/**
* Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다.
* @param string $data
*/
function kboard_xssfilter($data)
{
global $kboard_xssfilter_active;
if (is_array($data)) {
return array_map('kboard_xssfilter', $data);
}
if ($kboard_xssfilter_active) {
if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) {
$HTMLPurifier_Config = HTMLPurifier_Config::createDefault();
$HTMLPurifier_Config->set('HTML.SafeIframe', true);
$HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)');
$HTMLPurifier_Config->set('HTML.TidyLevel', 'light');
$HTMLPurifier_Config->set('HTML.SafeObject', true);
$HTMLPurifier_Config->set('HTML.SafeEmbed', true);
$HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank'));
$HTMLPurifier_Config->set('Output.FlashCompat', true);
$HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier');
$GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config;
$GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance();
unset($HTMLPurifier_Config);
}
$data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']);
}
return kboard_safeiframe($data);
}
/**
* 게시글을 등록/수정한다.
*/
public function execute()
{
$this->parent_uid = isset($_POST['parent_uid']) ? intval($_POST['parent_uid']) : 0;
$this->member_uid = isset($_POST['member_uid']) ? intval($_POST['member_uid']) : 0;
$this->member_display = isset($_POST['member_display']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['member_display']))) : '';
$this->title = isset($_POST['title']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['title']))) : '';
$this->content = isset($_POST['kboard_content']) ? kboard_safeiframe(kboard_xssfilter(trim($_POST['kboard_content']))) : '';
$this->date = isset($_POST['date']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['date']))) : '';
$this->category1 = isset($_POST['category1']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category1']))) : '';
$this->category2 = isset($_POST['category2']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category2']))) : '';
$this->secret = isset($_POST['secret']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['secret']))) : '';
$this->notice = isset($_POST['notice']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['notice']))) : '';
$this->search = isset($_POST['wordpress_search']) ? intval($this->secret && $_POST['wordpress_search'] == 1 ? '2' : $_POST['wordpress_search']) : '3';
$this->password = isset($_POST['password']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['password']))) : '';
if ($this->uid && $this->date) {
// 기존게시물 업데이트
$this->updateContent();
$this->setThumbnail($this->uid);
$this->update_options($this->uid);
$this->update_attach($this->uid);
/*
* 게시글 수정 액션 훅 실행
*/
do_action('kboard_document_update', $this->uid, $this->board_id);
return $this->uid;
} else {
if (!$this->uid && $this->title) {
// captcha 코드 확인
include_once 'KBCaptcha.class.php';
$captcha = new KBCaptcha();
$captcha_text = isset($_POST['captcha']) ? $_POST['captcha'] : '';
if (!$captcha->textCheck($captcha_text)) {
die("<script>alert('" . __('The CAPTCHA code is not valid. Please enter the CAPTCHA code.', 'kboard') . "');history.go(-1);</script>");
}
// 신규게시물 등록
$uid = $this->insertContent();
if ($uid) {
$this->setThumbnail($uid);
$this->update_options($uid);
$this->update_attach($uid);
// 게시판 설정에 알림 이메일이 설정되어 있으면 메일을 보낸다.
$meta = new KBoardMeta($this->board_id);
if ($meta->latest_alerts) {
/*
* http://www.cosmosfarm.com/threads/document/3025
* 메일 제목에 게시글이 등록된 게시판 이름 추가해서 보낸다.
*/
$board = new KBoard();
$board->setID($this->board_id);
$url = new KBUrl();
include_once 'KBMail.class.php';
$mail = new KBMail();
$mail->to = explode(',', $meta->latest_alerts);
$mail->title = '[' . __('KBoard new document', 'kboard') . '] ' . $board->board_name . ' - ' . $this->title;
$mail->content = $this->content;
$mail->url = $url->getDocumentRedirect($uid);
$mail->send();
}
/*
* 게시글 입력 액션 훅 실행
*/
do_action('kboard_document_insert', $uid, $this->board_id);
}
return $uid;
}
}
return '';
}
/**
* 댓글 정보를 입력한다.
* @param int $parent_uid
* @param int $user_uid
* @param string $user_display
* @param string $content
* @param string $password
*/
public function add($parent_uid, $user_uid, $user_display, $content, $password = '')
{
global $wpdb;
$content_uid = $this->content_uid;
$parent_uid = intval($parent_uid);
$user_uid = intval($user_uid);
$user_display = esc_sql(kboard_htmlclear(trim($user_display)));
$content = esc_sql(kboard_safeiframe(kboard_xssfilter(trim($content))));
$password = esc_sql(kboard_htmlclear(trim($password)));
$created = date('YmdHis', current_time('timestamp'));
$wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_comments` (`content_uid`, `parent_uid`, `user_uid`, `user_display`, `content`, `created`, `password`) VALUE ('{$content_uid}', '{$parent_uid}', '{$user_uid}', '{$user_display}', '{$content}', '{$created}', '{$password}')");
$insert_id = $wpdb->insert_id;
// 댓글 숫자를 게시물에 등록한다.
$wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `comment`=`comment`+1 WHERE `uid`='{$content_uid}'");
// 댓글 입력 액션 훅 실행
do_action('kboard_comments_insert', $insert_id, $content_uid);
return $insert_id;
}