DedeBIZ
/
DedeV6
關注 2
收藏 0
複製 0
程式碼 合併請求 0 版本發佈 31 活動
瀏覽代碼

sqlite3下的错误修复

tags/6.0.4^2
tianya 3 年之前
父節點
d4c5c6ef17
當前提交
d1bc9b2138
共有 3 個檔案被更改,包括 31 行新增25 行删除
統一視圖
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/dede/inc/inc_menu.php
  2. +1
    -1
      src/dede/inc/inc_menu_map.php
  3. +29
    -23
      src/include/dedesqlite.class.php

+ 1
- 1
src/dede/inc/inc_menu.php 查看文件

@@ -113,7 +113,7 @@ $adminMenu1
<m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' /> <m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' />
<m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' /> <m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' /> <m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新Tag标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
</m:top> </m:top>
<m:top item='6_' name='会员管理' display='none' rank='member_List,member_Type'> <m:top item='6_' name='会员管理' display='none' rank='member_List,member_Type'>
<m:item name='注册会员列表' link='member_main.php' rank='member_List' target='main' /> <m:item name='注册会员列表' link='member_main.php' rank='member_List' target='main' />


+ 1
- 1
src/dede/inc/inc_menu_map.php 查看文件

@@ -70,7 +70,7 @@ $menusMain = "<m:top mapitem='1' item='1_' name='常用操作' display='block'>
<m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' /> <m:item name='更新订阅' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' />
<m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' /> <m:item name='获取脚本' link='makehtml_js.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' /> <m:item name='更新专题' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新标签' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新Tag' link='makehtml_taglist.php' rank='sys_MakeHtml' target='main' />
</m:top> </m:top>
<m:top mapitem='3' item='1_6_' name='附件管理' display='none' rank='sys_Upload,sys_MyUpload,plus_文件管理器'> <m:top mapitem='3' item='1_6_' name='附件管理' display='none' rank='sys_Upload,sys_MyUpload,plus_文件管理器'>
<m:item name='上传新文件' link='media_add.php' rank='' target='main' /> <m:item name='上传新文件' link='media_add.php' rank='' target='main' />


