2 years ago · a9349370fc
--- a/src/dede/config.php
+++ b/src/dede/config.php
@@ -1,5 +1,4 @@
 <?php

 /**
 * 管理目录配置文件
 *
@@ -10,35 +9,23 @@
 * @link           https://www.dedebiz.com
 */
 define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));
 require_once(DEDEADMIN.'/../include/common.inc.php');
 require_once(DEDEINC.'/userlogin.class.php');
 require_once(DEDEADMIN . '/../include/common.inc.php');
 require_once(DEDEINC . '/userlogin.class.php');
 header('Cache-Control:private');
 $dsql->safeCheck = FALSE;
 $dsql->SetLongLink();
 $cfg_admin_skin = 1; // 后台管理风格

 if (file_exists(DEDEDATA.'/admin/skin.txt')) {
    $skin = file_get_contents(DEDEDATA.'/admin/skin.txt');
 $cfg_admin_skin = 1;//后台管理风格
 if (file_exists(DEDEDATA . '/admin/skin.txt')) {
    $skin = file_get_contents(DEDEDATA . '/admin/skin.txt');
    $cfg_admin_skin = !in_array($skin, array(1, 2, 3, 4)) ? 1 : $skin;
 }

 // 检查CSRF
 //检查CSRF
 function CheckCSRF()
 {
    $cc_csrf_token_check = GetCookie("dede_csrf_token");
    if (
        !(isset($_POST['_csrf_token'], $cc_csrf_token_check)
            && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)
            && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))
    ) {
        ShowMsg('CSRF校验失败，请刷新页面重新提交', '-1');
        exit();
    }

    DropCookie("dede_csrf_token");
 }

 // 生成CSRF校验token，在比较重要的表单中应该要加上这个token校验
 //生成CSRF校验token，在比较重要的表单中应该要加上这个token校验
 $cc_csrf_token = GetCookie("dede_csrf_token");
 if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
    if (
@@ -50,32 +37,26 @@ if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
        $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));
    }
 }

 if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
    PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');
 }


 //获得当前脚本名称，如果你的系统被禁用了$_SERVER变量，请自行更改这个选项
 $dedeNowurl = $s_scriptName = '';
 $isUrlOpen = @ini_get('allow_url_fopen');
 $dedeNowurl = GetCurUrl();
 $dedeNowurls = explode('?', $dedeNowurl);
 $s_scriptName = $dedeNowurls[0];

 //检验用户登录状态
 $cuserLogin = new userLogin();

 if ($cuserLogin->getUserID() == -1) {
    if (preg_match("#PHP (.*) Development Server#", $_SERVER['SERVER_SOFTWARE'])) {
        $dirname = dirname($_SERVER['SCRIPT_NAME']);
        header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));
        header("location:{$dirname}/login.php?gotopage=" . urlencode($dedeNowurl));
    } else {
        header("location:login.php?gotopage=".urlencode($dedeNowurl));
        header("location:login.php?gotopage=" . urlencode($dedeNowurl));
    }
    exit();
 }

 function XSSClean($val)
 {
    if (is_array($val)) {
@@ -87,7 +68,6 @@ function XSSClean($val)
    }
    return RemoveXss($val);
 }

 if ($cfg_dede_log == 'Y') {
    $s_nologfile = '_main|_list';
    $s_needlogfile = 'sys_|file_';
@@ -96,22 +76,19 @@ if ($cfg_dede_log == 'Y') {
    $s_scriptNames = explode('/', $s_scriptName);
    $s_scriptNames = $s_scriptNames[count($s_scriptNames) - 1];
    $s_userip = GetIP();
    if ($s_method == 'POST' || (!preg_match("#".$s_nologfile."#i", $s_scriptNames) && $s_query != '') || preg_match("#".$s_needlogfile."#i", $s_scriptNames)) {
    if ($s_method == 'POST' || (!preg_match("#" . $s_nologfile . "#i", $s_scriptNames) && $s_query != '') || preg_match("#" . $s_needlogfile . "#i", $s_scriptNames)) {
        $inquery = "INSERT INTO `#@__log`(adminid,filename,method,query,cip,dtime)
             VALUES ('".$cuserLogin->getUserID()."','{$s_scriptNames}','{$s_method}','".addslashes($s_query)."','{$s_userip}','".time()."');";
             VALUES ('" . $cuserLogin->getUserID() . "','{$s_scriptNames}','{$s_method}','" . addslashes($s_query) . "','{$s_userip}','" . time() . "');";
        $dsql->ExecuteNoneQuery($inquery);
    }
 }

