/**
* Fix the comment
* @param object $obj
* @param bool $is_admin
* @param bool $manual_updated
* @return object
*/
function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
$obj->__isupdate = TRUE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel = getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
}
/**
* @brief fix the comment
**/
function updateComment($obj, $is_admin = false)
{
$obj->__isupdate = true;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel =& getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = md5($obj->password);
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
//remove from cache
$oCacheHandler =& CacheHandler::getInstance('object');
if ($oCacheHandler->isSupport()) {
$oCacheHandler->invalidateGroupKey('commentList');
}
return $output;
}
/**
* Send a message (DB controll)
* @param int $sender_srl member_srl of sender
* @param int $receiver_srl member_srl of receiver_srl
* @param string $title
* @param string $content
* @param boolean $sender_log (default true)
* @return Object
**/
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true)
{
$content = removeHackTag($content);
$title = htmlspecialchars($title);
// messages to save in the sendor's message box
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->related_srl = getNextSequence();
$sender_args->message_srl = getNextSequence();
$sender_args->list_order = getNextSequence() * -1;
// messages to save in the receiver's message box
$receiver_args->message_srl = $sender_args->related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $sender_args->related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
$oDB =& DB::getInstance();
$oDB->begin();
// messages to save in the sendor's message box
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// messages to save in the receiver's message box
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// create a flag that message is sent (in file format)
$flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl);
FileHandler::makeDir($flag_path);
$flag_file = sprintf('%s%s', $flag_path, $receiver_srl);
$flag_count = FileHandler::readFile($flag_file);
FileHandler::writeFile($flag_file, ++$flag_count);
$oDB->commit();
return new Object(0, 'success_sended');
}
/**
* Import member information
* @param int $key
* @param int $cur
* @param string $index_file
* @return int
*/
function importMember($key, $cur, $index_file)
{
if (!$cur) {
$cur = 0;
}
// Create the xmlParser object
$oXmlParser = new XmlParser();
// Create objects for importing member information
$this->oMemberController = getController('member');
$this->oMemberModel = getModel('member');
// Get a default member group
$default_group = $this->oMemberModel->getDefaultGroup();
$default_group_srl = $default_group->group_srl;
// Get information of the Webmaster
$oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
// Open an index file
$f = fopen($index_file, "r");
// Pass if already read
for ($i = 0; $i < $cur; $i++) {
fgets($f, 1024);
}
// Read by each line until the condition meets
for ($idx = $cur; $idx < $cur + $this->unit_count; $idx++) {
if (feof($f)) {
break;
}
// Find a given location
$target_file = trim(fgets($f, 1024));
// Load and parse the file
$xmlObj = $oXmlParser->loadXmlFile($target_file);
FileHandler::removeFile($target_file);
if (!$xmlObj) {
continue;
}
// List Objects
$obj = null;
$obj->user_id = base64_decode($xmlObj->member->user_id->body);
$obj->password = base64_decode($xmlObj->member->password->body);
$obj->user_name = base64_decode($xmlObj->member->user_name->body);
$obj->nick_name = base64_decode($xmlObj->member->nick_name->body);
if (!$obj->user_name) {
$obj->user_name = $obj->nick_name;
}
$obj->email = base64_decode($xmlObj->member->email->body);
$obj->homepage = base64_decode($xmlObj->member->homepage->body);
$obj->blog = base64_decode($xmlObj->member->blog->body);
$obj->birthday = substr(base64_decode($xmlObj->member->birthday->body), 0, 8);
$obj->allow_mailing = base64_decode($xmlObj->member->allow_mailing->body);
$obj->point = base64_decode($xmlObj->member->point->body);
$obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body);
$obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body);
$obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body);
$obj->signature = base64_decode($xmlObj->member->signature->body);
$obj->regdate = base64_decode($xmlObj->member->regdate->body);
$obj->last_login = base64_decode($xmlObj->member->last_login->body);
if ($xmlObj->member->extra_vars) {
foreach ($xmlObj->member->extra_vars as $key => $val) {
if (in_array($key, array('node_name', 'attrs', 'body'))) {
continue;
}
$obj->extra_vars->{$key} = base64_decode($val->body);
}
}
// Create url for homepage and blog
if ($obj->homepage && strncasecmp('http://', $obj->homepage, 7) !== 0 && strncasecmp('https://', $obj->homepage, 8) !== 0) {
$obj->homepage = 'http://' . $obj->homepage;
}
// email address column
$obj->email_address = $obj->email;
list($obj->email_id, $obj->email_host) = explode('@', $obj->email);
// Set the mailing option
if ($obj->allow_mailing != 'Y') {
$obj->allow_mailing = 'N';
}
// Set the message option
$obj->allow_message = 'Y';
if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) {
$obj->allow_message = 'Y';
}
// Get member-join date if the last login time is not found
if (!$obj->last_login) {
$obj->last_login = $obj->regdate;
}
// Get a member_srl
$obj->member_srl = getNextSequence();
$obj->list_order = -1 * $obj->member_srl;
// List extra vars
$extra_vars = $obj->extra_vars;
unset($obj->extra_vars);
$obj->extra_vars = serialize($extra_vars);
// Check if the same nickname is existing
$nick_args = new stdClass();
$nick_args->nick_name = $obj->nick_name;
$nick_output = executeQuery('member.getMemberSrl', $nick_args);
if (!$nick_output->toBool()) {
$obj->nick_name .= '_' . $obj->member_srl;
}
// Add a member
$output = executeQuery('member.insertMember', $obj);
if ($output->toBool() && !$obj->password) {
// Send a mail telling the user to reset his password.
