DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
Browse Source

sqlite3下的错误修复

tags/6.0.4^2
tianya 2 years ago
parent
d4c5c6ef17
commit
d1bc9b2138
3 changed files with 31 additions and 25 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/dede/inc/inc_menu.php
  2. +1
    -1
      src/dede/inc/inc_menu_map.php
  3. +29
    -23
      src/include/dedesqlite.class.php

+ 1
- 1
src/dede/inc/inc_menu.php View File

@@ -113,7 +113,7 @@ $adminMenu1
<m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' />
<m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新Tag标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
</m:top>
<m:top item='6_' name='会员管理' display='none' rank='member_List,member_Type'>
<m:item name='注册会员列表' link='member_main.php' rank='member_List' target='main' />


+ 1
- 1
src/dede/inc/inc_menu_map.php View File

@@ -70,7 +70,7 @@ $menusMain = "<m:top mapitem='1' item='1_' name='常用操作' display='block'>
<m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' />
<m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新Tag' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
</m:top>
<m:top mapitem='3' item='1_6_' name='附件管理' display='none' rank='sys_Upload,sys_MyUpload,plus_文件管理器'>
<m:item name='上传新文件' link='media_add.php' rank='' target='main' />


+ 29
- 23
src/include/dedesqlite.class.php View File

@@ -104,7 +104,7 @@ class DedeSqlite
$this->linkID = $dsqlite->linkID;
} else {
$this->linkID = new SQLite3(DEDEDATA.'/'.$this->dbName.'.db');
$this->linkID = new SQLite3(DEDEDATA . '/' . $this->dbName . '.db');
//复制一个对象副本
CopySQLiPoint($this);
@@ -178,7 +178,7 @@ class DedeSqlite
}
if (is_array($this->parameters)) {
foreach ($this->parameters as $key => $value) {
$this->queryString = str_replace("@".$key, "'$value'", $this->queryString);
$this->queryString = str_replace("@" . $key, "'$value'", $this->queryString);
}
}
//SQL语句安全检查
@@ -216,7 +216,7 @@ class DedeSqlite
}
if (is_array($this->parameters)) {
foreach ($this->parameters as $key => $value) {
$this->queryString = str_replace("@".$key, "'$value'", $this->queryString);
$this->queryString = str_replace("@" . $key, "'$value'", $this->queryString);
}
}
$t1 = ExecTime();
@@ -281,7 +281,7 @@ class DedeSqlite
}
if ($this->result[$id] === FALSE) {
$this->DisplayError($this->linkID->lastErrorMsg()." <br />Error sql: <font color='red'>".$this->queryString."</font>");
$this->DisplayError($this->linkID->lastErrorMsg() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>");
}
}
@@ -302,7 +302,7 @@ class DedeSqlite
$dsqlite->isClose = FALSE;
}
if (!empty($sql)) {
if (!preg_match("/LIMIT/i", $sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql))." LIMIT 0,1;");
if (!preg_match("/LIMIT/i", $sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql)) . " LIMIT 0,1;");
else $this->SetQuery($sql);
}
$this->Execute("one");
@@ -348,12 +348,16 @@ class DedeSqlite
if ($this->result[$id] === 0) {
return FALSE;
} else {
$rs = $this->result[$id]->fetchArray($acctype);
if (!$rs) {
$this->result[$id] = 0;
if ($this->result[$id]) {
$rs = $this->result[$id]->fetchArray($acctype);
if (!$rs) {
$this->result[$id] = 0;
return false;
}
return $rs;
} else {
return false;
}
return $rs;
}
}
@@ -361,10 +365,12 @@ class DedeSqlite
{
if (!isset($this->_fixObject[$id])) {
$this->_fixObject[$id] = array();
while ($row = $this->result[$id]->fetchArray(SQLITE3_ASSOC)) {
