fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-13 16:34:52 +09:00
Code Issues Projects Releases Packages Wiki Activity
15618 commits 4 branches 212 tags 117 MiB
Commit graph

465 commits

Author SHA1 Message Date
Kijin Sung
81511e47b1 Enhance permissions check on module config actions 2017-03-06 11:05:53 +09:00
Kijin Sung
387dd1f78b Fix #741 do not allow empty HTML content in document and comment 2017-03-06 10:50:06 +09:00
Kijin Sung
9389b96f95 Revert "글쓴이에게는 무조건 세션 권한 부여" 
This reverts commit 2840740286.
 2017-03-03 00:57:41 +09:00
conory
2840740286 글쓴이에게는 무조건 세션 권한 부여 
비회원 글쓰기 후 본문 페이지에서 비밀번호 인증을 받아야 하기 때문에 매우 번거로움.
 2017-03-03 00:36:04 +09:00
Kijin Sung
9143493f13 Restrict addGrant() to current request only 2017-03-02 23:24:28 +09:00
Kijin Sung
238d97e4ab Restrict effect of setGrant() to current request 
앞으로 또 발견될지도 모르는 보안 취약점으로 인한 피해를 줄이기 위해
문서나 댓글에 대하여 setGrant()를 호출하더라도 해당 세션 전체가 아닌
하나의 요청 내에서만 관리권한을 부여받도록 고칩니다.

세션 전체에 관리 권한을 부여하려면 새로 추가된 setGrantForSession()
메소드를 사용하여야 하며, 이것은 함부로 사용해서는 안됩니다.

