Merge pull request #11 from dedetech/dev

常规安全问题修复

.gitignore

@@ -17,3 +17,5 @@ src/index.html
 src/data/admin/
 src/data/module/
 src/uploads/*.php
+src/data/time.lock.inc
+src/m/index.html

src/dede/article_keywords_select.php

@@ -12,6 +12,8 @@ require_once(dirname(__FILE__)."/config.php");
 require_once(DEDEINC."/datalistcp.class.php");
 setcookie("ENV_GOBACK_URL",$dedeNowurl,time()+3600,"/");
 
+$f = RemoveXSS($f);
+
 if(empty($keywords)) $keywords = "";
 
 $sql = "SELECT * FROM #@__keywords ORDER BY rank DESC";

src/dede/content_list.php

@@ -24,6 +24,8 @@ if(!isset($flag)) $flag = '';
 if(!isset($arcrank)) $arcrank = '';
 if(!isset($dopost)) $dopost = '';
 
+$arcrank = RemoveXSS($arcrank);
+
 //检查权限许可，总权限
 CheckPurview('a_List,a_AccList,a_MyList');
 

src/dede/file_pic_view.php

@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath=$cfg_medias_dir;
 
 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
+$activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/file_pic_view.htm');

src/dede/login.php

@@ -12,6 +12,8 @@ require_once(dirname(__FILE__).'/../include/common.inc.php');
 require_once(DEDEINC.'/userlogin.class.php');
 if(empty($dopost)) $dopost = '';
 
+$gotopage = RemoveXSS($gotopage);
+
 //检测安装目录安全性
 if( is_dir(dirname(__FILE__).'/../install') )
 {

src/dede/pic_view.php

@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath = $cfg_medias_dir;
 
 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
+$activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/pic_view.htm');

src/dede/templets/index_body.htm

@@ -188,11 +188,11 @@ $(function()
                 <table width="98%" class="dboxtable">
                     <tr>
                         <td width='25%' height='36' class='nline' style="text-align:right"> 主程序研发： </td>
-                        <td class='nline' style="text-align:left"><a href="http://www.desdev.cn/team.php" target="_blank" style="color:blue">织梦团队</a></td>
+                        <td class='nline' style="text-align:left"><a href="https://github.com/dedetech" target="_blank" style="color:blue">织梦团队</a></td>
                     </tr>
                     <tr>
                         <td height='36' class='nline' style="text-align:right">鸣谢：</td>
-                        <td class='nline' style="text-align:left"><a href="http://www.desdev.cn/dedecms-thanks.html" target="_blank" style="color:blue">热心用户</a>、<a href="http://www.dedecms.com/thanks.html" target="_blank" style="color:blue">赞助商</a></td>
+                        <td class='nline' style="text-align:left"><a href="https://github.com/dedetech/DedeCMSv5/graphs/contributors" target="_blank" style="color:blue">热心用户</a>、<a href="http://www.dedecms.com/thanks.html" target="_blank" style="color:blue">赞助商</a></td>
                     </tr>
                 </table>
             </dd>

src/include/dialog/select_images.php

@@ -33,6 +33,7 @@ if(empty($f))
 {
     $f = 'form1.picname';
 }
+$f = RemoveXSS($f);
 if(empty($v))
 {
     $v = 'picview';

src/include/taglib/qrcode.lib.php

@@ -37,7 +37,7 @@ function lib_qrcode(&$ctag,&$refObj)
   	var __dedeqrcode_id={$GLOBALS['qrcode_id']};
   	var __dedeqrcode_aid={$id};
   	var __dedeqrcode_type='{$type}';
-  	var __dedeqrcode_dir='{$GLOBALS['cfg_images_dir']}';
+  	var __dedeqrcode_dir='{$GLOBALS['cfg_plus_dir']}';
   </script>
   <script language="javascript" type="text/javascript" src="{$GLOBALS['cfg_images_dir']}/img/qrcode.js"></script>
 EOT;

src/member/login.php

@@ -7,6 +7,7 @@
  * @link           http://www.dedecms.com
  */
 require_once(dirname(__FILE__)."/config.php");
+$gourl = RemoveXSS($gourl);
 if($cfg_ml->IsLogin())
 {
     ShowMsg('你已经登陆系统，无需重新注册！', 'index.php');

src/member/templets/index-notlogin.htm

@@ -98,7 +98,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/login.htm

@@ -105,7 +105,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/reg-new.htm

@@ -201,7 +201,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/reg-new2.htm

@@ -116,7 +116,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/reg-new3.htm

@@ -54,7 +54,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time"></div>
 </div>
 </body>

src/member/templets/resetpassword.htm

@@ -129,7 +129,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/resetpassword2.htm

@@ -130,7 +130,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/member/templets/resetpassword3.htm

@@ -127,7 +127,7 @@ document.write("午夜好，");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

src/plus/download.php

@@ -57,6 +57,7 @@ else if($open==1)
     //更新下载次数
     $id = isset($id) && is_numeric($id) ? $id : 0;
     $link = base64_decode(urldecode($link));
+    $linkinfo = parse_url($link);
     if ( !$link )
     {
         ShowMsg('无效地址','javascript:;');
@@ -77,9 +78,11 @@ else if($open==1)
     {
         $site = explode('|', $site);
         $domain = parse_url(trim($site[0]));
-        $allowed[] = $domain['host'];
+        if ($domain['host'] ) {
+            $allowed[] = $domain['host'];
+        }
     }
-    
+
     if ( !in_array($linkinfo['host'], $allowed) )
     {
         ShowMsg('非下载地址，禁止访问','javascript:;');

src/plus/recommend.php

@@ -12,7 +12,7 @@
 require_once(dirname(__FILE__)."/../include/common.inc.php");
 require_once(DEDEINC."/channelunit.class.php");
 if(!isset($action)) $action = '';
-
+unset($_FILES);
 if(isset($arcID)) $aid = $arcID;
 $arcID = $aid = (isset($aid) && is_numeric($aid) ? $aid : 0);
 $type = (!isset($type) ? "" : $type);

src/plus/search.php

@@ -17,6 +17,7 @@ $typeid = (isset($typeid) && is_numeric($typeid)) ? $typeid : 0;
 $channeltype = (isset($channeltype) && is_numeric($channeltype)) ? $channeltype : 0;
 $kwtype = (isset($kwtype) && is_numeric($kwtype)) ? $kwtype : 0;
 $mid = (isset($mid) && is_numeric($mid)) ? $mid : 0;
+unset($typeArr);
 
 if(!isset($orderby)) $orderby='';
 else $orderby = preg_replace("#[^a-z]#i", '', $orderby);