Merge branch 'hotfix/1.7.7'

bnu · bnu · commit 7cb22a6bada0 · 2014-09-23T14:01:11.000+09:00
diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
@@ -1267,15 +1267,17 @@ function _filterRequestVar($key, $val, $do_stripslashes = 1)
 			$val = array($val);
 		}
 
+		$result = array();
 		foreach($val as $k => $v)
 		{
+			$k = htmlentities($k);
 			if($key === 'page' || $key === 'cpage' || substr_compare($key, 'srl', -3) === 0)
 			{
-				$val[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
+				$result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;
 			}
 			elseif($key === 'mid' || $key === 'vid' || $key === 'search_keyword')
 			{
-				$val[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
+				$result[$k] = htmlspecialchars($v, ENT_COMPAT | ENT_HTML401, 'UTF-8', FALSE);
 			}
 			else
 			{
@@ -1286,12 +1288,12 @@ function _filterRequestVar($key, $val, $do_stripslashes = 1)
 
 				if(!is_array($v))
 				{
-					$val[$k] = trim($v);
+					$result[$k] = trim($v);
 				}
 			}
 		}
 
-		return $isArray ? $val : $val[0];
+		return $isArray ? $result : $result[0];
 	}
 
 	/**
diff --git a/config/config.inc.php b/config/config.inc.php
@@ -29,7 +29,7 @@
 /**
  * Display XE's full version.
  */
-define('__XE_VERSION__', '1.7.6');
+define('__XE_VERSION__', '1.7.7');
 define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
 define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
 define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
@@ -1873,8 +1873,7 @@ function setSessionInfo()
 	function validateSession()
 	{
 		$destory_session = false;
-
-		if($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) $destory_session =  true;
+		if($_SESSION['destroyed'] === true) $destory_session = true;
 
 		if($destory_session)
 		{
@@ -1887,9 +1886,16 @@ function validateSession()
 
 	function regenerateSession()
 	{
-		if(!$_SESSION['session_checkup'] || time() - $_SESSION['session_checkup'] > 30)
+		if(!$_SESSION['session_checkup'])
+		{
+			$_SESSION['session_checkup'] = time();
+		}
+
+		if(time() - $_SESSION['session_checkup'] >= 1)
 		{
-			session_regenerate_id(true);
+			$_SESSION['destroyed'] = true;
+			session_regenerate_id();
+			$_SESSION['destroyed'] = false;
 			$_SESSION['session_checkup'] = time();
 		}
 	}
diff --git a/modules/member/skins/default/find_member_account.html b/modules/member/skins/default/find_member_account.html
@@ -6,7 +6,7 @@ <h1>{$lang->cmd_find_member_account_with_email}</h1>
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="{getUrl('')}" method="get" ruleset="findAccount">
+	<form action="{getUrl('', 'act', 'procMemberFindAccount')}" method="get" ruleset="findAccount">
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="act" value="procMemberFindAccount" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />
@@ -25,7 +25,7 @@ <h1>{$lang->cmd_find_member_account_with_email_question}</h1>
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/2'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form action="./" method="get" ruleset="@find_member_account_by_question">
+	<form action="{getUrl('', 'act', 'procMemberFindAccountByQuestion')}" method="get" ruleset="@find_member_account_by_question">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="mid" value="{$mid}" />
 		<input type="hidden" name="document_srl" value="{$document_srl}" />	
@@ -59,7 +59,7 @@ <h1>{$lang->cmd_resend_auth_mail}</h1>
 	<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skin/default/find_member_account/3'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-	<form ruleset="resendAuthMail" action="./" method="post">
+	<form ruleset="resendAuthMail" action="{getUrl('', 'act', 'procMemberResendAuthMail')}" method="post">
 		<input type="hidden" name="module" value="member" />
 		<input type="hidden" name="act" value="procMemberResendAuthMail" />
 		<input type="hidden" name="success_return_url" value="{getUrl(act, $act)}" />

Original file line number	Diff line number	Diff line change
`@@ -1267,15 +1267,17 @@ function _filterRequestVar($key, $val, $do_stripslashes = 1)`
`1267`	`1267`	`$val = array($val);`
`1268`	`1268`	`}`
`1269`	`1269`
	`1270`	`+ $result = array();`
`1270`	`1271`	`foreach($val as $k => $v)`
`1271`	`1272`	`{`
	`1273`	`+ $k = htmlentities($k);`
`1272`	`1274`	`if($key === 'page' \|\| $key === 'cpage' \|\| substr_compare($key, 'srl', -3) === 0)`
`1273`	`1275`	`{`
`1274`		`- $val[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;`
	`1276`	`+ $result[$k] = !preg_match('/^[0-9,]+$/', $v) ? (int) $v : $v;`
`1275`	`1277`	`}`
`1276`	`1278`	`elseif($key === 'mid' \|\| $key === 'vid' \|\| $key === 'search_keyword')`
`1277`	`1279`	`{`
`1278`		`- $val[$k] = htmlspecialchars($v, ENT_COMPAT \| ENT_HTML401, 'UTF-8', FALSE);`
	`1280`	`+ $result[$k] = htmlspecialchars($v, ENT_COMPAT \| ENT_HTML401, 'UTF-8', FALSE);`
`1279`	`1281`	`}`
`1280`	`1282`	`else`
`1281`	`1283`	`{`
`@@ -1286,12 +1288,12 @@ function _filterRequestVar($key, $val, $do_stripslashes = 1)`
`1286`	`1288`
`1287`	`1289`	`if(!is_array($v))`
`1288`	`1290`	`{`
`1289`		`- $val[$k] = trim($v);`
	`1291`	`+ $result[$k] = trim($v);`
`1290`	`1292`	`}`
`1291`	`1293`	`}`
`1292`	`1294`	`}`
`1293`	`1295`
`1294`		`- return $isArray ? $val : $val[0];`
	`1296`	`+ return $isArray ? $result : $result[0];`
`1295`	`1297`	`}`
`1296`	`1298`
`1297`	`1299`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -1873,8 +1873,7 @@ function setSessionInfo()`
`1873`	`1873`	`function validateSession()`
`1874`	`1874`	`{`
`1875`	`1875`	`$destory_session = false;`
`1876`		`-`
`1877`		`- if($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) $destory_session = true;`
	`1876`	`+ if($_SESSION['destroyed'] === true) $destory_session = true;`
`1878`	`1877`
`1879`	`1878`	`if($destory_session)`
`1880`	`1879`	`{`
`@@ -1887,9 +1886,16 @@ function validateSession()`
`1887`	`1886`
`1888`	`1887`	`function regenerateSession()`
`1889`	`1888`	`{`
`1890`		`- if(!$_SESSION['session_checkup'] \|\| time() - $_SESSION['session_checkup'] > 30)`
	`1889`	`+ if(!$_SESSION['session_checkup'])`
	`1890`	`+ {`
	`1891`	`+ $_SESSION['session_checkup'] = time();`
	`1892`	`+ }`
	`1893`	`+`
	`1894`	`+ if(time() - $_SESSION['session_checkup'] >= 1)`
`1891`	`1895`	`{`
`1892`		`- session_regenerate_id(true);`
	`1896`	`+ $_SESSION['destroyed'] = true;`
	`1897`	`+ session_regenerate_id();`
	`1898`	`+ $_SESSION['destroyed'] = false;`
`1893`	`1899`	`$_SESSION['session_checkup'] = time();`
`1894`	`1900`	`}`
`1895`	`1901`	`}`