@@ -20,6 +20,7 @@ if ($dopost == 'analyse') { | |||||
showmsg('栏目id不正确,无法处理', 'javascript:;'); | showmsg('栏目id不正确,无法处理', 'javascript:;'); | ||||
exit(); | exit(); | ||||
} | } | ||||
$pagesize = intval($pagesize); | |||||
$dsql->SetQuery("SELECT COUNT(title) AS dd,title FROM `$maintable` WHERE channel='$channelid' GROUP BY title ORDER BY dd DESC LIMIT 0, $pagesize"); | $dsql->SetQuery("SELECT COUNT(title) AS dd,title FROM `$maintable` WHERE channel='$channelid' GROUP BY title ORDER BY dd DESC LIMIT 0, $pagesize"); | ||||
$dsql->Execute(); | $dsql->Execute(); | ||||
$allarc = 0; | $allarc = 0; | ||||
@@ -36,6 +37,10 @@ else if ($dopost == 'delsel') { | |||||
echo "没有指定删除的文档"; | echo "没有指定删除的文档"; | ||||
exit(); | exit(); | ||||
} | } | ||||
if (!$dsql->IsTable($maintable)) { | |||||
ShowMsg("数据表名称错误", "javascript:;"); | |||||
exit(); | |||||
} | |||||
$titless = split('`', $titles); | $titless = split('`', $titles); | ||||
if ($channelid < -1) { | if ($channelid < -1) { | ||||
$orderby = ($deltype == 'delnew' ? " ORDER BY aid DESC " : " ORDER BY aid ASC "); | $orderby = ($deltype == 'delnew' ? " ORDER BY aid DESC " : " ORDER BY aid ASC "); | ||||
@@ -65,18 +65,43 @@ if (empty($dopost)) { | |||||
<?php | <?php | ||||
exit; | exit; | ||||
} elseif ($dopost == "system_info") { | } elseif ($dopost == "system_info") { | ||||
if (!extension_loaded("openssl")) { | |||||
if (empty(trim($cfg_auth_code))) { | |||||
$indexHTML = ""; | |||||
if (file_exists(DEDEROOT."/index.html")) { | |||||
$indexHTML = file_get_contents(DEDEROOT."/index.html"); | |||||
} else { | |||||
$row = $dsql->GetOne("SELECT * FROM `#@__homepageset`"); | |||||
$row['templet'] = MfTemplet($row['templet']); | |||||
$pv = new PartView(); | |||||
$pv->SetTemplet($cfg_basedir.$cfg_templets_dir."/".$row['templet']); | |||||
$row['showmod'] = isset($row['showmod']) ? $row['showmod'] : 0; | |||||
if ($row['showmod'] == 0) { | |||||
ob_start(); | |||||
$pv->Display(); | |||||
$indexHTML = ob_get_contents(); | |||||
ob_end_clean(); | |||||
} | |||||
} | |||||
$pattern = '/<a\s[^>]*href=["\']?([^"\'>\s]*)["\']?[^>]*>/is'; | |||||
preg_match_all($pattern, $indexHTML, $matches); | |||||
$hasPowered = false; | |||||
foreach ($matches[1] as $href) { | |||||
if (preg_match("#^https://www.dedebiz.com#",$href)) { | |||||
$hasPowered = true; | |||||
} | |||||
} | |||||
$poweredStr = $hasPowered? "" : "请保留正确的<a href='https://www.dedebiz.com/powered_by_dedebiz' class='text-primary'>底部版权信息</a>,"; | |||||
echo json_encode(array( | echo json_encode(array( | ||||
"code" => -1001, | |||||
"msg" => "PHP不支持OpenSSL,无法完成商业版授权", | |||||
"code" => -1002, | |||||
"msg" => "当前站点已授权社区版,{$poweredStr}获取更多官方技术支持,请选择<a href='https://www.dedebiz.com/auth' class='text-primary'>商业版</a>", | |||||
"result" => null, | "result" => null, | ||||
)); | )); | ||||
exit; | exit; | ||||
} | } | ||||
if (empty(trim($cfg_auth_code))) { | |||||
if (!extension_loaded("openssl")) { | |||||
echo json_encode(array( | echo json_encode(array( | ||||
"code" => -1002, | |||||
"msg" => "当前站点已授权社区版,获取更多官方技术支持,请选择<a href='https://www.dedebiz.com/auth' class='text-primary'>商业版</a>", | |||||
"code" => -1001, | |||||
"msg" => "PHP不支持OpenSSL,无法完成商业版授权", | |||||
"result" => null, | "result" => null, | ||||
)); | )); | ||||
exit; | exit; | ||||
@@ -375,11 +375,14 @@ class DedeSqli | |||||
function IsTable($tbname) | function IsTable($tbname) | ||||
{ | { | ||||
global $dsqli; | global $dsqli; | ||||
$prefix = "#@__"; | |||||
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); | |||||
if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) { | |||||
return FALSE; | |||||
} | |||||
if (!$dsqli->isInit) { | if (!$dsqli->isInit) { | ||||
$this->Init($this->pconnect); | $this->Init($this->pconnect); | ||||
} | } | ||||
$prefix = "#@__"; | |||||
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); | |||||
if (mysqli_num_rows(@mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'"))) { | if (mysqli_num_rows(@mysqli_query($this->linkID, "SHOW TABLES LIKE '".$tbname."'"))) { | ||||
return TRUE; | return TRUE; | ||||
} | } | ||||
@@ -352,11 +352,14 @@ class DedeSqlite | |||||
function IsTable($tbname) | function IsTable($tbname) | ||||
{ | { | ||||
global $dsqlite; | global $dsqlite; | ||||
$prefix = "#@__"; | |||||
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); | |||||
if (!preg_match('/^[\p{L}_][\p{L}\p{N}@$#\-_]*$/u', $tbname)) { | |||||
return FALSE; | |||||
} | |||||
if (!$dsqlite->isInit) { | if (!$dsqlite->isInit) { | ||||
$this->Init($this->pconnect); | $this->Init($this->pconnect); | ||||
} | } | ||||
$prefix = "#@__"; | |||||
$tbname = str_replace($prefix, $GLOBALS['cfg_dbprefix'], $tbname); | |||||
$row = $this->linkID->querySingle("PRAGMA table_info({$tbname});"); | $row = $this->linkID->querySingle("PRAGMA table_info({$tbname});"); | ||||
if ($row !== null) { | if ($row !== null) { | ||||
return TRUE; | return TRUE; | ||||