$oMail = new Mail();
$oMail->setTitle("Password update for your " . getFullSiteUrl() . " account");
$webmaster_name = $member_config->webmaster_name ? $member_config->webmaster_name : 'Webmaster';
$oMail->setContent("Dear {$obj->user_name}, <br /><br />\n\t\t\t\t\t\tWe recently migrated our phpBB forum to XpressEngine. Since you password was encrypted we could not migrate it too, so please reset it by following this link:\n\t\t\t\t\t\t<a href='" . getFullSiteUrl() . "/?act=dispMemberFindAccount' >" . getFullSiteUrl() . "?act=dispMemberFindAccount</a>. You need to enter you email address and hit the 'Find account' button. You will then receive an email with a new, generated password that you can change after login. <br /><br />\n\n\t\t\t\t\t\tThank you for your understanding,<br />\n\t\t\t\t\t\t{$webmaster_name}");
$oMail->setSender($webmaster_name, $member_config->webmaster_email);
$oMail->setReceiptor($obj->user_name, $obj->email);
$oMail->send();
}
// add group join/image name-mark-signiture and so on if a new member successfully added
if ($output->toBool()) {
// Join to the default group
$obj->group_srl = $default_group_srl;
executeQuery('member.addMemberToGroup', $obj);
// Image name
if ($obj->image_nickname) {
$target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_nickname);
}
// Image mark
if ($obj->image_mark && file_exists($obj->image_mark)) {
$target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_mark);
}
// Profile image
if ($obj->profile_image) {
$target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->profile_image);
}
// Signiture
if ($obj->signature) {
$signature = removeHackTag($obj->signature);
$signature_buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature);
$target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl));
if (!is_dir($target_path)) {
FileHandler::makeDir($target_path);
}
$target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $signature_buff);
}
}
}
fclose($f);
return $idx - 1;
}
/**
* @brief 회원 정보 입력
**/
function importMember($key, $cur, $index_file)
{
if (!$cur) {
$cur = 0;
}
// xmlParser객체 생성
$oXmlParser = new XmlParser();
// 회원 입력을 위한 기본 객체들 생성
$this->oMemberController =& getController('member');
$this->oMemberModel =& getModel('member');
// 기본 회원 그룹을 구함
$default_group = $this->oMemberModel->getDefaultGroup();
$default_group_srl = $default_group->group_srl;
// index파일을 염
$f = fopen($index_file, "r");
// 이미 읽혀진 것은 패스
for ($i = 0; $i < $cur; $i++) {
fgets($f, 1024);
}
// 라인단위로 읽어들이면서 $cur보다 커지고 $cur+$this->unit_count개보다 작으면 중지
for ($idx = $cur; $idx < $cur + $this->unit_count; $idx++) {
if (feof($f)) {
break;
}
// 정해진 위치를 찾음
$target_file = trim(fgets($f, 1024));
// 대상 파일을 읽여서 파싱후 입력
$xmlObj = $oXmlParser->loadXmlFile($target_file);
FileHandler::removeFile($target_file);
if (!$xmlObj) {
continue;
}
// 객체 정리
$obj = null;
$obj->user_id = base64_decode($xmlObj->member->user_id->body);
$obj->password = base64_decode($xmlObj->member->password->body);
$obj->user_name = base64_decode($xmlObj->member->user_name->body);
$obj->nick_name = base64_decode($xmlObj->member->nick_name->body);
if (!$obj->user_name) {
$obj->user_name = $obj->nick_name;
}
$obj->email = base64_decode($xmlObj->member->email->body);
$obj->homepage = base64_decode($xmlObj->member->homepage->body);
$obj->blog = base64_decode($xmlObj->member->blog->body);
$obj->birthday = substr(base64_decode($xmlObj->member->birthday->body), 0, 8);
$obj->allow_mailing = base64_decode($xmlObj->member->allow_mailing->body);
$obj->point = base64_decode($xmlObj->member->point->body);
$obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body);
$obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body);
$obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body);
$obj->signature = base64_decode($xmlObj->member->signature->body);
$obj->regdate = base64_decode($xmlObj->member->regdate->body);
$obj->last_login = base64_decode($xmlObj->member->last_login->body);
if ($xmlObj->member->extra_vars) {
foreach ($xmlObj->member->extra_vars as $key => $val) {
if (in_array($key, array('node_name', 'attrs', 'body'))) {
continue;
}
$obj->extra_vars->{$key} = base64_decode($val->body);
}
}
// homepage, blog의 url을 정확히 만듬
if ($obj->homepage && !preg_match("/^http:\\/\\//i", $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
if ($obj->blog && !preg_match("/^http:\\/\\//i", $obj->blog)) {
$obj->blog = 'http://' . $obj->blog;
}
// email address 필드 정리
$obj->email_address = $obj->email;
list($obj->email_id, $obj->email_host) = explode('@', $obj->email);
// 메일링 허용 체크
if ($obj->allow_mailing != 'Y') {
$obj->allow_mailing = 'N';
}
// 쪽지 수신 체크
$obj->allow_message = 'Y';
if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) {
$obj->allow_message = 'Y';
}
// 최종 로그인 시간이 없으면 가입일을 입력
if (!$obj->last_login) {
$obj->last_login = $obj->regdate;
}
// 회원 번호를 구함
$obj->member_srl = getNextSequence();
// 확장변수의 정리
$extra_vars = $obj->extra_vars;
unset($obj->extra_vars);
$obj->extra_vars = serialize($extra_vars);
// 중복되는 nick_name 데이터가 있는지 체크
$nick_args = null;
$nick_args->nick_name = $obj->nick_name;
$nick_output = executeQuery('member.getMemberSrl', $nick_args);
