public function editorExecute()
{
global $user_ID;
if (isset($_POST['kboard-editor-execute-nonce']) && wp_verify_nonce($_POST['kboard-editor-execute-nonce'], 'kboard-editor-execute')) {
header("Content-Type: text/html; charset=UTF-8");
$uid = intval($_POST['uid']);
$board_id = intval($_POST['board_id']);
$board = new KBoard($board_id);
if (!$board->uid) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if ($board->isWriter() && $board->permission_write == 'all' && $_POST['title']) {
if (!$user_ID && !$_POST['password']) {
die('<script>alert("' . __('Please enter your password.', 'kboard') . '");history.go(-1);";</script>');
}
}
$content = new KBContent();
$content->initWithUID($uid);
$content->setBoardID($board_id);
if (!$uid && !$board->isWriter()) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
} else {
if ($uid && !$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
}
$execute_uid = $content->execute();
// 비밀번호가 입력되면 즉시 인증과정을 거친다.
if ($content->password) {
$board->isConfirm($content->password, $execute_uid);
}
$url = new KBUrl();
$next_page_url = $url->set('uid', $execute_uid)->set('mod', 'document')->toString();
$next_page_url = apply_filters('kboard_after_executing_url', $next_page_url, $execute_uid, $board_id);
wp_redirect($next_page_url);
} else {
wp_redirect(site_url());
}
exit;
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (!strstr($referer, basename(__FILE__))) {
$_SESSION['redirect_uri'] = $referer;
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
$url = new KBUrl();
$skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}";
include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php";
exit;
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
if ($file == 'thumbnail') {
$content->removeThumbnail();
} else {
$content->removeAttached($file);
/**
* 첨부파일 삭제
*/
public function fileDelete()
{
header('Content-Type: text/html; charset=UTF-8');
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
if ($referer) {
$url = parse_url($referer);
$referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : '');
} else {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
if (!in_array($referer_host, array($host))) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = intval($_GET['uid']);
if (isset($_GET['file'])) {
$file = trim($_GET['file']);
$file = kboard_htmlclear($file);
$file = kboard_xssfilter($file);
$file = esc_sql($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
$url = new KBUrl();
$skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}";
include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php";
exit;
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
if ($file == 'thumbnail') {
$content->removeThumbnail();
} else {
$content->removeAttached($file);
}
header("Location:{$referer}");
exit;
}
