function kboard_comments_script()
{
$mod = kboard_htmlclear($_GET['mod']);
$uid = intval($_GET['uid']);
if ($mod == 'document' && $uid) {
wp_enqueue_script('kboard-comments', 'http://contents.cosmosfarm.com/wordpress/kboard-comments.js', false);
}
}
function kboard_comments_script()
{
$mod = isset($_GET['mod']) ? kboard_htmlclear($_GET['mod']) : '';
$uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
if ($mod == 'document' && $uid) {
wp_enqueue_script('kboard-comments', 'http://contents.cosmosfarm.com/wordpress/kboard-comments.js', array(), KBOARD_COMMNETS_VERSION);
}
}
/**
* 이미지 추가하기 팝업창 화면을 출력한다.
*/
public function media()
{
$media = new KBContentMedia();
$media->board_id = intval(isset($_GET['board_id']) ? $_GET['board_id'] : '');
$media->content_uid = intval(isset($_GET['content_uid']) ? $_GET['content_uid'] : '');
$media->media_group = kboard_htmlclear(isset($_GET['media_group']) ? $_GET['media_group'] : '');
include_once KBOARD_DIR_PATH . '/template/media.php';
exit;
}
public function send()
{
$admin_email = get_option('admin_email');
if (is_array($this->to)) {
$this->to = implode(',', $this->to);
$this->to = str_replace(' ', '', $this->to);
}
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=EUC-KR' . "\r\n";
$headers .= 'To: ' . $this->to . "\r\n";
$headers .= 'From: ' . $admin_email . "\r\n";
$title = '[' . __('KBoard new document', 'kboard') . '] ' . $this->title;
$content = nl2br(kboard_htmlclear($this->content)) . '<br><br><a href="' . site_url() . '" onclick="window.open(this.href); return false;">' . site_url() . '</a>';
$result = mail($to, iconv('UTF-8', 'EUC-KR', $title), iconv('UTF-8', 'EUC-KR', $content), iconv('UTF-8', 'EUC-KR', $headers));
return $result;
}
/**
* KBoard 워드프레스 게시판 페이지 출력 함수
* @link www.cosmosfarm.com
* @copyright Copyright 2013 Cosmosfarm. All rights reserved.
* @license http://www.gnu.org/licenses/gpl.html
*/
function kboard_pagination($current_page, $total, $limit)
{
foreach ($_GET as $key => $value) {
if ($key != 'pageid' && $value) {
$query_strings[] = urlencode(kboard_xssfilter(kboard_htmlclear(trim($key)))) . '=' . urlencode(kboard_xssfilter(kboard_htmlclear(trim($value))));
}
}
if (isset($query_strings) && $query_strings) {
$query_strings = '&' . implode('&', $query_strings);
} else {
$query_strings = '';
}
$sliding_size = 10;
$total_page = ceil($total / $limit);
$paging = '';
$i = 0;
if ($current_page > $sliding_size) {
$i = $current_page - $current_page % $sliding_size;
}
// offset은 윈도의 마지막 페이지 번호다.
$offset = $i + $sliding_size;
// 윈도의 시작 $i 부터, 윈도우 마지막 까지 출력한다.
for ($i; $i < $offset && $i < $total_page; $i++) {
$page_name = $i + 1;
// 링크는 적당히 수정
if ($current_page != $page_name) {
$paging .= "<li><a href=\"?pageid={$page_name}{$query_strings}\">{$page_name}</a></li>";
} else {
$paging .= "<li class=\"active\"><a href=\"?pageid={$page_name}{$query_strings}\">{$page_name}</a></li>";
}
}
// 좌우 이동 화살표 «, »를 출력한다.
// 처음과 마지막 페이지가 아니라면 링크를 걸어주면 된다.
