fix bug

app.py

@@ -367,59 +367,59 @@ app.add_url_rule(
 
 @app.route('/edit_top')
 def inter_wiki_edit_top():
-    return inter_wiki_2(load_db.db_get(), 'edit_top')
+    return inter_wiki(load_db.db_get(), 'edit_top')
 
 @app.route('/edit_top/del/<name>')
 def inter_wiki_edit_top_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_edit_top', name)
+    return inter_wiki_del(load_db.db_get(), 'del_edit_top', name)
 
 @app.route('/image_license')
 def inter_wiki_image_license():
-    return inter_wiki_2(load_db.db_get(), 'image_license')
+    return inter_wiki(load_db.db_get(), 'image_license')
 
 @app.route('/image_license/del/<name>')
 def inter_wiki_image_license_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_image_license', name)
+    return inter_wiki_del(load_db.db_get(), 'del_image_license', name)
 
 @app.route('/edit_filter')
 def inter_wiki_edit_filter():
-    return inter_wiki_2(load_db.db_get(), 'edit_filter')
+    return inter_wiki(load_db.db_get(), 'edit_filter')
 
 @app.route('/edit_filter/del/<name>')
 def inter_wiki_edit_filter_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_edit_filter', name)
+    return inter_wiki_del(load_db.db_get(), 'del_edit_filter', name)
 
 @app.route('/email_filter')
 def inter_wiki_email_filter():
-    return inter_wiki_2(load_db.db_get(), 'email_filter')
+    return inter_wiki(load_db.db_get(), 'email_filter')
 
 @app.route('/email_filter/del/<name>')
 def inter_wiki_email_filter_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_email_filter', name)
+    return inter_wiki_del(load_db.db_get(), 'del_email_filter', name)
 
 @app.route('/file_filter')
 def inter_wiki_file_filter():
-    return inter_wiki_2(load_db.db_get(), 'file_filter')
+    return inter_wiki(load_db.db_get(), 'file_filter')
 
 @app.route('/file_filter/del/<name>')
 def inter_wiki_file_filter_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_file_filter', name)
+    return inter_wiki_del(load_db.db_get(), 'del_file_filter', name)
 
 @app.route('/name_filter')
 def inter_wiki_name_filter():
-    return inter_wiki_2(load_db.db_get(), 'name_filter')
+    return inter_wiki(load_db.db_get(), 'name_filter')
 
 @app.route('/name_filter/del/<name>')
 def inter_wiki_name_filter_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_name_filter', name)
+    return inter_wiki_del(load_db.db_get(), 'del_name_filter', name)
 
 @app.route('/extension_filter')
 def inter_wiki_extension_filter():
-    return inter_wiki_2(load_db.db_get(), 'extension_filter')
+    return inter_wiki(load_db.db_get(), 'extension_filter')
 
 @app.route('/extension_filter/del/<name>')
 def inter_wiki_extension_filter_del(name = 'Test'):
-    return inter_wiki_del_2(load_db.db_get(), 'del_extension_filter', name)
+    return inter_wiki_del(load_db.db_get(), 'del_extension_filter', name)
 
 @app.route('/<regex("(?:inter_wiki|edit_top|image_license|(?:edit|email|file|name|extension)_filter)"):tools>/add', methods = ['POST', 'GET'])
 @app.route('/<regex("(?:inter_wiki|edit_top|image_license|(?:edit|email|file|name|extension)_filter)"):tools>/add/<name>', methods = ['POST', 'GET'])

emergency_tool.py

@@ -123,7 +123,9 @@ if data_db_load == 'Y':
             data_db_set['mysql_port'] = '3306'
 
     db_data_get(data_db_set['type'])
-    conn = get_conn(data_db_set)
+    load_db = get_db_connect(data_db_set)
+
+    conn = load_db.db_load()
     curs = conn.cursor()
 else:
     print('----')

route/inter_wiki.py

@@ -73,11 +73,11 @@ def inter_wiki(conn, tool):
         div += '</td>'
 
         if tool == 'inter_wiki':
-            div += '<td><a id="out_link" href="' + data[1] + '">' + data[1] + '</a></td>'
+            div += '<td><a id="out_link" href="' + data[1] + '">' + html.escape(data[1]) + '</a></td>'
         else:
-            div += '<td>' + data[1] + '</td>'
+            div += '<td>' + html.escape(data[1]) + '</td>'
             
