@@ -106,7 +106,7 @@ else if ($fmdo == "upload") { | |||||
$upfile = ${$upfile}; | $upfile = ${$upfile}; | ||||
$upfile_name = ${$upfile_name}; | $upfile_name = ${$upfile_name}; | ||||
if (is_uploaded_file($upfile)) { | if (is_uploaded_file($upfile)) { | ||||
// 检查文件类型 | |||||
//检查文件类型 | |||||
$mime = get_mime_type($upfile); | $mime = get_mime_type($upfile); | ||||
if (preg_match("#^unknow#", $mime)) { | if (preg_match("#^unknow#", $mime)) { | ||||
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); | ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1); | ||||
@@ -132,8 +132,8 @@ else if ($dopost == 'setskin') { | |||||
)); | )); | ||||
exit; | exit; | ||||
} elseif ($dopost == 'safe_mode') { | } elseif ($dopost == 'safe_mode') { | ||||
$safemsg = "当前系统环境运行模式为【安全模式】,安全模式下将无法使用后台“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能,如果您需要使用上述功能,可在`/system/common.inc.php`中,将`DEDEBIZ_SAFE_MODE`值更改为`FALSE`"; | |||||
$unsafemsg = "当前系统环境运行模式为【非安全模式】,系统中“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能使用不当会存在一定的安全风险,建议您在`/system/common.inc.php`中,将`DEDEBIZ_SAFE_MODE`值更改为`TRUE`"; | |||||
$safemsg = "当前系统环境运行模式为【安全模式】,安全模式下将无法使用后台“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能,如果您需要使用上述功能,可在`/system/common.inc.php`中,将`DEDEBIZ_SAFE_MODE`后面值TRUE更改为FALSE"; | |||||
$unsafemsg = "当前系统环境运行模式为【非安全模式】,系统中“模板管理”、“标签管理”、“数据库管理”、“模块管理”等功能使用不当会存在一定的安全风险,建议您在`/system/common.inc.php`中,将`DEDEBIZ_SAFE_MODE`后面值FALSE更改为TRUE"; | |||||
$modeStr = DEDEBIZ_SAFE_MODE? $safemsg : $unsafemsg; | $modeStr = DEDEBIZ_SAFE_MODE? $safemsg : $unsafemsg; | ||||
ShowMsg($modeStr, "javascript:;"); | ShowMsg($modeStr, "javascript:;"); | ||||
exit; | exit; | ||||
@@ -65,7 +65,7 @@ foreach ($dh as $file) | |||||
} | } | ||||
else if(is_dir("$inpath/$file")) | else if(is_dir("$inpath/$file")) | ||||
{ | { | ||||
if(preg_match("#^_(.*)$#i",$file)) continue; #屏蔽FrontPage扩展目录和linux隐蔽目录 | |||||
if(preg_match("#^_(.*)$#i",$file)) continue; | |||||
if(preg_match("#^\.(.*)$#i",$file)) continue; | if(preg_match("#^\.(.*)$#i",$file)) continue; | ||||
$line = "\n<tr onMouseMove=\"javascript:this.bgColor='#F8FCF1';\" onMouseOut=\"javascript:this.bgColor='#ffffff';\"> | $line = "\n<tr onMouseMove=\"javascript:this.bgColor='#F8FCF1';\" onMouseOut=\"javascript:this.bgColor='#ffffff';\"> | ||||
<td> | <td> | ||||
@@ -12,10 +12,6 @@ | |||||
<script src="../static/web/js/jquery.min.js"></script> | <script src="../static/web/js/jquery.min.js"></script> | ||||
<script src="js/frame.js"></script> | <script src="js/frame.js"></script> | ||||
<style> | <style> | ||||
.safemode { | |||||
padding: 2px 5px!important; | |||||
transform:scale(0.8); | |||||
} | |||||
#skinlist { | #skinlist { | ||||
display: block; | display: block; | ||||
height: 10px; | height: 10px; | ||||
@@ -92,9 +88,9 @@ | |||||
<span class="top_dedebiz"><a target="main" href="index_body.php"><?php echo $cfg_webname; ?>系统</a></span> | <span class="top_dedebiz"><a target="main" href="index_body.php"><?php echo $cfg_webname; ?>系统</a></span> | ||||
<span class="top_version">V<?php echo $cfg_version_detail; ?></span> | <span class="top_version">V<?php echo $cfg_version_detail; ?></span> | ||||
<?php if(DEDEBIZ_SAFE_MODE) {?> | <?php if(DEDEBIZ_SAFE_MODE) {?> | ||||
<a target="main" class="btn btn-primary btn-sm safemode" href="index_body.php?dopost=safe_mode">安全</a> | |||||
<a target="main" class="btn btn-primary btn-sm" href="index_body.php?dopost=safe_mode">安全</a> | |||||
<?php } else {?> | <?php } else {?> | ||||
<a target="main" class="btn btn-warning btn-sm safemode" href="index_body.php?dopost=safe_mode">非安全</a> | |||||
<a target="main" class="btn btn-warning btn-sm" href="index_body.php?dopost=safe_mode">非安全</a> | |||||
<?php }?> | <?php }?> | ||||
</div> | </div> | ||||
<div class="top_link"> | <div class="top_link"> | ||||
@@ -135,7 +135,7 @@ | |||||
{/dede:datalist} | {/dede:datalist} | ||||
</form> | </form> | ||||
<tr> | <tr> | ||||
<td colspan="11" bgcolor="#f8f8f8" style="padding-top:10px"> | |||||
<td bgcolor="#f8f8f8" colspan="11"> | |||||
<button type="button" onClick="ReSel();" class="btn btn-success btn-sm">反选</button> | <button type="button" onClick="ReSel();" class="btn btn-success btn-sm">反选</button> | ||||
<button type="button" onClick="DelSel();" class="btn btn-danger btn-sm">删除</button> | <button type="button" onClick="DelSel();" class="btn btn-danger btn-sm">删除</button> | ||||
