@@ -46,4 +46,5 @@ src/data/sqlite_error_trace.inc | |||||
src/static/soft/*/ | src/static/soft/*/ | ||||
src/static/userup/*/ | src/static/userup/*/ | ||||
src/static/js/*.js | src/static/js/*.js | ||||
src/apps/special/*.html | |||||
src/apps/special/*.html | |||||
src/static/flink/*.png |
@@ -46,6 +46,14 @@ if ($dopost == "add") { | |||||
$typeid = 0; | $typeid = 0; | ||||
$dsql->ExecuteNoneQuery("ALTER TABLE `#@__flinktype` CHANGE `ID` `id` MEDIUMINT( 8 ) UNSIGNED DEFAULT NULL AUTO_INCREMENT; "); | $dsql->ExecuteNoneQuery("ALTER TABLE `#@__flinktype` CHANGE `ID` `id` MEDIUMINT( 8 ) UNSIGNED DEFAULT NULL AUTO_INCREMENT; "); | ||||
} | } | ||||
$sortrank = isset($sortrank)? intval($sortrank) : 1; | |||||
$url = isset($url)? HtmlReplace($url, -1) : ''; | |||||
$imgurl = isset($imgurl)? HtmlReplace($imgurl, -1) : ''; | |||||
$webname = isset($webname)? HtmlReplace($webname, -1) : ''; | |||||
$msg = isset($msg)? HtmlReplace($msg, -1) : ''; | |||||
$email = isset($email)? HtmlReplace($email, -1) : ''; | |||||
$typeid = isset($typeid)? intval($typeid) : 0; | |||||
$ischeck = isset($ischeck)? intval($ischeck) : 0; | |||||
$query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck) | $query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck) | ||||
VALUES('$sortrank','$url','$webname','$imgurl','$msg','$email','$typeid','$dtime','$ischeck'); "; | VALUES('$sortrank','$url','$webname','$imgurl','$msg','$email','$typeid','$dtime','$ischeck'); "; | ||||
$rs = $dsql->ExecuteNoneQuery($query); | $rs = $dsql->ExecuteNoneQuery($query); | ||||
@@ -12,16 +12,16 @@ require_once(dirname(__FILE__)."/config.php"); | |||||
CheckPurview('plus_友情链接模块'); | CheckPurview('plus_友情链接模块'); | ||||
$ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'friendlink_main.php' : $_COOKIE['ENV_GOBACK_URL']; | $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'friendlink_main.php' : $_COOKIE['ENV_GOBACK_URL']; | ||||
if (empty($dopost)) $dopost = ""; | if (empty($dopost)) $dopost = ""; | ||||
$id = isset($id)? intval($id) : 0; | |||||
if (isset($allid)) { | if (isset($allid)) { | ||||
$aids = explode(',', $allid); | $aids = explode(',', $allid); | ||||
if (count($aids) == 1) { | if (count($aids) == 1) { | ||||
$id = $aids[0]; | |||||
$id = intval($aids[0]); | |||||
$dopost = "delete"; | $dopost = "delete"; | ||||
} | } | ||||
} | } | ||||
if ($dopost == "delete") { | if ($dopost == "delete") { | ||||
$id = preg_replace("#[^0-9]#", "", $id); | |||||
$dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$id'"); | $dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$id'"); | ||||
ShowMsg("成功删除一个链接", $ENV_GOBACK_URL); | ShowMsg("成功删除一个链接", $ENV_GOBACK_URL); | ||||
exit(); | exit(); | ||||
@@ -29,7 +29,7 @@ if ($dopost == "delete") { | |||||
$aids = explode(',', $aids); | $aids = explode(',', $aids); | ||||
if (isset($aids) && is_array($aids)) { | if (isset($aids) && is_array($aids)) { | ||||
foreach ($aids as $aid) { | foreach ($aids as $aid) { | ||||
$aid = preg_replace("#[^0-9]#", "", $aid); | |||||
$aid = intval($aid); | |||||
$dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$aid'"); | $dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$aid'"); | ||||
} | } | ||||
ShowMsg("成功删除指定链接", $ENV_GOBACK_URL); | ShowMsg("成功删除指定链接", $ENV_GOBACK_URL); | ||||
@@ -39,25 +39,41 @@ if ($dopost == "delete") { | |||||
