Merge pull request #1 from ryuring/katokaisya-dev-#2804

Katokaisya dev #2804
baserproject · Oct 27, 2023 · e3e2ab8 · e3e2ab8
2 parents 48e6bf4 + 49ad4d0
commit e3e2ab8
Show file tree

Hide file tree

Showing 31 changed files with 209 additions and 42 deletions.
diff --git a/app/webroot/theme/admin-third/Elements/admin/sites/form.php b/app/webroot/theme/admin-third/Elements/admin/sites/form.php
@@ -180,17 +180,19 @@ class="helptext"><?php echo __d('baser', 'サブサイトのテンプレート
 		</td>
 	</tr>
 	<tr>
-		<th class="bca-form-table__label"><?php echo $this->BcForm->label('Site.use_subdomain', __d('baser', 'ドメイン（サブドメイン）利用')) ?></th>
+		<th class="bca-form-table__label"><?php echo $this->BcForm->label('Site.use_subdomain', __d('baser', 'ドメイン設定')) ?></th>
 		<td class=" bca-form-table__input">
-			<?php echo $this->BcForm->input('Site.use_subdomain', ['type' => 'radio', 'options' => [0 => __d('baser', '利用しない'), 1 => __d('baser', '利用する')], 'default' => 0]) ?>
+			<?php echo $this->BcForm->input('Site.use_subdomain', ['type' => 'radio', 'options' => [0 => __d('baser', '主となるドメインと同じドメイン'), 1 => __d('baser', '主となるドメインとは異なるドメイン')], 'default' => 0]) ?>
 			<?php echo $this->BcForm->error('Site.use_subdomain') ?>
-		</td>
-	</tr>
-	<tr class="domain_type">
-		<th class="bca-form-table__label"><?php echo $this->BcForm->label('Site.domain_type', __d('baser', 'ドメインタイプ')) ?></th>
-		<td class=" bca-form-table__input">
-			<?php echo $this->BcForm->input('Site.domain_type', ['type' => 'radio', 'options' => [0 => __d('baser', '利用しない'), 1 => __d('baser', 'サブドメイン'), 2 => __d('baser', '別ドメイン')], 'default' => 0]) ?>
+			<div class="domain_type">
+			<small><?php echo $this->BcForm->label('Site.domain_type', __d('baser', 'ドメインタイプ')) ?></small>　
+			<?php echo $this->BcForm->input('Site.domain_type', ['type' => 'radio', 'options' => [1 => __d('baser', 'サブドメイン'), 2 => __d('baser', '別ドメイン')], 'default' => 1]) ?>
+			<i class="bca-icon--question-circle btn help bca-help"></i>
 			<?php echo $this->BcForm->error('Site.domain_type') ?>
+				<div class="helptext">
+					<?php echo __d('baser', 'サブドメインの場合は、主となるドメインを除いたサブドメインの文字列をエイリアスに入力します。別ドメインの場合は、別ドメインをそのままエイリアスに入力します。') ?>
+				</div>
+			</div>
 		</td>
 	</tr>
 	<tr>

diff --git a/app/webroot/theme/admin-third/js/admin/sites/edit.js b/app/webroot/theme/admin-third/js/admin/sites/edit.js
@@ -105,10 +105,9 @@ $(function () {
         chengeUseDomein(use_subdomain);
     });
     function chengeUseDomein(use_subdomain) {
-        console.log(use_subdomain);
         if (use_subdomain == 0) {
             //ドメインを利用しない場合は、ドメインタイプは利用しない
-            $(".domain_type").hide();
+            $(".domain_type").hide('slow');
             $("#SiteDomainType0").prop("checked", true);
         } else {
             //ドメインを利用する場合は、ドメインタイプのラジオボタンを表示