if (!$nick_output->toBool()) {
$obj->nick_name .= '_' . $obj->member_srl;
}
// 회원 추가
$output = executeQuery('member.insertMember', $obj);
// 입력 성공시 그룹 가입/ 이미지이름-마크-서명등을 추가
if ($output->toBool()) {
// 기본 그룹 가입 시킴
$obj->group_srl = $default_group_srl;
executeQuery('member.addMemberToGroup', $obj);
// 이미지네임
if ($obj->image_nickname) {
$target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_nickname);
}
// 이미지마크
if ($obj->image_mark && file_exists($obj->image_mark)) {
$target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_mark);
}
// 프로필 이미지
if ($obj->profile_image) {
$target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->profile_image);
}
// 서명
if ($obj->signature) {
$signature = removeHackTag($obj->signature);
$signature_buff = sprintf('<?php if(!defined("__ZBXE__")) exit();?>%s', $signature);
$target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl));
if (!is_dir($target_path)) {
FileHandler::makeDir($target_path);
}
$target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $signature_buff);
}
}
}
fclose($f);
return $idx - 1;
}
/**
* @brief 문서 수정
**/
function updateDocument($source_obj, $obj)
{
// trigger 호출 (before)
$output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
$oModuleModel =& getModel('module');
$module_srl = $obj->module_srl;
$document_config = $oModuleModel->getModulePartConfig('document', $module_srl);
if (!isset($document_config->use_history)) {
$document_config->use_history = 'N';
}
$bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace';
if ($bUseHistory) {
$args->history_srl = getNextSequence();
$args->document_srl = $obj->document_srl;
$args->module_srl = $module_srl;
if ($document_config->use_history == 'Y') {
$args->content = $source_obj->get('content');
}
$args->nick_name = $source_obj->get('nick_name');
$args->member_srl = $source_obj->get('member_srl');
$args->regdate = $source_obj->get('last_update');
$args->ipaddress = $source_obj->get('ipaddress');
$output = executeQuery("document.insertHistory", $args);
}
// 기본 변수들 정리
if ($obj->is_secret != 'Y') {
$obj->is_secret = 'N';
}
if ($obj->allow_comment != 'Y') {
$obj->allow_comment = 'N';
}
if ($obj->lock_comment != 'Y') {
$obj->lock_comment = 'N';
}
if ($obj->allow_trackback != 'Y') {
$obj->allow_trackback = 'N';
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
if ($obj->notify_message != 'Y') {
$obj->notify_message = 'N';
}
// $extra_vars를 serialize
$obj->extra_vars = serialize($obj->extra_vars);
// 자동저장용 필드 제거
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
unset($obj->_saved_doc_content);
unset($obj->_saved_doc_message);
$oDocumentModel =& getModel('document');
// 카테고리가 변경되었으면 검사후 없는 카테고리면 0으로 세팅
if ($source_obj->get('category_srl') != $obj->category_srl) {
$category_list = $oDocumentModel->getCategoryList($obj->module_srl);
if (!$category_list[$obj->category_srl]) {
$obj->category_srl = 0;
}
}
// 수정 순서를 조절
$obj->update_order = getNextSequence() * -1;
// 비밀번호가 있으면 md5 hash
if ($obj->password) {
$obj->password = md5($obj->password);
}
// 원본 작성인과 수정하려는 수정인이 동일할 시에 또는 History를 사용하면 로그인된 사용자 정보를 입력
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->get('member_srl') == $logged_info->member_srl || $bUseHistory) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// 로그인한 유저가 작성한 글인데 nick_name이 없을 경우
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// 제목이 없으면 내용에서 추출
settype($obj->title, "string");
if ($obj->title == '') {
$obj->title = cut_str(strip_tags($obj->content), 20, '...');
}
//그래도 없으면 Untitled
if ($obj->title == '') {
$obj->title = 'Untitled';
}
// 내용에서 XE만의 태그를 삭제
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// 글쓴이의 언어변수와 원문의 언어변수가 다르면 확장변수로 처리
if ($source_obj->get('lang_code') != Context::getLangType()) {
// 원문의 언어변수가 없을경우 확장변수가 아닌 원문의 언어변수를 변경
if (!$source_obj->get('lang_code')) {
$lang_code_args->document_srl = $source_obj->get('document_srl');
$lang_code_args->lang_code = Context::getLangType();
$output = executeQuery('document.updateDocumentsLangCode', $lang_code_args);
} else {
$extra_content->title = $obj->title;
$extra_content->content = $obj->content;
$document_args->document_srl = $source_obj->get('document_srl');
$document_output = executeQuery('document.getDocument', $document_args);
$obj->title = $document_output->data->title;
$obj->content = $document_output->data->content;
}
}
// 세션에서 최고 관리자가 아니면 iframe, script 제거
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// DB에 입력
$output = executeQuery('document.updateDocument', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// 모든 확장 변수 삭제
$this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType());
// 등록 성공시 확장 변수 등록
$extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl);
if (count($extra_keys)) {
foreach ($extra_keys as $idx => $extra_item) {
$value = '';
if (isset($obj->{'extra_vars' . $idx})) {
$value = trim($obj->{'extra_vars' . $idx});
} elseif (isset($obj->{$extra_item->name})) {
$value = trim($obj->{$extra_item->name});
}
if (!isset($value)) {
continue;
}
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid);
}
}
// 제목/내용의 다국어 확장변수 등록
if ($extra_content->title) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType());
