tianya
2 年之前
共有 4 個檔案被更改,包括 46 行新增 和 5 行删除
統一視圖
Diff Options
-
+1 -1src/admin/inc/inc_archives_all.php
-
+2 -2src/admin/templets/diy_list.htm
-
+39 -0src/apps/jump.php
-
+4 -2src/system/customfields.func.php
+ 1
- 1
src/admin/inc/inc_archives_all.php
查看文件
| @@ -178,7 +178,7 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '') | |||||
| } | } | ||||
| $iurl = trim(str_replace($GLOBALS['cfg_basehost'], "", $iurl)); | $iurl = trim(str_replace($GLOBALS['cfg_basehost'], "", $iurl)); | ||||
| $imgurl = "{dede:img text='' width='' height=''} ".$iurl." {/dede:img}"; | $imgurl = "{dede:img text='' width='' height=''} ".$iurl." {/dede:img}"; | ||||
| if (preg_match("#^http:\/\/#i", $iurl) && $GLOBALS['isUrlOpen']) { | |||||
| if (preg_match("#^(http|https):\/\/#i", $iurl) && $GLOBALS['isUrlOpen']) { | |||||
| //远程图片 | //远程图片 | ||||
| $reimgs = ""; | $reimgs = ""; | ||||
| if ($isUrlOpen) { | if ($isUrlOpen) { | ||||
+ 2
- 2
src/admin/templets/diy_list.htm
查看文件
| @@ -41,7 +41,7 @@ | |||||
| if ($fielddata[1]=='img') { | if ($fielddata[1]=='img') { | ||||
| $fields[$field] = "<a href='{$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>图片附件</a>"; | $fields[$field] = "<a href='{$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>图片附件</a>"; | ||||
| } else if ($fielddata[1]=='addon') { | } else if ($fielddata[1]=='addon') { | ||||
| $fields[$field] = "<a href='{$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>其它附件</a>"; | |||||
| $fields[$field] = "<a href='../apps/jump.php?url={$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>其它附件</a>"; | |||||
| } else { | } else { | ||||
| if (!in_array($fielddata[1],$allowhtml)) { | if (!in_array($fielddata[1],$allowhtml)) { | ||||
| $fields[$field] = dede_htmlspecialchars($fields[$field]); | $fields[$field] = dede_htmlspecialchars($fields[$field]); | ||||
| @@ -61,7 +61,7 @@ | |||||
| <label><input type="radio" name="action" value="check"> 审核</label> | <label><input type="radio" name="action" value="check"> 审核</label> | ||||
| <label class="mr-2 ml-2"><input type="radio" name="action" value="delete"> 删除</label> | <label class="mr-2 ml-2"><input type="radio" name="action" value="delete"> 删除</label> | ||||
| <button type="submit" name="submit" class="btn btn-success btn-sm">提交</button> | <button type="submit" name="submit" class="btn btn-success btn-sm">提交</button> | ||||
| <a href="/apps/diy.php?action=list&diyid=<?php echo $diy->diyid;?>" target="_blank" class="btn btn-success btn-sm">预览</a> | |||||
| <a href="../apps/diy.php?action=list&diyid=<?php echo $diy->diyid;?>" target="_blank" class="btn btn-success btn-sm">预览</a> | |||||
| </td> | </td> | ||||
| </tr> | </tr> | ||||
| <tr> | <tr> | ||||
+ 39
- 0
src/apps/jump.php
查看文件
| @@ -0,0 +1,39 @@ | |||||
| <?php | |||||
| /** | |||||
| * 用于地址跳转 | |||||
| * | |||||
| * @version $id:jump.php$ | |||||
| * @package DedeBIZ.Site | |||||
| * @copyright Copyright (c) 2022 DedeBIZ.COM | |||||
| * @license https://www.dedebiz.com/license | |||||
| * @link https://www.dedebiz.com | |||||
| */ | |||||
| require_once(dirname(__FILE__).'/../system/common.inc.php'); | |||||
| require_once(DEDEINC."/libraries/oxwindow.class.php"); | |||||
| $url = isset($url)? RemoveXSS($url) : ''; | |||||
| if (preg_match("#^http#", $url)) { | |||||
| $rur = parse_url($url); | |||||
| $loc = parse_url($cfg_basehost); | |||||
| if (!$rur || !$loc) { | |||||
| ShowMsg("地址错误","javascript:;"); | |||||
| exit; | |||||
| } | |||||
| if ($rur['host'] !== $loc['host']) { | |||||
| //如果不是本站点的,则需要点击进行跳转 | |||||
| $wintitle = "将要访问"; | |||||
| $msg = "<code>$url</code><p><a href='$url' class='btn btn-success mt-2'>继续访问</a></p>"; | |||||
| $wecome_info = "页面跳转提示"; | |||||
| $win = new OxWindow(); | |||||
| $win->AddTitle("您将要访问的链接不属于当前站点,请关注您的账号安全。"); | |||||
| $win->AddMsgItem($msg); | |||||
| $winform = $win->GetWindow("hand", " ", false); | |||||
| $win->Display(); | |||||
| } else { | |||||
| header('HTTP/1.1 301 Moved Permanently'); | |||||
| header('Location:'.$url); | |||||
| } | |||||
| } else { | |||||
| ShowMsg("地址错误","javascript:;"); | |||||
| exit; | |||||
| } | |||||
| ?> | |||||
+ 4
- 2
src/system/customfields.func.php
查看文件
| @@ -219,7 +219,7 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '', $a | |||||
| CloseFtp(); | CloseFtp(); | ||||
| return $filename; | return $filename; | ||||
| } else if ($dtype == 'img' || $dtype == 'imgfile') { | } else if ($dtype == 'img' || $dtype == 'imgfile') { | ||||
| if (preg_match("#[\\|/]static[\\|/]userup#", $dvalue)) return $dvalue; | |||||
| if (preg_match("#[\\|/]static[\\|/]userup#", $dvalue)) return addslashes($dvalue); | |||||
| if ($admintype == 'diy') { | if ($admintype == 'diy') { | ||||
| $iurl = MemberUploads($fieldname, '', 0, 'image', '', -1, -1, false); | $iurl = MemberUploads($fieldname, '', 0, 'image', '', -1, -1, false); | ||||
| return $iurl; | return $iurl; | ||||
| @@ -264,7 +264,9 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '', $a | |||||
| } | } | ||||
| return addslashes($imgurl); | return addslashes($imgurl); | ||||
| } else if ($dtype == 'addon' && $admintype == 'diy') { | } else if ($dtype == 'addon' && $admintype == 'diy') { | ||||
| if (preg_match("#[\\|/]uploads[\\|/]userup#", $dvalue)) return $dvalue; | |||||
| if ($admintype == 'diy') { | |||||
| return addslashes($dvalue); | |||||
| } | |||||
| $dvalue = MemberUploads($fieldname, '', 0, 'addon', '', -1, -1, false); | $dvalue = MemberUploads($fieldname, '', 0, 'addon', '', -1, -1, false); | ||||
| return $dvalue; | return $dvalue; | ||||
| } else { | } else { | ||||