diff --git a/lib/Baser/Config/bootstrap.php b/lib/Baser/Config/bootstrap.php
@@ -109,13 +109,13 @@
 /**
  * 静的ファイルの読み込みの場合はスキップ
  */
-$assetRegex = '/^' . preg_quote(BC_BASE_URL, '/') . '.*?(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png)$/';
-$assetRegexTheme = '/^' . preg_quote(BC_BASE_URL, '/') . 'theme\/[^\/]+?\/(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png)$/';
+$assetRegex = '/^' . preg_quote(BC_BASE_URL, '/') . '.*?(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png|map)$/';
+$assetRegexTheme = '/^' . preg_quote(BC_BASE_URL, '/') . 'theme\/[^\/]+?\/(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png|map)$/';
 // テーマ編集は除外
-$nonAssets = '/^' . preg_quote(BC_BASE_URL . Configure::read('Routing.prefixes.0') . '/theme_files/edit/', '/') . '.*?(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png)$/';
+$nonAssets = '/^' . preg_quote(BC_BASE_URL . Configure::read('Routing.prefixes.0') . '/theme_files/edit/', '/') . '.*?(css|js|img)' . '\/.+\.(js|css|gif|jpg|jpeg|png|map)$/';
 $uri = null;
 if (isset($_SERVER['REQUEST_URI'])) {
-	$uri = $_SERVER['REQUEST_URI'];
+	list($uri) = explode('?', $_SERVER['REQUEST_URI']);
 }
 if (preg_match($nonAssets, $uri) === 0) {
 	if (preg_match($assetRegex, $uri) || preg_match($assetRegexTheme, $uri)) {

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widget_area.php b/lib/Baser/Config/theme/bc_sample/Elements/widget_area.php
@@ -27,6 +27,6 @@
 ?>
 
 
-<div class="bs-widget-area bs-widget-area-<?php echo $no ?>">
+<div class="bs-widget-area bs-widget-area-<?php echo h($no) ?>">
 	<?php $this->BcWidgetArea->show($no, ['subDir' => $subDir]) ?>
 </div>
diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_author_archives.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_author_archives.php
@@ -35,7 +35,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-blog-authors bs-widget-blog-authors-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-authors bs-widget-blog-authors-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_calendar.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_calendar.php
@@ -37,7 +37,7 @@
 ?>
 <?php // TODO コード整理する事  ?>
 
-<div class="bs-widget bs-widget-blog-calendar bs-widget-blog-calendar-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-calendar bs-widget-blog-calendar-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_category_archives.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_category_archives.php
@@ -49,7 +49,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-blog-categories-archives bs-widget-blog-categories-archives-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-categories-archives bs-widget-blog-categories-archives-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_monthly_archives.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_monthly_archives.php
@@ -41,7 +41,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-blog-monthly-archives bs-widget-blog-monthly-archives-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-monthly-archives bs-widget-blog-monthly-archives-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_recent_entries.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_recent_entries.php
@@ -34,7 +34,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-blog-recent-entries bs-widget-blog-recent-entries-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-recent-entries bs-widget-blog-recent-entries-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_yearly_archives.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/blog_yearly_archives.php
@@ -50,7 +50,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-blog-yearly-archives bs-widget-blog-yearly-archives-<?php echo $id ?> bs-blog-widget">
+<div class="bs-widget bs-widget-blog-yearly-archives bs-widget-blog-yearly-archives-<?php echo h($id) ?> bs-blog-widget">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/local_navi.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/local_navi.php
@@ -37,7 +37,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-local-navi bs-widget-local-navi-<?php echo $id ?>">
+<div class="bs-widget bs-widget-local-navi bs-widget-local-navi-<?php echo h($id) ?>">
 	<?php if ($use_title): ?>
 		<h2 class="bs-widget-head"><?php echo h($title) ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/php_template.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/php_template.php
@@ -26,7 +26,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-php-template bs-widget-php-template-<?php echo $id ?>">
+<div class="bs-widget bs-widget-php-template bs-widget-php-template-<?php echo h($id) ?>">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-list"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/search.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/search.php
@@ -38,7 +38,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-search-box bs-widget-search-box-<?php echo $id ?>">
+<div class="bs-widget bs-widget-search-box bs-widget-search-box-<?php echo h($id) ?>">
 	<h2 class="bs-widget-head"><?php echo __('サイト内検索') ?></h2>
 	<div class="bs-widget-form">
 	<?php echo $this->BcForm->create('SearchIndex', ['type' => 'get', 'url' => $url]) ?>

diff --git a/lib/Baser/Config/theme/bc_sample/Elements/widgets/text.php b/lib/Baser/Config/theme/bc_sample/Elements/widgets/text.php
@@ -23,7 +23,7 @@
 ?>
 