+ 29
- 23
src/include/dedesqlite.class.php 查看文件

@@ -104,7 +104,7 @@ class DedeSqlite
$this->linkID = $dsqlite->linkID; $this->linkID = $dsqlite->linkID;
} else { } else {
$this->linkID = new SQLite3(DEDEDATA.'/'.$this->dbName.'.db');
$this->linkID = new SQLite3(DEDEDATA . '/' . $this->dbName . '.db');
//复制一个对象副本 //复制一个对象副本
CopySQLiPoint($this); CopySQLiPoint($this);
@@ -178,7 +178,7 @@ class DedeSqlite
} }
if (is_array($this->parameters)) { if (is_array($this->parameters)) {
foreach ($this->parameters as $key => $value) { foreach ($this->parameters as $key => $value) {
$this->queryString = str_replace("@".$key, "'$value'", $this->queryString);
$this->queryString = str_replace("@" . $key, "'$value'", $this->queryString);
} }
} }
//SQL语句安全检查 //SQL语句安全检查
@@ -216,7 +216,7 @@ class DedeSqlite
} }
if (is_array($this->parameters)) { if (is_array($this->parameters)) {
foreach ($this->parameters as $key => $value) { foreach ($this->parameters as $key => $value) {
$this->queryString = str_replace("@".$key, "'$value'", $this->queryString);
$this->queryString = str_replace("@" . $key, "'$value'", $this->queryString);
} }
} }
$t1 = ExecTime(); $t1 = ExecTime();
@@ -281,7 +281,7 @@ class DedeSqlite
} }
if ($this->result[$id] === FALSE) { if ($this->result[$id] === FALSE) {
$this->DisplayError($this->linkID->lastErrorMsg()." <br />Error sql: <font color='red'>".$this->queryString."</font>");
$this->DisplayError($this->linkID->lastErrorMsg() . " <br />Error sql: <font color='red'>" . $this->queryString . "</font>");
} }
} }
@@ -302,7 +302,7 @@ class DedeSqlite
$dsqlite->isClose = FALSE; $dsqlite->isClose = FALSE;
} }
if (!empty($sql)) { if (!empty($sql)) {
if (!preg_match("/LIMIT/i", $sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql))." LIMIT 0,1;");
if (!preg_match("/LIMIT/i", $sql)) $this->SetQuery(preg_replace("/[,;]$/i", '', trim($sql)) . " LIMIT 0,1;");
else $this->SetQuery($sql); else $this->SetQuery($sql);
} }
$this->Execute("one"); $this->Execute("one");
@@ -348,12 +348,16 @@ class DedeSqlite
if ($this->result[$id] === 0) { if ($this->result[$id] === 0) {
return FALSE; return FALSE;
} else { } else {
$rs = $this->result[$id]->fetchArray($acctype);
if (!$rs) {
$this->result[$id] = 0;
if ($this->result[$id]) {
$rs = $this->result[$id]->fetchArray($acctype);
if (!$rs) {
$this->result[$id] = 0;
return false;
}
return $rs;
} else {
return false; return false;
} }
return $rs;
} }
} }
@@ -361,10 +365,12 @@ class DedeSqlite
{ {
if (!isset($this->_fixObject[$id])) { if (!isset($this->_fixObject[$id])) {
$this->_fixObject[$id] = array(); $this->_fixObject[$id] = array();
while ($row = $this->result[$id]->fetchArray(SQLITE3_ASSOC)) {
$this->_fixObject[$id][] = (object)$row;
if ($this->result[$id]) {
while ($row = $this->result[$id]->fetchArray(SQLITE3_ASSOC)) {
$this->_fixObject[$id][] = (object)$row;
}
$this->result[$id]->reset();
} }
$this->result[$id]->reset();
} }
return array_shift($this->_fixObject[$id]); return array_shift($this->_fixObject[$id]);
} }
@@ -402,7 +408,7 @@ class DedeSqlite
$sqlite_version = $rs; $sqlite_version = $rs;
if ($isformat) { if ($isformat) {
$sqlite_versions = explode(".", trim($sqlite_version)); $sqlite_versions = explode(".", trim($sqlite_version));
$sqlite_version = number_format($sqlite_versions[0].".".$sqlite_versions[1], 2);
$sqlite_version = number_format($sqlite_versions[0] . "." . $sqlite_versions[1], 2);
} }
return $sqlite_version; return $sqlite_version;
} }
@@ -524,7 +530,7 @@ class DedeSqlite
function RecordLog($runtime = 0) function RecordLog($runtime = 0)
{ {
$RecordLogFile = dirname(__FILE__).'/../data/mysqli_record_log.inc';
