diff --git a/src/dede/article_add.php b/src/dede/article_add.php index 840ce86c..b1216792 100755 --- a/src/dede/article_add.php +++ b/src/dede/article_add.php @@ -207,7 +207,7 @@ else if($dopost=='save') color,writer,source,litpic,pubdate,senddate,mid,voteid,notpost,description,keywords,filename,dutyadmin,weight) VALUES ('$arcID','$typeid','$typeid2','$sortrank','$flag','$ismake','$channelid','$arcrank','$click','$money', '$title','$shorttitle','$color','$writer','$source','$litpic','$pubdate','$senddate', - '$adminid','$voteid','$notpost','$description','$keywords','$filename','$adminid','$weight');"; + '$adminid','0','$notpost','$description','$keywords','$filename','$adminid','$weight');"; if(!$dsql->ExecuteNoneQuery($query)) { diff --git a/src/dede/login.php b/src/dede/login.php index a5542740..f485c080 100755 --- a/src/dede/login.php +++ b/src/dede/login.php @@ -11,6 +11,7 @@ require_once(dirname(__FILE__).'/../include/common.inc.php'); require_once(DEDEINC.'/userlogin.class.php'); if(empty($dopost)) $dopost = ''; +if(empty($gotopage)) $gotopage = ''; $gotopage = RemoveXSS($gotopage); diff --git a/src/include/arc.archives.class.php b/src/include/arc.archives.class.php index 705f1b34..fec810eb 100755 --- a/src/include/arc.archives.class.php +++ b/src/include/arc.archives.class.php @@ -282,7 +282,7 @@ class Archives { if($this->Fields['litpic'] == '-' || $this->Fields['litpic'] == '') { - $this->Fields['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $this->Fields['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $this->Fields['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.caicai.class.php b/src/include/arc.caicai.class.php index 4e6ee56a..d66ac69e 100755 --- a/src/include/arc.caicai.class.php +++ b/src/include/arc.caicai.class.php @@ -190,7 +190,7 @@ class Caicai extends DataListCP $arr['typeurl'] = GetTypeUrl($arr['typeid'], MfTypedir($arr['typedir']), $arr['isdefault'], $arr['defaultname'], $arr['ispart'], $arr['namerule2'], $arr['moresite'], $arr['siteurl'], $arr['sitepath']); - if($arr['litpic']=='') $arr['litpic'] = '/images/defaultpic.gif'; + if($arr['litpic']=='') $arr['litpic'] = '/static/defaultpic.gif'; if(!preg_match("#^http:\/\/#", $arr['litpic'])) { diff --git a/src/include/arc.freelist.class.php b/src/include/arc.freelist.class.php index 5ec40d78..841899c5 100755 --- a/src/include/arc.freelist.class.php +++ b/src/include/arc.freelist.class.php @@ -672,7 +672,7 @@ class FreeList if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.listview.class.php b/src/include/arc.listview.class.php index 271f7181..8b0d0409 100755 --- a/src/include/arc.listview.class.php +++ b/src/include/arc.listview.class.php @@ -891,7 +891,7 @@ class ListView $row['ispart'],$row['namerule2'],$row['moresite'],$row['siteurl'],$row['sitepath']); if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.memberlistview.class.php b/src/include/arc.memberlistview.class.php index d7356dff..f2e14796 100755 --- a/src/include/arc.memberlistview.class.php +++ b/src/include/arc.memberlistview.class.php @@ -230,7 +230,7 @@ class MemberListview $row['namerule2'],$row['moresite'],$row['siteurl'],$row['sitepath']); if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.rssview.class.php b/src/include/arc.rssview.class.php index ef9226d6..8de609c3 100755 --- a/src/include/arc.rssview.class.php +++ b/src/include/arc.rssview.class.php @@ -171,7 +171,7 @@ class RssView //处理一些特殊字段 if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.searchview.class.php b/src/include/arc.searchview.class.php index 7a201b9d..631ab255 100755 --- a/src/include/arc.searchview.class.php +++ b/src/include/arc.searchview.class.php @@ -737,7 +737,7 @@ class SearchView $row["id"] = $row["id"]; if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.sglistview.class.php b/src/include/arc.sglistview.class.php index c0efab84..58723c41 100755 --- a/src/include/arc.sglistview.class.php +++ b/src/include/arc.sglistview.class.php @@ -786,7 +786,7 @@ class SgListView $row['ispart'],$row['namerule2'],$row['moresite'],$row['siteurl'],$row['sitepath']); if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.specview.class.php b/src/include/arc.specview.class.php index 9bf99d1d..a9d11d8d 100755 --- a/src/include/arc.specview.class.php +++ b/src/include/arc.specview.class.php @@ -436,7 +436,7 @@ class SpecView $row["id"] = $row["id"]; if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/arc.taglist.class.php b/src/include/arc.taglist.class.php index ff9df365..2f1fba96 100755 --- a/src/include/arc.taglist.class.php +++ b/src/include/arc.taglist.class.php @@ -363,7 +363,7 @@ class TagList $row['ispart'],$row['namerule2'],$row['moresite'],$row['siteurl'],$row['sitepath']); if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("/^http:\/\//", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/common.inc.php b/src/include/common.inc.php index 4349c3c8..c3e5b703 100755 --- a/src/include/common.inc.php +++ b/src/include/common.inc.php @@ -64,7 +64,7 @@ if(function_exists('iconv_substr')) $cfg_is_iconv = TRUE; function _RunMagicQuotes(&$svar) { - if(!get_magic_quotes_gpc()) + if(!@get_magic_quotes_gpc()) { if( is_array($svar) ) { diff --git a/src/include/dedehttpdown.class.php b/src/include/dedehttpdown.class.php index 566cb125..f391af9d 100755 --- a/src/include/dedehttpdown.class.php +++ b/src/include/dedehttpdown.class.php @@ -1,4 +1,4 @@ -m_url = $url; - if(is_array($urls)) - { + if (is_array($urls)) { $this->m_host = $urls["host"]; - if(!empty($urls["scheme"])) - { + if (!empty($urls["scheme"])) { $this->m_scheme = $urls["scheme"]; } - if(!empty($urls["user"])) - { + if (!empty($urls["user"])) { $this->m_user = $urls["user"]; } - if(!empty($urls["pass"])) - { + if (!empty($urls["pass"])) { $this->m_pass = $urls["pass"]; } - if(!empty($urls["port"])) - { + if (!empty($urls["port"])) { $this->m_port = $urls["port"]; } - if(!empty($urls["path"])) - { + if (!empty($urls["path"])) { $this->m_path = $urls["path"]; } $this->m_urlpath = $this->m_path; - if(!empty($urls["query"])) - { + if (!empty($urls["query"])) { $this->m_query = $urls["query"]; - $this->m_urlpath .= "?".$this->m_query; + $this->m_urlpath .= "?" . $this->m_query; } $this->HomeUrl = $urls["host"]; - $this->BaseUrlPath = $this->HomeUrl.$urls["path"]; - $this->BaseUrlPath = preg_replace("/\/([^\/]*)\.(.*)$/","/",$this->BaseUrlPath); - $this->BaseUrlPath = preg_replace("/\/$/","",$this->BaseUrlPath); + $this->BaseUrlPath = $this->HomeUrl . $urls["path"]; + $this->BaseUrlPath = preg_replace("/\/([^\/]*)\.(.*)$/", "/", $this->BaseUrlPath); + $this->BaseUrlPath = preg_replace("/\/$/", "", $this->BaseUrlPath); } } @@ -114,11 +107,11 @@ class DedeHttpDown * @param string $requestType 请求类型 * @return string */ - function OpenUrl($url,$requestType="GET") + function OpenUrl($url, $requestType = "GET") { $this->ResetAny(); $this->JumpCount = 0; - $this->m_httphead = Array() ; + $this->m_httphead = array(); $this->m_html = ''; $this->reTry = 0; $this->Close(); @@ -139,7 +132,7 @@ class DedeHttpDown { $this->ResetAny(); $this->JumpCount++; - $this->m_httphead = Array() ; + $this->m_httphead = array(); $this->m_html = ""; $this->Close(); @@ -156,9 +149,11 @@ class DedeHttpDown */ function printError() { - echo "错误信息:".$this->m_error; + echo "错误信息:" . $this->m_error; echo "
具体返回头:
"; - foreach($this->m_httphead as $k=>$v){ echo "$k => $v
\r\n"; } + foreach ($this->m_httphead as $k => $v) { + echo "$k => $v
\r\n"; + } } /** @@ -169,13 +164,10 @@ class DedeHttpDown */ function IsGetOK() { - if( preg_match("/^2/",$this->GetHead("http-state")) ) - { + if (preg_match("/^2/", $this->GetHead("http-state"))) { return TRUE; - } - else - { - $this->m_error .= $this->GetHead("http-state")." - ".$this->GetHead("http-describe")."
"; + } else { + $this->m_error .= $this->GetHead("http-state") . " - " . $this->GetHead("http-describe") . "
"; return FALSE; } } @@ -188,12 +180,9 @@ class DedeHttpDown */ function IsText() { - if( preg_match("/^2/",$this->GetHead("http-state")) && preg_match("/text|xml/i",$this->GetHead("content-type")) ) - { + if (preg_match("/^2/", $this->GetHead("http-state")) && preg_match("/text|xml/i", $this->GetHead("content-type"))) { return TRUE; - } - else - { + } else { $this->m_error .= "内容为非文本类型或网址重定向
"; return FALSE; } @@ -208,12 +197,13 @@ class DedeHttpDown */ function IsContentType($ctype) { - if(preg_match("/^2/",$this->GetHead("http-state")) - && $this->GetHead("content-type")==strtolower($ctype)) - { return TRUE; } - else - { - $this->m_error .= "类型不对 ".$this->GetHead("content-type")."
