From 25a4a3b348acdc09af1ff8f106a6acf49b957e87 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 22 Dec 2020 22:28:17 +0900
Subject: [PATCH 01/23] Fix warning in PHP 8.0

---
 classes/extravar/Extravar.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/extravar/Extravar.class.php b/classes/extravar/Extravar.class.php
index ddda833a7..823effc5b 100644
--- a/classes/extravar/Extravar.class.php
+++ b/classes/extravar/Extravar.class.php
@@ -58,7 +58,7 @@ class ExtraVar
 
 		foreach($extra_keys as $val)
 		{
-			$obj = new ExtraItem($val->module_srl, $val->idx, $val->name, $val->type, $val->default, $val->desc, $val->is_required, $val->search, $val->value, $val->eid);
+			$obj = new ExtraItem($val->module_srl, $val->idx, $val->name, $val->type, $val->default, $val->desc, $val->is_required, $val->search, $val->value ?? null, $val->eid);
 			$this->keys[$val->idx] = $obj;
 		}
 	}

From 9732290515a08c78fa384b77989714ab07ad7a06 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 22 Dec 2020 22:37:20 +0900
Subject: [PATCH 02/23] Fix warnings in PHP 8.0

---
 modules/board/board.view.php        | 6 +++---
 modules/document/document.model.php | 5 ++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/board/board.view.php b/modules/board/board.view.php
index b82bd8b05..da400c562 100644
--- a/modules/board/board.view.php
+++ b/modules/board/board.view.php
@@ -35,8 +35,8 @@ class boardView extends board
 		{
 			$this->page_count = $this->module_info->page_count;
 		}
-		$this->except_notice = $this->module_info->except_notice == 'N' ? FALSE : TRUE;
-		$this->include_modules = $this->module_info->include_modules ? explode(',', $this->module_info->include_modules) : [];
+		$this->except_notice = ($this->module_info->except_notice ?? '') == 'N' ? FALSE : TRUE;
+		$this->include_modules = ($this->module_info->include_modules ?? []) ? explode(',', $this->module_info->include_modules) : [];
 		if (count($this->include_modules) && !in_array($this->module_info->module_srl, $this->include_modules))
 		{
 			$this->include_modules[] = $this->module_info->module_srl;
@@ -546,7 +546,7 @@ class boardView extends board
 		}
 
 		// setup the list count to be serach list count, if the category or search keyword has been set
-		if($args->category_srl || $args->search_keyword)
+		if($args->category_srl ?? null || $args->search_keyword ?? null)
 		{
 			$args->list_count = $this->search_list_count;
 		}
diff --git a/modules/document/document.model.php b/modules/document/document.model.php
index b396cdc0a..eed9cf3dc 100644
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@@ -707,7 +707,10 @@ class documentModel extends document
 
 		// Cleanup of category
 		$document_category = array();
-		self::_arrangeCategory($document_category, $menu->list, 0);
+		if (isset($menu) && isset($menu->list))
+		{
+			self::_arrangeCategory($document_category, $menu->list, 0);
+		}
 		return $document_category;
 	}
 

From 49ea6700b34cb5007e04556f1a7ca111f07ffd0e Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 22 Dec 2020 22:42:31 +0900
Subject: [PATCH 03/23] Fix warnings in PHP 8.0

---
 common/framework/parsers/dbquery/variablebase.php | 5 +++++
 modules/document/document.controller.php          | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/common/framework/parsers/dbquery/variablebase.php b/common/framework/parsers/dbquery/variablebase.php
index 255fcc375..fb9d40b9d 100644
--- a/common/framework/parsers/dbquery/variablebase.php
+++ b/common/framework/parsers/dbquery/variablebase.php
@@ -309,6 +309,11 @@ class VariableBase
 		{
 			list($is_expression, $value) = $this->getDefaultValue();
 		}
+		else
+		{
+			$is_expression = null;
+			$value = null;
+		}
 		
 		return [$is_expression, $value];
 	}
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 7caa3946d..c17b1dca7 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -2463,7 +2463,7 @@ class documentController extends document
 			$list[$category_srl] = $category_list[$i];
 		}
 		// Create the xml file without node data if no data is obtained
-		if(!$list)
+		if(!isset($list) || !$list)
 		{
 			$xml_buff = "<root />";
 			FileHandler::writeFile($xml_file, $xml_buff);

From 3e7f2e291c7367442cbf9a71c550e53e3f8e6a9b Mon Sep 17 00:00:00 2001
From: Chanyoung Oh <ndcd607@gmail.com>
Date: Tue, 22 Dec 2020 14:02:11 +0000
Subject: [PATCH 04/23] Fix #1513

---
 modules/document/document.controller.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 7caa3946d..abf081247 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -1687,7 +1687,6 @@ class documentController extends document
 		// Pass if the author's IP address is as same as visitor's.
 		if($oDocument->get('ipaddress') == \RX_CLIENT_IP)
 		{
-			$_SESSION['declared_document'][$document_srl] = true;
 			return new BaseObject(-1, 'failed_declared');
 		}
 
@@ -1700,7 +1699,6 @@ class documentController extends document
 			// Pass after registering a session if author's information is same as the currently logged-in user's.
 			if($member_srl && $member_srl == abs($oDocument->get('member_srl')))
 			{
-				$_SESSION['declared_document'][$document_srl] = true;
 				return new BaseObject(-1, 'failed_declared');
 			}
 		}
@@ -1719,7 +1717,6 @@ class documentController extends document
 		$output = executeQuery('document.getDocumentDeclaredLogInfo', $args);
 		if($output->data->count)
 		{
-			$_SESSION['declared_document'][$document_srl] = true;
 			return new BaseObject(-1, 'failed_declared');
 		}
 		

