From 8f39805341bd3e90f195c012e9f56137c29d6157 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Thu, 27 Apr 2023 22:42:31 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=9A=E5=91=98=E4=B8=AD=E5=BF=83=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8A=E4=BC=A0=E5=AE=8C=E5=96=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/static/web/js/user.album.js     |  2 +-
 src/static/web/js/user.js           | 16 ++++++++++++++--
 src/system/inc/inc_fun_funAdmin.php |  3 +++
 src/user/album_add.php              |  2 +-
 src/user/album_edit.php             |  3 ++-
 src/user/api.php                    | 22 ++++++++++++++--------
 src/user/config.php                 |  1 +
 src/user/soft_edit.php              |  4 ++--
 src/user/templets/album_add.htm     |  1 +
 src/user/templets/album_edit.htm    |  5 +++--
 src/user/templets/soft_add.htm      |  5 +++--
 src/user/templets/soft_edit.htm     |  5 +++--
 12 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/src/static/web/js/user.album.js b/src/static/web/js/user.album.js
index 9b683978..ee185462 100644
--- a/src/static/web/js/user.album.js
+++ b/src/static/web/js/user.album.js
@@ -39,7 +39,7 @@ function MakeUpload(mnum) {
 		}
 		fhtml = "";
 		fhtml += "<div class='mb-3'><label class='mb-0'><input type='checkbox' name='isokcheck" + startNum + "' id='isokcheck" + startNum + "' value='1' "+dsel+" onClick='CheckSelTable(" + startNum + ")'> 显示图片" + startNum + "上传框</label></div>";
-		fhtml += "<div id=\"seltb" + startNum + "\" class='form-group' style=\"" + dplay + "\"><label>图片" + startNum + "上传：</label><div class='input-group mb-3'><input type='text' name='imgfile" + startNum + "' class='form-control' placeholder='请输入网址'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>图片" + startNum + "简介：</label><textarea name='imgmsg" + startNum + "' class='form-control'></textarea></div>";
+		fhtml += "<div id=\"seltb" + startNum + "\" class='form-group' style=\"" + dplay + "\"><label>图片" + startNum + "上传：</label><div class='input-group mb-3'><input type='text' name='imgfile" + startNum + "' class='form-control' placeholder='请输入网址'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectImage('addcontent.imgfile" + startNum + "', 'big')\">选择</span></div></div><label>图片" + startNum + "简介：</label><textarea name='imgmsg" + startNum + "' class='form-control'></textarea></div>";
 		upfield.innerHTML += fhtml;
 	}
 }
diff --git a/src/static/web/js/user.js b/src/static/web/js/user.js
index b279aa7d..6ba8f3f8 100644
--- a/src/static/web/js/user.js
+++ b/src/static/web/js/user.js
@@ -9,7 +9,7 @@ function checkSubmit(t) {
         return false;
     }
 }
-function SelectImage(sform, stype) {
+function SelectFile(sform, stype) {
     let s = sform.split(".");
     if (s.length === 2) {
         let frm = document.getElementsByName(s[0]);
@@ -28,7 +28,7 @@ function SelectImage(sform, stype) {
             var fileData = f;
             formData.append('file', fileData);
             $.ajax({
-                url: 'api.php?action=upload&type=litpic',
+                url: 'api.php?action=upload&type='+stype,
                 type: 'POST',
                 data: formData,
                 processData: false,
@@ -46,4 +46,16 @@ function SelectImage(sform, stype) {
             });
         })
     }
+}
+function SelectImage(sform, stype) {
+    if (stype == 'big') {
+        stype = "litpic";
+    }
+    SelectFile(sform, stype);
+}
+function SelectSoft(sform, stype='soft') {
+    SelectFile(sform, stype);
+}
+function SelectMedia(sform, stype='media') {
+    SelectFile(sform, stype);
 }
\ No newline at end of file
diff --git a/src/system/inc/inc_fun_funAdmin.php b/src/system/inc/inc_fun_funAdmin.php
index 423ec1d9..e86f749b 100755
--- a/src/system/inc/inc_fun_funAdmin.php
+++ b/src/system/inc/inc_fun_funAdmin.php
@@ -152,6 +152,9 @@ function SpGetEditor($fname, $fvalue, $nheight = "350", $etype = "Basic", $gtype
