Merge pull request #1 from xpressengine/develop

Develop 브랜치 동기화
xpressengine · Feb 8, 2015 · 5b92669 · 5b92669
2 parents 7de923f + 64c50c0
commit 5b92669
Show file tree

Hide file tree

Showing 67 changed files with 8,384 additions and 325 deletions.
diff --git a/.jshintignore b/.jshintignore
@@ -0,0 +1,9 @@
+common/js/jquery*.js
+common/js/modernizr.js
+common/js/xe.js
+common/js/x.js
+common/js/*.min.js
+common/js/unittest/*
+common/js/plugins/*
+common/js/foggyLayer.js
+common/js/html5.js
diff --git a/.jshintrc b/.jshintrc
@@ -0,0 +1,68 @@
+{
+	"globalstrict": false,
+	"undef": false,
+	"eqeqeq": false,
+	"browser": true,
+	"devel": true,
+	"jquery": true,
+	"evil": true,
+	"globals": {
+		"window": true,
+		"current_url": true,
+		"exec_json": true,
+		"exec_xml": true,
+		"procFilter": true,
+		"xe": true,
+		"request_uri": true,
+		"xAddEventListener": false,
+		"xResizeEvent": false,
+		"xScrollEvent": false,
+		"xAppendChild": false,
+		"xClientHeight": false,
+		"xClientWidth": false,
+		"xCreateElement": false,
+		"xDef": false,
+		"xDeleteCookie": false,
+		"xDisplay": false,
+		"xEvent": false,
+		"xFirstChild": false,
+		"xGetBodyWidth": false,
+		"xGetBodyHeight": false,
+		"xGetComputedStyle": false,
+		"xGetCookie": false,
+		"xGetElementById": false,
+		"xGetElementsByAttribute": false,
+		"xGetElementsByClassName": false,
+		"xGetElementsByTagName": false,
+		"xGetURLArguments": false,
+		"xHeight": false,
+		"xHex": false,
+		"xHide": false,
+		"xInnerHtml": false,
+		"xLeft": false,
+		"xMoveTo": false,
+		"xName": false,
+		"xNextSib": false,
+		"xNum": false,
+		"xOffsetLeft": false,
+		"xOffsetTop": false,
+		"xPad": false,
+		"xPageX": false,
+		"xPageY": false,
+		"xParent": false,
+		"xPreventDefault": false,
+		"xPrevSib": false,
+		"xRemoveEventListener": false,
+		"xResizeTo": false,
+		"xScrollLeft": false,
+		"xScrollTop": false,
+		"xSetCookie": false,
+		"xShow": false,
+		"xStr": false,
+		"xTop": false,
+		"xVisibility": false,
+		"xWidth": false,
+		"xZIndex": false,
+		"xStopPropagation": false
+	}
+}
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,5 @@
 language: php
 php:
-  - 5.2
   - 5.3
   - 5.4
   - 5.5

diff --git a/Gruntfile.js b/Gruntfile.js
@@ -172,15 +172,6 @@ module.exports = function(grunt) {
 				'modules/widget/tpl/js/*.js',
 			],
 			options : {
-				globalstrict: false,
-				undef : false,
-				eqeqeq: false,
-				browser : true,
-				globals: {
-					"jQuery" : true,
-					"console" : true,
-					"window" : true
-				},
 				ignores : [
 					'**/jquery*.js',
 					'**/swfupload.js',

diff --git a/addons/blogapi/blogapi.addon.php b/addons/blogapi/blogapi.addon.php
@@ -30,16 +30,25 @@
 // Read func file
 require_once(_XE_PATH_ . 'addons/blogapi/blogapi.func.php');
 
+$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
+
 // If HTTP_RAW_POST_DATA is NULL, Print error message
-if(!$GLOBALS['HTTP_RAW_POST_DATA'])
+if(!$xml)
 {
 	$content = getXmlRpcFailure(1, 'Invalid Method Call');
 	printContent($content);
 }
 
 // xmlprc parsing
 // Parse the requested xmlrpc
-$xml = new SimpleXMLElement($GLOBALS['HTTP_RAW_POST_DATA']);
+if(Security::detectingXEE($xml))
+{
+	header("HTTP/1.0 400 Bad Request");
+	exit;
+}
+
+if(version_compare(PHP_VERSION, '5.2.11', '<=')) libxml_disable_entity_loader(true);
+$xml = new SimpleXMLElement($xml, LIBXML_NONET | LIBXML_NOENT);
 