-        div += '<td>' + data[2] + '</td>'
+        div += '<td>' + html.escape(data[2]) + '</td>'
         div += '</tr>'
         
     div += '</table>'

route/list_acl.py

@@ -22,7 +22,7 @@ def list_acl_2(conn):
             div += '' + \
                 '<li>' + \
                     time_data + \
-                    '<a href="/acl/' + url_pas(data[0]) + '">' + data[0] + '</a>' + \
+                    '<a href="/acl/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a>' + \
                     why_data + \
                 '</li>' + \
             ''

route/list_admin_group.py

@@ -16,7 +16,7 @@ def list_admin_group_2(conn):
 
         list_data += '' + \
             '<li>' + \
-                '<a href="/admin_plus/' + url_pas(data[0]) + '">' + data[0] + '</a>' + \
+                '<a href="/admin_plus/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a>' + \
                 delete_admin_group + \
             '</li>' + \
         ''

route/list_image_file.py

@@ -15,7 +15,7 @@ def list_image_file_2(conn):
     curs.execute(db_change("select title from data where title like 'file:%' limit ?, 50"), [sql_num])
     data_list = curs.fetchall()
     for data in data_list:
-        list_data += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
+        list_data += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a></li>'
 
     list_data += next_fix('/image_file_list?num=', num, data_list)
 

route/list_long_page.py

@@ -13,7 +13,7 @@ def list_long_page_2(conn, tool):
 
     curs.execute(db_change("select title, length(data) from data order by length(data) " + select_data + " limit 50"))
     for data in curs.fetchall():
-        div += '<li>' + str(data[1]) + ' : <a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
+        div += '<li>' + str(data[1]) + ' : <a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a></li>'
 
     div += '</ul>'
 

route/list_please.py

@@ -12,10 +12,15 @@ def list_please_2(conn):
 
     div = '<ul class="inside_ul">'
 
-    curs.execute(db_change("select distinct title from back where type = 'no' order by title asc limit ?, 50"), [sql_num])
+    curs.execute(db_change("select distinct title, link from back where type = 'no' order by title asc limit ?, 50"), [sql_num])
     data_list = curs.fetchall()
     for data in data_list:
-        div += '<li><a id="not_thing" href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
+        div += '' + \
+            '<li>' + \
+                '<a id="not_thing" href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a> ' + \
+                '<a href="/w/' + url_pas(data[1]) + '">(' + html.escape(data[1]) + ')</a>' + \
+            '</li>' + \
+        ''
 
     div += '</ul>' + next_fix('/please?num=', num, data_list)
 

route/list_title_index.py

@@ -20,7 +20,7 @@ def list_title_index_2(conn):
         data += '<hr class="main_hr"><ul class="inside_ul">'
 
     for list_data in title_list:
-        data += '<li>' + str(all_list) + '. <a href="/w/' + url_pas(list_data[0]) + '">' + list_data[0] + '</a></li>'
+        data += '<li>' + str(all_list) + '. <a href="/w/' + url_pas(list_data[0]) + '">' + html.escape(list_data[0]) + '</a></li>'
         all_list += 1
 
     if page == 1:

route/recent_change.py

@@ -87,11 +87,7 @@ def recent_change_2(conn, name, tool):
         all_ip = ip_pas([i[3] for i in data_list])
         for data in data_list:
             select += '<option value="' + data[0] + '">' + data[0] + '</option>'
-            send = '<br>'
-
-            if data[4]:
-                if not re.search(r"^(?: +)$", data[4]):
-                    send = data[4]
+            send = data[4]
 