<button type="button" onClick="UpSel();" class="btn btn-success btn-sm">设为已付款状态</button> | <button type="button" onClick="UpSel();" class="btn btn-success btn-sm">设为已付款状态</button> | ||||
@@ -16,7 +16,7 @@ if ($dopost == "save") { | |||||
$uptime = time(); | $uptime = time(); | ||||
$body = str_replace('"', '\\"', $body); | $body = str_replace('"', '\\"', $body); | ||||
$filename = preg_replace("#^\/#", "", $nfilename); | $filename = preg_replace("#^\/#", "", $nfilename); | ||||
if (DEDEBIZ_SAFE_MODE) $ismake = 0; // 安全模式不允许编译 | |||||
if (DEDEBIZ_SAFE_MODE) $ismake = 0; //安全模式不允许编译 | |||||
if (!preg_match('#\.htm$#i', trim($template))) { | if (!preg_match('#\.htm$#i', trim($template))) { | ||||
ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | ||||
exit(); | exit(); | ||||
@@ -17,7 +17,7 @@ if ($dopost == "saveedit") { | |||||
$uptime = time(); | $uptime = time(); | ||||
$body = str_replace('"', '\\"', $body); | $body = str_replace('"', '\\"', $body); | ||||
$filename = preg_replace("#^\/#", "", $nfilename); | $filename = preg_replace("#^\/#", "", $nfilename); | ||||
if (DEDEBIZ_SAFE_MODE) $ismake = 0; // 安全模式不允许编译 | |||||
if (DEDEBIZ_SAFE_MODE) $ismake = 0; //安全模式不允许编译 | |||||
if (!preg_match('#\.htm$#i', trim($template))) { | if (!preg_match('#\.htm$#i', trim($template))) { | ||||
ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | ShowMsg("您指定的文件名被系统禁止", "javascript:;"); | ||||
exit(); | exit(); | ||||
@@ -171,7 +171,7 @@ class TagList | |||||
$this->ParseDMFields($this->PageNo, 0); | $this->ParseDMFields($this->PageNo, 0); | ||||
} | } | ||||
$this->dtp->Display(); | $this->dtp->Display(); | ||||
// $this->Close(); | |||||
//$this->Close(); | |||||
} | } | ||||
/** | /** | ||||
* 解析模板,对固定的标记进行初始给值 | * 解析模板,对固定的标记进行初始给值 | ||||
@@ -19,7 +19,7 @@ define('ALERT_COLORS', array( | |||||
ALERT_LIGHT => array('#fefefe','#fdfdfe','#636464'), | ALERT_LIGHT => array('#fefefe','#fdfdfe','#636464'), | ||||
ALERT_DARK => array('#d3d3d4','#bcbebf','#141619'), | ALERT_DARK => array('#d3d3d4','#bcbebf','#141619'), | ||||
)); | )); | ||||
define("ALERT_TPL", '<div style="width: 98%;margin: 0 auto;"><div style="font-size:12px;margin:1rem auto;color:~color~;background:~background~;border-color:~border~;position:relative;padding:.75rem 1.25rem;border:1px solid transparent;border-radius:.2rem">~content~</div></div>'); | |||||
define("ALERT_TPL", '<div style="width:98%;margin:0 auto"><div style="font-size:12px;margin:1rem auto;color:~color~;background:~background~;border-color:~border~;position:relative;padding:.75rem 1.25rem;border:1px solid transparent;border-radius:.2rem">~content~</div></div>'); | |||||
//$content:内容 $type:alert类型 | //$content:内容 $type:alert类型 | ||||
function DedeAlert($content, $type = ALERT_PRIMARY) | function DedeAlert($content, $type = ALERT_PRIMARY) | ||||
{ | { | ||||
@@ -92,7 +92,6 @@ function get_mime_type($filename) | |||||
if (!function_exists('finfo_open')) { | if (!function_exists('finfo_open')) { | ||||
return 'unknow/octet-stream'; | return 'unknow/octet-stream'; | ||||
} | } | ||||
$finfo = finfo_open(FILEINFO_MIME_TYPE); | $finfo = finfo_open(FILEINFO_MIME_TYPE); | ||||
$mimeType = finfo_file($finfo, $filename); | $mimeType = finfo_file($finfo, $filename); | ||||
finfo_close($finfo); | finfo_close($finfo); | ||||
@@ -6,7 +6,7 @@ | |||||
* @license https://www.dedebiz.com/license | * @license https://www.dedebiz.com/license | ||||
* @link https://www.dedebiz.com | * @link https://www.dedebiz.com | ||||
*/ | */ | ||||
// V6安全模式,如果启用安全模式,后台将禁用例如:模板管理、标签管理、数据库管理等存在较高安全风险的功能 | |||||
//V6安全模式,如果启用安全模式,后台将禁用例如:模板管理、标签管理、数据库管理等存在较高安全风险的功能 | |||||
define('DEDEBIZ_SAFE_MODE', TRUE); | define('DEDEBIZ_SAFE_MODE', TRUE); | ||||
//生产环境使用`production`,如果采用`dev`模式,会有一些php的报错信息提示,便于开发调试 | //生产环境使用`production`,如果采用`dev`模式,会有一些php的报错信息提示,便于开发调试 | ||||
if (!defined('DEDE_ENVIRONMENT')) { | if (!defined('DEDE_ENVIRONMENT')) { | ||||
@@ -68,7 +68,7 @@ function GetFormItem($ctag, $admintype = 'admin') | |||||
foreach ($items as $v) { | foreach ($items as $v) { | ||||
$v = trim($v); | $v = trim($v); | ||||
if ($v != '') { | if ($v != '') { | ||||
$myformItem .= ($i == 0 ? "<div class='form-check'><label><input type='radio' name='$fieldname' class='np form-check-input' value='$v' checked> $v</label></div>" : "<div class='form-check'><label><input type='radio' name='$fieldname' class='np form-check-input' value='$v'> $v</label></div>"); | |||||
