diff --git a/src/admin/article_test_same.php b/src/admin/article_test_same.php
index 5ae6af4d..8b82335c 100644
--- a/src/admin/article_test_same.php
+++ b/src/admin/article_test_same.php
@@ -20,6 +20,7 @@ if ($dopost == 'analyse') {
showmsg('栏目id不正确,无法处理', 'javascript:;');
exit();
}
+ $pagesize = intval($pagesize);
$dsql->SetQuery("SELECT COUNT(title) AS dd,title FROM `$maintable` WHERE channel='$channelid' GROUP BY title ORDER BY dd DESC LIMIT 0, $pagesize");
$dsql->Execute();
$allarc = 0;
@@ -36,6 +37,10 @@ else if ($dopost == 'delsel') {
echo "没有指定删除的文档";
exit();
}
+ if (!$dsql->IsTable($maintable)) {
+ ShowMsg("数据表名称错误", "javascript:;");
+ exit();
+ }
$titless = split('`', $titles);
if ($channelid < -1) {
$orderby = ($deltype == 'delnew' ? " ORDER BY aid DESC " : " ORDER BY aid ASC ");
diff --git a/src/admin/index_body.php b/src/admin/index_body.php
index 1ab5202d..7cad265b 100644
--- a/src/admin/index_body.php
+++ b/src/admin/index_body.php
@@ -65,18 +65,43 @@ if (empty($dopost)) {
GetOne("SELECT * FROM `#@__homepageset`");
+ $row['templet'] = MfTemplet($row['templet']);
+ $pv = new PartView();
+ $pv->SetTemplet($cfg_basedir.$cfg_templets_dir."/".$row['templet']);
+ $row['showmod'] = isset($row['showmod']) ? $row['showmod'] : 0;
+ if ($row['showmod'] == 0) {
+ ob_start();
+ $pv->Display();
+ $indexHTML = ob_get_contents();
+ ob_end_clean();
+ }
+ }
+ $pattern = '/]*href=["\']?([^"\'>\s]*)["\']?[^>]*>/is';
+ preg_match_all($pattern, $indexHTML, $matches);
+ $hasPowered = false;
+ foreach ($matches[1] as $href) {
+ if (preg_match("#^https://www.dedebiz.com#",$href)) {
+ $hasPowered = true;
+ }
+ }
+ $poweredStr = $hasPowered? "" : "请保留正确的底部版权信息,";
echo json_encode(array(
- "code" => -1001,
- "msg" => "PHP不支持OpenSSL,无法完成商业版授权",
+ "code" => -1002,
+ "msg" => "当前站点已授权社区版,{$poweredStr}获取更多官方技术支持,请选择商业版",
"result" => null,
));
exit;
}
- if (empty(trim($cfg_auth_code))) {
+ if (!extension_loaded("openssl")) {
echo json_encode(array(
- "code" => -1002,
- "msg" => "当前站点已授权社区版,获取更多官方技术支持,请选择商业版",
+ "code" => -1001,
+ "msg" => "PHP不支持OpenSSL,无法完成商业版授权",
"result" => null,
));
exit;
diff --git a/src/system/database/dedesqli.class.php b/src/system/database/dedesqli.class.php
index dfc688d5..1f812814 100755
--- a/src/system/database/dedesqli.class.php
+++ b/src/system/database/dedesqli.class.php
@@ -375,11 +375,14 @@ class DedeSqli
function IsTable($tbname)
{
global $dsqli;
+ $prefix = "#@__";
+ $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
+ if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) {
+ return FALSE;
+ }
if (!$dsqli->isInit) {
$this->Init($this->pconnect);
}
- $prefix = "#@__";
- $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
if (mysqli_num_rows(@mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'"))) {
return TRUE;
}
diff --git a/src/system/database/dedesqlite.class.php b/src/system/database/dedesqlite.class.php
index af40b6a5..cfaa1aeb 100755
--- a/src/system/database/dedesqlite.class.php
+++ b/src/system/database/dedesqlite.class.php
@@ -352,11 +352,14 @@ class DedeSqlite
function IsTable($tbname)
{
global $dsqlite;
+ $prefix = "#@__";
+ $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
+ if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) {
+ return FALSE;
+ }
if (!$dsqlite->isInit) {
$this->Init($this->pconnect);
}
- $prefix = "#@__";
- $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname);
$row = $this->linkID->querySingle("PRAGMA table_info({$tbname});");
if ($row !== null) {
return TRUE;