}
if ($extra_content->content) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType());
}
// 성공하였을 경우 category_srl이 있으면 카테고리 update
if ($source_obj->get('category_srl') != $obj->category_srl) {
if ($source_obj->get('category_srl')) {
$this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl'));
}
if ($obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $obj->category_srl);
}
}
// trigger 호출 (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('document.updateDocument', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
// 썸네일 파일 제거
FileHandler::removeDir(sprintf('files/cache/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
$output->add('document_srl', $obj->document_srl);
return $output;
}
/**
* @brief 댓글 수정
**/
function updateComment($obj, $is_admin = false)
{
$obj->__isupdate = true;
// trigger 호출 (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// comment model 객체 생성
$oCommentModel =& getModel('comment');
// 원본 데이터를 가져옴
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// 권한이 있는지 확인
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = md5($obj->password);
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
// 로그인 되어 있고 작성자와 수정자가 동일하면 수정자의 정보를 세팅
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// 로그인한 유저가 작성한 글인데 nick_name이 없을 경우
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// 내용에서 XE만의 태그를 삭제
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// 세션에서 최고 관리자가 아니면 iframe, script 제거
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
// 업데이트
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// trigger 호출 (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
}
/**
* Send a message (DB control)
* @param int $sender_srl member_srl of sender
* @param int $receiver_srl member_srl of receiver_srl
* @param string $title
* @param string $content
* @param boolean $sender_log (default true)
* @return Object
*/
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = TRUE)
{
// Encode the title and content.
$title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$content = removeHackTag($content);
$title = utf8_mbencode($title);
$content = utf8_mbencode($content);
$message_srl = getNextSequence();
$related_srl = getNextSequence();
// messages to save in the sendor's message box
$sender_args = new stdClass();
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->message_srl = $message_srl;
$sender_args->related_srl = $related_srl;
$sender_args->list_order = $sender_args->message_srl * -1;
// messages to save in the receiver's message box
$receiver_args = new stdClass();
$receiver_args->message_srl = $related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->sender_srl = $sender_srl;
$trigger_obj->receiver_srl = $receiver_srl;
$trigger_obj->message_srl = $message_srl;
$trigger_obj->related_srl = $related_srl;
$trigger_obj->title = $title;
$trigger_obj->content = $content;
$trigger_obj->sender_log = $sender_log;
$trigger_output = ModuleHandler::triggerCall('communication.sendMessage', 'before', $trigger_obj);
if (!$trigger_output->toBool()) {
return $trigger_output;
}
$oDB = DB::getInstance();
$oDB->begin();
// messages to save in the sendor's message box
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// messages to save in the receiver's message box
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// Call a trigger (after)
ModuleHandler::triggerCall('communication.sendMessage', 'after', $trigger_obj);
$oDB->commit();
// create a flag that message is sent (in file format)
$this->updateFlagFile($receiver_srl);
return new Object(0, 'success_sended');
}
function setContent($content)
{
$this->add('content', removeHackTag($content));
}
/**
* @dataProvider xssProvider
*/
public function testXSS($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}
/**
* Returns a value for HTML
*
* @return string Returns filtered value
*/
function getValue()
{
return removeHackTag($this->value);
}
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true)
{
$content = removeHackTag($content);
// 보내는 사용자의 쪽지함에 넣을 쪽지
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->related_srl = getNextSequence();
$sender_args->message_srl = getNextSequence();
$sender_args->list_order = getNextSequence() * -1;
// 받는 회원의 쪽지함에 넣을 쪽지
$receiver_args->message_srl = $sender_args->related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $sender_args->related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
$oDB =& DB::getInstance();
$oDB->begin();
// 발송하는 회원의 쪽지함에 넣을 쪽지
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// 받을 회원의 쪽지함에 넣을 쪽지
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// 받는 회원의 쪽지 발송 플래그 생성 (파일로 생성)
$flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl);
FileHandler::makeDir($flag_path);
$flag_file = sprintf('%s%s', $flag_path, $receiver_srl);
$flag_count = FileHandler::readFile($flag_file);
FileHandler::writeFile($flag_file, ++$flag_count);
$oDB->commit();
return new Object(0, 'success_sended');
}
function _removeSpecialTag($content)
{
return removeHackTag($content);
}
/**
* Add an attachement
*
* <pre>
* This method call trigger 'file.insertFile'.