$myformItem .= ($i == 0 ? "<div class='form-check form-check-inline'><input type='radio' name='$fieldname' class='form-check-input' value='$v' checked><label class='form-check-label'>$v</label></div>" : "<div class='form-check form-check-inline'><input type='radio' name='$fieldname' class='form-check-input' value='$v'><label class='form-check-label'>'$v</label></div>"); | |||||
$i++; | $i++; | ||||
} | } | ||||
} | } | ||||
@@ -80,9 +80,9 @@ function GetFormItem($ctag, $admintype = 'admin') | |||||
$v = trim($v); | $v = trim($v); | ||||
if ($v != '') { | if ($v != '') { | ||||
if ($admintype == 'membermodel') { | if ($admintype == 'membermodel') { | ||||
$myformItem .= "<div class='form-check'><label><input type='checkbox' name='{$fieldname}[]' class='np form-check-input' value='$v'> $v</label></div>"; | |||||
$myformItem .= "<div class='form-check form-check-inline'><input type='checkbox' name='{$fieldname}[]' class='form-check-input' value='$v'><label class='form-check-label'>$v</label></div>"; | |||||
} else { | } else { | ||||
$myformItem .= "<div class='form-check'><label><input type='checkbox' name='{$fieldname}[]' class='np form-check-input' value='$v'> $v</label></div>"; | |||||
$myformItem .= "<div class='form-check form-check-inline'><input type='checkbox' name='{$fieldname}[]' class='form-check-input' value='$v'><label class='form-check-label'>$v</label></div>"; | |||||
} | } | ||||
} | } | ||||
} | } | ||||
@@ -352,7 +352,7 @@ function GetFormItemValue($ctag, $fvalue, $admintype = 'admin', $fieldname = '') | |||||
foreach ($items as $v) { | foreach ($items as $v) { | ||||
$v = trim($v); | $v = trim($v); | ||||
if ($v == '') continue; | if ($v == '') continue; | ||||
$myformItem .= ($fvalue == $v ? "<div class='form-check'><label><input type='radio' name='$fieldname' class='np form-check-input' value='$v' checked='checked' /> $v</label></div>" : "<div class='form-check'><label><input type='radio' name='$fieldname' class='np form-check-input' value='$v' /> $v</label></div>"); | |||||
$myformItem .= ($fvalue == $v ? "<div class='form-check form-check-inline'><input type='radio' name='$fieldname' class='form-check-input' value='$v' checked='checked'><label class='form-check-label'>$v</label></div>" : "<div class='form-check form-check-inline'><input type='radio' name='$fieldname' class='form-check-input' value='$v'><label class='form-check-label'>$v</label></div>"); | |||||
} | } | ||||
} | } | ||||
$innertext = $myformItem; | $innertext = $myformItem; | ||||
@@ -368,9 +368,9 @@ function GetFormItemValue($ctag, $fvalue, $admintype = 'admin', $fieldname = '') | |||||
continue; | continue; | ||||
} | } | ||||
if (in_array($v, $fvalues)) { | if (in_array($v, $fvalues)) { | ||||
$myformItem .= "<div class='form-check'><label><input type='checkbox' name='{$fieldname}[]' class='np form-check-input' value='$v' checked='checked' /> $v</label></div>"; | |||||
$myformItem .= "<div class='form-check form-check-inline'><input type='checkbox' name='{$fieldname}[]' class='form-check-input' value='$v' checked='checked'><label class='form-check-label'>$v</label></div>"; | |||||
} else { | } else { | ||||
$myformItem .= "<div class='form-check'><label><input type='checkbox' name='{$fieldname}[]' class='np form-check-input' value='$v' /> $v</label></div>"; | |||||
$myformItem .= "<div class='form-check form-check-inline'><input type='checkbox' name='{$fieldname}[]' class='form-check-input' value='$v'><label class='form-check-label'>$v</label></div>"; | |||||
} | } | ||||
} | } | ||||
} | } | ||||
@@ -123,7 +123,7 @@ class DedeSqlite | |||||
//为了防止采集等需要较长运行时间的程序超时,在运行这类程序时设置系统等待和交互时间 | //为了防止采集等需要较长运行时间的程序超时,在运行这类程序时设置系统等待和交互时间 | ||||
function SetLongLink() | function SetLongLink() | ||||
{ | { | ||||
// @mysqli_query("SET interactive_timeout=3600, wait_timeout=3600 ;", $this->linkID); | |||||
//@mysqli_query("SET interactive_timeout=3600, wait_timeout=3600 ;", $this->linkID); | |||||
} | } | ||||
//获得错误描述 | //获得错误描述 | ||||
function GetError() | function GetError() | ||||
@@ -2,15 +2,6 @@ | |||||
if (!defined('DEDEINC')) exit('dedebiz'); | if (!defined('DEDEINC')) exit('dedebiz'); | ||||
/** | /** | ||||
* 动态分页类 | * 动态分页类 | ||||
* 说明:数据量不大的数据分页,使得数据分页处理变得更加简单化 | |||||
* 使用方法: | |||||
