@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: ad_add.php 1 8:26 2010年7月12日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require(dirname(__FILE__)."/config.php"); | |||
@@ -16,7 +17,7 @@ if(empty($dopost)) $dopost = ""; | |||
if($dopost=="save") | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
//timeset tagname typeid normbody expbody | |||
$tagname = trim($tagname); | |||
$row = $dsql->GetOne("SELECT typeid FROM #@__myad WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: ad_edit.php 1 8:26 2010年7月12日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require(dirname(__FILE__)."/config.php"); | |||
CheckPurview('plus_广告管理'); | |||
@@ -53,7 +54,7 @@ else if($dopost=='testjs') | |||
} | |||
else if($dopost=='saveedit') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$starttime = GetMkTime($starttime); | |||
$endtime = GetMkTime($endtime); | |||
$query = "UPDATE `#@__myad` | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: article_string_mix.php 1 14:31 2010年7月12日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require_once(dirname(__FILE__).'/config.php'); | |||
require_once(DEDEINC.'/oxwindow.class.php'); | |||
@@ -21,7 +22,7 @@ $m_file = DEDEDATA."/downmix.data.php"; | |||
//保存 | |||
if($dopost=="save") | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$fp = fopen($m_file,'w'); | |||
flock($fp,3); | |||
fwrite($fp,$allsource); | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: article_template_rand.php 1 14:31 2010年7月12日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require_once(dirname(__FILE__).'/config.php'); | |||
require_once(DEDEINC.'/oxwindow.class.php'); | |||
@@ -20,7 +21,7 @@ $okmsg = ''; | |||
//保存配置 | |||
if($dopost=='save') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$fp = fopen($m_file,'w'); | |||
flock($fp,3); | |||
fwrite($fp,$templates); | |||
@@ -30,7 +31,7 @@ if($dopost=='save') | |||
//对旧文档进行随机模板处理 | |||
else if($dopost=='makeold') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
set_time_limit(3600); | |||
if(!file_exists($m_file)) | |||
{ | |||
@@ -64,7 +65,7 @@ else if($dopost=='makeold') | |||
//清除全部的指定模板 | |||
else if($dopost=='clearold') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$dsql->ExecuteNoneQuery(" Update `#@__addonarticle` set templet='' "); | |||
$dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` "); | |||
AjaxHead(); | |||
@@ -5,9 +5,10 @@ | |||
* | |||
* @version $Id: media_add.php 2 15:25 2011-6-2 tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require_once(dirname(__FILE__) . "/config.php"); | |||
@@ -16,7 +17,7 @@ if (empty($dopost)) $dopost = ""; | |||
//上传 | |||
if ($dopost == "upload") { | |||
csrf_check(); | |||
CheckCSRF(); | |||
require_once(DEDEINC . "/image.func.php"); | |||
$sparr_image = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/wbmp"); | |||
$sparr_flash = array("application/xshockwaveflash"); | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: media_edit.php 1 11:17 2010年7月19日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require_once(dirname(__FILE__)."/config.php"); | |||
@@ -106,7 +107,7 @@ function __save_edit() //保存更改 | |||
else if($dopost=='save') | |||
{ | |||
if($aid=="") exit(); | |||
csrf_check(); | |||
CheckCSRF(); | |||
//检查是否有修改权限 | |||
$myrow = $dsql->GetOne("SELECT * FROM #@__uploads WHERE aid='".$aid."'"); | |||
if($myrow['mid']!=$cuserLogin->getUserID()) | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: mytag_add.php 1 15:35 2010年7月20日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require(dirname(__FILE__)."/config.php"); | |||
CheckPurview('temp_Other'); | |||
@@ -15,9 +16,9 @@ if(empty($dopost)) $dopost = ""; | |||
if($dopost=="save") | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$tagname = trim($tagname); | |||
$row = $dsql->GetOne("SELECT typeid FROM #@__mytag WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | |||
$row = $dsql->GetOne("SELECT typeid FROM `#@__mytag` WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | |||
if(is_array($row)) | |||
{ | |||
ShowMsg("在相同栏目下已经存在同名的标记!","-1"); | |||
@@ -25,7 +26,7 @@ if($dopost=="save") | |||
} | |||
$starttime = GetMkTime($starttime); | |||
$endtime = GetMkTime($endtime); | |||
$inQuery = "INSERT INTO #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody) | |||
$inQuery = "INSERT INTO `#@__mytag`(typeid,tagname,timeset,starttime,endtime,normbody,expbody) | |||
VALUES('$typeid','$tagname','$timeset','$starttime','$endtime','$normbody','$expbody'); "; | |||
$dsql->ExecuteNoneQuery($inQuery); | |||
ShowMsg("成功增加一个自定义标记!","mytag_main.php"); | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: mytag_edit.php 1 15:37 2010年7月20日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require(dirname(__FILE__)."/config.php"); | |||
CheckPurview('temp_Other'); | |||
@@ -18,14 +19,13 @@ $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'mytag_main.php' : $_COOKI | |||
if($dopost=='delete') | |||
{ | |||
csrf_check(); | |||
$dsql->ExecuteNoneQuery("DELETE FROM #@__mytag WHERE aid='$aid'"); | |||
$dsql->ExecuteNoneQuery("DELETE FROM `#@__mytag` WHERE aid='$aid'"); | |||
ShowMsg("成功删除一个自定义标记!",$ENV_GOBACK_URL); | |||
exit(); | |||
} | |||
else if($dopost=="saveedit") | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
$starttime = GetMkTime($starttime); | |||
$endtime = GetMkTime($endtime); | |||
$query = "UPDATE `#@__mytag` | |||
@@ -4,9 +4,10 @@ | |||
* | |||
* @version $Id: tpl.php 1 23:44 2010年7月20日Z tianya $ | |||
* @package DedeCMS.Administrator | |||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||
* @license http://help.dedecms.com/usersguide/license.html | |||
* @link http://www.dedecms.com | |||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||
* @license https://www.dedebiz.com/license/v6 | |||
* @link https://www.dedebiz.com | |||
*/ | |||
require_once(dirname(__FILE__)."/config.php"); | |||
CheckPurview('plus_文件管理器'); | |||
@@ -89,7 +90,7 @@ function save_tpl() { } | |||
--------------------------*/ | |||
else if($action == 'saveedit') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
if($filename == '') | |||
{ | |||
ShowMsg('未指定要编辑的文件或文件名不合法', '-1'); | |||
@@ -168,7 +169,7 @@ function _upload() {} | |||
-----------------------*/ | |||
else if ($action == 'uploadok') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
if( !is_uploaded_file($upfile) ) | |||
{ | |||
ShowMsg("貌似你什么都没有上传哦!","javascript:;"); | |||
@@ -250,7 +251,7 @@ function savetagfile() { } | |||
--------------------------*/ | |||
else if($action=='savetagfile') | |||
{ | |||
csrf_check(); | |||
CheckCSRF(); | |||
if(!preg_match("#^[a-z0-9_-]{1,}\.lib\.php$#i", $filename)) | |||
{ | |||
ShowMsg('文件名不合法,不允许进行操作!', '-1'); | |||