xpressengine / xe-core

modules/file/file.controller.php

Spacing +168 added lines, -168 removed lines

@@ -29,30 +29,30 @@ 
 		$file_info = $_FILES['Filedata'];
 
 		// An error appears if not a normally uploaded file
-		if(!is_uploaded_file($file_info['tmp_name'])) exit();
+		if (!is_uploaded_file($file_info['tmp_name'])) exit();
 
 		// Basic variables setting
 		$oFileModel = getModel('file');
 		$editor_sequence = Context::get('editor_sequence');
 		$upload_target_srl = intval(Context::get('uploadTargetSrl'));
-		if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+		if (!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
 		$module_srl = $this->module_srl;
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if (!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
 		// Extract from session information if upload_target_srl is not specified
-		if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		if (!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
 		// Create if upload_target_srl is not defined in the session information
-		if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		if (!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
 
 		$output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
 		Context::setResponseMethod('JSON');
-		$this->add('file_srl',$output->get('file_srl'));
-		$this->add('file_size',$output->get('file_size'));
-		$this->add('direct_download',$output->get('direct_download'));
-		$this->add('source_filename',$output->get('source_filename'));
-		$this->add('download_url',$output->get('uploaded_filename'));
-		$this->add('upload_target_srl',$output->get('upload_target_srl'));
-		if($output->error != '0') $this->stop($output->message);
+		$this->add('file_srl', $output->get('file_srl'));
+		$this->add('file_size', $output->get('file_size'));
+		$this->add('direct_download', $output->get('direct_download'));
+		$this->add('source_filename', $output->get('source_filename'));
+		$this->add('download_url', $output->get('uploaded_filename'));
+		$this->add('upload_target_srl', $output->get('upload_target_srl'));
+		if ($output->error != '0') $this->stop($output->message);
 	}
 
 	/**
@@ -67,24 +67,24 @@ 
 		$callback = Context::get('callback');
 		$module_srl = $this->module_srl;
 		$upload_target_srl = intval(Context::get('uploadTargetSrl'));
-		if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+		if (!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
 
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if (!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
 		// Extract from session information if upload_target_srl is not specified
-		if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		if (!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
 		// Create if upload_target_srl is not defined in the session information
-		if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		if (!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
 
 		// Delete and then attempt to re-upload if file_srl is requested
 		$file_srl = Context::get('file_srl');
-		if($file_srl)
+		if ($file_srl)
 		{
 			$oFileModel = getModel('file');
 			$logged_info = Context::get('logged_info');
 			$file_info = $oFileModel->getFile($file_srl);
 			$file_grant = $oFileModel->getFileGrant($file_info, $logged_info);
-			if($file_info->file_srl == $file_srl && $file_grant->is_deletable)
+			if ($file_info->file_srl == $file_srl && $file_grant->is_deletable)
 			{
 				$this->deleteFile($file_srl);
 			}
@@ -92,12 +92,12 @@ 
 
 		$file_info = Context::get('Filedata');
 		// An error appears if not a normally uploaded file
-		if(is_uploaded_file($file_info['tmp_name'])) {
+		if (is_uploaded_file($file_info['tmp_name'])) {
 			$output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
-			Context::set('uploaded_fileinfo',$output);
+			Context::set('uploaded_fileinfo', $output);
 		}
 
-		Context::set('layout','none');
+		Context::set('layout', 'none');
 
 		$this->setTemplatePath($this->module_path.'tpl');
 		$this->setTemplateFile('iframe');
@@ -114,24 +114,24 @@ 
 		$width = Context::get('width');
 		$height = Context::get('height');
 
-		if(!$file_srl || !$width)
+		if (!$file_srl || !$width)
 		{
-			return new Object(-1,'msg_invalid_request');
+			return new Object(-1, 'msg_invalid_request');
 		}
 
 		$oFileModel = getModel('file');
 		$fileInfo = $oFileModel->getFile($file_srl);
-		if(!$fileInfo || $fileInfo->direct_download != 'Y')
+		if (!$fileInfo || $fileInfo->direct_download != 'Y')
 		{
-			return new Object(-1,'msg_invalid_request');
+			return new Object(-1, 'msg_invalid_request');
 		}
 
 		$source_src = $fileInfo->uploaded_filename;
-		$output_src = $source_src . '.resized' . strrchr($source_src,'.');
+		$output_src = $source_src.'.resized'.strrchr($source_src, '.');
 
-		if(!$height) $height = $width-1;
+		if (!$height) $height = $width - 1;
 
-		if(FileHandler::createImageFile($source_src,$output_src,$width,$height,'','ratio'))
+		if (FileHandler::createImageFile($source_src, $output_src, $width, $height, '', 'ratio'))
 		{
 			$output = new stdClass();
 			$output->info = getimagesize($output_src);
@@ -139,10 +139,10 @@ 
 		}
 		else
 		{
-			return new Object(-1,'msg_invalid_request');
+			return new Object(-1, 'msg_invalid_request');
 		}
 
-		$this->add('resized_info',$output);
+		$this->add('resized_info', $output);
 	}
 
 	/**
@@ -180,7 +180,7 @@ 
 	{
 		$oFileModel = getModel('file');
 
-		if(isset($this->grant->access) && $this->grant->access !== true) return new Object(-1, 'msg_not_permitted');
+		if (isset($this->grant->access) && $this->grant->access !== true) return new Object(-1, 'msg_not_permitted');
 
 		$file_srl = Context::get('file_srl');
 		$sid = Context::get('sid');
@@ -189,26 +189,26 @@ 
 		$columnList = array('file_srl', 'sid', 'isvalid', 'source_filename', 'module_srl', 'uploaded_filename', 'file_size', 'member_srl', 'upload_target_srl', 'upload_target_type');
 		$file_obj = $oFileModel->getFile($file_srl, $columnList);
 		// If the requested file information is incorrect, an error that file cannot be found appears
-		if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid) return $this->stop('msg_file_not_found');
+		if ($file_obj->file_srl != $file_srl || $file_obj->sid != $sid) return $this->stop('msg_file_not_found');
 		// Notify that file download is not allowed when standing-by(Only a top-administrator is permitted)
-		if($logged_info->is_admin != 'Y' && $file_obj->isvalid!='Y') return $this->stop('msg_not_permitted_download');
+		if ($logged_info->is_admin != 'Y' && $file_obj->isvalid != 'Y') return $this->stop('msg_not_permitted_download');
 		// File name
 		$filename = $file_obj->source_filename;
 		$file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl);
 		// Not allow the file outlink
-		if($file_module_config->allow_outlink == 'N')
+		if ($file_module_config->allow_outlink == 'N')
 		{
 			// Handles extension to allow outlink
-			if($file_module_config->allow_outlink_format)
+			if ($file_module_config->allow_outlink_format)
 			{
 				$allow_outlink_format_array = array();
 				$allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format);
-				if(!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
+				if (!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
 