"; + if ( + preg_match("/^2/", $this->GetHead("http-state")) + && $this->GetHead("content-type") == strtolower($ctype) + ) { + return TRUE; + } else { + $this->m_error .= "类型不对 " . $this->GetHead("content-type") . "
"; return FALSE; } } @@ -227,8 +217,7 @@ class DedeHttpDown */ function SaveToBin($savefilename) { - if(!$this->IsGetOK()) - { + if (!$this->IsGetOK()) { return FALSE; } if (function_exists('curl_init') && function_exists('curl_exec')) { @@ -236,13 +225,12 @@ class DedeHttpDown return TRUE; } - if(@feof($this->m_fp)) - { - $this->m_error = "连接已经关闭!"; return FALSE; + if (@feof($this->m_fp)) { + $this->m_error = "连接已经关闭!"; + return FALSE; } - $fp = fopen($savefilename,"w"); - while(!feof($this->m_fp)) - { + $fp = fopen($savefilename, "w"); + while (!feof($this->m_fp)) { fwrite($fp, fread($this->m_fp, 1024)); } fclose($this->m_fp); @@ -259,16 +247,18 @@ class DedeHttpDown */ function SaveToText($savefilename) { - if($this->IsText()) - { + if ($this->IsText()) { $this->SaveBinFile($savefilename); - } - else - { + } else { return ""; } } + function SaveBinFile($filename) + { + return $this->SaveBinFile($filename); + } + /** * 用Http协议获得一个网页的内容 * @@ -277,21 +267,17 @@ class DedeHttpDown */ function GetHtml() { - if($this->m_html!='') - { + if ($this->m_html != '') { return $this->m_html; } - if(!$this->IsText()) - { + if (!$this->IsText()) { return ''; } - if(!$this->m_fp||@feof($this->m_fp)) - { + if (!$this->m_fp || @feof($this->m_fp)) { return ''; } - while(!feof($this->m_fp)) - { - $this->m_html .= fgets($this->m_fp,256); + while (!feof($this->m_fp)) { + $this->m_html .= fgets($this->m_fp, 256); } @fclose($this->m_fp); return $this->m_html; @@ -304,14 +290,14 @@ class DedeHttpDown * @param string $requestType 请求类型 * @return string */ - function PrivateStartSession($requestType="GET") + function PrivateStartSession($requestType = "GET") { if ($this->m_scheme == "https") { $this->m_port = "443"; } if (function_exists('curl_init') && function_exists('curl_exec')) { $this->m_ch = curl_init(); - curl_setopt($this->m_ch, CURLOPT_URL, $this->m_scheme.'://'.$this->m_host.':'.$this->m_port.$this->m_path); + curl_setopt($this->m_ch, CURLOPT_URL, $this->m_scheme . '://' . $this->m_host . ':' . $this->m_port . $this->m_path); curl_setopt($this->m_ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($this->m_ch, CURLOPT_FOLLOWLOCATION, 1); if ($requestType == "POST") { @@ -331,32 +317,27 @@ class DedeHttpDown $this->m_puthead["Host"] = $this->m_host; //发送用户自定义的请求头 - if(!isset($this->m_puthead["Accept"])) - { + if (!isset($this->m_puthead["Accept"])) { $this->m_puthead["Accept"] = "*/*"; } - if(!isset($this->m_puthead["User-Agent"])) - { + if (!isset($this->m_puthead["User-Agent"])) { $this->m_puthead["User-Agent"] = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)"; } - if(!isset($this->m_puthead["Refer"])) - { - $this->m_puthead["Refer"] = "http://".$this->m_puthead["Host"]; + if (!isset($this->m_puthead["Refer"])) { + $this->m_puthead["Refer"] = "http://" . $this->m_puthead["Host"]; } $headers = array(); - foreach($this->m_puthead as $k=>$v) - { + foreach ($this->m_puthead as $k => $v) { $k = trim($k); $v = trim($v); - if($k!=""&&$v!="") - { + if ($k != "" && $v != "") { $headers[] = "$k: $v"; } } if (count($headers) > 0) { curl_setopt($this->m_ch, CURLOPT_HTTPHEADER, $headers); } - + curl_setopt($this->m_ch, CURLOPT_CONNECTTIMEOUT, 20); curl_setopt($this->m_ch, CURLOPT_TIMEOUT, 900); @@ -375,168 +356,129 @@ class DedeHttpDown return TRUE; } - if(!$this->PrivateOpenHost()) - { + if (!$this->PrivateOpenHost()) { $this->m_error .= "打开远程主机出错!"; return FALSE; } $this->reTry++; - if($this->GetHead("http-edition")=="HTTP/1.1") - { + if ($this->GetHead("http-edition") == "HTTP/1.1") { $httpv = "HTTP/1.1"; - } - else - { + } else { $httpv = "HTTP/1.0"; } - $ps = explode('?',$this->m_urlpath); + $ps = explode('?', $this->m_urlpath); $headString = ''; //发送固定的起始请求头GET、Host信息 - if($requestType=="GET") - { - $headString .