diff --git a/src/admin/baidunews.php b/src/admin/baidunews.php index a1d5174a..cd17ec77 100644 --- a/src/admin/baidunews.php +++ b/src/admin/baidunews.php @@ -33,11 +33,12 @@ if (empty($do)) { "; $dsql->SetQuery($query); $dsql->Execute(); + $proto = IsSSL()? "https://" : "http://"; while ($row = $dsql->GetArray()) { $title = dede_htmlspecialchars($row['title']); $row1 = GetOneArchive($row['id']); - if (strpos($row1['arcurl'], 'http://') === false) { - $link = ($cfg_basehost == '' ? 'http://'.$_SERVER["HTTP_HOST"].$cfg_cmspath : $cfg_basehost).$row1['arcurl']; + if ((strpos($row1['arcurl'], 'http://') === false) || (strpos($row1['arcurl'], 'https://') === false)) { + $link = ($cfg_basehost == '' ? $proto.$_SERVER["HTTP_HOST"].$cfg_cmspath : $cfg_basehost).$row1['arcurl']; } else { $link = $row1['arcurl']; } @@ -45,8 +46,8 @@ if (empty($do)) { $description = dede_htmlspecialchars(strip_tags($row['description'])); $text = dede_htmlspecialchars(strip_tags($row['body'])); $image = $row['litpic'] == '' ? '' : $row['litpic']; - if ($image != '' && strpos($image, 'http://') === false) { - $image = ($cfg_basehost == '' ? 'http://'.$_SERVER["HTTP_HOST"].$cfg_cmspath : $cfg_basehost).$image; + if ($image != '' && (strpos($image, 'http://') === false) || (strpos($image, 'https://') === false)) { + $image = ($cfg_basehost == '' ? $proto.$_SERVER["HTTP_HOST"].$cfg_cmspath : $cfg_basehost).$image; } //$headlineimg = ''; $keywords = dede_htmlspecialchars($row['keywords']); diff --git a/src/admin/inc/inc_archives_functions.php b/src/admin/inc/inc_archives_functions.php index ccff6967..f8a7f3ef 100644 --- a/src/admin/inc/inc_archives_functions.php +++ b/src/admin/inc/inc_archives_functions.php @@ -34,7 +34,7 @@ function GetCurContentAlbum($body, $rfurl, &$firstdd) $rsimg = ''; $cfg_uploaddir = $GLOBALS['cfg_image_dir']; $cfg_basedir = $GLOBALS['cfg_basedir']; - $basehost = 'http://'.$_SERVER['HTTP_HOST']; + $basehost = IsSSL()? "https://".$_SERVER["HTTP_HOST"] : "http://".$_SERVER["HTTP_HOST"]; $img_array = array(); preg_match_all("/(src)=[\"|'| ]{0,}(http:\/\/([^>]*)\.(gif|jpg|png))/isU", $body, $img_array); $img_array = array_unique($img_array[2]); @@ -99,7 +99,7 @@ function GetCurContent($body) global $cfg_multi_site, $cfg_basehost, $cfg_basedir, $cfg_image_dir, $arcID, $cuserLogin, $dsql; $cfg_uploaddir = $cfg_image_dir; $htd = new DedeHttpDown(); - $basehost = "http://".$_SERVER["HTTP_HOST"]; + $basehost = IsSSL()? "https://".$_SERVER["HTTP_HOST"] : "http://".$_SERVER["HTTP_HOST"]; $img_array = array(); preg_match_all("/src=[\"|'|\s]([^\"|^\'|^\s]*?)/isU", $body, $img_array); $img_array = array_unique($img_array[1]); diff --git a/src/apps/showphoto.php b/src/apps/showphoto.php index 8583c8a3..d01c7b76 100755 --- a/src/apps/showphoto.php +++ b/src/apps/showphoto.php @@ -58,8 +58,8 @@ foreach ($dtp->CTags as $ctag) { } unset($dtp); if ($cfg_multi_site == 'Y') { - if (!preg_match("/^http:/i", $preSrc) && !empty($preSrc)) $preSrc = $cfg_basehost.$preSrc; - if (!preg_match("/^http:/i", $nextSrc) && !empty($nextSrc)) $nextSrc = $cfg_basehost.$nextSrc; + if (!preg_match("/^(http|https):/i", $preSrc) && !empty($preSrc)) $preSrc = $cfg_basehost.$preSrc; + if (!preg_match("/^(http|https):/i", $nextSrc) && !empty($nextSrc)) $nextSrc = $cfg_basehost.$nextSrc; } if ($preSrc != '') { $pageGuide .