$this->_fixObject[$id][] = (object)$row;
if ($this->result[$id]) {
while ($row = $this->result[$id]->fetchArray(SQLITE3_ASSOC)) {
$this->_fixObject[$id][] = (object)$row;
}
$this->result[$id]->reset();
}
$this->result[$id]->reset();
}
return array_shift($this->_fixObject[$id]);
}
@@ -402,7 +408,7 @@ class DedeSqlite
$sqlite_version = $rs;
if ($isformat) {
$sqlite_versions = explode(".", trim($sqlite_version));
$sqlite_version = number_format($sqlite_versions[0].".".$sqlite_versions[1], 2);
$sqlite_version = number_format($sqlite_versions[0] . "." . $sqlite_versions[1], 2);
}
return $sqlite_version;
}
@@ -524,7 +530,7 @@ class DedeSqlite
function RecordLog($runtime = 0)
{
$RecordLogFile = dirname(__FILE__).'/../data/mysqli_record_log.inc';
$RecordLogFile = dirname(__FILE__) . '/../data/mysqli_record_log.inc';
$url = $this->GetCurUrl();
$savemsg = <<<EOT
@@ -541,26 +547,26 @@ EOT;
//显示数据链接错误信息
function DisplayError($msg)
{
$errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';
if (file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php')) {
@unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');
$errorTrackFile = dirname(__FILE__) . '/../data/mysqli_error_trace.inc';
if (file_exists(dirname(__FILE__) . '/../data/mysqli_error_trace.php')) {
@unlink(dirname(__FILE__) . '/../data/mysqli_error_trace.php');
}
if ($this->showError) {
$emsg = '';
$emsg .= "<div><h3>DedeBIZ Error Warning!</h3>\r\n";
$emsg .= "<div><a href='https://www.dedebiz.com' target='_blank' style='color:red'>Technical Support: https://www.dedebiz.com</a></div>";
$emsg .= "<div style='line-helght:160%;font-size:14px;color:green'>\r\n";
$emsg .= "<div style='color:blue'><br />Error page: <font color='red'>".$this->GetCurUrl()."</font></div>\r\n";
$emsg .= "<div style='color:blue'><br />Error page: <font color='red'>" . $this->GetCurUrl() . "</font></div>\r\n";
$emsg .= "<div>Error infos: {$msg}</div>\r\n";
$emsg .= "<br /></div></div>\r\n";
echo $emsg;
}
$savemsg = 'Page: '.$this->GetCurUrl()."\r\nError: ".$msg."\r\nTime".date('Y-m-d H:i:s');
$savemsg = 'Page: ' . $this->GetCurUrl() . "\r\nError: " . $msg . "\r\nTime" . date('Y-m-d H:i:s');
//保存MySql错误日志
$fp = @fopen($errorTrackFile, 'a');
@fwrite($fp, '<'.'?php exit();'."\r\n/*\r\n{$savemsg}\r\n*/\r\n?".">\r\n");
@fwrite($fp, '<' . '?php exit();' . "\r\n/*\r\n{$savemsg}\r\n*/\r\n?" . ">\r\n");
@fclose($fp);
}
@@ -575,7 +581,7 @@ EOT;
if (empty($_SERVER["QUERY_STRING"])) {
$nowurl = $scriptName;
} else {
$nowurl = $scriptName."?".$_SERVER["QUERY_STRING"];
$nowurl = $scriptName . "?" . $_SERVER["QUERY_STRING"];
}
}
return $nowurl;
@@ -597,7 +603,7 @@ if (!function_exists('CheckSql')) {
$error = '';
$old_pos = 0;
$pos = -1;
$log_file = DEDEINC.'/../data/'.md5($cfg_cookie_encode).'_safe.txt';
$log_file = DEDEINC . '/../data/' . md5($cfg_cookie_encode) . '_safe.txt';
$userIP = GetIP();
$getUrl = GetCurUrl();
@@ -606,7 +612,7 @@ if (!function_exists('CheckSql')) {
$notallow1 = "[^0-9a-z@\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]{1,}";
//$notallow2 = "--|/\*";
if (preg_match("/".$notallow1."/i", $db_string)) {
if (preg_match("/" . $notallow1 . "/i", $db_string)) {
fputs(fopen($log_file, 'a+'), "$userIP||$getUrl||$db_string||SelectBreak\r\n");
exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>");
}


Write Preview
Loading…
Cancel
Save