5 years ago · 5d657542eb
--- a/src/dede/ad_add.php
+++ b/src/dede/ad_add.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: ad_add.php 1 8:26 2010年7月12日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 
 require(dirname(__FILE__)."/config.php");
@@ -16,7 +17,7 @@ if(empty($dopost)) $dopost = "";

 if($dopost=="save")
 {
    csrf_check();
    CheckCSRF();
    //timeset tagname typeid normbody expbody
    $tagname = trim($tagname);
    $row = $dsql->GetOne("SELECT typeid FROM #@__myad WHERE typeid='$typeid' AND tagname LIKE '$tagname'");
--- a/src/dede/ad_edit.php
+++ b/src/dede/ad_edit.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: ad_edit.php 1 8:26 2010年7月12日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('plus_广告管理');
@@ -53,7 +54,7 @@ else if($dopost=='testjs')
 }
 else if($dopost=='saveedit')
 {
    csrf_check();
    CheckCSRF();
    $starttime = GetMkTime($starttime);
    $endtime = GetMkTime($endtime);
    $query = "UPDATE `#@__myad`
--- a/src/dede/article_string_mix.php
+++ b/src/dede/article_string_mix.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: article_string_mix.php 1 14:31 2010年7月12日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__).'/config.php');
 require_once(DEDEINC.'/oxwindow.class.php');
@@ -21,7 +22,7 @@ $m_file = DEDEDATA."/downmix.data.php";
 //保存
 if($dopost=="save")
 {
 	csrf_check();
 	CheckCSRF();
    $fp = fopen($m_file,'w');
    flock($fp,3);
    fwrite($fp,$allsource);
--- a/src/dede/article_template_rand.php
+++ b/src/dede/article_template_rand.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: article_template_rand.php 1 14:31 2010年7月12日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__).'/config.php');
 require_once(DEDEINC.'/oxwindow.class.php');
@@ -20,7 +21,7 @@ $okmsg = '';
 //保存配置
 if($dopost=='save')
 {
    csrf_check();
    CheckCSRF();
    $fp = fopen($m_file,'w');
    flock($fp,3);
    fwrite($fp,$templates);
@@ -30,7 +31,7 @@ if($dopost=='save')
 //对旧文档进行随机模板处理
 else if($dopost=='makeold')
 {
    csrf_check();
    CheckCSRF();
    set_time_limit(3600);
    if(!file_exists($m_file))
    {
@@ -64,7 +65,7 @@ else if($dopost=='makeold')
 //清除全部的指定模板
 else if($dopost=='clearold')
 {
    csrf_check();
    CheckCSRF();
    $dsql->ExecuteNoneQuery(" Update `#@__addonarticle` set templet='' ");
    $dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` ");
    AjaxHead();
--- a/src/dede/media_add.php
+++ b/src/dede/media_add.php
@@ -5,9 +5,10 @@
 *
 * @version        $Id: media_add.php 2 15:25 2011-6-2 tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__) . "/config.php");

@@ -16,7 +17,7 @@ if (empty($dopost)) $dopost = "";

 //上传
 if ($dopost == "upload") {
    csrf_check();
    CheckCSRF();
    require_once(DEDEINC . "/image.func.php");
    $sparr_image = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/wbmp");
    $sparr_flash = array("application/xshockwaveflash");
--- a/src/dede/media_edit.php
+++ b/src/dede/media_edit.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: media_edit.php 1 11:17 2010年7月19日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__)."/config.php");

@@ -106,7 +107,7 @@ function __save_edit() //保存更改
 else if($dopost=='save')
 {
    if($aid=="") exit();
    csrf_check();
    CheckCSRF();
    //检查是否有修改权限
    $myrow = $dsql->GetOne("SELECT * FROM #@__uploads WHERE aid='".$aid."'");
    if($myrow['mid']!=$cuserLogin->getUserID())
--- a/src/dede/mytag_add.php
+++ b/src/dede/mytag_add.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: mytag_add.php 1 15:35 2010年7月20日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('temp_Other');
@@ -15,9 +16,9 @@ if(empty($dopost)) $dopost = "";

 if($dopost=="save")
 {
    csrf_check();
    CheckCSRF();
    $tagname = trim($tagname);
    $row = $dsql->GetOne("SELECT typeid FROM #@__mytag WHERE typeid='$typeid' AND tagname LIKE '$tagname'");
    $row = $dsql->GetOne("SELECT typeid FROM `#@__mytag` WHERE typeid='$typeid' AND tagname LIKE '$tagname'");
    if(is_array($row))
    {
        ShowMsg("在相同栏目下已经存在同名的标记！","-1");
@@ -25,7 +26,7 @@ if($dopost=="save")
    }
    $starttime = GetMkTime($starttime);
    $endtime = GetMkTime($endtime);
    $inQuery = "INSERT INTO #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody)
    $inQuery = "INSERT INTO `#@__mytag`(typeid,tagname,timeset,starttime,endtime,normbody,expbody)
     VALUES('$typeid','$tagname','$timeset','$starttime','$endtime','$normbody','$expbody'); ";
    $dsql->ExecuteNoneQuery($inQuery);
    ShowMsg("成功增加一个自定义标记！","mytag_main.php");
--- a/src/dede/mytag_edit.php
+++ b/src/dede/mytag_edit.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: mytag_edit.php 1 15:37 2010年7月20日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('temp_Other');
@@ -18,14 +19,13 @@ $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'mytag_main.php' : $_COOKI

 if($dopost=='delete')
 {
    csrf_check();
    $dsql->ExecuteNoneQuery("DELETE FROM #@__mytag WHERE aid='$aid'");
    $dsql->ExecuteNoneQuery("DELETE FROM `#@__mytag` WHERE aid='$aid'");
    ShowMsg("成功删除一个自定义标记！",$ENV_GOBACK_URL);
    exit();
 }
 else if($dopost=="saveedit")
 {
    csrf_check();
    CheckCSRF();
    $starttime = GetMkTime($starttime);
    $endtime = GetMkTime($endtime);
    $query = "UPDATE `#@__mytag`
--- a/src/dede/tpl.php
+++ b/src/dede/tpl.php
@@ -4,9 +4,10 @@
 *
 * @version        $Id: tpl.php 1 23:44 2010年7月20日Z tianya $
 * @package        DedeCMS.Administrator
 * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license/v6
 * @link           https://www.dedebiz.com
 */
 require_once(dirname(__FILE__)."/config.php");
 CheckPurview('plus_文件管理器');
@@ -89,7 +90,7 @@ function save_tpl() { }
 --------------------------*/
 else if($action == 'saveedit')
 {
    csrf_check();
    CheckCSRF();
    if($filename == '')
    {
        ShowMsg('未指定要编辑的文件或文件名不合法', '-1');
@@ -168,7 +169,7 @@ function _upload() {}
 -----------------------*/
 else if ($action == 'uploadok')
 {
    csrf_check();
    CheckCSRF();
    if( !is_uploaded_file($upfile) )
    {
        ShowMsg("貌似你什么都没有上传哦！","javascript:;");
@@ -250,7 +251,7 @@ function savetagfile() { }
 --------------------------*/
 else if($action=='savetagfile')
 {
    csrf_check();
    CheckCSRF();
    if(!preg_match("#^[a-z0-9_-]{1,}\.lib\.php$#i", $filename))
    {
        ShowMsg('文件名不合法，不允许进行操作！', '-1');