-				foreach($allow_outlink_format_array as $val)
+				foreach ($allow_outlink_format_array as $val)
 				{
 					$val = trim($val);
-					if(preg_match("/\.{$val}$/i", $filename))
+					if (preg_match("/\.{$val}$/i", $filename))
 					{
 						$file_module_config->allow_outlink = 'Y';
 						break;
@@ -216,21 +216,21 @@ 
 				}
 			}
 			// Sites that outlink is allowed
-			if($file_module_config->allow_outlink != 'Y')
+			if ($file_module_config->allow_outlink != 'Y')
 			{
 				$referer = parse_url($_SERVER["HTTP_REFERER"]);
-				if($referer['host'] != $_SERVER['HTTP_HOST'])
+				if ($referer['host'] != $_SERVER['HTTP_HOST'])
 				{
-					if($file_module_config->allow_outlink_site)
+					if ($file_module_config->allow_outlink_site)
 					{
 						$allow_outlink_site_array = array();
 						$allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site);
-						if(!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
+						if (!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
 
-						foreach($allow_outlink_site_array as $val)
+						foreach ($allow_outlink_site_array as $val)
 						{
 							$site = parse_url(trim($val));
-							if($site['host'] == $referer['host'])
+							if ($site['host'] == $referer['host'])
 							{
 								$file_module_config->allow_outlink = 'Y';
 								break;
@@ -240,49 +240,49 @@ 
 				}
 				else $file_module_config->allow_outlink = 'Y';
 			}
-			if($file_module_config->allow_outlink != 'Y') return $this->stop('msg_not_allowed_outlink');
+			if ($file_module_config->allow_outlink != 'Y') return $this->stop('msg_not_allowed_outlink');
 		}
 
 		// Check if a permission for file download is granted
 		$downloadGrantCount = 0;
-		if(is_array($file_module_config->download_grant))
+		if (is_array($file_module_config->download_grant))
 		{
-			foreach($file_module_config->download_grant AS $value)
-				if($value) $downloadGrantCount++;
+			foreach ($file_module_config->download_grant AS $value)
+				if ($value) $downloadGrantCount++;
 		}
 
-		if(is_array($file_module_config->download_grant) && $downloadGrantCount>0)
+		if (is_array($file_module_config->download_grant) && $downloadGrantCount > 0)
 		{
-			if(!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
+			if (!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
 			$logged_info = Context::get('logged_info');
-			if($logged_info->is_admin != 'Y')
+			if ($logged_info->is_admin != 'Y')
 			{
-				$oModuleModel =& getModel('module');
+				$oModuleModel = & getModel('module');
 				$columnList = array('module_srl', 'site_srl');
 				$module_info = $oModuleModel->getModuleInfoByModuleSrl($file_obj->module_srl, $columnList);
 
-				if(!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
+				if (!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
 				{
-					$oMemberModel =& getModel('member');
+					$oMemberModel = & getModel('member');
 					$member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl);
 
 					$is_permitted = false;
-					for($i=0;$i<count($file_module_config->download_grant);$i++)
+					for ($i = 0; $i < count($file_module_config->download_grant); $i++)
 					{
 						$group_srl = $file_module_config->download_grant[$i];
-						if($member_groups[$group_srl])
+						if ($member_groups[$group_srl])
 						{
 							$is_permitted = true;
 							break;
 						}
 					}
-					if(!$is_permitted) return $this->stop('msg_not_permitted_download');
+					if (!$is_permitted) return $this->stop('msg_not_permitted_download');
 				}
 			}
 		}
 		// Call a trigger (before)
 		$output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj);
-		if(!$output->toBool()) return $this->stop(($output->message)?$output->message:'msg_not_permitted_download');
+		if (!$output->toBool()) return $this->stop(($output->message) ? $output->message : 'msg_not_permitted_download');
 
 
 		// 다운로드 후 (가상)
@@ -295,7 +295,7 @@ 
 
 		$random = new Password();
 		$file_key = $_SESSION['__XE_FILE_KEY__'][$file_srl] = $random->createSecureSalt(32, 'hex');
-		header('Location: '.getNotEncodedUrl('', 'act', 'procFileOutput','file_srl',$file_srl,'file_key',$file_key));
+		header('Location: '.getNotEncodedUrl('', 'act', 'procFileOutput', 'file_srl', $file_srl, 'file_key', $file_key));
 		Context::close();
 		exit();
 
@@ -306,18 +306,18 @@ 
 		$oFileModel = getModel('file');
 		$file_srl = Context::get('file_srl');
 		$file_key = Context::get('file_key');
-		if(strstr($_SERVER['HTTP_USER_AGENT'], "Android")) $is_android = true;
+		if (strstr($_SERVER['HTTP_USER_AGENT'], "Android")) $is_android = true;
 
-		if($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) $session_key = '__XE_FILE_KEY_AND__';
+		if ($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) $session_key = '__XE_FILE_KEY_AND__';
 		else $session_key = '__XE_FILE_KEY__';
 		$columnList = array('source_filename', 'uploaded_filename', 'file_size');
 		$file_obj = $oFileModel->getFile($file_srl, $columnList);
 
 		$uploaded_filename = $file_obj->uploaded_filename;
 
-		if(!file_exists($uploaded_filename)) return $this->stop('msg_file_not_found');
+		if (!file_exists($uploaded_filename)) return $this->stop('msg_file_not_found');
 
-		if(!$file_key || $_SESSION[$session_key][$file_srl] != $file_key)
+		if (!$file_key || $_SESSION[$session_key][$file_srl] != $file_key)
 		{
 			unset($_SESSION[$session_key][$file_srl]);
 			return $this->stop('msg_invalid_request');
@@ -326,34 +326,34 @@ 
 		$file_size = $file_obj->file_size;
 		$filename = $file_obj->source_filename;
 		
-		if(preg_match('#(?:Chrome|Edge)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 11)
+		if (preg_match('#(?:Chrome|Edge)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 11)
 		{
-			if($is_android && preg_match('#\bwv\b|(?:Version|Browser)/\d+#', $_SERVER['HTTP_USER_AGENT']))
+			if ($is_android && preg_match('#\bwv\b|(?:Version|Browser)/\d+#', $_SERVER['HTTP_USER_AGENT']))
 			{
-				$filename_param = 'filename="' . $filename . '"';
+				$filename_param = 'filename="'.$filename.'"';
 			}
 			else
 			{
-				$filename_param = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"';
+				$filename_param = "filename*=UTF-8''".rawurlencode($filename).'; filename="'.rawurlencode($filename).'"';
 			}
 		}
-		elseif(preg_match('#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
+		elseif (preg_match('#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
 		{
-			$filename_param = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"';
+			$filename_param = "filename*=UTF-8''".rawurlencode($filename).'; filename="'.rawurlencode($filename).'"';
 		}
-		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
+		elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
 		{
 			$filename = rawurlencode($filename);
-			$filename_param = 'filename="' . preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1) . '"';
+			$filename_param = 'filename="'.preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1).'"';
 		}
 		else
 		{
-			$filename_param = 'filename="' . $filename . '"';
+			$filename_param = 'filename="'.$filename.'"';
 		}
 
-		if($is_android)
+		if ($is_android)
 		{
-			if($_SESSION['__XE_FILE_KEY__'][$file_srl]) $_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
+			if ($_SESSION['__XE_FILE_KEY__'][$file_srl]) $_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
 		}
 
 		unset($_SESSION[$session_key][$file_srl]);
@@ -361,21 +361,21 @@ 
 		Context::close();
 
 		$fp = fopen($uploaded_filename, 'rb');
-		if(!$fp) return $this->stop('msg_file_not_found');
+		if (!$fp) return $this->stop('msg_file_not_found');
 
 		header("Cache-Control: ");
 		header("Pragma: ");
 		header("Content-Type: application/octet-stream");
-		header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+		header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
 
