public function editorExecute() { global $user_ID; if (isset($_POST['kboard-editor-execute-nonce']) && wp_verify_nonce($_POST['kboard-editor-execute-nonce'], 'kboard-editor-execute')) { header("Content-Type: text/html; charset=UTF-8"); $uid = intval($_POST['uid']); $board_id = intval($_POST['board_id']); $board = new KBoard($board_id); if (!$board->uid) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if ($board->isWriter() && $board->permission_write == 'all' && $_POST['title']) { if (!$user_ID && !$_POST['password']) { die('<script>alert("' . __('Please enter your password.', 'kboard') . '");history.go(-1);";</script>'); } } $content = new KBContent(); $content->initWithUID($uid); $content->setBoardID($board_id); if (!$uid && !$board->isWriter()) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } else { if ($uid && !$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $execute_uid = $content->execute(); // 비밀번호가 입력되면 즉시 인증과정을 거친다. if ($content->password) { $board->isConfirm($content->password, $execute_uid); } $url = new KBUrl(); $next_page_url = $url->set('uid', $execute_uid)->set('mod', 'document')->toString(); $next_page_url = apply_filters('kboard_after_executing_url', $next_page_url, $execute_uid, $board_id); wp_redirect($next_page_url); } else { wp_redirect(site_url()); } exit; }
if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (!strstr($referer, basename(__FILE__))) { $_SESSION['redirect_uri'] = $referer; } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { $url = new KBUrl(); $skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}"; include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php"; exit; } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } if ($file == 'thumbnail') { $content->removeThumbnail(); } else { $content->removeAttached($file);
/** * 첨부파일 삭제 */ public function fileDelete() { header('Content-Type: text/html; charset=UTF-8'); $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : ''); } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = intval($_GET['uid']); if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = esc_sql($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { $url = new KBUrl(); $skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}"; include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php"; exit; } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } if ($file == 'thumbnail') { $content->removeThumbnail(); } else { $content->removeAttached($file); } header("Location:{$referer}"); exit; }