From 73e153be601f42f19aa9e2024c34d2e9c7b81c6c Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 27 Feb 2026 20:46:32 +0900
Subject: [PATCH 1/5] Fix warnings when logged_info is false #2680

---
 modules/comment/comment.item.php   | 29 ++++++++++++++++++-----------
 modules/document/document.item.php | 20 ++++++++++----------
 2 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php
index 30508fc69..fd519466b 100644
--- a/modules/comment/comment.item.php
+++ b/modules/comment/comment.item.php
@@ -112,15 +112,15 @@ class CommentItem extends BaseObject
 		}
 
 		$logged_info = Context::get('logged_info');
-		if (!$logged_info->member_srl)
+		if (!$logged_info || !$logged_info->member_srl)
 		{
 			return $this->grant_cache = false;
 		}
-		if ($logged_info->is_admin == 'Y')
+		if ($logged_info && $logged_info->is_admin == 'Y')
 		{
 			return $this->grant_cache = true;
 		}
-		if ($this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl)
+		if ($logged_info && $this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl)
 		{
 			return $this->grant_cache = true;
 		}
@@ -292,7 +292,7 @@ class CommentItem extends BaseObject
 
 		// return if the currently logged-in user is an author of the comment.
 		$logged_info = Context::get('logged_info');
-		if($logged_info->member_srl == $this->get('member_srl'))
+		if($logged_info && $logged_info->member_srl && $logged_info->member_srl == abs($this->get('member_srl')))
 		{
 			return;
 		}
@@ -306,7 +306,7 @@ class CommentItem extends BaseObject
 		$title .= cut_str(strip_tags($content), 30, '...');
 		$content = sprintf('%s<br /><br />from : <a href="%s#comment_%s" target="_blank">%s</a>', $content, getFullUrl('', 'document_srl', $this->get('document_srl')), $this->get('comment_srl'), getFullUrl('', 'document_srl', $this->get('document_srl')));
 		$receiver_srl = $this->get('member_srl');
-		$sender_member_srl = $logged_info->member_srl;
+		$sender_member_srl = ($logged_info && $logged_info->member_srl) ? $logged_info->member_srl : $this->get('member_srl');
 
 		// send a message
 		$oCommunicationController = getController('communication');
@@ -376,17 +376,24 @@ class CommentItem extends BaseObject
 
 	function getMyVote()
 	{
-		if(!$this->comment_srl) return false;
-		if(isset($_SESSION['voted_comment'][$this->comment_srl]))
+		if (!$this->comment_srl)
+		{
+			return false;
+		}
+
+		if (isset($_SESSION['voted_comment'][$this->comment_srl]))
 		{
 			return $_SESSION['voted_comment'][$this->comment_srl];
 		}
 
 		$logged_info = Context::get('logged_info');
-		if(!$logged_info->member_srl) return false;
+		if (!$logged_info || !$logged_info->member_srl)
+		{
+			return false;
+		}
 
 		$args = new stdClass();
-		if($logged_info->member_srl)
+		if ($logged_info && $logged_info->member_srl)
 		{
 			$args->member_srl = $logged_info->member_srl;
 		}
@@ -413,7 +420,7 @@ class CommentItem extends BaseObject
 		}
 
 		$logged_info = Context::get('logged_info');
-		if (!$logged_info->member_srl)
+		if (!$logged_info || !$logged_info->member_srl)
 		{
 			return false;
 		}
@@ -424,7 +431,7 @@ class CommentItem extends BaseObject
 		}
 
 		$args = new stdClass();
-		if ($logged_info->member_srl)
+		if ($logged_info && $logged_info->member_srl)
 		{
 			$args->member_srl = $logged_info->member_srl;
 		}
diff --git a/modules/document/document.item.php b/modules/document/document.item.php
index 4d60f1795..d883363aa 100644
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@@ -201,11 +201,11 @@ class DocumentItem extends BaseObject
 		{
 			return $this->grant_cache = false;
 		}
-		if ($logged_info->is_admin == 'Y')
+		if ($logged_info && $logged_info->is_admin == 'Y')
 		{
 			return $this->grant_cache = true;
 		}
-		if ($this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl)
+		if ($logged_info && $this->get('member_srl') && abs($this->get('member_srl')) == $logged_info->member_srl)
 		{
 			return $this->grant_cache = true;
 		}
@@ -411,7 +411,7 @@ class DocumentItem extends BaseObject
 