             }
             $addConfig = ",{allowedContent:true,pasteFilter:null,filebrowserImageUploadUrl:'./dialog/select_images_post.php',filebrowserUploadUrl:'./dialog/select_media_post.php?ck=1',extraPlugins:'html5video,dedepagebreak,ddfilebrowser,mimage,textindent,codesnippet{$emoji}',codeSnippet_theme: 'default'}";
         }
+        if (defined('DEDEUSER')) {
+            $addConfig = ",{filebrowserImageUploadUrl:'api.php?action=upload&type=litpic&ck=1',filebrowserUploadUrl:'api.php?action=upload&type=media&ck=1',extraPlugins:'html5video,textindent'}";
+        }
         $code = <<<EOT
 <script src="{$GLOBALS['cfg_static_dir']}/ckeditor/ckeditor.js"></script>
 <textarea id="{$fname}" name="{$fname}" rows="8" cols="60">{$fvalue}</textarea>
diff --git a/src/user/album_add.php b/src/user/album_add.php
index bce1a1f0..da565f60 100755
--- a/src/user/album_add.php
+++ b/src/user/album_add.php
@@ -71,7 +71,7 @@ if (empty($dopost)) {
         }
         $f = ${'imgfile'.$i};
         $msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : "";
-        if (!empty($f) && filter_var($f, FILTER_VALIDATE_URL)) {
+        if (!empty($f)) {
             $u = str_replace(array("\"", "'"), "`", $f);
             $info = str_replace(array("\"", "'"), "`", $msg);
             $imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n";
diff --git a/src/user/album_edit.php b/src/user/album_edit.php
index 898e7ea3..2d93f6a7 100755
--- a/src/user/album_edit.php
+++ b/src/user/album_edit.php
@@ -74,12 +74,13 @@ if (empty($dopost)) {
         }
         $f = ${'imgfile'.$i};
         $msg = isset(${'imgmsg'.$i}) ? ${'imgmsg'.$i} : "";
-        if (!empty($f) && filter_var($f, FILTER_VALIDATE_URL)) {
+        if (!empty($f)) {
             $u = str_replace(array("\"", "'"), "`", $f);
             $info = str_replace(array("\"", "'"), "`", $msg);
             $imgurls .= "{dede:img ddimg='' text='$info'} $u {/dede:img}\r\n";
         }
     } //循环结束
+    // var_dump($imgurls);exit;
     $imgurls = addslashes($imgurls);
     //分析处理附加表数据
     $inadd_f = '';
diff --git a/src/user/api.php b/src/user/api.php
index 93b40ebb..4cee41ca 100755
--- a/src/user/api.php
+++ b/src/user/api.php
@@ -98,7 +98,9 @@ if ($action === 'is_need_check_code') {
         ));
         exit;
     }
-    $uploadedFile = $_FILES['file']['tmp_name'];
+
+    $ff = isset($_FILES['file'])? $_FILES['file'] : $_FILES['imgfile'];
+    $uploadedFile = $ff['tmp_name'];
     $fileType = mime_content_type($uploadedFile);
     if (!in_array($fileType, $allowedTypes)) {
         echo json_encode(array(
@@ -137,7 +139,7 @@ if ($action === 'is_need_check_code') {
         $nowtme = time();
         $rnd = $nowtme.'-'.mt_rand(1000,9999);
         $target_file = $cfg_basedir.$cfg_user_dir."/{$cfg_ml->M_ID}/".$rnd.".".$exts;
-        $fsize = filesize($_FILES["file"]["tmp_name"]);
+        $fsize = filesize($ff["tmp_name"]);
         $target_url = $cfg_mediasurl.'/userup'."/{$cfg_ml->M_ID}/".$rnd.".".$exts;
         $row = $dsql->GetOne("SELECT aid,title,url FROM `#@__uploads` WHERE url LIKE '$target_url' AND mid='".$cfg_ml->M_ID."'; ");
         $uptime = time();
@@ -149,7 +151,9 @@ if ($action === 'is_need_check_code') {
             $dsql->ExecuteNoneQuery($inquery);
         }
     }
-    if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {
+    $rkey = $ck == 1? "url" : "data";
+    
+    if (move_uploaded_file($ff["tmp_name"], $target_file)) {
         if ($mediatype === 1) {
             //图片自动裁剪
             require_once DEDEINC."/libraries/imageresize.class.php";
@@ -163,28 +167,30 @@ if ($action === 'is_need_check_code') {
                 $image->save($target_file);
                 echo json_encode(array(
                     "code" => 0,
+                    "uploaded" => 1,
                     "msg" => "上传成功",
