From adf744f9ed14b4ec46a35291efde85e23aa5407e Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 19:10:09 +0800
Subject: [PATCH 1/5] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E9=83=A8=E5=88=86?=
 =?UTF-8?q?=E5=AD=98=E5=9C=A8=E7=9A=84=E5=AE=89=E5=85=A8=E9=9A=90=E6=82=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                           | 1 +
 src/dede/article_keywords_select.php | 2 ++
 src/dede/content_list.php            | 2 ++
 src/dede/file_pic_view.php           | 1 +
 src/dede/login.php                   | 2 ++
 src/dede/pic_view.php                | 1 +
 src/include/dialog/select_images.php | 1 +
 src/member/login.php                 | 1 +
 src/plus/download.php                | 7 +++++--
 src/plus/recommend.php               | 2 +-
 src/plus/search.php                  | 1 +
 11 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index a19302f..4badc84 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ src/index.html
 src/data/admin/
 src/data/module/
 src/uploads/*.php
+src/data/time.lock.inc
diff --git a/src/dede/article_keywords_select.php b/src/dede/article_keywords_select.php
index 6725e8f..2124c50 100755
--- a/src/dede/article_keywords_select.php
+++ b/src/dede/article_keywords_select.php
@@ -12,6 +12,8 @@ require_once(dirname(__FILE__)."/config.php");
 require_once(DEDEINC."/datalistcp.class.php");
 setcookie("ENV_GOBACK_URL",$dedeNowurl,time()+3600,"/");
 
+$f = RemoveXSS($f);
+
 if(empty($keywords)) $keywords = "";
 
 $sql = "SELECT * FROM #@__keywords ORDER BY rank DESC";
diff --git a/src/dede/content_list.php b/src/dede/content_list.php
index 74cc5f3..f5bf652 100755
--- a/src/dede/content_list.php
+++ b/src/dede/content_list.php
@@ -24,6 +24,8 @@ if(!isset($flag)) $flag = '';
 if(!isset($arcrank)) $arcrank = '';
 if(!isset($dopost)) $dopost = '';
 
+$arcrank = RemoveXSS($arcrank);
+
 //检查权限许可,总权限
 CheckPurview('a_List,a_AccList,a_MyList');
 
diff --git a/src/dede/file_pic_view.php b/src/dede/file_pic_view.php
index 4a315f4..03e6bb1 100755
--- a/src/dede/file_pic_view.php
+++ b/src/dede/file_pic_view.php
@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath=$cfg_medias_dir;
 
 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
+$activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/file_pic_view.htm');
diff --git a/src/dede/login.php b/src/dede/login.php
index 240d1d9..a554274 100755
--- a/src/dede/login.php
+++ b/src/dede/login.php
@@ -12,6 +12,8 @@ require_once(dirname(__FILE__).'/../include/common.inc.php');
 require_once(DEDEINC.'/userlogin.class.php');
 if(empty($dopost)) $dopost = '';
 
+$gotopage = RemoveXSS($gotopage);
+
 //检测安装目录安全性
 if( is_dir(dirname(__FILE__).'/../install') )
 {
diff --git a/src/dede/pic_view.php b/src/dede/pic_view.php
index 6efdbff..1d00514 100755
--- a/src/dede/pic_view.php
+++ b/src/dede/pic_view.php
@@ -13,6 +13,7 @@ CheckPurview('pic_view');
 if(empty($activepath)) $activepath = $cfg_medias_dir;
 