             if re.search(r"\+", data[5]):
                 leng = '<span style="color:green;">(' + data[5] + ')</span>'
@@ -114,6 +110,7 @@ def recent_change_2(conn, name, tool):
                     ip = ''
                     ban = ''
                     date = ''
+                    send = ''
 
                     style[0] = 'style="display: none;"'
                     style[1] = 'id="toron_color_grey"'
@@ -134,7 +131,9 @@ def recent_change_2(conn, name, tool):
                     <td>''' + date + '''</td>
                 </tr>
                 <tr ''' + style[1] + '''>
-                    <td class="send_content" colspan="3">''' + html.escape(send) + '''</td>
+                    <td class="send_content" colspan="3">
+                        ''' + (html.escape(send) if send != '' else '<br>') + '''
+                    </td>
                 </tr>
             '''
 

route/recent_discuss.py

@@ -30,12 +30,9 @@ def recent_discuss_2(conn):
         curs.execute(db_change("select title, sub, date, code from rd where stop = 'O' order by date desc limit 50"))
 
     for data in curs.fetchall():
-        title = html.escape(data[0])
-        sub = html.escape(data[1])
-
         div += '' + \
             '<tr>' + \
-                '<td><a href="/thread/' + data[3] + '">' + sub + '</a> <a href="/topic/' + url_pas(title) + '">(' + title + ')</a></td>' + \
+                '<td><a href="/thread/' + data[3] + '">' + html.escape(sub) + '</a> <a href="/topic/' + url_pas(title) + '">(' + html.escape(title) + ')</a></td>' + \
                 '<td>' + data[2] + '</td>' + \
             '</tr>' + \
         ''

route/tool/func.py

@@ -88,16 +88,13 @@ data_css_ver = '118'
 data_css = ''
 
 conn = ''
-curs = ''
 
 # Func
 # Func-main
 def load_conn(data):
     global conn
-    global curs
 
     conn = data
-    curs = conn.cursor()
 
     load_conn2(data)
     
@@ -141,6 +138,8 @@ class get_db_connect:
         return self.conn
 
 def update(ver_num, set_data):
+    curs = conn.cursor()
+
     print('----')
     # 업데이트 하위 호환 유지 함수
 
@@ -356,6 +355,8 @@ def update(ver_num, set_data):
     print('Update completed')
 
 def set_init_always(ver_num):
+    curs = conn.cursor()
+
     curs.execute(db_change('delete from other where name = "ver"'))
     curs.execute(db_change('insert into other (name, data) values ("ver", ?)'), [ver_num])
     
@@ -368,6 +369,8 @@ def set_init_always(ver_num):
     conn.commit()
     
 def set_init():
+    curs = conn.cursor()
+
     # 초기값 설정 함수    
     curs.execute(db_change("select html from html_filter where kind = 'email'"))
     if not curs.fetchall():
@@ -409,15 +412,16 @@ def set_init():
     conn.commit()
 
 # Func-simple
+## Func-simple-without_DB
 def get_default_admin_group():
     return ['owner', 'ban']
 
-def load_image_url():
-    curs.execute(db_change('select data from other where name = "image_where"'))
-    image_where = curs.fetchall()
-    image_where = image_where[0][0] if image_where else os.path.join('data', 'images')
-    
-    return image_where
+def load_random_key(long = 64):
+    return ''.join(
+        random.choice(
+            "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        ) for i in range(long)
+    )
 
 def http_warning():
     return '''
@@ -432,21 +436,71 @@ def http_warning():
         </script>
     '''
 
