ExecuteNoneQuery(" DELETE FROM `#@__guestbook` WHERE id='$id' ");
ShowMsg("成功删除一条留言!", $GUEST_BOOK_POS);
exit();
}
else if($job=='check' && $g_isadmin)
{
$dsql->ExecuteNoneQuery(" UPDATE `#@__guestbook` SET ischeck=1 WHERE id='$id' ");
ShowMsg("成功审核一条留言!", $GUEST_BOOK_POS);
exit();
}
else if($job=='editok')
{
$remsg = trim($remsg);
if($remsg!='')
{
//管理员回复不过滤HTML
if($g_isadmin)
{
$msg = "".$msg."
\n".$remsg;
//$remsg
管理员回复:
}
else
{
$row = $dsql->GetOne("SELECT msg From `#@__guestbook` WHERE id='$id' ");
$oldmsg = "".addslashes($row['msg'])."
\n";
$remsg = trimMsg(cn_substrR($remsg, 1024), 1);
$msg = $oldmsg.$remsg;
}
} else {
if(!$g_isadmin)
{
ShowMsg("无权提交修改当前留言!", $GUEST_BOOK_POS);
exit();
}
}
$msg = HtmlReplace($msg, -1);
/*
漏洞描述:dedecms留言板注入漏洞。
*/
$msg = addslashes($msg);
$dsql->ExecuteNoneQuery("UPDATE `#@__guestbook` SET `msg`='$msg', `posttime`='".time()."' WHERE id='$id' ");
ShowMsg("成功更改或回复一条留言!", $GUEST_BOOK_POS);
exit();
}
if($g_isadmin)
{
$row = $dsql->GetOne("SELECT * FROM `#@__guestbook` WHERE id='$id'");
require_once(DEDETEMPLATE.'/plus/guestbook-admin.htm');
}
else
{
$row = $dsql->GetOne("SELECT id,title FROM `#@__guestbook` WHERE id='$id'");
require_once(DEDETEMPLATE.'/plus/guestbook-user.htm');
}