本文整理汇总了PHP中removeHackTag函数的典型用法代码示例。如果您正苦于以下问题:PHP removeHackTag函数的具体用法?PHP removeHackTag怎么用?PHP removeHackTag使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了removeHackTag函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: updateComment
/**
* Fix the comment
* @param object $obj
* @param bool $is_admin
* @param bool $manual_updated
* @return object
*/
function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
$obj->__isupdate = TRUE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel = getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
//.........这里部分代码省略.........
示例2: updateComment
/**
* @brief fix the comment
**/
function updateComment($obj, $is_admin = false)
{
$obj->__isupdate = true;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel =& getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = md5($obj->password);
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
//remove from cache
$oCacheHandler =& CacheHandler::getInstance('object');
if ($oCacheHandler->isSupport()) {
$oCacheHandler->invalidateGroupKey('commentList');
}
return $output;
}示例3: sendMessage
/**
* Send a message (DB controll)
* @param int $sender_srl member_srl of sender
* @param int $receiver_srl member_srl of receiver_srl
* @param string $title
* @param string $content
* @param boolean $sender_log (default true)
* @return Object
**/
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true)
{
$content = removeHackTag($content);
$title = htmlspecialchars($title);
// messages to save in the sendor's message box
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->related_srl = getNextSequence();
$sender_args->message_srl = getNextSequence();
$sender_args->list_order = getNextSequence() * -1;
// messages to save in the receiver's message box
$receiver_args->message_srl = $sender_args->related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $sender_args->related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
$oDB =& DB::getInstance();
$oDB->begin();
// messages to save in the sendor's message box
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// messages to save in the receiver's message box
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// create a flag that message is sent (in file format)
$flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl);
FileHandler::makeDir($flag_path);
$flag_file = sprintf('%s%s', $flag_path, $receiver_srl);
$flag_count = FileHandler::readFile($flag_file);
FileHandler::writeFile($flag_file, ++$flag_count);
$oDB->commit();
return new Object(0, 'success_sended');
}示例4: importMember
//.........这里部分代码省略.........
$obj->point = base64_decode($xmlObj->member->point->body);
$obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body);
$obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body);
$obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body);
$obj->signature = base64_decode($xmlObj->member->signature->body);
$obj->regdate = base64_decode($xmlObj->member->regdate->body);
$obj->last_login = base64_decode($xmlObj->member->last_login->body);
if ($xmlObj->member->extra_vars) {
foreach ($xmlObj->member->extra_vars as $key => $val) {
if (in_array($key, array('node_name', 'attrs', 'body'))) {
continue;
}
$obj->extra_vars->{$key} = base64_decode($val->body);
}
}
// Create url for homepage and blog
if ($obj->homepage && strncasecmp('http://', $obj->homepage, 7) !== 0 && strncasecmp('https://', $obj->homepage, 8) !== 0) {
$obj->homepage = 'http://' . $obj->homepage;
}
// email address column
$obj->email_address = $obj->email;
list($obj->email_id, $obj->email_host) = explode('@', $obj->email);
// Set the mailing option
if ($obj->allow_mailing != 'Y') {
$obj->allow_mailing = 'N';
}
// Set the message option
$obj->allow_message = 'Y';
if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) {
$obj->allow_message = 'Y';
}
// Get member-join date if the last login time is not found
if (!$obj->last_login) {
$obj->last_login = $obj->regdate;
}
// Get a member_srl
$obj->member_srl = getNextSequence();
$obj->list_order = -1 * $obj->member_srl;
// List extra vars
$extra_vars = $obj->extra_vars;
unset($obj->extra_vars);
$obj->extra_vars = serialize($extra_vars);
// Check if the same nickname is existing
$nick_args = new stdClass();
$nick_args->nick_name = $obj->nick_name;
$nick_output = executeQuery('member.getMemberSrl', $nick_args);
if (!$nick_output->toBool()) {
$obj->nick_name .= '_' . $obj->member_srl;
}
// Add a member
$output = executeQuery('member.insertMember', $obj);
if ($output->toBool() && !$obj->password) {
// Send a mail telling the user to reset his password.
