/** * Fix the comment * @param object $obj * @param bool $is_admin * @param bool $manual_updated * @return object */ function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE) { if (!$manual_updated && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } if (!is_object($obj)) { $obj = new stdClass(); } $obj->__isupdate = TRUE; // call a trigger (before) $output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj); if (!$output->toBool()) { return $output; } // create a comment model object $oCommentModel = getModel('comment'); // get the original data $source_obj = $oCommentModel->getComment($obj->comment_srl); if (!$source_obj->getMemberSrl()) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // check if permission is granted if (!$is_admin && !$source_obj->isGranted()) { return new Object(-1, 'msg_not_permitted'); } if ($obj->password) { $obj->password = getModel('member')->hashPassword($obj->password); } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } // set modifier's information if logged-in and posting author and modifier are matched. if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($source_obj->member_srl == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // if nick_name of the logged-in author doesn't exist if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } if (!$obj->content) { $obj->content = $source_obj->get('content'); } // remove XE's wn tags from contents $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); if (Mobile::isFromMobilePhone()) { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } // remove iframe and script if not a top administrator on the session if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // begin transaction $oDB = DB::getInstance(); $oDB->begin(); // Update $output = executeQuery('comment.updateComment', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // call a trigger (after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); $output->add('comment_srl', $obj->comment_srl); return $output; }
/** * @brief fix the comment **/ function updateComment($obj, $is_admin = false) { $obj->__isupdate = true; // call a trigger (before) $output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj); if (!$output->toBool()) { return $output; } // create a comment model object $oCommentModel =& getModel('comment'); // get the original data $source_obj = $oCommentModel->getComment($obj->comment_srl); if (!$source_obj->getMemberSrl()) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // check if permission is granted if (!$is_admin && !$source_obj->isGranted()) { return new Object(-1, 'msg_not_permitted'); } if ($obj->password) { $obj->password = md5($obj->password); } if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } // set modifier's information if logged-in and posting author and modifier are matched. if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($source_obj->member_srl == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // if nick_name of the logged-in author doesn't exist if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } if (!$obj->content) { $obj->content = $source_obj->get('content'); } // remove XE's wn tags from contents $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // remove iframe and script if not a top administrator on the session if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); // Update $output = executeQuery('comment.updateComment', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // call a trigger (after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); $output->add('comment_srl', $obj->comment_srl); //remove from cache $oCacheHandler =& CacheHandler::getInstance('object'); if ($oCacheHandler->isSupport()) { $oCacheHandler->invalidateGroupKey('commentList'); } return $output; }
/** * Send a message (DB controll) * @param int $sender_srl member_srl of sender * @param int $receiver_srl member_srl of receiver_srl * @param string $title * @param string $content * @param boolean $sender_log (default true) * @return Object **/ function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true) { $content = removeHackTag($content); $title = htmlspecialchars($title); // messages to save in the sendor's message box $sender_args->sender_srl = $sender_srl; $sender_args->receiver_srl = $receiver_srl; $sender_args->message_type = 'S'; $sender_args->title = $title; $sender_args->content = $content; $sender_args->readed = 'N'; $sender_args->regdate = date("YmdHis"); $sender_args->related_srl = getNextSequence(); $sender_args->message_srl = getNextSequence(); $sender_args->list_order = getNextSequence() * -1; // messages to save in the receiver's message box $receiver_args->message_srl = $sender_args->related_srl; $receiver_args->related_srl = 0; $receiver_args->list_order = $sender_args->related_srl * -1; $receiver_args->sender_srl = $sender_srl; if (!$receiver_args->sender_srl) { $receiver_args->sender_srl = $receiver_srl; } $receiver_args->receiver_srl = $receiver_srl; $receiver_args->message_type = 'R'; $receiver_args->title = $title; $receiver_args->content = $content; $receiver_args->readed = 'N'; $receiver_args->regdate = date("YmdHis"); $oDB =& DB::getInstance(); $oDB->begin(); // messages to save in the sendor's message box if ($sender_srl && $sender_log) { $output = executeQuery('communication.sendMessage', $sender_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } } // messages to save in the receiver's message box $output = executeQuery('communication.sendMessage', $receiver_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // create a flag that message is sent (in file format) $flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl); FileHandler::makeDir($flag_path); $flag_file = sprintf('%s%s', $flag_path, $receiver_srl); $flag_count = FileHandler::readFile($flag_file); FileHandler::writeFile($flag_file, ++$flag_count); $oDB->commit(); return new Object(0, 'success_sended'); }
