DedeBIZ
/
DedeV6
Obserwuj 2
Polub 0
Forkuj 0
Kod Oczekujące zmiany 0 Wydania 29 Aktywność
Przeglądaj źródła

系统结构调整,迁出data、system目录更安全

tags/6.1.0^2
tianya 3 lat temu
rodzic
2997f1ed6b
commit
32f84be9bb
26 zmienionych plików z 380 dodań i 25 usunięć
Widok podzielony
Opcje porównania
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania
  1. +21
    -21
      .gitignore
  2. +0
    -0
      data/config.file.inc.php
  3. +0
    -0
      data/downmix.data.php
  4. +0
    -0
      data/mail/index.html
  5. +0
    -0
      data/mark/inc_photowatermark_config.php
  6. +0
    -0
      data/mark/index.html
  7. +0
    -0
      data/mark/mark.gif
  8. +0
    -0
      data/mark/mark.png
  9. +0
    -0
      data/payment/index.html
  10. +0
    -0
      data/safe/inc_safe_config.php
  11. +0
    -0
      data/safe/index.html
  12. +0
    -0
      data/safequestions.php
  13. +0
    -0
      data/smiley.data.php
  14. +0
    -0
      data/tag/index.html
  15. +0
    -0
      data/tag/sql.inc.php
  16. +0
    -0
      data/template.rand.php
  17. +0
    -0
      data/textdata/index.html
  18. +0
    -0
      data/uploadtmp/index.html
  19. +0
    -0
      data/vote/index.html
  20. +0
    -0
      data/ziptmp/index.html
  21. +156
    -0
      public/admin/templets/content_list_d242855ac1da45e5f7dad37c.inc
  22. +198
    -0
      public/admin/templets/feedback_main_48366659e46c0953f54defb4.inc
  23. +1
    -1
      public/index.php
  24. +1
    -1
      public/plus/advancedsearch.php
  25. +2
    -1
      system/common.inc.php
  26. +1
    -1
      system/dedetag.class.php

+ 21
- 21
.gitignore Wyświetl plik

@@ -1,10 +1,10 @@
.DS_Store
public/data/tplcache/
public/data/sessions*
public/data/cache/
public/data/common.inc.php
public/data/config.cache.bak.php
public/data/config.cache.inc.php
data/tplcache/
data/sessions*
data/cache/
data/common.inc.php
data/config.cache.bak.php
data/config.cache.inc.php
public/install/install_lock.txt
public/install/index.php.bak
public/install/index.html
@@ -12,29 +12,29 @@ public/install/module-install.php.bak
public/a/*/
public/uploads/allimg/*
public/.txt
public/data/enums/
data/enums/
public/index.html
public/data/admin/
public/data/module/
data/admin/
data/module/
public/uploads/*.php
public/data/time.lock.inc
data/time.lock.inc
public/m/index.html
public/uploads/userup
public/uploads/20*
public/data/mysqli_error_trace.inc
data/mysqli_error_trace.inc
public/uploads/litimg/*
public/special/*.html
*.bat
public/data/backupdata/*
data/backupdata/*
public/a/*.html
public/data/mkall_cache_*.php
public/data/payment/cod.php
data/mkall_cache_*.php
data/payment/cod.php
public/freelist/
public/data/rss/*
public/data/rssmap.html
public/data/sitemap.html
public/data/js/
public/data/vote/*.js
public/data/module/*.xml
public/data/*.db
data/rss/*
data/rssmap.html
data/sitemap.html
data/js/
data/vote/*.js
data/module/*.xml
data/*.db
public/uploads/soft/*/

public/data/config.file.inc.php → data/config.file.inc.php Wyświetl plik


public/data/downmix.data.php → data/downmix.data.php Wyświetl plik


public/data/mail/index.html → data/mail/index.html Wyświetl plik


public/data/mark/inc_photowatermark_config.php → data/mark/inc_photowatermark_config.php Wyświetl plik


public/data/mark/index.html → data/mark/index.html Wyświetl plik


public/data/mark/mark.gif → data/mark/mark.gif Wyświetl plik


public/data/mark/mark.png → data/mark/mark.png Wyświetl plik


public/data/payment/index.html → data/payment/index.html Wyświetl plik


public/data/safe/inc_safe_config.php → data/safe/inc_safe_config.php Wyświetl plik


public/data/safe/index.html → data/safe/index.html Wyświetl plik


public/data/safequestions.php → data/safequestions.php Wyświetl plik


public/data/smiley.data.php → data/smiley.data.php Wyświetl plik


public/data/tag/index.html → data/tag/index.html Wyświetl plik


public/data/tag/sql.inc.php → data/tag/sql.inc.php Wyświetl plik


public/data/template.rand.php → data/template.rand.php Wyświetl plik


public/data/textdata/index.html → data/textdata/index.html Wyświetl plik


public/data/uploadtmp/index.html → data/uploadtmp/index.html Wyświetl plik


public/data/vote/index.html → data/vote/index.html Wyświetl plik


public/data/ziptmp/index.html → data/ziptmp/index.html Wyświetl plik


+ 156
- 0
public/admin/templets/content_list_d242855ac1da45e5f7dad37c.inc Wyświetl plik

