public function __construct() { $mod = isset($_GET['mod']) ? kboard_htmlclear($_GET['mod']) : ''; $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if ($mod == 'document' && $uid) { $this->content = new KBContent(); $this->content->initWithUID($uid); if ($this->content->uid) { add_filter('wp_title', array($this, 'title'), 1); $is_display = false; $board = new KBoard($this->content->board_id); if ($board->isReader($this->content->member_uid, $this->content->secret)) { $is_display = true; } else { if ($board->permission_write == 'all' && ($board->permission_read == 'all' || $board->permission_read == 'author')) { if ($board->isConfirm($this->content->password, $this->content->uid)) { $is_display = true; } } } if ($is_display) { add_action('kboard_head', array($this, 'ogp'), 2); add_action('kboard_head', array($this, 'description'), 3); add_action('kboard_head', array($this, 'author'), 4); add_action('kboard_head', array($this, 'date'), 5); } } } add_action('kboard_head', array($this, 'rss'), 6); add_action('wp_head', array($this, 'head'), 1); }
/** * 다음 게시판 정보를 불러온다. * @return object */ public function hasNext() { if (!$this->resource) { return ''; } $this->row = current($this->resource); if ($this->row) { next($this->resource); $board = new KBoard(); $board->initWithRow($this->row); return $board; } else { unset($this->resource); return ''; } }
/** * 관리 권한이 있는지 확인한다. * @return boolean */ public function isEditor() { global $wpdb; $board_id = $wpdb->get_var("SELECT `board_id` FROM `" . KBOARD_DB_PREFIX . "kboard_board_content` WHERE `uid`='{$this->content_uid}'"); $board = new KBoard($board_id); if ($this->user_uid == $this->userdata->data->ID && $this->userdata->data->ID) { // 본인인 경우 return true; } else { if ($board->isAdmin()) { // 게시판 관리자 허용 return true; } else { return false; } } }
public function editorExecute() { global $user_ID; if (isset($_POST['kboard-editor-execute-nonce']) && wp_verify_nonce($_POST['kboard-editor-execute-nonce'], 'kboard-editor-execute')) { header("Content-Type: text/html; charset=UTF-8"); $uid = intval($_POST['uid']); $board_id = intval($_POST['board_id']); $board = new KBoard($board_id); if (!$board->uid) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if ($board->isWriter() && $board->permission_write == 'all' && $_POST['title']) { if (!$user_ID && !$_POST['password']) { die('<script>alert("' . __('Please enter your password.', 'kboard') . '");history.go(-1);";</script>'); } } $content = new KBContent(); $content->initWithUID($uid); $content->setBoardID($board_id); if (!$uid && !$board->isWriter()) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } else { if ($uid && !$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $execute_uid = $content->execute(); // 비밀번호가 입력되면 즉시 인증과정을 거친다. if ($content->password) { $board->isConfirm($content->password, $execute_uid); } $url = new KBUrl(); $next_page_url = $url->set('uid', $execute_uid)->set('mod', 'document')->toString(); $next_page_url = apply_filters('kboard_after_executing_url', $next_page_url, $execute_uid, $board_id); wp_redirect($next_page_url); } else { wp_redirect(site_url()); } exit; }
$file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (!strstr($referer, basename(__FILE__))) { $_SESSION['redirect_uri'] = $referer; } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { $url = new KBUrl(); $skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}"; include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php"; exit; } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } if ($file == 'thumbnail') { $content->removeThumbnail();
function kboard_ajax_builder() { if (!$_SESSION['kboard_board_id']) { die('KBoard 알림 :: id=null, 아이디값은 필수 입니다.'); } $board = new KBoard(); $board->setID($_SESSION['kboard_board_id']); if ($board->uid) { $board_builder = new KBoardBuilder(); $board_builder->setBoardID($board->uid); $board_builder->setSkin($board->skin); $board_builder->setRpp($board->page_rpp); $board_builder->board = $board; die($board_builder->getJsonList()); } else { die('KBoard 알림 :: id=' . $_SESSION['kboard_board_id'] . ', 생성되지 않은 게시판입니다.'); } }
<?php list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); include $path . DIRECTORY_SEPARATOR . 'wp-load.php'; header("Content-Type: text/html; charset=UTF-8"); if (!stristr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = intval($_GET['uid']); $file = addslashes(kboard_xssfilter(kboard_htmlclear(trim($_GET['file'])))); if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); $board = new KBoard($content->board_id); if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID) { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url() . '";</script>'); } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $name = $file_info->file_name; if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } header('Content-type: ' . kboard_mime_type($path));
