스마트에디터 2.8.2 적용 및 에디터 업로드 보안 수정

2016-02-04 10:28:23 +09:00
parent e9fd9f03fd
commit a73e48c3e2
17 changed files with 12908 additions and 11953 deletions
--- a/plugin/editor/smarteditor2/photo_uploader/popup/file_uploader.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/file_uploader.php
@ -1,4 +1,6 @@
 <?php
+//사용하지 않으니 막아놓겠습니다.
+exit;
 include_once("../../../../../common.php");
 // default redirection
 $url = $_REQUEST["callback"].'?callback_func='.$_REQUEST["callback_func"];
--- a/plugin/editor/smarteditor2/photo_uploader/popup/file_uploader_html5.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/file_uploader_html5.php
@ -1,4 +1,6 @@
 <?php
+//사용하지 않으니 막아놓겠습니다.
+exit;
 include_once("../../../../../common.php");

 $ym = date('ym', G5_SERVER_TIME);
--- a/plugin/editor/smarteditor2/photo_uploader/popup/index.html
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/index.html
@ -59,6 +59,6 @@
 <!-- The basic File Upload plugin -->
 <script src="./js/jquery.fileupload.js?v=140715"></script>

-<script src="./js/basic.js"></script>
+<script src="./js/basic.js?v3"></script>
 </body> 
 </html>
--- a/plugin/editor/smarteditor2/photo_uploader/popup/js/basic.js
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/js/basic.js
@ -8,9 +8,16 @@ jQuery.fn.bindAll = function(options) {

 jQuery(function ($) {
    'use strict';
+
+    var ed_nonce = '';
+
+    if( !!opener && !!opener.window && !!opener.window.nhn ){
+        ed_nonce = opener.window.nhn.husky.SE2M_Configuration.SE2M_Accessibility.ed_nonce;
+    }
+
    // Change this to the location of your server-side upload handler:
    var gnu = {
-        url : './php/',
+        url : './php/?_nonce='+ed_nonce,
        container_el : 'body',
        dreg_area : '#drag_area',
        dreg_area_list : '#drag_area > ul',
--- a/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
+++ b/plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
@ -29,13 +29,30 @@ $data_url = G5_DATA_URL.'/editor/'.$ym.'/';
@mkdir($data_dir, G5_DIR_PERMISSION);
@chmod($data_dir, G5_DIR_PERMISSION);

-require('UploadHandler.php');
-$options = array(
-    'upload_dir' => $data_dir,
-    'upload_url' => $data_url,
-    // This option will disable creating thumbnail images and will not create that extra folder.
-    // However, due to this, the images preview will not be displayed after upload
-    'image_versions' => array()
-);
+if(!function_exists('ft_nonce_is_valid')){
+    include_once('../../../editor.lib.php');
+}

-$upload_handler = new UploadHandler($options);
+$is_editor_upload = false;
+
+if( isset($_GET['_nonce']) && ft_nonce_is_valid( $_GET['_nonce'] , 'smarteditor' ) ){
+    $is_editor_upload = true;
+}
+
+if( $is_editor_upload ) {
+
+    require('UploadHandler.php');
+    $options = array(
+        'upload_dir' => $data_dir,
+        'upload_url' => $data_url,
+        // This option will disable creating thumbnail images and will not create that extra folder.
+        // However, due to this, the images preview will not be displayed after upload
+        'image_versions' => array()
+    );
+
+    $upload_handler = new UploadHandler($options);
+
+} else {
+    echo json_encode(array('files'=>array('0'=>array('error'=>'정상적인 업로드가 아닙니다.'))));
+    exit;
+}