-		header("Content-Length: " .(string)($file_size));
-		header('Content-Disposition: attachment; ' . $filename_param);
+		header("Content-Length: ".(string) ($file_size));
+		header('Content-Disposition: attachment; '.$filename_param);
 		header("Content-Transfer-Encoding: binary\n");
 
 		// if file size is lager than 10MB, use fread function (#18675748)
-		if($file_size > 1024 * 1024)
+		if ($file_size > 1024 * 1024)
 		{
-			while(!feof($fp)) echo fread($fp, 1024);
+			while (!feof($fp)) echo fread($fp, 1024);
 			fclose($fp);
 		}
 		else
@@ -397,36 +397,36 @@ 
 		$editor_sequence = Context::get('editor_sequence');
 		$file_srl = Context::get('file_srl');
 		$file_srls = Context::get('file_srls');
-		if($file_srls) $file_srl = $file_srls;
+		if ($file_srls) $file_srl = $file_srls;
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if (!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
 
 		$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
 
 		$logged_info = Context::get('logged_info');
 		$oFileModel = getModel('file');
 
-		$srls = explode(',',$file_srl);
-		if(!count($srls)) return;
+		$srls = explode(',', $file_srl);
+		if (!count($srls)) return;
 
-		for($i=0;$i<count($srls);$i++)
+		for ($i = 0; $i < count($srls); $i++)
 		{
-			$srl = (int)$srls[$i];
-			if(!$srl) continue;
+			$srl = (int) $srls[$i];
+			if (!$srl) continue;
 
 			$args = new stdClass;
 			$args->file_srl = $srl;
 			$output = executeQuery('file.getFile', $args);
-			if(!$output->toBool()) continue;
+			if (!$output->toBool()) continue;
 
 			$file_info = $output->data;
-			if(!$file_info) continue;
+			if (!$file_info) continue;
 
 			$file_grant = $oFileModel->getFileGrant($file_info, $logged_info);
 
-			if(!$file_grant->is_deletable) continue;
+			if (!$file_grant->is_deletable) continue;
 
-			if($upload_target_srl && $file_srl) $output = $this->deleteFile($file_srl);
+			if ($upload_target_srl && $file_srl) $output = $this->deleteFile($file_srl);
 		}
 	}
 
@@ -437,32 +437,32 @@ 
 	 */
 	function procFileGetList()
 	{
-		if(!Context::get('is_logged')) return new Object(-1,'msg_not_permitted');
+		if (!Context::get('is_logged')) return new Object(-1, 'msg_not_permitted');
 
 		$oModuleModel = getModel('module');
 
 		$logged_info = Context::get('logged_info');
-		if($logged_info->is_admin !== 'Y' && !$oModuleModel->isSiteAdmin($logged_info))
+		if ($logged_info->is_admin !== 'Y' && !$oModuleModel->isSiteAdmin($logged_info))
 		{
 			return new Object(-1, 'msg_not_permitted');
 		}
 
 		$fileSrls = Context::get('file_srls');
-		if($fileSrls) $fileSrlList = explode(',', $fileSrls);
+		if ($fileSrls) $fileSrlList = explode(',', $fileSrls);
 
 		global $lang;
-		if(count($fileSrlList) > 0)
+		if (count($fileSrlList) > 0)
 		{
 			$oFileModel = getModel('file');
 			$fileList = $oFileModel->getFile($fileSrlList);
-			if(!is_array($fileList)) $fileList = array($fileList);
+			if (!is_array($fileList)) $fileList = array($fileList);
 
-			if(is_array($fileList))
+			if (is_array($fileList))
 			{
-				foreach($fileList AS $key=>$value)
+				foreach ($fileList AS $key=>$value)
 				{
 					$value->human_file_size = FileHandler::filesize($value->file_size);
-					if($value->isvalid=='Y') $value->validName = $lang->is_valid;
+					if ($value->isvalid == 'Y') $value->validName = $lang->is_valid;
 					else $value->validName = $lang->is_stand_by;
 				}
 			}
@@ -484,7 +484,7 @@ 
 	function triggerCheckAttached(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if (!$document_srl) return new Object();
 		// Get numbers of attachments
 		$oFileModel = getModel('file');
 		$obj->uploaded_count = $oFileModel->getFilesCount($document_srl);
@@ -501,10 +501,10 @@ 
 	function triggerAttachFiles(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if (!$document_srl) return new Object();
 
 		$output = $this->setFilesValid($document_srl);
-		if(!$output->toBool()) return $output;
+		if (!$output->toBool()) return $output;
 
 		return new Object();
 	}
@@ -518,7 +518,7 @@ 
 	function triggerDeleteAttached(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if (!$document_srl) return new Object();
 
 		$output = $this->deleteFiles($document_srl);
 		return $output;
@@ -533,7 +533,7 @@ 
 	function triggerCommentCheckAttached(&$obj)
 	{
 		$comment_srl = $obj->comment_srl;
-		if(!$comment_srl) return new Object();
+		if (!$comment_srl) return new Object();
 		// Get numbers of attachments
 		$oFileModel = getModel('file');
 		$obj->uploaded_count = $oFileModel->getFilesCount($comment_srl);
@@ -551,10 +551,10 @@ 
 	{
 		$comment_srl = $obj->comment_srl;
 		$uploaded_count = $obj->uploaded_count;
-		if(!$comment_srl || !$uploaded_count) return new Object();
+		if (!$comment_srl || !$uploaded_count) return new Object();
 
 		$output = $this->setFilesValid($comment_srl);
-		if(!$output->toBool()) return $output;
+		if (!$output->toBool()) return $output;
 
 		return new Object();
 	}
@@ -568,9 +568,9 @@ 
 	function triggerCommentDeleteAttached(&$obj)
 	{
 		$comment_srl = $obj->comment_srl;
-		if(!$comment_srl) return new Object();
+		if (!$comment_srl) return new Object();
 
-		if($obj->isMoveToTrash) return new Object();
+		if ($obj->isMoveToTrash) return new Object();
 
 		$output = $this->deleteFiles($comment_srl);
 		return $output;
@@ -585,7 +585,7 @@ 
 	function triggerDeleteModuleFiles(&$obj)
 	{
 		$module_srl = $obj->module_srl;
-		if(!$module_srl) return new Object();
+		if (!$module_srl) return new Object();
 
 		$oFileController = getAdminController('file');
 		return $oFileController->deleteModuleFiles($module_srl);
@@ -598,9 +598,9 @@ 
 	 * @param int $upload_target_srl
 	 * @return void
 	 */
-	function setUploadInfo($editor_sequence, $upload_target_srl=0)
+	function setUploadInfo($editor_sequence, $upload_target_srl = 0)
 	{
-		if(!isset($_SESSION['upload_info'][$editor_sequence]))
+		if (!isset($_SESSION['upload_info'][$editor_sequence]))
 		{
 			$_SESSION['upload_info'][$editor_sequence] = new stdClass();
 		}
@@ -660,36 +660,36 @@ 
 		$trigger_obj->module_srl = $module_srl;
 		$trigger_obj->upload_target_srl = $upload_target_srl;
 		$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
-		if(!$output->toBool()) return $output;
+		if (!$output->toBool()) return $output;
 
 		// A workaround for Firefox upload bug
-		if(preg_match('/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info['name'], $match))
+		if (preg_match('/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info['name'], $match))
 		{
 			$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
 		}
 