 $method_name = (string)$xml->methodName;
 $params = $xml->params->param;

diff --git a/addons/oembed/jquery.oembed.js b/addons/oembed/jquery.oembed.js
@@ -781,12 +781,6 @@
 				from: 'htmlstring'
 			}
 		}),
-		new $.fn.oembed.OEmbedProvider("gravtar", "photo", ["mailto:.+"], null, {
-			templateRegex: /mailto:([^\/]+).*/,
-			template: function (wm, email) {
-				return '<img src="http://gravatar.com/avatar/' + email.md5() + '.jpg" alt="on Gravtar" class="jqoaImg">';
-			}
-		}),
 
 		//Rich
 		new $.fn.oembed.OEmbedProvider("twitter", "rich", ["twitter.com/.+"], "https://api.twitter.com/1/statuses/oembed.json"),
@@ -1062,137 +1056,3 @@
 		})
 	];
 })(jQuery);
-
-//This is needed for gravatar :(
-String.prototype.md5 = function () {
-	var a = function (a, b) {
-		var c = (a & 65535) + (b & 65535);
-		var d = (a >> 16) + (b >> 16) + (c >> 16);
-		return d << 16 | c & 65535
-	};
-	var b = function (a, b) {
-		return a << b | a >>> 32 - b
-	};
-	var c = function (c, d, e, f, g, h) {
-		return a(b(a(a(d, c), a(f, h)), g), e)
-	};
-	var d = function (a, b, d, e, f, g, h) {
-		return c(b & d | ~b & e, a, b, f, g, h)
-	};
-	var e = function (a, b, d, e, f, g, h) {
-		return c(b & e | d & ~e, a, b, f, g, h)
-	};
-	var f = function (a, b, d, e, f, g, h) {
-		return c(b ^ d ^ e, a, b, f, g, h)
-	};
-	var g = function (a, b, d, e, f, g, h) {
-		return c(d ^ (b | ~e), a, b, f, g, h)
-	};
-	var h = function (b) {
-		var c, h, i, j, k, l = b.length;
-		var m = 1732584193;
-		var n = -271733879;
-		var o = -1732584194;
-		var p = 271733878;
-		for(k = 0; k < l; k += 16) {
-			c = m;
-			h = n;
-			i = o;
-			j = p;
-			m = d(m, n, o, p, b[k + 0], 7, -680876936);
-			p = d(p, m, n, o, b[k + 1], 12, -389564586);
-			o = d(o, p, m, n, b[k + 2], 17, 606105819);
-			n = d(n, o, p, m, b[k + 3], 22, -1044525330);
-			m = d(m, n, o, p, b[k + 4], 7, -176418897);
-			p = d(p, m, n, o, b[k + 5], 12, 1200080426);
-			o = d(o, p, m, n, b[k + 6], 17, -1473231341);
-			n = d(n, o, p, m, b[k + 7], 22, -45705983);
-			m = d(m, n, o, p, b[k + 8], 7, 1770035416);
-			p = d(p, m, n, o, b[k + 9], 12, -1958414417);
-			o = d(o, p, m, n, b[k + 10], 17, -42063);
-			n = d(n, o, p, m, b[k + 11], 22, -1990404162);
-			m = d(m, n, o, p, b[k + 12], 7, 1804603682);
-			p = d(p, m, n, o, b[k + 13], 12, -40341101);
-			o = d(o, p, m, n, b[k + 14], 17, -1502002290);
-			n = d(n, o, p, m, b[k + 15], 22, 1236535329);
-			m = e(m, n, o, p, b[k + 1], 5, -165796510);
-			p = e(p, m, n, o, b[k + 6], 9, -1069501632);
-			o = e(o, p, m, n, b[k + 11], 14, 643717713);
-			n = e(n, o, p, m, b[k + 0], 20, -373897302);
-			m = e(m, n, o, p, b[k + 5], 5, -701558691);
-			p = e(p, m, n, o, b[k + 10], 9, 38016083);
-			o = e(o, p, m, n, b[k + 15], 14, -660478335);
-			n = e(n, o, p, m, b[k + 4], 20, -405537848);
-			m = e(m, n, o, p, b[k + 9], 5, 568446438);