= "<<上一幅图片 "; diff --git a/src/install/index.php b/src/install/index.php index 678a4a88..5f899b66 100644 --- a/src/install/index.php +++ b/src/install/index.php @@ -35,6 +35,7 @@ if(empty($step)) { $step = 1; } +$proto = IsSSL()? "https://" : "http://"; /*------------------------ 使用协议书 function _1_Agreement() @@ -62,10 +63,11 @@ if($step==1) else $scriptName = $_SERVER['PHP_SELF']; $basepath = preg_replace("#\/install(.*)$#i", '', $scriptName); + if(!empty($_SERVER['HTTP_HOST'])) - $baseurl = 'http://'.$_SERVER['HTTP_HOST']; + $baseurl = $proto.$_SERVER['HTTP_HOST']; else - $baseurl = "http://".$_SERVER['SERVER_NAME']; + $baseurl = $proto.$_SERVER['SERVER_NAME']; $chars='abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789'; $rnd_cookieEncode=''; $length = rand(28,32); @@ -89,9 +91,9 @@ else if($step==2) die("当前数据库类型不支持"); } if(!empty($_SERVER['HTTP_HOST'])) - $dfbaseurl = 'http://'.$_SERVER['HTTP_HOST']; + $dfbaseurl = $proto.$_SERVER['HTTP_HOST']; else - $dfbaseurl = "http://".$_SERVER['SERVER_NAME']; + $dfbaseurl = $proto.$_SERVER['SERVER_NAME']; $dfbasepath = preg_replace("#\/install(.*)$#i", '', $scriptName); $dbhost = empty($dbhost)? "localhost" : $dbhost; $dbuser = empty($dbuser)? "root" : $dbuser; diff --git a/src/system/common.func.php b/src/system/common.func.php index 1bca4b3e..f6e3bb46 100755 --- a/src/system/common.func.php +++ b/src/system/common.func.php @@ -286,6 +286,20 @@ function IndexActive($idx) return ''; } } +//是否是HTTPS +function IsSSL() +{ + if ($_SERVER['HTTPS'] && ('1' == $_SERVER['HTTPS'] || 'on' == strtolower($_SERVER['HTTPS']))) { + return true; + } elseif ('https' == $_SERVER['REQUEST_SCHEME']) { + return true; + } elseif ('443' == $_SERVER['SERVER_PORT']) { + return true; + } elseif ('https' == $_SERVER['HTTP_X_FORWARDED_PROTO']) { + return true; + } + return false; +} //自定义函数接口 //这里主要兼容早期的用户扩展,v5.7之后我们建议使用小助手helper进行扩展 if (file_exists(DEDEINC.'/extend.func.php')) { diff --git a/src/system/libraries/dedehttpdown.class.php b/src/system/libraries/dedehttpdown.class.php index a3640dbd..16b1d4bd 100755 --- a/src/system/libraries/dedehttpdown.class.php +++ b/src/system/libraries/dedehttpdown.class.php @@ -12,7 +12,7 @@ if (!defined('DEDEINC')) exit('dedebiz'); @set_time_limit(0); class DedeHttpDown { - var $m_ch = ''; + var $m_ch = null; var $m_url = ''; var $m_urlpath = ''; var $m_scheme = 'http'; @@ -268,6 +268,12 @@ class DedeHttpDown @fclose($this->m_fp); return $this->m_html; } + /** + * 获取请求解析后的JSON数据 + * + * @access public + * @return mixed + */ function GetJSON() { if ($this->m_html != '') { @@ -285,6 +291,25 @@ class DedeHttpDown @fclose($this->m_fp); return json_decode($this->m_html); } + /** + * 判断当前是否是https站点 + * + * @access public + * @return bool + */ + function IsSSL() + { + if ($_SERVER['HTTPS'] && ('1' == $_SERVER['HTTPS'] || 'on' == strtolower($_SERVER['HTTPS']))) { + return true; + } elseif ('https' == $_SERVER['REQUEST_SCHEME']) { + return true; + } elseif ('443' == $_SERVER['SERVER_PORT']) { + return true; + } elseif ('https' == $_SERVER['HTTP_X_FORWARDED_PROTO']) { + return true; + } + return false; + } /** * 开始HTTP会话 * @@ -555,16 +580,17 @@ class DedeHttpDown return ""; } $pos = strpos($surl, "#"); + $proto = $this->IsSSL()? "https://" : "http://"; if ($pos > 0) { $surl = substr($surl, 0, $pos); } if ($surl[0] == "/") { - $okurl = "http://".