-		if(!$manual_insert)
+		if (!$manual_insert)
 		{
 			// Get the file configurations
 			$logged_info = Context::get('logged_info');
-			if($logged_info->is_admin != 'Y')
+			if ($logged_info->is_admin != 'Y')
 			{
 				$oFileModel = getModel('file');
 				$config = $oFileModel->getFileConfig($module_srl);
 
 				// check file type
-				if(isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*')
+				if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*')
 				{
 					$filetypes = explode(';', $config->allowed_filetypes);
 					$ext = array();
-					foreach($filetypes as $item) {
+					foreach ($filetypes as $item) {
 						$item = explode('.', $item);
 						$ext[] = strtolower($item[1]);
 					}
 					$uploaded_ext = explode('.', $file_info['name']);
 					$uploaded_ext = strtolower(array_pop($uploaded_ext));
 
-					if(!in_array($uploaded_ext, $ext))
+					if (!in_array($uploaded_ext, $ext))
 					{
 						return $this->stop('msg_not_allowed_filetype');
 					}
@@ -698,63 +698,63 @@ 
 				$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
 				$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
 				// An error appears if file size exceeds a limit
-				if($allowed_filesize < filesize($file_info['tmp_name'])) return new Object(-1, 'msg_exceeds_limit_size');
+				if ($allowed_filesize < filesize($file_info['tmp_name'])) return new Object(-1, 'msg_exceeds_limit_size');
 				// Get total file size of all attachements (from DB)
 				$size_args = new stdClass;
 				$size_args->upload_target_srl = $upload_target_srl;
 				$output = executeQuery('file.getAttachedFileSize', $size_args);
-				$attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
-				if($attached_size > $allowed_attach_size) return new Object(-1, 'msg_exceeds_limit_size');
+				$attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
+				if ($attached_size > $allowed_attach_size) return new Object(-1, 'msg_exceeds_limit_size');
 			}
 		}
 
 		// https://github.com/xpressengine/xe-core/issues/1713
-		$file_info['name'] = preg_replace('/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']);
+		$file_info['name'] = preg_replace('/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']);
 		$file_info['name'] = removeHackTag($file_info['name']);
-		$file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']);
+		$file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']);
 
 		// Get random number generator
 		$random = new Password();
 
 		// Set upload path by checking if the attachement is an image or other kinds of file
-		if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
+		if (preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
 		{
-			$path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
+			$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
 
 			// special character to '_'
 			// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
-			$ext = substr(strrchr($file_info['name'],'.'),1);
+			$ext = substr(strrchr($file_info['name'], '.'), 1);
 			//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
 			$_filename = $random->createSecureSalt(32, 'hex').'.'.$ext;
 			$filename  = $path.$_filename;
 			$idx = 1;
-			while(file_exists($filename))
+			while (file_exists($filename))
 			{
-				$filename = $path.preg_replace('/\.([a-z0-9]+)$/i','_'.$idx.'.$1',$_filename);
+				$filename = $path.preg_replace('/\.([a-z0-9]+)$/i', '_'.$idx.'.$1', $_filename);
 				$idx++;
 			}
 			$direct_download = 'Y';
 		}
 		else
 		{
-			$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
+			$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
 			$filename = $path.$random->createSecureSalt(32, 'hex');
 			$direct_download = 'N';
 		}
 		// Create a directory
-		if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
+		if (!FileHandler::makeDir($path)) return new Object(-1, 'msg_not_permitted_create');
 
 		// Check uploaded file
-		if(!checkUploadedFile($file_info['tmp_name']))  return new Object(-1,'msg_file_upload_error');
+		if (!checkUploadedFile($file_info['tmp_name']))  return new Object(-1, 'msg_file_upload_error');
 
 		// Get random number generator
 		$random = new Password();
 		
 		// Move the file
-		if($manual_insert)
+		if ($manual_insert)
 		{
 			@copy($file_info['tmp_name'], $filename);
-			if(!file_exists($filename))
+			if (!file_exists($filename))
 			{
 				$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
 				@copy($file_info['tmp_name'], $filename);
@@ -762,10 +762,10 @@ 
 		}
 		else
 		{
-			if(!@move_uploaded_file($file_info['tmp_name'], $filename))
+			if (!@move_uploaded_file($file_info['tmp_name'], $filename))
 			{
 				$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
-				if(!@move_uploaded_file($file_info['tmp_name'], $filename))  return new Object(-1,'msg_file_upload_error');
+				if (!@move_uploaded_file($file_info['tmp_name'], $filename))  return new Object(-1, 'msg_file_upload_error');
 			}
 		}
 		// Get member information
@@ -786,10 +786,10 @@ 
 		$args->sid = $random->createSecureSalt(32, 'hex');
 
 		$output = executeQuery('file.insertFile', $args);
-		if(!$output->toBool()) return $output;
+		if (!$output->toBool()) return $output;
 		// Call a trigger (after)
 		$trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
-		if(!$trigger_output->toBool()) return $trigger_output;
+		if (!$trigger_output->toBool()) return $trigger_output;
 
 		$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
 
@@ -832,18 +832,18 @@ 
 	 */
 	function deleteFile($file_srl)
 	{
-		if(!$file_srl) return;
+		if (!$file_srl) return;
 
 		$srls = (is_array($file_srl)) ? $file_srl : explode(',', $file_srl);
-		if(!count($srls)) return;
+		if (!count($srls)) return;
 
 		$oDocumentController = getController('document');
 		$documentSrlList = array();
 
-		foreach($srls as $srl)
+		foreach ($srls as $srl)
 		{
-			$srl = (int)$srl;
-			if(!$srl) 
+			$srl = (int) $srl;
+			if (!$srl) 
 			{
 				continue;
 			}
@@ -852,14 +852,14 @@ 
 			$args->file_srl = $srl;
 			$output = executeQuery('file.getFile', $args);
 
-			if(!$output->toBool() || !$output->data) 
+			if (!$output->toBool() || !$output->data) 
 			{
 				continue;
 			}
 
 			$file_info = $output->data;
 
-			if($file_info->upload_target_srl)
+			if ($file_info->upload_target_srl)
 			{
 				$documentSrlList[] = $file_info->upload_target_srl;
 			}
@@ -870,15 +870,15 @@ 
 			// Call a trigger (before)
 			$trigger_obj = $output->data;
 			$output = ModuleHandler::triggerCall('file.deleteFile', 'before', $trigger_obj);
-			if(!$output->toBool()) return $output;
+			if (!$output->toBool()) return $output;
 
 			// Remove from the DB
 			$output = executeQuery('file.deleteFile', $args);
-			if(!$output->toBool()) return $output;
+			if (!$output->toBool()) return $output;
 
 			// Call a trigger (after)
 			$trigger_output = ModuleHandler::triggerCall('file.deleteFile', 'after', $trigger_obj);
-			if(!$trigger_output->toBool()) return $trigger_output;
+			if (!$trigger_output->toBool()) return $trigger_output;
 
 			// If successfully deleted, remove the file
 			FileHandler::removeFile($uploaded_filename);
@@ -902,28 +902,28 @@ 
 		$columnList = array('file_srl', 'uploaded_filename', 'module_srl');
 		$file_list = $oFileModel->getFiles($upload_target_srl, $columnList);
 		// Success returned if no attachement exists
-		if(!is_array($file_list)||!count($file_list)) return new Object();
+		if (!is_array($file_list) || !count($file_list)) return new Object();
 
