diff --git a/.gitignore b/.gitignore index 164f0d740a..da79fb447e 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ composer.lock *.sublime-project .codeintel +install.config.php diff --git a/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js b/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js index efcf7d9476..daf1459d41 100755 --- a/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js +++ b/common/js/plugins/jquery.fileupload/js/jquery.fileupload.js @@ -1144,10 +1144,10 @@ $.map(entries, function (entry) { return that._handleFileTreeEntry(entry, path); }) - ).then(function (entries) { + ).then(function () { return Array.prototype.concat.apply( [], - entries + arguments ); }); }, diff --git a/common/tpl/common_layout.html b/common/tpl/common_layout.html index aa2d10c4a9..741aca3c71 100644 --- a/common/tpl/common_layout.html +++ b/common/tpl/common_layout.html @@ -67,7 +67,7 @@ {@$isAdminKind = true} - + {Context::getBodyHeader()|noescape} {$content|noescape} {Context::getHtmlFooter()|noescape} diff --git a/config/config.inc.php b/config/config.inc.php index b63d517d96..4caa8f7908 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -29,7 +29,7 @@ /** * Display XE's full version. */ -define('__XE_VERSION__', '1.11.0'); +define('__XE_VERSION__', '1.11.1'); define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false)); define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false)); define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false)); diff --git a/config/func.inc.php b/config/func.inc.php index 1c0012cbc4..69e15fb795 100644 --- a/config/func.inc.php +++ b/config/func.inc.php @@ -1780,6 +1780,12 @@ function reload($isOpener = FALSE) '; } + +function isDefinedLangCode($str) +{ + return preg_match('!\$user_lang->([a-z0-9\_]+)$!is', trim($str)); +} + /** * This function is a shortcut to htmlspecialchars(). * @@ -1790,8 +1796,10 @@ function reload($isOpener = FALSE) * @param bool $double_escape Set this to false to skip symbols that are already escaped (default: true) * @return string */ -function escape($str, $double_escape = true) +function escape($str, $double_escape = true, $escape_defined_lang_code = false) { + if(!$escape_defined_lang_code && isDefinedLangCode($str)) return $str; + $flags = ENT_QUOTES | ENT_SUBSTITUTE; return htmlspecialchars($str, $flags, 'UTF-8', $double_escape); } diff --git a/modules/document/document.admin.controller.php b/modules/document/document.admin.controller.php index a70739dc16..bcdb1a819a 100644 --- a/modules/document/document.admin.controller.php +++ b/modules/document/document.admin.controller.php @@ -108,6 +108,12 @@ function moveDocumentModule($document_srl_list, $module_srl, $category_srl) $file_info['tmp_name'] = $val->uploaded_filename; $file_info['name'] = $val->source_filename; $inserted_file = $oFileController->insertFile($file_info, $module_srl, $obj->document_srl, $val->download_count, true); + + if(!$inserted_file->toBool()) { + $oDB->rollback(); + return $inserted_file; + } + if($inserted_file && $inserted_file->toBool()) { // for image/video files @@ -301,6 +307,12 @@ function copyDocumentModule($document_srl_list, $module_srl, $category_srl) $file_info['name'] = $val->source_filename; $oFileController = getController('file'); $inserted_file = $oFileController->insertFile($file_info, $module_srl, $obj->document_srl, 0, true); + + if(!$inserted_file->toBool()) { + $oDB->rollback(); + return $inserted_file; + } + // if image/video files if($val->direct_download == 'Y') { diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php index 19527f0987..3582e27c84 100644 --- a/modules/file/file.controller.php +++ b/modules/file/file.controller.php @@ -746,7 +746,7 @@ function insertFile($file_info, $module_srl, $upload_target_srl, $download_count if(!FileHandler::makeDir($path)) return new BaseObject(-1,'msg_not_permitted_create'); // Check uploaded file - if(!checkUploadedFile($file_info['tmp_name'])) return new BaseObject(-1,'msg_file_upload_error'); + if(!$manual_insert && !checkUploadedFile($file_info['tmp_name'])) return new BaseObject(-1,'msg_file_upload_error'); // Get random number generator $random = new Password(); diff --git a/modules/module/module.model.php b/modules/module/module.model.php index f8e11270dc..dabdeb01fb 100644 --- a/modules/module/module.model.php +++ b/modules/module/module.model.php @@ -403,7 +403,6 @@ function getModuleInfoByModuleSrl($module_srl, $columnList = array()) else $module_info = $mid_info; $oModuleController = getController('module'); - if(isset($module_info->browser_title)) $oModuleController->replaceDefinedLangCode($module_info->browser_title); $this->applyDefaultSkin($module_info); return $this->addModuleExtraVars($module_info); diff --git a/modules/module/tpl/module_selector.html b/modules/module/tpl/module_selector.html index abc1ce3597..479c99c4da 100644 --- a/modules/module/tpl/module_selector.html +++ b/modules/module/tpl/module_selector.html @@ -43,7 +43,7 @@

{$key}

{@ $_idx =0; } - {@ $browser_title = str_replace("'", "\\'", htmlspecialchars($v->browser_title, ENT_COMPAT | ENT_HTML401, 'UTF-8', false)); } + {@ $browser_title = str_replace("'", "\\'", escape($v->browser_title, false)); } {$k} {$v->browser_title} {$type=='single'?$lang->cmd_select:$lang->cmd_insert} diff --git a/modules/seo/seo.class.php b/modules/seo/seo.class.php index 4152013653..eb8560010f 100644 --- a/modules/seo/seo.class.php +++ b/modules/seo/seo.class.php @@ -123,7 +123,7 @@ protected function applySEO() $na_script = <<< NASCRIPT - + NASCRIPT; Context::addHtmlFooter($na_script . PHP_EOL); }