/** * Import member information * @param int $key * @param int $cur * @param string $index_file * @return int */ function importMember($key, $cur, $index_file) { if (!$cur) { $cur = 0; } // Create the xmlParser object $oXmlParser = new XmlParser(); // Create objects for importing member information $this->oMemberController = getController('member'); $this->oMemberModel = getModel('member'); // Get a default member group $default_group = $this->oMemberModel->getDefaultGroup(); $default_group_srl = $default_group->group_srl; // Get information of the Webmaster $oModuleModel = getModel('module'); $member_config = $oModuleModel->getModuleConfig('member'); // Open an index file $f = fopen($index_file, "r"); // Pass if already read for ($i = 0; $i < $cur; $i++) { fgets($f, 1024); } // Read by each line until the condition meets for ($idx = $cur; $idx < $cur + $this->unit_count; $idx++) { if (feof($f)) { break; } // Find a given location $target_file = trim(fgets($f, 1024)); // Load and parse the file $xmlObj = $oXmlParser->loadXmlFile($target_file); FileHandler::removeFile($target_file); if (!$xmlObj) { continue; } // List Objects $obj = null; $obj->user_id = base64_decode($xmlObj->member->user_id->body); $obj->password = base64_decode($xmlObj->member->password->body); $obj->user_name = base64_decode($xmlObj->member->user_name->body); $obj->nick_name = base64_decode($xmlObj->member->nick_name->body); if (!$obj->user_name) { $obj->user_name = $obj->nick_name; } $obj->email = base64_decode($xmlObj->member->email->body); $obj->homepage = base64_decode($xmlObj->member->homepage->body); $obj->blog = base64_decode($xmlObj->member->blog->body); $obj->birthday = substr(base64_decode($xmlObj->member->birthday->body), 0, 8); $obj->allow_mailing = base64_decode($xmlObj->member->allow_mailing->body); $obj->point = base64_decode($xmlObj->member->point->body); $obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body); $obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body); $obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body); $obj->signature = base64_decode($xmlObj->member->signature->body); $obj->regdate = base64_decode($xmlObj->member->regdate->body); $obj->last_login = base64_decode($xmlObj->member->last_login->body); if ($xmlObj->member->extra_vars) { foreach ($xmlObj->member->extra_vars as $key => $val) { if (in_array($key, array('node_name', 'attrs', 'body'))) { continue; } $obj->extra_vars->{$key} = base64_decode($val->body); } } // Create url for homepage and blog if ($obj->homepage && strncasecmp('http://', $obj->homepage, 7) !== 0 && strncasecmp('https://', $obj->homepage, 8) !== 0) { $obj->homepage = 'http://' . $obj->homepage; } // email address column $obj->email_address = $obj->email; list($obj->email_id, $obj->email_host) = explode('@', $obj->email); // Set the mailing option if ($obj->allow_mailing != 'Y') { $obj->allow_mailing = 'N'; } // Set the message option $obj->allow_message = 'Y'; if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) { $obj->allow_message = 'Y'; } // Get member-join date if the last login time is not found if (!$obj->last_login) { $obj->last_login = $obj->regdate; } // Get a member_srl $obj->member_srl = getNextSequence(); $obj->list_order = -1 * $obj->member_srl; // List extra vars $extra_vars = $obj->extra_vars; unset($obj->extra_vars); $obj->extra_vars = serialize($extra_vars); // Check if the same nickname is existing $nick_args = new stdClass(); $nick_args->nick_name = $obj->nick_name; $nick_output = executeQuery('member.getMemberSrl', $nick_args); if (!$nick_output->toBool()) { $obj->nick_name .= '_' . $obj->member_srl; } // Add a member $output = executeQuery('member.insertMember', $obj); if ($output->toBool() && !$obj->password) { // Send a mail telling the user to reset his password. $oMail = new Mail(); $oMail->setTitle("Password update for your " . getFullSiteUrl() . " account"); $webmaster_name = $member_config->webmaster_name ? $member_config->webmaster_name : 'Webmaster'; $oMail->setContent("Dear {$obj->user_name}, <br /><br />\n\t\t\t\t\t\tWe recently migrated our phpBB forum to XpressEngine. Since you password was encrypted we could not migrate it too, so please reset it by following this link:\n\t\t\t\t\t\t<a href='" . getFullSiteUrl() . "/?act=dispMemberFindAccount' >" . getFullSiteUrl() . "?act=dispMemberFindAccount</a>. You need to enter you email address and hit the 'Find account' button. You will then receive an email with a new, generated password that you can change after login. <br /><br />\n\n\t\t\t\t\t\tThank you for your understanding,<br />\n\t\t\t\t\t\t{$webmaster_name}"); $oMail->setSender($webmaster_name, $member_config->webmaster_email); $oMail->setReceiptor($obj->user_name, $obj->email); $oMail->send(); } // add group join/image name-mark-signiture and so on if a new member successfully added if ($output->toBool()) { // Join to the default group $obj->group_srl = $default_group_srl; executeQuery('member.addMemberToGroup', $obj); // Image name if ($obj->image_nickname) { $target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->image_nickname); } // Image mark if ($obj->image_mark && file_exists($obj->image_mark)) { $target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->image_mark); } // Profile image if ($obj->profile_image) { $target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->profile_image); } // Signiture if ($obj->signature) { $signature = removeHackTag($obj->signature); $signature_buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature); $target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl)); if (!is_dir($target_path)) { FileHandler::makeDir($target_path); } $target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $signature_buff); } } } fclose($f); return $idx - 1; }