= "GET ".$this->m_urlpath." $httpv\r\n"; - } - else - { - $headString .= "POST ".$ps[0]." $httpv\r\n"; + if ($requestType == "GET") { + $headString .= "GET " . $this->m_urlpath . " $httpv\r\n"; + } else { + $headString .= "POST " . $ps[0] . " $httpv\r\n"; } $this->m_puthead["Host"] = $this->m_host; //发送用户自定义的请求头 - if(!isset($this->m_puthead["Accept"])) - { + if (!isset($this->m_puthead["Accept"])) { $this->m_puthead["Accept"] = "*/*"; } - if(!isset($this->m_puthead["User-Agent"])) - { + if (!isset($this->m_puthead["User-Agent"])) { $this->m_puthead["User-Agent"] = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)"; } - if(!isset($this->m_puthead["Refer"])) - { - $this->m_puthead["Refer"] = "http://".$this->m_puthead["Host"]; + if (!isset($this->m_puthead["Refer"])) { + $this->m_puthead["Refer"] = "http://" . $this->m_puthead["Host"]; } - foreach($this->m_puthead as $k=>$v) - { + foreach ($this->m_puthead as $k => $v) { $k = trim($k); $v = trim($v); - if($k!=""&&$v!="") - { + if ($k != "" && $v != "") { $headString .= "$k: $v\r\n"; } } fputs($this->m_fp, $headString); - if($requestType=="POST") - { + if ($requestType == "POST") { $postdata = ""; - if(count($ps)>1) - { - for($i=1;$i 1) { + for ($i = 1; $i < count($ps); $i++) { $postdata .= $ps[$i]; } - } - else - { + } else { $postdata = "OK"; } $plen = strlen($postdata); - fputs($this->m_fp,"Content-Type: application/x-www-form-urlencoded\r\n"); - fputs($this->m_fp,"Content-Length: $plen\r\n"); + fputs($this->m_fp, "Content-Type: application/x-www-form-urlencoded\r\n"); + fputs($this->m_fp, "Content-Length: $plen\r\n"); } //发送固定的结束请求头 //HTTP1.1协议必须指定文档结束后关闭链接,否则读取文档时无法使用feof判断结束 - if($httpv=="HTTP/1.1") - { - fputs($this->m_fp,"Connection: Close\r\n\r\n"); + if ($httpv == "HTTP/1.1") { + fputs($this->m_fp, "Connection: Close\r\n\r\n"); + } else { + fputs($this->m_fp, "\r\n"); } - else - { - fputs($this->m_fp,"\r\n"); - } - if($requestType=="POST") - { - fputs($this->m_fp,$postdata); + if ($requestType == "POST") { + fputs($this->m_fp, $postdata); } //获取应答头状态信息 - $httpstas = explode(" ",fgets($this->m_fp,256)); + $httpstas = explode(" ", fgets($this->m_fp, 256)); $this->m_httphead["http-edition"] = trim($httpstas[0]); $this->m_httphead["http-state"] = trim($httpstas[1]); $this->m_httphead["http-describe"] = ""; - for($i=2;$im_httphead["http-describe"] .= " ".trim($httpstas[$i]); + for ($i = 2; $i < count($httpstas); $i++) { + $this->m_httphead["http-describe"] .= " " . trim($httpstas[$i]); } //获取详细应答头 - while(!feof($this->m_fp)) - { - $line = trim(fgets($this->m_fp,256)); - if($line == "") - { + while (!feof($this->m_fp)) { + $line = trim(fgets($this->m_fp, 256)); + if ($line == "") { break; } $hkey = ""; $hvalue = ""; $v = 0; - for($i=0;$im_httphead[strtolower($hkey)] = trim($hvalue); } } //如果连接被不正常关闭,重试 - if(feof($this->m_fp)) - { - if($this->reTry > 10) - { + if (feof($this->m_fp)) { + if ($this->reTry > 10) { return FALSE; } $this->PrivateStartSession($requestType); } //判断是否是3xx开头的应答 - if(preg_match("/^3/",$this->m_httphead["http-state"])) - { - if($this->JumpCount > 3) - { + if (preg_match("/^3/", $this->m_httphead["http-state"])) { + if ($this->JumpCount > 3) { return; } - if(isset($this->m_httphead["location"])) - { + if (isset($this->m_httphead["location"])) { $newurl = $this->m_httphead["location"]; - if(preg_match("/^http/i",$newurl)) - { + if (preg_match("/^http/i", $newurl)) { $this->JumpOpenUrl($newurl); - } - else - { + } else { $newurl = $this->FillUrl($newurl); $this->JumpOpenUrl($newurl); } - } - else - { + } else { $this->m_error = "无法识别的答复!"; } } @@ -568,7 +510,7 @@ class DedeHttpDown * @param string $svalue 值 * @return string */ - function SetHead($skey,$svalue) + function SetHead($skey, $svalue) { $this->m_puthead[$skey] = $svalue; } @@ -581,21 +523,17 @@ class DedeHttpDown */ function PrivateOpenHost() { - if($this->m_host=="") - { + if ($this->m_host == "") { return FALSE; } $errno = ""; $errstr = ""; - $this->m_fp = @fsockopen($this->m_host, $this->m_port, $errno, $errstr,10); - if(!