public function __construct()
{
$mod = isset($_GET['mod']) ? kboard_htmlclear($_GET['mod']) : '';
$uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
if ($mod == 'document' && $uid) {
$this->content = new KBContent();
$this->content->initWithUID($uid);
if ($this->content->uid) {
add_filter('wp_title', array($this, 'title'), 1);
$is_display = false;
$board = new KBoard($this->content->board_id);
if ($board->isReader($this->content->member_uid, $this->content->secret)) {
$is_display = true;
} else {
if ($board->permission_write == 'all' && ($board->permission_read == 'all' || $board->permission_read == 'author')) {
if ($board->isConfirm($this->content->password, $this->content->uid)) {
$is_display = true;
}
}
}
if ($is_display) {
add_action('kboard_head', array($this, 'ogp'), 2);
add_action('kboard_head', array($this, 'description'), 3);
add_action('kboard_head', array($this, 'author'), 4);
add_action('kboard_head', array($this, 'date'), 5);
}
}
}
add_action('kboard_head', array($this, 'rss'), 6);
add_action('wp_head', array($this, 'head'), 1);
}
/**
* 다음 게시판 정보를 불러온다.
* @return object
*/
public function hasNext()
{
if (!$this->resource) {
return '';
}
$this->row = current($this->resource);
if ($this->row) {
next($this->resource);
$board = new KBoard();
$board->initWithRow($this->row);
return $board;
} else {
unset($this->resource);
return '';
}
}
/**
* 관리 권한이 있는지 확인한다.
* @return boolean
*/
public function isEditor()
{
global $wpdb;
$board_id = $wpdb->get_var("SELECT `board_id` FROM `" . KBOARD_DB_PREFIX . "kboard_board_content` WHERE `uid`='{$this->content_uid}'");
$board = new KBoard($board_id);
if ($this->user_uid == $this->userdata->data->ID && $this->userdata->data->ID) {
// 본인인 경우
return true;
} else {
if ($board->isAdmin()) {
// 게시판 관리자 허용
return true;
} else {
return false;
}
}
}
public function editorExecute()
{
global $user_ID;
if (isset($_POST['kboard-editor-execute-nonce']) && wp_verify_nonce($_POST['kboard-editor-execute-nonce'], 'kboard-editor-execute')) {
header("Content-Type: text/html; charset=UTF-8");
$uid = intval($_POST['uid']);
$board_id = intval($_POST['board_id']);
$board = new KBoard($board_id);
if (!$board->uid) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if ($board->isWriter() && $board->permission_write == 'all' && $_POST['title']) {
if (!$user_ID && !$_POST['password']) {
die('<script>alert("' . __('Please enter your password.', 'kboard') . '");history.go(-1);";</script>');
}
}
$content = new KBContent();
$content->initWithUID($uid);
$content->setBoardID($board_id);
if (!$uid && !$board->isWriter()) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
} else {
if ($uid && !$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
}
$execute_uid = $content->execute();
// 비밀번호가 입력되면 즉시 인증과정을 거친다.
if ($content->password) {
$board->isConfirm($content->password, $execute_uid);
}
$url = new KBUrl();
$next_page_url = $url->set('uid', $execute_uid)->set('mod', 'document')->toString();
$next_page_url = apply_filters('kboard_after_executing_url', $next_page_url, $execute_uid, $board_id);
wp_redirect($next_page_url);
} else {
wp_redirect(site_url());
}
exit;
}
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (!strstr($referer, basename(__FILE__))) {
$_SESSION['redirect_uri'] = $referer;
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
$url = new KBUrl();
$skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}";
include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php";
exit;
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
if ($file == 'thumbnail') {
$content->removeThumbnail();
function kboard_ajax_builder()
{
if (!$_SESSION['kboard_board_id']) {
die('KBoard 알림 :: id=null, 아이디값은 필수 입니다.');
}
$board = new KBoard();
$board->setID($_SESSION['kboard_board_id']);
if ($board->uid) {
$board_builder = new KBoardBuilder();
$board_builder->setBoardID($board->uid);
$board_builder->setSkin($board->skin);
$board_builder->setRpp($board->page_rpp);
$board_builder->board = $board;
die($board_builder->getJsonList());
} else {
die('KBoard 알림 :: id=' . $_SESSION['kboard_board_id'] . ', 생성되지 않은 게시판입니다.');
}
}
<?php
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
include $path . DIRECTORY_SEPARATOR . 'wp-load.php';
header("Content-Type: text/html; charset=UTF-8");
if (!stristr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = intval($_GET['uid']);
$file = addslashes(kboard_xssfilter(kboard_htmlclear(trim($_GET['file']))));
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
$board = new KBoard($content->board_id);
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID) {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url() . '";</script>');
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$name = $file_info->file_name;
if (!$file_info->file_path || !file_exists($path)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
header('Content-type: ' . kboard_mime_type($path));
/**
* 게시글을 등록/수정한다.