/** * @brief 회원 정보 입력 **/ function importMember($key, $cur, $index_file) { if (!$cur) { $cur = 0; } // xmlParser객체 생성 $oXmlParser = new XmlParser(); // 회원 입력을 위한 기본 객체들 생성 $this->oMemberController =& getController('member'); $this->oMemberModel =& getModel('member'); // 기본 회원 그룹을 구함 $default_group = $this->oMemberModel->getDefaultGroup(); $default_group_srl = $default_group->group_srl; // index파일을 염 $f = fopen($index_file, "r"); // 이미 읽혀진 것은 패스 for ($i = 0; $i < $cur; $i++) { fgets($f, 1024); } // 라인단위로 읽어들이면서 $cur보다 커지고 $cur+$this->unit_count개보다 작으면 중지 for ($idx = $cur; $idx < $cur + $this->unit_count; $idx++) { if (feof($f)) { break; } // 정해진 위치를 찾음 $target_file = trim(fgets($f, 1024)); // 대상 파일을 읽여서 파싱후 입력 $xmlObj = $oXmlParser->loadXmlFile($target_file); FileHandler::removeFile($target_file); if (!$xmlObj) { continue; } // 객체 정리 $obj = null; $obj->user_id = base64_decode($xmlObj->member->user_id->body); $obj->password = base64_decode($xmlObj->member->password->body); $obj->user_name = base64_decode($xmlObj->member->user_name->body); $obj->nick_name = base64_decode($xmlObj->member->nick_name->body); if (!$obj->user_name) { $obj->user_name = $obj->nick_name; } $obj->email = base64_decode($xmlObj->member->email->body); $obj->homepage = base64_decode($xmlObj->member->homepage->body); $obj->blog = base64_decode($xmlObj->member->blog->body); $obj->birthday = substr(base64_decode($xmlObj->member->birthday->body), 0, 8); $obj->allow_mailing = base64_decode($xmlObj->member->allow_mailing->body); $obj->point = base64_decode($xmlObj->member->point->body); $obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body); $obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body); $obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body); $obj->signature = base64_decode($xmlObj->member->signature->body); $obj->regdate = base64_decode($xmlObj->member->regdate->body); $obj->last_login = base64_decode($xmlObj->member->last_login->body); if ($xmlObj->member->extra_vars) { foreach ($xmlObj->member->extra_vars as $key => $val) { if (in_array($key, array('node_name', 'attrs', 'body'))) { continue; } $obj->extra_vars->{$key} = base64_decode($val->body); } } // homepage, blog의 url을 정확히 만듬 if ($obj->homepage && !preg_match("/^http:\\/\\//i", $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } if ($obj->blog && !preg_match("/^http:\\/\\//i", $obj->blog)) { $obj->blog = 'http://' . $obj->blog; } // email address 필드 정리 $obj->email_address = $obj->email; list($obj->email_id, $obj->email_host) = explode('@', $obj->email); // 메일링 허용 체크 if ($obj->allow_mailing != 'Y') { $obj->allow_mailing = 'N'; } // 쪽지 수신 체크 $obj->allow_message = 'Y'; if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) { $obj->allow_message = 'Y'; } // 최종 로그인 시간이 없으면 가입일을 입력 if (!$obj->last_login) { $obj->last_login = $obj->regdate; } // 회원 번호를 구함 $obj->member_srl = getNextSequence(); // 확장변수의 정리 $extra_vars = $obj->extra_vars; unset($obj->extra_vars); $obj->extra_vars = serialize($extra_vars); // 중복되는 nick_name 데이터가 있는지 체크 $nick_args = null; $nick_args->nick_name = $obj->nick_name; $nick_output = executeQuery('member.getMemberSrl', $nick_args); if (!$nick_output->toBool()) { $obj->nick_name .= '_' . $obj->member_srl; } // 회원 추가 $output = executeQuery('member.insertMember', $obj); // 입력 성공시 그룹 가입/ 이미지이름-마크-서명등을 추가 if ($output->toBool()) { // 기본 그룹 가입 시킴 $obj->group_srl = $default_group_srl; executeQuery('member.addMemberToGroup', $obj); // 이미지네임 if ($obj->image_nickname) { $target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->image_nickname); } // 이미지마크 if ($obj->image_mark && file_exists($obj->image_mark)) { $target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->image_mark); } // 프로필 이미지 if ($obj->profile_image) { $target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl)); $target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $obj->profile_image); } // 서명 if ($obj->signature) { $signature = removeHackTag($obj->signature); $signature_buff = sprintf('<?php if(!defined("__ZBXE__")) exit();?>%s', $signature); $target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl)); if (!is_dir($target_path)) { FileHandler::makeDir($target_path); } $target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl); FileHandler::writeFile($target_filename, $signature_buff); } } } fclose($f); return $idx - 1; }
/** * @brief 문서 수정 **/ function updateDocument($source_obj, $obj) { // trigger 호출 (before) $output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj); if (!$output->toBool()) { return $output; } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); $oModuleModel =& getModel('module'); $module_srl = $obj->module_srl; $document_config = $oModuleModel->getModulePartConfig('document', $module_srl); if (!isset($document_config->use_history)) { $document_config->use_history = 'N'; } $bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace'; if ($bUseHistory) { $args->history_srl = getNextSequence(); $args->document_srl = $obj->document_srl; $args->module_srl = $module_srl; if ($document_config->use_history == 'Y') { $args->content = $source_obj->get('content'); } $args->nick_name = $source_obj->get('nick_name'); $args->member_srl = $source_obj->get('member_srl'); $args->regdate = $source_obj->get('last_update'); $args->ipaddress = $source_obj->get('ipaddress'); $output = executeQuery("document.insertHistory", $args); } // 기본 변수들 정리 if ($obj->is_secret != 'Y') { $obj->is_secret = 'N'; } if ($obj->allow_comment != 'Y') { $obj->allow_comment = 'N'; } if ($obj->lock_comment != 'Y') { $obj->lock_comment = 'N'; } if ($obj->allow_trackback != 'Y') { $obj->allow_trackback = 'N'; } if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } if ($obj->notify_message != 'Y') { $obj->notify_message = 'N'; } // $extra_vars를 serialize $obj->extra_vars = serialize($obj->extra_vars); // 자동저장용 필드 제거 unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); unset($obj->_saved_doc_content); unset($obj->_saved_doc_message); $oDocumentModel =& getModel('document'); // 카테고리가 변경되었으면 검사후 없는 카테고리면 0으로 세팅 if ($source_obj->get('category_srl') != $obj->category_srl) { $category_list = $oDocumentModel->getCategoryList($obj->module_srl); if (!$category_list[$obj->category_srl]) { $obj->category_srl = 0; } } // 수정 순서를 조절 $obj->update_order = getNextSequence() * -1; // 비밀번호가 있으면 md5 hash if ($obj->password) { $obj->password = md5($obj->password); } // 원본 작성인과 수정하려는 수정인이 동일할 시에 또는 History를 사용하면 로그인된 사용자 정보를 입력 if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($source_obj->get('member_srl') == $logged_info->member_srl || $bUseHistory) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // 로그인한 유저가 작성한 글인데 nick_name이 없을 경우 if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // 제목이 없으면 내용에서 추출 settype($obj->title, "string"); if ($obj->title == '') { $obj->title = cut_str(strip_tags($obj->content), 20, '...'); } //그래도 없으면 Untitled if ($obj->title == '') { $obj->title = 'Untitled'; } // 내용에서 XE만의 태그를 삭제 $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // 글쓴이의 언어변수와 원문의 언어변수가 다르면 확장변수로 처리 if ($source_obj->get('lang_code') != Context::getLangType()) { // 원문의 언어변수가 없을경우 확장변수가 아닌 원문의 언어변수를 변경 if (!