 
-<div class="bs-widget bs-widget-text bs-widget-text-<?php echo $id ?>">
+<div class="bs-widget bs-widget-text bs-widget-text-<?php echo h($id) ?>">
 	<?php if ($name && $use_title): ?>
 		<h2 class="bs-widget-head"><?php echo $name ?></h2>
 	<?php endif ?>

diff --git a/lib/Baser/Controller/BcAppController.php b/lib/Baser/Controller/BcAppController.php
@@ -734,6 +734,8 @@ private function __loadDataToView()
 			}
 		}
 
+		if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return;
+
 		/* ログインユーザー */
 		if (BC_INSTALLED && $user && $this->name !== 'Installations' && !Configure::read('BcRequest.isUpdater') && !Configure::read('BcRequest.isMaintenance') && $this->name !== 'CakeError') {
 			$this->set('user', $user);
@@ -1693,4 +1695,21 @@ protected function _checkReferer()
 		}
 		return true;
 	}
+
+	/**
+	 * Render
+	 *
+	 * map ファイルへのリクエストの際、PHPのセッションを書き換えてしまい
+	 * ログイン状態が継続できない問題となってしまうため、render を実行せず、Not Found を返却する
+	 *
+	 * @param string $view
+	 * @param string $layout
+	 * @return CakeResponse|string
+	 */
+	public function render($view = null, $layout = null)
+	{
+		if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return 'Not Found';
+		return parent::render($view, $layout);
+	}
+
 }
diff --git a/lib/Baser/Controller/Component/BcContentsComponent.php b/lib/Baser/Controller/Component/BcContentsComponent.php
@@ -245,7 +245,9 @@ public function beforeRender(Controller $controller)
 				//	CakePHP3では、ビューキャッシュは廃止となる為、別の方法に移行する
 				if ($this->useViewCache && !BcUtil::loginUser('admin') && !isConsole() && !empty($controller->request->params['Content'])) {
 					$controller->helpers[] = 'BcCache';
-					$controller->cacheAction = $controller->Content->getCacheTime($controller->request->params['Content']);
+					// php 8系では'+5 min'など、string型で指定されていた場合、5分後と判定されない問題を解消
+					$cacheTime = $controller->Content->getCacheTime($controller->request->params['Content']);
+					$controller->cacheAction = is_numeric($cacheTime) ? $cacheTime : strtotime($cacheTime) - time();
 				}
 			}
 		}

diff --git a/lib/Baser/Controller/PluginsController.php b/lib/Baser/Controller/PluginsController.php
@@ -390,7 +390,7 @@ public function admin_install($name)
 			} else {
 				// プラグインをインストール
 				if ($this->BcManager->installPlugin($this->request->data['Plugin']['name'])) {
-					$this->BcMessage->setSuccess(sprintf(__d('baser', '新規プラグイン「%s」を baserCMS に登録しました。'), $name));
+					$this->BcMessage->setSuccess(sprintf(__d('baser', '新規プラグイン「%s」を %s に登録しました。'), $name, Configure::read('BcApp.title')));
 
 					$this->Plugin->addFavoriteAdminLink($name, $this->BcAuth->user());
 					$this->_addPermission($this->request->data);

diff --git a/lib/Baser/Lib/BcFileUploader.php b/lib/Baser/Lib/BcFileUploader.php
@@ -1030,7 +1030,11 @@ public function copyImages($setting, $file)
      */
     public function setUploadingFiles($files)
     {
-        $this->uploadingFiles = $files;
+		if ($this->uploadingFiles) {
+			$this->uploadingFiles = array_merge($this->uploadingFiles, $files);
+		} else {
+			$this->uploadingFiles = $files;
+		}
     }
 
     /**

diff --git a/lib/Baser/Lib/BcUtil.php b/lib/Baser/Lib/BcUtil.php
@@ -59,13 +59,31 @@ public static function isAdminUser()
 		return ($user['UserGroup']['id'] == Configure::read('BcApp.adminGroupId'));
 	}
 
