From fc4d8a68248326f2f4f2c4dd7de98d6c43fead19 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 23 Feb 2021 22:01:32 +0900 Subject: [PATCH] Fix #1634 bypass spamfilter when sending messages from core modules --- modules/comment/comment.admin.controller.php | 2 +- modules/comment/comment.controller.php | 2 +- modules/comment/comment.item.php | 2 +- modules/communication/communication.controller.php | 6 ++++-- modules/document/document.controller.php | 6 +++--- modules/document/document.item.php | 2 +- modules/member/member.admin.controller.php | 2 +- modules/member/member.controller.php | 2 +- modules/spamfilter/spamfilter.controller.php | 4 ++++ 9 files changed, 17 insertions(+), 11 deletions(-) diff --git a/modules/comment/comment.admin.controller.php b/modules/comment/comment.admin.controller.php index 94e3c3fd7..3aaeccc13 100644 --- a/modules/comment/comment.admin.controller.php +++ b/modules/comment/comment.admin.controller.php @@ -278,7 +278,7 @@ class commentAdminController extends comment $content = sprintf("
%s
%s
", $message_content, $oComment->getContentText(20)); - $oCommunicationController->sendMessage($sender_member_srl, $oComment->get('member_srl'), $title, $content, FALSE); + $oCommunicationController->sendMessage($sender_member_srl, $oComment->get('member_srl'), $title, $content, false, null, false); } } diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index 11a74b55c..dfd146774 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -1695,7 +1695,7 @@ class commentController extends comment $message_content = sprintf('

%s

%s

', $oComment->getPermanentUrl(), $oComment->getContentText(50), $declare_message); foreach ($message_targets as $target_member_srl => $val) { - $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false); + $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false, null, false); } } diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php index 1bfce129c..4b538d5a4 100644 --- a/modules/comment/comment.item.php +++ b/modules/comment/comment.item.php @@ -254,7 +254,7 @@ class commentItem extends BaseObject // send a message $oCommunicationController = getController('communication'); - $oCommunicationController->sendMessage($sender_member_srl, $receiver_srl, $title, $content, FALSE); + $oCommunicationController->sendMessage($sender_member_srl, $receiver_srl, $title, $content, false, null, false); } function getIpAddress() diff --git a/modules/communication/communication.controller.php b/modules/communication/communication.controller.php index 62d782137..f2c0954f9 100644 --- a/modules/communication/communication.controller.php +++ b/modules/communication/communication.controller.php @@ -158,11 +158,12 @@ class communicationController extends communication * @param int $receiver_srl member_srl of receiver_srl * @param string $title * @param string $content - * @param boolean $sender_log (default true) + * @param bool $sender_log (default true) * @param int|null $temp_srl (default null) + * @param bool $use_spamfilter (default true) * @return Object */ - function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true, $temp_srl = null) + function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true, $temp_srl = null, $use_spamfilter = true) { // Encode the title and content. $title = escape($title, false); @@ -212,6 +213,7 @@ class communicationController extends communication $trigger_obj->title = $title; $trigger_obj->content = $content; $trigger_obj->sender_log = $sender_log; + $trigger_obj->use_spamfilter = $use_spamfilter; $trigger_output = ModuleHandler::triggerCall('communication.sendMessage', 'before', $trigger_obj); if(!$trigger_output->toBool()) { diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 2e1ea7c4c..141a0bfa0 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -1790,7 +1790,7 @@ class documentController extends document $message_content = sprintf('

%s

%s

', $oDocument->getPermanentUrl(), $oDocument->getTitleText(), $declare_message); foreach ($message_targets as $target_member_srl => $val) { - $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false); + $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false, null, false); } } @@ -1907,7 +1907,7 @@ class documentController extends document $message_content = sprintf('

%s

', $oDocument->getPermanentUrl(), $oDocument->getTitleText()); foreach ($message_targets as $target_member_srl => $val) { - $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false); + $oCommunicationController->sendMessage($this->user->member_srl, $target_member_srl, $message_title, $message_content, false. null, false); } } @@ -2990,7 +2990,7 @@ Content; $oCommunicationController = getController('communication'); foreach ($recipients as $member_srl => $items) { - $oCommunicationController->sendMessage($this->user->member_srl, $member_srl, $title, sprintf($content, implode('', $items))); + $oCommunicationController->sendMessage($this->user->member_srl, $member_srl, $title, sprintf($content, implode('', $items)), true, null, false); } } diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 0621095e0..dd53bb477 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -406,7 +406,7 @@ class documentItem extends BaseObject // Send a message $sender_member_srl = $logged_info->member_srl ?: $this->get('member_srl'); - getController('communication')->sendMessage($sender_member_srl, $this->get('member_srl'), $title, $content, false); + getController('communication')->sendMessage($sender_member_srl, $this->get('member_srl'), $title, $content, false, null, false); } function getLangCode() diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php index 23472357a..c9051bcbf 100644 --- a/modules/member/member.admin.controller.php +++ b/modules/member/member.admin.controller.php @@ -973,7 +973,7 @@ class memberAdminController extends member foreach($members as $member_srl) { - $oCommunicationController->sendMessage($sender_member_srl, $member_srl, $title, $message, false); + $oCommunicationController->sendMessage($sender_member_srl, $member_srl, $title, $message, true, null, false); } } diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index cac8fc13b..83d040647 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -2450,7 +2450,7 @@ class memberController extends member //send message $oCommunicationController = getController('communication'); - $oCommunicationController->sendMessage($args->member_srl, $args->member_srl, $title, $content, true); + $oCommunicationController->sendMessage($args->member_srl, $args->member_srl, $title, $content, true, null, false); if($member_info->email_address && $member_info->allow_mailing == 'Y') { diff --git a/modules/spamfilter/spamfilter.controller.php b/modules/spamfilter/spamfilter.controller.php index 75bccd141..05fdb6319 100644 --- a/modules/spamfilter/spamfilter.controller.php +++ b/modules/spamfilter/spamfilter.controller.php @@ -181,6 +181,10 @@ class spamfilterController extends spamfilter function triggerSendMessage(&$obj) { if($_SESSION['avoid_log']) return; + if(isset($obj->use_spamfilter) && $obj->use_spamfilter === false) + { + return; + } $logged_info = Context::get('logged_info'); if($logged_info->is_admin == 'Y') return;