* $dl = new DataListCP(); //初始化动态列表类 | |||||
* $dl->pagesize = 30; //设定每页显示记录数(默认25条) | |||||
* $dl->SetParameter($key,$value); //设定get字符串的变量 | |||||
* //这两句的顺序不能更换 | |||||
* $dl->SetTemplate($tplfile); //载入模板 | |||||
* $dl->SetSource($sql); //设定查询SQL | |||||
* $dl->Display(); //显示 | |||||
* | * | ||||
* @version $Id: datalistcp.class.php 3 17:02 2010年7月9日Z tianya $ | * @version $Id: datalistcp.class.php 3 17:02 2010年7月9日Z tianya $ | ||||
* @package DedeBIZ.Libraries | * @package DedeBIZ.Libraries | ||||
@@ -98,7 +98,7 @@ class DedeVote | |||||
{ | { | ||||
//省略参数 | //省略参数 | ||||
if ($lineheight == "") { | if ($lineheight == "") { | ||||
$lineheight = 24; | |||||
$lineheight = 26; | |||||
} | } | ||||
if ($tablewidth == "") { | if ($tablewidth == "") { | ||||
$tablewidth = "100%"; | $tablewidth = "100%"; | ||||
@@ -88,7 +88,7 @@ function GetEnumsForm($egroup, $evalue = 0, $formid = '', $seltitle = '') | |||||
$formid = $egroup; | $formid = $egroup; | ||||
} | } | ||||
$forms = "<select name='$formid' id='$formid' class='enumselect form-control'>\r\n"; | $forms = "<select name='$formid' id='$formid' class='enumselect form-control'>\r\n"; | ||||
$forms .= "\t<option value='0' selected='selected'>--请选择--{$seltitle}</option>\r\n"; | |||||
$forms .= "\t<option value='0' selected='selected'>请选择{$seltitle}</option>\r\n"; | |||||
foreach (${'em_'.$egroup.'s'} as $v => $n) { | foreach (${'em_'.$egroup.'s'} as $v => $n) { | ||||
$prefix = ($v > 500 && $v % 500 != 0) ? '└─ ' : ''; | $prefix = ($v > 500 && $v % 500 != 0) ? '└─ ' : ''; | ||||
if (preg_match("#\.#", $v)) $prefix = ' └── '; | if (preg_match("#\.#", $v)) $prefix = ' └── '; | ||||
@@ -23,7 +23,7 @@ if (!function_exists('GetCache')) { | |||||
global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | ||||
$key = md5($key); | $key = md5($key); | ||||
// 商业组件缓存 | |||||
//商业组件缓存 | |||||
if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | ||||
$client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | $client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | ||||
$client->appid = $cfg_bizcore_appid; | $client->appid = $cfg_bizcore_appid; | ||||
@@ -62,8 +62,7 @@ if (!function_exists('SetCache')) { | |||||
{ | { | ||||
global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | ||||
$key = md5($key); | $key = md5($key); | ||||
// 商业组件缓存 | |||||
//商业组件缓存 | |||||
if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | ||||
$client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | $client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | ||||
$client->appid = $cfg_bizcore_appid; | $client->appid = $cfg_bizcore_appid; | ||||
@@ -94,10 +93,8 @@ if (!function_exists('DelCache')) { | |||||
function DelCache($prefix, $key) | function DelCache($prefix, $key) | ||||
{ | { | ||||
global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | global $cfg_bizcore_appid, $cfg_bizcore_key, $cfg_bizcore_hostname, $cfg_bizcore_port; | ||||
$key = md5($key); | $key = md5($key); | ||||
// 商业组件缓存 | |||||
//商业组件缓存 | |||||
if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | if (!empty($cfg_bizcore_appid) && !empty($cfg_bizcore_key)) { | ||||
$client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | $client = new DedeBizClient($cfg_bizcore_hostname, $cfg_bizcore_port); | ||||
$client->appid = $cfg_bizcore_appid; | $client->appid = $cfg_bizcore_appid; | ||||
@@ -8,9 +8,7 @@ if (!defined('DEDEINC')) exit('dedebiz'); | |||||
* This source file is subject to the MIT license that is bundled | * This source file is subject to the MIT license that is bundled | ||||
* with this source code in the file LICENSE. | * with this source code in the file LICENSE. | ||||
*/ | */ | ||||
require_once(DEDEINC."/libraries/fixtures/abstractprovider.php"); | require_once(DEDEINC."/libraries/fixtures/abstractprovider.php"); | ||||
class Headers extends AbstractProvider | class Headers extends AbstractProvider | ||||
{ | { | ||||
/** | /** | ||||
@@ -19,19 +17,19 @@ class Headers extends AbstractProvider | |||||
* @var array | * @var array | ||||
*/ | */ | ||||
protected $data = array( | protected $data = array( | ||||
// The default User-Agent string. | |||||
//The default User-Agent string. | |||||
'HTTP_USER_AGENT', | 'HTTP_USER_AGENT', | ||||
// Header can occur on devices using Opera Mini. | |||||
//Header can occur on devices using Opera Mini. | |||||