 		// Delete the file
 		$path = array();
 		$file_count = count($file_list);
-		for($i=0;$i<$file_count;$i++)
+		for ($i = 0; $i < $file_count; $i++)
 		{
 			$this->deleteFile($file_list[$i]->file_srl);
 
 			$uploaded_filename = $file_list[$i]->uploaded_filename;
 			$path_info = pathinfo($uploaded_filename);
-			if(!in_array($path_info['dirname'], $path)) $path[] = $path_info['dirname'];
+			if (!in_array($path_info['dirname'], $path)) $path[] = $path_info['dirname'];
 		}
 
 		// Remove from the DB
 		$args = new stdClass();
 		$args->upload_target_srl = $upload_target_srl;
 		$output = executeQuery('file.deleteFiles', $args);
-		if(!$output->toBool()) return $output;
+		if (!$output->toBool()) return $output;
 		
 		// Remove a file directory of the document
-		for($i=0, $c=count($path); $i<$c; $i++)
+		for ($i = 0, $c = count($path); $i < $c; $i++)
 		{
 			FileHandler::removeBlankDir($path[$i]);
 		}
@@ -941,23 +941,23 @@ 
 	 */
 	function moveFile($source_srl, $target_module_srl, $target_srl)
 	{
-		if($source_srl == $target_srl) return;
+		if ($source_srl == $target_srl) return;
 
 		$oFileModel = getModel('file');
 		$file_list = $oFileModel->getFiles($source_srl);
-		if(!$file_list) return;
+		if (!$file_list) return;
 
 		$file_count = count($file_list);
  
-		for($i=0;$i<$file_count;$i++)
+		for ($i = 0; $i < $file_count; $i++)
 		{
 			unset($file_info);
 			$file_info = $file_list[$i];
 			$old_file = $file_info->uploaded_filename;
 			// Determine the file path by checking if the file is an image or other kinds
-			if(preg_match("/\.(asf|asf|asx|avi|flv|gif|jpeg|jpg|m4a|m4v|mid|midi|moov|mov|mp1|mp2|mp3|mp4|mpeg|mpg|ogg|png|qt|ra|ram|rm|rmm|wav|webm|webp|wma|wmv)$/i", $file_info->source_filename))
+			if (preg_match("/\.(asf|asf|asx|avi|flv|gif|jpeg|jpg|m4a|m4v|mid|midi|moov|mov|mp1|mp2|mp3|mp4|mpeg|mpg|ogg|png|qt|ra|ram|rm|rmm|wav|webm|webp|wma|wmv)$/i", $file_info->source_filename))
 			{
-				$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
+				$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl, $target_srl);
 				$new_file = $path.$file_info->source_filename;
 			}
 			else
@@ -967,7 +967,7 @@ 
 				$new_file = $path.$random->createSecureSalt(32, 'hex');
 			}
 			// Pass if a target document to move is same
-			if($old_file == $new_file) continue;
+			if ($old_file == $new_file) continue;
 			// Create a directory
 			FileHandler::makeDir($path);
 			// Move the file
@@ -987,18 +987,18 @@ 
 		$vars = Context::getRequestVars();
 		$logged_info = Context::get('logged_info');
 
-		if(!$vars->editor_sequence) return new Object(-1, 'msg_invalid_request');
+		if (!$vars->editor_sequence) return new Object(-1, 'msg_invalid_request');
 
 		$upload_target_srl = $_SESSION['upload_info'][$vars->editor_sequence]->upload_target_srl;
 
 		$oFileModel = getModel('file');
 		$file_info = $oFileModel->getFile($vars->file_srl);
 
-		if(!$file_info) return new Object(-1, 'msg_not_founded');
+		if (!$file_info) return new Object(-1, 'msg_not_founded');
 
-		if(!$this->manager && !$file_info->member_srl === $logged_info->member_srl) return new Object(-1, 'msg_not_permitted');
+		if (!$this->manager && !$file_info->member_srl === $logged_info->member_srl) return new Object(-1, 'msg_not_permitted');
 
-		$args =  new stdClass();
+		$args = new stdClass();
 		$args->file_srl = $vars->file_srl;
 		$args->upload_target_srl = $upload_target_srl;
 
@@ -1007,18 +1007,18 @@ 
 		
 		$args->cover_image = 'N';
 		$output = executeQuery('file.updateClearCoverImage', $args);
-		if(!$output->toBool())
+		if (!$output->toBool())
 		{
 				$oDB->rollback();
 				return $output;
 		}
 
-		if($file_info->cover_image != 'Y')
+		if ($file_info->cover_image != 'Y')
 		{
 
 			$args->cover_image = 'Y';
 			$output = executeQuery('file.updateCoverImage', $args);
-			if(!$output->toBool())
+			if (!$output->toBool())
 			{
 				$oDB->rollback();
 				return $output;
@@ -1028,7 +1028,7 @@ 
 
 		$oDB->commit();
 
-		$this->add('is_cover',$args->cover_image);
+		$this->add('is_cover', $args->cover_image);
 
 		// 썸네일 삭제
 		$thumbnail_path = sprintf('files/thumbnails/%s', getNumberingPath($upload_target_srl, 3));
@@ -1054,9 +1054,9 @@ 
 		$fileConfig = $oModuleModel->getModulePartConfig('file', $obj->originModuleSrl);
 
 		$oModuleController = getController('module');
-		if(is_array($obj->moduleSrlList))
+		if (is_array($obj->moduleSrlList))
 		{
-			foreach($obj->moduleSrlList AS $key=>$moduleSrl)
+			foreach ($obj->moduleSrlList AS $key=>$moduleSrl)
 			{
 				$oModuleController->insertModulePartConfig('file', $moduleSrl, $fileConfig);
 			}

Braces +229 added lines, -95 removed lines

@@ -29,20 +29,30 @@ 
 		$file_info = $_FILES['Filedata'];
 
 		// An error appears if not a normally uploaded file
-		if(!is_uploaded_file($file_info['tmp_name'])) exit();
+		if(!is_uploaded_file($file_info['tmp_name'])) {
+			exit();
+		}
 
 		// Basic variables setting
 		$oFileModel = getModel('file');
 		$editor_sequence = Context::get('editor_sequence');
 		$upload_target_srl = intval(Context::get('uploadTargetSrl'));
-		if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+		if(!$upload_target_srl) {
+			$upload_target_srl = intval(Context::get('upload_target_srl'));
+		}
 		$module_srl = $this->module_srl;
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) {
+			exit();
+		}
 		// Extract from session information if upload_target_srl is not specified
-		if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		if(!$upload_target_srl) {
+			$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		}
 		// Create if upload_target_srl is not defined in the session information
-		if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		if(!$upload_target_srl) {
+			$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		}
 
 		$output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
 		Context::setResponseMethod('JSON');
@@ -52,7 +62,9 @@ 
 		$this->add('source_filename',$output->get('source_filename'));
 		$this->add('download_url',$output->get('uploaded_filename'));
 		$this->add('upload_target_srl',$output->get('upload_target_srl'));
-		if($output->error != '0') $this->stop($output->message);
+		if($output->error != '0') {
+			$this->stop($output->message);
+		}
 	}
 