*
* Before trigger object contains:
* - module_srl
* - upload_target_srl
*
* After trigger object contains:
* - file_srl
* - upload_target_srl
* - module_srl
* - direct_download
* - source_filename
* - uploaded_filename
* - donwload_count
* - file_size
* - comment
* - member_srl
* - sid
* </pre>
*
* @param object $file_info PHP file information array
* @param int $module_srl Sequence of module to upload file
* @param int $upload_target_srl Sequence of target to upload file
* @param int $download_count Initial download count
* @param bool $manual_insert If set true, pass validation check
* @return Object
*/
function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
{
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->module_srl = $module_srl;
$trigger_obj->upload_target_srl = $upload_target_srl;
$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
if (!$output->toBool()) {
return $output;
}
// A workaround for Firefox upload bug
if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) {
$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
}
if (!$manual_insert) {
// Get the file configurations
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
$oFileModel = getModel('file');
$config = $oFileModel->getFileConfig($module_srl);
// check file type
if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') {
$filetypes = explode(';', $config->allowed_filetypes);
$ext = array();
foreach ($filetypes as $item) {
$item = explode('.', $item);
$ext[] = strtolower($item[1]);
}
$uploaded_ext = explode('.', $file_info['name']);
$uploaded_ext = strtolower(array_pop($uploaded_ext));
if (!in_array($uploaded_ext, $ext)) {
return $this->stop('msg_not_allowed_filetype');
}
}
$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
// An error appears if file size exceeds a limit
if ($allowed_filesize < filesize($file_info['tmp_name'])) {
return new Object(-1, 'msg_exceeds_limit_size');
}
// Get total file size of all attachements (from DB)
$size_args = new stdClass();
$size_args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getAttachedFileSize', $size_args);
$attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
if ($attached_size > $allowed_attach_size) {
return new Object(-1, 'msg_exceeds_limit_size');
}
}
}
// https://github.com/xpressengine/xe-core/issues/1713
$file_info['name'] = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']);
$file_info['name'] = removeHackTag($file_info['name']);
$file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']);
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file
if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) {
$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
// special character to '_'
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'], '.'), 1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext;
$filename = $path . $_filename;
$idx = 1;
while (file_exists($filename)) {
$filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
$idx++;
}
$direct_download = 'Y';
} else {
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
$filename = $path . $random->createSecureSalt(32, 'hex');
$direct_download = 'N';
}
// Create a directory
if (!FileHandler::makeDir($path)) {
return new Object(-1, 'msg_not_permitted_create');
}
// Check uploaded file
if (!checkUploadedFile($file_info['tmp_name'])) {
return new Object(-1, 'msg_file_upload_error');
}
// Get random number generator
$random = new Password();
// Move the file
if ($manual_insert) {
@copy($file_info['tmp_name'], $filename);
if (!file_exists($filename)) {
$filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext;
@copy($file_info['tmp_name'], $filename);
}
} else {
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
$filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext;
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
return new Object(-1, 'msg_file_upload_error');
}
}
}
// Get member information
$oMemberModel = getModel('member');
$member_srl = $oMemberModel->getLoggedMemberSrl();
// List file information
$args = new stdClass();
$args->file_srl = getNextSequence();
$args->upload_target_srl = $upload_target_srl;
$args->module_srl = $module_srl;
$args->direct_download = $direct_download;
$args->source_filename = $file_info['name'];
$args->uploaded_filename = $filename;
$args->download_count = $download_count;
$args->file_size = @filesize($filename);
$args->comment = NULL;
$args->member_srl = $member_srl;
$args->sid = $random->createSecureSalt(32, 'hex');
$output = executeQuery('file.insertFile', $args);
if (!$output->toBool()) {
return $output;
}
// Call a trigger (after)
$trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
if (!$trigger_output->toBool()) {
return $trigger_output;
}
$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
$output->add('file_srl', $args->file_srl);
$output->add('file_size', $args->file_size);
$output->add('sid', $args->sid);
$output->add('direct_download', $args->direct_download);
$output->add('source_filename', $args->source_filename);
$output->add('upload_target_srl', $upload_target_srl);
$output->add('uploaded_filename', $args->uploaded_filename);
return $output;
}
/**
* Update the document
* @param object $source_obj
* @param object $obj