$this->m_fp) - { + $this->m_fp = @fsockopen($this->m_host, $this->m_port, $errno, $errstr, 10); + if (!$this->m_fp) { $this->m_error = $errstr; return FALSE; - } - else - { + } else { return TRUE; } } @@ -609,7 +547,7 @@ class DedeHttpDown function Close() { if (function_exists('curl_init') && function_exists('curl_exec')) { - curl_close($ch); + @curl_close($this->m_ch); } @fclose($this->m_fp); } @@ -629,81 +567,54 @@ class DedeHttpDown $okurl = ""; $pathStep = 0; $surl = trim($surl); - if($surl=="") - { + if ($surl == "") { return ""; } - $pos = strpos($surl,"#"); - if($pos>0) - { - $surl = substr($surl,0,$pos); + $pos = strpos($surl, "#"); + if ($pos > 0) { + $surl = substr($surl, 0, $pos); } - if($surl[0]=="/") - { - $okurl = "http://".$this->HomeUrl.$surl; - } - else if($surl[0]==".") - { - if(strlen($surl)<=1) - { + if ($surl[0] == "/") { + $okurl = "http://" . $this->HomeUrl . $surl; + } else if ($surl[0] == ".") { + if (strlen($surl) <= 1) { return ""; - } - else if($surl[1]=="/") - { - $okurl = "http://".$this->BaseUrlPath."/".substr($surl,2,strlen($surl)-2); - } - else - { - $urls = explode("/",$surl); - foreach($urls as $u) - { - if($u=="..") - { + } else if ($surl[1] == "/") { + $okurl = "http://" . $this->BaseUrlPath . "/" . substr($surl, 2, strlen($surl) - 2); + } else { + $urls = explode("/", $surl); + foreach ($urls as $u) { + if ($u == "..") { $pathStep++; - } - else if($iBaseUrlPath); - if(count($urls) <= $pathStep) - { + $urls = explode("/", $this->BaseUrlPath); + if (count($urls) <= $pathStep) { return ""; - } - else - { + } else { $pstr = "http://"; - for($i=0;$iBaseUrlPath."/".$surl; - } - else if(strtolower(substr($surl,0,7))=="http://") - { + } else { + if (strlen($surl) < 7) { + $okurl = "http://" . $this->BaseUrlPath . "/" . $surl; + } else if (strtolower(substr($surl, 0, 7)) == "http://") { $okurl = $surl; - } - else - { - $okurl = "http://".$this->BaseUrlPath."/".$surl; + } else { + $okurl = "http://" . $this->BaseUrlPath . "/" . $surl; } } - $okurl = preg_replace("/^(http:\/\/)/i","",$okurl); + $okurl = preg_replace("/^(http:\/\/)/i", "", $okurl); $okurl = preg_replace("/\/{1,}/", "/", $okurl); - return "http://".$okurl; + return "http://" . $okurl; } }//End Class \ No newline at end of file diff --git a/src/include/ftp.class.php b/src/include/ftp.class.php index dad402dd..10c6fca2 100755 --- a/src/include/ftp.class.php +++ b/src/include/ftp.class.php @@ -1,4 +1,4 @@ - 0) - { + if (count($config) > 0) { $this->initialize($config); } } @@ -52,10 +52,8 @@ class FTP { */ function initialize($config = array()) { - foreach ($config as $key => $val) - { - if (isset($this->$key)) - { + foreach ($config as $key => $val) { + if (isset($this->$key)) { $this->$key = $val; } } @@ -73,32 +71,26 @@ class FTP { */ function connect($config = array()) { - if (count($config) > 0) - { + if (count($config) > 0) { $this->initialize($config); } - if (FALSE === ($this->conn_id = @ftp_connect($this->hostname, $this->port))) - { - if ($this->debug == TRUE) - { + if (FALSE === ($this->conn_id = @ftp_connect($this->hostname, $this->port))) { + if ($this->debug == TRUE) { $this->_error('无法链接'); } return FALSE; } - if ( ! $this->_login()) - { - if ($this->debug == TRUE) - { + if (!$this->_login()) { + if ($this->debug == TRUE) { $this->_error('无法登录'); } return FALSE; } // 如果需要则设置传输模式 - if ($this->passive == TRUE) - { + if ($this->passive == TRUE) { ftp_pasv($this->conn_id, TRUE); } @@ -124,10 +116,8 @@ class FTP { */ function _is_conn() { - if ( ! is_resource($this->conn_id)) - { - if ($this->debug == TRUE) - { + if (!is_resource($this->conn_id)) { + if ($this->debug == TRUE) { $this->_error('无法链接'); } return FALSE; @@ -149,17 +139,14 @@ class FTP { */ function changedir($path = '', $supress_debug = FALSE) { - if ($path == '' OR ! $this->_is_conn()) - { + if ($path == '' or !