叙述、别离
1 年之前
共有 1 個檔案被更改,包括 41 行新增 和 38 行删除
統一視圖
Diff Options
-
+41 -38src/system/common.func.php
+ 41
- 38
src/system/common.func.php
查看文件
| @@ -527,7 +527,7 @@ function GetUpdateSQL() | |||||
| fclose($fp); | fclose($fp); | ||||
| return $result; | return $result; | ||||
| } | } | ||||
| /*会员中心调用默认主题模板<?php obtaintheme('head.htm');?>*/ | |||||
| /*会员中心调用主题模板<?php obtaintheme('head.htm');?>*/ | |||||
| if (!function_exists('obtaintheme')) { | if (!function_exists('obtaintheme')) { | ||||
| require_once DEDEINC."/archive/partview.class.php"; | require_once DEDEINC."/archive/partview.class.php"; | ||||
| function obtaintheme($path) | function obtaintheme($path) | ||||
| @@ -554,7 +554,7 @@ if (!function_exists('obtaintags')) { | |||||
| return $tags; | return $tags; | ||||
| } | } | ||||
| } | } | ||||
| //提取文档多图片[field:body function='obtainimgs(@me,3)'/]3表示调用文档3张图片,body则列表附加字段需添加body字段 | |||||
| //提取文档多图片[field:body function='obtainimgs(@me,3)'/]3表示调用文档3张图片,则附加字段需添加body字段调用 | |||||
| if (!function_exists('obtainimgs')) { | if (!function_exists('obtainimgs')) { | ||||
| function obtainimgs($string, $num) | function obtainimgs($string, $num) | ||||
| { | { | ||||
| @@ -571,39 +571,7 @@ if (!function_exists('obtainimgs')) { | |||||
| return $result; | return $result; | ||||
| } | } | ||||
| } | } | ||||
| //联动单筛选{dede:php}obtainfilter(模型id,类型,'字段1,字段2');{/dede:php}类型有三种,对应以下case值 | |||||
| function litimgurls($imgid = 0) | |||||
| { | |||||
| global $dsql, $lit_imglist; | |||||
| $row = $dsql->GetOne("SELECT c.addtable FROM `#@__archives` AS a LEFT JOIN `#@__channeltype` AS c ON a.channel=c.id WHERE a.id='$imgid'"); | |||||
| $addtable = trim($row['addtable']); | |||||
| $row = $dsql->GetOne("SELECT imgurls FROM `$addtable` WHERE aid='$imgid'"); | |||||
| $ChannelUnit = new ChannelUnit(2, $imgid); | |||||
| $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']); | |||||
| return $lit_imglist; | |||||
| } | |||||
| //联动单筛选字符过滤函数 | |||||
| function string_filter($str, $stype = "inject") | |||||
| { | |||||
| if ($stype == "inject") { | |||||
| $str = str_replace( | |||||
| array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"), | |||||
| array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""), | |||||
| $str | |||||
| ); | |||||
| } else if ($stype == "xss") { | |||||
| $farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",); | |||||
| $tarr = array(" ", "", "\\1\\2",); | |||||
| $str = preg_replace($farr, $tarr, $str); | |||||
| $str = str_replace( | |||||
| array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"), | |||||
| array("<", ">", "", "", "", "", "", "", ""), | |||||
| $str | |||||
| ); | |||||
| } | |||||
| return $str; | |||||
| } | |||||
| //联动单筛选三种类型显示 | |||||
| //联动单筛选{dede:php}obtainfilter(模型id,类型,'字段1,字段2');{/dede:php}类型表示前台展现方式对应case值 | |||||
| function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, $toptid = 0, $loadtype = 'autofield') | function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, $toptid = 0, $loadtype = 'autofield') | ||||
| { | { | ||||
| global $tid, $dsql, $id, $aid; | global $tid, $dsql, $id, $aid; | ||||
| @@ -631,6 +599,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, | |||||
| $fields_value = $href2[0]; | $fields_value = $href2[0]; | ||||
| switch ($type) { | switch ($type) { | ||||
| case 1: | case 1: | ||||
| $dede_addonfields .= '<div class="mb-3">'; | |||||
| $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-outline-success btn-sm">全部</a>' : '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-success btn-sm">全部</a>'); | $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-outline-success btn-sm">全部</a>' : '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" class="btn btn-success btn-sm">全部</a>'); | ||||
| $addonfields_items = explode(",",$ctag->GetAtt('default')); | $addonfields_items = explode(",",$ctag->GetAtt('default')); | ||||
| for ($i=0; $i<count($addonfields_items); $i++) | for ($i=0; $i<count($addonfields_items); $i++) | ||||
| @@ -638,9 +607,10 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, | |||||
| $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]); | $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]); | ||||
| $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'" class="btn btn-outline-success btn-sm">'.$addonfields_items[$i].'</a>' : '<a href="'.$href.'" class="btn btn-success btn-sm">'.$addonfields_items[$i].'</a>'); | $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'" class="btn btn-outline-success btn-sm">'.$addonfields_items[$i].'</a>' : '<a href="'.$href.'" class="btn btn-success btn-sm">'.$addonfields_items[$i].'</a>'); | ||||
| } | } | ||||
| $dede_addonfields .= '</div>'; | |||||
| break; | break; | ||||
| case 2: | case 2: | ||||
| $dede_addonfields .= '<select name="filter'.$ctag->GetName().'" onchange="window.location=this.options[this.selectedIndex].value"> | |||||