$source_obj->get('lang_code')) { $lang_code_args->document_srl = $source_obj->get('document_srl'); $lang_code_args->lang_code = Context::getLangType(); $output = executeQuery('document.updateDocumentsLangCode', $lang_code_args); } else { $extra_content->title = $obj->title; $extra_content->content = $obj->content; $document_args->document_srl = $source_obj->get('document_srl'); $document_output = executeQuery('document.getDocument', $document_args); $obj->title = $document_output->data->title; $obj->content = $document_output->data->content; } } // 세션에서 최고 관리자가 아니면 iframe, script 제거 if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // DB에 입력 $output = executeQuery('document.updateDocument', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // 모든 확장 변수 삭제 $this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType()); // 등록 성공시 확장 변수 등록 $extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl); if (count($extra_keys)) { foreach ($extra_keys as $idx => $extra_item) { $value = ''; if (isset($obj->{'extra_vars' . $idx})) { $value = trim($obj->{'extra_vars' . $idx}); } elseif (isset($obj->{$extra_item->name})) { $value = trim($obj->{$extra_item->name}); } if (!isset($value)) { continue; } $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid); } } // 제목/내용의 다국어 확장변수 등록 if ($extra_content->title) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType()); } if ($extra_content->content) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType()); } // 성공하였을 경우 category_srl이 있으면 카테고리 update if ($source_obj->get('category_srl') != $obj->category_srl) { if ($source_obj->get('category_srl')) { $this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl')); } if ($obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $obj->category_srl); } } // trigger 호출 (after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('document.updateDocument', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); // 썸네일 파일 제거 FileHandler::removeDir(sprintf('files/cache/thumbnails/%s', getNumberingPath($obj->document_srl, 3))); $output->add('document_srl', $obj->document_srl); return $output; }
/** * @brief 댓글 수정 **/ function updateComment($obj, $is_admin = false) { $obj->__isupdate = true; // trigger 호출 (before) $output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj); if (!$output->toBool()) { return $output; } // comment model 객체 생성 $oCommentModel =& getModel('comment'); // 원본 데이터를 가져옴 $source_obj = $oCommentModel->getComment($obj->comment_srl); if (!$source_obj->getMemberSrl()) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // 권한이 있는지 확인 if (!$is_admin && !$source_obj->isGranted()) { return new Object(-1, 'msg_not_permitted'); } if ($obj->password) { $obj->password = md5($obj->password); } if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } // 로그인 되어 있고 작성자와 수정자가 동일하면 수정자의 정보를 세팅 if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($source_obj->member_srl == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // 로그인한 유저가 작성한 글인데 nick_name이 없을 경우 if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } if (!$obj->content) { $obj->content = $source_obj->get('content'); } // 내용에서 XE만의 태그를 삭제 $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // 세션에서 최고 관리자가 아니면 iframe, script 제거 if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); // 업데이트 $output = executeQuery('comment.updateComment', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // trigger 호출 (after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); $output->add('comment_srl', $obj->comment_srl); return $output; }
/** * Send a message (DB control) * @param int $sender_srl member_srl of sender * @param int $receiver_srl member_srl of receiver_srl * @param string $title * @param string $content * @param boolean $sender_log (default true) * @return Object */ function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = TRUE) { // Encode the title and content. $title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $content = removeHackTag($content); $title = utf8_mbencode($title); $content = utf8_mbencode($content); $message_srl = getNextSequence(); $related_srl = getNextSequence(); // messages to save in the sendor's message box $sender_args = new stdClass(); $sender_args->sender_srl = $sender_srl; $sender_args->receiver_srl = $receiver_srl; $sender_args->message_type = 'S'; $sender_args->title = $title; $sender_args->content = $content; $sender_args->readed = 'N'; $sender_args->regdate = date("YmdHis"); $sender_args->message_srl = $message_srl; $sender_args->related_srl = $related_srl; $sender_args->list_order = $sender_args->message_srl * -1; // messages to save in the receiver's message box $receiver_args = new stdClass(); $receiver_args->message_srl = $related_srl; $receiver_args->related_srl = 0; $receiver_args->list_order = $related_srl * -1; $receiver_args->sender_srl = $sender_srl; if (!$receiver_args->sender_srl) { $receiver_args->sender_srl = $receiver_srl; } $receiver_args->receiver_srl = $receiver_srl; $receiver_args->message_type = 'R'; $receiver_args->title = $title; $receiver_args->content = $content; $receiver_args->readed = 'N'; $receiver_args->regdate = date("YmdHis"); // Call a trigger (before) $trigger_obj = new stdClass(); $trigger_obj->sender_srl = $sender_srl; $trigger_obj->receiver_srl = $receiver_srl; $trigger_obj->message_srl = $message_srl; $trigger_obj->related_srl = $related_srl; $trigger_obj->title = $title; $trigger_obj->content = $content; $trigger_obj->sender_log = $sender_log; $trigger_output = ModuleHandler::triggerCall('communication.sendMessage', 'before', $trigger_obj); if (!$trigger_output->toBool()) { return $trigger_output; } $oDB = DB::getInstance(); $oDB->begin(); // messages to save in the sendor's message box if ($sender_srl && $sender_log) { $output = executeQuery('communication.sendMessage', $sender_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } } // messages to save in the receiver's message box $output = executeQuery('communication.sendMessage', $receiver_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Call a trigger (after) ModuleHandler::triggerCall('communication.sendMessage', 'after', $trigger_obj); $oDB->commit(); // create a flag that message is sent (in file format) $this->updateFlagFile($receiver_srl); return new Object(0, 'success_sended'); }