-                    "data" => $target_url,
+                    $rkey => $target_url,
                 ));
             } catch (ImageResizeException $e) {
                 echo json_encode(array(
                     "code" => -1,
                     "msg" => "图片自动裁剪失败",
-                    "data" => null,
+                    $rkey => null,
                 ));
             }
         } else {
             echo json_encode(array(
                 "code" => 0,
+                "uploaded" => 1,
                 "msg" => "上传成功",
-                "data" => $target_url,
+                $rkey => $target_url,
             ));
         }
     } else {
         echo json_encode(array(
             "code" => -1,
             "msg" => "上传失败",
-            "data" => null,
+            $rkey => null,
         ));
     }
 } else {
@@ -194,7 +200,7 @@ if ($action === 'is_need_check_code') {
             echo json_encode(array(
                 "code" => -1,
                 "msg" => "未登录",
-                "data" => null,
+                $rkey => null,
             ));
         } else {
             echo "";
diff --git a/src/user/config.php b/src/user/config.php
index 0a58ea99..8bdde811 100755
--- a/src/user/config.php
+++ b/src/user/config.php
@@ -8,6 +8,7 @@
  * @license        https://www.dedebiz.com/license
  * @link           https://www.dedebiz.com
  */
+define('DEDEUSER', true);
 //针对会员中心操作进行XSS过滤
 function XSSClean($val)
 {
diff --git a/src/user/soft_edit.php b/src/user/soft_edit.php
index cc6a68a0..3efe6e6e 100755
--- a/src/user/soft_edit.php
+++ b/src/user/soft_edit.php
@@ -50,8 +50,8 @@ if (empty($dopost)) {
         if (is_array($dtp->CTags)) {
             foreach ($dtp->CTags as $ctag) {
                 if ($ctag->GetName() == 'link') {
-                    $nForm .= "<p>软件地址".$newRowStart."：<input type='text' name='softurl".$newRowStart."' value='".trim($ctag->GetInnerText())."' class='form-control'></p>
-                    <p>服务器名称：<input type='text' name='servermsg".$newRowStart."' value='".$ctag->GetAtt("text")."' class='form-control'></p>";
+                    $nForm .= "<div class='form-group'><label>下载地址".$newRowStart."：</label><div class='input-group mb-3'><input type='text' name='softurl".$newRowStart."' value='".trim($ctag->GetInnerText())."' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl".$newRowStart."')\">选择</span></div></div>
+                    <label>下载名称：</label><input type='text' name='servermsg".$newRowStart."' value='".$ctag->GetAtt("text")."' class='form-control'></div>";
                     $newRowStart++;
                 }
             }
diff --git a/src/user/templets/album_add.htm b/src/user/templets/album_add.htm
index 6ccdee93..64e76364 100755
--- a/src/user/templets/album_add.htm
+++ b/src/user/templets/album_add.htm
@@ -8,6 +8,7 @@
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
+		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script>
 	</head>
 	<body class="body-bg">
diff --git a/src/user/templets/album_edit.htm b/src/user/templets/album_edit.htm
index 12691e4e..7da38344 100755
--- a/src/user/templets/album_edit.htm
+++ b/src/user/templets/album_edit.htm
@@ -8,6 +8,7 @@
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
+		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.album.js"></script>
 	</head>
 	<body class="body-bg">
@@ -102,8 +103,8 @@
 								<div class="mb-3"><img src="<?php echo trim($ctag->GetInnerText());?>" class="thumbnail-md"></div>
 								<label>图片<?php echo $j;?>上传：</label>
 								<div class="input-group mb-3">
-									<input type="text" name="imgfile<?php echo $j;?>" class="form-control" placeholder="请输入网址">
-									<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
+									<input type="text" name="imgfile<?php echo $j;?>" class="form-control" value="<?php echo trim($ctag->GetInnerText());?>" placeholder="请输入网址">