$this->_is_conn()) { return FALSE; } $result = @ftp_chdir($this->conn_id, $path); - if ($result === FALSE) - { - if ($this->debug == TRUE AND $supress_debug == FALSE) - { + if ($result === FALSE) { + if ($this->debug == TRUE and $supress_debug == FALSE) { $this->_error('无法更改目录'); } return FALSE; @@ -177,25 +164,21 @@ class FTP { */ function mkdir($path = '', $permissions = NULL) { - if ($path == '' OR ! $this->_is_conn()) - { + if ($path == '' or !$this->_is_conn()) { return FALSE; } $result = @ftp_mkdir($this->conn_id, $path); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $this->_error('无法创建文件夹'); } return FALSE; } // 如果需要设置权限 - if ( ! is_null($permissions)) - { + if (!is_null($permissions)) { $this->chmod($path, (int)$permissions); } @@ -211,24 +194,19 @@ class FTP { */ function rmkdir($path = '', $pathsymbol = '/') { - $pathArray = explode($pathsymbol,$path); + $pathArray = explode($pathsymbol, $path); $pathstr = $pathsymbol; - foreach($pathArray as $val) - { - if(!empty($val)) - { + foreach ($pathArray as $val) { + if (!empty($val)) { //构建文件夹路径 - $pathstr = $pathstr.$val.$pathsymbol; - if (! $this->_is_conn()) - { + $pathstr = $pathstr . $val . $pathsymbol; + if (!$this->_is_conn()) { return FALSE; } $result = @ftp_chdir($this->conn_id, $pathstr); - if($result === FALSE) - { + if ($result === FALSE) { //如果不存在这个目录则创建 - if(!$this->mkdir($pathstr)) - { + if (!$this->mkdir($pathstr)) { return FALSE; } } @@ -248,20 +226,17 @@ class FTP { */ function upload($locpath, $rempath, $mode = 'auto', $permissions = NULL) { - if (!$this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } - if (!file_exists($locpath)) - { + if (!file_exists($locpath)) { $this->_error('不存在源文件'); return FALSE; } // 未指定则设置模式 - if ($mode == 'auto') - { + if ($mode == 'auto') { // 获取文件扩展名,以便本类上传类型 $ext = $this->_getext($locpath); $mode = $this->_settype($ext); @@ -271,18 +246,15 @@ class FTP { $result = @ftp_put($this->conn_id, $rempath, $locpath, $mode); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $this->_error('无法上传'); } return FALSE; } // 如果需要设置文件权限 - if ( ! is_null($permissions)) - { + if (!is_null($permissions)) { $this->chmod($rempath, (int)$permissions); } @@ -300,17 +272,14 @@ class FTP { */ function rename($old_file, $new_file, $move = FALSE) { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } $result = @ftp_rename($this->conn_id, $old_file, $new_file); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $msg = ($move == FALSE) ? '无法重命名' : '无法移动'; $this->_error($msg); @@ -343,17 +312,14 @@ class FTP { */ function delete_file($filepath) { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } $result = @ftp_delete($this->conn_id, $filepath); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $this->_error('无法删除'); } return FALSE; @@ -371,8 +337,7 @@ class FTP { */ function delete_dir($filepath) { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } @@ -381,14 +346,11 @@ class FTP { $list = $this->list_files($filepath); - if ($list !== FALSE AND count($list) > 0) - { - foreach ($list as $item) - { + if ($list !== FALSE and count($list) > 0) { + foreach ($list as $item) { // 如果我们不能删除该项目,它则可能是一个文件夹 // 将调用 delete_dir() - if ( ! @ftp_delete($this->conn_id, $item)) - { + if (!@ftp_delete($this->conn_id, $item)) { $this->delete_dir($item); } } @@ -396,10 +358,8 @@ class FTP { $result = @ftp_rmdir($this->conn_id, $filepath); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $this->_error('无法删除'); } return FALSE; @@ -418,16 +378,13 @@ class FTP { */ function chmod($path, $perm) { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } // 仅PHP5才能运行 - if ( ! function_exists('ftp_chmod')) - { - if ($this->debug == TRUE) - { + if (!function_exists('ftp_chmod')) { + if ($this->debug == TRUE) { $this->_error('无法更改权限'); } return FALSE; @@ -435,10 +392,8 @@ class FTP { $result = @ftp_chmod($this->conn_id, $perm, $path); - if ($result === FALSE) - { - if ($this->debug == TRUE) - { + if ($result === FALSE) { + if ($this->debug == TRUE) { $this->_error('无法更改权限'); } return FALSE; @@ -455,8 +410,7 @@ class FTP { */ function list_files($path = '.') { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } @@ -469,42 +423,41 @@ class FTP { * @access public * @return array */ - function list_rawfiles($path = '.', $type='dir') + function list_rawfiles($path = '.', $type = 'dir') { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } $ftp_rawlist = ftp_rawlist($this->conn_id, $path, TRUE); - foreach ($ftp_rawlist as $v) { - $info = array(); - $vinfo = preg_split("/[\s]+/", $v, 9); - if ($vinfo[0] !