 		// Return if the currently logged-in user is an author
 		$logged_info = Context::get('logged_info');
-		if($logged_info->member_srl == $this->get('member_srl'))
+		if($logged_info && $logged_info->member_srl && $logged_info->member_srl == abs($this->get('member_srl')))
 		{
 			return;
 		}
@@ -421,7 +421,7 @@ class DocumentItem extends BaseObject
 		$content = sprintf('%s<br><br>from : <a href="%s" target="_blank">%s</a>',$content, getFullUrl('', 'document_srl', $this->document_srl), getFullUrl('', 'document_srl', $this->document_srl));
 
 		// Send a message
-		$sender_member_srl = $logged_info->member_srl ?: $this->get('member_srl');
+		$sender_member_srl = ($logged_info && $logged_info->member_srl) ? $logged_info->member_srl : $this->get('member_srl');
 		getController('communication')->sendMessage($sender_member_srl, $this->get('member_srl'), $title, $content, false, null, false);
 	}
 
@@ -514,17 +514,17 @@ class DocumentItem extends BaseObject
 		}
 
 		$logged_info = Context::get('logged_info');
-		if(!$logged_info->member_srl)
+		if (!$logged_info || !$logged_info->member_srl)
 		{
 			$module_info = ModuleModel::getModuleInfoByModuleSrl($this->get('module_srl'));
-			if($module_info->non_login_vote !== 'Y')
+			if(!isset($module_info->non_login_vote) || $module_info->non_login_vote !== 'Y')
 			{
 				return false;
 			}
 		}
 
 		$args = new stdClass;
-		if($logged_info->member_srl)
+		if ($logged_info && $logged_info->member_srl)
 		{
 			$args->member_srl = $logged_info->member_srl;
 		}
@@ -554,7 +554,7 @@ class DocumentItem extends BaseObject
 		}
 
 		$logged_info = Context::get('logged_info');
-		if(!$logged_info->member_srl)
+		if(!$logged_info || !$logged_info->member_srl)
 		{
 			return false;
 		}
@@ -565,7 +565,7 @@ class DocumentItem extends BaseObject
 		}
 
 		$args = new stdClass();
-		if($logged_info->member_srl)
+		if($logged_info && $logged_info->member_srl)
 		{
 			$args->member_srl = $logged_info->member_srl;
 		}
@@ -1027,7 +1027,7 @@ class DocumentItem extends BaseObject
 
 		// Cache the vote log for all comments.
 		$logged_info = Context::get('logged_info');
-		if ($logged_info->member_srl)
+		if ($logged_info && $logged_info->member_srl)
 		{
 			$comment_srls = array();
 			foreach ($comment_list as $comment_srl => $comment)

From 798b0cd1d61a31ee9d92beede0e2e05d69eeb821 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 27 Feb 2026 20:46:49 +0900
Subject: [PATCH 2/5] Fix warnings when user is logged out #2680

