@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: ad_add.php 1 8:26 2010年7月12日Z tianya $ | * @version $Id: ad_add.php 1 8:26 2010年7月12日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require(dirname(__FILE__)."/config.php"); | require(dirname(__FILE__)."/config.php"); | ||||
@@ -16,7 +17,7 @@ if(empty($dopost)) $dopost = ""; | |||||
if($dopost=="save") | if($dopost=="save") | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
//timeset tagname typeid normbody expbody | //timeset tagname typeid normbody expbody | ||||
$tagname = trim($tagname); | $tagname = trim($tagname); | ||||
$row = $dsql->GetOne("SELECT typeid FROM #@__myad WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | $row = $dsql->GetOne("SELECT typeid FROM #@__myad WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: ad_edit.php 1 8:26 2010年7月12日Z tianya $ | * @version $Id: ad_edit.php 1 8:26 2010年7月12日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require(dirname(__FILE__)."/config.php"); | require(dirname(__FILE__)."/config.php"); | ||||
CheckPurview('plus_广告管理'); | CheckPurview('plus_广告管理'); | ||||
@@ -53,7 +54,7 @@ else if($dopost=='testjs') | |||||
} | } | ||||
else if($dopost=='saveedit') | else if($dopost=='saveedit') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$starttime = GetMkTime($starttime); | $starttime = GetMkTime($starttime); | ||||
$endtime = GetMkTime($endtime); | $endtime = GetMkTime($endtime); | ||||
$query = "UPDATE `#@__myad` | $query = "UPDATE `#@__myad` | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: article_string_mix.php 1 14:31 2010年7月12日Z tianya $ | * @version $Id: article_string_mix.php 1 14:31 2010年7月12日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require_once(dirname(__FILE__).'/config.php'); | require_once(dirname(__FILE__).'/config.php'); | ||||
require_once(DEDEINC.'/oxwindow.class.php'); | require_once(DEDEINC.'/oxwindow.class.php'); | ||||
@@ -21,7 +22,7 @@ $m_file = DEDEDATA."/downmix.data.php"; | |||||
//保存 | //保存 | ||||
if($dopost=="save") | if($dopost=="save") | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$fp = fopen($m_file,'w'); | $fp = fopen($m_file,'w'); | ||||
flock($fp,3); | flock($fp,3); | ||||
fwrite($fp,$allsource); | fwrite($fp,$allsource); | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: article_template_rand.php 1 14:31 2010年7月12日Z tianya $ | * @version $Id: article_template_rand.php 1 14:31 2010年7月12日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require_once(dirname(__FILE__).'/config.php'); | require_once(dirname(__FILE__).'/config.php'); | ||||
require_once(DEDEINC.'/oxwindow.class.php'); | require_once(DEDEINC.'/oxwindow.class.php'); | ||||
@@ -20,7 +21,7 @@ $okmsg = ''; | |||||
//保存配置 | //保存配置 | ||||
if($dopost=='save') | if($dopost=='save') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$fp = fopen($m_file,'w'); | $fp = fopen($m_file,'w'); | ||||
flock($fp,3); | flock($fp,3); | ||||
fwrite($fp,$templates); | fwrite($fp,$templates); | ||||
@@ -30,7 +31,7 @@ if($dopost=='save') | |||||
//对旧文档进行随机模板处理 | //对旧文档进行随机模板处理 | ||||
else if($dopost=='makeold') | else if($dopost=='makeold') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
set_time_limit(3600); | set_time_limit(3600); | ||||
if(!file_exists($m_file)) | if(!file_exists($m_file)) | ||||
{ | { | ||||
@@ -64,7 +65,7 @@ else if($dopost=='makeold') | |||||
//清除全部的指定模板 | //清除全部的指定模板 | ||||