From b125b4684a5e85a5bdde25f776b822d3a9c1bafc Mon Sep 17 00:00:00 2001
From: Min-Soo Kim <misol.kr@gmail.com>
Date: Wed, 23 Dec 2020 21:28:53 +0900
Subject: [PATCH 05/23] =?UTF-8?q?=ED=86=B5=ED=95=A9=EA=B2=80=EC=83=89=20?=
 =?UTF-8?q?=EB=AA=A8=EB=93=88=EC=97=90=EC=84=9C=20=EA=B2=80=EC=83=89?=
 =?UTF-8?q?=EC=96=B4=EA=B0=80=20=EC=9D=B4=EC=A4=91=EC=9C=BC=EB=A1=9C=20esc?=
 =?UTF-8?q?ape=20=EB=90=98=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95=20(#1518)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 통합검색 모듈에서 검색어가 이중으로 escape 되는 문제 수정
* 파일 검색시에도 'search' operator 사용하도록 수정
---
 modules/file/file.admin.model.php             | 20 +++++++++----------
 modules/file/queries/getFileList.xml          |  8 ++++----
 .../queries/getFileListByTargetStatus.xml     | 10 +++++-----
 .../integration_search.view.php               |  7 ++++---
 4 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/modules/file/file.admin.model.php b/modules/file/file.admin.model.php
index 1bb074c63..b164d5458 100644
--- a/modules/file/file.admin.model.php
+++ b/modules/file/file.admin.model.php
@@ -10,7 +10,7 @@ class fileAdminModel extends file
 	 * Initialization
 	 * @return void
 	 */
-	function init()
+	public function init()
 	{
 	}
 
@@ -62,7 +62,7 @@ class fileAdminModel extends file
 	 * @param array $columnList Column list to get from DB
 	 * @return Object Object contains query result
 	 */
-	function getFileList($obj, $columnList = array())
+	public function getFileList($obj, $columnList = array())
 	{
 		$args = new stdClass();
 		$this->_makeSearchParam($obj, $args);
@@ -75,9 +75,9 @@ class fileAdminModel extends file
 		elseif($obj->direct_download == 'N') $args->direct_download= 'N';
 		// Set variables
 		$args->sort_index = $obj->sort_index;
-		$args->page = $obj->page?$obj->page:1;
-		$args->list_count = $obj->list_count?$obj->list_count:20;
-		$args->page_count = $obj->page_count?$obj->page_count:10;
+		$args->page = $obj->page?? 1;
+		$args->list_count = $obj->list_count?? 20;
+		$args->page_count = $obj->page_count?? 10;
 		$args->s_module_srl = $obj->module_srl;
 		$args->exclude_module_srl = $obj->exclude_module_srl;
 		if(toBool($obj->exclude_secret))
@@ -124,7 +124,7 @@ class fileAdminModel extends file
 	 * @param object $obj Search options (not used...)
 	 * @return array
 	 */
-	function getFilesCountByGroupValid($obj = '')
+	public function getFilesCountByGroupValid($obj = '')
 	{
 		//$this->_makeSearchParam($obj, $args);
 
@@ -138,7 +138,7 @@ class fileAdminModel extends file
 	 * @param string $date Date string
 	 * @return int
 	 */
-	function getFilesCountByDate($date = '')
+	public function getFilesCountByDate($date = '')
 	{
 		$args = new stdClass();
 		if($date)
@@ -162,11 +162,11 @@ class fileAdminModel extends file
 	 * @param object $args Result searach options
 	 * @return void
 	 */
-	function _makeSearchParam(&$obj, &$args)
+	protected function _makeSearchParam(&$obj, &$args)
 	{
 		// Search options
-		$search_target = $obj->search_target?$obj->search_target:trim(Context::get('search_target'));
-		$search_keyword = $obj->search_keyword?$obj->search_keyword:trim(Context::get('search_keyword'));
+		$search_target = $obj->search_target ?? trim(Context::get('search_target'));
+		$search_keyword = $obj->search_keyword ?? trim(Context::get('search_keyword'));
 