-			p = e(p, m, n, o, b[k + 14], 9, -1019803690);
-			o = e(o, p, m, n, b[k + 3], 14, -187363961);
-			n = e(n, o, p, m, b[k + 8], 20, 1163531501);
-			m = e(m, n, o, p, b[k + 13], 5, -1444681467);
-			p = e(p, m, n, o, b[k + 2], 9, -51403784);
-			o = e(o, p, m, n, b[k + 7], 14, 1735328473);
-			n = e(n, o, p, m, b[k + 12], 20, -1926607734);
-			m = f(m, n, o, p, b[k + 5], 4, -378558);
-			p = f(p, m, n, o, b[k + 8], 11, -2022574463);
-			o = f(o, p, m, n, b[k + 11], 16, 1839030562);
-			n = f(n, o, p, m, b[k + 14], 23, -35309556);
-			m = f(m, n, o, p, b[k + 1], 4, -1530992060);
-			p = f(p, m, n, o, b[k + 4], 11, 1272893353);
-			o = f(o, p, m, n, b[k + 7], 16, -155497632);
-			n = f(n, o, p, m, b[k + 10], 23, -1094730640);
-			m = f(m, n, o, p, b[k + 13], 4, 681279174);
-			p = f(p, m, n, o, b[k + 0], 11, -358537222);
-			o = f(o, p, m, n, b[k + 3], 16, -722521979);
-			n = f(n, o, p, m, b[k + 6], 23, 76029189);
-			m = f(m, n, o, p, b[k + 9], 4, -640364487);
-			p = f(p, m, n, o, b[k + 12], 11, -421815835);
-			o = f(o, p, m, n, b[k + 15], 16, 530742520);
-			n = f(n, o, p, m, b[k + 2], 23, -995338651);
-			m = g(m, n, o, p, b[k + 0], 6, -198630844);
-			p = g(p, m, n, o, b[k + 7], 10, 1126891415);
-			o = g(o, p, m, n, b[k + 14], 15, -1416354905);
-			n = g(n, o, p, m, b[k + 5], 21, -57434055);
-			m = g(m, n, o, p, b[k + 12], 6, 1700485571);
-			p = g(p, m, n, o, b[k + 3], 10, -1894986606);
-			o = g(o, p, m, n, b[k + 10], 15, -1051523);
-			n = g(n, o, p, m, b[k + 1], 21, -2054922799);
-			m = g(m, n, o, p, b[k + 8], 6, 1873313359);
-			p = g(p, m, n, o, b[k + 15], 10, -30611744);
-			o = g(o, p, m, n, b[k + 6], 15, -1560198380);
-			n = g(n, o, p, m, b[k + 13], 21, 1309151649);
-			m = g(m, n, o, p, b[k + 4], 6, -145523070);
-			p = g(p, m, n, o, b[k + 11], 10, -1120210379);
-			o = g(o, p, m, n, b[k + 2], 15, 718787259);
-			n = g(n, o, p, m, b[k + 9], 21, -343485551);
-			m = a(m, c);
-			n = a(n, h);
-			o = a(o, i);
-			p = a(p, j)
-		}
-		return [m, n, o, p]
-	};
-	var i = function (a) {
-		var b = "0123456789abcdef",
-			c = "",
-			d, e = a.length * 4;
-		for(d = 0; d < e; d++) {
-			c += b.charAt(a[d >> 2] >> d % 4 * 8 + 4 & 15) + b.charAt(a[d >> 2] >> d % 4 * 8 & 15)
-		}
-		return c
-	};
-	var j = function (a) {
-		var b = (a.length + 8 >> 6) + 1;
-		var c = [],
-			d, e = b * 16,
-			f, g = a.length;
-		for(d = 0; d < e; d++) {
-			c.push(0)
-		}
-		for(f = 0; f < g; f++) {
-			c[f >> 2] |= (a.charCodeAt(f) & 255) << f % 4 * 8
-		}
-		c[f >> 2] |= 128 << f % 4 * 8;
-		c[b * 16 - 2] = g * 8;
-		return c
-	};
-	return i(h(j(this)))
-}
diff --git a/addons/oembed/jquery.oembed.min.js b/addons/oembed/jquery.oembed.min.js
diff --git a/addons/oembed/jquery.oembed.min.map b/addons/oembed/jquery.oembed.min.map
diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
@@ -1240,8 +1240,15 @@ function _setXmlRpcArgument()
 			return;
 		}
 
