diff --git a/src/admin/baidunews.php b/src/admin/baidunews.php
index d63787df..a1d5174a 100644
--- a/src/admin/baidunews.php
+++ b/src/admin/baidunews.php
@@ -9,7 +9,8 @@
* @link https://www.dedebiz.com
*/
require_once(dirname(__FILE__)."/config.php");
-
+$filename = str_replace("..", "", $filename);
+$filename = str_replace("{cmspath}", $cfg_cmspath, $filename);
if (empty($do)) {
include DEDEADMIN.'/templets/baidunews.htm';
} else {
@@ -25,9 +26,9 @@ if (empty($do)) {
}
$query = "SELECT maintable.*, addtable.body, arctype.typename
- FROM #@__archives maintable
- LEFT JOIN #@__addonarticle addtable ON addtable.aid=maintable.id
- LEFT JOIN #@__arctype arctype ON arctype.ID=maintable.typeid
+ FROM `#@__archives` maintable
+ LEFT JOIN `#@__addonarticle` addtable ON addtable.aid=maintable.id
+ LEFT JOIN `#@__arctype` arctype ON arctype.ID=maintable.typeid
WHERE maintable.channel=1 and maintable.arcrank!=-1 ORDER BY maintable.pubdate DESC LIMIT $limit
";
$dsql->SetQuery($query);
@@ -69,9 +70,9 @@ if (empty($do)) {
$baidunews .= "\n";
}
$baidunews .= "\n";
-
- $fp = fopen(dirname(__FILE__).'/'.$filename, 'w');
+ $fname = str_replace("//","/",DEDEROOT.$filename) ;
+ $fp = fopen($fname, 'w');
fwrite($fp, $baidunews);
fclose($fp);
- showmsg("{$filename} make success", 'javascript:;');
+ showmsg("{$filename}生成成功", 'javascript:;');
}
diff --git a/src/admin/templets/baidunews.htm b/src/admin/templets/baidunews.htm
index 3be2bae9..434fa586 100644
--- a/src/admin/templets/baidunews.htm
+++ b/src/admin/templets/baidunews.htm
@@ -26,7 +26,7 @@
| 文件名: |
- |
+ |
|