地址跳转问题

src/admin/inc/inc_archives_all.php

@@ -178,7 +178,7 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '')
         }
         $iurl = trim(str_replace($GLOBALS['cfg_basehost'], "", $iurl));
         $imgurl = "{dede:img text='' width='' height=''} ".$iurl." {/dede:img}";
-        if (preg_match("#^http:\/\/#i", $iurl) && $GLOBALS['isUrlOpen']) {
+        if (preg_match("#^(http|https):\/\/#i", $iurl) && $GLOBALS['isUrlOpen']) {
             //远程图片
             $reimgs = "";
             if ($isUrlOpen) {

src/admin/templets/diy_list.htm

@@ -41,7 +41,7 @@
 						if ($fielddata[1]=='img') {
 							$fields[$field] = "<a href='{$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>图片附件</a>";
 						} else if ($fielddata[1]=='addon') {
-						$fields[$field] = "<a href='{$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>其它附件</a>";
+						$fields[$field] = "<a href='../apps/jump.php?url={$fields[$field]}' target='_blank' class='btn btn-light btn-sm'>其它附件</a>";
 						} else {
 							if (!in_array($fielddata[1],$allowhtml)) {
 								$fields[$field] = dede_htmlspecialchars($fields[$field]);
@@ -61,7 +61,7 @@
 						<label><input type="radio" name="action" value="check"> 审核</label>
 						<label class="mr-2 ml-2"><input type="radio" name="action" value="delete"> 删除</label>
 						<button type="submit" name="submit" class="btn btn-success btn-sm">提交</button>
-						<a href="/apps/diy.php?action=list&diyid=<?php echo $diy->diyid;?>" target="_blank" class="btn btn-success btn-sm">预览</a>
+						<a href="../apps/diy.php?action=list&diyid=<?php echo $diy->diyid;?>" target="_blank" class="btn btn-success btn-sm">预览</a>
 					</td>
 				</tr>
 				<tr>

src/apps/jump.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * 用于地址跳转
+ *
+ * @version        $id:jump.php$
+ * @package        DedeBIZ.Site
+ * @copyright      Copyright (c) 2022 DedeBIZ.COM
+ * @license        https://www.dedebiz.com/license
+ * @link           https://www.dedebiz.com
+ */
+require_once(dirname(__FILE__).'/../system/common.inc.php');
+require_once(DEDEINC."/libraries/oxwindow.class.php");
+$url = isset($url)? RemoveXSS($url) : '';
+if (preg_match("#^http#", $url)) {
+    $rur = parse_url($url);
+    $loc = parse_url($cfg_basehost);
+    if (!$rur || !$loc) {
+        ShowMsg("地址错误","javascript:;");
+        exit;
+    }
+    if ($rur['host'] !== $loc['host']) {
+        //如果不是本站点的，则需要点击进行跳转
+        $wintitle = "将要访问";
+        $msg = "<code>$url</code><p><a href='$url' class='btn btn-success mt-2'>继续访问</a></p>";
+        $wecome_info = "页面跳转提示";
+        $win = new OxWindow();
+        $win->AddTitle("您将要访问的链接不属于当前站点，请关注您的账号安全。");
+        $win->AddMsgItem($msg);
+        $winform = $win->GetWindow("hand", "&nbsp;", false);
+        $win->Display();
+    } else {
+        header('HTTP/1.1 301 Moved Permanently');
+        header('Location:'.$url);
+    }
+} else {
+    ShowMsg("地址错误","javascript:;");
+    exit;
+}
+?>

src/system/customfields.func.php

@@ -219,7 +219,7 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '', $a
         CloseFtp();
         return $filename;
     } else if ($dtype == 'img' || $dtype == 'imgfile') {
-        if (preg_match("#[\\|/]static[\\|/]userup#", $dvalue)) return $dvalue;
+        if (preg_match("#[\\|/]static[\\|/]userup#", $dvalue)) return addslashes($dvalue);
         if ($admintype == 'diy') {
             $iurl = MemberUploads($fieldname, '', 0, 'image', '', -1, -1, false);
             return $iurl;
@@ -264,7 +264,9 @@ function GetFieldValue($dvalue, $dtype, $aid = 0, $job = 'add', $addvar = '', $a
         }
         return addslashes($imgurl);
     } else if ($dtype == 'addon' && $admintype == 'diy') {
-        if (preg_match("#[\\|/]uploads[\\|/]userup#", $dvalue)) return $dvalue;
+        if ($admintype == 'diy') {
+            return addslashes($dvalue);
+        }
         $dvalue = MemberUploads($fieldname, '', 0, 'addon', '', -1, -1, false);
         return $dvalue;
     } else {