 		if($search_target && $search_keyword)
 		{
diff --git a/modules/file/queries/getFileList.xml b/modules/file/queries/getFileList.xml
index 9faf6fb1e..43461e9fd 100644
--- a/modules/file/queries/getFileList.xml
+++ b/modules/file/queries/getFileList.xml
@@ -20,15 +20,15 @@
         <condition operation="equal" column="files.direct_download" var="direct_download" pipe="and" />
 		<condition operation="below" column="files.regdate" var="regdate_before" pipe="and" />
         <group pipe="and">
-            <condition operation="like" column="files.source_filename" var="s_filename" pipe="or" />
+            <condition operation="search" column="files.source_filename" var="s_filename" pipe="or" />
             <condition operation="more" column="files.file_size" var="s_filesize_more" pipe="or" />
             <condition operation="less" column="files.file_size" var="s_filesize_less" pipe="or" />
             <condition operation="more" column="files.download_count" var="s_download_count" pipe="or" />
             <condition operation="like_prefix" column="files.regdate" var="s_regdate" pipe="or" />
             <condition operation="like_prefix" column="files.ipaddress" var="s_ipaddress" pipe="or" />
-            <condition operation="like" column="member.user_id" var="s_user_id" pipe="or" />
-            <condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
-            <condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="search" column="member.user_id" var="s_user_id" pipe="or" />
+            <condition operation="search" column="member.user_name" var="s_user_name" pipe="or" />
+            <condition operation="search" column="member.nick_name" var="s_nick_name" pipe="or" />
         </group>
     </conditions>
     <navigation>
diff --git a/modules/file/queries/getFileListByTargetStatus.xml b/modules/file/queries/getFileListByTargetStatus.xml
index 7092da25f..999d87e02 100644
--- a/modules/file/queries/getFileListByTargetStatus.xml
+++ b/modules/file/queries/getFileListByTargetStatus.xml
@@ -1,4 +1,4 @@
-<query id="getFileList" action="select">
+<query id="getFileListByTargetStatus" action="select">
     <tables>
         <table name="files" alias="files" />
         <table name="member" type="left join">
@@ -35,15 +35,15 @@
 			<condition operation="null" column="comments.is_secret" pipe="or" />
 		</group>
         <group pipe="and">
-            <condition operation="like" column="files.source_filename" var="s_filename" pipe="or" />
+            <condition operation="search" column="files.source_filename" var="s_filename" pipe="or" />
             <condition operation="more" column="files.file_size" var="s_filesize_more" pipe="or" />
             <condition operation="less" column="files.file_size" var="s_filesize_less" pipe="or" />
             <condition operation="more" column="files.download_count" var="s_download_count" pipe="or" />
             <condition operation="like_prefix" column="files.regdate" var="s_regdate" pipe="or" />
             <condition operation="like_prefix" column="files.ipaddress" var="s_ipaddress" pipe="or" />
-            <condition operation="like" column="member.user_id" var="s_user_id" pipe="or" />
-            <condition operation="like" column="member.user_name" var="s_user_name" pipe="or" />
-            <condition operation="like" column="member.nick_name" var="s_nick_name" pipe="or" />
+            <condition operation="search" column="member.user_id" var="s_user_id" pipe="or" />
+            <condition operation="search" column="member.user_name" var="s_user_name" pipe="or" />
+            <condition operation="search" column="member.nick_name" var="s_nick_name" pipe="or" />
         </group>
     </conditions>
     <navigation>
diff --git a/modules/integration_search/integration_search.view.php b/modules/integration_search/integration_search.view.php
index 2b9ec9b5e..080b79f2e 100644
--- a/modules/integration_search/integration_search.view.php
+++ b/modules/integration_search/integration_search.view.php
@@ -23,7 +23,7 @@ class integration_searchView extends integration_search
 	 *
 	 * @return void
 	 */
-	function init()
+	public function init()
 	{
 	}
 
@@ -32,7 +32,7 @@ class integration_searchView extends integration_search
 	 *
 	 * @return Object
 	 */
-	function IS()
+	public function IS()
 	{
 		$oFile = getClass('file');
 		$oModuleModel = getModel('module');
@@ -114,7 +114,8 @@ class integration_searchView extends integration_search
 
 		// Set a variable for search keyword
 		$is_keyword = Context::get('is_keyword');
-		$is_keyword = escape(trim(utf8_normalize_spaces($is_keyword)));
+		// As the variables from GET or POST will be escaped by setRequestArguments method at Context class, the double_escape variable should be "FALSE", and also the escape function might be useful when this method was called from the other way (for not escaped keyword).
+		$is_keyword = escape(trim(utf8_normalize_spaces($is_keyword)), false);
 		if (mb_strlen($is_keyword, 'UTF-8') > 40)
 		{
 			$is_keyword = mb_substr($is_keyword, 0, 40);

From 97fc096fbdd96d8a613f24a5682f308b0a1076c2 Mon Sep 17 00:00:00 2001
From: Min-Soo Kim <misol.kr@gmail.com>
Date: Wed, 23 Dec 2020 21:57:56 +0900
Subject: [PATCH 06/23] =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EB=AA=A8=EB=93=88?=
 =?UTF-8?q?=EC=97=90=EC=84=9C=20=EA=B2=80=EC=83=89=EC=8B=9C=EC=97=90=20sea?=
 =?UTF-8?q?rch=20operator=20=EC=82=AC=EC=9A=A9=ED=95=98=EB=8F=84=EB=A1=9D?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95=20(#1519)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 통합검색 모듈에서 검색어가 이중으로 escape 되는 문제 수정
* 파일 검색시에도 'search' operator 사용하도록 수정
* XML 쿼리 파일 내의 id가 실제 쿼리 id와 다르게 작성되어 있던 오타를 수정합니다.
---
 modules/file/file.admin.model.php                  | 1 -
 modules/file/queries/getFilesCountByGroupValid.xml | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/file/file.admin.model.php b/modules/file/file.admin.model.php
index b164d5458..89daed2bc 100644
--- a/modules/file/file.admin.model.php
+++ b/modules/file/file.admin.model.php
@@ -173,7 +173,6 @@ class fileAdminModel extends file
 			switch($search_target)
 			{
 				case 'filename' :
-					if($search_keyword) $search_keyword = str_replace(' ','%',$search_keyword);
 					$args->s_filename = $search_keyword;
 					break;
 				case 'filesize_more' :
diff --git a/modules/file/queries/getFilesCountByGroupValid.xml b/modules/file/queries/getFilesCountByGroupValid.xml
index 869d7a3fd..509a4d0c6 100644
--- a/modules/file/queries/getFilesCountByGroupValid.xml
+++ b/modules/file/queries/getFilesCountByGroupValid.xml
@@ -1,4 +1,4 @@
-<query id="getFilesCount" action="select">
+<query id="getFilesCountByGroupValid" action="select">
     <tables>
         <table name="files" />
     </tables>
@@ -12,7 +12,7 @@
         <condition operation="equal" column="isvalid" var="isvalid" pipe="and" />
         <condition operation="equal" column="direct_download" var="direct_download" pipe="and" />
         <group pipe="and">
-            <condition operation="like" column="source_filename" var="s_filename" pipe="or" />
+            <condition operation="search" column="source_filename" var="s_filename" pipe="or" />
             <condition operation="more" column="file_size" var="s_filesize_more" pipe="or" />
             <condition operation="less" column="file_size" var="s_filesize_less" pipe="or" />
             <condition operation="more" column="download_count" var="s_download_count" pipe="or" />