'HTTP_X_OPERAMINI_PHONE_UA', | 'HTTP_X_OPERAMINI_PHONE_UA', | ||||
// Vodafone specific header: http://www.seoprinciple.com/mobile-web-community-still-angry-at-vodafone/24/ | |||||
//Vodafone specific header: http://www.seoprinciple.com/mobile-web-community-still-angry-at-vodafone/24/ | |||||
'HTTP_X_DEVICE_USER_AGENT', | 'HTTP_X_DEVICE_USER_AGENT', | ||||
'HTTP_X_ORIGINAL_USER_AGENT', | 'HTTP_X_ORIGINAL_USER_AGENT', | ||||
'HTTP_X_SKYFIRE_PHONE', | 'HTTP_X_SKYFIRE_PHONE', | ||||
'HTTP_X_BOLT_PHONE_UA', | 'HTTP_X_BOLT_PHONE_UA', | ||||
'HTTP_DEVICE_STOCK_UA', | 'HTTP_DEVICE_STOCK_UA', | ||||
'HTTP_X_UCBROWSER_DEVICE_UA', | 'HTTP_X_UCBROWSER_DEVICE_UA', | ||||
// Sometimes, bots (especially Google) use a genuine user agent, but fill this header in with their email address | |||||
//Sometimes, bots (especially Google) use a genuine user agent, but fill this header in with their email address | |||||
'HTTP_FROM', | 'HTTP_FROM', | ||||
'HTTP_X_SCANNER', // Seen in use by Netsparker | |||||
'HTTP_X_SCANNER', //Seen in use by Netsparker | |||||
); | ); | ||||
} | |||||
} |
@@ -397,7 +397,7 @@ class MemberLogin | |||||
return -1; | return -1; | ||||
} else { | } else { | ||||
if (empty($row['pwd_new']) && function_exists('password_hash')) { | if (empty($row['pwd_new']) && function_exists('password_hash')) { | ||||
// 升级密码 | |||||
//升级密码 | |||||
$newpwd = password_hash($loginpwd, PASSWORD_BCRYPT); | $newpwd = password_hash($loginpwd, PASSWORD_BCRYPT); | ||||
$inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'"; | $inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'"; | ||||
$dsql->ExecuteNoneQuery($inquery); | $dsql->ExecuteNoneQuery($inquery); | ||||
@@ -1,98 +0,0 @@ | |||||
<?php | |||||
if (!defined('DEDEINC')) exit('dedebiz'); | |||||
/** | |||||
* 网站地图(sitemap类) | |||||
* | |||||
* @version $Id: sitemap.class.php 1 15:21 2010年7月5日Z tianya $ | |||||
* @package DedeBIZ.Libraries | |||||
* @copyright Copyright (c) 2022, DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license | |||||
* @link https://www.dedebiz.com | |||||
*/ | |||||
require_once(DEDEINC."/channelunit.func.php"); | |||||
/** | |||||
* 网站地图(sitemap类) | |||||
* | |||||
* @package TypeLink | |||||
* @subpackage DedeBIZ.Libraries | |||||
* @link https://www.dedebiz.com | |||||
*/ | |||||
class SiteMap | |||||
{ | |||||
var $dsql; | |||||
var $artDir; | |||||
var $baseDir; | |||||
//php5构造函数 | |||||
function __construct() | |||||
{ | |||||
$this->idCounter = 0; | |||||
$this->artDir = $GLOBALS['cfg_arcdir']; | |||||
$this->baseDir = $GLOBALS['cfg_cmspath'].$GLOBALS['cfg_basedir']; | |||||
$this->idArrary = ""; | |||||
$this->dsql = $GLOBALS['dsql']; | |||||
} | |||||
function SiteMap() | |||||
{ | |||||
$this->__construct(); | |||||
} | |||||
//清理类 | |||||
function Close() | |||||
{ | |||||
} | |||||
/** | |||||
* 获取网站地图 | |||||
* | |||||
* @access public | |||||
* @param string $maptype 地图类型 site:站点 rss:rss | |||||
* @return string | |||||
*/ | |||||
function GetSiteMap($maptype = "site") | |||||
{ | |||||
$mapString = ""; | |||||
if ($maptype == "rss") { | |||||
$this->dsql->SetQuery("SELECT id,typedir,isdefault,defaultname,typename,ispart,namerule2,moresite,siteurl,sitepath FROM #@__arctype WHERE ishidden<>1 AND reid=0 AND ispart<>2 ORDER BY sortrank"); | |||||
} else { | |||||
$this->dsql->SetQuery("SELECT id,typedir,isdefault,defaultname,typename,ispart,namerule2,siteurl,sitepath,moresite,siteurl,sitepath FROM #@__arctype WHERE reid=0 AND ishidden<>1 ORDER BY sortrank"); | |||||
} | |||||
$this->dsql->Execute(0); | |||||
while ($row = $this->dsql->GetObject(0)) { | |||||
if ($maptype == "site") { | |||||
$typelink = GetTypeUrl($row->id, MfTypedir($row->typedir), $row->isdefault, $row->defaultname, $row->ispart, $row->namerule2, $row->moresite, $row->siteurl, $row->sitepath); | |||||
} else { | |||||
$typelink = $GLOBALS['cfg_cmsurl']."/static/rss/".$row->id.".xml"; | |||||
} | |||||
$mapString .= "<div class=\"linkbox\">\r\n<h3><a href='$typelink'>".$row->typename."</a></h3>"; | |||||
$mapString .= "\t<ul class=\"f6\">\t\t\r".$this->LogicListAllSunType($row->id, $maptype)."\t\n</ul></div>\r\n"; | |||||
} | |||||
return $mapString; | |||||
} | |||||
/** | |||||
* 获得子类目的递归调用 | |||||
* | |||||
* @access public | |||||
* @param int $id 栏目ID | |||||
* @param string $maptype 地图类型 | |||||
* @return string | |||||
*/ | |||||
