diff --git a/src/admin/article_test_same.php b/src/admin/article_test_same.php index 5ae6af4d..8b82335c 100644 --- a/src/admin/article_test_same.php +++ b/src/admin/article_test_same.php @@ -20,6 +20,7 @@ if ($dopost == 'analyse') { showmsg('栏目id不正确,无法处理', 'javascript:;'); exit(); } + $pagesize = intval($pagesize); $dsql->SetQuery("SELECT COUNT(title) AS dd,title FROM `$maintable` WHERE channel='$channelid' GROUP BY title ORDER BY dd DESC LIMIT 0, $pagesize"); $dsql->Execute(); $allarc = 0; @@ -36,6 +37,10 @@ else if ($dopost == 'delsel') { echo "没有指定删除的文档"; exit(); } + if (!$dsql->IsTable($maintable)) { + ShowMsg("数据表名称错误", "javascript:;"); + exit(); + } $titless = split('`', $titles); if ($channelid < -1) { $orderby = ($deltype == 'delnew' ? " ORDER BY aid DESC " : " ORDER BY aid ASC "); diff --git a/src/admin/index_body.php b/src/admin/index_body.php index 1ab5202d..7cad265b 100644 --- a/src/admin/index_body.php +++ b/src/admin/index_body.php @@ -65,18 +65,43 @@ if (empty($dopost)) { GetOne("SELECT * FROM `#@__homepageset`"); + $row['templet'] = MfTemplet($row['templet']); + $pv = new PartView(); + $pv->SetTemplet($cfg_basedir.$cfg_templets_dir."/".$row['templet']); + $row['showmod'] = isset($row['showmod']) ? $row['showmod'] : 0; + if ($row['showmod'] == 0) { + ob_start(); + $pv->Display(); + $indexHTML = ob_get_contents(); + ob_end_clean(); + } + } + $pattern = '/]*href=["\']?([^"\'>\s]*)["\']?[^>]*>/is'; + preg_match_all($pattern, $indexHTML, $matches); + $hasPowered = false; + foreach ($matches[1] as $href) { + if (preg_match("#^https://www.dedebiz.com#",$href)) { + $hasPowered = true; + } + } + $poweredStr = $hasPowered? "" : "请保留正确的底部版权信息,"; echo json_encode(array( - "code" => -1001, - "msg" => "PHP不支持OpenSSL,无法完成商业版授权", + "code" => -1002, + "msg" => "当前站点已授权社区版,{$poweredStr}获取更多官方技术支持,请选择商业版", "result" => null, )); exit; } - if (empty(trim($cfg_auth_code))) { + if (!extension_loaded("openssl")) { echo json_encode(array( - "code" => -1002, - "msg" => "当前站点已授权社区版,获取更多官方技术支持,请选择商业版", + "code" => -1001, + "msg" => "PHP不支持OpenSSL,无法完成商业版授权", "result" => null, )); exit; diff --git a/src/system/database/dedesqli.class.php b/src/system/database/dedesqli.class.php index dfc688d5..1f812814 100755 --- a/src/system/database/dedesqli.class.php +++ b/src/system/database/dedesqli.class.php @@ -375,11 +375,14 @@ class DedeSqli function IsTable($tbname) { global $dsqli; + $prefix = "#@__"; + $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); + if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) { + return FALSE; + } if (!$dsqli->isInit) { $this->Init($this->pconnect); } - $prefix = "#@__"; - $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); if (mysqli_num_rows(@mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'"))) { return TRUE; } diff --git a/src/system/database/dedesqlite.class.php b/src/system/database/dedesqlite.class.php index af40b6a5..cfaa1aeb 100755 --- a/src/system/database/dedesqlite.class.php +++ b/src/system/database/dedesqlite.class.php @@ -352,11 +352,14 @@ class DedeSqlite function IsTable($tbname) { global $dsqlite; + $prefix = "#@__"; + $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); + if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) { + return FALSE; + } if (!$dsqlite->isInit) { $this->Init($this->pconnect); } - $prefix = "#@__"; - $tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); $row = $this->linkID->querySingle("PRAGMA table_info({$tbname});"); if ($row !== null) { return TRUE;