$oMail = new Mail();
$oMail->setTitle("Password update for your " . getFullSiteUrl() . " account");
$webmaster_name = $member_config->webmaster_name ? $member_config->webmaster_name : 'Webmaster';
$oMail->setContent("Dear {$obj->user_name}, <br /><br />\n\t\t\t\t\t\tWe recently migrated our phpBB forum to XpressEngine. Since you password was encrypted we could not migrate it too, so please reset it by following this link:\n\t\t\t\t\t\t<a href='" . getFullSiteUrl() . "/?act=dispMemberFindAccount' >" . getFullSiteUrl() . "?act=dispMemberFindAccount</a>. You need to enter you email address and hit the 'Find account' button. You will then receive an email with a new, generated password that you can change after login. <br /><br />\n\n\t\t\t\t\t\tThank you for your understanding,<br />\n\t\t\t\t\t\t{$webmaster_name}");
$oMail->setSender($webmaster_name, $member_config->webmaster_email);
$oMail->setReceiptor($obj->user_name, $obj->email);
$oMail->send();
}
// add group join/image name-mark-signiture and so on if a new member successfully added
if ($output->toBool()) {
// Join to the default group
$obj->group_srl = $default_group_srl;
executeQuery('member.addMemberToGroup', $obj);
// Image name
if ($obj->image_nickname) {
$target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_nickname);
}
// Image mark
if ($obj->image_mark && file_exists($obj->image_mark)) {
$target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_mark);
}
// Profile image
if ($obj->profile_image) {
$target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->profile_image);
}
// Signiture
if ($obj->signature) {
$signature = removeHackTag($obj->signature);
$signature_buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature);
$target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl));
if (!is_dir($target_path)) {
FileHandler::makeDir($target_path);
}
$target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $signature_buff);
}
}
}
fclose($f);
return $idx - 1;
}示例5: importMember
//.........这里部分代码省略.........
if (!$obj->user_name) {
$obj->user_name = $obj->nick_name;
}
$obj->email = base64_decode($xmlObj->member->email->body);
$obj->homepage = base64_decode($xmlObj->member->homepage->body);
$obj->blog = base64_decode($xmlObj->member->blog->body);
$obj->birthday = substr(base64_decode($xmlObj->member->birthday->body), 0, 8);
$obj->allow_mailing = base64_decode($xmlObj->member->allow_mailing->body);
$obj->point = base64_decode($xmlObj->member->point->body);
$obj->image_nickname = base64_decode($xmlObj->member->image_nickname->buff->body);
$obj->image_mark = base64_decode($xmlObj->member->image_mark->buff->body);
$obj->profile_image = base64_decode($xmlObj->member->profile_image->buff->body);
$obj->signature = base64_decode($xmlObj->member->signature->body);
$obj->regdate = base64_decode($xmlObj->member->regdate->body);
$obj->last_login = base64_decode($xmlObj->member->last_login->body);
if ($xmlObj->member->extra_vars) {
foreach ($xmlObj->member->extra_vars as $key => $val) {
if (in_array($key, array('node_name', 'attrs', 'body'))) {
continue;
}
$obj->extra_vars->{$key} = base64_decode($val->body);
}
}
// homepage, blog의 url을 정확히 만듬
if ($obj->homepage && !preg_match("/^http:\\/\\//i", $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
if ($obj->blog && !preg_match("/^http:\\/\\//i", $obj->blog)) {
$obj->blog = 'http://' . $obj->blog;
}
// email address 필드 정리
$obj->email_address = $obj->email;
list($obj->email_id, $obj->email_host) = explode('@', $obj->email);
// 메일링 허용 체크
if ($obj->allow_mailing != 'Y') {
$obj->allow_mailing = 'N';
}
// 쪽지 수신 체크
$obj->allow_message = 'Y';
if (!in_array($obj->allow_message, array('Y', 'N', 'F'))) {
$obj->allow_message = 'Y';
}
// 최종 로그인 시간이 없으면 가입일을 입력
if (!$obj->last_login) {
$obj->last_login = $obj->regdate;
}
// 회원 번호를 구함
$obj->member_srl = getNextSequence();
// 확장변수의 정리
$extra_vars = $obj->extra_vars;
unset($obj->extra_vars);
$obj->extra_vars = serialize($extra_vars);
// 중복되는 nick_name 데이터가 있는지 체크
$nick_args = null;
$nick_args->nick_name = $obj->nick_name;
$nick_output = executeQuery('member.getMemberSrl', $nick_args);
if (!$nick_output->toBool()) {