 $activepath = preg_replace("#\/{1,}#", "/", $activepath);
+$activepath = RemoveXSS($activepath);
 $truePath = $cfg_basedir.$activepath;
 $listSize=5;
 include DedeInclude('templets/pic_view.htm');
diff --git a/src/include/dialog/select_images.php b/src/include/dialog/select_images.php
index 07d18dd..956d89e 100755
--- a/src/include/dialog/select_images.php
+++ b/src/include/dialog/select_images.php
@@ -33,6 +33,7 @@ if(empty($f))
 {
     $f = 'form1.picname';
 }
+$f = RemoveXSS($f);
 if(empty($v))
 {
     $v = 'picview';
diff --git a/src/member/login.php b/src/member/login.php
index f135723..9d568f9 100755
--- a/src/member/login.php
+++ b/src/member/login.php
@@ -7,6 +7,7 @@
  * @link           http://www.dedecms.com
  */
 require_once(dirname(__FILE__)."/config.php");
+$gourl = RemoveXSS($gourl);
 if($cfg_ml->IsLogin())
 {
     ShowMsg('你已经登陆系统,无需重新注册!', 'index.php');
diff --git a/src/plus/download.php b/src/plus/download.php
index 754bdf0..c4a6b2c 100755
--- a/src/plus/download.php
+++ b/src/plus/download.php
@@ -57,6 +57,7 @@ else if($open==1)
     //更新下载次数
     $id = isset($id) && is_numeric($id) ? $id : 0;
     $link = base64_decode(urldecode($link));
+    $linkinfo = parse_url($link);
     if ( !$link )
     {
         ShowMsg('无效地址','javascript:;');
@@ -77,9 +78,11 @@ else if($open==1)
     {
         $site = explode('|', $site);
         $domain = parse_url(trim($site[0]));
-        $allowed[] = $domain['host'];
+        if ($domain['host'] ) {
+            $allowed[] = $domain['host'];
+        }
     }
-    
+
     if ( !in_array($linkinfo['host'], $allowed) )
     {
         ShowMsg('非下载地址,禁止访问','javascript:;');
diff --git a/src/plus/recommend.php b/src/plus/recommend.php
index 6db98f1..9d585b1 100755
--- a/src/plus/recommend.php
+++ b/src/plus/recommend.php
@@ -12,7 +12,7 @@
 require_once(dirname(__FILE__)."/../include/common.inc.php");
 require_once(DEDEINC."/channelunit.class.php");
 if(!isset($action)) $action = '';
-
+unset($_FILES);
 if(isset($arcID)) $aid = $arcID;
 $arcID = $aid = (isset($aid) && is_numeric($aid) ? $aid : 0);
 $type = (!isset($type) ? "" : $type);
diff --git a/src/plus/search.php b/src/plus/search.php
index 7d29462..8f8205b 100755
--- a/src/plus/search.php
+++ b/src/plus/search.php
@@ -17,6 +17,7 @@ $typeid = (isset($typeid) && is_numeric($typeid)) ? $typeid : 0;
 $channeltype = (isset($channeltype) && is_numeric($channeltype)) ? $channeltype : 0;
 $kwtype = (isset($kwtype) && is_numeric($kwtype)) ? $kwtype : 0;
 $mid = (isset($mid) && is_numeric($mid)) ? $mid : 0;
+unset($typeArr);
 
 if(!isset($orderby)) $orderby='';
 else $orderby = preg_replace("#[^a-z]#i", '', $orderby);

From 41e1fd92e43eb0bdf54edfb91f9c530230f7025a Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 19:11:41 +0800
Subject: [PATCH 2/5] =?UTF-8?q?=E5=BA=95=E9=83=A8=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=E4=BB=8E2019=E6=9B=B4=E6=96=B0=E5=88=B02020=E5=B9=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/member/templets/index-notlogin.htm | 2 +-
 src/member/templets/login.htm          | 2 +-
 src/member/templets/reg-new.htm        | 2 +-
 src/member/templets/reg-new2.htm       | 2 +-
 src/member/templets/reg-new3.htm       | 2 +-
 src/member/templets/resetpassword.htm  | 2 +-
 src/member/templets/resetpassword2.htm | 2 +-
 src/member/templets/resetpassword3.htm | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/member/templets/index-notlogin.htm b/src/member/templets/index-notlogin.htm
index c1eba81..8e193b1 100755
--- a/src/member/templets/index-notlogin.htm
+++ b/src/member/templets/index-notlogin.htm
@@ -98,7 +98,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/login.htm b/src/member/templets/login.htm
index 691c0d5..aecc92c 100755
--- a/src/member/templets/login.htm
+++ b/src/member/templets/login.htm
@@ -105,7 +105,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/reg-new.htm b/src/member/templets/reg-new.htm
index 3594054..81883d5 100755
--- a/src/member/templets/reg-new.htm
+++ b/src/member/templets/reg-new.htm
@@ -201,7 +201,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/reg-new2.htm b/src/member/templets/reg-new2.htm
index 5209f38..97efd1b 100755
--- a/src/member/templets/reg-new2.htm
+++ b/src/member/templets/reg-new2.htm
@@ -116,7 +116,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/reg-new3.htm b/src/member/templets/reg-new3.htm
index 20bc987..abb42dc 100755
--- a/src/member/templets/reg-new3.htm
+++ b/src/member/templets/reg-new3.htm
@@ -54,7 +54,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time"></div>
 </div>
 </body>
diff --git a/src/member/templets/resetpassword.htm b/src/member/templets/resetpassword.htm
index 4dc4d6b..7698896 100755
--- a/src/member/templets/resetpassword.htm
+++ b/src/member/templets/resetpassword.htm
@@ -129,7 +129,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/resetpassword2.htm b/src/member/templets/resetpassword2.htm
index d69c9bf..dc31a4d 100755
--- a/src/member/templets/resetpassword2.htm
+++ b/src/member/templets/resetpassword2.htm
@@ -130,7 +130,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>
diff --git a/src/member/templets/resetpassword3.htm b/src/member/templets/resetpassword3.htm
index e7ee038..5b3c7f1 100755
--- a/src/member/templets/resetpassword3.htm
+++ b/src/member/templets/resetpassword3.htm
@@ -127,7 +127,7 @@ document.write("午夜好,");
 	}
 </script>
 <div class="footer bor">
-  <div class="fLeft mL10">Copyright &copy; 2004-2019 DedeCMS. 织梦科技 版权所有</div>
+  <div class="fLeft mL10">Copyright &copy; 2004-2020 DedeCMS. 织梦科技 版权所有</div>
   <div class="fRight mR10" id="time">  </div>
 </div>
 </body>

