Merge branch 'develop' of https://github.com/xpressengine/xe-core int…

…o develop # By bnu (4) and others # Via bnu (7) and others * 'develop' of https://github.com/xpressengine/xe-core: fix #1583 `is_keyword`에 대한 취약점 문제 개선 version 1.8.5 fix #1590 회원 모듈 설정에서 회원 ID를 사용하지 않을 때 회원 정보를 저장할 수 없는 문제 고침 아이디/닉네임 필터링 방식을 더 일관성있게 고침 한글을 정상적으로 필터링하지 못하던 문제점 개선. fix #1589 글/댓글 작성과 동시에 커버이미지 선택이 동작하지 않는 문제 수정 - 파일의 권한 체크 CK에디터 파일첨부 디자인 변경에 따른 문구 수정 모바일에서 툴바줄이기를 기본으로 fix #1586 메뉴 노출 대상 그룹이 1개 이상일 경우 메뉴명 수정이 안되는 문제 수정
largeden · Jul 9, 2015 · 2156afc · 2156afc
2 parents efb7c04 + 6745497
commit 2156afc
Show file tree

Hide file tree

Showing 13 changed files with 49 additions and 57 deletions.
diff --git a/classes/display/HTMLDisplayHandler.php b/classes/display/HTMLDisplayHandler.php
@@ -60,6 +60,10 @@ function toDoc(&$oModule)
 
 		$output = $oTemplate->compile($template_path, $tpl_file);
 
+		// SECISSUE https://github.com/xpressengine/xe-core/issues/1583
+		$oSecurity = new Security();
+		$oSecurity->encodeHTML('is_keyword');
+
 		// add .x div for adminitration pages
 		if(Context::getResponseMethod() == 'HTML')
 		{

diff --git a/common/js/plugins/jquery.fileupload/js/main.js b/common/js/plugins/jquery.fileupload/js/main.js
@@ -343,7 +343,7 @@
 			var $el = $(selected_el);
 			var file_srl = $el.data().fileSrl;
 
-			exec_json('file.procFileSetCoverImage', {'file_srl': file_srl}, function(res) {
+			exec_json('file.procFileSetCoverImage', {'file_srl' : file_srl, 'mid' : window.current_mid, 'editor_sequence' : data.editorSequence}, function(res) {
 				if(res.error != 0) return;
 
 				data.settings.filelistImages.find('li').removeClass('xefu-is-cover-image');

diff --git a/common/js/plugins/jquery.fileupload/js/main.min.js b/common/js/plugins/jquery.fileupload/js/main.min.js
diff --git a/config/config.inc.php b/config/config.inc.php
@@ -29,7 +29,7 @@
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.8.4');
+define('__XE_VERSION__', '1.8.5');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));

diff --git a/layouts/default/layout.html b/layouts/default/layout.html
@@ -22,7 +22,7 @@ <h1>
 				<input type="hidden" name="vid" value="{$vid}" />
 				<input type="hidden" name="mid" value="{$mid}" />
 				<input type="hidden" name="act" value="IS" />
-				<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" required placeholder="{$lang->cmd_search}" title="{$lang->cmd_search}" />
+				<input type="text" name="is_keyword" value="{$is_keyword}" required placeholder="{$lang->cmd_search}" title="{$lang->cmd_search}" />
 				<input type="submit" value="{$lang->cmd_search}" />
 			</form>
 			<!-- /SEARCH -->

diff --git a/layouts/user_layout/layout.html b/layouts/user_layout/layout.html
@@ -6,7 +6,7 @@ <h1>Site Logo</h1>
 			<input type="hidden" name="vid" value="{$vid}" />
 			<input type="hidden" name="mid" value="{$mid}" />
 			<input type="hidden" name="act" value="IS" />
-			<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" title="{$lang->cmd_search}" />
+			<input type="text" name="is_keyword" value="{$is_keyword}" title="{$lang->cmd_search}" />
 			<input type="submit" value="{$lang->cmd_search}" />
 		</form>
 		<hr />

diff --git a/layouts/xedition/layout.html b/layouts/xedition/layout.html
@@ -170,7 +170,7 @@
 					<input type="hidden" name="vid" value="{$vid}" />
 					<input type="hidden" name="mid" value="{$mid}" />
 					<input type="hidden" name="act" value="IS" />
-					<input type="text" name="is_keyword" value="{htmlspecialchars($is_keyword, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)}" required="required" title="{$lang->cmd_search}" placeholder="Search" />
+					<input type="text" name="is_keyword" value="{$is_keyword}" required="required" title="{$lang->cmd_search}" placeholder="Search" />
 				</form>
 				<!-- /SEARCH -->
 				<a href="#" class="btn_close" title="{$lang->cmd_xedition_search_close}" onclick="return false"><i class="xi-close"></i><span class="blind">{$lang->cmd_xedition_search_close}</span></a>

diff --git a/modules/editor/skins/ckeditor/editor.html b/modules/editor/skins/ckeditor/editor.html
@@ -68,7 +68,7 @@
 			settings.loadXeComponent = false;
 		<!--@endif-->
 
-		<!--@if($module_type === 'comment')-->
+		<!--@if($module_type === 'comment'||Mobile::isMobileCheckByAgent())-->
 			settings.ckeconfig.toolbarStartupExpanded = false;
 		<!--@endif-->
 

diff --git a/modules/editor/skins/ckeditor/lang/lang.xml b/modules/editor/skins/ckeditor/lang/lang.xml
@@ -1,14 +1,14 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <lang>
 	<item name="ckeditor_about_file_drop_area">
-		<value xml:lang="ko"><![CDATA[여기에 파일을 끌어 놓거나 아래 파일 첨부 버튼을 클릭하세요.]]></value>
-		<value xml:lang="en"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="jp"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="zh-CN"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="zh-TW"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="ru"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="tr"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
-		<value xml:lang="vi"><![CDATA[Drag and drop your files here, or Click attach files button below.]]></value>
+		<value xml:lang="ko"><![CDATA[여기에 파일을 끌어 놓거나 파일 첨부 버튼을 클릭하세요.]]></value>
+		<value xml:lang="en"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="jp"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="zh-CN"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="zh-TW"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="ru"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="tr"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
+		<value xml:lang="vi"><![CDATA[Drag and drop your files here, or Click attach files button.]]></value>
 	</item>
 	<item name="ckeditor_file_uploading">
 		<value xml:lang="ko"><![CDATA[파일 업로드 중...]]></value>
@@ -30,4 +30,4 @@
 		<value xml:lang="tr"><![CDATA[<span class="file_count">0</span> file(s) attached]]></value>
 		<value xml:lang="vi"><![CDATA[<span class="file_count">0</span> file(s) attached]]></value>
 	</item>
-</lang>
+</lang>