@@ -0,0 +1,156 @@
<?php
if(!isset($GLOBALS['_vars'])) $GLOBALS['_vars'] = array();
$fields = array();
?><!DOCTYPE html>
<html>
<head>
<meta charset="<?php echo $cfg_soft_lang; ?>">
<title>文档管理</title>
<link rel="stylesheet" href="../static/css/bootstrap.min.css">
<link rel="stylesheet" href="../static/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="css/base.css">
<script src="../static/js/jquery.js"></script>
<script src="../static/js/bootstrap.bundle.js"></script>
<script src="../static/js/dedeajax2.js"></script>
<script src="js/ieemu.js"></script>
<script src="js/context_menu.js"></script>
<script src="js/main.js"></script>
<script src="js/list.js"></script>
<style>
.btn+.btn{margin-left:10px}
</style>
</head>
<body leftmargin="8" topmargin="8" background="images/allbg.gif" onLoad="ContextMenu.intializeContextMenu()">
<table width="98%" cellspacing="0" cellpadding="0" align="center" class="table maintable table-bordered mt-3">
<tr>
<td>
<button type="button" class="btn btn-success btn-sm" onClick="location='catalog_do.php?channelid=<?php echo $GLOBALS['channelid']; ?>&cid=<?php echo $GLOBALS['cid']; ?>&dopost=addArchives';">添加文档</button>
<?php if($adminid==$mid){ ?>
<button type="button" class="btn btn-success btn-sm" onClick="location='content_list.php?cid=<?php echo $GLOBALS['cid']; ?>&mid=0';">全部文档</button>
<?php
}
else{
?>
<button type="button" class="btn btn-success btn-sm" onClick="location='content_list.php?cid=<?php echo $GLOBALS['cid']; ?>&mid=<?php echo $cuserLogin->getUserID(); ?>';">我的文档</button>
<?php } echo $GLOBALS['CheckUserSend']; ?>
<button type="button" class="btn btn-success btn-sm" onClick="location='catalog_main.php';">栏目管理</button>
<button type="button" class="btn btn-success btn-sm" name="bb1" onClick="location='makehtml_list.php?cid=<?php echo $GLOBALS['cid']; ?>';">更新列表</button>
<button type="button" class="btn btn-success btn-sm" name="bb2" onClick="location='makehtml_archives.php?cid=<?php echo $GLOBALS['cid']; ?>';">更新文档</button>
<button type="button" class="btn btn-success btn-sm" name="bb1" onClick="location='recycling.php?cid=<?php echo $GLOBALS['cid']; ?>';">文档回收站</button>
</td>
</tr>
</table>
<form name="form3" action="content_list.php" method="get">
<input type="hidden" name="dopost" value="listArchives">
<table width="98%" cellpadding="1" cellspacing="1" align="center" class="mb-3" style="margin-top:10px;border:1px solid #dee2e6">
<tr>
<td style="background:#f8f8f8">
<table cellpadding="0" cellspacing="0" height="36">
<tr>
<td>
<select name="cid" style="margin:0 10px;width:160px">
<option value="0">选择栏目</option>
<?php echo $GLOBALS['optionarr']; ?>
</select>
</td>
<td>关键字:</td>
<td><input name="keyword" type="text" value="<?php echo $GLOBALS['keyword']; ?>" style="margin-right:10px;width:260px"></td>
<td>
<select name="orderby" style="margin-right:10px;width:160px">
<option value="id">选择排序</option>
<option value="pubdate">更新时间</option>
<option value="sortrank">置顶权值</option>
<option value="click">点击量</option>
<option value="scores">评论积分</option>
<option value="lastpost">最后评论</option>
</select>
</td>
<td>
<select name="flag" style="margin-right:10px;width:160px">
<option value="">选择属性</option>
<?php echo $GLOBALS['flagsArr']; ?>
</select>
</td>
<td><button type="submit" class="btn btn-success btn-sm">搜索</button></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
<form name="form2">
<table width="98%" cellpadding="2" cellspacing="1" bgcolor="#CFCFCF" align="center" class="table table-bordered maintable" style="margin-top:10px">
