4 years ago · adf744f9ed
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ src/index.html
 src/data/admin/
 src/data/module/
 src/uploads/*.php
 src/data/time.lock.inc
--- a/src/dede/article_keywords_select.php
+++ b/src/dede/article_keywords_select.php
@@ -12,6 +12,8 @@ require_once(dirname(__FILE__)."/config.php");
 require_once(DEDEINC."/datalistcp.class.php");
 setcookie("ENV_GOBACK_URL",$dedeNowurl,time()+3600,"/");

 $f = RemoveXSS($f);

 if(empty($keywords)) $keywords = "";

 $sql = "SELECT * FROM #@__keywords ORDER BY rank DESC";
--- a/src/dede/content_list.php
+++ b/src/dede/content_list.php
@@ -24,6 +24,8 @@ if(!isset($flag)) $flag = '';
 if(!isset($arcrank)) $arcrank = '';
 if(!isset($dopost)) $dopost = '';

 $arcrank = RemoveXSS($arcrank);

 //检查权限许可，总权限
 CheckPurview('a_List,a_AccList,a_MyList');

--- a/src/dede/file_pic_view.php
+++ b/src/dede/file_pic_view.php
@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath=$cfg_medias_dir;

 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
 $activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/file_pic_view.htm');
--- a/src/dede/login.php
+++ b/src/dede/login.php
@@ -12,6 +12,8 @@ require_once(dirname(__FILE__).'/../include/common.inc.php');
 require_once(DEDEINC.'/userlogin.class.php');
 if(empty($dopost)) $dopost = '';

 $gotopage = RemoveXSS($gotopage);

 //检测安装目录安全性
 if( is_dir(dirname(__FILE__).'/../install') )
 {
--- a/src/dede/pic_view.php
+++ b/src/dede/pic_view.php
@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath = $cfg_medias_dir;

 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
 $activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/pic_view.htm');
--- a/src/include/dialog/select_images.php
+++ b/src/include/dialog/select_images.php
@@ -33,6 +33,7 @@ if(empty($f))
 {
    $f = 'form1.picname';
 }
 $f = RemoveXSS($f);
 if(empty($v))
 {
    $v = 'picview';
--- a/src/member/login.php
+++ b/src/member/login.php
@@ -7,6 +7,7 @@
 * @link           http://www.dedecms.com
 */
 require_once(dirname(__FILE__)."/config.php");
 $gourl = RemoveXSS($gourl);
 if($cfg_ml->IsLogin())
 {
    ShowMsg('你已经登陆系统，无需重新注册！', 'index.php');
--- a/src/plus/download.php
+++ b/src/plus/download.php
@@ -57,6 +57,7 @@ else if($open==1)
    //更新下载次数
    $id = isset($id) && is_numeric($id) ? $id : 0;
    $link = base64_decode(urldecode($link));
    $linkinfo = parse_url($link);
    if ( !$link )
    {
        ShowMsg('无效地址','javascript:;');
@@ -77,9 +78,11 @@ else if($open==1)
    {
        $site = explode('|', $site);
        $domain = parse_url(trim($site[0]));
        $allowed[] = $domain['host'];
        if ($domain['host'] ) {
            $allowed[] = $domain['host'];
        }
    }
    

    if ( !in_array($linkinfo['host'], $allowed) )
    {
        ShowMsg('非下载地址，禁止访问','javascript:;');
--- a/src/plus/recommend.php
+++ b/src/plus/recommend.php
@@ -12,7 +12,7 @@
 require_once(dirname(__FILE__)."/../include/common.inc.php");
 require_once(DEDEINC."/channelunit.class.php");
 if(!isset($action)) $action = '';

 unset($_FILES);
 if(isset($arcID)) $aid = $arcID;
 $arcID = $aid = (isset($aid) && is_numeric($aid) ? $aid : 0);
 $type = (!isset($type) ? "" : $type);
--- a/src/plus/search.php
+++ b/src/plus/search.php
@@ -17,6 +17,7 @@ $typeid = (isset($typeid) && is_numeric($typeid)) ? $typeid : 0;
 $channeltype = (isset($channeltype) && is_numeric($channeltype)) ? $channeltype : 0;
 $kwtype = (isset($kwtype) && is_numeric($kwtype)) ? $kwtype : 0;
 $mid = (isset($mid) && is_numeric($mid)) ? $mid : 0;
 unset($typeArr);

 if(!isset($orderby)) $orderby='';
 else $orderby = preg_replace("#[^a-z]#i", '', $orderby);