From 766853fa6bc2df9b5dcdd5dbfa1317949080286d Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 19:18:29 +0800
Subject: [PATCH 3/5] Update qrcode.lib.php

---
 src/include/taglib/qrcode.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/include/taglib/qrcode.lib.php b/src/include/taglib/qrcode.lib.php
index 5a1222f..14379d0 100755
--- a/src/include/taglib/qrcode.lib.php
+++ b/src/include/taglib/qrcode.lib.php
@@ -37,7 +37,7 @@ function lib_qrcode(&$ctag,&$refObj)
   	var __dedeqrcode_id={$GLOBALS['qrcode_id']};
   	var __dedeqrcode_aid={$id};
   	var __dedeqrcode_type='{$type}';
-  	var __dedeqrcode_dir='{$GLOBALS['cfg_images_dir']}';
+  	var __dedeqrcode_dir='{$GLOBALS['cfg_plus_dir']}';
   </script>
   <script language="javascript" type="text/javascript" src="{$GLOBALS['cfg_images_dir']}/img/qrcode.js"></script>
 EOT;

From 08fe541e4bbffd07c9deb048e66bf9196a357238 Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 19:26:29 +0800
Subject: [PATCH 4/5] =?UTF-8?q?=E8=B0=83=E6=95=B4=E5=90=8E=E5=8F=B0?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2=E8=AF=B4=E6=98=8E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/dede/templets/index_body.htm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/dede/templets/index_body.htm b/src/dede/templets/index_body.htm
index 7ed275e..c41bd41 100755
--- a/src/dede/templets/index_body.htm
+++ b/src/dede/templets/index_body.htm
@@ -188,11 +188,11 @@ $(function()
                 <table width="98%" class="dboxtable">
                     <tr>
                         <td width='25%' height='36' class='nline' style="text-align:right"> 主程序研发: </td>
-                        <td class='nline' style="text-align:left"><a href="http://www.desdev.cn/team.php" target="_blank" style="color:blue">织梦团队</a></td>
+                        <td class='nline' style="text-align:left"><a href="https://github.com/dedetech" target="_blank" style="color:blue">织梦团队</a></td>
                     </tr>
                     <tr>
                         <td height='36' class='nline' style="text-align:right">鸣谢:</td>
-                        <td class='nline' style="text-align:left"><a href="http://www.desdev.cn/dedecms-thanks.html" target="_blank" style="color:blue">热心用户</a>、<a href="http://www.dedecms.com/thanks.html" target="_blank" style="color:blue">赞助商</a></td>
+                        <td class='nline' style="text-align:left"><a href="https://github.com/dedetech/DedeCMSv5/graphs/contributors" target="_blank" style="color:blue">热心用户</a>、<a href="http://www.dedecms.com/thanks.html" target="_blank" style="color:blue">赞助商</a></td>
                     </tr>
                 </table>
             </dd>

From 487d83b8b795a3a481e54abc9ac5e4237fbc89c9 Mon Sep 17 00:00:00 2001
From: llgoer <llgoer@github.com>
Date: Sat, 25 Apr 2020 19:42:04 +0800
Subject: [PATCH 5/5] Update .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 4badc84..8e2043a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ src/data/admin/
 src/data/module/
 src/uploads/*.php
 src/data/time.lock.inc
+src/m/index.html