+									<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectImage('addcontent.imgfile<?php echo $j;?>', 'big')">选择</span></div>
 								</div>
 								<label>图片<?php echo $j;?>简介：</label>
 								<textarea name="imgmsg<?php echo $j;?>" class="form-control"><?php echo trim($ctag->GetAtt('text'))?></textarea>
diff --git a/src/user/templets/soft_add.htm b/src/user/templets/soft_add.htm
index 0d269601..adfb4b69 100755
--- a/src/user/templets/soft_add.htm
+++ b/src/user/templets/soft_add.htm
@@ -8,6 +8,7 @@
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
+		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
 	</head>
 	<body class="body-bg">
 		<?php pasterTempletDiy('top.htm');?>
@@ -159,7 +160,7 @@
 								<label>下载地址：</label>
 								<div class="input-group mb-3">
 									<input type="text" name="softurl1" id="softurl1" class="form-control d-inline-block w-75">
-									<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
+									<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectSoft('addcontent.softurl1')">选择</span></div>
 								</div>
 								<label>下载名称：</label>
 								<input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载">
@@ -192,7 +193,7 @@
 				morelinkobj.style.display = "block";
 				if (endNum > 12) endNum = 12;
 				for (startNum; startNum <= endNum; startNum++) {
-					upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + "：</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>下载名称" + startNum + "：</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
+					upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + "：</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl"+startNum+"')\">选择</span></div></div><label>下载名称" + startNum + "：</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
 				}
 			}
 			function ShowHideAddr() {
diff --git a/src/user/templets/soft_edit.htm b/src/user/templets/soft_edit.htm
index 94fafa7c..7af1b82c 100755
--- a/src/user/templets/soft_edit.htm
+++ b/src/user/templets/soft_edit.htm
@@ -8,6 +8,7 @@
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/bootstrap.min.css">
 		<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css">
 		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script>
+		<script src="<?php echo $cfg_cmsurl;?>/static/web/js/user.js"></script>
 	</head>
 	<body class="body-bg">
 		<?php pasterTempletDiy('top.htm');?>
@@ -162,7 +163,7 @@
 								<label>下载地址：</label>
 								<div class="input-group mb-3">
 									<input type="text" name="softurl1" id="softurl1" class="form-control w-50">
-									<div class="input-group-append"><span class="btn btn-success btn-send">选择</span></div>
+									<div class="input-group-append"><span class="btn btn-success btn-send" onClick="SelectSoft('addcontent.softurl1')">选择</span></div>
 								</div>
 								<label>下载名称：</label>
 								<input type="text" name="servermsg1" id="servermsg1" class="form-control" value="本地下载">
@@ -198,7 +199,7 @@
 				morelinkobj.style.display = "block";
 				if (endNum > 12) endNum = 12;
 				for (startNum; startNum <= endNum; startNum++) {
-					upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + "：</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send'>选择</span></div></div><label>下载名称" + startNum + "：</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
+					upfield.innerHTML += "<div class='form-group'><label>下载地址" + startNum + "：</label><div class='input-group mb-3'><input type='text' name='softurl" + startNum + "' value='http://' class='form-control'><div class='input-group-append'><span class='btn btn-success btn-send' onClick=\"SelectSoft('addcontent.softurl"+startNum+"')\">选择</span></div></div><label>下载名称" + startNum + "：</label><input type='text' name='servermsg" + startNum + "' class='form-control'></div>";
 				}
 			}
 			function ShowHideAddr() {