*/
public function execute()
{
$this->parent_uid = isset($_POST['parent_uid']) ? intval($_POST['parent_uid']) : 0;
$this->member_uid = isset($_POST['member_uid']) ? intval($_POST['member_uid']) : 0;
$this->member_display = isset($_POST['member_display']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['member_display']))) : '';
$this->title = isset($_POST['title']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['title']))) : '';
$this->content = isset($_POST['kboard_content']) ? kboard_safeiframe(kboard_xssfilter(trim($_POST['kboard_content']))) : '';
$this->date = isset($_POST['date']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['date']))) : '';
$this->category1 = isset($_POST['category1']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category1']))) : '';
$this->category2 = isset($_POST['category2']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['category2']))) : '';
$this->secret = isset($_POST['secret']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['secret']))) : '';
$this->notice = isset($_POST['notice']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['notice']))) : '';
$this->search = isset($_POST['wordpress_search']) ? intval($this->secret && $_POST['wordpress_search'] == 1 ? '2' : $_POST['wordpress_search']) : '3';
$this->password = isset($_POST['password']) ? kboard_xssfilter(kboard_htmlclear(trim($_POST['password']))) : '';
if ($this->uid && $this->date) {
// 기존게시물 업데이트
$this->updateContent();
$this->setThumbnail($this->uid);
$this->update_options($this->uid);
$this->update_attach($this->uid);
/*
* 게시글 수정 액션 훅 실행
*/
do_action('kboard_document_update', $this->uid, $this->board_id);
return $this->uid;
} else {
if (!$this->uid && $this->title) {
// captcha 코드 확인
include_once 'KBCaptcha.class.php';
$captcha = new KBCaptcha();
$captcha_text = isset($_POST['captcha']) ? $_POST['captcha'] : '';
if (!$captcha->textCheck($captcha_text)) {
die("<script>alert('" . __('The CAPTCHA code is not valid. Please enter the CAPTCHA code.', 'kboard') . "');history.go(-1);</script>");
}
// 신규게시물 등록
$uid = $this->insertContent();
if ($uid) {
$this->setThumbnail($uid);
$this->update_options($uid);
$this->update_attach($uid);
// 게시판 설정에 알림 이메일이 설정되어 있으면 메일을 보낸다.
$meta = new KBoardMeta($this->board_id);
if ($meta->latest_alerts) {
/*
* http://www.cosmosfarm.com/threads/document/3025
* 메일 제목에 게시글이 등록된 게시판 이름 추가해서 보낸다.
*/
$board = new KBoard();
$board->setID($this->board_id);
$url = new KBUrl();
include_once 'KBMail.class.php';
$mail = new KBMail();
$mail->to = explode(',', $meta->latest_alerts);
$mail->title = '[' . __('KBoard new document', 'kboard') . '] ' . $board->board_name . ' - ' . $this->title;
$mail->content = $this->content;
$mail->url = $url->getDocumentRedirect($uid);
$mail->send();
}
/*
* 게시글 입력 액션 훅 실행
*/
do_action('kboard_document_insert', $uid, $this->board_id);
}
return $uid;
}
}
return '';
}
/**
* 첨부파일 다운로드
*/
public function fileDownload()
{
global $wpdb;
header('X-Robots-Tag: noindex', true);
// 검색엔진 수집 금지
header('Content-Type: text/html; charset=UTF-8');
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
if ($referer) {
$url = parse_url($referer);
$referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : '');
} else {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
if (!in_array($referer_host, array($host))) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
if (isset($_GET['file'])) {
$file = trim($_GET['file']);
$file = kboard_htmlclear($file);
$file = kboard_xssfilter($file);
$file = esc_sql($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID && $board->permission_read == 'author') {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>');
} else {
if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) {
if (!$board->isConfirm($content->password, $content->uid)) {
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
if (!$board->isReader($parent->member_uid, $content->secret)) {
if (!$board->isConfirm($parent->password, $parent->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$filename = str_replace(' ', '-', $file_info->file_name);
if (!$file_info->file_path || !file_exists($path)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (get_option('kboard_attached_copy_download')) {
$unique_dir = uniqid();
$upload_dir = wp_upload_dir();
$temp_path = $upload_dir['basedir'] . '/kboard_temp';
$kboard_file_handler = new KBFileHandler();
$kboard_file_handler->deleteWithOvertime($temp_path, 60);
$kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}");
copy($path, "{$temp_path}/{$unique_dir}/{$filename}");
header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}");
} else {
$ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false);
if ($ie) {
$filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename);
}
header('Content-type: ' . kboard_mime_type($path));
header('Content-Disposition: attachment; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-length: ' . sprintf('%d', filesize($path)));
header('Expires: 0');
if ($ie) {
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
} else {
header('Pragma: no-cache');
}
$fp = fopen($path, 'rb');
fpassthru($fp);
fclose($fp);
}
exit;
}
$file = kboard_xssfilter($file);
$file = addslashes($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID && $board->permission_read == 'author') {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>');
} else {
if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) {
if (!$board->isConfirm($content->password, $content->uid)) {
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
if (!$board->isReader($parent->member_uid, $content->secret)) {
if (!$board->isConfirm($parent->password, $parent->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
/**
* 댓글 쓰기 권한이 있는 사용자인지 확인한다.
* @return boolean
*/
public function isWriter()
{
global $user_ID;
if (!$this->permission_comment_write) {
return true;
} else {
if (is_user_logged_in()) {
if ($this->permission_comment_write == '1') {
return true;
} else {
if ($this->permission_comment_write == 'roles') {
$board = new KBoard($this->board_id);
$userdata = $user_ID ? get_userdata($user_ID) : new stdClass();
if (isset($userdata->roles) && array_intersect($board->getCommentRoles(), $userdata->roles)) {
return true;
}
}
}
}
}
return false;
}