if ($current_page != 1) {
$prev_page = $current_page - 1;
$paging = "<li><a href=\"?pageid={$prev_page}{$query_strings}\">«</a></li>{$paging}";
}
if ($current_page != $total_page) {
$next_page = $current_page + 1;
$paging = "{$paging}<li><a href=\"?pageid={$next_page}{$query_strings}\">»</a></li>";
}
return $total ? $paging : '<li class="active"><a href="#" onclick="return false;">1</a></li>';
}
public function __construct($board_id = '')
{
$_GET['uid'] = intval($_GET['uid']);
$_GET['parent_uid'] = intval($_GET['parent_uid']);
$_GET['pageid'] = intval($_GET['pageid']);
$_GET['mod'] = kboard_xssfilter(kboard_htmlclear($_GET['mod']));
$_GET['category1'] = kboard_xssfilter(kboard_htmlclear($_GET['category1']));
$_GET['category2'] = kboard_xssfilter(kboard_htmlclear($_GET['category2']));
$_GET['keyword'] = kboard_xssfilter(kboard_htmlclear($_GET['keyword']));
$_GET['target'] = kboard_xssfilter(kboard_htmlclear($_GET['target']));
$_POST['uid'] = intval($_POST['uid']);
$_POST['mod'] = kboard_xssfilter(kboard_htmlclear($_POST['mod']));
$uid = $_GET['uid'] ? $_GET['uid'] : $_POST['uid'];
$mod = $_GET['mod'] ? $_GET['mod'] : $_POST['mod'];
$this->mod = in_array($mod, array('list', 'document', 'editor', 'remove')) ? $mod : apply_filters('kboard_default_build_mod', 'list');
$this->category1 = $_GET['category1'];
$this->category2 = $_GET['category2'];
$this->uid = $uid;
$this->skin = 'default';
if ($board_id) {
$this->setBoardID($board_id);
}
}
public function __construct($board_id = '')
{
$_GET['uid'] = isset($_GET['uid']) ? intval($_GET['uid']) : '';
$_GET['parent_uid'] = isset($_GET['parent_uid']) ? intval($_GET['parent_uid']) : '';
$_GET['pageid'] = isset($_GET['pageid']) ? intval($_GET['pageid']) : '';
$_GET['mod'] = isset($_GET['mod']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['mod']))) : '';
$_GET['category1'] = isset($_GET['category1']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['category1']))) : '';
$_GET['category2'] = isset($_GET['category2']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['category2']))) : '';
$_GET['keyword'] = isset($_GET['keyword']) ? addslashes(str_replace(array('/', '\\', '"', '\'', ':', '+', '-', '=', '`', '[', ']', '{', '}', '(', ')', '<', '>'), '', kboard_xssfilter(kboard_htmlclear($_GET['keyword'])))) : '';
$_GET['target'] = isset($_GET['target']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_GET['target']))) : '';
$_GET['kboard_id'] = isset($_GET['kboard_id']) ? intval($_GET['kboard_id']) : '';
$_POST['uid'] = isset($_POST['uid']) ? intval($_POST['uid']) : '';
$_POST['mod'] = isset($_POST['mod']) ? addslashes(kboard_xssfilter(kboard_htmlclear($_POST['mod']))) : '';
$uid = $_GET['uid'] ? $_GET['uid'] : $_POST['uid'];
$mod = $_GET['mod'] ? $_GET['mod'] : $_POST['mod'];
$this->mod = in_array($mod, array('list', 'document', 'editor', 'remove')) ? $mod : apply_filters('kboard_default_build_mod', 'list', $board_id);
$this->category1 = $_GET['category1'];
$this->category2 = $_GET['category2'];
$this->uid = $uid;
$this->skin = 'default';
if ($board_id) {
$this->setBoardID($board_id);
}
}
function kboard_upgrade()
{
if (!current_user_can('activate_plugins')) {
wp_die('KBoard : 설치 권한이 없습니다.');
}
$action = kboard_htmlclear($_GET['action']);
$download_url = kboard_htmlclear($_GET['download_url']);
$download_version = kboard_htmlclear($_GET['download_version']);
$form_url = wp_nonce_url(admin_url("/admin.php?page=kboard_upgrade&action={$action}" . ($download_url ? "&download_url={$download_url}" : '') . ($download_version ? "&download_version={$download_version}" : '')), 'kboard_upgrade');
$upgrader = KBUpgrader::getInstance();
if ($action == 'kboard') {
if ($upgrader->getLatestVersion()->kboard <= KBOARD_VERSION) {
die('<script>alert("최신버전 입니다.");location.href="' . KBOARD_DASHBOARD_PAGE . '"</script>');
}
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_PLUGINS)) {
exit;
}
$download_file = $upgrader->download(KBUpgrader::$CONNECT_KBOARD, $upgrader->getLatestVersion()->kboard, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_PLUGINS);
die('<script>alert("완료 되었습니다.");location.href="' . KBOARD_DASHBOARD_PAGE . '"</script>');
} else {
if ($action == 'comments') {
if (defined('KBOARD_COMMNETS_VERSION')) {
if ($upgrader->getLatestVersion()->comments <= KBOARD_COMMNETS_VERSION) {
die('<script>alert("최신버전 입니다.");location.href="' . KBOARD_DASHBOARD_PAGE . '"</script>');
}
}
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_PLUGINS)) {
exit;
}
$download_file = $upgrader->download(KBUpgrader::$CONNECT_COMMENTS, $upgrader->getLatestVersion()->comments, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_PLUGINS);
die('<script>alert("완료 되었습니다.");location.href="' . KBOARD_DASHBOARD_PAGE . '"</script>');
} else {
if ($action == 'plugin') {
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_PLUGINS)) {
exit;
}
$download_file = $upgrader->download($download_url, $download_version, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_PLUGINS);
die('<script>alert("완료 되었습니다.");location.href="' . admin_url('/plugins.php') . '"</script>');
} else {
if ($action == 'theme') {
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_THEMES)) {
exit;
}
$download_file = $upgrader->download($download_url, $download_version, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_THEMES);