 //管理缓存、管理员频道缓存
 $cache1 = DEDEDATA.'/cache/inc_catalog_base.inc';
 //管理缓存管理员频道缓存
 $cache1 = DEDEDATA . '/cache/inc_catalog_base.inc';
 if (!file_exists($cache1)) UpDateCatCache();
 $cacheFile = DEDEDATA.'/cache/admincat_'.$cuserLogin->userID.'.inc';
 $cacheFile = DEDEDATA . '/cache/admincat_' . $cuserLogin->userID . '.inc';
 if (file_exists($cacheFile)) require_once($cacheFile);

 //更新服务器
 require_once(DEDEDATA.'/admin/config_update.php');

 require_once(DEDEDATA . '/admin/config_update.php');
 if (strlen($cfg_cookie_encode) <= 10) {
    $chars = 'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789';
    $hash = '';
@@ -121,28 +98,27 @@ if (strlen($cfg_cookie_encode) <= 10) {
        $hash .= $chars[mt_rand(0, $max)];
    }
    $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='{$hash}' WHERE varname='cfg_cookie_encode' ");
    $configfile = DEDEDATA.'/config.cache.inc.php';
    $configfile = DEDEDATA . '/config.cache.inc.php';
    if (!is_writeable($configfile)) {
        echo "配置文件'{$configfile}'不支持写入，无法修改系统配置参数！";
        exit();
    }
    $fp = fopen($configfile, 'w');
    flock($fp, 3);
    fwrite($fp, "<"."?php\r\n");
    fwrite($fp, "<" . "?php\r\n");
    $dsql->SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC ");
    $dsql->Execute();
    while ($row = $dsql->GetArray()) {
        if ($row['type'] == 'number') {
            if ($row['value'] == '') $row['value'] = 0;
            fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n");
            fwrite($fp, "\${$row['varname']} = " . $row['value'] . ";\r\n");
        } else {
            fwrite($fp, "\${$row['varname']} = '".str_replace("'", '', $row['value'])."';\r\n");
            fwrite($fp, "\${$row['varname']} = '" . str_replace("'", '', $row['value']) . "';\r\n");
        }
    }
    fwrite($fp, "?".">");
    fwrite($fp, "?" . ">");
    fclose($fp);
 }

 /**
 *  更新栏目缓存
 *
@@ -152,8 +128,8 @@ if (strlen($cfg_cookie_encode) <= 10) {
 function UpDateCatCache()
 {
    global $dsql, $cache1, $cuserLogin;
    $cache2 = DEDEDATA.'/cache/channelsonlist.inc';
    $cache3 = DEDEDATA.'/cache/channeltoplist.inc';
    $cache2 = DEDEDATA . '/cache/channelsonlist.inc';
    $cache3 = DEDEDATA . '/cache/channeltoplist.inc';
    $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");
    $dsql->Execute();
    $fp1 = fopen($cache1, 'w');
@@ -161,7 +137,7 @@ function UpDateCatCache()
    $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";
    fwrite($fp1, $fp1Header);
    while ($row = $dsql->GetObject()) {
        // 将typename缓存起来
        //将typename缓存起来
        $row->typename = base64_encode($row->typename);
        fwrite($fp1, "\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");
    }
@@ -171,12 +147,11 @@ function UpDateCatCache()
    @unlink($cache2);
    @unlink($cache3);
 }

 // 清空选项缓存
 //清空选项缓存
 function ClearOptCache()
 {
    $tplCache = DEDEDATA.'/tplcache/';
    $fileArray = glob($tplCache."inc_option_*.inc");
    $tplCache = DEDEDATA . '/tplcache/';
    $fileArray = glob($tplCache . "inc_option_*.inc");
    if (count($fileArray) > 1) {
        foreach ($fileArray as $key => $value) {
            if (file_exists($value)) unlink($value);
@@ -186,7 +161,6 @@ function ClearOptCache()
    }
    return FALSE;
 }

 /**
 *  引入模板文件
 *
@@ -197,9 +171,8 @@ function ClearOptCache()
 */
 function DedeInclude($filename, $isabs = FALSE)
 {
    return $isabs ? $filename : DEDEADMIN.'/'.$filename;
    return $isabs ? $filename : DEDEADMIN . '/' . $filename;
 }