 	/**
@@ -67,14 +79,22 @@ 
 		$callback = Context::get('callback');
 		$module_srl = $this->module_srl;
 		$upload_target_srl = intval(Context::get('uploadTargetSrl'));
-		if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
+		if(!$upload_target_srl) {
+			$upload_target_srl = intval(Context::get('upload_target_srl'));
+		}
 
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) {
+			exit();
+		}
 		// Extract from session information if upload_target_srl is not specified
-		if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		if(!$upload_target_srl) {
+			$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
+		}
 		// Create if upload_target_srl is not defined in the session information
-		if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		if(!$upload_target_srl) {
+			$_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
+		}
 
 		// Delete and then attempt to re-upload if file_srl is requested
 		$file_srl = Context::get('file_srl');
@@ -129,15 +149,16 @@ 
 		$source_src = $fileInfo->uploaded_filename;
 		$output_src = $source_src . '.resized' . strrchr($source_src,'.');
 
-		if(!$height) $height = $width-1;
+		if(!$height) {
+			$height = $width-1;
+		}
 
 		if(FileHandler::createImageFile($source_src,$output_src,$width,$height,'','ratio'))
 		{
 			$output = new stdClass();
 			$output->info = getimagesize($output_src);
 			$output->src = $output_src;
-		}
-		else
+		} else
 		{
 			return new Object(-1,'msg_invalid_request');
 		}
@@ -180,7 +201,9 @@ 
 	{
 		$oFileModel = getModel('file');
 
-		if(isset($this->grant->access) && $this->grant->access !== true) return new Object(-1, 'msg_not_permitted');
+		if(isset($this->grant->access) && $this->grant->access !== true) {
+			return new Object(-1, 'msg_not_permitted');
+		}
 
 		$file_srl = Context::get('file_srl');
 		$sid = Context::get('sid');
@@ -189,9 +212,13 @@ 
 		$columnList = array('file_srl', 'sid', 'isvalid', 'source_filename', 'module_srl', 'uploaded_filename', 'file_size', 'member_srl', 'upload_target_srl', 'upload_target_type');
 		$file_obj = $oFileModel->getFile($file_srl, $columnList);
 		// If the requested file information is incorrect, an error that file cannot be found appears
-		if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid) return $this->stop('msg_file_not_found');
+		if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid) {
+			return $this->stop('msg_file_not_found');
+		}
 		// Notify that file download is not allowed when standing-by(Only a top-administrator is permitted)
-		if($logged_info->is_admin != 'Y' && $file_obj->isvalid!='Y') return $this->stop('msg_not_permitted_download');
+		if($logged_info->is_admin != 'Y' && $file_obj->isvalid!='Y') {
+			return $this->stop('msg_not_permitted_download');
+		}
 		// File name
 		$filename = $file_obj->source_filename;
 		$file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl);
@@ -203,7 +230,9 @@ 
 			{
 				$allow_outlink_format_array = array();
 				$allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format);
-				if(!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
+				if(!is_array($allow_outlink_format_array)) {
+					$allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
+				}
 
 				foreach($allow_outlink_format_array as $val)
 				{
@@ -225,7 +254,9 @@ 
 					{
 						$allow_outlink_site_array = array();
 						$allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site);
-						if(!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
+						if(!is_array($allow_outlink_site_array)) {
+							$allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
+						}
 
 						foreach($allow_outlink_site_array as $val)
 						{
@@ -237,23 +268,29 @@ 
 							}
 						}
 					}
+				} else {
+					$file_module_config->allow_outlink = 'Y';
 				}
-				else $file_module_config->allow_outlink = 'Y';
 			}
-			if($file_module_config->allow_outlink != 'Y') return $this->stop('msg_not_allowed_outlink');
+			if($file_module_config->allow_outlink != 'Y') {
+				return $this->stop('msg_not_allowed_outlink');
+			}
 		}
 
 		// Check if a permission for file download is granted
 		$downloadGrantCount = 0;
 		if(is_array($file_module_config->download_grant))
 		{
-			foreach($file_module_config->download_grant AS $value)
-				if($value) $downloadGrantCount++;
+			foreach($file_module_config->download_grant AS $value) {
+							if($value) $downloadGrantCount++;
+			}
 		}
 
 		if(is_array($file_module_config->download_grant) && $downloadGrantCount>0)
 		{
-			if(!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
+			if(!Context::get('is_logged')) {
+				return $this->stop('msg_not_permitted_download');
+			}
 			$logged_info = Context::get('logged_info');
 			if($logged_info->is_admin != 'Y')
 			{
@@ -276,13 +313,17 @@ 
 							break;
 						}
 					}
-					if(!$is_permitted) return $this->stop('msg_not_permitted_download');
+					if(!$is_permitted) {
+						return $this->stop('msg_not_permitted_download');
+					}
 				}
 			}
 		}
 		// Call a trigger (before)
 		$output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj);
-		if(!$output->toBool()) return $this->stop(($output->message)?$output->message:'msg_not_permitted_download');
+		if(!$output->toBool()) {
+			return $this->stop(($output->message)?$output->message:'msg_not_permitted_download');
+		}
 
 
 		// 다운로드 후 (가상)
@@ -306,16 +347,23 @@ 
 		$oFileModel = getModel('file');
 		$file_srl = Context::get('file_srl');
 		$file_key = Context::get('file_key');
-		if(strstr($_SERVER['HTTP_USER_AGENT'], "Android")) $is_android = true;
+		if(strstr($_SERVER['HTTP_USER_AGENT'], "Android")) {
+			$is_android = true;
+		}
 
-		if($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) $session_key = '__XE_FILE_KEY_AND__';
-		else $session_key = '__XE_FILE_KEY__';
+		if($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) {
+			$session_key = '__XE_FILE_KEY_AND__';
+		} else {
+			$session_key = '__XE_FILE_KEY__';
+		}
 		$columnList = array('source_filename', 'uploaded_filename', 'file_size');
 		$file_obj = $oFileModel->getFile($file_srl, $columnList);
 
 		$uploaded_filename = $file_obj->uploaded_filename;
 
-		if(!file_exists($uploaded_filename)) return $this->stop('msg_file_not_found');
+		if(!file_exists($uploaded_filename)) {
+			return $this->stop('msg_file_not_found');
+		}
 
 		if(!$file_key || $_SESSION[$session_key][$file_srl] != $file_key)
 		{
@@ -331,29 +379,27 @@ 
 			if($is_android && preg_match('#\bwv\b|(?:Version|Browser)/\d+#', $_SERVER['HTTP_USER_AGENT']))
 			{
 				$filename_param = 'filename="' . $filename . '"';
-			}
-			else
+			} else
 			{
 				$filename_param = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"';
 			}
-		}
-		elseif(preg_match('#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
+		} elseif(preg_match('#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
 		{
 			$filename_param = "filename*=UTF-8''" . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"';
-		}
-		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
+		} elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
 		{
 			$filename = rawurlencode($filename);
 			$filename_param = 'filename="' . preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1) . '"';
-		}
-		else
+		} else
 		{
 			$filename_param = 'filename="' . $filename . '"';
 		}
 
 		if($is_android)
 		{
-			if($_SESSION['__XE_FILE_KEY__'][$file_srl]) $_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
+			if($_SESSION['__XE_FILE_KEY__'][$file_srl]) {
+				$_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
+			}
 		}
 
 		unset($_SESSION[$session_key][$file_srl]);
@@ -361,7 +407,9 @@ 
 		Context::close();
 