function setContent($content) { $this->add('content', removeHackTag($content)); }
/** * @dataProvider xssProvider */ public function testXSS($source, $expected) { $result = removeHackTag($source); $this->assertEquals($result, $expected); }
/** * Returns a value for HTML * * @return string Returns filtered value */ function getValue() { return removeHackTag($this->value); }
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true) { $content = removeHackTag($content); // 보내는 사용자의 쪽지함에 넣을 쪽지 $sender_args->sender_srl = $sender_srl; $sender_args->receiver_srl = $receiver_srl; $sender_args->message_type = 'S'; $sender_args->title = $title; $sender_args->content = $content; $sender_args->readed = 'N'; $sender_args->regdate = date("YmdHis"); $sender_args->related_srl = getNextSequence(); $sender_args->message_srl = getNextSequence(); $sender_args->list_order = getNextSequence() * -1; // 받는 회원의 쪽지함에 넣을 쪽지 $receiver_args->message_srl = $sender_args->related_srl; $receiver_args->related_srl = 0; $receiver_args->list_order = $sender_args->related_srl * -1; $receiver_args->sender_srl = $sender_srl; if (!$receiver_args->sender_srl) { $receiver_args->sender_srl = $receiver_srl; } $receiver_args->receiver_srl = $receiver_srl; $receiver_args->message_type = 'R'; $receiver_args->title = $title; $receiver_args->content = $content; $receiver_args->readed = 'N'; $receiver_args->regdate = date("YmdHis"); $oDB =& DB::getInstance(); $oDB->begin(); // 발송하는 회원의 쪽지함에 넣을 쪽지 if ($sender_srl && $sender_log) { $output = executeQuery('communication.sendMessage', $sender_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } } // 받을 회원의 쪽지함에 넣을 쪽지 $output = executeQuery('communication.sendMessage', $receiver_args); if (!$output->toBool()) { $oDB->rollback(); return $output; } // 받는 회원의 쪽지 발송 플래그 생성 (파일로 생성) $flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl); FileHandler::makeDir($flag_path); $flag_file = sprintf('%s%s', $flag_path, $receiver_srl); $flag_count = FileHandler::readFile($flag_file); FileHandler::writeFile($flag_file, ++$flag_count); $oDB->commit(); return new Object(0, 'success_sended'); }
function _removeSpecialTag($content) { return removeHackTag($content); }
/** * Add an attachement * * <pre> * This method call trigger 'file.insertFile'. * * Before trigger object contains: * - module_srl * - upload_target_srl * * After trigger object contains: * - file_srl * - upload_target_srl * - module_srl * - direct_download * - source_filename * - uploaded_filename * - donwload_count * - file_size * - comment * - member_srl * - sid * </pre> * * @param object $file_info PHP file information array * @param int $module_srl Sequence of module to upload file * @param int $upload_target_srl Sequence of target to upload file * @param int $download_count Initial download count * @param bool $manual_insert If set true, pass validation check * @return Object */ function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false) { // Call a trigger (before) $trigger_obj = new stdClass(); $trigger_obj->module_srl = $module_srl; $trigger_obj->upload_target_srl = $upload_target_srl; $output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj); if (!$output->toBool()) { return $output; } // A workaround for Firefox upload bug if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) { $file_info['name'] = base64_decode(strtr($match[1], ':', '/')); } if (!$manual_insert) { // Get the file configurations $logged_info = Context::get('logged_info'); if ($logged_info->is_admin != 'Y') { $oFileModel = getModel('file'); $config = $oFileModel->getFileConfig($module_srl); // check file type if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') { $filetypes = explode(';', $config->allowed_filetypes); $ext = array(); foreach ($filetypes as $item) { $item = explode('.', $item); $ext[] = strtolower($item[1]); } $uploaded_ext = explode('.', $file_info['name']); $uploaded_ext = strtolower(array_pop($uploaded_ext)); if (!in_array($uploaded_ext, $ext)) { return $this->stop('msg_not_allowed_filetype'); } } $allowed_filesize = $config->allowed_filesize * 1024 * 1024; $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024; // An error appears if file size exceeds a limit if ($allowed_filesize < filesize($file_info['tmp_name'])) { return new Object(-1, 'msg_exceeds_limit_size'); } // Get total file size of all attachements (from DB) $size_args = new stdClass(); $size_args->upload_target_srl = $upload_target_srl; $output = executeQuery('file.getAttachedFileSize', $size_args); $attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']); if ($attached_size > $allowed_attach_size) { return new Object(-1, 'msg_exceeds_limit_size'); } } } // https://github.com/xpressengine/xe-core/issues/1713 $file_info['name'] = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']); $file_info['name'] = removeHackTag($file_info['name']); $file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']); // Get random number generator $random = new Password(); // Set upload path by checking if the attachement is an image or other kinds of file if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) { $path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3)); // special character to '_' // change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter $ext = substr(strrchr($file_info['name'], '.'), 1); //$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']); $_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext; $filename = $path . $_filename; $idx = 1; while (file_exists($filename)) { $filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename); $idx++; } $direct_download = 'Y'; } else { $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3)); $filename = $path . $random->createSecureSalt(32, 'hex'); $direct_download = 'N'; } // Create a directory if (!FileHandler::makeDir($path)) { return new Object(-1, 'msg_not_permitted_create'); } // Check uploaded file if (!checkUploadedFile($file_info['tmp_name'])) { return new Object(-1, 'msg_file_upload_error'); } // Get random number generator $random = new Password(); // Move the file if ($manual_insert) { @copy($file_info['tmp_name'], $filename); if (!file_exists($filename)) { $filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext; @copy($file_info['tmp_name'], $filename); } } else { if (!