+		$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
+		if(Security::detectingXEE($xml))
+		{
+			header("HTTP/1.0 400 Bad Request");
+			exit;
+		}
+
 		$oXml = new XmlParser();
-		$xml_obj = $oXml->parse();
+		$xml_obj = $oXml->parse($xml);
 
 		$params = $xml_obj->methodcall->params;
 		unset($params->node_name, $params->attrs, $params->body);
@@ -1277,16 +1284,11 @@ function _filterXmlVars($key, $val)
 			return $stack;
 		}
 
-		$body = $this->_filterRequestVar($key, trim($val->body ? $val->body : ''), 0);
-		if($body)
-		{
-			return $body;
-		}
-
+		$body = $val->body;
 		unset($val->node_name, $val->attrs, $val->body);
 		if(!count(get_object_vars($val)))
 		{
-			return NULL;
+			return $this->_filterRequestVar($key, $body, 0);
 		}
 
 		$stack = new stdClass();

diff --git a/classes/display/HTMLDisplayHandler.php b/classes/display/HTMLDisplayHandler.php
@@ -432,7 +432,7 @@ function _loadJSCSS()
 			{
 				$oContext->loadFile(array('./modules/admin/tpl/css/admin.min.css', '', '', 10), true);
 				$oContext->loadFile(array("./modules/admin/tpl/css/admin_{$lang_type}.css", '', '', 10), true);
-				$oContext->loadFile(array("./modules/admin/tpl/css/admin.iefix.min.css", '', 'ie', 10), true);
+				$oContext->loadFile(array("./modules/admin/tpl/css/admin.iefix.css", '', 'ie', 10), true);
 				$oContext->loadFile('./modules/admin/tpl/js/admin.min.js', true);
 				$oContext->loadFile(array('./modules/admin/tpl/css/admin.bootstrap.min.css', '', '', 1), true);
 				$oContext->loadFile(array('./modules/admin/tpl/js/jquery.tmpl.js', '', '', 1), true);

diff --git a/classes/display/VirtualXMLDisplayHandler.php b/classes/display/VirtualXMLDisplayHandler.php
@@ -14,8 +14,8 @@ function toDoc(&$oModule)
 		$message = $oModule->getMessage();
 		$redirect_url = $oModule->get('redirect_url');
 		$request_uri = Context::get('xeRequestURI');
-		$request_url = Context::get('xeVirtualRequestUrl');
-		$output = new stdClass;
+		$request_url = Context::getRequestUri();
+		$output = new stdClass();
 
 		if(substr_compare($request_url, '/', -1) !== 0)
 		{

diff --git a/classes/extravar/Extravar.class.php b/classes/extravar/Extravar.class.php
@@ -297,7 +297,7 @@ function getValueHTML()
 				return ($value) ? sprintf('<a href="mailto:%s">%s</a>', $value, $value) : "";
 
 			case 'tel' :
-				return sprintf('%s - %s - %s', $value[0], $value[1], $value[2]);
+				return sprintf('%s-%s-%s', $value[0], $value[1], $value[2]);
 
 			case 'textarea' :
 				return nl2br($value);

diff --git a/classes/file/FileHandler.class.php b/classes/file/FileHandler.class.php
@@ -635,18 +635,13 @@ function getRemoteFile($url, $target_filename, $body = null, $timeout = 3, $meth
 	 */
 	function returnBytes($val)
 	{
-		$last = strtolower(substr(trim($val), -1));
-		switch ($last)
+		$unit = strtoupper(substr($val, -1));
+		$val = (int)$val;
+		switch ($unit)
 		{
-			case 'g':
-				$val *= 1024 * 1024 * 1024;
-				break;
-			case 'm':
-				$val *= 1024 * 1024;
-				break;
-			case 'k':
-				$val *= 1024;
-				break;
+			case 'G': $val *= 1024;
+			case 'M': $val *= 1024;
+			case 'K': $val *= 1024;
 		}
 
 		return $val;