function LogicListAllSunType($id, $maptype) | |||||
{ | |||||
$fid = $id; | |||||
$mapString = ""; | |||||
if ($maptype == "rss") { | |||||
$this->dsql->SetQuery("SELECT id,typedir,isdefault,defaultname,typename,ispart,namerule2,moresite,siteurl,sitepath FROM #@__arctype WHERE reid='".$id."' AND ishidden<>1 AND ispart<>2 ORDER BY sortrank"); | |||||
} else { | |||||
$this->dsql->SetQuery("SELECT id,typedir,isdefault,defaultname,typename,ispart,namerule2,moresite,siteurl,sitepath FROM #@__arctype WHERE reid='".$id."' AND ishidden<>1 ORDER BY sortrank"); | |||||
} | |||||
$this->dsql->Execute($fid); | |||||
while ($row = $this->dsql->GetObject($fid)) { | |||||
if ($maptype == "site") { | |||||
$typelink = GetTypeUrl($row->id, MfTypedir($row->typedir), $row->isdefault, $row->defaultname, $row->ispart, $row->namerule2, $row->moresite, $row->siteurl, $row->sitepath); | |||||
} else { | |||||
$typelink = $GLOBALS['cfg_cmsurl']."/static/rss/".$row->id.".xml"; | |||||
} | |||||
$mapString .= "<li><a href='$typelink'>".$row->typename."</a></li>\n\t\t"; | |||||
$mapString .= $this->LogicListAllSunType($row->id, $maptype); | |||||
} | |||||
return $mapString; | |||||
} | |||||
} |
@@ -64,14 +64,14 @@ function lib_infolink(&$ctag, &$refObj) | |||||
$fields['nativeplace'] .= " <a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$eid}&infotype={$infotype}'>{$em}</a>\r\n"; | $fields['nativeplace'] .= " <a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$eid}&infotype={$infotype}'>{$em}</a>\r\n"; | ||||
} | } | ||||
} else { | } else { | ||||
$sontype = (($nativeplace % 500 != 0) ? $nativeplace : 0); // 子集 | |||||
$toptype = (($nativeplace % 500 == 0) ? (int)$nativeplace : (int)($nativeplace - ($nativeplace % 500))); // 顶级联动分类 | |||||
$sontype = (($nativeplace % 500 != 0) ? $nativeplace : 0); //子集 | |||||
$toptype = (($nativeplace % 500 == 0) ? (int)$nativeplace : (int)($nativeplace - ($nativeplace % 500))); //顶级联动分类 | |||||
$fields['nativeplace'] = "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$toptype}&infotype={$infotype}'> {$em_nativeplaces[$toptype]}</a> >"; | $fields['nativeplace'] = "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$toptype}&infotype={$infotype}'> {$em_nativeplaces[$toptype]}</a> >"; | ||||
if ($nativeplace % 500 == 0) { | if ($nativeplace % 500 == 0) { | ||||
// 1级分类 | |||||
//1级分类 | |||||
foreach ($em_nativeplaces as $eid => $em) { | foreach ($em_nativeplaces as $eid => $em) { | ||||
if ($eid < $toptype + 1 || $eid > $toptype + 499) continue; | if ($eid < $toptype + 1 || $eid > $toptype + 499) continue; | ||||
if (is_str_float($eid)) continue; // 仅显示2级 | |||||
if (is_str_float($eid)) continue; //仅显示2级 | |||||
if ($eid == $nativeplace) { | if ($eid == $nativeplace) { | ||||
$fields['nativeplace'] .= " {$em}\r\n"; | $fields['nativeplace'] .= " {$em}\r\n"; | ||||
} else { | } else { | ||||
@@ -79,7 +79,7 @@ function lib_infolink(&$ctag, &$refObj) | |||||
} | } | ||||
} | } | ||||
} else if(!is_str_float($nativeplace)) { | } else if(!is_str_float($nativeplace)) { | ||||
// 2级分类 | |||||
//2级分类 | |||||
$fields['nativeplace'] .= "<span> {$em_nativeplaces[$sontype]}</span>"; | $fields['nativeplace'] .= "<span> {$em_nativeplaces[$sontype]}</span>"; | ||||
$i = 0; | $i = 0; | ||||
$ff = ""; | $ff = ""; | ||||
@@ -99,7 +99,7 @@ function lib_infolink(&$ctag, &$refObj) | |||||
if($i > 0) $fields['nativeplace'] .= " > "; | if($i > 0) $fields['nativeplace'] .= " > "; | ||||
$fields['nativeplace'] .= $ff; | $fields['nativeplace'] .= $ff; | ||||
} else { | } else { | ||||
// 3级分类 | |||||
//3级分类 | |||||
$t = intval($nativeplace); | $t = intval($nativeplace); | ||||
$fields['nativeplace'] .= "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$t}&infotype={$infotype}'> {$em_nativeplaces[$t]}</a> >"; | $fields['nativeplace'] .= "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$t}&infotype={$infotype}'> {$em_nativeplaces[$t]}</a> >"; | ||||
foreach ($em_nativeplaces as $eid => $em) { | foreach ($em_nativeplaces as $eid => $em) { | ||||
@@ -131,10 +131,10 @@ function lib_infolink(&$ctag, &$refObj) | |||||
$fields['infotype'] = "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&infotype={$toptype}&nativeplace={$nativeplace}'>{$em_infotypes[$toptype]}</a> > "; | $fields['infotype'] = "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&infotype={$toptype}&nativeplace={$nativeplace}'>{$em_infotypes[$toptype]}</a> > "; | ||||