* @param bool $manual_updated
* @return object
*/
function updateDocument($source_obj, $obj, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!$source_obj->document_srl || !$obj->document_srl) {
return new Object(-1, 'msg_invalied_request');
}
if (!$obj->status && $obj->is_secret == 'Y') {
$obj->status = 'SECRET';
}
if (!$obj->status) {
$obj->status = 'PUBLIC';
}
// Call a trigger (before)
$output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
$oModuleModel = getModel('module');
if (!$obj->module_srl) {
$obj->module_srl = $source_obj->get('module_srl');
}
$module_srl = $obj->module_srl;
$module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
$document_config = $oModuleModel->getModulePartConfig('document', $module_srl);
if (!$document_config) {
$document_config = new stdClass();
}
if (!isset($document_config->use_history)) {
$document_config->use_history = 'N';
}
$bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace';
if ($bUseHistory) {
$args = new stdClass();
$args->history_srl = getNextSequence();
$args->document_srl = $obj->document_srl;
$args->module_srl = $module_srl;
if ($document_config->use_history == 'Y') {
$args->content = $source_obj->get('content');
}
$args->nick_name = $source_obj->get('nick_name');
$args->member_srl = $source_obj->get('member_srl');
$args->regdate = $source_obj->get('last_update');
$args->ipaddress = $source_obj->get('ipaddress');
$output = executeQuery("document.insertHistory", $args);
} else {
$obj->ipaddress = $source_obj->get('ipaddress');
}
// List variables
if ($obj->comment_status) {
$obj->commentStatus = $obj->comment_status;
}
if (!$obj->commentStatus) {
$obj->commentStatus = 'DENY';
}
if ($obj->commentStatus == 'DENY') {
$this->_checkCommentStatusForOldVersion($obj);
}
if ($obj->allow_trackback != 'Y') {
$obj->allow_trackback = 'N';
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
if ($obj->notify_message != 'Y') {
$obj->notify_message = 'N';
}
// can modify regdate only manager
$grant = Context::get('grant');
if (!$grant->manager) {
unset($obj->regdate);
}
// Serialize the $extra_vars
if (!is_string($obj->extra_vars)) {
$obj->extra_vars = serialize($obj->extra_vars);
}
// Remove the columns for automatic saving
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
unset($obj->_saved_doc_content);
unset($obj->_saved_doc_message);
$oDocumentModel = getModel('document');
// Set the category_srl to 0 if the changed category is not exsiting.
if ($source_obj->get('category_srl') != $obj->category_srl) {
$category_list = $oDocumentModel->getCategoryList($obj->module_srl);
if (!$category_list[$obj->category_srl]) {
$obj->category_srl = 0;
}
}
// Change the update order
$obj->update_order = getNextSequence() * -1;
// Hash the password if it exists
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
// If an author is identical to the modifier or history is used, use the logged-in user's information.
$logged_info = Context::get('logged_info');
if (Context::get('is_logged') && !$manual_updated && $module_info->use_anonymous != 'Y') {
if ($source_obj->get('member_srl') == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// For the document written by logged-in user however no nick_name exists
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// If the tile is empty, extract string from the contents.
$obj->title = htmlspecialchars($obj->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
settype($obj->title, "string");
if ($obj->title == '') {
$obj->title = cut_str(strip_tags($obj->content), 20, '...');
}
// If no tile extracted from the contents, leave it untitled.
if ($obj->title == '') {
$obj->title = 'Untitled';
}
// Remove XE's own tags from the contents.
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// if use editor of nohtml, Remove HTML tags from the contents.
if (!$manual_updated) {
if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
} else {
$oEditorModel = getModel('editor');
$editor_config = $oEditorModel->getEditorConfig($obj->module_srl);
if (strpos($editor_config->sel_editor_colorset, 'nohtml') !== FALSE) {
$obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content);
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content);
}
}
}
// Change not extra vars but language code of the original document if document's lang_code is different from author's setting.
if ($source_obj->get('lang_code') != Context::getLangType()) {
// Change not extra vars but language code of the original document if document's lang_code doesn't exist.
if (!$source_obj->get('lang_code')) {
$lang_code_args = new stdClass();
$lang_code_args->document_srl = $source_obj->get('document_srl');
$lang_code_args->lang_code = Context::getLangType();
$output = executeQuery('document.updateDocumentsLangCode', $lang_code_args);
} else {
$extra_content = new stdClass();
$extra_content->title = $obj->title;
$extra_content->content = $obj->content;
$document_args = new stdClass();
$document_args->document_srl = $source_obj->get('document_srl');
$document_output = executeQuery('document.getDocument', $document_args);
$obj->title = $document_output->data->title;
$obj->content = $document_output->data->content;
}
}
// Remove iframe and script if not a top adminisrator in the session.
