DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 Commits
3 Branches
110MB
Tree: 4204cfe0a4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4204cfe0a4'
${ noResults }
DedeV6/src/plus/guestbook/edit.inc.php

74 lines
2.3KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * @version        $Id: edit.inc.php 1 10:06 2010-11-10 tianya $

  4.  * @package        DedeCMS.Site

  5.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  6.  * @license        http://help.dedecms.com/usersguide/license.html

  7.  * @link           http://www.dedecms.com

  8.  */

  9. if(!defined('DEDEINC')) exit('Request Error!');

  10. 

  11. if(!empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS = $_COOKIE['GUEST_BOOK_POS'];

  12. else $GUEST_BOOK_POS = "guestbook.php";

  13. 

  14. $id = intval($id);

  15. if(empty($job)) $job='view';

  16. 

  17. if($job=='del' && $g_isadmin)

  18. {

  19.     $dsql->ExecuteNoneQuery(" DELETE FROM `#@__guestbook` WHERE id='$id' ");

  20.     ShowMsg("成功删除一条留言!", $GUEST_BOOK_POS);

  21.     exit();

  22. }

  23. else if($job=='check' && $g_isadmin)

  24. {

  25.     $dsql->ExecuteNoneQuery(" UPDATE `#@__guestbook` SET ischeck=1 WHERE id='$id' ");

  26.     ShowMsg("成功审核一条留言!", $GUEST_BOOK_POS);

  27.     exit();

  28. }

  29. else if($job=='editok')

  30. {

  31.     $remsg = trim($remsg);

  32.     if($remsg!='')

  33.     {

  34.         //管理员回复不过滤HTML

  35.         if($g_isadmin)

  36.         {

  37.             $msg = "<div class=\\'rebox\\'>".$msg."</div>\n".$remsg; 

  38.             //$remsg <br><font color=red>管理员回复:</font>

  39.         }

  40.         else

  41.         {

  42.             $row = $dsql->GetOne("SELECT msg From `#@__guestbook` WHERE id='$id' ");

  43.             $oldmsg = "<div class=\\'rebox\\'>".addslashes($row['msg'])."</div>\n";

  44.             $remsg = trimMsg(cn_substrR($remsg, 1024), 1);

  45.             $msg = $oldmsg.$remsg;

  46.         }

  47.     } else {

  48.         if(!$g_isadmin)

  49.         {

  50.             ShowMsg("无权提交修改当前留言!", $GUEST_BOOK_POS);

  51.             exit();

  52.         }

  53.     }

  54. 	$msg = HtmlReplace($msg, -1);

  55. 	/*

  56. 	漏洞描述:dedecms留言板注入漏洞。

  57. 	*/

  58. 	$msg = addslashes($msg);

  59.     $dsql->ExecuteNoneQuery("UPDATE `#@__guestbook` SET `msg`='$msg', `posttime`='".time()."' WHERE id='$id' ");

  60.     ShowMsg("成功更改或回复一条留言!", $GUEST_BOOK_POS);

  61.     exit();

  62. }

  63. 

  64. if($g_isadmin)

  65. {

  66.     $row = $dsql->GetOne("SELECT * FROM `#@__guestbook` WHERE id='$id'");

  67.     require_once(DEDETEMPLATE.'/plus/guestbook-admin.htm');

  68. }

  69. else

  70. {

  71.     $row = $dsql->GetOne("SELECT id,title FROM `#@__guestbook` WHERE id='$id'");

  72.     require_once(DEDETEMPLATE.'/plus/guestbook-user.htm');

  73. }