 		$fp = fopen($uploaded_filename, 'rb');
-		if(!$fp) return $this->stop('msg_file_not_found');
+		if(!$fp) {
+			return $this->stop('msg_file_not_found');
+		}
 
 		header("Cache-Control: ");
 		header("Pragma: ");
@@ -375,10 +423,11 @@ 
 		// if file size is lager than 10MB, use fread function (#18675748)
 		if($file_size > 1024 * 1024)
 		{
-			while(!feof($fp)) echo fread($fp, 1024);
+			while(!feof($fp)) {
+				echo fread($fp, 1024);
+			}
 			fclose($fp);
-		}
-		else
+		} else
 		{
 			fpassthru($fp);
 		}
@@ -397,9 +446,13 @@ 
 		$editor_sequence = Context::get('editor_sequence');
 		$file_srl = Context::get('file_srl');
 		$file_srls = Context::get('file_srls');
-		if($file_srls) $file_srl = $file_srls;
+		if($file_srls) {
+			$file_srl = $file_srls;
+		}
 		// Exit a session if there is neither upload permission nor information
-		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
+		if(!$_SESSION['upload_info'][$editor_sequence]->enabled) {
+			exit();
+		}
 
 		$upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
 
@@ -407,26 +460,38 @@ 
 		$oFileModel = getModel('file');
 
 		$srls = explode(',',$file_srl);
-		if(!count($srls)) return;
+		if(!count($srls)) {
+			return;
+		}
 
 		for($i=0;$i<count($srls);$i++)
 		{
 			$srl = (int)$srls[$i];
-			if(!$srl) continue;
+			if(!$srl) {
+				continue;
+			}
 
 			$args = new stdClass;
 			$args->file_srl = $srl;
 			$output = executeQuery('file.getFile', $args);
-			if(!$output->toBool()) continue;
+			if(!$output->toBool()) {
+				continue;
+			}
 
 			$file_info = $output->data;
-			if(!$file_info) continue;
+			if(!$file_info) {
+				continue;
+			}
 
 			$file_grant = $oFileModel->getFileGrant($file_info, $logged_info);
 
-			if(!$file_grant->is_deletable) continue;
+			if(!$file_grant->is_deletable) {
+				continue;
+			}
 
-			if($upload_target_srl && $file_srl) $output = $this->deleteFile($file_srl);
+			if($upload_target_srl && $file_srl) {
+				$output = $this->deleteFile($file_srl);
+			}
 		}
 	}
 
@@ -437,7 +502,9 @@ 
 	 */
 	function procFileGetList()
 	{
-		if(!Context::get('is_logged')) return new Object(-1,'msg_not_permitted');
+		if(!Context::get('is_logged')) {
+			return new Object(-1,'msg_not_permitted');
+		}
 
 		$oModuleModel = getModel('module');
 
@@ -448,26 +515,32 @@ 
 		}
 
 		$fileSrls = Context::get('file_srls');
-		if($fileSrls) $fileSrlList = explode(',', $fileSrls);
+		if($fileSrls) {
+			$fileSrlList = explode(',', $fileSrls);
+		}
 
 		global $lang;
 		if(count($fileSrlList) > 0)
 		{
 			$oFileModel = getModel('file');
 			$fileList = $oFileModel->getFile($fileSrlList);
-			if(!is_array($fileList)) $fileList = array($fileList);
+			if(!is_array($fileList)) {
+				$fileList = array($fileList);
+			}
 
 			if(is_array($fileList))
 			{
 				foreach($fileList AS $key=>$value)
 				{
 					$value->human_file_size = FileHandler::filesize($value->file_size);
-					if($value->isvalid=='Y') $value->validName = $lang->is_valid;
-					else $value->validName = $lang->is_stand_by;
+					if($value->isvalid=='Y') {
+						$value->validName = $lang->is_valid;
+					} else {
+						$value->validName = $lang->is_stand_by;
+					}
 				}
 			}
-		}
-		else
+		} else
 		{
 			$fileList = array();
 			$this->setMessage($lang->no_files);
@@ -484,7 +557,9 @@ 
 	function triggerCheckAttached(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if(!$document_srl) {
+			return new Object();
+		}
 		// Get numbers of attachments
 		$oFileModel = getModel('file');
 		$obj->uploaded_count = $oFileModel->getFilesCount($document_srl);
@@ -501,10 +576,14 @@ 
 	function triggerAttachFiles(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if(!$document_srl) {
+			return new Object();
+		}
 
 		$output = $this->setFilesValid($document_srl);
-		if(!$output->toBool()) return $output;
+		if(!$output->toBool()) {
+			return $output;
+		}
 
 		return new Object();
 	}
@@ -518,7 +597,9 @@ 
 	function triggerDeleteAttached(&$obj)
 	{
 		$document_srl = $obj->document_srl;
-		if(!$document_srl) return new Object();
+		if(!$document_srl) {
+			return new Object();
+		}
 
 		$output = $this->deleteFiles($document_srl);
 		return $output;
@@ -533,7 +614,9 @@ 
 	function triggerCommentCheckAttached(&$obj)
 	{
 		$comment_srl = $obj->comment_srl;
-		if(!$comment_srl) return new Object();
+		if(!$comment_srl) {
+			return new Object();
+		}
 		// Get numbers of attachments
 		$oFileModel = getModel('file');
 		$obj->uploaded_count = $oFileModel->getFilesCount($comment_srl);
@@ -551,10 +634,14 @@ 
 	{
 		$comment_srl = $obj->comment_srl;
 		$uploaded_count = $obj->uploaded_count;
-		if(!$comment_srl || !$uploaded_count) return new Object();
+		if(!$comment_srl || !$uploaded_count) {
+			return new Object();
+		}
 
 		$output = $this->setFilesValid($comment_srl);
-		if(!$output->toBool()) return $output;
+		if(!$output->toBool()) {
+			return $output;
+		}
 
 		return new Object();
 	}
@@ -568,9 +655,13 @@ 
 	function triggerCommentDeleteAttached(&$obj)
 	{
 		$comment_srl = $obj->comment_srl;
-		if(!$comment_srl) return new Object();
+		if(!$comment_srl) {
+			return new Object();
+		}
 
-		if($obj->isMoveToTrash) return new Object();
+		if($obj->isMoveToTrash) {
+			return new Object();
+		}
 
 		$output = $this->deleteFiles($comment_srl);
 		return $output;
@@ -585,7 +676,9 @@ 
 	function triggerDeleteModuleFiles(&$obj)
 	{
 		$module_srl = $obj->module_srl;
-		if(!$module_srl) return new Object();
+		if(!$module_srl) {
+			return new Object();
+		}
 
 		$oFileController = getAdminController('file');
 		return $oFileController->deleteModuleFiles($module_srl);
@@ -660,7 +753,9 @@ 
 		$trigger_obj->module_srl = $module_srl;
 		$trigger_obj->upload_target_srl = $upload_target_srl;
 		$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
-		if(!$output->toBool()) return $output;
+		if(!$output->toBool()) {
+			return $output;
+		}
 