$this->HomeUrl.$surl; + $okurl = $proto .$this->HomeUrl.$surl; } else if ($surl[0] == ".") { if (strlen($surl) <= 1) { return ""; } else if ($surl[1] == "/") { - $okurl = "http://".$this->BaseUrlPath."/".substr($surl, 2, strlen($surl) - 2); + $okurl = $proto.$this->BaseUrlPath."/".substr($surl, 2, strlen($surl) - 2); } else { $urls = explode("/", $surl); foreach ($urls as $u) { @@ -581,7 +607,7 @@ class DedeHttpDown if (count($urls) <= $pathStep) { return ""; } else { - $pstr = "http://"; + $pstr = $proto; for ($i = 0; $i < count($urls) - $pathStep; $i++) { $pstr .= $urls[$i]."/"; } @@ -590,15 +616,17 @@ class DedeHttpDown } } else { if (strlen($surl) < 7) { - $okurl = "http://".$this->BaseUrlPath."/".$surl; + $okurl = $proto .$this->BaseUrlPath."/".$surl; } else if (strtolower(substr($surl, 0, 7)) == "http://") { $okurl = $surl; + } else if (strtolower(substr($surl, 0, 8)) == "https://") { + $okurl = $surl; } else { - $okurl = "http://".$this->BaseUrlPath."/".$surl; + $okurl = $proto.$this->BaseUrlPath."/".$surl; } } - $okurl = preg_replace("/^(http:\/\/)/i", "", $okurl); + $okurl = preg_replace("/^((http|https):\/\/)/i", "", $okurl); $okurl = preg_replace("/\/{1,}/", "/", $okurl); - return "http://".$okurl; + return $proto.$okurl; } }//End Class \ No newline at end of file diff --git a/src/system/taglib/arclist.lib.php b/src/system/taglib/arclist.lib.php index 339f41da..f67987e6 100755 --- a/src/system/taglib/arclist.lib.php +++ b/src/system/taglib/arclist.lib.php @@ -359,7 +359,7 @@ function lib_arclistDone (&$refObj, &$ctag, $typeid=0, $row=10, $col=1, $titlele if ($row['litpic'] == '-' || $row['litpic'] == '') { $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/web/img/defaultpic.jpg'; } - if (!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { + if (!preg_match("#^(http|https):\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { $row['litpic'] = $GLOBALS['cfg_mainsite'].$row['litpic']; } $row['picname'] = $row['litpic']; diff --git a/src/system/taglib/arclistsg.lib.php b/src/system/taglib/arclistsg.lib.php index b6e0ee55..39bf228d 100755 --- a/src/system/taglib/arclistsg.lib.php +++ b/src/system/taglib/arclistsg.lib.php @@ -185,7 +185,7 @@ function lib_arclistsg(&$ctag, &$refObj) if ($row['litpic'] == '-' || $row['litpic'] == '') { $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/web/img/defaultpic.jpg'; } - if (!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { + if (!preg_match("#^(http|https):\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { $row['litpic'] = $GLOBALS['cfg_mainsite'].$row['litpic']; } $row['picname'] = $row['litpic']; diff --git a/src/system/taglib/likearticle.lib.php b/src/system/taglib/likearticle.lib.php index b63e7993..373054c8 100755 --- a/src/system/taglib/likearticle.lib.php +++ b/src/system/taglib/likearticle.lib.php @@ -131,7 +131,7 @@ function lib_likearticle(&$ctag, &$refObj) if ($row['litpic'] == '-' || $row['litpic'] == '') { $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/web/img/defaultpic.jpg'; } - if (!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { + if (!preg_match("#^(http|https):\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { $row['litpic'] = $GLOBALS['cfg_mainsite'].