后台csrf优化调整

src/dede/ad_add.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: ad_add.php 1 8:26 2010年7月12日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
  
 require(dirname(__FILE__)."/config.php");
@@ -16,7 +17,7 @@ if(empty($dopost)) $dopost = "";
 
 if($dopost=="save")
 {
-    csrf_check();
+    CheckCSRF();
     //timeset tagname typeid normbody expbody
     $tagname = trim($tagname);
     $row = $dsql->GetOne("SELECT typeid FROM #@__myad WHERE typeid='$typeid' AND tagname LIKE '$tagname'");

src/dede/ad_edit.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: ad_edit.php 1 8:26 2010年7月12日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('plus_广告管理');
@@ -53,7 +54,7 @@ else if($dopost=='testjs')
 }
 else if($dopost=='saveedit')
 {
-    csrf_check();
+    CheckCSRF();
     $starttime = GetMkTime($starttime);
     $endtime = GetMkTime($endtime);
     $query = "UPDATE `#@__myad`

src/dede/article_string_mix.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: article_string_mix.php 1 14:31 2010年7月12日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
 require_once(DEDEINC.'/oxwindow.class.php');
@@ -21,7 +22,7 @@ $m_file = DEDEDATA."/downmix.data.php";
 //保存
 if($dopost=="save")
 {
-	csrf_check();
+	CheckCSRF();
     $fp = fopen($m_file,'w');
     flock($fp,3);
     fwrite($fp,$allsource);

src/dede/article_template_rand.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: article_template_rand.php 1 14:31 2010年7月12日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__).'/config.php');
 require_once(DEDEINC.'/oxwindow.class.php');
@@ -20,7 +21,7 @@ $okmsg = '';
 //保存配置
 if($dopost=='save')
 {
-    csrf_check();
+    CheckCSRF();
     $fp = fopen($m_file,'w');
     flock($fp,3);
     fwrite($fp,$templates);
@@ -30,7 +31,7 @@ if($dopost=='save')
 //对旧文档进行随机模板处理
 else if($dopost=='makeold')
 {
-    csrf_check();
+    CheckCSRF();
     set_time_limit(3600);
     if(!file_exists($m_file))
     {
@@ -64,7 +65,7 @@ else if($dopost=='makeold')
 //清除全部的指定模板
 else if($dopost=='clearold')
 {
-    csrf_check();
+    CheckCSRF();
     $dsql->ExecuteNoneQuery(" Update `#@__addonarticle` set templet='' ");
     $dsql->ExecuteNoneQuery(" OPTIMIZE TABLE `#@__addonarticle` ");
     AjaxHead();

src/dede/media_add.php

@@ -5,9 +5,10 @@
  *
  * @version        $Id: media_add.php 2 15:25 2011-6-2 tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__) . "/config.php");
 
@@ -16,7 +17,7 @@ if (empty($dopost)) $dopost = "";
 
 //上传
 if ($dopost == "upload") {
-    csrf_check();
+    CheckCSRF();
     require_once(DEDEINC . "/image.func.php");
     $sparr_image = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/wbmp");
     $sparr_flash = array("application/xshockwaveflash");

src/dede/media_edit.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: media_edit.php 1 11:17 2010年7月19日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
 
@@ -106,7 +107,7 @@ function __save_edit() //保存更改
 else if($dopost=='save')
 {
     if($aid=="") exit();
-    csrf_check();
+    CheckCSRF();
     //检查是否有修改权限
     $myrow = $dsql->GetOne("SELECT * FROM #@__uploads WHERE aid='".$aid."'");
     if($myrow['mid']!=$cuserLogin->getUserID())

src/dede/mytag_add.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: mytag_add.php 1 15:35 2010年7月20日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('temp_Other');
@@ -15,9 +16,9 @@ if(empty($dopost)) $dopost = "";
 
 if($dopost=="save")
 {
-    csrf_check();
+    CheckCSRF();
     $tagname = trim($tagname);
-    $row = $dsql->GetOne("SELECT typeid FROM #@__mytag WHERE typeid='$typeid' AND tagname LIKE '$tagname'");
+    $row = $dsql->GetOne("SELECT typeid FROM `#@__mytag` WHERE typeid='$typeid' AND tagname LIKE '$tagname'");
     if(is_array($row))
     {
         ShowMsg("在相同栏目下已经存在同名的标记！","-1");
@@ -25,7 +26,7 @@ if($dopost=="save")
     }
     $starttime = GetMkTime($starttime);
     $endtime = GetMkTime($endtime);
-    $inQuery = "INSERT INTO #@__mytag(typeid,tagname,timeset,starttime,endtime,normbody,expbody)
+    $inQuery = "INSERT INTO `#@__mytag`(typeid,tagname,timeset,starttime,endtime,normbody,expbody)
      VALUES('$typeid','$tagname','$timeset','$starttime','$endtime','$normbody','$expbody'); ";
     $dsql->ExecuteNoneQuery($inQuery);
     ShowMsg("成功增加一个自定义标记！","mytag_main.php");

src/dede/mytag_edit.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: mytag_edit.php 1 15:37 2010年7月20日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require(dirname(__FILE__)."/config.php");
 CheckPurview('temp_Other');
@@ -18,14 +19,13 @@ $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'mytag_main.php' : $_COOKI
 
 if($dopost=='delete')
 {
-    csrf_check();
-    $dsql->ExecuteNoneQuery("DELETE FROM #@__mytag WHERE aid='$aid'");
+    $dsql->ExecuteNoneQuery("DELETE FROM `#@__mytag` WHERE aid='$aid'");
     ShowMsg("成功删除一个自定义标记！",$ENV_GOBACK_URL);
     exit();
 }
 else if($dopost=="saveedit")
 {
-    csrf_check();
+    CheckCSRF();
     $starttime = GetMkTime($starttime);
     $endtime = GetMkTime($endtime);
     $query = "UPDATE `#@__mytag`

src/dede/tpl.php

@@ -4,9 +4,10 @@
  *
  * @version        $Id: tpl.php 1 23:44 2010年7月20日Z tianya $
  * @package        DedeCMS.Administrator
- * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.
- * @license        http://help.dedecms.com/usersguide/license.html
- * @link           http://www.dedecms.com
+ * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.
+ * @copyright      Copyright (c) 2020, DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license/v6
+ * @link           https://www.dedebiz.com
  */
 require_once(dirname(__FILE__)."/config.php");
 CheckPurview('plus_文件管理器');
@@ -89,7 +90,7 @@ function save_tpl() { }
 --------------------------*/
 else if($action == 'saveedit')
 {
-    csrf_check();
+    CheckCSRF();
     if($filename == '')
     {
         ShowMsg('未指定要编辑的文件或文件名不合法', '-1');
@@ -168,7 +169,7 @@ function _upload() {}
 -----------------------*/
 else if ($action == 'uploadok')
 {
-    csrf_check();
+    CheckCSRF();
     if( !is_uploaded_file($upfile) )
     {
         ShowMsg("貌似你什么都没有上传哦！","javascript:;");
@@ -250,7 +251,7 @@ function savetagfile() { }
 --------------------------*/
 else if($action=='savetagfile')
 {
-    csrf_check();
+    CheckCSRF();
     if(!preg_match("#^[a-z0-9_-]{1,}\.lib\.php$#i", $filename))
     {
         ShowMsg('文件名不合法，不允许进行操作！', '-1');