+def next_fix(link, num, page, end = 50):
+    list_data = ''
+
+    if num == 1:
+        if len(page) == end:
+            list_data += '' + \
+                '<hr class="main_hr">' + \
+                '<a href="' + link + str(num + 1) + '">(' + load_lang('next') + ')</a>' + \
+            ''
+    elif len(page) != end:
+        list_data += '' + \
+            '<hr class="main_hr">' + \
+            '<a href="' + link + str(num - 1) + '">(' + load_lang('previous') + ')</a>' + \
+        ''
+    else:
+        list_data += '' + \
+            '<hr class="main_hr">' + \
+            '<a href="' + link + str(num - 1) + '">(' + load_lang('previous') + ')</a> <a href="' + link + str(num + 1) + '">(' + load_lang('next') + ')</a>' + \
+        ''
+
+    return list_data
+
+def leng_check(A, B):
+    # B -> new
+    # A -> old
+    return '0' if A == B else (('-' + str(A - B)) if A > B else ('+' + str(B - A)))
+
+def number_check(data):
+    try:
+        int(data)
+        return data
+    except:
+        return '1'
+
+def redirect(data = '/'):
+    return flask.redirect(flask.request.host_url[:-1] + data)
+    
+def get_acl_list(type_d = 'normal'):
+    if type_d == 'user':
+        return ['', 'user', 'all']
+    else:
+        return ['', 'all', 'user', 'admin', 'owner', '50_edit', 'email', 'ban', 'before', '30_day', 'ban_admin']
+
+## Func-simple-with_DB
+def load_image_url():
+    curs = conn.cursor()
+
+    curs.execute(db_change('select data from other where name = "image_where"'))
+    image_where = curs.fetchall()
+    image_where = image_where[0][0] if image_where else os.path.join('data', 'images')
+    
+    return image_where
+
 def load_domain():
+    curs = conn.cursor()
+
     curs.execute(db_change("select data from other where name = 'domain'"))
     domain = curs.fetchall()
     domain = domain[0][0] if domain and domain[0][0] != '' else flask.request.host_url
 
     return domain
 
-def load_random_key(long = 64):
-    return ''.join(
-        random.choice(
-            "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
-        ) for i in range(long)
-    )
-
 def edit_button(editor_display = '0'):
+    curs = conn.cursor()
+
     insert_list = []
 
     curs.execute(db_change("select html, plus from html_filter where kind = 'edit_top'"))
@@ -468,6 +522,8 @@ def edit_button(editor_display = '0'):
     return data
 
 def ip_warning():
+    curs = conn.cursor()
+
     if ip_or_user() != 0:
         curs.execute(db_change('select data from other where name = "no_login_warning"'))
         data = curs.fetchall()
@@ -485,52 +541,11 @@ def ip_warning():
         text_data = ''
 
     return text_data
-
-def next_fix(link, num, page, end = 50):
-    list_data = ''
-
-    if num == 1:
-        if len(page) == end:
-            list_data += '' + \
-                '<hr class="main_hr">' + \
-                '<a href="' + link + str(num + 1) + '">(' + load_lang('next') + ')</a>' + \
-            ''
-    elif len(page) != end:
-        list_data += '' + \
-            '<hr class="main_hr">' + \
-            '<a href="' + link + str(num - 1) + '">(' + load_lang('previous') + ')</a>' + \
-        ''
-    else:
-        list_data += '' + \
-            '<hr class="main_hr">' + \
-            '<a href="' + link + str(num - 1) + '">(' + load_lang('previous') + ')</a> <a href="' + link + str(num + 1) + '">(' + load_lang('next') + ')</a>' + \
-        ''
-
-    return list_data
-
-def leng_check(A, B):
-    # B -> new
-    # A -> old
-    return '0' if A == B else (('-' + str(A - B)) if A > B else ('+' + str(B - A)))
-
-def number_check(data):
-    try:
-        int(data)
-        return data
-    except:
-        return '1'
-
-def redirect(data = '/'):
-    return flask.redirect(flask.request.host_url[:-1] + data)
-    
-def get_acl_list(type_d = 'normal'):
-    if type_d == 'user':
-        return ['', 'user', 'all']
-    else:
-        return ['', 'all', 'user', 'admin', 'owner', '50_edit', 'email', 'ban', 'before', '30_day', 'ban_admin']
     