die('<script>alert("완료 되었습니다.");location.href="' . admin_url('/themes.php') . '"</script>');
} else {
if ($action == 'kboard-skin') {
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_KBOARD_SKIN)) {
exit;
}
$download_file = $upgrader->download($download_url, $download_version, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_KBOARD_SKIN);
die('<script>alert("완료 되었습니다.");location.href="' . admin_url('/admin.php?page=kboard_store') . '"</script>');
} else {
if ($action == 'comments-skin') {
if (!$upgrader->credentials($form_url, WP_CONTENT_DIR . KBUpgrader::$TYPE_COMMENTS_SKIN)) {
exit;
}
$download_file = $upgrader->download($download_url, $download_version, $_SESSION['cosmosfarm_access_token']);
$install_result = $upgrader->install($download_file, KBUpgrader::$TYPE_COMMENTS_SKIN);
die('<script>alert("완료 되었습니다.");location.href="' . admin_url('/admin.php?page=kboard_store') . '"</script>');
} else {
die('<script>alert("설치에 실패 했습니다.");location.href="' . KBOARD_DASHBOARD_PAGE . '"</script>');
}
}
}
}
}
}
}
<?php
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
include $path . DIRECTORY_SEPARATOR . 'wp-load.php';
header("Content-Type: text/html; charset=UTF-8");
if (!stristr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = intval($_GET['uid']);
$file = addslashes(kboard_xssfilter(kboard_htmlclear(trim($_GET['file']))));
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
$board = new KBoard($content->board_id);
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID) {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url() . '";</script>');
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$name = $file_info->file_name;
if (!$file_info->file_path || !file_exists($path)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
header('Content-type: ' . kboard_mime_type($path));
/**
* 게시글의 옵션을 업데이트한다. (입력/수정/삭제)
* @param int $uid
*/
function update_options($uid)
{
global $wpdb;
foreach ($_REQUEST as $key => $value) {
if (strstr($key, $this->skin_option_prefix)) {
$key = addslashes(kboard_htmlclear(str_replace($this->skin_option_prefix, '', $key)));
$value = addslashes(kboard_xssfilter(trim($value)));
$present_value = $wpdb->get_var("SELECT `option_value` FROM `{$wpdb->prefix}kboard_board_option` WHERE `option_key`='{$key}' AND `content_uid`='{$uid}'");
if ($present_value) {
$this->_update_option($uid, $key, $value);
} else {
$this->_insert_option($uid, $key, $value);
}
}
}
$this->_remove_empty_option();
}
/**
* 작성자 메타태그를 추가한다.
*/
public function author()
{
echo '<meta name="author" content="' . kboard_htmlclear($this->content->member_display) . '">';
echo "\n";
}
/**
* INPUT으로 반환한다.
* @return string
*/
public function toInput()
{
foreach ($this->data as $key => $value) {
if ($value) {
$input[] = '<input type="hidden" name="' . kboard_xssfilter(kboard_htmlclear(trim($key))) . '" value="' . kboard_xssfilter(kboard_htmlclear(trim($value))) . '">';
}
}
$this->init();
return @implode('', $input);
}
/**
* 첨부파일 다운로드
*/
public function fileDownload()
{
global $wpdb;
header('X-Robots-Tag: noindex', true);
// 검색엔진 수집 금지
header('Content-Type: text/html; charset=UTF-8');
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
if ($referer) {
$url = parse_url($referer);
$referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : '');
} else {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
if (!in_array($referer_host, array($host))) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
if (isset($_GET['file'])) {
$file = trim($_GET['file']);
$file = kboard_htmlclear($file);
$file = kboard_xssfilter($file);
$file = esc_sql($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID && $board->permission_read == 'author') {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>');
} else {
if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) {
if (!$board->isConfirm($content->password, $content->uid)) {
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
if (!$board->isReader($parent->member_uid, $content->secret)) {
if (!$board->isConfirm($parent->password, $parent->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$filename = str_replace(' ', '-', $file_info->file_name);
if (!$file_info->file_path || !file_exists($path)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (get_option('kboard_attached_copy_download')) {
$unique_dir = uniqid();
$upload_dir = wp_upload_dir();
$temp_path = $upload_dir['basedir'] . '/kboard_temp';
$kboard_file_handler = new KBFileHandler();
$kboard_file_handler->deleteWithOvertime($temp_path, 60);
$kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}");
copy($path, "{$temp_path}/{$unique_dir}/{$filename}");
header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}");
} else {
$ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false);
if ($ie) {
$filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename);
}
header('Content-type: ' . kboard_mime_type($path));
header('Content-Disposition: attachment; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-length: ' . sprintf('%d', filesize($path)));
header('Expires: 0');
if ($ie) {
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
} else {
header('Pragma: no-cache');
}
$fp = fopen($path, 'rb');
fpassthru($fp);
fclose($fp);
}
exit;
}
/**
* 게시글과 미디어의 관계를 입력한다.