---
 layouts/xedition/layout.html                           | 2 +-
 modules/spamfilter/spamfilter.model.php                | 4 ++--
 widgets/login_info/skins/ncenter_login/login_form.html | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/layouts/xedition/layout.html b/layouts/xedition/layout.html
index 7892e5502..b6de9c378 100644
--- a/layouts/xedition/layout.html
+++ b/layouts/xedition/layout.html
@@ -209,7 +209,7 @@
 						<a href="#" title="{$lang->cmd_search}"><i class="xi-magnifier"></i><span class="blind">{$lang->cmd_search}</span></a>
 					</li>
 					<!-- admin -->
-					<li cond="$logged_info->is_admin == 'Y'">
+					<li cond="$logged_info && $logged_info->is_admin == 'Y'">
 						<a href="{getUrl('', 'module', 'admin')}" target="_blank" title="{$lang->cmd_management}"><i class="xi-cog"></i><span class="blind">{$lang->cmd_management}</span></a>
 					</li>
 					<!-- login -->
diff --git a/modules/spamfilter/spamfilter.model.php b/modules/spamfilter/spamfilter.model.php
index 379cf776c..32655e094 100644
--- a/modules/spamfilter/spamfilter.model.php
+++ b/modules/spamfilter/spamfilter.model.php
@@ -222,11 +222,11 @@ class SpamfilterModel extends Spamfilter
 		{
 			return false;
 		}
-		if ($user->is_admin === 'Y')
+		if ($user && $user->is_admin === 'Y')
 		{
 			return false;
 		}
-		if ($config->captcha->target_users !== 'everyone' && $user->member_srl)
+		if ($config->captcha->target_users !== 'everyone' && $user && $user->member_srl)
 		{
 			return false;
 		}
diff --git a/widgets/login_info/skins/ncenter_login/login_form.html b/widgets/login_info/skins/ncenter_login/login_form.html
index cd134aa97..39bb96622 100644
--- a/widgets/login_info/skins/ncenter_login/login_form.html
+++ b/widgets/login_info/skins/ncenter_login/login_form.html
@@ -5,7 +5,7 @@
 	<ul class="nc_memu guest">
 		<li class="nc_profile fLeft">
 			<block cond="$useProfileImage">
-				<img cond="!$profileImage" src="{Context::getRequestUri()}modules/ncenterlite/skins/default/img/p.png" alt="my profile" class="nc_profile_img" />
+				<img cond="empty($profileImage)" src="{Context::getRequestUri()}modules/ncenterlite/skins/default/img/p.png" alt="my profile" class="nc_profile_img" />
 			</block>
 			<strong>손님</strong>
 		</li>

From 6386ddfe276911f140247038c56c3f7b2bf57f5c Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 27 Feb 2026 20:51:07 +0900
Subject: [PATCH 3/5] Fix warnings when user is logged out #2680

---
 modules/editor/editor.model.php                | 9 +++++----
 modules/editor/skins/ckeditor/file_upload.html | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/editor/editor.model.php b/modules/editor/editor.model.php
index f6a430aef..a0a206b4a 100644
--- a/modules/editor/editor.model.php
+++ b/modules/editor/editor.model.php
@@ -387,6 +387,7 @@ class EditorModel extends Editor
 		}
 		else
 		{
+			$logged_info = new Rhymix\Framework\Helpers\SessionHelper();
 			$group_list = array();
 		}
 
@@ -507,7 +508,7 @@ class EditorModel extends Editor
 			$logged_info = Context::get('logged_info');
 			$auto_save_args->member_srl = $logged_info->member_srl;
 		}
-		elseif($_COOKIE['autosave_certify_key_' . $auto_save_args->module_srl])
+		elseif(!empty($_COOKIE['autosave_certify_key_' . $auto_save_args->module_srl]))
 		{
 			$auto_save_args->certify_key = $_COOKIE['autosave_certify_key_' . $auto_save_args->module_srl];
 		}
@@ -647,8 +648,8 @@ class EditorModel extends Editor
 					unset($component_list->{$key});
 					continue;
 				}
-				if($logged_info->is_admin == "Y") continue;
-				if($val->target_group)
+				if($logged_info && $logged_info->is_admin == "Y") continue;
+				if(isset($val->target_group) && $val->target_group)
 				{
 					if(!Context::get('is_logged'))
 					{
@@ -664,7 +665,7 @@ class EditorModel extends Editor
 						if(!$is_granted) $val->enabled = "N";
 					}
 				}
-				if($val->enabled != "N" && $val->mid_list)
+				if($val->enabled != "N" && !empty($val->mid_list))
 				{
 					$mid = Context::get('mid');
 					if(!in_array($mid, $val->mid_list)) $val->enabled = "N";
diff --git a/modules/editor/skins/ckeditor/file_upload.html b/modules/editor/skins/ckeditor/file_upload.html
index 7d808c24f..c89df2a1c 100644
--- a/modules/editor/skins/ckeditor/file_upload.html
+++ b/modules/editor/skins/ckeditor/file_upload.html
@@ -10,7 +10,7 @@
 <div cond="$allow_fileupload" id="xefu-container-{$editor_sequence}" class="xefu-container xe-clearfix"
 	data-editor-sequence="{$editor_sequence}"
 	data-editor-status="{json_encode(FileModel::getInstance()->getFileList($editor_sequence), JSON_UNESCAPED_UNICODE)}"
-	data-max-file-size="{$logged_info->is_admin === 'Y' ? 0 : $file_config->allowed_filesize}"
+	data-max-file-size="{$this->user->isAdmin() ? 0 : $file_config->allowed_filesize}"
 	data-max-chunk-size="{$file_config->allowed_chunk_size ?: 0}"
 	data-autoinsert-types="{json_encode($editor_autoinsert_types)}"
 	data-autoinsert-position="{$editor_autoinsert_position ?: 'paragraph'}">

