved_doc->document_srl, $saved_doc->module_srl, $upload_target_srl);
}
- else if($upload_target_srl) $saved_doc->document_srl = $upload_target_srl;
+ elseif($upload_target_srl)
+ {
+ $saved_doc->document_srl = $upload_target_srl;
+ }
+
// Change auto-saved data
+ $saved_doc->certify_key = $auto_save_args->certify_key;
+ if(!$saved_doc->certify_key)
+ {
+ $saved_doc->certify_key = Rhymix\Framework\Security::getRandom(32);
+ setcookie('autosave_certify_key_' . $saved_doc->module_srl, $saved_doc->certify_key, time() + 86400, null, null, RX_SSL, true);
+ }
$oEditorController = getController('editor');
$oEditorController->deleteSavedDoc(false);
$oEditorController->doSaveDoc($saved_doc);
diff --git a/modules/editor/queries/deleteSavedDoc.xml b/modules/editor/queries/deleteSavedDoc.xml
index e6189f731..7a3c5e386 100644
--- a/modules/editor/queries/deleteSavedDoc.xml
+++ b/modules/editor/queries/deleteSavedDoc.xml
@@ -7,5 +7,6 @@
+
diff --git a/modules/editor/queries/getSavedDocument.xml b/modules/editor/queries/getSavedDocument.xml
index 50c194fe2..995351ea9 100644
--- a/modules/editor/queries/getSavedDocument.xml
+++ b/modules/editor/queries/getSavedDocument.xml
@@ -7,5 +7,6 @@
+
diff --git a/modules/editor/queries/insertSavedDoc.xml b/modules/editor/queries/insertSavedDoc.xml
index 9515659a9..ef9f30693 100644
--- a/modules/editor/queries/insertSavedDoc.xml
+++ b/modules/editor/queries/insertSavedDoc.xml
@@ -5,10 +5,11 @@
-
+
+
diff --git a/modules/editor/schemas/editor_autosave.xml b/modules/editor/schemas/editor_autosave.xml
index 94ae49f50..267455e87 100644
--- a/modules/editor/schemas/editor_autosave.xml
+++ b/modules/editor/schemas/editor_autosave.xml
@@ -5,5 +5,6 @@
+