From 5d39fe938ac93948ae412b96745c70369ea17890 Mon Sep 17 00:00:00 2001
From: Min-Soo Kim <misol.kr@gmail.com>
Date: Wed, 23 Dec 2020 22:14:31 +0900
Subject: [PATCH 07/23] Fix unintended change at file searching
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#1518 에서 지적 받은 내용 수정
---
 modules/file/file.admin.model.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/file/file.admin.model.php b/modules/file/file.admin.model.php
index 89daed2bc..d48a1ea1e 100644
--- a/modules/file/file.admin.model.php
+++ b/modules/file/file.admin.model.php
@@ -75,9 +75,9 @@ class fileAdminModel extends file
 		elseif($obj->direct_download == 'N') $args->direct_download= 'N';
 		// Set variables
 		$args->sort_index = $obj->sort_index;
-		$args->page = $obj->page?? 1;
-		$args->list_count = $obj->list_count?? 20;
-		$args->page_count = $obj->page_count?? 10;
+		$args->page = isset($obj->page) ? ($obj->page ? $obj->page : 1) : 1;
+		$args->list_count = isset($obj->list_count) ? ($obj->list_count? $obj->list_count : 20) : 20;
+		$args->page_count = isset($obj->page_count) ? ($obj->page_count? $obj->page_count : 10) : 10;
 		$args->s_module_srl = $obj->module_srl;
 		$args->exclude_module_srl = $obj->exclude_module_srl;
 		if(toBool($obj->exclude_secret))
@@ -165,8 +165,8 @@ class fileAdminModel extends file
 	protected function _makeSearchParam(&$obj, &$args)
 	{
 		// Search options
-		$search_target = $obj->search_target ?? trim(Context::get('search_target'));
-		$search_keyword = $obj->search_keyword ?? trim(Context::get('search_keyword'));
+		$search_target = isset($obj->search_target)? ($obj->search_target? $obj->search_target : trim(Context::get('search_target'))) : trim(Context::get('search_target'));
+		$search_keyword = isset($obj->search_keyword)? ($obj->search_keyword? $obj->search_keyword : trim(Context::get('search_keyword'))) : trim(Context::get('search_keyword'));
 
 		if($search_target && $search_keyword)
 		{

From 5fa290aaf1465ea2e6b08b1246c6f94092aa78b0 Mon Sep 17 00:00:00 2001
From: Chanyoung Oh <ndcd607@gmail.com>
Date: Wed, 23 Dec 2020 13:48:08 +0000
Subject: [PATCH 08/23] Fix #1513 while taking advantage of session cache

---
 modules/document/document.controller.php | 11 +++++++----
 modules/document/document.item.php       |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index abf081247..0b964505d 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -1651,8 +1651,8 @@ class documentController extends document
 	 */
 	function declaredDocument($document_srl, $declare_message = '')
 	{
-		// Fail if session information already has a reported document
-		if($_SESSION['declared_document'][$document_srl])
+		// Fail if session already tried to report the document
+		if(isset($_SESSION['declared_document'][$document_srl]))
 		{
 			return new BaseObject(-1, 'failed_declared');
 		}
@@ -1687,6 +1687,7 @@ class documentController extends document
 		// Pass if the author's IP address is as same as visitor's.
 		if($oDocument->get('ipaddress') == \RX_CLIENT_IP)
 		{
+			$_SESSION['declared_document'][$document_srl] = false;
 			return new BaseObject(-1, 'failed_declared');
 		}
 
@@ -1699,6 +1700,7 @@ class documentController extends document
 			// Pass after registering a session if author's information is same as the currently logged-in user's.
 			if($member_srl && $member_srl == abs($oDocument->get('member_srl')))
 			{
+				$_SESSION['declared_document'][$document_srl] = false;
 				return new BaseObject(-1, 'failed_declared');
 			}
 		}
@@ -1717,6 +1719,7 @@ class documentController extends document
 		$output = executeQuery('document.getDocumentDeclaredLogInfo', $args);
 		if($output->data->count)
 		{
+			$_SESSION['declared_document'][$document_srl] = false;
 			return new BaseObject(-1, 'failed_declared');
 		}
 		
@@ -1832,7 +1835,7 @@ class documentController extends document
 		
 		if($output->data->count <= 0 || !isset($output->data->count))
 		{
-			$_SESSION['declared_document'][$document_srl] = false;
+			unset($_SESSION['declared_document'][$document_srl]);
 			return new BaseObject(-1, 'failed_declared_cancel');
 		}
 		
@@ -1908,7 +1911,7 @@ class documentController extends document
 		$trigger_obj->declared_count = $declared_count - 1;
 		ModuleHandler::triggerCall('document.declaredDocumentCancel', 'after', $trigger_obj);
 
-		$_SESSION['declared_document'][$document_srl] = false;
+		unset($_SESSION['declared_document'][$document_srl]);
 
 		$this->setMessage('success_declared_cancel');
 	}
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 1459be4f7..111cee45f 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -558,7 +558,7 @@ class documentItem extends BaseObject
 			return $_SESSION['declared_document'][$this->document_srl] = $declaredCount;
 		}
 		
-		return $_SESSION['declared_document'][$this->document_srl] = false;
+		return false;
 	}
 
 	function getTitle($cut_size = 0, $tail = '...')