$obj->nick_name .= '_' . $obj->member_srl;
}
// 회원 추가
$output = executeQuery('member.insertMember', $obj);
// 입력 성공시 그룹 가입/ 이미지이름-마크-서명등을 추가
if ($output->toBool()) {
// 기본 그룹 가입 시킴
$obj->group_srl = $default_group_srl;
executeQuery('member.addMemberToGroup', $obj);
// 이미지네임
if ($obj->image_nickname) {
$target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_nickname);
}
// 이미지마크
if ($obj->image_mark && file_exists($obj->image_mark)) {
$target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->image_mark);
}
// 프로필 이미지
if ($obj->profile_image) {
$target_path = sprintf('files/member_extra_info/profile_image/%s/', getNumberingPath($obj->member_srl));
$target_filename = sprintf('%s%d.gif', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $obj->profile_image);
}
// 서명
if ($obj->signature) {
$signature = removeHackTag($obj->signature);
$signature_buff = sprintf('<?php if(!defined("__ZBXE__")) exit();?>%s', $signature);
$target_path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($obj->member_srl));
if (!is_dir($target_path)) {
FileHandler::makeDir($target_path);
}
$target_filename = sprintf('%s%d.signature.php', $target_path, $obj->member_srl);
FileHandler::writeFile($target_filename, $signature_buff);
}
}
}
fclose($f);
return $idx - 1;
}示例6: updateDocument
//.........这里部分代码省略.........
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// 로그인한 유저가 작성한 글인데 nick_name이 없을 경우
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// 제목이 없으면 내용에서 추출
settype($obj->title, "string");
if ($obj->title == '') {
$obj->title = cut_str(strip_tags($obj->content), 20, '...');
}
//그래도 없으면 Untitled
if ($obj->title == '') {
$obj->title = 'Untitled';
}
// 내용에서 XE만의 태그를 삭제
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// 글쓴이의 언어변수와 원문의 언어변수가 다르면 확장변수로 처리
if ($source_obj->get('lang_code') != Context::getLangType()) {
// 원문의 언어변수가 없을경우 확장변수가 아닌 원문의 언어변수를 변경
if (!$source_obj->get('lang_code')) {
$lang_code_args->document_srl = $source_obj->get('document_srl');
$lang_code_args->lang_code = Context::getLangType();
$output = executeQuery('document.updateDocumentsLangCode', $lang_code_args);
} else {
$extra_content->title = $obj->title;
$extra_content->content = $obj->content;
$document_args->document_srl = $source_obj->get('document_srl');
$document_output = executeQuery('document.getDocument', $document_args);
$obj->title = $document_output->data->title;
$obj->content = $document_output->data->content;
}
}
// 세션에서 최고 관리자가 아니면 iframe, script 제거
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// DB에 입력
$output = executeQuery('document.updateDocument', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// 모든 확장 변수 삭제
$this->deleteDocumentExtraVars($source_obj->get('module_srl'), $obj->document_srl, null, Context::getLangType());
// 등록 성공시 확장 변수 등록
$extra_keys = $oDocumentModel->getExtraKeys($obj->module_srl);
if (count($extra_keys)) {
foreach ($extra_keys as $idx => $extra_item) {
$value = '';
if (isset($obj->{'extra_vars' . $idx})) {
$value = trim($obj->{'extra_vars' . $idx});
} elseif (isset($obj->{$extra_item->name})) {
$value = trim($obj->{$extra_item->name});
}
if (!isset($value)) {
continue;
}
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, $idx, $value, $extra_item->eid);
}
}
// 제목/내용의 다국어 확장변수 등록
if ($extra_content->title) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -1, $extra_content->title, 'title_' . Context::getLangType());
}
if ($extra_content->content) {
$this->insertDocumentExtraVar($obj->module_srl, $obj->document_srl, -2, $extra_content->content, 'content_' . Context::getLangType());
}
// 성공하였을 경우 category_srl이 있으면 카테고리 update
if ($source_obj->get('category_srl') != $obj->category_srl) {
if ($source_obj->get('category_srl')) {
$this->updateCategoryCount($obj->module_srl, $source_obj->get('category_srl'));
}
if ($obj->category_srl) {
$this->updateCategoryCount($obj->module_srl, $obj->category_srl);
}
}
// trigger 호출 (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('document.updateDocument', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
// 썸네일 파일 제거
FileHandler::removeDir(sprintf('files/cache/thumbnails/%s', getNumberingPath($obj->document_srl, 3)));