 # Func-login    
 def pw_encode(data, type_d = ''):
+    curs = conn.cursor()
+
     if type_d == '':
         curs.execute(db_change('select data from other where name = "encode"'))
         set_data = curs.fetchall()
@@ -546,6 +561,8 @@ def pw_encode(data, type_d = ''):
             return hashlib.sha3_256(bytes(data, 'utf-8')).hexdigest()
 
 def pw_check(data, data2, type_d = 'no', id_d = ''):
+    curs = conn.cursor()
+
     curs.execute(db_change('select data from other where name = "encode"'))
     db_data = curs.fetchall()
 
@@ -572,9 +589,13 @@ def pw_check(data, data2, type_d = 'no', id_d = ''):
         
 # Func-skin
 def easy_minify(data, tool = None):
+    # without_DB
+
     return data
 
 def load_lang(data, safe = 0):
+    curs = conn.cursor()
+
     global global_lang
 
     ip = ip_check()
@@ -618,6 +639,8 @@ def load_lang(data, safe = 0):
     return html.escape(data + ' (' + lang_name + ')')
 
 def skin_check(set_n = 0):
+    curs = conn.cursor()
+
     # 개편 필요?
     skin_list = load_skin('tenshi', 1)
     skin = skin_list[0]
@@ -648,6 +671,8 @@ def skin_check(set_n = 0):
         return skin
     
 def wiki_css(data):
+    # without_DB
+
     global data_css
     global data_css_ver
 
@@ -678,6 +703,8 @@ def wiki_css(data):
     return data
 
 def cut_100(data):
+    # without_DB
+
     data = re.search(r'<pre style="display: none;" id="render_content_load">([^<>]+)<\/pre>', data)
     if data:
         data = data.group(1)
@@ -689,6 +716,8 @@ def cut_100(data):
         return ''
 
 def wiki_set(num = 1):
+    curs = conn.cursor()
+
     if num == 1:
         skin_name = skin_check(1)
         data_list = []
@@ -736,7 +765,9 @@ def wiki_set(num = 1):
 
     return data_list
 
-def wiki_custom():    
+def wiki_custom():
+    curs = conn.cursor()
+
     ip = ip_check()
     if ip_or_user(ip) == 0:
         user_icon = 1
@@ -803,6 +834,8 @@ def wiki_custom():
     ]
 
 def load_skin(data = '', set_n = 0, default = 0):
+    # without_DB
+
     # data -> 가장 앞에 있을 스킨 이름
     # set_n == 0 -> 스트링으로 반환
     # set_n == 1 -> 리스트로 반환
@@ -848,6 +881,8 @@ def load_skin(data = '', set_n = 0, default = 0):
 
 # Func-markup
 def render_set(doc_name = '', doc_data = '', data_type = 'view', data_in = '', doc_acl = ''):
+    # without_DB
+
     # data_type in ['view', 'raw', 'api_view', 'backlink']
     doc_acl = acl_check(doc_name, 'render') if doc_acl == '' else doc_acl
     doc_data = 0 if doc_data == None else doc_data
@@ -865,6 +900,8 @@ def render_set(doc_name = '', doc_data = '', data_type = 'view', data_in = '', d
 
 # Func-request
 def send_email(who, title, data):
+    curs = conn.cursor()
+
     try:
         curs.execute(db_change('' + \
             'select name, data from other ' + \
@@ -923,6 +960,8 @@ def send_email(who, title, data):
         return 0
 
 def captcha_get():
+    curs = conn.cursor()
+
     data = ''
     
     if ip_or_user() != 0:
@@ -958,6 +997,8 @@ def captcha_get():
     return data
 
 def captcha_post(re_data, num = 1):
+    curs = conn.cursor()
+
     if num == 1:
         curs.execute(db_change('select data from other where name = "sec_re"'))
         sec_re = curs.fetchall()
@@ -976,6 +1017,8 @@ def captcha_post(re_data, num = 1):
 