== "total") { - $info['chmod'] = $vinfo[0]; - $info['num'] = $vinfo[1]; - $info['owner'] = $vinfo[2]; - $info['group'] = $vinfo[3]; - $info['size'] = $vinfo[4]; - $info['month'] = $vinfo[5]; - $info['day'] = $vinfo[6]; - $info['time'] = $vinfo[7]; - $info['name'] = $vinfo[8]; - $rawlist[$info['name']] = $info; - } - } - - $dir = array(); - $file = array(); - foreach ($rawlist as $k => $v) { - if ($v['chmod']{0} == "d") { - $dir[$k] = $v; - } elseif ($v['chmod']{0} == "-") { - $file[$k] = $v; - } - } - - return ($type == 'dir')? $dir : $file; + foreach ($ftp_rawlist as $v) { + $info = array(); + $vinfo = preg_split("/[\s]+/", $v, 9); + if ($vinfo[0] !== "total") { + $info['chmod'] = $vinfo[0]; + $info['num'] = $vinfo[1]; + $info['owner'] = $vinfo[2]; + $info['group'] = $vinfo[3]; + $info['size'] = $vinfo[4]; + $info['month'] = $vinfo[5]; + $info['day'] = $vinfo[6]; + $info['time'] = $vinfo[7]; + $info['name'] = $vinfo[8]; + $rawlist[$info['name']] = $info; + } + } + + $dir = array(); + $file = array(); + foreach ($rawlist as $k => $v) { + if ($v['chmod'][0] == "d") { + $dir[$k] = $v; + } elseif ($v['chmod'][0] == "-") { + $file[$k] = $v; + } + } + + return ($type == 'dir') ? $dir : $file; } /** @@ -518,38 +471,30 @@ class FTP { */ function mirror($locpath, $rempath) { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } // 打开本地文件路径 - if ($fp = @opendir($locpath)) - { + if ($fp = @opendir($locpath)) { // 尝试打开远程文件的路径. - if ( ! $this->changedir($rempath, TRUE)) - { + if (!$this->changedir($rempath, TRUE)) { // 如果不能打开则创建 - if ( ! $this->rmkdir($rempath) OR ! $this->changedir($rempath)) - { + if (!$this->rmkdir($rempath) or !$this->changedir($rempath)) { return FALSE; } } // 递归读取本地目录 - while (FALSE !== ($file = readdir($fp))) - { - if (@is_dir($locpath.$file) && substr($file, 0, 1) != '.') - { - $this->mirror($locpath.$file."/", $rempath.$file."/"); - } - elseif (substr($file, 0, 1) != ".") - { + while (FALSE !== ($file = readdir($fp))) { + if (@is_dir($locpath . $file) && substr($file, 0, 1) != '.') { + $this->mirror($locpath . $file . "/", $rempath . $file . "/"); + } elseif (substr($file, 0, 1) != ".") { // 获取文件扩展名,以便本类上传类型 $ext = $this->_getext($file); $mode = $this->_settype($ext); - $this->upload($locpath.$file, $rempath.$file, $mode); + $this->upload($locpath . $file, $rempath . $file, $mode); } } return TRUE; @@ -567,8 +512,7 @@ class FTP { */ function _getext($filename) { - if (FALSE === strpos($filename, '.')) - { + if (FALSE === strpos($filename, '.')) { return 'txt'; } @@ -586,20 +530,20 @@ class FTP { function _settype($ext) { $text_types = array( - 'txt', - 'text', - 'php', - 'phps', - 'php4', - 'js', - 'css', - 'htm', - 'html', - 'phtml', - 'shtml', - 'log', - 'xml' - ); + 'txt', + 'text', + 'php', + 'phps', + 'php4', + 'js', + 'css', + 'htm', + 'html', + 'phtml', + 'shtml', + 'log', + 'xml' + ); return (in_array($ext, $text_types)) ? 'ascii' : 'binary'; @@ -615,8 +559,7 @@ class FTP { */ function close() { - if ( ! $this->_is_conn()) - { + if (!$this->_is_conn()) { return FALSE; } @@ -632,21 +575,21 @@ class FTP { */ function _error($msg) { - $errorTrackFile = dirname(__FILE__).'/../data/ftp_error_trace.inc'; + $errorTrackFile = dirname(__FILE__) . '/../data/ftp_error_trace.inc'; $emsg = ''; $emsg .= "

DedeCMS Error Warning!

\r\n"; $emsg .= ""; $emsg .= "
\r\n"; - $emsg .= "

Error page: ".$this->GetCurUrl()."