From dab51ba48e53cb02f48abe62debb4b30c81a4503 Mon Sep 17 00:00:00 2001
From: BJRambo <qw5414@naver.com>
Date: Thu, 24 Dec 2020 18:43:15 +0900
Subject: [PATCH 09/23] Add to trigger for notice list

---
 modules/document/document.model.php | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/modules/document/document.model.php b/modules/document/document.model.php
index eed9cf3dc..c5f1b4d9d 100644
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@@ -304,7 +304,26 @@ class documentModel extends document
 		$args = new stdClass();
 		$args->module_srl = $obj->module_srl;
 		$args->category_srl = $obj->category_srl ?? null;
-		$output = executeQueryArray('document.getNoticeList', $args, $columnList);
+
+		// Call trigger (before)
+		// This trigger can be used to set an alternative output using a different search method
+		unset($obj->use_alternate_output);
+		$output = ModuleHandler::triggerCall('document.getNoticeList', 'before', $obj);
+		if ($output instanceof BaseObject && !$output->toBool())
+		{
+			return $output;
+		}
+
+		// If an alternate output is set, use it instead of running the default queries
+		if (isset($obj->use_alternate_output) && $obj->use_alternate_output instanceof BaseObject)
+		{
+			$output = $obj->use_alternate_output;
+		}
+		else
+		{
+			$output = executeQueryArray('document.getNoticeList', $args, $columnList);
+		}
+		
 		if(!$output->toBool() || !$result = $output->data)
 		{
 			return;
@@ -322,7 +341,10 @@ class documentModel extends document
 			$output->data[$attribute->document_srl] = $GLOBALS['XE_DOCUMENT_LIST'][$attribute->document_srl];
 		}
 		self::setToAllDocumentExtraVars();
-		
+
+		// Call trigger (after)
+		// This trigger can be used to modify search results
+		ModuleHandler::triggerCall('document.getNoticeList', 'after', $output);
 		return $output;
 	}
 

From df08a976fcd9200fc107d2361b2baacd73414b8a Mon Sep 17 00:00:00 2001
From: BJRambo <qw5414@naver.com>
Date: Thu, 24 Dec 2020 19:10:50 +0900
Subject: [PATCH 10/23] Change obj to args variable for notice query

---
 modules/document/document.model.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/document/document.model.php b/modules/document/document.model.php
index c5f1b4d9d..1aa5c0367 100644
--- a/modules/document/document.model.php
+++ b/modules/document/document.model.php
@@ -307,17 +307,17 @@ class documentModel extends document
 
 		// Call trigger (before)
 		// This trigger can be used to set an alternative output using a different search method
-		unset($obj->use_alternate_output);
-		$output = ModuleHandler::triggerCall('document.getNoticeList', 'before', $obj);
+		unset($args->use_alternate_output);
+		$output = ModuleHandler::triggerCall('document.getNoticeList', 'before', $args);
 		if ($output instanceof BaseObject && !$output->toBool())
 		{
 			return $output;
 		}
 
 		// If an alternate output is set, use it instead of running the default queries
-		if (isset($obj->use_alternate_output) && $obj->use_alternate_output instanceof BaseObject)
+		if (isset($args->use_alternate_output) && $args->use_alternate_output instanceof BaseObject)
 		{
-			$output = $obj->use_alternate_output;
+			$output = $args->use_alternate_output;
 		}
 		else
 		{

From b7ffc2def5a14e669f7a2a8d163a5213a158434a Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:06:24 +0900
Subject: [PATCH 11/23] Fix #1528 incorrect encoding of group_srls in some
 circumstances

---
 modules/menu/menu.admin.controller.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index 796aff7b8..443bfeda9 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -1929,8 +1929,6 @@ class menuAdminController extends menu
 			if($active_btn && strncasecmp('./files/attach/menu_button', $active_btn, 26) === 0) $active_btn = escape($active_btn);
 			else $active_btn = '';
 
-			$group_srls = ($node->group_srls) ? $node->group_srls : '';
-
 			if($normal_btn)
 			{
 				if($hover_btn) $hover_str = sprintf('onmouseover=&quot;this.src=\'%s\'&quot;', $hover_btn); else $hover_str = '';
@@ -1943,6 +1941,7 @@ class menuAdminController extends menu
 			}
 
 			// If the value of node->group_srls exists
+			$group_srls = ($node->group_srls) ? (is_array($node->group_srls) ? implode(',', $node->group_srls) : $node->group_srls) : '';
 			if($group_srls) {
 				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged&&%s))',$group_srls,$group_srls == -1?1:0);
 			}
@@ -2035,8 +2034,15 @@ class menuAdminController extends menu
 			if($node->url) $child_output['url_list'][] = $node->url;
 			$output['url_list'] = array_merge($output['url_list'], $child_output['url_list']);
 			// If node->group_srls value exists
-			if($node->group_srls)$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged && %s))',$node->group_srls,$node->group_srls == -1?1:0);
-			else $group_check_code = "true";
+			$group_srls = ($node->group_srls) ? (is_array($node->group_srls) ? implode(',', $node->group_srls) : $node->group_srls) : '';
+			if($group_srls)
+			{
+				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged && %s))', $group_srls, $group_srls == -1 ? 1 : 0);
+			}
+			else
+			{
+				$group_check_code = 'true';
+			}
 