$row['litpic']; } $row['picname'] = $row['litpic']; diff --git a/src/system/taglib/relation.lib.php b/src/system/taglib/relation.lib.php index d6a45805..313bcaf8 100644 --- a/src/system/taglib/relation.lib.php +++ b/src/system/taglib/relation.lib.php @@ -118,7 +118,7 @@ function lib_relation(&$ctag, &$refObj) if ($row['litpic'] == '-' || $row['litpic'] == '') { $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; } - if (!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { + if (!preg_match("#^(http|https):\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { $row['litpic'] = $GLOBALS['cfg_mainsite'].$row['litpic']; } $row['picname'] = $row['litpic']; diff --git a/src/user/inc/inc_archives_functions.php b/src/user/inc/inc_archives_functions.php index 3e2a88cf..ed55cb54 100755 --- a/src/user/inc/inc_archives_functions.php +++ b/src/user/inc/inc_archives_functions.php @@ -27,7 +27,7 @@ function GetCurContentAlbum($body, $rfurl, &$firstdd) include_once(DEDEINC."/dedecollection.func.php"); if (empty($ddmaxwidth)) $ddmaxwidth = 240; $rsimg = ''; - $basehost = "http://".$_SERVER["HTTP_HOST"]; + $basehost = IsSSL()? "https://".$_SERVER["HTTP_HOST"] : "http://".$_SERVER["HTTP_HOST"]; $img_array = array(); preg_match_all("/(src)=[\"|'| ]{0,}(http:\/\/([^>]*)\.(gif|jpg|png))/isU", $body, $img_array); $img_array = array_unique($img_array[2]); @@ -300,7 +300,7 @@ function GetCurContent(&$body) global $cfg_multi_site, $cfg_basehost, $cfg_basedir, $cfg_user_dir, $title, $cfg_ml; include_once(DEDEINC."/dedecollection.func.php"); $htd = new DedeHttpDown(); - $basehost = "http://".$_SERVER["HTTP_HOST"]; + $basehost = IsSSL()? "https://".$_SERVER["HTTP_HOST"] : "http://".$_SERVER["HTTP_HOST"]; $img_array = array(); preg_match_all("/(src|SRC)=[\"|'| ]{0,}(http[s]?:\/\/([^>]*)\.(gif|jpg|png))/isU", $body, $img_array); $img_array = array_unique($img_array[2]); @@ -318,7 +318,7 @@ function GetCurContent(&$body) if ($cfg_basehost != $basehost && preg_match("#".$cfg_basehost."#i", $value)) { continue; } - if (!preg_match("#^http:\/\/#i", $value)) { + if (!preg_match("#^(http|https):\/\/#i", $value)) { continue; } $htd->OpenUrl($value); diff --git a/src/user/index_do.php b/src/user/index_do.php index 657d67ce..d1eb789a 100755 --- a/src/user/index_do.php +++ b/src/user/index_do.php @@ -24,14 +24,15 @@ if ($fmdo == 'sendMail') { $userhash = md5($cfg_cookie_encode.'--'.$cfg_ml->fields['mid'].'--'.$cfg_ml->fields['email']); $url = $cfg_basehost.(empty($cfg_cmspath) ? '/' : $cfg_cmspath)."/user/index_do.php?fmdo=checkMail&mid={$cfg_ml->fields['mid']}&userhash={$userhash}&do=1"; $url = preg_replace("#http:\/\/#i", '', $url); - $url = 'http://'.preg_replace("#\/\/#i", '/', $url); + $proto = IsSSL()? "https://" : "http://"; + $url = $proto.preg_replace("#\/\/#i", '/', $url); $mailtitle = "{$cfg_webname}--会员邮件验证通知"; $mailbody = ''; $mailbody .= "尊敬的用户[{$cfg_ml->fields['uname']}],您好:\r\n"; $mailbody .= "欢迎注册成为[{$cfg_webname}]的会员\r\n"; $mailbody .= "要通过注册,还必须进行最后一步操作,请点击或复制下面链接到地址栏访问这地址:\r\n\r\n"; $mailbody .= "{$url}\r\n\r\n"; - $mailbody .= "Power by DedeBIZ内容管理系统\r\n"; + $mailbody .= "Powered by DedeBIZ内容管理系统\r\n"; $headers = "From: ".$cfg_adminemail."\r\nReply-To: ".$cfg_adminemail; if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { $client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port);