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// if temporary document, regdate is now setting
if ($source_obj->get('status') == $this->getConfigStatus('temp')) {
$obj->regdate = date('YmdHis');
}
// Fix encoding of non-BMP UTF-8 characters.
$obj->title = utf8_mbencode($obj->title);
$obj->content = utf8_mbencode($obj->content);
// Insert data into the DB
$output = executeQuery('document.updateDocument', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// Remove all extra variables
$extra_vars = array();
if (Context::get('act') != 'procFileDelete') {
$this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType());
// Insert extra variables if the document successfully inserted.
$extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl);
if (count($extra_keys)) {
foreach ($extra_keys as $idx => $extra_item) {
$value = NULL;
if (isset($obj->{'extra_vars' . $idx})) {
$tmp = $obj->{'extra_vars' . $idx};
if (is_array($tmp)) {
$value = implode('|@|', $tmp);
} else {
$value = trim($tmp);
}
} else {
if (isset($obj->{$extra_item->name})) {
$value = trim($obj->{$extra_item->name});
}
}
if ($value == NULL) {
continue;
}
$extra_vars[$extra_item->name] = $value;
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid);
}
}
// Inert extra vars for multi-language support of title and contents.
if ($extra_content->title) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType());
}
if ($extra_content->content) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType());
}
}
// Update the category if the category_srl exists.
if ($source_obj->get('category_srl') != $obj->category_srl || $source_obj->get('module_srl') == $logged_info->member_srl) {
if ($source_obj->get('category_srl') != $obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl'));
}
if ($obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $obj->category_srl);
}
}
// Call a trigger (after)
if ($obj->update_log_setting === 'Y') {
$obj->extra_vars = serialize($extra_vars);
if ($this->grant->manager) {
$obj->is_admin = 'Y';
}
$update_output = $this->insertDocumentUpdateLog($obj, $source_obj);
if (!$update_output->toBool()) {
$oDB->rollback();
return $update_output;
}
}
ModuleHandler::triggerCall('document.updateDocument', 'after', $obj);
// commit
$oDB->commit();
// Remove the thumbnail file
FileHandler::removeDir(sprintf('files/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
$output->add('document_srl', $obj->document_srl);
//remove from cache
Rhymix\Framework\Cache::delete('document_item:' . getNumberingPath($obj->document_srl) . $obj->document_srl);
return $output;
}
/**
* Update the document
* @param object $source_obj
* @param object $obj
* @return object
*/
function updateDocument($source_obj, $obj)
{
if (!$source_obj->document_srl || !$obj->document_srl) {
return new Object(-1, 'msg_invalied_request');
}
if (!$obj->status && $obj->is_secret == 'Y') {
$obj->status = 'SECRET';
}
if (!$obj->status) {
$obj->status = 'PUBLIC';
}
// Call a trigger (before)
$output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
$oModuleModel =& getModel('module');
if (!$obj->module_srl) {
$obj->module_srl = $source_obj->get('module_srl');
}
$module_srl = $obj->module_srl;
$document_config = $oModuleModel->getModulePartConfig('document', $module_srl);
if (!isset($document_config->use_history)) {
$document_config->use_history = 'N';
}
$bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace';
if ($bUseHistory) {
$args->history_srl = getNextSequence();
$args->document_srl = $obj->document_srl;
$args->module_srl = $module_srl;
if ($document_config->use_history == 'Y') {
$args->content = $source_obj->get('content');
}
$args->nick_name = $source_obj->get('nick_name');
$args->member_srl = $source_obj->get('member_srl');
$args->regdate = $source_obj->get('last_update');
$args->ipaddress = $source_obj->get('ipaddress');
$output = executeQuery("document.insertHistory", $args);
} else {
$obj->ipaddress = $source_obj->get('ipaddress');
}
// List variables
if ($obj->comment_status) {
$obj->commentStatus = $obj->comment_status;
}
if (!$obj->commentStatus) {
$obj->commentStatus = 'DENY';
}
if ($obj->commentStatus == 'DENY') {
$this->_checkCommentStatusForOldVersion($obj);
}
if ($obj->allow_trackback != 'Y') {
$obj->allow_trackback = 'N';
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
if ($obj->notify_message != 'Y') {
$obj->notify_message = 'N';
}
// Serialize the $extra_vars
$obj->extra_vars = serialize($obj->extra_vars);
// Remove the columns for automatic saving
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
unset($obj->_saved_doc_content);
unset($obj->_saved_doc_message);
$oDocumentModel =& getModel('document');
// Set the category_srl to 0 if the changed category is not exsiting.
