Merge branch 'release/1.11.1'

bnu · bnu · commit 44a98c25861e · 2018-10-17T14:18:37.000+09:00
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,4 @@ composer.lock
 *.sublime-project
 .codeintel
 
+install.config.php
diff --git a/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js b/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js
@@ -1144,10 +1144,10 @@
                 $.map(entries, function (entry) {
                     return that._handleFileTreeEntry(entry, path);
                 })
-            ).then(function (entries) {
+            ).then(function () {
                 return Array.prototype.concat.apply(
                     [],
-                    entries
+                    arguments
                 );
             });
         },
diff --git a/common/tpl/common_layout.html b/common/tpl/common_layout.html
@@ -67,7 +67,7 @@
 <!--@if(stripos(Context::get('act'),'admin') || Context::get('module') == 'admin')-->
 {@$isAdminKind = true}
 <!--@end-->
-<body{Context::getBodyClass()}>
+<body{Context::getBodyClass()|noescape}>
 {Context::getBodyHeader()|noescape}
 {$content|noescape}
 {Context::getHtmlFooter()|noescape}
diff --git a/config/config.inc.php b/config/config.inc.php
@@ -29,7 +29,7 @@
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.11.0');
+define('__XE_VERSION__', '1.11.1');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));
diff --git a/config/func.inc.php b/config/func.inc.php
@@ -1780,6 +1780,12 @@ function reload($isOpener = FALSE)
 </script>';
 }
 
+
+function isDefinedLangCode($str)
+{
+	return preg_match('!\$user_lang->([a-z0-9\_]+)$!is', trim($str));
+}
+
 /**
  * This function is a shortcut to htmlspecialchars().
  *
@@ -1790,8 +1796,10 @@ function reload($isOpener = FALSE)
  * @param bool $double_escape Set this to false to skip symbols that are already escaped (default: true)
  * @return string
  */
-function escape($str, $double_escape = true)
+function escape($str, $double_escape = true, $escape_defined_lang_code = false)
 {
+	if(!$escape_defined_lang_code && isDefinedLangCode($str)) return $str;
+
 	$flags = ENT_QUOTES | ENT_SUBSTITUTE;
 	return htmlspecialchars($str, $flags, 'UTF-8', $double_escape);
 }
diff --git a/modules/document/document.admin.controller.php b/modules/document/document.admin.controller.php
@@ -108,6 +108,12 @@ function moveDocumentModule($document_srl_list, $module_srl, $category_srl)
 						$file_info['tmp_name'] = $val->uploaded_filename;
 						$file_info['name'] = $val->source_filename;
 						$inserted_file = $oFileController->insertFile($file_info, $module_srl, $obj->document_srl, $val->download_count, true);
+
+						if(!$inserted_file->toBool()) {
+							$oDB->rollback();
+							return $inserted_file;
+						}
+
 						if($inserted_file && $inserted_file->toBool())
 						{
 							// for image/video files
@@ -301,6 +307,12 @@ function copyDocumentModule($document_srl_list, $module_srl, $category_srl)
 					$file_info['name'] = $val->source_filename;
 					$oFileController = getController('file');
 					$inserted_file = $oFileController->insertFile($file_info, $module_srl, $obj->document_srl, 0, true);
+
+					if(!$inserted_file->toBool()) {
+						$oDB->rollback();
+						return $inserted_file;
+					}
+
 					// if image/video files
 					if($val->direct_download == 'Y')
 					{
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
@@ -746,7 +746,7 @@ function insertFile($file_info, $module_srl, $upload_target_srl, $download_count
 		if(!FileHandler::makeDir($path)) return new BaseObject(-1,'msg_not_permitted_create');
 
 		// Check uploaded file
-		if(!checkUploadedFile($file_info['tmp_name']))  return new BaseObject(-1,'msg_file_upload_error');
+		if(!$manual_insert && !checkUploadedFile($file_info['tmp_name']))  return new BaseObject(-1,'msg_file_upload_error');
 
 		// Get random number generator
 		$random = new Password();
diff --git a/modules/module/module.model.php b/modules/module/module.model.php
@@ -403,7 +403,6 @@ function getModuleInfoByModuleSrl($module_srl, $columnList = array())
 		else $module_info = $mid_info;
 
 		$oModuleController = getController('module');
-		if(isset($module_info->browser_title)) $oModuleController->replaceDefinedLangCode($module_info->browser_title);
 