exit(); | exit(); | ||||
} | } | ||||
} else if ($dopost == "saveedit") { | } else if ($dopost == "saveedit") { | ||||
$id = preg_replace("#[^0-9]#", "", $id); | |||||
$logo = $request->Item('logo', ''); | |||||
$logoimg = $request->Upfile('logoimg', ''); | |||||
$logo = isset($logo)? HtmlReplace($logo, -1) : ''; | |||||
if (empty($logoimg)) { | |||||
$logoimg = ''; | |||||
} | |||||
if (!empty($logoimg)) { | if (!empty($logoimg)) { | ||||
$request->MoveUploadFile('logoimg', DEDEROOT.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name')); | |||||
$logo = $cfg_cmspath.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name'); | |||||
if (!is_uploaded_file($logoimg)) { | |||||
ShowMsg("您没有选择上传的文件".$logoimg, "-1"); | |||||
exit(); | |||||
} | |||||
$mime = get_mime_type($logoimg); | |||||
if (preg_match("#^unknow#", $mime)) { | |||||
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); | |||||
exit; | |||||
} | |||||
if (!preg_match("#^(image)#i", $mime)) { | |||||
ShowMsg("仅支持上传图片文件", -1); | |||||
exit; | |||||
} | |||||
$logoimg_name = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#", '', $logoimg_name)); | |||||
$fullfilename = DEDEROOT.'static/flink/'.$logoimg_name; | |||||
move_uploaded_file($logoimg, $fullfilename) or die("上传文件到 $fullfilename 失败"); | |||||
@unlink($logoimg); | |||||
$logo = $cfg_cmspath.'/static/flink/'.$logoimg_name; | |||||
} | } | ||||
$sortrank = $request->Item('sortrank', 1); | |||||
$url = $request->Item('url', ''); | |||||
$webname = $request->Item('webname', ''); | |||||
$msg = $request->Item('msg', ''); | |||||
$email = $request->Item('email', ''); | |||||
$typeid = $request->Item('typeid', 0); | |||||
$ischeck = $request->Item('ischeck', 0); | |||||
$sortrank = isset($sortrank)? intval($sortrank) : 1; | |||||
$url = isset($url)? HtmlReplace($url, -1) : ''; | |||||
$webname = isset($webname)? HtmlReplace($webname, -1) : ''; | |||||
$msg = isset($msg)? HtmlReplace($msg, -1) : ''; | |||||
$email = isset($email)? HtmlReplace($email, -1) : ''; | |||||
$typeid = isset($typeid)? intval($typeid) : 0; | |||||
$ischeck = isset($ischeck)? intval($ischeck) : 0; | |||||
$query = "UPDATE `#@__flink` SET sortrank='$sortrank',url='$url',webname='$webname',logo='$logo',msg='$msg', email='$email',typeid='$typeid',ischeck='$ischeck' WHERE id='$id' "; | $query = "UPDATE `#@__flink` SET sortrank='$sortrank',url='$url',webname='$webname',logo='$logo',msg='$msg', email='$email',typeid='$typeid',ischeck='$ischeck' WHERE id='$id' "; | ||||
$dsql->ExecuteNoneQuery($query); | $dsql->ExecuteNoneQuery($query); | ||||
ShowMsg("成功修改一个链接", $ENV_GOBACK_URL); | ShowMsg("成功修改一个链接", $ENV_GOBACK_URL); | ||||
exit(); | exit(); | ||||
} | } | ||||
$id = preg_replace("#[^0-9]#", "", $id); | |||||
$myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id"); | $myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id"); | ||||
include DedeInclude('templets/friendlink_edit.htm'); | include DedeInclude('templets/friendlink_edit.htm'); |
@@ -16,9 +16,11 @@ if (empty($ischeck)) { | |||||
$ischeck = 0; | $ischeck = 0; | ||||
$ischeckSql = ''; | $ischeckSql = ''; | ||||
} else { | } else { | ||||
$ischeck = intval($ischeck); | |||||
if ($ischeck == -1) $ischeckSql = " And ischeck < 1 "; | if ($ischeck == -1) $ischeckSql = " And ischeck < 1 "; | ||||