* @param int $uid
*/
public function addMediaRelationships($uid)
{
$media = new KBContentMedia();
$media->content_uid = $uid;
$media->media_group = kboard_htmlclear(isset($_POST['media_group']) ? $_POST['media_group'] : '');
$media->addRelationships();
}
/**
* 댓글 정보를 입력한다.
* @param int $parent_uid
* @param int $user_uid
* @param string $user_display
* @param string $content
* @param string $password
*/
public function add($parent_uid, $user_uid, $user_display, $content, $password = '')
{
global $wpdb;
$content_uid = $this->content_uid;
$parent_uid = intval($parent_uid);
$user_uid = intval($user_uid);
$user_display = addslashes(kboard_xssfilter(kboard_htmlclear(trim($user_display))));
$content = addslashes(kboard_xssfilter(trim($content)));
$password = addslashes(kboard_xssfilter(kboard_htmlclear(trim($password))));
$created = current_time('YmdHis');
$wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_comments` (`content_uid`, `parent_uid`, `user_uid`, `user_display`, `content`, `created`, `password`) VALUE ('{$content_uid}', '{$parent_uid}', '{$user_uid}', '{$user_display}', '{$content}', '{$created}', '{$password}')");
$insert_id = $wpdb->insert_id;
// 댓글 숫자를 게시물에 등록한다.
$wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `comment`=`comment`+1 WHERE `uid`='" . $content_uid . "'");
// 댓글 입력 액션 훅 실행
do_action('kboard_comments_insert', $insert_id, $content_uid);
return $insert_id;
}
header('Content-Type: text/html; charset=UTF-8');
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
if ($referer) {
$url = parse_url($referer);
$referer_host = $url['host'];
} else {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
if (!in_array($referer_host, array($host))) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = intval($_GET['uid']);
if (isset($_GET['file'])) {
$file = trim($_GET['file']);
$file = kboard_htmlclear($file);
$file = kboard_xssfilter($file);
$file = addslashes($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (!strstr($referer, basename(__FILE__))) {
$_SESSION['redirect_uri'] = $referer;
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
/**
* 상품 리스트 페이지
*/
public static function productsList()
{
$category = isset($_GET['kbstore_category']) ? kboard_htmlclear($_GET['kbstore_category']) : '';
include KBOARD_DIR_PATH . '/pages/kboard_store.php';
}
/**
* 게시글 비밀번호와 일치하는지 확인한다.
* @param string $password
* @param int $content_uid
* @param boolean $reauth
* @return boolean
*/
public function isConfirm($password, $content_uid, $reauth = false)
{
if (!$password || !$content_uid) {
return false;
}
$submitted_password = isset($_POST['password']) ? kboard_htmlclear(trim($_POST['password'])) : '';
if ($reauth) {
if ($submitted_password == $password) {
$_SESSION['kboard_confirm'][$content_uid] = $password;
return true;
}
} else {
if (isset($_SESSION['kboard_confirm']) && isset($_SESSION['kboard_confirm'][$content_uid]) && $_SESSION['kboard_confirm'][$content_uid] == $password) {
return true;
} else {
if ($submitted_password == $password) {
$_SESSION['kboard_confirm'][$content_uid] = $password;
return true;
}
}
}
return false;
}
/**
* 글 작성자 이름을 반환한다.
* @param string $username
* @return string
*/
public function getUsername($username = '')
{
if ($this->content->member_display) {
return trim(kboard_htmlclear($this->content->member_display));
} else {
return $username;
}
}