<tr>
<td height="30" colspan="10" style="margin-left:10px;background:#f8f8f8"><?php echo $GLOBALS['positionname']; ?>文档列表(使用鼠标右键弹出菜单)</td>
</tr>
<tr align="center" bgcolor="#FBFCE2" height="26">
<td width="6%">ID</td>
<td width="6%">选择</td>
<td width="30%">文章标题</td>
<td width="10%">更新时间</td>
<td width="14%">类目</td>
<td width="6%">点击</td>
<td width="6%">HTML</td>
<td width="6%">权限</td>
<td width="6%">发布人</td>
<td width="10%">操作</td>
</tr>
<?php
$atts = array();
$atts['tagname'] = 'datalist';
$blockValue = $this->refObj->GetArcList($atts,$this->refObj,$fields);
if(is_array($blockValue)){
foreach( $blockValue as $key=>$fields )
{
?>
<tr align="center" bgcolor="#ffffff" height="26" align="center" onMouseMove="javascript:this.bgColor='#FCFDEE';" onMouseOut="javascript:this.bgColor='#ffffff';">
<td><?php echo $fields['id']; ?></td>
<td><input name="arcID" type="checkbox" id="arcID" value="<?php echo $fields['id']; ?>" class="np"></td>
<td align="left">
<span id="arc<?php echo $fields['id']; ?>">
<a href="archives_do.php?aid=<?php echo $fields['id']; ?>&dopost=editArchives" oncontextmenu="ShowMenu(event,this,<?php echo $fields['id']; ?>,'<?php echo str_replace('\'','',$fields['title']); ?>')"><?php echo $fields['title']; ?></a>
</span>
<?php echo IsCommendArchives($fields['flag']); ?>
</td>
<td><?php echo GetDateMk($fields['senddate']); ?></td>
<td><a href="content_list.php?cid=<?php echo $fields['typeid']; ?>"><?php echo GetTypename($fields['typeid']); ?></a></td>
<td><?php echo $fields['click']; ?></td>
<td><?php echo IsHtmlArchives($fields['ismake']); ?></td>
<td><?php echo GetRankName($fields['arcrank']); ?></td>
<td><?php echo GetMemberName($fields['mid']); ?></td>
<td>
<a href="javascript:;" title="属性" class="btn btn-success btn-sm" onClick="QuickEdit('<?php echo $fields['id']; ?>',event,this);"><i class="fa fa-cogs" aria-hidden="true"></i></a>
<a href="javascript:;" title="编辑" class="btn btn-success btn-sm" onClick="editArc(<?php echo $fields['id']; ?>);"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a>
<a href="javascript:;" title="预览" class="btn btn-success btn-sm" onClick="viewArc(<?php echo $fields['id']; ?>);"><i class="fa fa-globe" aria-hidden="true"></i></a>
</td>
</tr>
<?php
}
}?>
<tr>
<td height="36" colspan="10" style="margin-left:10px;background:#ffffff">
<a class="btn btn-success btn-sm" href="javascript:selAll()">全选</a>
<a class="btn btn-success btn-sm" href="javascript:noSelAll()">取消</a>
<a class="btn btn-success btn-sm" href="javascript:updateArc(0)">更新</a>
<a class="btn btn-success btn-sm" href="javascript:checkArc(0)">审核</a>
<a class="btn btn-success btn-sm" href="javascript:adArc(0)">推荐</a>
<a class="btn btn-success btn-sm" href="javascript:;" onClick="moveArc(event,this,<?php echo (empty($channelid)?0:$channelid); ?>)">移动</a>
<a class="btn btn-danger btn-sm" href="javascript:delArc(0)">删除</a>
<?php if($channelid==1) echo "<a class='btn btn-success btn-sm' href='javascript:kwArc(0)'>自动关键字</a>"; ?>
<a class="btn btn-success btn-sm" href="javascript:;" onClick="cAtts('attsAdd',event,this)">增加属性</a>
<a class="btn btn-danger btn-sm" href="javascript:;" onClick="cAtts('attsDel',event,this)">删除属性</a>
</td>
</tr>
<tr>
<td height="36" colspan="10" align="center" style="background:#f8f8f8"><?php
$atts = array();
$atts['tagname'] = 'pagelist';
$atts['listsize'] = '6';
echo $this->refObj->GetPageList($atts,$this->refObj,$fields);
?>
</td>
</tr>
</table>
</form>
</body>
</html>