else if($dopost=='clearold') | else if($dopost=='clearold') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$dsql->ExecuteNoneQuery(" Update `#@__addonarticle` set templet='' "); | $dsql->ExecuteNoneQuery(" Update `#@__addonarticle` set templet='' "); | ||||
$dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` "); | $dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` "); | ||||
AjaxHead(); | AjaxHead(); | ||||
@@ -5,9 +5,10 @@ | |||||
* | * | ||||
* @version $Id: media_add.php 2 15:25 2011-6-2 tianya $ | * @version $Id: media_add.php 2 15:25 2011-6-2 tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require_once(dirname(__FILE__) . "/config.php"); | require_once(dirname(__FILE__) . "/config.php"); | ||||
@@ -16,7 +17,7 @@ if (empty($dopost)) $dopost = ""; | |||||
//上传 | //上传 | ||||
if ($dopost == "upload") { | if ($dopost == "upload") { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
require_once(DEDEINC . "/image.func.php"); | require_once(DEDEINC . "/image.func.php"); | ||||
$sparr_image = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/wbmp"); | $sparr_image = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/wbmp"); | ||||
$sparr_flash = array("application/xshockwaveflash"); | $sparr_flash = array("application/xshockwaveflash"); | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: media_edit.php 1 11:17 2010年7月19日Z tianya $ | * @version $Id: media_edit.php 1 11:17 2010年7月19日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require_once(dirname(__FILE__)."/config.php"); | require_once(dirname(__FILE__)."/config.php"); | ||||
@@ -106,7 +107,7 @@ function __save_edit() //保存更改 | |||||
else if($dopost=='save') | else if($dopost=='save') | ||||
{ | { | ||||
if($aid=="") exit(); | if($aid=="") exit(); | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
//检查是否有修改权限 | //检查是否有修改权限 | ||||
$myrow = $dsql->GetOne("SELECT * FROM #@__uploads WHERE aid='".$aid."'"); | $myrow = $dsql->GetOne("SELECT * FROM #@__uploads WHERE aid='".$aid."'"); | ||||
if($myrow['mid']!=$cuserLogin->getUserID()) | if($myrow['mid']!=$cuserLogin->getUserID()) | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: mytag_add.php 1 15:35 2010年7月20日Z tianya $ | * @version $Id: mytag_add.php 1 15:35 2010年7月20日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require(dirname(__FILE__)."/config.php"); | require(dirname(__FILE__)."/config.php"); | ||||
CheckPurview('temp_Other'); | CheckPurview('temp_Other'); | ||||
@@ -15,9 +16,9 @@ if(empty($dopost)) $dopost = ""; | |||||
if($dopost=="save") | if($dopost=="save") | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$tagname = trim($tagname); | $tagname = trim($tagname); | ||||
$row = $dsql->GetOne("SELECT typeid FROM #@__mytag WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | |||||
$row = $dsql->GetOne("SELECT typeid FROM `#@__mytag` WHERE typeid='$typeid' AND tagname LIKE '$tagname'"); | |||||
if(is_array($row)) | if(is_array($row)) | ||||
{ | { | ||||
ShowMsg("在相同栏目下已经存在同名的标记!","-1"); | ShowMsg("在相同栏目下已经存在同名的标记!","-1"); | ||||
@@ -25,7 +26,7 @@ if($dopost=="save") | |||||
} | } | ||||
$starttime = GetMkTime($starttime); | $starttime = GetMkTime($starttime); | ||||
$endtime = GetMkTime($endtime); | $endtime = GetMkTime($endtime); | ||||
$inQuery = "INSERT INTO #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody) | |||||
$inQuery = "INSERT INTO `#@__mytag`(typeid,tagname,timeset,starttime,endtime,normbody,expbody) | |||||
