@@ -4,7 +4,7 @@ | |||||
* | * | ||||
* @version $Id: album_add.php 1 13:52 2010年7月9日Z tianya $ | * @version $Id: album_add.php 1 13:52 2010年7月9日Z tianya $ | ||||
* @package DedeCMS.Member | * @package DedeCMS.Member | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | * @license http://help.dedecms.com/usersguide/license.html | ||||
* @link http://www.dedecms.com | * @link http://www.dedecms.com | ||||
*/ | */ | ||||
@@ -217,7 +217,8 @@ else if($dopost=='save') | |||||
ShowMsg("无法获得主键,因此无法进行后续操作!","-1"); | ShowMsg("无法获得主键,因此无法进行后续操作!","-1"); | ||||
exit(); | exit(); | ||||
} | } | ||||
$description = HtmlReplace($description, -1); | |||||
$description = HtmlReplace($description, -1);//2011.06.30 增加html过滤 (by:织梦的鱼) | |||||
$mtypesid = intval($mtypesid); //对输入参数mtypesid未进行int整型转义,导致SQL注入的发生。 | |||||
//保存到主表 | //保存到主表 | ||||
$inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle, | $inQuery = "INSERT INTO `#@__archives`(id,typeid,sortrank,flag,ismake,channel,arcrank,click,money,title,shorttitle, | ||||
color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype) | color,writer,source,litpic,pubdate,senddate,mid,description,keywords,mtype) | ||||
@@ -4,7 +4,7 @@ | |||||
* | * | ||||
* @version $Id: article_add.php 1 8:38 2010年7月9日Z tianya $ | * @version $Id: article_add.php 1 8:38 2010年7月9日Z tianya $ | ||||
* @package DedeCMS.Member | * @package DedeCMS.Member | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | * @license http://help.dedecms.com/usersguide/license.html | ||||
* @link http://www.dedecms.com | * @link http://www.dedecms.com | ||||
*/ | */ | ||||
@@ -80,7 +80,7 @@ else if($dopost=='save') | |||||
} | } | ||||
} | } | ||||
if (empty($dede_fieldshash) || $dede_fieldshash != md5($dede_addonfields.$cfg_cookie_encode)) | |||||
if (empty($dede_fieldshash) || ( $dede_fieldshash != md5($dede_addonfields . $cfg_cookie_encode) && $dede_fieldshash != md5($dede_addonfields . 'anythingelse' . $cfg_cookie_encode)) ) | |||||
{ | { | ||||
showMsg('数据校验不对,程序返回', '-1'); | showMsg('数据校验不对,程序返回', '-1'); | ||||
exit(); | exit(); | ||||
@@ -148,11 +148,10 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank' | |||||
//软件链接列表 | //软件链接列表 | ||||
$softurl1 = stripslashes($softurl1); | $softurl1 = stripslashes($softurl1); | ||||
$softurl1 = str_replace(array("{dede:","{/dede:","}"), "#", $softurl1); | $softurl1 = str_replace(array("{dede:","{/dede:","}"), "#", $softurl1); | ||||
$servermsg1 = str_replace(array("{dede:","{/dede:","}"), "#", $servermsg1); | |||||
$urls = ''; | $urls = ''; | ||||
if($softurl1!='') | if($softurl1!='') | ||||
{ | { | ||||
$urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; | |||||
if (preg_match("#}(.*?){/dede:link}{dede:#sim", $servermsg1) != 1) { $urls .= "{dede:link islocal='1' text='{$servermsg1}'} $softurl1 {/dede:link}\r\n"; } | |||||
} | } | ||||
for($i=2; $i<=12; $i++) | for($i=2; $i<=12; $i++) | ||||
{ | { | ||||
@@ -161,7 +160,6 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank' | |||||
$servermsg = str_replace("'","",stripslashes(${'servermsg'.$i})); | $servermsg = str_replace("'","",stripslashes(${'servermsg'.$i})); | ||||
$softurl = stripslashes(${'softurl'.$i}); | $softurl = stripslashes(${'softurl'.$i}); | ||||
$softurl = str_replace(array("{dede:","{/dede:","}"), "#", $softurl); | $softurl = str_replace(array("{dede:","{/dede:","}"), "#", $softurl); | ||||
$servermsg = str_replace(array("{dede:","{/dede:","}"), "#", $servermsg); | |||||
if($servermsg=='') | if($servermsg=='') | ||||
{ | { | ||||
$servermsg = '下载地址'.$i; | $servermsg = '下载地址'.$i; | ||||
@@ -198,7 +196,7 @@ VALUES ('$arcID','$typeid','$sortrank','$flag','$ismake','$channelid','$arcrank' | |||||
$dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'"); | $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'"); | ||||
echo $inQuery; | echo $inQuery; | ||||
exit(); | exit(); | ||||
ShowMsg("把数据保存到数据库附加表 `{$addtable}` 时出错,请把相关信息提交给DedeCMS官方。".str_replace('"','',$gerr),"javascript:;"); | |||||
ShowMsg("把数据保存到数据库附加表 `{$addtable}` 时出错,请把相关信息提交给DedeCms官方。".str_replace('"','',$gerr),"javascript:;"); | |||||
exit(); | exit(); | ||||
} | } | ||||