member文件夹bug修复

3 years ago · f2025bb459
--- a/src/member/album_add.php
+++ b/src/member/album_add.php
@@ -4,7 +4,7 @@
 * 
 * @version        $Id: album_add.php 1 13:52 2010年7月9日Z tianya $
 * @package        DedeCMS.Member
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
@@ -217,7 +217,8 @@ else if($dopost=='save')
        ShowMsg("无法获得主键，因此无法进行后续操作！","-1");
        exit();
    }
 	$description = HtmlReplace($description, -1);
 	$description = HtmlReplace($description, -1);//2011.06.30 增加html过滤 （by:织梦的鱼）
 	$mtypesid = intval($mtypesid);	             //对输入参数mtypesid未进行int整型转义，导致SQL注入的发生。
    //保存到主表
    $inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle,
 color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype)
--- a/src/member/article_add.php
+++ b/src/member/article_add.php
@@ -4,7 +4,7 @@
 * 
 * @version        $Id: article_add.php 1 8:38 2010年7月9日Z tianya $
 * @package        DedeCMS.Member
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
@@ -80,7 +80,7 @@ else if($dopost=='save')
        }
    }

    if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode))
    if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) ) 
    {
        showMsg('数据校验不对，程序返回', '-1');
        exit();
--- a/src/member/soft_add.php
+++ b/src/member/soft_add.php
@@ -148,11 +148,10 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank'
    //软件链接列表
    $softurl1 = stripslashes($softurl1);
    $softurl1 = str_replace(array("{dede:","{/dede:","}"), "#", $softurl1);
    $servermsg1 = str_replace(array("{dede:","{/dede:","}"), "#", $servermsg1);
    $urls = '';
    if($softurl1!='')
    {
        $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n";
         if (preg_match("#}(.*?){/dede:link}{dede:#sim", $servermsg1) != 1) { $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; }
    }
    for($i=2; $i<=12; $i++)
    {
@@ -161,7 +160,6 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank'
            $servermsg = str_replace("'","",stripslashes(${'servermsg'.$i}));
            $softurl = stripslashes(${'softurl'.$i});
 			$softurl = str_replace(array("{dede:","{/dede:","}"), "#", $softurl);
 			$servermsg = str_replace(array("{dede:","{/dede:","}"), "#", $servermsg);
            if($servermsg=='')
            {
                $servermsg = '下载地址'.$i;
@@ -198,7 +196,7 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank'
        $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'");
        echo $inQuery;
        exit();
        ShowMsg("把数据保存到数据库附加表 `{$addtable}` 时出错，请把相关信息提交给DedeCMS官方。".str_replace('"','',$gerr),"javascript:;");
        ShowMsg("把数据保存到数据库附加表 `{$addtable}` 时出错，请把相关信息提交给DedeCms官方。".str_replace('"','',$gerr),"javascript:;");
        exit();
    }