 # Func-user
 def ip_or_user(data = ''):
+    # without_DB
+
     # 1 == ip
     # 0 == reg
     
@@ -988,6 +1031,8 @@ def ip_or_user(data = ''):
         return 0
 
 def admin_check(num = None, what = None, name = ''):
+    curs = conn.cursor()
+
     ip = ip_check() if name == '' else name
     time_data = get_time()
     pass_ok = 0
@@ -1048,6 +1093,8 @@ def admin_check(num = None, what = None, name = ''):
     return 0
 
 def acl_check(name = 'test', tool = '', topic_num = '1'):
+    curs = conn.cursor()
+
     ip = ip_check()
     get_ban = ban_check()
     acl_c = re.search(r"^user:((?:(?!\/).)*)", name) if name else None
@@ -1240,6 +1287,8 @@ def acl_check(name = 'test', tool = '', topic_num = '1'):
     return 1
 
 def ban_check(ip = None, tool = ''):
+    curs = conn.cursor()
+
     ip = ip_check() if not ip else ip
     tool = '' if not tool else tool
 
@@ -1282,6 +1331,8 @@ def ban_check(ip = None, tool = ''):
     return 0
 
 def ip_pas(raw_ip, type_d = 0):
+    curs = conn.cursor()
+
     hide = 0
     end_ip = {}
     i = 0
@@ -1328,6 +1379,8 @@ def ip_pas(raw_ip, type_d = 0):
         
 # Func-edit
 def slow_edit_check():
+    curs = conn.cursor()
+
     curs.execute(db_change("select data from other where name = 'slow_edit'"))
     slow_edit = curs.fetchall()
     if slow_edit and slow_edit != '0' and admin_check(5) != 1:
@@ -1351,6 +1404,8 @@ def slow_edit_check():
     return 0
 
 def edit_filter_do(data):
+    curs = conn.cursor()
+
     if admin_check(1) != 1:
         curs.execute(db_change(
             "select plus, plus_t from html_filter where kind = 'regex_filter' and plus != ''"
@@ -1372,11 +1427,16 @@ def edit_filter_do(data):
 
 # Func-insert
 def add_alarm(who, context):
+    curs = conn.cursor()
+
     curs.execute(db_change(
         'insert into alarm (name, data, date) values (?, ?, ?)'
     ), [who, context, get_time()])
+    conn.commit()
     
-def add_user(user_name, user_pw, user_email = '', user_encode = ''):    
+def add_user(user_name, user_pw, user_email = '', user_encode = ''):
+    curs = conn.cursor()
+
     if user_encode == '':
         user_pw_hash = pw_encode(user_pw)
 
@@ -1419,6 +1479,8 @@ def add_user(user_name, user_pw, user_email = '', user_encode = ''):
     conn.commit()
     
 def ua_plus(u_id, u_ip, u_agent, time):
+    curs = conn.cursor()
+
     curs.execute(db_change("select data from other where name = 'ua_get'"))
     rep_data = curs.fetchall()
     if rep_data and rep_data[0][0] != '':
@@ -1432,8 +1494,11 @@ def ua_plus(u_id, u_ip, u_agent, time):
             u_agent, 
             time
         ])
+        conn.commit()
 
 def ban_insert(name, end, why, login, blocker, type_d = None):
+    curs = conn.cursor()
+
     now_time = get_time()
     band = type_d if type_d else ''
 
@@ -1486,6 +1551,8 @@ def ban_insert(name, end, why, login, blocker, type_d = None):
     conn.commit()
 
 def rd_plus(topic_num, date, name = None, sub = None):
+    curs = conn.cursor()
+
     curs.execute(db_change("select code from rd where code = ?"), [topic_num])
     if curs.fetchall():
         curs.execute(db_change("update rd set date = ? where code = ?"), [date, topic_num])
@@ -1497,6 +1564,8 @@ def rd_plus(topic_num, date, name = None, sub = None):
     conn.commit()
 
 def history_plus(title, data, date, ip, send, leng, t_check = '', mode = ''):
+    curs = conn.cursor()
+
     if mode == 'add':
         curs.execute(db_change(
             "select id from history where title = ? order by id + 0 asc limit 1"
@@ -1580,6 +1649,8 @@ def history_plus(title, data, date, ip, send, leng, t_check = '', mode = ''):
 