$output->add('document_srl', $obj->document_srl);
return $output;
}示例7: updateComment
/**
* @brief 댓글 수정
**/
function updateComment($obj, $is_admin = false)
{
$obj->__isupdate = true;
// trigger 호출 (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// comment model 객체 생성
$oCommentModel =& getModel('comment');
// 원본 데이터를 가져옴
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// 권한이 있는지 확인
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = md5($obj->password);
}
if ($obj->homepage && !preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
// 로그인 되어 있고 작성자와 수정자가 동일하면 수정자의 정보를 세팅
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// 로그인한 유저가 작성한 글인데 nick_name이 없을 경우
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// 내용에서 XE만의 태그를 삭제
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
// 세션에서 최고 관리자가 아니면 iframe, script 제거
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
// 업데이트
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// trigger 호출 (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
}示例8: sendMessage
/**
* Send a message (DB control)
* @param int $sender_srl member_srl of sender
* @param int $receiver_srl member_srl of receiver_srl
* @param string $title
* @param string $content
* @param boolean $sender_log (default true)
* @return Object
*/
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = TRUE)
{
// Encode the title and content.
$title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$content = removeHackTag($content);
$title = utf8_mbencode($title);
$content = utf8_mbencode($content);
$message_srl = getNextSequence();
$related_srl = getNextSequence();
// messages to save in the sendor's message box
$sender_args = new stdClass();
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->message_srl = $message_srl;
$sender_args->related_srl = $related_srl;
$sender_args->list_order = $sender_args->message_srl * -1;
// messages to save in the receiver's message box
$receiver_args = new stdClass();
$receiver_args->message_srl = $related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->sender_srl = $sender_srl;
$trigger_obj->receiver_srl = $receiver_srl;
$trigger_obj->message_srl = $message_srl;
$trigger_obj->related_srl = $related_srl;
$trigger_obj->title = $title;
$trigger_obj->content = $content;
$trigger_obj->sender_log = $sender_log;
$trigger_output = ModuleHandler::triggerCall('communication.sendMessage', 'before', $trigger_obj);
if (!$trigger_output->toBool()) {
return $trigger_output;
}
$oDB = DB::getInstance();
$oDB->begin();
// messages to save in the sendor's message box
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// messages to save in the receiver's message box
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// Call a trigger (after)
ModuleHandler::triggerCall('communication.sendMessage', 'after', $trigger_obj);
$oDB->commit();
// create a flag that message is sent (in file format)
$this->updateFlagFile($receiver_srl);
return new Object(0, 'success_sended');
}示例9: setContent
function setContent($content)
{
$this->add('content', removeHackTag($content));
}示例10: testXSS
/**
* @dataProvider xssProvider
*/
public function testXSS($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}示例11: getValue
/**
* Returns a value for HTML
*
* @return string Returns filtered value
*/
function getValue()
{
return removeHackTag($this->value);
}示例12: sendMessage
function sendMessage($sender_srl, $receiver_srl, $title, $content, $sender_log = true)
{
$content = removeHackTag($content);
// 보내는 사용자의 쪽지함에 넣을 쪽지
$sender_args->sender_srl = $sender_srl;
$sender_args->receiver_srl = $receiver_srl;
$sender_args->message_type = 'S';
$sender_args->title = $title;
$sender_args->content = $content;
$sender_args->readed = 'N';
$sender_args->regdate = date("YmdHis");
$sender_args->related_srl = getNextSequence();
$sender_args->message_srl = getNextSequence();
$sender_args->list_order = getNextSequence() * -1;
// 받는 회원의 쪽지함에 넣을 쪽지
$receiver_args->message_srl = $sender_args->related_srl;
$receiver_args->related_srl = 0;
$receiver_args->list_order = $sender_args->related_srl * -1;
$receiver_args->sender_srl = $sender_srl;
if (!$receiver_args->sender_srl) {