+	/**
+	 * ユーザーが編集可能なユーザーかチェック
+	 * @return bool
+	 */
+	public static function isUserEditableUser()
+	{
+		if(BcUtil::isAdminUser()) return true;
+		$user = BcUtil::loginUser();
+		if(!$user) return false;
+		/* @var Permission $permissionModel */
+		$permissionModel = ClassRegistry::init('Permission');
+		return $permissionModel->check('/admin/users/edit/', $user['UserGroup']['id']);
+	}
+
 	/**
 	 * ログインユーザーのデータを取得する
 	 *
 	 * @return array
 	 */
 	public static function loginUser($prefix = 'admin')
 	{
+		// map ファイルへのリクエストの際、PHPのセッションを書き換えてしまい
+		// ログイン状態が継続できなくなってしまうため処理を実行しない
+		if(isset($_SERVER['REQUEST_URI']) && preg_match('/\.map$/', $_SERVER['REQUEST_URI'])) return null;
+
 		$Session = new CakeSession();
 		$sessionKey = BcUtil::authSessionKey($prefix);
 		$user = $Session->read('Auth.' . $sessionKey);
@@ -502,4 +520,23 @@ public static function getAdminPrefix()
 		return Configure::read('BcAuthPrefix.admin.alias');
 	}
 
+	/**
+	 * 文字列よりスクリプトタグを除去する
+	 *
+	 * @param string $value
+	 * @return string
+	 */
+	public static function stripScriptTag($value)
+	{
+		$allows = [
+			'a', 'abbr', 'address', 'area', 'b', 'blockquote', 'body', 'br', 'button', 'caption', 'cite', 'code',
+			'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'fieldset', 'form', 'h1', 'h2', 'h3',
+			'h4', 'h5', 'h6', 'hr', 'i', 'iframe', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'link',
+			'map', 'meta', 'noscript', 'object', 'ol', 'optgroup', 'option', 'p', 'pre', 'q', 'samp', 'select',
+			'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead',
+			'title', 'tr', 'ul', 'var', 'style'
+		];
+		return strip_tags($value, '<' . implode('><', $allows) . '>');
+	}
+
 }
diff --git a/lib/Baser/Lib/Error/BcErrorHandler.php b/lib/Baser/Lib/Error/BcErrorHandler.php
@@ -336,7 +336,8 @@ private static function makeMessage($errorType, $errorCode, $description, $file_
 			$rs[] = 'Referer: ' . env('HTTP_REFERER');
 		}
 
-		if (empty(Configure::read('Error.trace'))) {
+		$trace = Configure::read('Error.trace');
+		if (empty($trace)) {
 			return implode("\n", $rs);
 		}
 

diff --git a/lib/Baser/Model/Content.php b/lib/Baser/Model/Content.php
@@ -311,7 +311,7 @@ public function getUniqueName($name, $parentId, $contentId = null)
 			foreach($datas as $data) {
 				if ($name === $data) {
 					$numbers[1] = 1;
-				} elseif (preg_match("/^" . preg_quote($name, '/') . "_([0-9]+)$/s", $data, $matches)) {
+				} elseif ($data !== $name. '_1' && preg_match("/^" . preg_quote($name, '/') . "_([0-9]+)$/s", $data, $matches)) {
 					$numbers[$matches[1]] = true;
 				}
 			}

diff --git a/lib/Baser/Plugin/Blog/Controller/BlogController.php b/lib/Baser/Plugin/Blog/Controller/BlogController.php
@@ -734,6 +734,12 @@ public function tags($name = null)
 		if (empty($name)) {
 			$this->notFound();
 		}
+		// /tags/{存在しないタグ名} がステータス200として戻される問題の解決
+		$tag = $this->BlogTag->find('first', ['conditions' => ['BlogTag.name' => $name], 'recursive' => -1]);
+		if (empty($tag)) {
+			$this->notFound();
+		}
+
 		$num = 10;
 		if (!empty($this->request->params['named']['num'])) {
 			$num = $this->request->params['named']['num'];

diff --git a/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php b/lib/Baser/Plugin/Blog/View/Helper/BlogHelper.php
@@ -197,7 +197,7 @@ public function getTitle()
 	 */
 	public function getDescription()
 	{
-		return $this->blogContent['description'];
+		return BcUtil::stripScriptTag($this->blogContent['description']);
 	}
 