 		// A workaround for Firefox upload bug
 		if(preg_match('/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info['name'], $match))
@@ -698,13 +793,17 @@ 
 				$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
 				$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
 				// An error appears if file size exceeds a limit
-				if($allowed_filesize < filesize($file_info['tmp_name'])) return new Object(-1, 'msg_exceeds_limit_size');
+				if($allowed_filesize < filesize($file_info['tmp_name'])) {
+					return new Object(-1, 'msg_exceeds_limit_size');
+				}
 				// Get total file size of all attachements (from DB)
 				$size_args = new stdClass;
 				$size_args->upload_target_srl = $upload_target_srl;
 				$output = executeQuery('file.getAttachedFileSize', $size_args);
 				$attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
-				if($attached_size > $allowed_attach_size) return new Object(-1, 'msg_exceeds_limit_size');
+				if($attached_size > $allowed_attach_size) {
+					return new Object(-1, 'msg_exceeds_limit_size');
+				}
 			}
 		}
 
@@ -734,18 +833,21 @@ 
 				$idx++;
 			}
 			$direct_download = 'Y';
-		}
-		else
+		} else
 		{
 			$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
 			$filename = $path.$random->createSecureSalt(32, 'hex');
 			$direct_download = 'N';
 		}
 		// Create a directory
-		if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
+		if(!FileHandler::makeDir($path)) {
+			return new Object(-1,'msg_not_permitted_create');
+		}
 
 		// Check uploaded file
-		if(!checkUploadedFile($file_info['tmp_name']))  return new Object(-1,'msg_file_upload_error');
+		if(!checkUploadedFile($file_info['tmp_name'])) {
+			return new Object(-1,'msg_file_upload_error');
+		}
 
 		// Get random number generator
 		$random = new Password();
@@ -759,13 +861,14 @@ 
 				$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
 				@copy($file_info['tmp_name'], $filename);
 			}
-		}
-		else
+		} else
 		{
 			if(!@move_uploaded_file($file_info['tmp_name'], $filename))
 			{
 				$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
-				if(!@move_uploaded_file($file_info['tmp_name'], $filename))  return new Object(-1,'msg_file_upload_error');
+				if(!@move_uploaded_file($file_info['tmp_name'], $filename)) {
+					return new Object(-1,'msg_file_upload_error');
+				}
 			}
 		}
 		// Get member information
@@ -786,10 +889,14 @@ 
 		$args->sid = $random->createSecureSalt(32, 'hex');
 
 		$output = executeQuery('file.insertFile', $args);
-		if(!$output->toBool()) return $output;
+		if(!$output->toBool()) {
+			return $output;
+		}
 		// Call a trigger (after)
 		$trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
-		if(!$trigger_output->toBool()) return $trigger_output;
+		if(!$trigger_output->toBool()) {
+			return $trigger_output;
+		}
 
 		$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
 
@@ -832,10 +939,14 @@ 
 	 */
 	function deleteFile($file_srl)
 	{
-		if(!$file_srl) return;
+		if(!$file_srl) {
+			return;
+		}
 
 		$srls = (is_array($file_srl)) ? $file_srl : explode(',', $file_srl);
-		if(!count($srls)) return;
+		if(!count($srls)) {
+			return;
+		}
 
 		$oDocumentController = getController('document');
 		$documentSrlList = array();
@@ -870,15 +981,21 @@ 
 			// Call a trigger (before)
 			$trigger_obj = $output->data;
 			$output = ModuleHandler::triggerCall('file.deleteFile', 'before', $trigger_obj);
-			if(!$output->toBool()) return $output;
+			if(!$output->toBool()) {
+				return $output;
+			}
 
 			// Remove from the DB
 			$output = executeQuery('file.deleteFile', $args);
-			if(!$output->toBool()) return $output;
+			if(!$output->toBool()) {
+				return $output;
+			}
 
 			// Call a trigger (after)
 			$trigger_output = ModuleHandler::triggerCall('file.deleteFile', 'after', $trigger_obj);
-			if(!$trigger_output->toBool()) return $trigger_output;
+			if(!$trigger_output->toBool()) {
+				return $trigger_output;
+			}
 
 			// If successfully deleted, remove the file
 			FileHandler::removeFile($uploaded_filename);
@@ -902,7 +1019,9 @@ 
 		$columnList = array('file_srl', 'uploaded_filename', 'module_srl');
 		$file_list = $oFileModel->getFiles($upload_target_srl, $columnList);
 		// Success returned if no attachement exists
-		if(!is_array($file_list)||!count($file_list)) return new Object();
+		if(!is_array($file_list)||!count($file_list)) {
+			return new Object();
+		}
 
 		// Delete the file
 		$path = array();
@@ -913,14 +1032,18 @@ 
 
 			$uploaded_filename = $file_list[$i]->uploaded_filename;
 			$path_info = pathinfo($uploaded_filename);
-			if(!in_array($path_info['dirname'], $path)) $path[] = $path_info['dirname'];
+			if(!in_array($path_info['dirname'], $path)) {
+				$path[] = $path_info['dirname'];
+			}
 		}
 
 		// Remove from the DB
 		$args = new stdClass();
 		$args->upload_target_srl = $upload_target_srl;
 		$output = executeQuery('file.deleteFiles', $args);
-		if(!$output->toBool()) return $output;
+		if(!$output->toBool()) {
+			return $output;
+		}
 		
 		// Remove a file directory of the document
 		for($i=0, $c=count($path); $i<$c; $i++)
@@ -941,11 +1064,15 @@ 
 	 */
 	function moveFile($source_srl, $target_module_srl, $target_srl)
 	{
-		if($source_srl == $target_srl) return;
+		if($source_srl == $target_srl) {
+			return;
+		}
 
 		$oFileModel = getModel('file');
 		$file_list = $oFileModel->getFiles($source_srl);
-		if(!$file_list) return;
+		if(!$file_list) {
+			return;
+		}
 
 		$file_count = count($file_list);
  
@@ -959,15 +1086,16 @@ 
 			{
 				$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
 				$new_file = $path.$file_info->source_filename;
-			}
-			else
+			} else
 			{
 				$path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
 				$random = new Password();
 				$new_file = $path.$random->createSecureSalt(32, 'hex');
 			}
 			// Pass if a target document to move is same
-			if($old_file == $new_file) continue;
+			if($old_file == $new_file) {
+				continue;
+			}
 			// Create a directory
 			FileHandler::makeDir($path);
 			// Move the file
@@ -987,16 +1115,22 @@ 
 		$vars = Context::getRequestVars();
 		$logged_info = Context::get('logged_info');
 
-		if(!$vars->editor_sequence) return new Object(-1, 'msg_invalid_request');
+		if(!$vars->editor_sequence) {
+			return new Object(-1, 'msg_invalid_request');
+		}
 
 		$upload_target_srl = $_SESSION['upload_info'][$vars->editor_sequence]->upload_target_srl;
 
 		$oFileModel = getModel('file');
 		$file_info = $oFileModel->getFile($vars->file_srl);
 
-		if(!$file_info) return new Object(-1, 'msg_not_founded');
+		if(!$file_info) {
+			return new Object(-1, 'msg_not_founded');
+		}
 
-		if(!$this->manager && !$file_info->member_srl === $logged_info->member_srl) return new Object(-1, 'msg_not_permitted');
+		if(!$this->manager && !$file_info->member_srl === $logged_info->member_srl) {
+			return new Object(-1, 'msg_not_permitted');
+		}
 
 		$args =  new stdClass();
 		$args->file_srl = $vars->file_srl;