그동안 getDocument(), getComment() 등에 $is_admin 파라미터가 너무
남용되어 왔으므로, 이 권한을 제한하는 것만으로도 서드파티 호환성에
미치는 영향을 최소화하면서 상당한 효과가 있을 것으로 보입니다.
 2017-03-02 20:41:36 +09:00
Kijin Sung
dc84dd1310 Fix unauthorized config manipulation in document and comment modules 
Reported by @conory
 2017-03-01 23:35:12 +09:00
Kijin Sung
6df32746c3 Refresh isAccessible() if document or comment is updated 
https://www.xetown.com/qna/510717
 2017-02-24 15:47:01 +09:00
Kijin Sung
563814a2f3 Remove unnecessary calculation of comment count 2017-02-17 20:16:16 +09:00
Kijin Sung
3b7d0da0f6 Fix #607 #662 thumbnail_type=none always overrides custom setting 2017-02-14 16:09:43 +09:00
Kijin Sung
a85c3ccb01 Initial implementation of view comment screen 2017-02-10 22:17:29 +09:00
Kijin Sung
3f0cf4f9b7 Clear empty directories when deleting files or thumbnails 2017-01-26 18:09:56 +09:00
conory
60bc1e5637 댓글 신고 트리거에도 신고 메세지 추가 2017-01-23 19:32:42 +09:00
Kijin Sung
1577955664 Reapply "Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결" 
This reverts commit e9f9bec9ca.
 2017-01-12 15:21:44 +09:00
Kijin Sung
e9f9bec9ca Revert "Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결" 
This reverts commit 884c91a606.
 2017-01-12 15:19:51 +09:00
bnu
884c91a606 Fix #2005 XEVE-16-008 XSS 방지 및 XSS를 통해 특정 명령을 실행할 수 있는 보안취약점 해결 2017-01-12 14:44:40 +09:00
Kijin Sung
3da76b0bd7 Fix comment.deleteComment trigger not being called when leaving placeholder 2017-01-09 11:46:29 +09:00
Kijin Sung
d31536159f Clean up comment deletion routine 2016-12-20 14:37:49 +09:00
Kijin Sung
92b73a1149 Fix #664 make comment placeholders available to all board skins 2016-12-20 14:11:50 +09:00
Kijin Sung
af7bab4814 Do not create thumbnails if thumbnail_type is none 2016-12-17 17:48:32 +09:00
Kijin Sung
83513cfc59 Fix 78 unused variable in CommentModel::getComments() 2016-10-01 22:10:59 +09:00
sejin7940
2770037700 Update comment.controller.php 2016-09-25 14:33:15 +09:00
BJRambo
c1e62d93c7 Improvement to cut the post title 2016-07-30 08:11:09 +09:00
BJRambo
e4140c5162 Deleted test code 2016-07-30 07:56:49 +09:00
BJRambo
bcf6523e81 Modify the title of the comment notification e-mail. 2016-07-30 07:49:30 +09:00
BJRambo
508b6ed340 Fix uninitialized stdClass in rarely used method 2016-05-27 07:57:58 +09:00
Kijin Sung
61da304a4c Clean up more language files and default skin 2016-05-26 11:19:06 +09:00
Kijin Sung
dab8504a2f Clean up some language files related to #511 2016-05-26 11:13:50 +09:00
BJRambo
e3803550ad 발행 미발행 댓글구분시 삭제댓글이 표시되지않던 문제고침 2016-05-25 20:31:40 +09:00
BJRambo
2462c7b13a Bug fix the order of the comments list 2016-05-25 00:43:52 +09:00
BJRambo
5d7a996913 피라미터에 기본빈값 추가 2016-05-25 00:07:33 +09:00
BJRambo
4bbbd6ee36 대댓글에 대한 세부옵션을 추가 2016-05-24 23:23:16 +09:00
BJRambo
a0699b2e33 Unused parameter deleted. 2016-05-24 21:37:35 +09:00
BJRambo
fb4ff53a6f Improving do not count the deleted comments. 2016-05-24 21:32:41 +09:00
BJRambo
5e036bf586 Fix any incorrect the list_order setting. 2016-05-24 21:14:34 +09:00
BJRambo
219c7fef1d Fix any incorrect the list_order setting. 2016-05-23 15:28:15 +09:00
BJRambo
b2e6c5338e Elimination the privileges of the commenter. 2016-05-23 15:22:46 +09:00
BJRambo
e9bd281e24 fix space to tab. 2016-05-23 05:11:09 +09:00
BJRambo
228eb1f6c9 When deleting a comment, add to display 'deleted' message. 2016-05-23 05:05:51 +09:00
Kijin Sung
78cbaea1a4 Limit minimum original image size for thumbnails of external images 
cf. xpressengine/xe-core a4a54f9 by @bnu
Exclude external images less than 30% of the thumbnail size

TODO: Make the limit configurable
 2016-05-16 22:35:53 +09:00
Kijin Sung
eb895f76cd Do not rollback if an 'after' trigger returns error 2016-05-14 20:24:45 +09:00
Kijin Sung
a107e86dc6 Reduce risk of accidental disclosure of member_srl and other personal info 2016-04-28 13:03:23 +09:00
Kijin Sung
ffc46763c9 In admin page, display both anonymous name and real member name 2016-04-27 12:01:29 +09:00
Kijin Sung
e25b36ee64 Improve anonymous nickname handling 2016-04-26 23:55:00 +09:00
Kijin Sung
c227d188a7 Fix multiple queries for document/comment vote count 2016-04-24 19:50:22 +09:00
Kijin Sung
2f234dfad1 Update references to CacheHandler in several modules 2016-04-18 00:55:29 +09:00
Kijin Sung
77f44e57a5 Use autoload to handle 'Item' classes in modules 2016-04-16 17:25:28 +09:00
Kijin Sung
14f5ed0121 Fix similar variable scope problem in updateComment() as well 2016-03-22 15:09:25 +09:00
conory
90400e2b5f 모두 lang() 함수로 변경 2016-03-06 17:01:15 +09:00
conory
9290c53122 #327 언어파일 정리2 2016-03-03 19:46:59 +09:00