10 months ago · 1956a7cc4c
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -527,7 +527,7 @@ function GetUpdateSQL()
    fclose($fp);
    return $result;
 }
 /*会员中心调用默认主题模板<?php obtaintheme('head.htm');?>*/
 /*会员中心调用主题模板<?php obtaintheme('head.htm');?>*/
 if (!function_exists('obtaintheme')) {
    require_once DEDEINC."/archive/partview.class.php";
    function obtaintheme($path)
@@ -554,7 +554,7 @@ if (!function_exists('obtaintags')) {
        return $tags;
    }
 }
 //提取文档多图片[field:body function='obtainimgs(@me,3)'/]3表示调用文档3张图片，body则列表附加字段需添加body字段
 //提取文档多图片[field:body function='obtainimgs(@me,3)'/]3表示调用文档3张图片，则附加字段需添加body字段调用
 if (!function_exists('obtainimgs')) {
    function obtainimgs($string, $num)
    {
@@ -571,39 +571,7 @@ if (!function_exists('obtainimgs')) {
        return $result;
    }
 }
 //联动单筛选{dede:php}obtainfilter(模型id,类型,'字段1,字段2');{/dede:php}类型有三种，对应以下case值
 function litimgurls($imgid = 0)
 {
    global  $dsql, $lit_imglist;
    $row = $dsql->GetOne("SELECT c.addtable FROM `#@__archives` AS a LEFT JOIN `#@__channeltype` AS c ON a.channel=c.id WHERE a.id='$imgid'");
    $addtable = trim($row['addtable']);
    $row = $dsql->GetOne("SELECT imgurls FROM `$addtable` WHERE aid='$imgid'");
    $ChannelUnit = new ChannelUnit(2, $imgid);
    $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']);
    return $lit_imglist;
 }
 //联动单筛选字符过滤函数
 function string_filter($str, $stype = "inject")
 {
    if ($stype == "inject") {
        $str = str_replace(
            array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"),
            array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""),
            $str
        );
    } else if ($stype == "xss") {
        $farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",);
        $tarr = array(" ", "", "\\1\\2",);
        $str = preg_replace($farr, $tarr, $str);
        $str = str_replace(
            array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"),
            array("&lt;", "&gt;", "", "", "", "", "", "", ""),
            $str
        );
    }
    return $str;
 }
 //联动单筛选三种类型显示
 //联动单筛选{dede:php}obtainfilter(模型id,类型,'字段1,字段2');{/dede:php}类型表示前台展现方式对应case值
 function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, $toptid = 0, $loadtype = 'autofield')
 {
    global $tid, $dsql, $id, $aid;
@@ -631,6 +599,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
                $fields_value = $href2[0];
                switch ($type) {
                    case 1:
                        $dede_addonfields .= '<div class="mb-3">';
                        $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-outline-success btn-sm">全部</a>' : '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-success btn-sm">全部</a>');
                        $addonfields_items = explode(",",$ctag->GetAtt('default'));
                        for ($i=0; $i<count($addonfields_items); $i++)
@@ -638,9 +607,10 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
                            $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]);
                            $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'" class="btn btn-outline-success btn-sm">'.$addonfields_items[$i].'</a>' : '<a href="'.$href.'" class="btn btn-success btn-sm">'.$addonfields_items[$i].'</a>');
                        }
                        $dede_addonfields .= '</div>';
                    break;
                    case 2:
                        $dede_addonfields .= '<select name="filter'.$ctag->GetName().'" onchange="window.location=this.options[this.selectedIndex].value">
                        $dede_addonfields .= '<select name="filter'.$ctag->GetName().'" onchange="window.location=this.options[this.selectedIndex].value" class="form-control w-25 mr-3">
                            '.'<option value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'">全部</option>';
                        $addonfields_items = explode(",",$ctag->GetAtt('default'));
                        for ($i=0; $i<count($addonfields_items); $i++)
@@ -649,10 +619,10 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
                            $dede_addonfields .= '<option value="'.$href.'"'.($fields_value==urlencode($addonfields_items[$i]) ? ' selected="selected"' : '').'>'.$addonfields_items[$i].'</option>
                            ';
                        }
                        $dede_addonfields .= '</select>
                        ';
                        $dede_addonfields .= '</select>';
                    break;
                    case 3:
                        $dede_addonfields .= '<div class="mb-3">';
                        $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" onclick="window.location=this.value">全部</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">全部</span>');
                        $addonfields_items = explode(",",$ctag->GetAtt('default'));
                        for ($i=0; $i<count($addonfields_items); $i++)
@@ -660,6 +630,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
                            $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]);
                            $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.$href.'" onclick="window.location=this.value">'.$addonfields_items[$i].'</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">'.$addonfields_items[$i].'</span>');
                        }
                        $dede_addonfields .= '</div>';
                    break;
                }
            }
@@ -667,6 +638,38 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0,
    }
    echo $dede_addonfields;
 }
 //联动单筛选获取附加表
 function litimgurls($imgid = 0)
 {
    global  $dsql, $lit_imglist;
    $row = $dsql->GetOne("SELECT c.addtable FROM `#@__archives` AS a LEFT JOIN `#@__channeltype` AS c ON a.channel=c.id WHERE a.id='$imgid'");
    $addtable = trim($row['addtable']);
    $row = $dsql->GetOne("SELECT imgurls FROM `$addtable` WHERE aid='$imgid'");
    $ChannelUnit = new ChannelUnit(2, $imgid);
    $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']);
    return $lit_imglist;
 }
 //联动单筛选字符过滤函数
 function string_filter($str, $stype = "inject")
 {
    if ($stype == "inject") {
        $str = str_replace(
            array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"),
            array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""),
            $str
        );
    } else if ($stype == "xss") {
        $farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",);
        $tarr = array(" ", "", "\\1\\2",);
        $str = preg_replace($farr, $tarr, $str);
        $str = str_replace(
            array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"),
            array("&lt;", "&gt;", "", "", "", "", "", "", ""),
            $str
        );
    }
    return $str;
 }
 /**
 * GetMimeTypeOrExtension
 *