$RecordLogFile = dirname(__FILE__) . '/../data/mysqli_record_log.inc';
$url = $this->GetCurUrl(); $url = $this->GetCurUrl();
$savemsg = <<<EOT $savemsg = <<<EOT
@@ -541,26 +547,26 @@ EOT;
//显示数据链接错误信息 //显示数据链接错误信息
function DisplayError($msg) function DisplayError($msg)
{ {
$errorTrackFile = dirname(__FILE__).'/../data/mysqli_error_trace.inc';
if (file_exists(dirname(__FILE__).'/../data/mysqli_error_trace.php')) {
@unlink(dirname(__FILE__).'/../data/mysqli_error_trace.php');
$errorTrackFile = dirname(__FILE__) . '/../data/mysqli_error_trace.inc';
if (file_exists(dirname(__FILE__) . '/../data/mysqli_error_trace.php')) {
@unlink(dirname(__FILE__) . '/../data/mysqli_error_trace.php');
} }
if ($this->showError) { if ($this->showError) {
$emsg = ''; $emsg = '';
$emsg .= "<div><h3>DedeBIZ Error Warning!</h3>\r\n"; $emsg .= "<div><h3>DedeBIZ Error Warning!</h3>\r\n";
$emsg .= "<div><a href='https://www.dedebiz.com' target='_blank' style='color:red'>Technical Support: https://www.dedebiz.com</a></div>"; $emsg .= "<div><a href='https://www.dedebiz.com' target='_blank' style='color:red'>Technical Support: https://www.dedebiz.com</a></div>";
$emsg .= "<div style='line-helght:160%;font-size:14px;color:green'>\r\n"; $emsg .= "<div style='line-helght:160%;font-size:14px;color:green'>\r\n";
$emsg .= "<div style='color:blue'><br />Error page: <font color='red'>".$this->GetCurUrl()."</font></div>\r\n";
$emsg .= "<div style='color:blue'><br />Error page: <font color='red'>" . $this->GetCurUrl() . "</font></div>\r\n";
$emsg .= "<div>Error infos: {$msg}</div>\r\n"; $emsg .= "<div>Error infos: {$msg}</div>\r\n";
$emsg .= "<br /></div></div>\r\n"; $emsg .= "<br /></div></div>\r\n";
echo $emsg; echo $emsg;
} }
$savemsg = 'Page: '.$this->GetCurUrl()."\r\nError: ".$msg."\r\nTime".date('Y-m-d H:i:s');
$savemsg = 'Page: ' . $this->GetCurUrl() . "\r\nError: " . $msg . "\r\nTime" . date('Y-m-d H:i:s');
//保存MySql错误日志 //保存MySql错误日志
$fp = @fopen($errorTrackFile, 'a'); $fp = @fopen($errorTrackFile, 'a');
@fwrite($fp, '<'.'?php exit();'."\r\n/*\r\n{$savemsg}\r\n*/\r\n?".">\r\n");
@fwrite($fp, '<' . '?php exit();' . "\r\n/*\r\n{$savemsg}\r\n*/\r\n?" . ">\r\n");
@fclose($fp); @fclose($fp);
} }
@@ -575,7 +581,7 @@ EOT;
if (empty($_SERVER["QUERY_STRING"])) { if (empty($_SERVER["QUERY_STRING"])) {
$nowurl = $scriptName; $nowurl = $scriptName;
} else { } else {
$nowurl = $scriptName."?".$_SERVER["QUERY_STRING"];
$nowurl = $scriptName . "?" . $_SERVER["QUERY_STRING"];
} }
} }
return $nowurl; return $nowurl;
@@ -597,7 +603,7 @@ if (!function_exists('CheckSql')) {
$error = ''; $error = '';
$old_pos = 0; $old_pos = 0;
$pos = -1; $pos = -1;
$log_file = DEDEINC.'/../data/'.md5($cfg_cookie_encode).'_safe.txt';
$log_file = DEDEINC . '/../data/' . md5($cfg_cookie_encode) . '_safe.txt';
$userIP = GetIP(); $userIP = GetIP();
$getUrl = GetCurUrl(); $getUrl = GetCurUrl();
@@ -606,7 +612,7 @@ if (!function_exists('CheckSql')) {
$notallow1 = "[^0-9a-z@\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]{1,}"; $notallow1 = "[^0-9a-z@\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]{1,}";
//$notallow2 = "--|/\*"; //$notallow2 = "--|/\*";
if (preg_match("/".$notallow1."/i", $db_string)) {
if (preg_match("/" . $notallow1 . "/i", $db_string)) {
fputs(fopen($log_file, 'a+'), "$userIP||$getUrl||$db_string||SelectBreak\r\n"); fputs(fopen($log_file, 'a+'), "$userIP||$getUrl||$db_string||SelectBreak\r\n");
exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>"); exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>");
} }


Write Preview
Loading…
取消
儲存