From 2392b923b0dc29f6b3caab107e0465db45f38ffe Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 27 Feb 2026 20:51:30 +0900
Subject: [PATCH 4/5] Fix reference to potentially undefined config variable

---
 modules/board/board.view.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/board/board.view.php b/modules/board/board.view.php
index 117ff0219..a24350ef5 100644
--- a/modules/board/board.view.php
+++ b/modules/board/board.view.php
@@ -913,7 +913,7 @@ class BoardView extends Board
 			$point_config = ModuleModel::getModulePartConfig('point',$this->module_srl);
 			if ($point_config)
 			{
-				$pointForInsert = intval(is_object($point_config) ? $point_config->insert_document : $point_config["insert_document"]);
+				$pointForInsert = intval(is_object($point_config) ? ($point_config->insert_document ?? 0) : ($point_config["insert_document"] ?? 0));
 			}
 			else
 			{

From cdb520d2b1ceb0f7a61ff0c9e87c002cf4842271 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 1 Mar 2026 23:32:39 +0900
Subject: [PATCH 5/5] Preserve module_srl after managing document #2683

---
 modules/document/tpl/document_list.html | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/modules/document/tpl/document_list.html b/modules/document/tpl/document_list.html
index 51833e29d..4e73b31ba 100644
--- a/modules/document/tpl/document_list.html
+++ b/modules/document/tpl/document_list.html
@@ -89,8 +89,7 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 	</div>
 </form>
 
-<form action="./" class="x_pagination">
-	<input type="hidden" name="error_return_url" value="" />
+<form action="./" class="x_pagination" no-error-return-url="true">
 	<input type="hidden" name="module" value="{$module}" />
 	<input type="hidden" name="act" value="{$act}" />
 	<input cond="$search_keyword" type="hidden" name="search_keyword" value="{$search_keyword}" />
@@ -126,10 +125,9 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 		<li class="x_disabled"|cond="$page == $page_navigation->last_page"><a href="{getUrl('page', $page_navigation->last_page)}" title="{$page_navigation->last_page}">{$lang->last_page} &raquo;</a></li>
 	</ul>
 </form>
-<form action="./" method="get" class="search center x_input-append x_clearfix">
+<form action="./" method="get" class="search center x_input-append x_clearfix" no-error-return-url="true">
 	<input type="hidden" name="module" value="{$module}" />
 	<input type="hidden" name="act" value="{$act}" />
-	<input type="hidden" name="error_return_url" value="" />
 	<select name="module_srl" style="margin-right:4px">
 		<option value="">{lang('all')}</option>
 		<!--@foreach($module_list as $item)-->
@@ -149,8 +147,8 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}';
 	<input type="hidden" name="module" value="document" />
 	<input type="hidden" name="act" value="procDocumentManageCheckedDocument" />
 	<input type="hidden" name="type" value="" />
-	<input type="hidden" name="module_srl" value="" />
-	<input type="hidden" name="success_return_url" value="{getUrl('', 'module', 'admin', 'act', 'dispDocumentAdminList', 'is_secret', $is_secret, 'search_target', $search_target, 'search_keyword', $search_keyword, 'page', $page)}" />
+	<input type="hidden" name="module_srl" value="{$module_srl}" />
+	<input type="hidden" name="success_return_url" value="{getUrl('', 'module', 'admin', 'act', 'dispDocumentAdminList', 'module_srl', $module_srl, 'is_secret', $is_secret, 'search_target', $search_target, 'search_keyword', $search_keyword, 'page', $page)}" />
 	<input type="hidden" name="xe_validator_id" value="modules/document/tpl/document_list/1" />
 	<div class="x_modal-header">
 		<h1>{$lang->document_manager}: <span class="_sub"></span></h1>