\r\n"; + $emsg .= "

Error page: " . $this->GetCurUrl() . "
\r\n"; $emsg .= "
Error infos: {$msg}
\r\n"; $emsg .= "
\r\n"; echo $emsg; - $savemsg = 'Page: '.$this->GetCurUrl()."\r\nError: ".$msg; + $savemsg = 'Page: ' . $this->GetCurUrl() . "\r\nError: " . $msg; //保存错误日志 $fp = @fopen($errorTrackFile, 'a'); - @fwrite($fp, '<'.'?php exit();'."\r\n/*\r\n{$savemsg}\r\n*/\r\n?".">\r\n"); + @fwrite($fp, '<' . '?php exit();' . "\r\n/*\r\n{$savemsg}\r\n*/\r\n?" . ">\r\n"); @fclose($fp); } @@ -658,22 +601,17 @@ class FTP { */ function GetCurUrl() { - if(!empty($_SERVER["REQUEST_URI"])) - { + if (!empty($_SERVER["REQUEST_URI"])) { $scriptName = $_SERVER["REQUEST_URI"]; $nowurl = $scriptName; - } - else - { + } else { $scriptName = $_SERVER["PHP_SELF"]; - if(empty($_SERVER["QUERY_STRING"])) { + if (empty($_SERVER["QUERY_STRING"])) { $nowurl = $scriptName; - } - else { - $nowurl = $scriptName."?".$_SERVER["QUERY_STRING"]; + } else { + $nowurl = $scriptName . "?" . $_SERVER["QUERY_STRING"]; } } return $nowurl; } - }//End Class diff --git a/src/include/taglib/arclist.lib.php b/src/include/taglib/arclist.lib.php index bbeb099f..07b6404a 100755 --- a/src/include/taglib/arclist.lib.php +++ b/src/include/taglib/arclist.lib.php @@ -500,7 +500,7 @@ function lib_arclistDone(&$refObj, &$ctag, $typeid=0, $row=10, $col=1, $titlelen if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/taglib/arclistsg.lib.php b/src/include/taglib/arclistsg.lib.php index fd9e9a5f..86211ef7 100755 --- a/src/include/taglib/arclistsg.lib.php +++ b/src/include/taglib/arclistsg.lib.php @@ -228,7 +228,7 @@ function lib_arclistsg(&$ctag,&$refObj) if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/taglib/likearticle.lib.php b/src/include/taglib/likearticle.lib.php index b52083f0..0de5465f 100755 --- a/src/include/taglib/likearticle.lib.php +++ b/src/include/taglib/likearticle.lib.php @@ -157,7 +157,7 @@ function lib_likearticle(&$ctag,&$refObj) if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') { diff --git a/src/include/tpllib/plus_spacenewart.php b/src/include/tpllib/plus_spacenewart.php index 463279b7..159b070a 100755 --- a/src/include/tpllib/plus_spacenewart.php +++ b/src/include/tpllib/plus_spacenewart.php @@ -44,7 +44,7 @@ function plus_spacenewart(&$atts,&$refObj,&$fields) if($row['litpic']=='') { - $row['litpic'] = '/images/defaultpic.gif'; + $row['litpic'] = '/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#i", $row['litpic'])) { diff --git a/src/include/uploadsafe.inc.php b/src/include/uploadsafe.inc.php index bfc0a693..2338a012 100755 --- a/src/include/uploadsafe.inc.php +++ b/src/include/uploadsafe.inc.php @@ -1,4 +1,13 @@ $_value) ${$_key.'_name'} = $_FILES[$_key]['name']; ${$_key.'_type'} = $_FILES[$_key]['type'] = preg_replace('#[^0-9a-z\./]#i', '', $_FILES[$_key]['type']); ${$_key.'_size'} = $_FILES[$_key]['size'] = preg_replace('#[^0-9]#','',$_FILES[$_key]['size']); - if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) ) - { - if(!defined('DEDEADMIN')) + + if (is_array(${$_key.'_name'})) { + if (count(${$_key.'_name'}) > 0) { + foreach (${$_key.'_name'} as $key => $value) { + if (!empty($value) && (preg_match("#\.(".$cfg_not_allowall.")$#i", $value) || !preg_match("#\.#", $value))) { + if(!defined('DEDEADMIN')) + { + exit('Not Admin Upload filetype not allow !'); + } + } + } + } + } else { + if(!empty(${$_key.'_name'}) && (preg_match("#\.(".$cfg_not_allowall.")$#i",${$_key.'_name'}) || !preg_match("#\.#", ${$_key.'_name'})) ) { - exit('Not Admin Upload filetype not allow !'); + if(!defined('DEDEADMIN')) + { + exit('Not Admin Upload filetype not allow !'); + } } } + + if(empty(${$_key.'_size'})) { ${$_key.'_size'} = @filesize($$_key); @@ -50,13 +75,30 @@ foreach($_FILES as $_key=>$_value) "image/xpng", "image/wbmp", "image/bmp" ); - if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) - { - $image_dd = @getimagesize($$_key); - if (!is_array($image_dd)) + if (is_array(${$_key.'_type'})) { + if (count(${$_key.'_type'}) > 0) { + foreach (${$_key.'_type'} as $key => $value) { + if(in_array(strtolower(trim($value)), $imtypes)) + { + $image_dd = @getimagesize($$_key); + if (!is_array($image_dd)) + { + exit('Upload filetype not allow !'); + } + } + } + } + } else { + if(in_array(strtolower(trim(${$_key.'_type'})), $imtypes)) { - exit('Upload filetype not allow !'); + $image_dd = @getimagesize($$_key); + if (!is_array($image_dd)) + { + exit('Upload filetype not allow !'); + } } } + + } ?> \ No newline at end of file diff --git a/src/plus/arcmulti.php b/src/plus/arcmulti.php index a6c7bcea..77f450dd 100755 --- a/src/plus/arcmulti.php +++ b/src/plus/arcmulti.php @@ -66,7 +66,7 @@ if($tagid !='') if($row['litpic'] == '-' || $row['litpic'] == '') { - $row['litpic'] = $GLOBALS['cfg_cmspath'].'/images/defaultpic.gif'; + $row['litpic'] = $GLOBALS['cfg_cmspath'].'/static/defaultpic.gif'; } if(!preg_match("#^http:\/\/#", $row['litpic']) && $GLOBALS['cfg_multi_site'] == 'Y') {