$receiver_args->sender_srl = $receiver_srl;
}
$receiver_args->receiver_srl = $receiver_srl;
$receiver_args->message_type = 'R';
$receiver_args->title = $title;
$receiver_args->content = $content;
$receiver_args->readed = 'N';
$receiver_args->regdate = date("YmdHis");
$oDB =& DB::getInstance();
$oDB->begin();
// 발송하는 회원의 쪽지함에 넣을 쪽지
if ($sender_srl && $sender_log) {
$output = executeQuery('communication.sendMessage', $sender_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
}
// 받을 회원의 쪽지함에 넣을 쪽지
$output = executeQuery('communication.sendMessage', $receiver_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// 받는 회원의 쪽지 발송 플래그 생성 (파일로 생성)
$flag_path = './files/member_extra_info/new_message_flags/' . getNumberingPath($receiver_srl);
FileHandler::makeDir($flag_path);
$flag_file = sprintf('%s%s', $flag_path, $receiver_srl);
$flag_count = FileHandler::readFile($flag_file);
FileHandler::writeFile($flag_file, ++$flag_count);
$oDB->commit();
return new Object(0, 'success_sended');
}示例13: _removeSpecialTag
function _removeSpecialTag($content)
{
return removeHackTag($content);
}示例14: insertFile
/**
* Add an attachement
*
* <pre>
* This method call trigger 'file.insertFile'.
*
* Before trigger object contains:
* - module_srl
* - upload_target_srl
*
* After trigger object contains:
* - file_srl
* - upload_target_srl
* - module_srl
* - direct_download
* - source_filename
* - uploaded_filename
* - donwload_count
* - file_size
* - comment
* - member_srl
* - sid
* </pre>
*
* @param object $file_info PHP file information array
* @param int $module_srl Sequence of module to upload file
* @param int $upload_target_srl Sequence of target to upload file
* @param int $download_count Initial download count
* @param bool $manual_insert If set true, pass validation check
* @return Object
*/
function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
{
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->module_srl = $module_srl;
$trigger_obj->upload_target_srl = $upload_target_srl;
$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
if (!$output->toBool()) {
return $output;
}
// A workaround for Firefox upload bug
if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) {
$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
}
if (!$manual_insert) {
// Get the file configurations
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
$oFileModel = getModel('file');
$config = $oFileModel->getFileConfig($module_srl);
// check file type
if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') {
$filetypes = explode(';', $config->allowed_filetypes);
$ext = array();
foreach ($filetypes as $item) {
$item = explode('.', $item);
$ext[] = strtolower($item[1]);
}
$uploaded_ext = explode('.', $file_info['name']);
$uploaded_ext = strtolower(array_pop($uploaded_ext));
if (!in_array($uploaded_ext, $ext)) {
return $this->stop('msg_not_allowed_filetype');
}
}
$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
// An error appears if file size exceeds a limit
if ($allowed_filesize < filesize($file_info['tmp_name'])) {
return new Object(-1, 'msg_exceeds_limit_size');
}
// Get total file size of all attachements (from DB)
$size_args = new stdClass();
$size_args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getAttachedFileSize', $size_args);
$attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
if ($attached_size > $allowed_attach_size) {
return new Object(-1, 'msg_exceeds_limit_size');
}
}
}
// https://github.com/xpressengine/xe-core/issues/1713
$file_info['name'] = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']);
$file_info['name'] = removeHackTag($file_info['name']);
$file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']);
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file
if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) {
$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
// special character to '_'
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'], '.'), 1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext;
$filename = $path . $_filename;
$idx = 1;
while (file_exists($filename)) {
$filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
$idx++;
//.........这里部分代码省略.........