 			// List variables
 			$href = escape($node->href ?? '', false);

From 82e1625d0cf5449462c55097235143418614ce98 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:09:51 +0900
Subject: [PATCH 12/23] Fix #1525 error in PHP 8.0 in _arrangeComment if $list
 is null

---
 modules/comment/comment.model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/comment/comment.model.php b/modules/comment/comment.model.php
index 645ae15bd..eea91c856 100644
--- a/modules/comment/comment.model.php
+++ b/modules/comment/comment.model.php
@@ -728,7 +728,7 @@ class commentModel extends comment
 	 */
 	public static function _arrangeComment(&$comment_list, $list, $depth, $parent = NULL)
 	{
-		if(!count($list))
+		if(!is_array($list) || !count($list))
 		{
 			return;
 		}

From 70d88bc0266cc403b2a964491cac7451e8ccdbdb Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:12:01 +0900
Subject: [PATCH 13/23] Fix #1521 error in PHP 8.0 if API class doesn't exist

---
 classes/module/ModuleObject.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/module/ModuleObject.class.php b/classes/module/ModuleObject.class.php
index 3f2956269..77db7d177 100644
--- a/classes/module/ModuleObject.class.php
+++ b/classes/module/ModuleObject.class.php
@@ -754,7 +754,7 @@ class ModuleObject extends BaseObject
 			if(Context::getResponseMethod() == 'XMLRPC' || Context::getResponseMethod() == 'JSON')
 			{
 				$oAPI = getAPI($this->module_info->module);
-				if(method_exists($oAPI, $this->act))
+				if($oAPI instanceof ModuleObject && method_exists($oAPI, $this->act))
 				{
 					$oAPI->{$this->act}($this);
 				}

From 883f846aba9c82a67bbecdc968503a0a7da7a2dc Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:16:52 +0900
Subject: [PATCH 14/23] Fix #1524 load messages.html if read_message.html
 doesn't exist in currently selected communication module skin

---
 modules/communication/communication.view.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php
index 5c4439b18..d4f348659 100644
--- a/modules/communication/communication.view.php
+++ b/modules/communication/communication.view.php
@@ -118,7 +118,7 @@ class communicationView extends communication
 				Context::set('message', $message);
 				Context::set('message_files', CommunicationModel::getMessageFiles($message));
 				
-				if(Mobile::isFromMobilePhone())
+				if(Mobile::isFromMobilePhone() && file_exists($this->getTemplatePath() . 'read_message.html'))
 				{
 					$template_filename = 'read_message';
 				}

From dcd6d896c2ba7c21a953f6f5193442a05968c18a Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:23:25 +0900
Subject: [PATCH 15/23] Only add module_title and mid if they are empty

---
 modules/board/board.view.php | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/modules/board/board.view.php b/modules/board/board.view.php
index da400c562..198a3eb1e 100644
--- a/modules/board/board.view.php
+++ b/modules/board/board.view.php
@@ -602,15 +602,10 @@ class boardView extends board
 			foreach ($document_list as $document)
 			{
 				$module_srl = $document->get('module_srl');
-				if (isset($map[$module_srl]))
+				if ($document->get('mid') === null)
 				{
-					$document->add('module_title', $map[$module_srl]->browser_title);
-					$document->add('mid', $map[$module_srl]->mid);
-				}
-				else
-				{
-					$document->add('module_title', $this->module_info->browser_title);
-					$document->add('mid', $this->module_info->mid);
+					$document->add('module_title', isset($map[$module_srl]) ? $map[$module_srl]->browser_title : $this->module_info->browser_title);
+					$document->add('mid', isset($map[$module_srl]) ? $map[$module_srl]->mid : $this->module_info->mid);
 				}
 			}
 		}
@@ -618,8 +613,11 @@ class boardView extends board
 		{
 			foreach ($document_list as $document)
 			{
-				$document->add('module_title', $this->module_info->browser_title);
-				$document->add('mid', $this->module_info->mid);
+				if ($document->get('mid') === null)
+				{
+					$document->add('module_title', $this->module_info->browser_title);
+					$document->add('mid', $this->module_info->mid);
+				}
 			}
 		}
 	}

From 6be4a0531db2cd28971ff7f49147f0e52d2f08b4 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 25 Dec 2020 23:30:42 +0900
Subject: [PATCH 16/23] Fix #1527 autosave not working in CKEditor

---
 modules/editor/skins/ckeditor/editor.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/editor/skins/ckeditor/editor.html b/modules/editor/skins/ckeditor/editor.html
index 902fbf378..7ce7317cf 100644
--- a/modules/editor/skins/ckeditor/editor.html
+++ b/modules/editor/skins/ckeditor/editor.html
@@ -28,10 +28,10 @@ var auto_saved_msg = "{$lang->msg_auto_saved}";
 