 	/**

diff --git a/lib/Baser/Plugin/Mail/Model/MailMessage.php b/lib/Baser/Plugin/Mail/Model/MailMessage.php
@@ -336,7 +336,7 @@ protected function _validExtends($data)
 						$this->invalidate($field_name, __('日付の形式が無効です。'));
 					}
 				}
-				if (is_string($data['MailMessage'][$field_name])) {
+				if (is_string($data['MailMessage'][$field_name]) && $data['MailMessage'][$field_name]) {
 					// カレンダー入力利用時は yyyy/mm/dd で入ってくる
 					// yyyy/mm/dd 以外の文字列入力も可能であり、そうした際は日付データとして 1970-01-01 となるため認めない
 					$inputValue = date('Y-m-d', strtotime($data['MailMessage'][$field_name]));
@@ -350,16 +350,16 @@ protected function _validExtends($data)
 				continue;
 			}
 			if (in_array('VALID_ZENKAKU_KATAKANA', $valids)) {
-				if (!preg_match('/^(|[ァ-ヾ 　]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
-					preg_match_all('/[^ァ-ヾ 　]/u', $this->data['MailMessage'][$mailField['field_name']], $notKatakanaArray);
+				if (!preg_match('/^(|[ァ-ヾ 　ー]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
+					preg_match_all('/[^ァ-ヾ 　ー]/u', $this->data['MailMessage'][$mailField['field_name']], $notKatakanaArray);
 					$notKatakana = implode('', $notKatakanaArray[0]);
 					$this->invalidate($mailField['field_name'], __('次の文字はカタカナではないので受け付けられません: ' . $notKatakana));
 				}
 				continue;
 			}
 			if (in_array('VALID_ZENKAKU_HIRAGANA', $valids)) {
-				if (!preg_match('/^(|[ぁ-ゞ 　]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
-					preg_match_all('/[^ぁ-ゞ　]/u', $this->data['MailMessage'][$mailField['field_name']], $notHiraganaArray);
+				if (!preg_match('/^(|[ぁ-ゞ 　ー]+)$/u', $this->data['MailMessage'][$mailField['field_name']])) {
+					preg_match_all('/[^ぁ-ゞ　ー]/u', $this->data['MailMessage'][$mailField['field_name']], $notHiraganaArray);
 					$notHiragana = implode('', $notHiraganaArray[0]);
 					$this->invalidate($mailField['field_name'], __('次の文字はひらがなではないので受け付けられません: ' . $notHiragana));
 				}

diff --git a/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php b/lib/Baser/Plugin/Mail/View/Helper/MailHelper.php
@@ -158,7 +158,7 @@ public function getMailTemplates($siteId = 0)
 	 */
 	public function getDescription()
 	{
-		return $this->mailContent['description'];
+		return BcUtil::stripScriptTag($this->mailContent['description']);
 	}
 
 	/**

diff --git a/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php b/lib/Baser/Plugin/Mail/View/Helper/MailformHelper.php
@@ -284,7 +284,7 @@ public function authCaptcha($fieldName, $options = [])
 			'class' => 'auth-captcha-image'
 		], $options);
 		$captchaId = mt_rand(0, 99999999);
-		$url = $this->request->params['Content']['url'];
+		$url = h($this->request->params['Content']['url']);
 		if (!empty($this->request->params['Site']['same_main_url'])) {
 			$url = $this->BcContents->getPureUrl($url, $this->request->params['Site']['id']);
 		}

diff --git a/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js b/lib/Baser/Plugin/Uploader/webroot/js/admin/uploader_files/uploader_list.js
@@ -318,6 +318,12 @@ $(function () {
             return false;
         });
 
+        $('.bca-list-num a').on('click.listNumEvent', function(){
+            $("#Waiting").show();
+            $.get($(this).attr('href'), updateFileListCompleteHander);
+            return false;
+        });
+
         $("#BtnFilter" + listId).bind('click.filterEvent', function () {
             updateFileList();
         });
-Original file line number
+Diff line change
@@ Expand Up / @@ -197,7 +197,7 @@ public function getTitle() @@
     	 */
     	public function getDescription()
     	{
-    		return $this->blogContent['description'];
+    		return BcUtil::stripScriptTag($this->blogContent['description']);
     	}
     	/**
@@ Expand Down @@