if ($source_obj->get('category_srl') != $obj->category_srl) {
$category_list = $oDocumentModel->getCategoryList($obj->module_srl);
if (!$category_list[$obj->category_srl]) {
$obj->category_srl = 0;
}
}
// Change the update order
$obj->update_order = getNextSequence() * -1;
// Hash by md5 if the password exists
if ($obj->password) {
$obj->password = md5($obj->password);
}
// If an author is identical to the modifier or history is used, use the logged-in user's information.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->get('member_srl') == $logged_info->member_srl || $bUseHistory) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// For the document written by logged-in user however no nick_name exists
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// If the tile is empty, extract string from the contents.
settype($obj->title, "string");
if ($obj->title == '') {
$obj->title = cut_str(strip_tags($obj->content), 20, '...');
}
// If no tile extracted from the contents, leave it untitled.
if ($obj->title == '') {
$obj->title = 'Untitled';
}
// Remove XE's own tags from the contents.
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// Change not extra vars but language code of the original document if document's lang_code is different from author's setting.
if ($source_obj->get('lang_code') != Context::getLangType()) {
// Change not extra vars but language code of the original document if document's lang_code doesn't exist.
if (!$source_obj->get('lang_code')) {
$lang_code_args->document_srl = $source_obj->get('document_srl');
$lang_code_args->lang_code = Context::getLangType();
$output = executeQuery('document.updateDocumentsLangCode', $lang_code_args);
} else {
$extra_content->title = $obj->title;
$extra_content->content = $obj->content;
$document_args->document_srl = $source_obj->get('document_srl');
$document_output = executeQuery('document.getDocument', $document_args);
$obj->title = $document_output->data->title;
$obj->content = $document_output->data->content;
}
}
// Remove iframe and script if not a top adminisrator in the session.
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// if temporary document, regdate is now setting
if ($source_obj->get('status') == $this->getConfigStatus('temp')) {
$obj->regdate = date('YmdHis');
}
// Insert data into the DB
$output = executeQuery('document.updateDocument', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// Remove all extra variables
$this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType());
// Insert extra variables if the document successfully inserted.
$extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl);
if (count($extra_keys)) {
foreach ($extra_keys as $idx => $extra_item) {
$value = '';
if (isset($obj->{'extra_vars' . $idx})) {
$tmp = $obj->{'extra_vars' . $idx};
if (is_array($tmp)) {
$value = implode('|@|', $tmp);
} else {
$value = trim($tmp);
}
} elseif (isset($obj->{$extra_item->name})) {
$value = trim($obj->{$extra_item->name});
}
if (!isset($value)) {
continue;
}
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid);
}
}
// Inert extra vars for multi-language support of title and contents.
if ($extra_content->title) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType());
}
if ($extra_content->content) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType());
}
// Update the category if the category_srl exists.
if ($source_obj->get('category_srl') != $obj->category_srl || $source_obj->get('module_srl') == $logged_info->member_srl) {
if ($source_obj->get('category_srl') != $obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl'));
}
if ($obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $obj->category_srl);
}
}
// Call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('document.updateDocument', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
// Remove the thumbnail file
FileHandler::removeDir(sprintf('files/cache/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
$output->add('document_srl', $obj->document_srl);
//remove from cache
$oCacheHandler =& CacheHandler::getInstance('object');
if ($oCacheHandler->isSupport()) {
$cache_key = 'object:' . $obj->document_srl;
$oCacheHandler->delete($cache_key);
$oCacheHandler->invalidateGroupKey('documentList');
//remove document item from cache
$cache_key = 'object_document_item:' . $obj->document_srl;
$oCacheHandler->delete($cache_key);
}
return $output;
}
/**
* Save the signature as a file
*
* @param int $member_srl
* @param string $signature
*
* @return void
*/
function putSignature($member_srl, $signature)
{
$signature = trim(removeHackTag($signature));
$signature = preg_replace('/<(\\/?)(embed|object|param)/is', '<$1$2', $signature);
$check_signature = trim(str_replace(array(' ', "\n", "\r"), '', strip_tags($signature, '<img><object>')));
$path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));
$filename = sprintf('%s%d.signature.php', $path, $member_srl);
if (!$check_signature) {
return FileHandler::removeFile($filename);
}
$buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature);
FileHandler::makeDir($path);
FileHandler::writeFile($filename, $buff);
}
/**
* @brief Get user's signature
*/
function getSignature($member_srl)
{
if (!isset($GLOBALS['__member_info__']['signature'][$member_srl])) {
$filename = sprintf('files/member_extra_info/signature/%s%d.signature.php', getNumberingPath($member_srl), $member_srl);
if (file_exists($filename)) {
$buff = FileHandler::readFile($filename);
$signature = preg_replace('/<\\?.*\\?>/', '', $buff);
$GLOBALS['__member_info__']['signature'][$member_srl] = removeHackTag($signature);
} else {
$GLOBALS['__member_info__']['signature'][$member_srl] = null;
}
}
return $GLOBALS['__member_info__']['signature'][$member_srl];
}