+ 198
- 0
public/admin/templets/feedback_main_48366659e46c0953f54defb4.inc Wyświetl plik

@@ -0,0 +1,198 @@
<?php
if(!isset($GLOBALS['_vars'])) $GLOBALS['_vars'] = array();
$fields = array();
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>">
<title>评论管理</title>
<script language="javascript" src="../static/js/jquery.js"></script>
<script src="../static/js/bootstrap.bundle.js"></script>
<script type="text/javascript" src="js/main.js"></script>
<script language='javascript'>
//获得选中文件的文件名
function getCheckboxItem() {
var allSel = "";
if (document.feedback.fid.value) return document.feedback.fid.value;
for (i = 0; i < document.feedback.fid.length; i++) {
if (document.feedback.fid[i].checked) {
if (allSel == "")
allSel = document.feedback.fid[i].value;
else
allSel = allSel + "," + document.feedback.fid[i].value;
}
}
return allSel;
}
function selAll() {
for (i = 0; i < document.feedback.fid.length; i++) {
document.feedback.fid[i].checked = true;
}
}
function selNone() {
for (i = 0; i < document.feedback.fid.length; i++) {
document.feedback.fid[i].checked = false;
}
}
function selNor() {
for (i = 0; i < document.feedback.fid.length; i++) {
if (document.feedback.fid[i].checked == false)
document.feedback.fid[i].checked = true;
else
document.feedback.fid[i].checked = false;

}
}
function delFeedback() {
var qstr = getCheckboxItem();
if (qstr == "") ShowMsg("您没选中任何内容");
else if (window.confirm('您确定要删除这些评论吗?')) location.href = "feedback_main.php?job=del&fid=" + qstr;
}
function delFeedbackIP() {
var qstr = getCheckboxItem();
if (qstr == "") ShowMsg("您没选中任何内容");
else if (window.confirm('您确定要删除这些评论吗?')) location.href = "feedback_main.php?job=delall&fid=" + qstr;
}
function checkFeedback() {
var qstr = getCheckboxItem();
if (qstr == "") ShowMsg("您没选中任何内容");
else location.href = "feedback_main.php?job=check&fid=" + qstr;
}
function editFeedback() {
var qstr = getCheckboxItem();
if (qstr == "") ShowMsg("您没选中任何内容");
else location.href = "feedback_edit.php?job=edit&fid=" + qstr;
}
</script>
<link rel="stylesheet" href="../static/css/bootstrap.min.css">
<link href="../static/font-awesome/css/font-awesome.min.css" rel="stylesheet">
<link href="css/base.css" rel="stylesheet" type="text/css">
</head>
<body background='images/allbg.gif' leftmargin='8' topmargin='8'>
<table width="98%" border="0" cellpadding="3" align="center" cellspacing="1" bgcolor="#D6D6D6"
class="table table-bordered maintable mt-3">
<tr>
<td height="26" background='images/tbg.gif' style="padding-left:10px">
<div style="float:left;">
<a href='feedback_main.php'><b>评论管理</b></a>
</div>
<div style="float:right;padding-right:10px">
<form name='form1'>
关键字:
<input type='text' size='15' name='keyword' style='width:150'>
<select name="typeid" style="width:180">
<option value="0">--请选择--</option>
<?php echo $GLOBALS['openarray']; ?>
</select>
<button type="submit" class="btn btn-success">搜索</button>
</form>
</div>
</td>
</tr>
<form name='feedback'>
<tr>
<td height="215" bgcolor="#FFFFFF" valign="top">
<table width='100%' border='0' cellpadding='0' cellspacing='0' class="table table-borderless">
<?php
$atts = array();
$atts['tagname'] = 'datalist';
$blockValue = $this->refObj->GetArcList($atts,$this->refObj,$fields);
if(is_array($blockValue)){
foreach( $blockValue as $key=>$fields )
{
?>
<tr height='26'>
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="1" bgcolor="#EEF7D2"
class="table table-borderless">
<tr bgcolor="#F4FAE4">
<td width="9%">
&nbsp;选择 <input name="fid" type="checkbox" class="np" id="fid"
value="<?php echo $fields['id']; ?>">
</td>
<td width="12%">
用户:<?php echo $fields['username']; ?>
</td>
<td width="20%">
文档:<a href='feedback_main.php?aid=<?php echo $fields['aid']; ?>'><?php echo RemoveXSS($fields['arctitle']); ?></a> (<a
href="archives_do.php?aid=<?php echo $fields['aid']; ?>&dopost=viewArchives"
target="_blank">浏览</a>)
<?php if($fields['replycount'] > 0) { ?><a
href='feedback_main.php?fid=<?php echo $fields['id']; ?>'>(<?php echo $fields['replycount']; ?>条回复)</a>
<?php } ?>
</td>
<td width="18%" align="center">
IP地址:<a
href='feedback_main.php?ip=<?php echo $fields['ip']; ?>'><?php echo $fields['ip']; ?></a>
</td>
<td width="15%">
时间:<?php echo GetDateTimeMK($fields['dtime']); ?>
</td>
<td width="20%" align="center">
<a class="btn btn-success btn-sm"
href='feedback_edit.php?id=<?php echo $fields['id']; ?>'><i
class="fa fa-pencil-square-o" aria-hidden="true"></i> 编辑</a>
<a class="btn btn-success btn-sm"
href='feedback_edit.php?id=<?php echo $fields['id']; ?>&dopost=makehtml'>更新文档</a>
</td>
</tr>
<tr align="center" bgcolor="#FFFFFF">
<td height="26" colspan="6">
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="left">
<?php echo IsCheck($fields['ischeck']); echo cn_substr(Text2Html($fields['msg']), 150); ?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<?php
}
}?>
<tr>
<td height='26' align='center' bgcolor="#F9FCEF">
<?php
$atts = array();
$atts['tagname'] = 'pagelist';
$atts['listsize'] = '5';
echo $this->refObj->GetPageList($atts,$this->refObj,$fields);
?>

