From 848ad8b1b04712b4ab53fc4bc0c40e89772a2fe8 Mon Sep 17 00:00:00 2001
From: tianya
Date: Fri, 13 May 2022 14:21:49 +0800
Subject: [PATCH] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=A0=81=E8=B0=83=E6=95=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
src/admin/login.php | 2 +-
src/admin/templets/login.htm | 7 -------
src/apps/vdimgck.php | 7 ++++---
src/install/sql-dfdata.txt | 1 -
src/system/common.inc.php | 5 -----
src/user/album_add.php | 9 ---------
src/user/album_edit.php | 8 --------
src/user/archives_sg_add.php | 5 +++--
src/user/archives_sg_edit.php | 9 ---------
src/user/inc/archives_check.php | 15 +++++++++------
src/user/inc/archives_check_edit.php | 6 ------
src/user/index_do.php | 10 ++++------
src/user/reg_new.php | 10 ++++------
src/user/templets/album_add.htm | 8 ++++----
src/user/templets/album_edit.htm | 14 +-------------
src/user/templets/archives_add.htm | 8 ++++----
src/user/templets/archives_edit.htm | 14 +-------------
src/user/templets/archives_sg_add.htm | 8 ++++----
src/user/templets/archives_sg_edit.htm | 16 +---------------
src/user/templets/article_add.htm | 8 ++++----
src/user/templets/article_edit.htm | 14 +-------------
src/user/templets/soft_add.htm | 8 ++++----
src/user/templets/soft_edit.htm | 14 +-------------
23 files changed, 50 insertions(+), 156 deletions(-)
diff --git a/src/admin/login.php b/src/admin/login.php
index b84cd58e..879f5d86 100644
--- a/src/admin/login.php
+++ b/src/admin/login.php
@@ -40,7 +40,7 @@ $admindir = $admindirs[count($admindirs) - 1];
if ($dopost == 'login') {
$validate = empty($validate) ? '' : strtolower(trim($validate));
$svali = strtolower(GetCkVdValue());
- if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {
+ if ($validate == '' || $validate != $svali) {
ResetVdValue();
ShowMsg('验证码不正确', 'login.php', 0, 1000);
exit;
diff --git a/src/admin/templets/login.htm b/src/admin/templets/login.htm
index e8db7276..cc023e83 100644
--- a/src/admin/templets/login.htm
+++ b/src/admin/templets/login.htm
@@ -95,10 +95,6 @@
-
-
diff --git a/src/apps/vdimgck.php b/src/apps/vdimgck.php
index db823e3a..3601a10e 100755
--- a/src/apps/vdimgck.php
+++ b/src/apps/vdimgck.php
@@ -10,11 +10,12 @@
*/
require_once(dirname(__FILE__).'/../system/common.inc.php');
require_once(DEDEDATA.'/config.cache.inc.php');
+//安全提示
$config = array(
'font_size' => 20,
- 'img_height' => $safe_wheight,
- 'word_type' => (int)$safe_codetype,
- 'img_width' => $safe_wwidth,
+ 'img_height' => '36',
+ 'word_type' => 3,
+ 'img_width' => '80',
'use_boder' => TRUE,
'font_file' => DEDEINC.'/data/fonts/'.mt_rand(1, 6).'.ttf',
'wordlist_file' => DEDEINC.'/data/words/words.txt',
diff --git a/src/install/sql-dfdata.txt b/src/install/sql-dfdata.txt
index 1d8e7da1..f822a647 100755
--- a/src/install/sql-dfdata.txt
+++ b/src/install/sql-dfdata.txt
@@ -4020,7 +4020,6 @@ INSERT INTO `#@__sysconfig` VALUES
('77','cfg_mb_spacesta','会员使用权限开通状态(-10邮件验证、-1手工审核、0没限制)','4','number','-10'),
('78','cfg_mb_allowreg','是否允许新会员注册','4','bool','Y'),
('79','cfg_mb_adminlock','是否禁止访问管理员帐号的空间','4','bool','N'),
-('80','cfg_vdcode_member','是否会员投稿验证码','5','bool','Y'),
('81','cfg_mb_cktitle','是否检测会员投稿重复标题','5','bool','Y'),
('82','cfg_mb_editday','投稿多少天后不能再修改','5','number','1'),
('83','cfg_sendarc_scores','投稿可获取积分','5','number','10'),
diff --git a/src/system/common.inc.php b/src/system/common.inc.php
index f73ee676..0dedc006 100755
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -226,11 +226,6 @@ if (!isset($cfg_NotPrintHead)) {
header("Content-Type: text/html; charset={$cfg_soft_lang}");
}
}
-//安全提示
-$safe_gdopen = '1,2,3,4,5,6,7';
-$safe_codetype = '3';
-$safe_wwidth = '80';
-$safe_wheight = '36';
//自动加载类库处理
if (version_compare(PHP_VERSION, '7.2.0', '>=')) {
require_once(DEDEINC.'/autoload7.inc.php');
diff --git a/src/user/album_add.php b/src/user/album_add.php
index c592a2c5..52febe04 100755
--- a/src/user/album_add.php
+++ b/src/user/album_add.php
@@ -56,15 +56,6 @@ function _SaveArticle(){ }
------------------------------*/
else if ($dopost == 'save') {
include(DEDEMEMBER.'/inc/archives_check.php');
-
- $svali = GetCkVdValue();
- if (preg_match("/1/", $safe_gdopen)) {
- if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
- }
- }
$cInfos = $dsql->GetOne("Select * From `#@__channeltype` where id='$channelid'; ");
$maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
$pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
diff --git a/src/user/album_edit.php b/src/user/album_edit.php
index b436b7ea..7329daf6 100755
--- a/src/user/album_edit.php
+++ b/src/user/album_edit.php
@@ -59,14 +59,6 @@ if (empty($dopost)) {
function _Save(){ }
------------------------------*/
else if ($dopost == 'save') {
- $svali = GetCkVdValue();
- if (preg_match("/1/", $safe_gdopen)) {
- if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
- }
- }
$cInfos = $dsql->GetOne("Select * From `#@__channeltype` where id='$channelid'; ");
$maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
$pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
diff --git a/src/user/archives_sg_add.php b/src/user/archives_sg_add.php
index f73b829b..c44db9da 100755
--- a/src/user/archives_sg_add.php
+++ b/src/user/archives_sg_add.php
@@ -50,8 +50,9 @@ function _SaveArticle(){ }
else if ($dopost == 'save') {
include_once(DEDEINC."/image.func.php");
include_once(DEDEINC."/libraries/oxwindow.class.php");
- $svali = GetCkVdValue();
- if (preg_match("/3/", $safe_gdopen)) {
+ // 游客需要校验验证码
+ if ($cfg_ml->M_ID === 0) {
+ $svali = GetCkVdValue();
if (strtolower($vdcode) != $svali || $svali == '') {
ResetVdValue();
ShowMsg('验证码错误', '-1');
diff --git a/src/user/archives_sg_edit.php b/src/user/archives_sg_edit.php
index d0a4567d..89471ffe 100755
--- a/src/user/archives_sg_edit.php
+++ b/src/user/archives_sg_edit.php
@@ -48,15 +48,6 @@ else if ($dopost == 'save') {
$flag = '';
$typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
$userip = GetIP();
-
- $svali = GetCkVdValue();
- if (preg_match("/3/", $safe_gdopen)) {
- if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
- }
- }
if ($typeid == 0) {
ShowMsg('请指定文档隶属的栏目', '-1');
exit();
diff --git a/src/user/inc/archives_check.php b/src/user/inc/archives_check.php
index 6dff0890..a4ffb137 100755
--- a/src/user/inc/archives_check.php
+++ b/src/user/inc/archives_check.php
@@ -11,18 +11,21 @@
if (!defined('DEDEMEMBER')) exit('dedebiz');
include_once(DEDEINC.'/image.func.php');
include_once(DEDEINC.'/libraries/oxwindow.class.php');
-$svali = GetCkVdValue();
-if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
+// 游客需要校验验证码
+if ($cfg_ml->M_ID === 0) {
+ $svali = GetCkVdValue();
+ if (strtolower($vdcode) != $svali || $svali == '') {
+ ResetVdValue();
+ ShowMsg('验证码错误', '-1');
+ exit();
+ }
}
+
//校验CSRF
CheckCSRF();
$flag = '';
$autokey = $remote = $dellink = $autolitpic = 0;
$userip = GetIP();
-
if ($typeid == 0) {
ShowMsg('请指定文档隶属的栏目', '-1');
exit();
diff --git a/src/user/inc/archives_check_edit.php b/src/user/inc/archives_check_edit.php
index 4718d7f6..f79f7fc5 100755
--- a/src/user/inc/archives_check_edit.php
+++ b/src/user/inc/archives_check_edit.php
@@ -14,12 +14,6 @@ require_once(DEDEINC."/libraries/oxwindow.class.php");
$flag = '';
$typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
$userip = GetIP();
-$svali = GetCkVdValue();
-if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
-}
if ($typeid == 0) {
ShowMsg('请指定文档隶属的栏目', '-1');
exit();
diff --git a/src/user/index_do.php b/src/user/index_do.php
index 6a886c5d..79294cb3 100755
--- a/src/user/index_do.php
+++ b/src/user/index_do.php
@@ -173,12 +173,10 @@ else if ($fmdo == 'login') {
$vdcode = '';
}
$svali = GetCkVdValue();
- if (preg_match("/2/", $safe_gdopen)) {
- if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', 'index.php');
- exit();
- }
+ if (strtolower($vdcode) != $svali || $svali == '') {
+ ResetVdValue();
+ ShowMsg('验证码错误', 'index.php');
+ exit();
}
if (CheckUserID($userid, '', false) != 'ok') {
ResetVdValue();
diff --git a/src/user/reg_new.php b/src/user/reg_new.php
index 1d0a19e9..a2eb3308 100755
--- a/src/user/reg_new.php
+++ b/src/user/reg_new.php
@@ -20,12 +20,10 @@ if ($step == 1) {
}
if ($dopost == 'regbase') {
$svali = GetCkVdValue();
- if (preg_match("/1/", $safe_gdopen)) {
- if (strtolower($vdcode) != $svali || $svali == '') {
- ResetVdValue();
- ShowMsg('验证码错误', '-1');
- exit();
- }
+ if (strtolower($vdcode) != $svali || $svali == '') {
+ ResetVdValue();
+ ShowMsg('验证码错误', '-1');
+ exit();
}
$userid = $uname = trim($userid);
$pwd = trim($userpwd);
diff --git a/src/user/templets/album_add.htm b/src/user/templets/album_add.htm
index 93392f04..d19088a1 100755
--- a/src/user/templets/album_add.htm
+++ b/src/user/templets/album_add.htm
@@ -99,10 +99,10 @@
M_ID === 0){
?>
-