 {@ $css_content = "" }
 
-<!--@if($enable_autosave && isset($saved_doc) && $saved_doc)-->
-<input type="hidden" name="_saved_doc_title" value="{escape($saved_doc->title)}" />
-<input type="hidden" name="_saved_doc_content" value="{escape($saved_doc->content)}" />
-<input type="hidden" name="_saved_doc_document_srl" value="{$saved_doc->document_srl}" />
+<!--@if($enable_autosave)-->
+<input type="hidden" name="_saved_doc_title" value="{(isset($saved_doc) && $saved_doc) ? escape($saved_doc->title) : ''}" />
+<input type="hidden" name="_saved_doc_content" value="{(isset($saved_doc) && $saved_doc) ? escape($saved_doc->content) : ''}" />
+<input type="hidden" name="_saved_doc_document_srl" value="{(isset($saved_doc) && $saved_doc) ? $saved_doc->document_srl : ''}" />
 <input type="hidden" name="_saved_doc_message" value="{$lang->msg_load_saved_doc}" />
 <!--@end-->
 

From 4df36cbde7080a24a543643afbaab84e69765a82 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 00:02:33 +0900
Subject: [PATCH 17/23] Fix double escape of search keyword in default board
 skins

---
 modules/board/m.skins/default/_list.html | 2 +-
 modules/board/skins/default/list.html    | 2 +-
 modules/board/skins/xedition/list.html   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/board/m.skins/default/_list.html b/modules/board/m.skins/default/_list.html
index 302ecde79..fd2662c6c 100644
--- a/modules/board/m.skins/default/_list.html
+++ b/modules/board/m.skins/default/_list.html
@@ -40,7 +40,7 @@
 			<option value="{$key}" <!--@if($search_target==$key)-->selected="selected"<!--@end-->>{$val}</option>
 			<!--@end-->
 		</select>
-		<input type="search" name="search_keyword" value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" />
+		<input type="search" name="search_keyword" value="{escape($search_keyword, false)}" title="{$lang->cmd_search}" />
 		<button type="submit" class="shbn" title="{$lang->cmd_search}"></button>
 	</form>
 </div>
diff --git a/modules/board/skins/default/list.html b/modules/board/skins/default/list.html
index 0c3a658db..46037890b 100644
--- a/modules/board/skins/default/list.html
+++ b/modules/board/skins/default/list.html
@@ -139,7 +139,7 @@
 		<input type="hidden" name="vid" value="{$vid}" />
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="category" value="{$category}" />
-		<input type="text" name="search_keyword" value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" class="iText" />
+		<input type="text" name="search_keyword" value="{escape($search_keyword, false)}" title="{$lang->cmd_search}" class="iText" />
 		<select name="search_target">
 			<option loop="$search_option=>$key,$val" value="{$key}" selected="selected"|cond="$search_target==$key">{$val}</option>
 		</select>
diff --git a/modules/board/skins/xedition/list.html b/modules/board/skins/xedition/list.html
index 06b018b48..6230161a0 100644
--- a/modules/board/skins/xedition/list.html
+++ b/modules/board/skins/xedition/list.html
@@ -148,7 +148,7 @@
 		</select>
 		<div class="search_input">
 			<i class="xi-magnifier"></i>
-			<input type="text" name="search_keyword" value="{htmlspecialchars($search_keyword)}" title="{$lang->cmd_search}" class="iText" />
+			<input type="text" name="search_keyword" value="{escape($search_keyword, false)}" title="{$lang->cmd_search}" class="iText" />
 		</div>
 		<button type="submit" class="btn" onclick="xGetElementById('board_search').submit();return false;">{$lang->cmd_search}</button>
         <a cond="$last_division" href="{getUrl('page',1,'document_srl','','division',$last_division,'last_division','')}" class="btn">{$lang->cmd_search_next}</a>

From b9c2cd149436a5f11f0fddfa7cd5b98a4bb93579 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 16:18:58 +0900
Subject: [PATCH 18/23] Fix #1528 make group_srl encoding more robust in case
 of incorrect data

---
 modules/menu/menu.admin.controller.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index 443bfeda9..28fde39e8 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -1659,7 +1659,7 @@ class menuAdminController extends menu
 	public function procMenuAdminUpdateAuth()
 	{
 		$menuItemSrl = Context::get('menu_item_srl');
-		$exposure = Context::get('exposure');
+		$exposure = strval(Context::get('exposure'));
 		$htPerm = Context::get('htPerm');
 
 		$oMenuModel = getAdminModel('menu');
@@ -1674,13 +1674,14 @@ class menuAdminController extends menu
 		}
 		else
 		{
-			$exposure = explode(',', $exposure);
 			if(in_array($exposure, array('-1','-3')))
 			{
 				$args->group_srls = $exposure;
 			}
-
-			if($exposure) $args->group_srls = implode(',', $exposure);
+			else
+			{
+				$args->group_srls = implode(',', $exposure);
+			}
 		}
 
 		$output = $this->_updateMenuItem($args);
@@ -1941,9 +1942,9 @@ class menuAdminController extends menu
 			}
 
 			// If the value of node->group_srls exists
-			$group_srls = ($node->group_srls) ? (is_array($node->group_srls) ? implode(',', $node->group_srls) : $node->group_srls) : '';
-			if($group_srls) {
-				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged&&%s))',$group_srls,$group_srls == -1?1:0);
+			if($node->group_srls) {
+				$group_srls_exported = json_encode(array_values(is_array($node->group_srls) ? $node->group_srls : array_map('intval', explode(',', $node->group_srls))));
+				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged&&%s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0);
 			}
 			else
 			{
@@ -2034,10 +2035,10 @@ class menuAdminController extends menu
 			if($node->url) $child_output['url_list'][] = $node->url;
 			$output['url_list'] = array_merge($output['url_list'], $child_output['url_list']);
 			// If node->group_srls value exists
-			$group_srls = ($node->group_srls) ? (is_array($node->group_srls) ? implode(',', $node->group_srls) : $node->group_srls) : '';
-			if($group_srls)
+			if($node->group_srls)
 			{
-				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, array(%s))))||($is_logged && %s))', $group_srls, $group_srls == -1 ? 1 : 0);
+				$group_srls_exported = json_encode(array_values(is_array($node->group_srls) ? $node->group_srls : array_map('intval', explode(',', $node->group_srls))));
+				$group_check_code = sprintf('($is_admin==true||(is_array($group_srls)&&count(array_intersect($group_srls, %s)))||($is_logged && %s))', $group_srls_exported, $node->group_srls == '-1' ? 1 : 0);
 			}
 			else
 			{