@move_uploaded_file($file_info['tmp_name'], $filename)) { $filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext; if (!@move_uploaded_file($file_info['tmp_name'], $filename)) { return new Object(-1, 'msg_file_upload_error'); } } } // Get member information $oMemberModel = getModel('member'); $member_srl = $oMemberModel->getLoggedMemberSrl(); // List file information $args = new stdClass(); $args->file_srl = getNextSequence(); $args->upload_target_srl = $upload_target_srl; $args->module_srl = $module_srl; $args->direct_download = $direct_download; $args->source_filename = $file_info['name']; $args->uploaded_filename = $filename; $args->download_count = $download_count; $args->file_size = @filesize($filename); $args->comment = NULL; $args->member_srl = $member_srl; $args->sid = $random->createSecureSalt(32, 'hex'); $output = executeQuery('file.insertFile', $args); if (!$output->toBool()) { return $output; } // Call a trigger (after) $trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args); if (!$trigger_output->toBool()) { return $trigger_output; } $_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true; $output->add('file_srl', $args->file_srl); $output->add('file_size', $args->file_size); $output->add('sid', $args->sid); $output->add('direct_download', $args->direct_download); $output->add('source_filename', $args->source_filename); $output->add('upload_target_srl', $upload_target_srl); $output->add('uploaded_filename', $args->uploaded_filename); return $output; }
/** * Update the document * @param object $source_obj * @param object $obj * @param bool $manual_updated * @return object */ function updateDocument($source_obj, $obj, $manual_updated = FALSE) { if (!$manual_updated && !checkCSRF()) { return new Object(-1, 'msg_invalid_request'); } if (!$source_obj->document_srl || !$obj->document_srl) { return new Object(-1, 'msg_invalied_request'); } if (!$obj->status && $obj->is_secret == 'Y') { $obj->status = 'SECRET'; } if (!$obj->status) { $obj->status = 'PUBLIC'; } // Call a trigger (before) $output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj); if (!$output->toBool()) { return $output; } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); $oModuleModel = getModel('module'); if (!$obj->module_srl) { $obj->module_srl = $source_obj->get('module_srl'); } $module_srl = $obj->module_srl; $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl); $document_config = $oModuleModel->getModulePartConfig('document', $module_srl); if (!$document_config) { $document_config = new stdClass(); } if (!isset($document_config->use_history)) { $document_config->use_history = 'N'; } $bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace'; if ($bUseHistory) { $args = new stdClass(); $args->history_srl = getNextSequence(); $args->document_srl = $obj->document_srl; $args->module_srl = $module_srl; if ($document_config->use_history == 'Y') { $args->content = $source_obj->get('content'); } $args->nick_name = $source_obj->get('nick_name'); $args->member_srl = $source_obj->get('member_srl'); $args->regdate = $source_obj->get('last_update'); $args->ipaddress = $source_obj->get('ipaddress'); $output = executeQuery("document.insertHistory", $args); } else { $obj->ipaddress = $source_obj->get('ipaddress'); } // List variables if ($obj->comment_status) { $obj->commentStatus = $obj->comment_status; } if (!$obj->commentStatus) { $obj->commentStatus = 'DENY'; } if ($obj->commentStatus == 'DENY') { $this->_checkCommentStatusForOldVersion($obj); } if ($obj->allow_trackback != 'Y') { $obj->allow_trackback = 'N'; } if ($obj->homepage) { $obj->homepage = removeHackTag($obj->homepage); if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } } if ($obj->notify_message != 'Y') { $obj->notify_message = 'N'; } // can modify regdate only manager $grant = Context::get('grant'); if (!$grant->manager) { unset($obj->regdate); } // Serialize the $extra_vars if (!is_string($obj->extra_vars)) { $obj->extra_vars = serialize($obj->extra_vars); } // Remove the columns for automatic saving unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); unset($obj->_saved_doc_content); unset($obj->_saved_doc_message); $oDocumentModel = getModel('document'); // Set the category_srl to 0 if the changed category is not exsiting. if ($source_obj->get('category_srl') != $obj->category_srl) { $category_list = $oDocumentModel->getCategoryList($obj->module_srl); if (!$category_list[$obj->category_srl]) { $obj->category_srl = 0; } } // Change the update order $obj->update_order = getNextSequence() * -1; // Hash the password if it exists if ($obj->password) { $obj->password = getModel('member')->hashPassword($obj->password); } // If an author is identical to the modifier or history is used, use the logged-in user's information. $logged_info = Context::get('logged_info'); if (Context::get('is_logged') && !$manual_updated && $module_info->use_anonymous != 'Y') { if ($source_obj->get('member_srl') == $logged_info->member_srl) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = htmlspecialchars_decode($logged_info->user_name); $obj->nick_name = htmlspecialchars_decode($logged_info->nick_name); $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // For the document written by logged-in user however no nick_name exists if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // If the tile is empty, extract string from the contents. $obj->title = htmlspecialchars($obj->title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); settype($obj->title, "string"); if ($obj->title == '') { $obj->title = cut_str(strip_tags($obj->content), 20, '...'); } // If no tile extracted from the contents, leave it untitled. if ($obj->title == '') { $obj->title = 'Untitled'; } // Remove XE's own tags from the contents. $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // if use editor of nohtml, Remove HTML tags from the contents. if (!$manual_updated) { if (Mobile::isFromMobilePhone() && $obj->use_editor != 'Y') { if ($obj->use_html != 'Y') { $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); } $obj->content = nl2br($obj->content); } else { $oEditorModel = getModel('editor'); $editor_config = $oEditorModel->getEditorConfig($obj->module_srl); if (strpos($editor_config->sel_editor_colorset, 'nohtml') !