if ($infotype % 500 == 0) { | if ($infotype % 500 == 0) { | ||||
// 1级分类 | |||||
//1级分类 | |||||
foreach ($em_infotypes as $eid => $em) { | foreach ($em_infotypes as $eid => $em) { | ||||
if ($eid < $toptype + 1 || $eid > $toptype + 499) continue; | if ($eid < $toptype + 1 || $eid > $toptype + 499) continue; | ||||
if (is_str_float($eid)) continue; // 仅显示2级 | |||||
if (is_str_float($eid)) continue; //仅显示2级 | |||||
if ($eid == $infotype) { | if ($eid == $infotype) { | ||||
$fields['infotype'] .= " {$em}\r\n"; | $fields['infotype'] .= " {$em}\r\n"; | ||||
} else { | } else { | ||||
@@ -142,7 +142,7 @@ function lib_infolink(&$ctag, &$refObj) | |||||
} | } | ||||
} | } | ||||
} else if(!is_str_float($infotype)) { | } else if(!is_str_float($infotype)) { | ||||
// 2级分类 | |||||
//2级分类 | |||||
$fields['infotype'] .= "<span> {$em_infotypes[$sontype]}</span>"; | $fields['infotype'] .= "<span> {$em_infotypes[$sontype]}</span>"; | ||||
$i = 0; | $i = 0; | ||||
$ff = ""; | $ff = ""; | ||||
@@ -162,7 +162,7 @@ function lib_infolink(&$ctag, &$refObj) | |||||
if($i > 0) $fields['infotype'] .= " > "; | if($i > 0) $fields['infotype'] .= " > "; | ||||
$fields['infotype'] .= $ff; | $fields['infotype'] .= $ff; | ||||
} else { | } else { | ||||
// 3级分类 | |||||
//3级分类 | |||||
$t = intval($infotype); | $t = intval($infotype); | ||||
$fields['infotype'] .= "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$nativeplace}&infotype={$t}'> {$em_infotypes[$t]}</a> >"; | $fields['infotype'] .= "<a href='{$baseurl}apps/list.php?channelid={$channelid}&tid={$typeid}&nativeplace={$nativeplace}&infotype={$t}'> {$em_infotypes[$t]}</a> >"; | ||||
foreach ($em_infotypes as $eid => $em) { | foreach ($em_infotypes as $eid => $em) { | ||||
@@ -90,7 +90,7 @@ function CheckCatalog($cid, $msg) | |||||
return TRUE; | return TRUE; | ||||
} | } | ||||
if (!in_array($cid, $admin_catalogs)) { | if (!in_array($cid, $admin_catalogs)) { | ||||
ShowMsg(" $msg <br><br><a href='javascript:history.go(-1);'>点击此返回上一页></a>", 'javascript:;'); | |||||
ShowMsg(" $msg <br><br><a href='javascript:history.go(-1);'>点击返回上一页</a>", 'javascript:;'); | |||||
exit(); | exit(); | ||||
} | } | ||||
return TRUE; | return TRUE; | ||||
@@ -224,7 +224,7 @@ class userLogin | |||||
}else { | }else { | ||||
$upsql = ""; | $upsql = ""; | ||||
if (empty($row->pwd_new) && function_exists('password_hash')) { | if (empty($row->pwd_new) && function_exists('password_hash')) { | ||||
// 升级密码 | |||||
//升级密码 | |||||
$newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT); | $newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT); | ||||
$upsql .= ",pwd='',pwd_new='{$newpwd}'"; | $upsql .= ",pwd='',pwd_new='{$newpwd}'"; | ||||
} | } | ||||
@@ -50,7 +50,7 @@ function _SaveArticle(){ } | |||||
else if ($dopost == 'save') { | else if ($dopost == 'save') { | ||||
include_once(DEDEINC."/image.func.php"); | include_once(DEDEINC."/image.func.php"); | ||||
include_once(DEDEINC."/libraries/oxwindow.class.php"); | include_once(DEDEINC."/libraries/oxwindow.class.php"); | ||||
// 游客需要校验验证码 | |||||
//游客需要校验验证码 | |||||
if ($cfg_ml->M_ID === 0) { | if ($cfg_ml->M_ID === 0) { | ||||
$svali = GetCkVdValue(); | $svali = GetCkVdValue(); | ||||
if (strtolower($vdcode) != $svali || $svali == '') { | if (strtolower($vdcode) != $svali || $svali == '') { | ||||
@@ -74,7 +74,7 @@ $query = "SELECT arc.id,arc.typeid,arc.senddate,arc.flag,arc.ismake,arc.channel, | |||||
left join `#@__channeltype` ch on ch.id=arc.channel | left join `#@__channeltype` ch on ch.id=arc.channel | ||||
$whereSql order by arc.senddate desc "; | $whereSql order by arc.senddate desc "; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetParameter("dopost", "listArchives"); | $dlist->SetParameter("dopost", "listArchives"); | ||||
$dlist->SetParameter("keyword", $keyword); | $dlist->SetParameter("keyword", $keyword); | ||||
$dlist->SetParameter("cid", $cid); | $dlist->SetParameter("cid", $cid); | ||||
@@ -61,7 +61,7 @@ $query = "SELECT arc.aid,arc.aid as id,arc.typeid,arc.senddate,arc.channel,arc.c | |||||
$whereSql | $whereSql | ||||
ORDER BY arc.aid desc "; | ORDER BY arc.aid desc "; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetParameter("dopost", "listArchives"); | $dlist->SetParameter("dopost", "listArchives"); | ||||