From b25933380fac6f4d7fbdfee58ccb3b582584ffea Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 16:38:06 +0900
Subject: [PATCH 19/23] Fix #1528 more fixes to $exposure handling

---
 modules/menu/menu.admin.controller.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index 28fde39e8..c3c3c8820 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -1659,7 +1659,7 @@ class menuAdminController extends menu
 	public function procMenuAdminUpdateAuth()
 	{
 		$menuItemSrl = Context::get('menu_item_srl');
-		$exposure = strval(Context::get('exposure'));
+		$exposure = Context::get('exposure');
 		$htPerm = Context::get('htPerm');
 
 		$oMenuModel = getAdminModel('menu');
@@ -1674,13 +1674,18 @@ class menuAdminController extends menu
 		}
 		else
 		{
+			if(is_array($exposure))
+			{
+				$exposure = implode(',', $exposure);
+			}
+			
 			if(in_array($exposure, array('-1','-3')))
 			{
 				$args->group_srls = $exposure;
 			}
 			else
 			{
-				$args->group_srls = implode(',', $exposure);
+				$args->group_srls = implode(',', array_map('intval', explode(',', $exposure)));
 			}
 		}
 

From 3dc27f37b75fd3a044b0117441a4025940398c6a Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 17:08:34 +0900
Subject: [PATCH 20/23] Remove unnecessary var_dump() in install controller

https://xetown.com/questions/1496904
---
 modules/install/install.controller.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/install/install.controller.php b/modules/install/install.controller.php
index 33db6a00d..8a0c36581 100644
--- a/modules/install/install.controller.php
+++ b/modules/install/install.controller.php
@@ -233,7 +233,6 @@ class installController extends install
 		catch(Exception $e)
 		{
 			$oDB->rollback();
-			var_dump($e);exit;
 			throw new Rhymix\Framework\Exception($e->getMessage());
 		}
 		

From afcc25bd5060975a7fb23b36c8124fb2a8702ab0 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 17:14:11 +0900
Subject: [PATCH 21/23] Convert PDOException to DBError in _fetch()

---
 common/framework/db.php | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/common/framework/db.php b/common/framework/db.php
index d66be8b7c..e56d37521 100644
--- a/common/framework/db.php
+++ b/common/framework/db.php
@@ -477,17 +477,24 @@ class DB
 			return $stmt;
 		}
 		
-		$result = array();
-		$index = $last_index;
-		$step = $last_index !== 0 ? -1 : 1;
-		
-		while ($row = $stmt->fetchObject())
+		try
 		{
-			$result[$index] = $row;
-			$index += $step;
+			$result = array();
+			$index = $last_index;
+			$step = $last_index !== 0 ? -1 : 1;
+			
+			while ($row = $stmt->fetchObject())
+			{
+				$result[$index] = $row;
+				$index += $step;
+			}
+			
+			$stmt->closeCursor();
+		}
+		catch (\PDOException $e)
+		{
+			throw new Exceptions\DBError($e->getMessage(), 0, $e);
 		}
-		
-		$stmt->closeCursor();
 		
 		if ($result_type === 'auto' && $last_index === 0 && count($result) === 1)
 		{

From c700de4f66b8c8d6a21fb62e997dc6b88d38a905 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 26 Dec 2020 20:49:46 +0900
Subject: [PATCH 22/23] Also catch PDOException in _executeCountQuery()

---
 common/framework/db.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/framework/db.php b/common/framework/db.php
index e56d37521..b137e0fbb 100644
--- a/common/framework/db.php
+++ b/common/framework/db.php
@@ -420,6 +420,11 @@ class DB
 			$output = $this->setError(-1, $e->getMessage());
 			return $output;
 		}
+		catch (\PDOException $e)
+		{
+			$output = $this->setError(-1, $e->getMessage());
+			return $output;
+		}
 		
 		// Collect various counts used in the page calculation.
 		list($is_expression, $list_count) = $query->navigation->list_count->getValue($args);

From 9f6f5df35bd382eeb2131ff7b24a1cffc57b5de4 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 27 Dec 2020 10:53:18 +0900
Subject: [PATCH 23/23] Always put integer in member_srl in insertFile()

---
 modules/file/file.controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index a36cc0e3e..c2309ac80 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -857,7 +857,7 @@ class fileController extends file
 		$args->module_srl = $module_srl;
 		$args->upload_target_srl = $upload_target_srl;
 		$args->download_count = $download_count;
-		$args->member_srl = Rhymix\Framework\Session::getMemberSrl();
+		$args->member_srl = Rhymix\Framework\Session::getMemberSrl() ?: 0;
 		$args->source_filename = $file_info['name'];
 		$args->sid = Rhymix\Framework\Security::getRandom(32, 'hex');
 		$args->mime_type = $file_info['type'];