== FALSE) { $obj->content = preg_replace('/\\<br(\\s*)?\\/?\\>/i', PHP_EOL, $obj->content); $obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $obj->content = str_replace(array("\r\n", "\r", "\n"), '<br />', $obj->content); } } } // Change not extra vars but language code of the original document if document's lang_code is different from author's setting. if ($source_obj->get('lang_code') != Context::getLangType()) { // Change not extra vars but language code of the original document if document's lang_code doesn't exist. if (!$source_obj->get('lang_code')) { $lang_code_args = new stdClass(); $lang_code_args->document_srl = $source_obj->get('document_srl'); $lang_code_args->lang_code = Context::getLangType(); $output = executeQuery('document.updateDocumentsLangCode', $lang_code_args); } else { $extra_content = new stdClass(); $extra_content->title = $obj->title; $extra_content->content = $obj->content; $document_args = new stdClass(); $document_args->document_srl = $source_obj->get('document_srl'); $document_output = executeQuery('document.getDocument', $document_args); $obj->title = $document_output->data->title; $obj->content = $document_output->data->content; } } // Remove iframe and script if not a top adminisrator in the session. if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // if temporary document, regdate is now setting if ($source_obj->get('status') == $this->getConfigStatus('temp')) { $obj->regdate = date('YmdHis'); } // Fix encoding of non-BMP UTF-8 characters. $obj->title = utf8_mbencode($obj->title); $obj->content = utf8_mbencode($obj->content); // Insert data into the DB $output = executeQuery('document.updateDocument', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Remove all extra variables $extra_vars = array(); if (Context::get('act') != 'procFileDelete') { $this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType()); // Insert extra variables if the document successfully inserted. $extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl); if (count($extra_keys)) { foreach ($extra_keys as $idx => $extra_item) { $value = NULL; if (isset($obj->{'extra_vars' . $idx})) { $tmp = $obj->{'extra_vars' . $idx}; if (is_array($tmp)) { $value = implode('|@|', $tmp); } else { $value = trim($tmp); } } else { if (isset($obj->{$extra_item->name})) { $value = trim($obj->{$extra_item->name}); } } if ($value == NULL) { continue; } $extra_vars[$extra_item->name] = $value; $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid); } } // Inert extra vars for multi-language support of title and contents. if ($extra_content->title) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType()); } if ($extra_content->content) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType()); } } // Update the category if the category_srl exists. if ($source_obj->get('category_srl') != $obj->category_srl || $source_obj->get('module_srl') == $logged_info->member_srl) { if ($source_obj->get('category_srl') != $obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl')); } if ($obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $obj->category_srl); } } // Call a trigger (after) if ($obj->update_log_setting === 'Y') { $obj->extra_vars = serialize($extra_vars); if ($this->grant->manager) { $obj->is_admin = 'Y'; } $update_output = $this->insertDocumentUpdateLog($obj, $source_obj); if (!$update_output->toBool()) { $oDB->rollback(); return $update_output; } } ModuleHandler::triggerCall('document.updateDocument', 'after', $obj); // commit $oDB->commit(); // Remove the thumbnail file FileHandler::removeDir(sprintf('files/thumbnails/%s', getNumberingPath($obj->document_srl, 3))); $output->add('document_srl', $obj->document_srl); //remove from cache Rhymix\Framework\Cache::delete('document_item:' . getNumberingPath($obj->document_srl) . $obj->document_srl); return $output; }
/** * Update the document * @param object $source_obj * @param object $obj * @return object */ function updateDocument($source_obj, $obj) { if (!$source_obj->document_srl || !$obj->document_srl) { return new Object(-1, 'msg_invalied_request'); } if (!$obj->status && $obj->is_secret == 'Y') { $obj->status = 'SECRET'; } if (!$obj->status) { $obj->status = 'PUBLIC'; } // Call a trigger (before) $output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj); if (!$output->toBool()) { return $output; } // begin transaction $oDB =& DB::getInstance(); $oDB->begin(); $oModuleModel =& getModel('module'); if (!$obj->module_srl) { $obj->module_srl = $source_obj->get('module_srl'); } $module_srl = $obj->module_srl; $document_config = $oModuleModel->getModulePartConfig('document', $module_srl); if (!isset($document_config->use_history)) { $document_config->use_history = 'N'; } $bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace'; if ($bUseHistory) { $args->history_srl = getNextSequence(); $args->document_srl = $obj->document_srl; $args->module_srl = $module_srl; if ($document_config->use_history == 'Y') { $args->content = $source_obj->get('content'); } $args->nick_name = $source_obj->get('nick_name'); $args->member_srl = $source_obj->get('member_srl'); $args->regdate = $source_obj->get('last_update'); $args->ipaddress = $source_obj->get('ipaddress'); $output = executeQuery("document.insertHistory", $args); } else { $obj->ipaddress = $source_obj->get('ipaddress'); } // List variables if ($obj->comment_status) { $obj->commentStatus = $obj->comment_status; } if (!$obj->commentStatus) { $obj->commentStatus = 'DENY'; } if ($obj->commentStatus == 'DENY') { $this->_checkCommentStatusForOldVersion($obj); } if ($obj->allow_trackback != 'Y') { $obj->allow_trackback = 'N'; } if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) { $obj->homepage = 'http://' . $obj->homepage; } if ($obj->notify_message != 'Y') { $obj->notify_message = 'N'; } // Serialize the $extra_vars $obj->extra_vars = serialize($obj->extra_vars); // Remove the columns for automatic saving unset($obj->_saved_doc_srl); unset($obj->_saved_doc_title); unset($obj->_saved_doc_content); unset($obj->_saved_doc_message); $oDocumentModel =& getModel('document'); // Set the category_srl to 0 if the changed category is not exsiting. if ($source_obj->get('category_srl') != $obj->category_srl) { $category_list = $oDocumentModel->getCategoryList($obj->module_srl); if (!