| $dede_addonfields .= '<select name="filter'.$ctag->GetName().'" onchange="window.location=this.options[this.selectedIndex].value" class="form-control w-25 mr-3"> | |||||
| '.'<option value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'">全部</option>'; | '.'<option value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'">全部</option>'; | ||||
| $addonfields_items = explode(",",$ctag->GetAtt('default')); | $addonfields_items = explode(",",$ctag->GetAtt('default')); | ||||
| for ($i=0; $i<count($addonfields_items); $i++) | for ($i=0; $i<count($addonfields_items); $i++) | ||||
| @@ -649,10 +619,10 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, | |||||
| $dede_addonfields .= '<option value="'.$href.'"'.($fields_value==urlencode($addonfields_items[$i]) ? ' selected="selected"' : '').'>'.$addonfields_items[$i].'</option> | $dede_addonfields .= '<option value="'.$href.'"'.($fields_value==urlencode($addonfields_items[$i]) ? ' selected="selected"' : '').'>'.$addonfields_items[$i].'</option> | ||||
| '; | '; | ||||
| } | } | ||||
| $dede_addonfields .= '</select> | |||||
| '; | |||||
| $dede_addonfields .= '</select>'; | |||||
| break; | break; | ||||
| case 3: | case 3: | ||||
| $dede_addonfields .= '<div class="mb-3">'; | |||||
| $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" onclick="window.location=this.value">全部</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">全部</span>'); | $dede_addonfields .= (preg_match("/&".$ctag->GetName()."=/is",$filterarr,$regm) ? '<a href="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.str_replace("&".$ctag->GetName()."=".$fields_value,"",$filterarr).'" onclick="window.location=this.value">全部</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">全部</span>'); | ||||
| $addonfields_items = explode(",",$ctag->GetAtt('default')); | $addonfields_items = explode(",",$ctag->GetAtt('default')); | ||||
| for ($i=0; $i<count($addonfields_items); $i++) | for ($i=0; $i<count($addonfields_items); $i++) | ||||
| @@ -660,6 +630,7 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, | |||||
| $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]); | $href = stripos($filterarr,$ctag->GetName().'=') ? str_replace("=".$fields_value,"=".urlencode($addonfields_items[$i]),$filterarr) : $filterarr.'&'.$ctag->GetName().'='.urlencode($addonfields_items[$i]); | ||||
| $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.$href.'" onclick="window.location=this.value">'.$addonfields_items[$i].'</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">'.$addonfields_items[$i].'</span>'); | $dede_addonfields .= ($fields_value!=urlencode($addonfields_items[$i]) ? '<a title="'.$addonfields_items[$i].'" href="'.$href.'"><input type="radio" name="filter'.$ctag->GetName().'" value="'.$href.'" onclick="window.location=this.value">'.$addonfields_items[$i].'</a>' : '<span><input type="radio" name="filter'.$ctag->GetName().'" checked="checked">'.$addonfields_items[$i].'</span>'); | ||||
| } | } | ||||
| $dede_addonfields .= '</div>'; | |||||
| break; | break; | ||||
| } | } | ||||
| } | } | ||||
| @@ -667,6 +638,38 @@ function obtainfilter($channelid, $type = 1, $fieldsnamef = '', $defaulttid = 0, | |||||
| } | } | ||||
| echo $dede_addonfields; | echo $dede_addonfields; | ||||
| } | } | ||||
| //联动单筛选获取附加表 | |||||
| function litimgurls($imgid = 0) | |||||
| { | |||||
| global $dsql, $lit_imglist; | |||||
| $row = $dsql->GetOne("SELECT c.addtable FROM `#@__archives` AS a LEFT JOIN `#@__channeltype` AS c ON a.channel=c.id WHERE a.id='$imgid'"); | |||||
| $addtable = trim($row['addtable']); | |||||
| $row = $dsql->GetOne("SELECT imgurls FROM `$addtable` WHERE aid='$imgid'"); | |||||
| $ChannelUnit = new ChannelUnit(2, $imgid); | |||||
| $lit_imglist = $ChannelUnit->GetlitImgLinks($row['imgurls']); | |||||
| return $lit_imglist; | |||||
| } | |||||
| //联动单筛选字符过滤函数 | |||||
| function string_filter($str, $stype = "inject") | |||||
| { | |||||
| if ($stype == "inject") { | |||||
| $str = str_replace( | |||||
| array("select", "insert", "update", "delete", "alter", "cas", "union", "into", "load_file", "outfile", "create", "join", "where", "like", "drop", "modify", "rename", "'", "/*", "*", "../", "./"), | |||||
| array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""), | |||||
| $str | |||||
| ); | |||||
| } else if ($stype == "xss") { | |||||
| $farr = array("/\s+/", "/<(\/?)(script|META|STYLE|HTML|HEAD|BODY|STYLE |i?frame|b|strong|style|html|img|P|o:p|iframe|u|em|strike|BR|div|a|TABLE|TBODY|object|tr|td|st1:chsdate|FONT|span|MARQUEE|body|title|\r\n|link|meta|\?|\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",); | |||||
| $tarr = array(" ", "", "\\1\\2",); | |||||
| $str = preg_replace($farr, $tarr, $str); | |||||
| $str = str_replace( | |||||
| array("<", ">", "'", "\"", ";", "/*", "*", "../", "./"), | |||||
| array("<", ">", "", "", "", "", "", "", ""), | |||||
| $str | |||||
| ); | |||||
| } | |||||
| return $str; | |||||
| } | |||||
| /** | /** | ||||
| * GetMimeTypeOrExtension | * GetMimeTypeOrExtension | ||||
| * | * | ||||