VALUES('$typeid','$tagname','$timeset','$starttime','$endtime','$normbody','$expbody'); "; | VALUES('$typeid','$tagname','$timeset','$starttime','$endtime','$normbody','$expbody'); "; | ||||
$dsql->ExecuteNoneQuery($inQuery); | $dsql->ExecuteNoneQuery($inQuery); | ||||
ShowMsg("成功增加一个自定义标记!","mytag_main.php"); | ShowMsg("成功增加一个自定义标记!","mytag_main.php"); | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: mytag_edit.php 1 15:37 2010年7月20日Z tianya $ | * @version $Id: mytag_edit.php 1 15:37 2010年7月20日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require(dirname(__FILE__)."/config.php"); | require(dirname(__FILE__)."/config.php"); | ||||
CheckPurview('temp_Other'); | CheckPurview('temp_Other'); | ||||
@@ -18,14 +19,13 @@ $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'mytag_main.php' : $_COOKI | |||||
if($dopost=='delete') | if($dopost=='delete') | ||||
{ | { | ||||
csrf_check(); | |||||
$dsql->ExecuteNoneQuery("DELETE FROM #@__mytag WHERE aid='$aid'"); | |||||
$dsql->ExecuteNoneQuery("DELETE FROM `#@__mytag` WHERE aid='$aid'"); | |||||
ShowMsg("成功删除一个自定义标记!",$ENV_GOBACK_URL); | ShowMsg("成功删除一个自定义标记!",$ENV_GOBACK_URL); | ||||
exit(); | exit(); | ||||
} | } | ||||
else if($dopost=="saveedit") | else if($dopost=="saveedit") | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
$starttime = GetMkTime($starttime); | $starttime = GetMkTime($starttime); | ||||
$endtime = GetMkTime($endtime); | $endtime = GetMkTime($endtime); | ||||
$query = "UPDATE `#@__mytag` | $query = "UPDATE `#@__mytag` | ||||
@@ -4,9 +4,10 @@ | |||||
* | * | ||||
* @version $Id: tpl.php 1 23:44 2010年7月20日Z tianya $ | * @version $Id: tpl.php 1 23:44 2010年7月20日Z tianya $ | ||||
* @package DedeCMS.Administrator | * @package DedeCMS.Administrator | ||||
* @copyright Copyright (c) 2007 - 2020, DesDev, Inc. | |||||
* @license http://help.dedecms.com/usersguide/license.html | |||||
* @link http://www.dedecms.com | |||||
* @copyright Copyright (c) 2007 - 2018, DesDev, Inc. | |||||
* @copyright Copyright (c) 2020, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license/v6 | |||||
* @link https://www.dedebiz.com | |||||
*/ | */ | ||||
require_once(dirname(__FILE__)."/config.php"); | require_once(dirname(__FILE__)."/config.php"); | ||||
CheckPurview('plus_文件管理器'); | CheckPurview('plus_文件管理器'); | ||||
@@ -89,7 +90,7 @@ function save_tpl() { } | |||||
--------------------------*/ | --------------------------*/ | ||||
else if($action == 'saveedit') | else if($action == 'saveedit') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
if($filename == '') | if($filename == '') | ||||
{ | { | ||||
ShowMsg('未指定要编辑的文件或文件名不合法', '-1'); | ShowMsg('未指定要编辑的文件或文件名不合法', '-1'); | ||||
@@ -168,7 +169,7 @@ function _upload() {} | |||||
-----------------------*/ | -----------------------*/ | ||||
else if ($action == 'uploadok') | else if ($action == 'uploadok') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
if( !is_uploaded_file($upfile) ) | if( !is_uploaded_file($upfile) ) | ||||
{ | { | ||||
ShowMsg("貌似你什么都没有上传哦!","javascript:;"); | ShowMsg("貌似你什么都没有上传哦!","javascript:;"); | ||||
@@ -250,7 +251,7 @@ function savetagfile() { } | |||||
--------------------------*/ | --------------------------*/ | ||||
else if($action=='savetagfile') | else if($action=='savetagfile') | ||||
{ | { | ||||
csrf_check(); | |||||
CheckCSRF(); | |||||
if(!preg_match("#^[a-z0-9_-]{1,}\.lib\.php$#i", $filename)) | if(!preg_match("#^[a-z0-9_-]{1,}\.lib\.php$#i", $filename)) | ||||
{ | { | ||||
ShowMsg('文件名不合法,不允许进行操作!', '-1'); | ShowMsg('文件名不合法,不允许进行操作!', '-1'); | ||||