$dlist->SetParameter("keyword", $keyword); | $dlist->SetParameter("keyword", $keyword); | ||||
$dlist->SetParameter("cid", $cid); | $dlist->SetParameter("cid", $cid); | ||||
@@ -11,7 +11,7 @@ | |||||
if (!defined('DEDEMEMBER')) exit('dedebiz'); | if (!defined('DEDEMEMBER')) exit('dedebiz'); | ||||
include_once(DEDEINC.'/image.func.php'); | include_once(DEDEINC.'/image.func.php'); | ||||
include_once(DEDEINC.'/libraries/oxwindow.class.php'); | include_once(DEDEINC.'/libraries/oxwindow.class.php'); | ||||
// 游客需要校验验证码 | |||||
//游客需要校验验证码 | |||||
if ($cfg_ml->M_ID === 0) { | if ($cfg_ml->M_ID === 0) { | ||||
$svali = GetCkVdValue(); | $svali = GetCkVdValue(); | ||||
if (strtolower($vdcode) != $svali || $svali == '') { | if (strtolower($vdcode) != $svali || $svali == '') { | ||||
@@ -18,7 +18,7 @@ if (!isset($dopost)) $dopost = ''; | |||||
if ($dopost == '') { | if ($dopost == '') { | ||||
$query = "SELECT * FROM `#@__member_operation` WHERE mid='".$cfg_ml->M_ID."' And product='archive' order by aid desc"; | $query = "SELECT * FROM `#@__member_operation` WHERE mid='".$cfg_ml->M_ID."' And product='archive' order by aid desc"; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetTemplate(DEDEMEMBER.'/templets/mypay.htm'); | $dlist->SetTemplate(DEDEMEMBER.'/templets/mypay.htm'); | ||||
$dlist->SetSource($query); | $dlist->SetSource($query); | ||||
$dlist->Display(); | $dlist->Display(); | ||||
@@ -28,7 +28,7 @@ while ($row = $dsql->GetArray('nn')) { | |||||
$rows[] = $row; | $rows[] = $row; | ||||
} | } | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetTemplate(DEDEMEMBER."/templets/mystow.htm"); | $dlist->SetTemplate(DEDEMEMBER."/templets/mystow.htm"); | ||||
$dlist->SetSource($sql); | $dlist->SetSource($sql); | ||||
$dlist->Display(); | $dlist->Display(); |
@@ -30,7 +30,7 @@ function GetSta($sta) | |||||
if ($dopost == '') { | if ($dopost == '') { | ||||
$sql = "SELECT * FROM `#@__member_operation` WHERE mid='".$cfg_ml->M_ID."' AND product<>'archive' ORDER BY aid DESC"; | $sql = "SELECT * FROM `#@__member_operation` WHERE mid='".$cfg_ml->M_ID."' AND product<>'archive' ORDER BY aid DESC"; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetTemplate(DEDEMEMBER."/templets/operation.htm"); | $dlist->SetTemplate(DEDEMEMBER."/templets/operation.htm"); | ||||
$dlist->SetSource($sql); | $dlist->SetSource($sql); | ||||
$dlist->Display(); | $dlist->Display(); | ||||
@@ -90,7 +90,7 @@ else { | |||||
} | } | ||||
$query = "SELECT * FROM `#@__member_pms` WHERE $wsql ORDER BY sendtime DESC"; | $query = "SELECT * FROM `#@__member_pms` WHERE $wsql ORDER BY sendtime DESC"; | ||||
$dlist = new DataListCP(); | $dlist = new DataListCP(); | ||||
$dlist->pagesize = 30; | |||||
$dlist->pagesize = 10; | |||||
$dlist->SetParameter("dopost", $dopost); | $dlist->SetParameter("dopost", $dopost); | ||||
$dlist->SetTemplate(DEDEMEMBER.'/templets/pm-main.htm'); | $dlist->SetTemplate(DEDEMEMBER.'/templets/pm-main.htm'); | ||||
$dlist->SetSource($query); | $dlist->SetSource($query); | ||||
@@ -38,7 +38,7 @@ function GetSta($sta, $oid) | |||||
if ($dopost == '') { | if ($dopost == '') { | ||||
$sql = "SELECT * FROM `#@__shops_orders` WHERE userid='".$cfg_ml->M_ID."' ORDER BY stime DESC"; | $sql = "SELECT * FROM `#@__shops_orders` WHERE userid='".$cfg_ml->M_ID."' ORDER BY stime DESC"; | ||||
$dl = new DataListCP(); | $dl = new DataListCP(); | ||||
$dl->pagesize = 30; | |||||
$dl->pagesize = 10; | |||||
//这两句的顺序不能更换 | //这两句的顺序不能更换 | ||||
$dl->SetTemplate(dirname(__FILE__)."/templets/shops_orders.htm"); //载入模板 | $dl->SetTemplate(dirname(__FILE__)."/templets/shops_orders.htm"); //载入模板 | ||||
$dl->SetSource($sql); //设定查询SQL | $dl->SetSource($sql); //设定查询SQL | ||||
@@ -44,7 +44,7 @@ if ($dopost == '') { | |||||
} | } | ||||
$sql = "SELECT * FROM `#@__shops_products` WHERE userid='".$cfg_ml->M_ID."' $addsql ORDER BY aid ASC"; | $sql = "SELECT * FROM `#@__shops_products` WHERE userid='".$cfg_ml->M_ID."' $addsql ORDER BY aid ASC"; | ||||
$dl = new DataListCP(); | $dl = new DataListCP(); | ||||
$dl->pagesize = 30; | |||||
$dl->pagesize = 10; | |||||
if (!empty($oid)) $dl->SetParameter('oid', $oid); | if (!empty($oid)) $dl->SetParameter('oid', $oid); | ||||
//这两句的顺序不能更换 | //这两句的顺序不能更换 | ||||
$dl->SetTemplate(dirname(__FILE__)."/templets/shops_products.htm"); //载入模板 | $dl->SetTemplate(dirname(__FILE__)."/templets/shops_products.htm"); //载入模板 | ||||