示例15: updateDocument
/**
* Update the document
* @param object $source_obj
* @param object $obj
* @param bool $manual_updated
* @return object
*/
function updateDocument($source_obj, $obj, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!$source_obj->document_srl || !$obj->document_srl) {
return new Object(-1, 'msg_invalied_request');
}
if (!$obj->status && $obj->is_secret == 'Y') {
$obj->status = 'SECRET';
}
if (!$obj->status) {
$obj->status = 'PUBLIC';
}
// Call a trigger (before)
$output = ModuleHandler::triggerCall('document.updateDocument', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// begin transaction
$oDB =& DB::getInstance();
$oDB->begin();
$oModuleModel = getModel('module');
if (!$obj->module_srl) {
$obj->module_srl = $source_obj->get('module_srl');
}
$module_srl = $obj->module_srl;
$module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl);
$document_config = $oModuleModel->getModulePartConfig('document', $module_srl);
if (!$document_config) {
$document_config = new stdClass();
}
if (!isset($document_config->use_history)) {
$document_config->use_history = 'N';
}
$bUseHistory = $document_config->use_history == 'Y' || $document_config->use_history == 'Trace';
if ($bUseHistory) {
$args = new stdClass();
$args->history_srl = getNextSequence();
$args->document_srl = $obj->document_srl;
$args->module_srl = $module_srl;
if ($document_config->use_history == 'Y') {
$args->content = $source_obj->get('content');
}
$args->nick_name = $source_obj->get('nick_name');
$args->member_srl = $source_obj->get('member_srl');
$args->regdate = $source_obj->get('last_update');
$args->ipaddress = $source_obj->get('ipaddress');
$output = executeQuery("document.insertHistory", $args);
} else {
$obj->ipaddress = $source_obj->get('ipaddress');
}
// List variables
if ($obj->comment_status) {
$obj->commentStatus = $obj->comment_status;
}
if (!$obj->commentStatus) {
$obj->commentStatus = 'DENY';
}
if ($obj->commentStatus == 'DENY') {
$this->_checkCommentStatusForOldVersion($obj);
}
if ($obj->allow_trackback != 'Y') {
$obj->allow_trackback = 'N';
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
if ($obj->notify_message != 'Y') {
$obj->notify_message = 'N';
}
// can modify regdate only manager
$grant = Context::get('grant');
if (!$grant->manager) {
unset($obj->regdate);
}
// Serialize the $extra_vars
if (!is_string($obj->extra_vars)) {
$obj->extra_vars = serialize($obj->extra_vars);
}
// Remove the columns for automatic saving
unset($obj->_saved_doc_srl);
unset($obj->_saved_doc_title);
unset($obj->_saved_doc_content);
unset($obj->_saved_doc_message);
$oDocumentModel = getModel('document');
// Set the category_srl to 0 if the changed category is not exsiting.
if ($source_obj->get('category_srl') != $obj->category_srl) {
$category_list = $oDocumentModel->getCategoryList($obj->module_srl);
if (!$category_list[$obj->category_srl]) {
//.........这里部分代码省略.........