 		$this->applyDefaultSkin($module_info);
 		return $this->addModuleExtraVars($module_info);
diff --git a/modules/module/tpl/module_selector.html b/modules/module/tpl/module_selector.html
@@ -43,7 +43,7 @@ <h2 cond="$key" style="margin-top:40px;">{$key}</h2>
 			{@ $_idx =0; }
 			<!--@foreach($val as $k => $v)-->
 				<!--@if($_idx >0)--><tr><!--@end-->
-				{@ $browser_title = str_replace("'", "\\'", htmlspecialchars($v->browser_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)); }
+				{@ $browser_title = str_replace("'", "\\'", escape($v->browser_title, false)); }
 				<td>{$k}</td>
 				<td>{$v->browser_title}</td>
 				<td><a href="#" onclick="insertModule('{$id}', {$v->module_srl}, '{$k}', '{$browser_title}',{$type=='single'?'false':'true'}); return false;" class="button green"><span>{$type=='single'?$lang->cmd_select:$lang->cmd_insert}</span></a></td>
diff --git a/modules/seo/seo.class.php b/modules/seo/seo.class.php
@@ -123,7 +123,7 @@ protected function applySEO()
 			$na_script = <<< NASCRIPT
 <!-- NAVER Analytics -->
 <script src="//wcs.naver.net/wcslog.js"></script>
-<script>if(!wcs_add){var wcs_add={wa:'{$config->na_id}'};}if(typeof wcs_do!="undefined"){wcs_do();}</script>
+<script>if(!wcs_add){var wcs_add={};};wcs_add['wa']='{$config->na_id}';if(typeof wcs_do!="undefined"){wcs_do();}</script>
 NASCRIPT;
 			Context::addHtmlFooter($na_script . PHP_EOL);
 		}

Original file line number	Diff line number	Diff line change
`@@ -23,3 +23,4 @@ composer.lock`
`23`	`23`	`*.sublime-project`
`24`	`24`	`.codeintel`
`25`	`25`
	`26`	`+install.config.php`
Original file line number	Diff line number	Diff line change
`@@ -1780,6 +1780,12 @@ function reload($isOpener = FALSE)`
`1780`	`1780`	`</script>';`
`1781`	`1781`	`}`
`1782`	`1782`
	`1783`	`+`
	`1784`	`+function isDefinedLangCode($str)`
	`1785`	`+{`
	`1786`	`+ return preg_match('!\$user_lang->([a-z0-9\_]+)$!is', trim($str));`
	`1787`	`+}`
	`1788`	`+`
`1783`	`1789`	`/**`
`1784`	`1790`	`* This function is a shortcut to htmlspecialchars().`
`1785`	`1791`	`*`
`@@ -1790,8 +1796,10 @@ function reload($isOpener = FALSE)`
`1790`	`1796`	`* @param bool $double_escape Set this to false to skip symbols that are already escaped (default: true)`
`1791`	`1797`	`* @return string`
`1792`	`1798`	`*/`
`1793`		`-function escape($str, $double_escape = true)`
	`1799`	`+function escape($str, $double_escape = true, $escape_defined_lang_code = false)`
`1794`	`1800`	`{`
	`1801`	`+ if(!$escape_defined_lang_code && isDefinedLangCode($str)) return $str;`
	`1802`	`+`
`1795`	`1803`	`$flags = ENT_QUOTES \| ENT_SUBSTITUTE;`
`1796`	`1804`	`return htmlspecialchars($str, $flags, 'UTF-8', $double_escape);`
`1797`	`1805`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ protected function applySEO()`
`123`	`123`	`$na_script = <<< NASCRIPT`
`124`	`124`	`<!-- NAVER Analytics -->`
`125`	`125`	`<script src="//wcs.naver.net/wcslog.js"></script>`
`126`		`-<script>if(!wcs_add){var wcs_add={wa:'{$config->na_id}'};}if(typeof wcs_do!="undefined"){wcs_do();}</script>`
	`126`	`+<script>if(!wcs_add){var wcs_add={};};wcs_add['wa']='{$config->na_id}';if(typeof wcs_do!="undefined"){wcs_do();}</script>`
`127`	`127`	`NASCRIPT;`
`128`	`128`	`Context::addHtmlFooter($na_script . PHP_EOL);`
`129`	`129`	`}`