$category_list[$obj->category_srl]) { $obj->category_srl = 0; } } // Change the update order $obj->update_order = getNextSequence() * -1; // Hash by md5 if the password exists if ($obj->password) { $obj->password = md5($obj->password); } // If an author is identical to the modifier or history is used, use the logged-in user's information. if (Context::get('is_logged')) { $logged_info = Context::get('logged_info'); if ($source_obj->get('member_srl') == $logged_info->member_srl || $bUseHistory) { $obj->member_srl = $logged_info->member_srl; $obj->user_name = $logged_info->user_name; $obj->nick_name = $logged_info->nick_name; $obj->email_address = $logged_info->email_address; $obj->homepage = $logged_info->homepage; } } // For the document written by logged-in user however no nick_name exists if ($source_obj->get('member_srl') && !$obj->nick_name) { $obj->member_srl = $source_obj->get('member_srl'); $obj->user_name = $source_obj->get('user_name'); $obj->nick_name = $source_obj->get('nick_name'); $obj->email_address = $source_obj->get('email_address'); $obj->homepage = $source_obj->get('homepage'); } // If the tile is empty, extract string from the contents. settype($obj->title, "string"); if ($obj->title == '') { $obj->title = cut_str(strip_tags($obj->content), 20, '...'); } // If no tile extracted from the contents, leave it untitled. if ($obj->title == '') { $obj->title = 'Untitled'; } // Remove XE's own tags from the contents. $obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content); // Change not extra vars but language code of the original document if document's lang_code is different from author's setting. if ($source_obj->get('lang_code') != Context::getLangType()) { // Change not extra vars but language code of the original document if document's lang_code doesn't exist. if (!$source_obj->get('lang_code')) { $lang_code_args->document_srl = $source_obj->get('document_srl'); $lang_code_args->lang_code = Context::getLangType(); $output = executeQuery('document.updateDocumentsLangCode', $lang_code_args); } else { $extra_content->title = $obj->title; $extra_content->content = $obj->content; $document_args->document_srl = $source_obj->get('document_srl'); $document_output = executeQuery('document.getDocument', $document_args); $obj->title = $document_output->data->title; $obj->content = $document_output->data->content; } } // Remove iframe and script if not a top adminisrator in the session. if ($logged_info->is_admin != 'Y') { $obj->content = removeHackTag($obj->content); } // if temporary document, regdate is now setting if ($source_obj->get('status') == $this->getConfigStatus('temp')) { $obj->regdate = date('YmdHis'); } // Insert data into the DB $output = executeQuery('document.updateDocument', $obj); if (!$output->toBool()) { $oDB->rollback(); return $output; } // Remove all extra variables $this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType()); // Insert extra variables if the document successfully inserted. $extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl); if (count($extra_keys)) { foreach ($extra_keys as $idx => $extra_item) { $value = ''; if (isset($obj->{'extra_vars' . $idx})) { $tmp = $obj->{'extra_vars' . $idx}; if (is_array($tmp)) { $value = implode('|@|', $tmp); } else { $value = trim($tmp); } } elseif (isset($obj->{$extra_item->name})) { $value = trim($obj->{$extra_item->name}); } if (!isset($value)) { continue; } $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid); } } // Inert extra vars for multi-language support of title and contents. if ($extra_content->title) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType()); } if ($extra_content->content) { $this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType()); } // Update the category if the category_srl exists. if ($source_obj->get('category_srl') != $obj->category_srl || $source_obj->get('module_srl') == $logged_info->member_srl) { if ($source_obj->get('category_srl') != $obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl')); } if ($obj->category_srl) { $this->updateCategoryCount($obj->module_srl, $obj->category_srl); } } // Call a trigger (after) if ($output->toBool()) { $trigger_output = ModuleHandler::triggerCall('document.updateDocument', 'after', $obj); if (!$trigger_output->toBool()) { $oDB->rollback(); return $trigger_output; } } // commit $oDB->commit(); // Remove the thumbnail file FileHandler::removeDir(sprintf('files/cache/thumbnails/%s', getNumberingPath($obj->document_srl, 3))); $output->add('document_srl', $obj->document_srl); //remove from cache $oCacheHandler =& CacheHandler::getInstance('object'); if ($oCacheHandler->isSupport()) { $cache_key = 'object:' . $obj->document_srl; $oCacheHandler->delete($cache_key); $oCacheHandler->invalidateGroupKey('documentList'); //remove document item from cache $cache_key = 'object_document_item:' . $obj->document_srl; $oCacheHandler->delete($cache_key); } return $output; }
/** * Save the signature as a file * * @param int $member_srl * @param string $signature * * @return void */ function putSignature($member_srl, $signature) { $signature = trim(removeHackTag($signature)); $signature = preg_replace('/<(\\/?)(embed|object|param)/is', '<$1$2', $signature); $check_signature = trim(str_replace(array(' ', "\n", "\r"), '', strip_tags($signature, '<img><object>'))); $path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl)); $filename = sprintf('%s%d.signature.php', $path, $member_srl); if (!$check_signature) { return FileHandler::removeFile($filename); } $buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature); FileHandler::makeDir($path); FileHandler::writeFile($filename, $buff); }
/** * @brief Get user's signature */ function getSignature($member_srl) { if (!isset($GLOBALS['__member_info__']['signature'][$member_srl])) { $filename = sprintf('files/member_extra_info/signature/%s%d.signature.php', getNumberingPath($member_srl), $member_srl); if (file_exists($filename)) { $buff = FileHandler::readFile($filename); $signature = preg_replace('/<\\?.*\\?>/', '', $buff); $GLOBALS['__member_info__']['signature'][$member_srl] = removeHackTag($signature); } else { $GLOBALS['__member_info__']['signature'][$member_srl] = null; } } return $GLOBALS['__member_info__']['signature'][$member_srl]; }