$file = kboard_xssfilter($file); $file = addslashes($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (!strstr($referer, basename(__FILE__))) { $_SESSION['redirect_uri'] = $referer; } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isEditor($content->member_uid)) { if ($board->permission_write == 'all') { if (!$board->isConfirm($content->password, $content->uid)) { $url = new KBUrl(); $skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}"; include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php"; exit; } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); }
/** * 첨부파일 다운로드 */ public function fileDownload() { global $wpdb; header('X-Robots-Tag: noindex', true); // 검색엔진 수집 금지 header('Content-Type: text/html; charset=UTF-8'); $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : ''); } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = esc_sql($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $board->permission_read == 'author') { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>'); } else { if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) { if (!$board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if (!$board->isReader($parent->member_uid, $content->secret)) { if (!$board->isConfirm($parent->password, $parent->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $filename = str_replace(' ', '-', $file_info->file_name); if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (get_option('kboard_attached_copy_download')) { $unique_dir = uniqid(); $upload_dir = wp_upload_dir(); $temp_path = $upload_dir['basedir'] . '/kboard_temp'; $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->deleteWithOvertime($temp_path, 60); $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}"); copy($path, "{$temp_path}/{$unique_dir}/{$filename}"); header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}"); } else { $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false); if ($ie) { $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename); } header('Content-type: ' . kboard_mime_type($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . sprintf('%d', filesize($path))); header('Expires: 0'); if ($ie) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); } $fp = fopen($path, 'rb'); fpassthru($fp); fclose($fp); } exit; }
/** * 최상위 부모 UID를 반환한다. * @return int */ public function getTopContentUID() { if ($this->parent_uid) { $content = new KBContent(); $content->initWithUID($this->parent_uid); return $content->getTopContentUID(); } return $this->uid; }
/** * 게시판 본문 페이지를 생성한다. */ public function builderDocument() { global $user_ID; $url = new KBUrl(); $content = new KBContent($this->board_id); $content->initWithUID($this->uid); $skin_path = KBOARD_URL_PATH . "/skin/{$this->skin}"; $board = $this->board; $boardBuilder = $this; $allow_document = false; if (!$this->board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $this->board->permission_read != 'all') { echo '<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($_SERVER['REQUEST_URI']) . '";</script>'; } else { if ($content->secret) { if (!$this->board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if ($this->board->isReader($parent->member_uid, $content->secret)) { $allow_document = true; } else { if (!$this->board->isConfirm($parent->password, $parent->uid)) { include KBOARD_DIR_PATH . "/skin/{$this->skin}/confirm.php"; } else { $allow_document = true; } } } else { include KBOARD_DIR_PATH . "/skin/{$this->skin}/confirm.php"; } } else { $allow_document = true; } } else { echo '<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'; } } } else { $allow_document = true; } if ($allow_document == true) { $content->increaseView(); $content->initWithUID($this->uid); // 에디터를 사용하지 않고, autolink가 활성화면 자동으로 link를 생성한다. if (!$board->use_editor && $this->meta->autolink) { include_once KBOARD_DIR_PATH . '/helper/Autolink.helper.php'; $content->content = nl2br(Kboard_autolink($content->content)); $content->content = preg_replace("/(<(|\\/)(table|th|tr|td).*>)(<br \\/>)/", "\$1", $content->content); } else { $content->content = nl2br($content->content); $content->content = preg_replace("/(<(|\\/)(table|th|tr|td).*>)(<br \\/>)/", "\$1", $content->content); } // 게시글 숏코드(Shortcode) 실행 if ($this->meta->shortcode_execute == 1) { $content->content = do_shortcode($content->content); } // kboard_content 필터 실행 $content->content = apply_filters('kboard_content', $content->content, $content->uid, $this->board_id); include KBOARD_DIR_PATH . "/skin/{$this->skin}/document.php"; } }