 # Func-error
 def re_error(data):
+    curs = conn.cursor()
+
     conn.commit()
 
     if data == '/ban':

route/tool/func_mark.py

@@ -3,16 +3,15 @@ from .func_tool import *
 # 커스텀 마크 언젠간 다시 추가 예정
 
 conn = ''
-curs = ''
 
 def load_conn2(data):
     global conn
-    global curs
 
     conn = data
-    curs = conn.cursor()
     
 def backlink_generate(data_markup, doc_data, doc_name):
+    curs = conn.cursor()
+    
     if data_markup == 'namumark':
         # Link
         link_re = re.compile(r'\[\[(?!https?:\/\/|inter:|외부:|out:|#)((?:(?!\[\[|\]\]|\|).)+)(?:\]\]|\|)', re.I)
@@ -29,17 +28,23 @@ def backlink_generate(data_markup, doc_data, doc_name):
         
         for i in data_link:
             data_link_in = i
-            if re.search(r'^(?:분류|category):', data_link_in):
+            if  data_link_in.startswith('분류:') or \
+                data_link_in.startswith('category:'):
                 data_link_in = re.sub(r'\\(.)', r'\1', data_link_in)
                 data_link_end['cat'] += [re.sub(r'^분류:', 'category:', data_link_in)]
-            elif re.search(r'^(?:파일|file):', data_link_in):
+            elif data_link_in.startswith('파일:') or \
+                data_link_in.startswith('file:'):
                 data_link_in = re.sub(r'\\(.)', r'\1', data_link_in)
                 data_link_end['file'] += [re.sub(r'^파일:', 'file:', data_link_in)]
             else:
                 data_link_in = re.sub(r'([^\\])#(?:[^#]*)$', r'\1', data_link_in)
                 
                 if data_link_in[0] == ':':
-                    data_link_in = re.sub(r'^:', '', data_link_in)
+                    data_link_in = re.sub(r'^:분류:', 'category:', data_link_in)
+                    data_link_in = re.sub(r'^:category:', 'category:', data_link_in)
+                    
+                    data_link_in = re.sub(r'^:file:', 'file:', data_link_in)
+                    data_link_in = re.sub(r'^:파일:', 'file:', data_link_in)
                 elif data_link_in[0] == '/':
                     data_link_in = doc_name + data_link_in
                 elif len(data_link_in) >= 3 and data_link_in[0:3] == '../':
@@ -98,6 +103,8 @@ def backlink_generate(data_markup, doc_data, doc_name):
     return data_link_end_all
 
 def render_do(doc_name, doc_data, data_type, data_in):
+    curs = conn.cursor()
+    
     data_in = None if data_in == '' else data_in
     
     curs.execute(db_change('select data from other where name = "markup"'))
@@ -129,7 +136,7 @@ def render_do(doc_name, doc_data, data_type, data_in):
                         test_mode = "normal", 
                         name_id = "''' + data_in + '''render_content",
                         name_include = "''' + data_in + '''",
-                        name_doc = "''' + doc_name.replace('"', '//"') + '''"
+                        name_doc = "''' + doc_name.replace('"', '\\"') + '''"
                     );
                 ''',
                 []
@@ -145,7 +152,7 @@ def render_do(doc_name, doc_data, data_type, data_in):
                         test_mode = "normal", 
                         name_id = "''' + data_in + '''render_content",
                         name_include = "''' + data_in + '''",
-                        name_doc = "''' + doc_name.replace('"', '//"') + '''"
+                        name_doc = "''' + doc_name.replace('"', '\\"') + '''"
                     );
                 ''',
                 []

route/user_alarm.py

@@ -14,7 +14,7 @@ def user_alarm_2(conn):
         data = '<a href="/alarm/delete">(' + load_lang('delete') + ')</a><hr class=\"main_hr\">' + data
 