</td>
</tr>
<tr>
<td height='30'>
<table width="98%">
<tr>
<td width="30%">
<button type='button' name='kk1' onClick="selAll()"
class="btn btn-success btn-sm">全选</button>
<button type='button' name='kk2' onClick="selNone()"
class="btn btn-success btn-sm">取消</button>
<button type='button' name='kk3' onClick="selNor()"
class="btn btn-success btn-sm">反选</button>
</td>
<td align="right">
<button type='button' name='db' onClick="delFeedbackIP()"
class="btn btn-success btn-sm">删除相同IP的所有评论</button>
<button type='button' name='db' onClick="delFeedback()"
class="btn btn-success btn-sm">删除评论</button>
<button type='button' name='db2' onClick="checkFeedback()"
class="btn btn-success btn-sm">审核评论</button>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</form>
</table>
</body>

</html>

+ 1
- 1
public/index.php Wyświetl plik

@@ -6,7 +6,7 @@
* @license https://www.dedebiz.com/license
* @link https://www.dedebiz.com
*/
if (!file_exists(dirname(__FILE__).'/data/common.inc.php')) {
if (!file_exists(dirname(__FILE__).'/../data/common.inc.php')) {
header('Location:install/index.php');
exit();
}


+ 1
- 1
public/plus/advancedsearch.php Wyświetl plik

@@ -15,7 +15,7 @@ $timestamp = time();
@session_start();
//限制同时搜索数量
$timelock = '../data/time.lock';
$timelock = '../../data/time.lock';
if ($cfg_allsearch_limit < 1) {
$cfg_allsearch_limit = 1;
}


+ 2
- 1
system/common.inc.php Wyświetl plik

@@ -16,7 +16,8 @@ if (DEDE_ENVIRONMENT == 'production') {
define('DEBUG_LEVEL', FALSE);//如果设置为TRUE则会打印执行SQL的时间和标签加载时间方便调试
define('DEDEINC', str_replace("\\", '/', dirname(__FILE__)));
define('DEDEROOT', str_replace("\\", '/', substr(DEDEINC, 0, -6)).'public');
define('DEDEDATA', DEDEROOT.'/data');
define('BIZROOT', str_replace("\\", '/', substr(DEDEINC, 0, -6)));
define('DEDEDATA', substr(DEDEINC, 0, -6).'data');
define('DEDEMEMBER', DEDEROOT.'/member');
define('DEDETEMPLATE', DEDEROOT.'/templets');
define('DEDEBIZURL', "https://www.dedebiz.com");//Dede商业支持


+ 1
- 1
system/dedetag.class.php Wyświetl plik

@@ -233,7 +233,7 @@ class DedeTagParse
return FALSE;
}
$cdir = dirname($filename);
$cachedir = DEDEROOT.$cfg_tplcache_dir;
$cachedir = BIZROOT.$cfg_tplcache_dir;
$ckfile = str_replace($cdir, '', $filename).substr(md5($filename), 0, 16).'.inc';
$ckfullfile = $cachedir.'/'.$ckfile;
$ckfullfile_t = $cachedir.'/'.$ckfile.'.txt';


Napisz Podgląd
Ładowanie…
Anuluj
Zapisz