else $ischeckSql = " And ischeck='$ischeck' "; | else $ischeckSql = " And ischeck='$ischeck' "; | ||||
} | } | ||||
$keyword = HtmlReplace($keyword, -1); | |||||
$selCheckArr = array(0 => '不限类型', -1 => '未审核', 1 => '内页', 2 => '首页'); | $selCheckArr = array(0 => '不限类型', -1 => '未审核', 1 => '内页', 2 => '首页'); | ||||
$sql = "SELECT * FROM `#@__flink` WHERE CONCAT(`url`,`webname`,`email`) LIKE '%$keyword%' $ischeckSql ORDER BY dtime desc"; | $sql = "SELECT * FROM `#@__flink` WHERE CONCAT(`url`,`webname`,`email`) LIKE '%$keyword%' $ischeckSql ORDER BY dtime desc"; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
@@ -16,8 +16,8 @@ if ($dopost == "save") { | |||||
$endID = $idend; | $endID = $idend; | ||||
for (; $startID <= $endID; $startID++) { | for (; $startID <= $endID; $startID++) { | ||||
$query = ''; | $query = ''; | ||||
$tid = ${'ID_'.$startID}; | |||||
$pname = ${'pname_'.$startID}; | |||||
$tid = intval(${'ID_'.$startID}); | |||||
$pname = HtmlReplace(${'pname_'.$startID},-1); | |||||
if (isset(${'check_'.$startID})) { | if (isset(${'check_'.$startID})) { | ||||
if ($pname != '') { | if ($pname != '') { | ||||
$query = "UPDATE `#@__flinktype` SET typename='$pname' WHERE id='$tid' "; | $query = "UPDATE `#@__flinktype` SET typename='$pname' WHERE id='$tid' "; | ||||
@@ -30,6 +30,7 @@ if ($dopost == "save") { | |||||
} | } | ||||
//增加新记录 | //增加新记录 | ||||
if (isset($check_new) && $pname_new != '') { | if (isset($check_new) && $pname_new != '') { | ||||
$pname_new = HtmlReplace($pname_new, -1); | |||||
$query = "INSERT INTO `#@__flinktype`(typename) VALUES('{$pname_new}');"; | $query = "INSERT INTO `#@__flinktype`(typename) VALUES('{$pname_new}');"; | ||||
$dsql->ExecuteNoneQuery($query); | $dsql->ExecuteNoneQuery($query); | ||||
} | } | ||||
@@ -168,7 +168,7 @@ class DataListCP | |||||
{ | { | ||||
global $cfg_soft_lang; | global $cfg_soft_lang; | ||||
if ($cfg_soft_lang == 'gb2312') $val = gb2utf8($val); | if ($cfg_soft_lang == 'gb2312') $val = gb2utf8($val); | ||||
$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); | |||||
$val = preg_replace('/([\x00-\x08|\x0b-\x0c|\x0e-\x19])/', '', $val); | |||||
$search = 'abcdefghijklmnopqrstuvwxyz'; | $search = 'abcdefghijklmnopqrstuvwxyz'; | ||||
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; | $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; | ||||
$search .= '1234567890!@#$%^&*()'; | $search .= '1234567890!@#$%^&*()'; | ||||
@@ -183,6 +183,8 @@ class DataListCP | |||||
$val = str_replace(",", ",", $val); | $val = str_replace(",", ",", $val); | ||||
$val = str_replace("(", "(", $val); | $val = str_replace("(", "(", $val); | ||||
$val = str_replace(")", ")", $val); | $val = str_replace(")", ")", $val); | ||||
$val = str_replace("flink", "fl*&k", $val); | |||||
$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); | $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); | ||||
$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); | $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); | ||||
$ra = array_merge($ra1, $ra2); | $ra = array_merge($ra1, $ra2); | ||||
@@ -209,6 +211,7 @@ class DataListCP | |||||
} | } | ||||
} | } | ||||
} | } | ||||
$val = str_replace("fl*&k","flink", $val); | |||||
if ($cfg_soft_lang == 'gb2312') $val = utf82gb($val); | if ($cfg_soft_lang == 'gb2312') $val = utf82gb($val); | ||||
return $val; | return $val; | ||||
} | } | ||||