         for data_one in data_list:
-            data += '<li>' + data_one[0] + ' (' + data_one[1] + ')</li>'
+            data += '<li>' + html.escape(data_one[0]) + ' (' + data_one[1] + ')</li>'
 
     data += '</ul>' + next_fix('/alarm?num=', num, data_list)
 

route/view_down.py

@@ -7,7 +7,7 @@ def view_down_2(conn, name):
 
     curs.execute(db_change("select title from data where title like ?"), [name + '/%'])
     for data in curs.fetchall():
-        div += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
+        div += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a></li>'
 
     div += '</ul>'
 

route/view_read.py

@@ -29,10 +29,10 @@ def view_read_2(conn, name, doc_rev, doc_from):
         curs.execute(db_change("select link from back where title = ? and type = 'cat' order by link asc"), [name])
         category_sql = curs.fetchall()
         for data in category_sql:
-            if re.search(r'^category:', data[0]):
-                category_sub += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
+            if data[0].startswith('category:'):
+                category_sub += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a></li>'
             else:
-                category_doc += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a> <a id="inside" href="/xref/' + url_pas(data[0]) + '">(' + load_lang('backlink') + ')</a></li>'
+                category_doc += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a> <a id="inside" href="/xref/' + url_pas(data[0]) + '">(' + load_lang('backlink') + ')</a></li>'
 
         if category_doc != '':
             category_doc = '<h2 id="cate_normal">' + load_lang('category_title') + '</h2><ul class="inside_ul">' + category_doc + '</ul>'

route/view_xref.py

@@ -32,7 +32,7 @@ def view_xref_2(conn, name, xref_type = '1'):
 
     data_list = curs.fetchall()
     for data in data_list:
-        div += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a>'
+        div += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a>'
 
         if data[1]:
             div += ' (' + data[1] + ')'

version.json

@@ -1,6 +1,6 @@
 {
     "beta" : {
-        "r_ver" : "v3.5.0-dev (stable1) (beta10) (dev15)",
+        "r_ver" : "v3.5.0-beta (stable1) (beta11) (dev16)",
         "c_ver" : "3500101",
         "s_ver" : "3500110"
     }

views/main_css/js/render_html.js

@@ -11,8 +11,7 @@ function render_html(name = '') {
                 'b', 'i', 's', 'del', 'strong', 'bold', 'em', 'sub', 'sup', 
                 'div', 'span', 
                 'a',
-                'iframe',
-                'video'
+                'iframe'
             ];
             for(var key in t_data) {
                 patt = new RegExp(

views/main_css/js/render_onmark.js

@@ -361,6 +361,7 @@ function do_onmark_link_render(data, data_js, name_doc, name_include, data_nowik
                             'href="">' + link_out + '</a>';
             } else if(link_real.match(inter_re)) {
                 let data_inter = link_real.match(inter_re);
+                
                 let data_inter_link = '';
                 let data_inter_logo = '';
                 if(data_inter) {
@@ -377,6 +378,10 @@ function do_onmark_link_render(data, data_js, name_doc, name_include, data_nowik
                             ''
                         );
                     }
+                    
+                    var data_inter_var = do_link_change(link_real, data_nowiki, 0);
+                    var data_inter_link_main = data_inter_var[0];
+                    var data_inter_link_sub = data_inter_var[1];
                         
                     let data_inter_get = data_wiki_set['inter_wiki'][data_inter[1]];
                     if(data_inter_get) {
@@ -398,7 +403,7 @@ function do_onmark_link_render(data, data_js, name_doc, name_include, data_nowik
                     '';
                     data_js += '' +
                         'document.getElementsByName("' + name_include + 'set_link_' + num_link_str + '")[0].href = ' + 
-                        '"' + data_inter_link + do_url_change(link_real) + '";' +
+                        '"' + data_inter_link + do_url_change(data_inter_link_main) + data_inter_link_sub + '";' +
                             '\n' +
                     '';