 /**
 *  根据用户mid获取用户名称
 *
@@ -217,4 +190,4 @@ if (!function_exists('GetMemberName')) {
        $rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");
        return $rs['uname'];
    }
 }
 }
--- a/src/dede/css/base.css
+++ b/src/dede/css/base.css
--- a/src/static/img/base.css
+++ b/src/static/img/base.css
@@ -1,31 +1 @@
 * {font-size: 12px;line-height: 1.5;}
 body {font-size: 12px;line-height: 1.5;}
 select,textarea{vertical-align:middle;}
 a:link { font-size: 12px; color: #000000; }
 a:visited{ font-size: 12px; color: #000000;}
 a:hover {font-size: 12px;color: red}
 div,form,h1,h2,h3,h4,h5,h6{	margin: 0; padding:0;}
 .m1{border-left: 1px solid #DFDFDB; border-top: 1px solid #DFDFDB; border-bottom: 1px solid #808080}
 .m2{border-left: 1px solid #DFDFDB; border-bottom: 1px solid #808080; border-top: 1px solid #DFDFDB;border-right: 1px solid #DFDFDB;}
 .m3{border-left: 1px solid #DFDFDB; border-top: 1px solid #DFDFDB;border-right: 1px solid #DFDFDB;}
 .article{FONT-SIZE: 10pt; LINE-HEIGHT: 160%；table-layout:fixed;word-break:break-all}
 .bn{color:#FFFFFF;font-size:0.1pt;line-height:50%}
 .contents{font-size:1pt;color:#F7F6F8}
 .nb{border: 1px solid #000000;height:18px}
 .coolbg {border-right: 2px solid #ACACAC; border-bottom: 2px solid #ACACAC; background-color: #E6E6E6}
 .ctfield{ padding: 3px; line-height: 150%}
 .nndiv{ width: 175px; height:20px; margin: 0px;padding: 0px;word-break: break-all;overflow: hidden; }
 .alltxt {
 	border-width:1px;
 	border-style:solid;
 	border-color:#707070 #CECECE #CECECE #707070;
 	padding:2px 4px;
 	line-height:18px;
 	vertical-align:middle;
 }
 .maintable {
 	width: 98%!important;
 }
 a.btn {
 	color: white!important;
 }
 *{font-size:12px;letter-spacing:.4px}body{font:12px Helvetica Neue,Helvetica,PingFang SC,Tahoma,Arial,sans-serif;color:#424b51;background:#fff;line-height:1.5}form,h1,h2,h3,ul,ol,div{margin:0;padding:0}td{line-height:1.5}td,th,div{word-break:break-all;word-wrap:break-word}li,dd{margin:0;padding:0;list-style-type:none}select{padding:.375rem .75rem;font-size:1rem;color:#424b51;background:#fff;background-clip:padding-box;border:1px solid #ced4da;border-radius:.2rem;transition:all .6s}input{padding:.375rem .75rem;font-size:1rem;color:#424b51;background:#fff;background-clip:padding-box;border:1px solid #ced4da;border-radius:.2rem;transition:all .6s;vertical-align:middle}textarea{padding:.25rem .5rem;font-size:1rem;color:#424b51;background:#fff;background-clip:padding-box;border:1px solid #ced4da;border-radius:.2rem;transition:all .6s;vertical-align:middle;overflow:auto}a:link{color:#424b51;text-decoration:none}a:hover{opacity:.8}a:visited{color:#666}.m1{border-left:1px solid #DFDFDB;border-top:1px solid #DFDFDB;border-bottom:1px solid #808080}.m2{border-left:1px solid #DFDFDB;border-bottom:1px solid #808080;border-top:1px solid #DFDFDB;border-right:1px solid #DFDFDB}.m3{border-left:1px solid #DFDFDB;border-top:1px solid #DFDFDB;border-right:1px solid #DFDFDB}.article{FONT-SIZE:10pt;LINE-HEIGHT:160%；table-layout:fixed;word-break:break-all}.bn{color:#FFFFFF;font-size:0.1pt;line-height:50%}.contents{font-size:1pt;color:#F7F6F8}.nb{border:1px solid #000000;height:18px}.coolbg{border-right:2px solid #ACACAC;border-bottom:2px solid #ACACAC;background-color:#E6E6E6}.ctfield{padding:3px;line-height:150%}.nndiv{width:170px;height:20px;margin:0px;padding:0px;word-break:break-all;overflow:hidden}.maintable{width:98%!important}a.btn{color:white!important}
--- a/src/templets/plus/win_templet.htm
+++ b/src/templets/plus/win_templet.htm
@@ -1,12 +1,12 @@
 <!DOCTYPE html>
 <html>
 <head>
    <meta charset="{dede:global.cfg_soft_lang/}">
    <title>{dede:wintitle/}</title>
    <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/css/bootstrap.min.css">
    <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/font-awesome/css/font-awesome.min.css">
    <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/img/base.css">
    <script src="{dede:global name='cfg_static_dir'/}/js/jquery.js"></script>
 <meta charset="{dede:global.cfg_soft_lang/}">
 <title>{dede:wintitle/}</title>
 <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/css/bootstrap.min.css">
 <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/font-awesome/css/font-awesome.min.css">
 <link rel="stylesheet" href="{dede:global name='cfg_static_dir'/}/img/base.css">
 <script src="{dede:global name='cfg_static_dir'/}/js/jquery.js"></script>
 </head>
 <body background="{dede:global name='cfg_static_dir'/}/img/allbg.gif" leftmargin="8" topmargin="8">
    <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0" class="table maintable table-bordered mt-3">