/** * 게시글을 등록/수정한다. */ public function execute() { $this->parent_uid = isset($_POST['parent_uid']) ? intval($_POST['parent_uid']) : 0; $this->member_uid = isset($_POST['member_uid']) ? intval($_POST['member_uid']) : 0; $this->member_display = isset($_POST['member_display']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['member_display']))) : ''; $this->title = isset($_POST['title']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['title']))) : ''; $this->content = isset($_POST['kboard_content']) ? kboard_safeiframe(kboard_xssfilter(trim($_POST['kboard_content']))) : ''; $this->date = isset($_POST['date']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['date']))) : ''; $this->category1 = isset($_POST['category1']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category1']))) : ''; $this->category2 = isset($_POST['category2']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category2']))) : ''; $this->secret = isset($_POST['secret']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['secret']))) : ''; $this->notice = isset($_POST['notice']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['notice']))) : ''; $this->search = isset($_POST['wordpress_search']) ? intval($this->secret && $_POST['wordpress_search'] == 1 ? '2' : $_POST['wordpress_search']) : '3'; $this->password = isset($_POST['password']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['password']))) : ''; if ($this->uid && $this->date) { // 기존게시물 업데이트 $this->updateContent(); $this->setThumbnail($this->uid); $this->update_options($this->uid); $this->update_attach($this->uid); /* * 게시글 수정 액션 훅 실행 */ do_action('kboard_document_update', $this->uid, $this->board_id); return $this->uid; } else { if (!$this->uid && $this->title) { // captcha 코드 확인 include_once 'KBCaptcha.class.php'; $captcha = new KBCaptcha(); $captcha_text = isset($_POST['captcha']) ? $_POST['captcha'] : ''; if (!$captcha->textCheck($captcha_text)) { die("<script>alert('" . __('The CAPTCHA code is not valid. Please enter the CAPTCHA code.', 'kboard') . "');history.go(-1);</script>"); } // 신규게시물 등록 $uid = $this->insertContent(); if ($uid) { $this->setThumbnail($uid); $this->update_options($uid); $this->update_attach($uid); // 게시판 설정에 알림 이메일이 설정되어 있으면 메일을 보낸다. $meta = new KBoardMeta($this->board_id); if ($meta->latest_alerts) { /* * http://www.cosmosfarm.com/threads/document/3025 * 메일 제목에 게시글이 등록된 게시판 이름 추가해서 보낸다. */ $board = new KBoard(); $board->setID($this->board_id); $url = new KBUrl(); include_once 'KBMail.class.php'; $mail = new KBMail(); $mail->to = explode(',', $meta->latest_alerts); $mail->title = '[' . __('KBoard new document', 'kboard') . '] ' . $board->board_name . ' - ' . $this->title; $mail->content = $this->content; $mail->url = $url->getDocumentRedirect($uid); $mail->send(); } /* * 게시글 입력 액션 훅 실행 */ do_action('kboard_document_insert', $uid, $this->board_id); } return $uid; } } return ''; }
/** * 첨부파일 다운로드 */ public function fileDownload() { global $wpdb; header('X-Robots-Tag: noindex', true); // 검색엔진 수집 금지 header('Content-Type: text/html; charset=UTF-8'); $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : ''); } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = esc_sql($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $board->permission_read == 'author') { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>'); } else { if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) { if (!$board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if (!$board->isReader($parent->member_uid, $content->secret)) { if (!$board->isConfirm($parent->password, $parent->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $filename = str_replace(' ', '-', $file_info->file_name); if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (get_option('kboard_attached_copy_download')) { $unique_dir = uniqid(); $upload_dir = wp_upload_dir(); $temp_path = $upload_dir['basedir'] . '/kboard_temp'; $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->deleteWithOvertime($temp_path, 60); $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}"); copy($path, "{$temp_path}/{$unique_dir}/{$filename}"); header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}"); } else { $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false); if ($ie) { $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename); } header('Content-type: ' . kboard_mime_type($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . sprintf('%d', filesize($path))); header('Expires: 0'); if ($ie) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); } $fp = fopen($path, 'rb'); fpassthru($fp); fclose($fp); } exit; }
$file = kboard_xssfilter($file); $file = addslashes($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $board->permission_read == 'author') { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>'); } else { if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) { if (!$board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if (!$board->isReader($parent->member_uid, $content->secret)) { if (!$board->isConfirm($parent->password, $parent->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } }
/** * 댓글 쓰기 권한이 있는 사용자인지 확인한다. * @return boolean */ public function isWriter() { global $user_ID; if (!$this->permission_comment_write) { return true; } else { if (is_user_logged_in()) { if ($this->permission_comment_write == '1') { return true; } else { if ($this->permission_comment_write == 'roles') { $board = new KBoard($this->board_id); $userdata = $user_ID ? get_userdata($user_ID) : new stdClass(); if (isset($userdata->roles) && array_intersect($board->getCommentRoles(), $userdata->roles)) { return true; } } } } } return false; }